From 7d53bd07c631408a20f9e8392543951ca1bb4e5e Mon Sep 17 00:00:00 2001
From: Rod Hynes <rod-hynes@users.noreply.github.com>
Date: Fri, 22 Oct 2021 14:50:09 -0400
Subject: [PATCH 01/10] Fix required inputs check

---
 psiphon/common/quic/quic.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/psiphon/common/quic/quic.go b/psiphon/common/quic/quic.go
index 9484d41a6..54811dcd3 100644
--- a/psiphon/common/quic/quic.go
+++ b/psiphon/common/quic/quic.go
@@ -366,7 +366,7 @@ func Dial(
 
 	// obfuscationKey is always required, as it is used for anti-probing even
 	// when not obfuscating the QUIC payload.
-	if isObfuscated(quicVersion) && (obfuscationPaddingSeed == nil) || obfuscationKey == "" {
+	if (isObfuscated(quicVersion) && obfuscationPaddingSeed == nil) || obfuscationKey == "" {
 		return nil, errors.TraceNew("missing obfuscation values")
 	}
 

From 206c631317ddbca60a26bf039aceb685da27e9bb Mon Sep 17 00:00:00 2001
From: Rod Hynes <rod-hynes@users.noreply.github.com>
Date: Mon, 25 Oct 2021 14:40:50 -0400
Subject: [PATCH 02/10] Squashed 'psiphon/common/crypto/' changes from
 69149643..089bfa56
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

089bfa56 acme: implement Client.ListCertAlternates
84f35764 all: fix typos
c084706c poly1305: deprecate public package
32db7946 acme: fix deadlock when Client.Key is nil
0a44fdfb openpgp: fix deprecation message
0ba0e8f0 openpgp: mark as deprecated
a769d52b sha3: fix typo in comment
5ff15b29 all: upgrade x/sys to latest
c07d793c curve25519/internal/field: fix generator module reference to x/crypto
cd7d49e6 all: add //go:build lines to assembly files
38f3c27a ssh: return missing user field in NewClientConn
3497b51f curve25519: replace field implementation with filippo.io/edwards25519
e9a32991 go.mod: upgrade to go 1.17
83a5a9bb acme: add support for subproblems
5bf0f12b poly1305: cleanup ppc64le R0/$0 usage
4f457374 cryptobyte: add support for UTCTime
0c34fe9e acme/autocert: include the domain in the SAN of the CSR
513c2a44 scrypt: use encoding/binary to simplify smix
e6e6c4f2 go.mod: bump golang.org/x/net to e18ecbb05110
5ea612d1 all: go fmt ./...
b8e89b74 blake2s: fix 386 assembly not to smash SP
1f2b32a5 blake2b: fix amd64 assembly not to smash SP
042588c7 salsa20/salsa: fix amd64 assembly not to smash SP
86c0c3e7 blake2s: fix amd64 assembly not to smash SP
eec23a39 acme: hardcode and remove ExternalAccountBinding.Algorithm
9d135275 acme: add external account binding support
8b5274cf ssh: disallow gssapi-with-mic if GSSAPIWithMICConfig is not set
5f87f345 README.md: add badge to pkg.go.dev
be400aef all: build tags: appengine,!gccgo => purego,gc
c8d3bf9c x/crypto/chacha20: fix typo in benchmark
c1f2f97b ssh/terminal: bump x/term dependency to fix js/nacl
4be66e5b ssh/terminal: replace with a golang.org/x/term wrapper
0c6587e9 ssh/terminal: add support for zos
9e8e0b39 ssh: improve error message for KeyboardInteractiveChallenge
84dcc777 crypto/ssh: add Client.Close in Dial example
7f63de1d internal/wycheproof: add RSA OAEP decryption tests
c90954cb nacl/auth: use Size instead of KeySize for Sum output
eb9a90e9 ocsp: Improve documentation for ParseResponse and ParseResponseForCert
afb6bcd0 ssh: remove slow unnecessary diffie-hellman-group-exchange primality check
5c72a883 sha3: remove go:nocheckptr annotation
123391ff internal/wycheproof: add generic AEAD test
948cd5f3 pkcs12: drop PKCS#12 attributes with unknown OIDs
ab33eee9 pkcs12: document that we use the wrong PEM type
75b28801 ssh: Make error message deterministic
70a84ac3 internal/wycheproof: add tests for hmac generation
279210d1 ssh: don't err out on channel request msgs to unknown channels
06a226fb Use boolean tag (0x01) for boolean type.
4b2356b1 poly1305: modify s390x assembly to implement MAC interface
729f1e84 ssh: improve docs on Certificate.SignCert
4bdfaf46 chacha20: don't panic encrypting the final blocks
18b771bd cryptobyte: handle AddASN1BigInt with -1
44a60628 poly1305: add (*MAC).Verify API and use it in chacha20poly1305
3c4aac89 chacha20: improve generic implementation performance
a76a400e Revert "chacha20: don't panic encrypting the final blocks"
1c2c788b chacha20: don't panic encrypting the final blocks
884d27f4 Update reference to CBC vulnerability in cipher.go
0848c957 chacha20poly1305: improve ExampleNewX
4f8f47aa ssh/terminal: handle ctrl+C, ctrl+F, ctrl+B
056763e4 ssh/agent: handle ed25519.PrivateKey by value in AddedKey
baeed622 blake2b,blake2s: clarify difference between blake2b and blake2s
0ec3e997 ssh: support aes256-cbc for passphrase-protected OpenSSH keys
891825fb gitignore: remove obsolete reference to .hgignore in comment
97fc9816 internal/wycheproof: update TestEcdsa to use ecdsa.VerifyASN1
1b76d668 ssh: fix data race in dh group exchange sha256
f7b00557 sha3: mark xorInUnaligned with go:nocheckptr
78000ba7 acme: make WaitAuthorization return authorization errors consistently
32487ece openpgp/packet: ensure that first partial packet is 512 bytes
2aa609cf chacha20,poly1305,chacha20poly1305: set consistent build tags
eddbd5da chacha20: add SetCounter method
0f24fbd8 internal/wycheproof: add test for ChaCha20-Poly1305 AEAD encryption/decryption
bac4c82f ssh: return an error for malformed ed25519 public keys rather than panic
1ad67e1f internal/wycheproof: add test for CBC decryption with PKCS#5 padding
1d94cc7a acme/autocert: remove unused listener struct field
86ce3cb6 acme/autocert: fix TLS-ALPN identifier in tests
6ca56c2f acme: update TLS-ALPN identifier to the latest IANA assignment
ecb85df2 ssh/terminal: adjust ReadConsole rules on windows
a95e85b3 ssh: support ECDSA private keys in OpenSSH format
a0c6ece9 internal/wycheproof: add test for hkdf key extraction
c9f3fb73 ssh: support encrypted OpenSSH private keys
69ecbb4d cryptobyte: fix panic due to malformed ASN.1 inputs on 32-bit archs
530e9359 openpgp/armor: allow armored PGP signature without a CRC
6d4e4cb3 ssh/terminal: stop using ENABLE_LINE_INPUT
61a87790 poly1305: drop broken arm assembly
5d647ca1 sha3: fix SHA-3 on s390x when using KIMD instruction
53104e6e internal/wycheproof: skip failing test on 32-bit arm
becbf705 nacl/box: support anonymous seal/open
e9b2fee4 internal/wycheproof: add Wycheproof tests for verifying signatures
e7c4368f acme: expect standard ASN.1 signatures from ECDSA Client.Key
0a08dada ssh: reject unencrypted keys from ParsePrivateKeyWithPassphrase
86a70503 ssh: add sk-ecdsa-sha2-nistp256 and sk-ed25519
b544559b ssh/agent: fix TestServerResponseTooLarge on Plan 9
ac88ee75 ssh/agent: fix example
4f8c1d86 ssh/agent: clear the environment when starting ssh-agent in client_test
497ca9f6 ssh/test: fix test goroutine error handling
e1110fd1 openpgp/elgamal: prevent bad key from causing panic in Decrypt
16651526 chacha20: implement XChaCha20
e0829623 chacha20: expose internal/chacha20 package
9b708ad8 internal/chacha20: cache first round across XORKeyStream invocations
85e5e33d internal/chacha20: refactor for readability and consistency
2dbfe900 poly1305: rewrite the Go implementation with 64-bit limbs
bd318be0 pkcs12: fix dropped error
6e5058ba ssh: fix dropped error
0a56756d acme/internal/acmeprobe: fix dropped error variable
f4817d98 curve25519: implement new X25519 API and deprecate ScalarMult
fe70532b curve25519: update package structure per golang.org/wiki/TargetSpecific
ed6320f1 internal/chacha20: fix minor naming issue
c7e5f84a sha3: align (*state).storage
8986dd9e acme/autocert: always pass AuthzURLs from AuthorizeOrder to deactivatePendingAuthz
f83a4685 go.mod: set go version
87dc89f0 acme/autocert: give tokensMu a better name
0e8c3a90 acme/autocert: support ACME RFC 8555
a950601f acme: update Directory URL to Let's Encrypt v2
1f99b0ed acme: prevent discovery network roundtrips in tests
af544f31 internal/chacha20: improve chacha20 performance on ppc64le
34f69633 openpgp/packet: support crypto.Decrypter in EncryptedKey.Decrypt
f9e20705 acme/internal: add a prober program
4663e185 acme: update existing methods for RFC 8555
88343688 acme: implement new order-based issuance methods
a832865f acme: support RFC 8555 account management
cea2066c Revert "ssh/terminal: account for win32 api changes"
fa1a2910 acme: add KID variant to jwsEncodeJSON
2682ddc9 acme: fetch fresh nonces from newNonce resource
2afe7c4b acme: add support for RFC8555 compliant discovery
9ee001bb ssh/terminal: account for win32 api changes
227b76d4 acme/autocert: remove tls-sni-xx challenge support
094676da ssh: drop dh-group1-sha1 from default key exchanges
71b5226f sha3: add a space before +build in build tag comments
9756ffdc ssh/test: delete TestInvalidTerminalMode
60c769a6 acme/autocert: remove tempfile after dircache write failed
4def268f ssh: skip testHandshakeErrorHandlingN on js/wasm
cc06ce4a acme: send User-Agent and add Client.UserAgent
ea8f1a30 ed25519: turn into a wrapper for crypto/ed25519 beginning with Go 1.13
57b3e21c ssh: add diffie-hellman-group-exchange-sha256
5c40567a internal/chacha20: fix variable naming
f99c8df0 poly1305: improve performance with asm for ppc64le
20be4c3c internal/chacha20: improve performance for ppc64le
22d7a77e sha3: fix bug in cSHAKE Clone()
cbcb7502 ssh/gss: support kerberos authentication for ssh server and client
e1dfcc56 openpgp: replace "currentTime" with "creationTime" as appropriate
a29dc8fd scrypt: use math.bits rotate functions instead of ad-hoc implementation
f162ad86 ssh/test: add port for aix/ppc64
c05e17bb openpgp/clearsign: reject potentially misleading headers and messages
d864b108 blake2s: use math.bits rotate functions instead of ad-hoc implementation
f8560614 acme/autocert: make host of TLS certificate to be obtained always Punycode
af44ce27 blake2b: use math.bits rotate functions instead of ad-hoc implementations
df01cb2c ssh: invert algorithm choices on the server
b43e4121 ssh/test: skip test on js/wasm
f416ebab sha3: add cSHAKE support
92d88b08 all: change the old assembly style AX:CX to CX, AX
88737f56 ssh/test: use t.Run for MAC/kex/pubkey tests
e7b772b7 ssh: print server exit reason in tests
9732e03d ssh: add packetTypeNames map for better debug info
d99183c9 ssh: rename ExampleHostKeyCheck to ExampleClientConfig_HostKeyCallback
184a6896 ssh: remove testing.T from ExampleRetryableAuthMethod
457ee04d ssh: rename methods in packetCipher interface
38d8ce55 ssh/test: skip test to fix build on solaris and aix
8e1b8d32 crypto: update go.mod for s390x x/sys/cpu changes
a5d413f7 ssh/terminal: Use move-N sequences for >1 cursor moves
b7391e95 salsa20/salsa: fix keystream loop in amd64 assembly when overflowing 32-bit counter
a1f597ed curve25519: add test vectors from BoringSSL
c2843e01 poly1305: implement a subset of the hash.Hash interface
8dd112bc internal/chacha20: use x/sys/cpu for s390x feature detection
0091315a poly1305: use x/sys/cpu for s390x feature detection
e37aea1e sha3: use x/sys/cpu for s390x feature detection
31a38585 ssh/terminal: fix GetSize on Windows
215aa809 all: add a go.mod file
7f87c0fb ssh/agent: add checking for empty SSH requests
ffb98f73 xts: reduce tweak allocations
6635ad99 bn256: fix String methods when g.p == nil
a5739832 all: deprecate broken and legacy packages
a4c6cb31 acme: try to fetch nonce from directory first
74369b46 internal/chacha20: add SIMD implementation on arm64
193df9c0 curve25519: mask high bit when loading group point
b8fe1690 all: fix ineffectual assignments
9c16a038 pkcs12: add a note suggesting ToPEM for multiple certificates/keys
b01c7a72 acme: support IP address authorization type
ccddf374 pkcs12: note that this package is frozen and point to an alternative
54b0dbbb Revert "pkcs12: add a DecodeAll method"
bf88e3f4 pkcs12: add a DecodeAll method
c7b33c32 ssh/terminal: support ^N and ^P
057139ce crypto/ssh/knownhosts: fix out-of-date documentation for checkAddr
64072686 blake2b: fix comments in grammar
ff983b9c sha3: add support for Keccak-512
8d7daa0c bn256: fix gfp12 MulScalar
505ab145 openpgp: support SHA384
eb0de9b1 ssh/terminal: enable tests for aix
e657309f ssh/terminal: use "reports whether" in IsTerminal doc
c05539cd cryptobyte: fix typo in test
9eb0be39 ssh/terminal: add AIX operating system
3d3f9f41 cryptobyte: don't ignore bytes added to BuilderContinuations of fixed-size Builders
e4dc69e5 ssh: return specific error for invalid signature algorithm
bfa7d42e acme: support custom crypto.Signer implementations
4d3f4d9f ssh/agent: Fix error returned from agent responses that are too big.
bc7917b1 bcrypt: benchmark defaults
b078efbc cryptobyte: add (*Builder).Unwrite and (*Builder).SetError
7e6ffbd0 openpgp: pass hash to Signer.Sign for ECDSA
dab2b105 ssh: support SSH agent signature flags and custom extensions
45a5f776 all: fix typos
e84da031 hkdf: add Extract and Expand
d2c3f1d8 hkdf: improve example
85e1b3f9 openpgp: don't generate PubKeyAlgoRSASignOnly keys
74cb1d3d acme/autocert: include rejected hostname in TLS handshake error when host not configured
0c41d7ab ssh/testdata: correct typo
a92615f3 ssh: fix typo in error message
7c1a557a openpgp: split up tests and keys
e3636079 openpgp: allow RSA/ECDSA signers to return a pointer
f7f54661 openpgp: test subkeys with sub-optimal signature packet ordering
0259c3f7 openpgp: use latest subkey binding signature
5295e836 openpgp: move addUserID outside of ReadEntity
0e37d006 openpgp: don't treat extra subkey selfsigs as uid sigs
0709b304 ssh: don't panic if a key is too short.
182538f8 acme/autocert: clarify that multiple names are allowed
614d502a chacha20poly1305: use x/sys/cpu feature variables directly
aabede6c openpgp/clearsign: add ability to sign with more than one key.
de075231 chacha20poly1305: add some more XChaCha20-Poly1305 test vectors.
ff745d07 acme/autocert: fix race in test.
f027049d ssh: RFC5208 support PKCS#8 key
80fca2ff chacha20poly1305: add example for NewX
f792edd3 chacha20poly1305: add XChaCha20-Poly1305
56440b84 acme/autocert: expand tls-alpn-01 docs
c126467f acme/autocert: add support for tls-alpn-01
a521dfce acme: expect 202 Accepted from Let's Encrypt
a2144134 openpgp: support creating signatures compatible with 'gpg --sign'.
a49355c7 acme: consistently return original errors from retries
7f39a6fe internal/subtle: add Google App Engine support
027cca12 all: gofmt
a8fb68e7 openpgp: restore signing in SerializePrivate
5cd40a37 acme/autocert: surface details of acme.AuthorizationError
550ed51f openpgp: fix bad error message
fd5f17ee openpgp: read keys with revoked user ids
37a17fe0 internal/subtle: add Any/InexactOverlap (new package) and apply them across packages
e6b1200d acme: fix encoding of the TLS-ALPN challenge extension
8ac0e0d9 acme: add support for TLS-ALPN
b47b1587 acme/autocert: change a var to a const
d1621863 acme/autocert: fix build in Go 1.9
78e79280 acme/autocert: update Manager.Client and Cache docs
8f8078c9 acme/autocert: support both RSA and ECDSA clients on the fly
df8d4716 acme: clarify retries and backoff algorithm
5ba7f630 ed25519: actually be compatible with RFC 8032
ab813273 acme/autocert: improve authorizations cleanup
a3beeb74 acme/autocert: support configurable CSR extensions
159ae715 ssh/terminal: fix TestMakeRawState on iOS
75e913eb acme/autocert: revoke dangling pending authzs
da3eeb5d openpgp: sign Entity during instantiation in NewEntity
1a580b3e chacha20poly1305: delete unused assembly functions
425cc7d9 poly1305: add additional test cases
4eb8c2c8 poly1305: add optimized s390x SIMD implementation with VMSL
2fc4c88b ssh: also start forward listeners on ListenUnix
034e5325 ssh: don't start goroutines handling forwarded connections until needed
94e3fad7 chacha20poly1305: add test for empty plaintext and additional data
2d027ae1 ssh/terminal: run tests only on supported platforms
1258d06b salsa20: panic when len(out) < len(in) following cipher.Stream
21052ae4 openpgp: fix vet issue in tests
4ec37c66 sha3: add NewLegacyKeccak256
1f94bef4 scrypt: update example to match recommendation two lines below
76a95463 sha3: enable TestUnalignedWrites
8b1d3108 bn256: explicitly fix MakeAffine for ∞
2c241ca3 chacha20poly1305: correct AVX2 feature detection
613d6eaf ssh: fix copy and paste error
80f0338f ocsp: remove error for > 1 certificate in response
ae8bce00 crypto/{blake2b,blake2s,argon2,chacha20poly1305}: replace CPU feature detection
db7d1231 ssh/agent: remove len check in Unlock
b49d69b5 internal/chacha20: add s390x SIMD implementation
754cb46f chacha20poly1305: update to use new ChaCha20 API
83c378c4 ssh: update to use new ChaCha20 API
12dd70ca internal/chacha20: implement the cipher.Stream interface and optimize
dccd99e8 sha3: add optimized implementation for s390x
719079de ssh/test: skip tests if run as root
b0697ecc blake2b: Revert "blake2b: use internal/cpu to determine AVX and SSE 4 support"
2b6c0887 ssh/agent: update documentation link
e73bf333 x/crypto: cryptobyte: manage integers with implicit tags
d6449816 blake2b: use internal/cpu to determine AVX and SSE 4 support
f70185d7 cryptobyte: minor documentation fix
beb2a977 ssh/knownhosts: disregard IP address if the hostname is available
b2aa3544 ssh: drop extra connection Close call in TestMuxReadWrite
12892e8c blake2b,blake2s: implement BinaryMarshaler, BinaryUnmarshaler
88942b9c xtea: comment cleanup
80db560f nacl/sign: add package
c3a3ad6d acme/autocert: use valid certificates from the cache during renewal
374053ea openpgp/packet: improve handling of short MPIs for RSA values
b4956d36 openpgp: serialize correct bitlength for generated ECC keys
819dbedb openpgp/packet: fix swallowed errors in (*EncryptedKey).parse
21652f85 CONTRIBUTING.md: remove note about not accepting Pull Requests
c4a91bd4 ed25519: require canonical signatures
182114d5 sha3: fix typo in Shake256 docs
c7dcf104 ripemd160: use bits.Rotate for rotates
7effd64e ssh/terminal: store termios copy in terminal state on Solaris
526a373f ssh/terminal: simplify defer
85f98707 argon2: fix typo and code formatting in comments
0b6b69c7 acme/autocert: return error from cachePut
91a49db8 acme: stop polling authz on 4xx client errors
8c653846 ssh: document how to unmarshal public keys
beaf6a35 ssh: fix error variable naming convention, add docs
49796115 ssh: use a variable rather than type for NoAuthError
432090b8 Adding a unique error when no authentication method has been passed in yet.
650f4a34 openpgp: allow NewEntity to specify the default cipher
3a6c3ce6 openpgp: correct NewEntity name creation
9de5f2ea acme/autocert: Remove unused retryAfter func
5119cf50 ssh: clarify how to parse out Certificates
dea6ea37 ssh: compile multi_auth_test.go on linux only
9334d73e ssh: fix support for partial success authentication responses in client
d9133f54 argon2: add Argon2id and update parameter recommendations
1875d0a7 ssh/knownhosts: remove godoc about non-supported hashed hosts
0efb9460 ssh/terminal: use duplicate handle in ReadPassword
3d37316a ssh: return correct error on read failure
d94f6bc9 ssh: use io.ReadFull() for reading chacha20-poly1305 packets.
31469a20 ssh: remove chacha20-poly1305 from preferredCipher list
39efaea5 ssh: cleanup cipher creation logic
1c1f1399 ssh: remove redundant code
1835319e ssh: remove arcfour ciphers from the default preference list
a6600008 argon2: add missing amd64 tags
ee41a25c ssh: support chacha20-poly1305 cipher
13931e22 acme/autocert: support http-01 challenge type
5f55bce9 ssh: fix protocol version exchange (for multi-line)
b3c9a1d2 ssh: use t.Run for testing multiple ciphers/macs
49373064 internal/chacha20: move up from chacha20poly1305/internal/chacha20
6bd909f1 ssh: specify InsecureIgnoreHostKey in the benchmarks
0fcca484 bn256: don't claim a 128-bit security level.
2b4b18b6 argon2: fix incorrect key derivation if parallelism > 1
95a4943f crypto/ssh: fix typo in error message in certs.go
d585fd2c pbkdf2: add benchmarks
244f6ce1 ssh: accept ed25519 certs
625c6a7b argon2: add new package implementing the Argon2 PBKDF family
94eea52f all: run gofmt -s on source code
e8f22986 all: fix errors reported by vet, golint
48a5a650 crypto/ssh: only show banner once
365904b0 nacl/auth: use KeySize constant consistently.
b080dc9a ssh/terminal: handle non-ASCII characters when reading passwords
9f005a07 ssh: add support for banners
6a293f2d ssh: remove unused parameter of newGCMCipher
687d4b81 terminal/ssh: use ioctl wrappers from x/sys/unix
ca1fcd4a ocsp: fix vet format string issues
3680b74b blake2s: fix vet format string issue
bd6f299f ed25519: update document to mention RFC 8032
2509b142 Revert "ssh: add support for banners"
edd5e9b0 ocsp: remove incorrect iota and update docs on CreateRequest
541b9d50 acme, acme/autocert: add missing articles
959b3afb acme: fill Subject CN field in the tls-sni challenge certs
ed5229da ssh: add support for banners
9419663f scrypt: add missing license header
34d0413e scrypt: update recommended parameters for 2017
76eec36f acme/autocert: add Cache to Manager example
c84b36c6 blake2b: fix typo in error message
847319b7 ssh: remove unused buffer.eof return value
7d9177d7 acme: reword the godoc to be more human readable
b0c9c05b all: fix article typos
faadfbdc cryptobyte: include changes from review of 57810
2bcb7b5b cryptobyte: various API and documentation updates.
88e95fbb ssh: reject unsupported DSA key sizes
74b34b9d all: make overlap rules wording consistent
9ba3862c nacl/[secret]box: clarify message size comment.
8f297cd6 openpgp: check errors from ReadKeyRing during test
81e90905 sha3: delete unused field
eb71ad9b ssh/terminal: set termios VMIN and VTIME in MakeRaw
b176d7de ssh/agent: use right message to unlock agent, with related integration tests
81db3efc nacl/auth: add crypto_auth primitive
76c7c60c ssh: fix documentation on ServerConfig.PublicKeyCallback
42ff06ae ssh/terminal: use console functions, types and consts from x/sys/windows
c412588e ed25519: don't use constant-time functions in Verify.
418008d6 openpgp/packet: fix AES-192 encrypted session keys
358f15ea salsa20/salsa: fix out of bounds write
558b6879 ssh/terminal: use termios ioctl read/write constants from x/sys/unix
27b9897d acme: clarify the purpose of CertOption interface
2faea146 ssh/agent: parse constraints when adding keys
8c55ac71 ssh: add Session.WindowChange to send window change events

git-subtree-dir: psiphon/common/crypto
git-subtree-split: 089bfa5675191fd96a44247682f76ebca03d7916
---
 .gitignore                                    |    2 +-
 CONTRIBUTING.md                               |   15 +-
 README.md                                     |    2 +
 acme/acme.go                                  |  812 ++---
 acme/acme_test.go                             |  750 +++--
 acme/autocert/autocert.go                     |  782 ++++-
 acme/autocert/autocert_test.go                |  824 ++++-
 acme/autocert/cache.go                        |   14 +-
 acme/autocert/cache_test.go                   |    9 +
 acme/autocert/example_test.go                 |    8 +-
 acme/autocert/internal/acmetest/ca.go         |  552 +++
 acme/autocert/listener.go                     |    7 +-
 acme/autocert/renewal.go                      |   45 +-
 acme/autocert/renewal_test.go                 |  181 +-
 acme/http.go                                  |  325 ++
 acme/http_test.go                             |  255 ++
 acme/internal/acmeprobe/prober.go             |  480 +++
 acme/jws.go                                   |  138 +-
 acme/jws_test.go                              |  229 +-
 acme/rfc8555.go                               |  438 +++
 acme/rfc8555_test.go                          |  916 +++++
 acme/types.go                                 |  423 ++-
 acme/types_test.go                            |  156 +
 acme/version_go112.go                         |   28 +
 argon2/argon2.go                              |  285 ++
 argon2/argon2_test.go                         |  233 ++
 argon2/blake2b.go                             |   53 +
 argon2/blamka_amd64.go                        |   61 +
 argon2/blamka_amd64.s                         |  244 ++
 argon2/blamka_generic.go                      |  163 +
 argon2/blamka_ref.go                          |   16 +
 bcrypt/bcrypt.go                              |    4 +-
 bcrypt/bcrypt_test.go                         |    6 +-
 blake2b/blake2b.go                            |   92 +-
 blake2b/blake2bAVX2_amd64.go                  |   29 +-
 blake2b/blake2bAVX2_amd64.s                   |  109 +-
 blake2b/blake2b_amd64.go                      |   10 +-
 blake2b/blake2b_amd64.s                       |   67 +-
 blake2b/blake2b_generic.go                    |   69 +-
 blake2b/blake2b_ref.go                        |    3 +-
 blake2b/blake2b_test.go                       |   51 +-
 blake2b/blake2x.go                            |    2 +-
 blake2b/register.go                           |    1 +
 blake2s/blake2s.go                            |   59 +
 blake2s/blake2s_386.go                        |   22 +-
 blake2s/blake2s_386.s                         |  122 +-
 blake2s/blake2s_amd64.go                      |   26 +-
 blake2s/blake2s_amd64.s                       |   94 +-
 blake2s/blake2s_generic.go                    |   68 +-
 blake2s/blake2s_ref.go                        |    3 +-
 blake2s/blake2s_test.go                       |   50 +-
 blake2s/blake2x.go                            |    2 +-
 blake2s/register.go                           |    1 +
 blowfish/cipher.go                            |    8 +
 bn256/bn256.go                                |   67 +-
 bn256/curve.go                                |    9 +
 bn256/gfp12.go                                |    4 +-
 bn256/twist.go                                |    9 +
 cast5/cast5.go                                |   11 +-
 chacha20/chacha_arm64.go                      |   17 +
 chacha20/chacha_arm64.s                       |  308 ++
 chacha20/chacha_generic.go                    |  398 +++
 chacha20/chacha_noasm.go                      |   14 +
 chacha20/chacha_ppc64le.go                    |   17 +
 chacha20/chacha_ppc64le.s                     |  450 +++
 chacha20/chacha_s390x.go                      |   27 +
 chacha20/chacha_s390x.s                       |  225 ++
 chacha20/chacha_test.go                       |  274 ++
 chacha20/vectors_test.go                      |  511 +++
 chacha20/xor.go                               |   42 +
 chacha20poly1305/chacha20poly1305.go          |   25 +-
 chacha20poly1305/chacha20poly1305_amd64.go    |   78 +-
 chacha20poly1305/chacha20poly1305_amd64.s     |   26 +-
 chacha20poly1305/chacha20poly1305_generic.go  |   81 +-
 chacha20poly1305/chacha20poly1305_noasm.go    |    3 +-
 chacha20poly1305/chacha20poly1305_test.go     |  232 +-
 .../chacha20poly1305_vectors_test.go          |  399 ++-
 .../internal/chacha20/chacha_generic.go       |  199 --
 .../internal/chacha20/chacha_test.go          |   33 -
 chacha20poly1305/xchacha20poly1305.go         |   86 +
 cryptobyte/asn1.go                            |  354 +-
 cryptobyte/asn1/asn1.go                       |   46 +
 cryptobyte/asn1_test.go                       |  150 +-
 cryptobyte/builder.go                         |  122 +-
 cryptobyte/cryptobyte_test.go                 |  147 +-
 cryptobyte/example_test.go                    |   50 +-
 cryptobyte/string.go                          |   52 +-
 curve25519/const_amd64.h                      |    8 -
 curve25519/const_amd64.s                      |   20 -
 curve25519/cswap_amd64.s                      |   65 -
 curve25519/curve25519.go                      |  925 +----
 curve25519/curve25519_test.go                 |  127 +-
 curve25519/doc.go                             |   23 -
 curve25519/freeze_amd64.s                     |   73 -
 curve25519/internal/field/README              |    7 +
 .../internal/field/_asm/fe_amd64_asm.go       |  298 ++
 curve25519/internal/field/_asm/go.mod         |   10 +
 curve25519/internal/field/_asm/go.sum         |   34 +
 curve25519/internal/field/fe.go               |  416 +++
 curve25519/internal/field/fe_alias_test.go    |  126 +
 curve25519/internal/field/fe_amd64.go         |   13 +
 curve25519/internal/field/fe_amd64.s          |  379 +++
 curve25519/internal/field/fe_amd64_noasm.go   |   12 +
 curve25519/internal/field/fe_arm64.go         |   16 +
 curve25519/internal/field/fe_arm64.s          |   43 +
 curve25519/internal/field/fe_arm64_noasm.go   |   12 +
 curve25519/internal/field/fe_bench_test.go    |   36 +
 curve25519/internal/field/fe_generic.go       |  264 ++
 curve25519/internal/field/fe_test.go          |  558 +++
 curve25519/internal/field/sync.checkpoint     |    1 +
 curve25519/internal/field/sync.sh             |   19 +
 curve25519/ladderstep_amd64.s                 | 1377 --------
 curve25519/mont25519_amd64.go                 |  240 --
 curve25519/mul_amd64.s                        |  169 -
 curve25519/square_amd64.s                     |  132 -
 curve25519/vectors_test.go                    |  105 +
 ed25519/ed25519.go                            |   70 +-
 ed25519/ed25519_go113.go                      |   74 +
 ed25519/ed25519_test.go                       |   78 +-
 ed25519/go113_test.go                         |   25 +
 ed25519/internal/edwards25519/edwards25519.go |   22 +
 go.mod                                        |   10 +
 go.sum                                        |   10 +
 hkdf/example_test.go                          |   55 +-
 hkdf/hkdf.go                                  |   60 +-
 hkdf/hkdf_test.go                             |   81 +-
 internal/poly1305/bits_compat.go              |   40 +
 internal/poly1305/bits_go1.13.go              |   22 +
 internal/poly1305/mac_noasm.go                |   10 +
 internal/poly1305/poly1305.go                 |   99 +
 internal/poly1305/poly1305_test.go            |  276 ++
 internal/poly1305/sum_amd64.go                |   48 +
 {poly1305 => internal/poly1305}/sum_amd64.s   |   46 +-
 internal/poly1305/sum_generic.go              |  310 ++
 internal/poly1305/sum_ppc64le.go              |   48 +
 internal/poly1305/sum_ppc64le.s               |  182 +
 internal/poly1305/sum_s390x.go                |   76 +
 internal/poly1305/sum_s390x.s                 |  504 +++
 internal/poly1305/vectors_test.go             | 3000 +++++++++++++++++
 internal/subtle/aliasing.go                   |   33 +
 internal/subtle/aliasing_purego.go            |   36 +
 internal/subtle/aliasing_test.go              |   50 +
 internal/wycheproof/README.md                 |   12 +
 internal/wycheproof/aead_test.go              |  176 +
 internal/wycheproof/aes_cbc_test.go           |  127 +
 internal/wycheproof/dsa_test.go               |  123 +
 internal/wycheproof/ecdsa_compat_test.go      |   34 +
 internal/wycheproof/ecdsa_go115_test.go       |   16 +
 internal/wycheproof/ecdsa_test.go             |  164 +
 internal/wycheproof/eddsa_test.go             |  101 +
 internal/wycheproof/hkdf_test.go              |  111 +
 internal/wycheproof/hmac_test.go              |  105 +
 internal/wycheproof/internal/dsa/dsa.go       |   33 +
 internal/wycheproof/rsa_oaep_decrypt_test.go  |  149 +
 internal/wycheproof/rsa_pss_test.go           |  164 +
 internal/wycheproof/rsa_signature_test.go     |  123 +
 internal/wycheproof/wycheproof_test.go        |  134 +
 md4/md4.go                                    |    4 +
 nacl/auth/auth.go                             |   58 +
 nacl/auth/auth_test.go                        |  172 +
 nacl/auth/example_test.go                     |   36 +
 nacl/box/box.go                               |  104 +-
 nacl/box/box_test.go                          |  103 +
 nacl/secretbox/secretbox.go                   |   28 +-
 nacl/sign/sign.go                             |   90 +
 nacl/sign/sign_test.go                        |   74 +
 ocsp/ocsp.go                                  |   69 +-
 ocsp/ocsp_test.go                             |   13 +-
 openpgp/armor/armor.go                        |   27 +-
 openpgp/clearsign/clearsign.go                |  118 +-
 openpgp/clearsign/clearsign_test.go           |  210 +-
 openpgp/elgamal/elgamal.go                    |   10 +-
 openpgp/elgamal/elgamal_test.go               |   15 +
 openpgp/errors/errors.go                      |    6 +
 openpgp/keys.go                               |  182 +-
 openpgp/keys_data_test.go                     |  200 ++
 openpgp/keys_test.go                          |  303 +-
 openpgp/packet/encrypted_key.go               |   11 +-
 openpgp/packet/encrypted_key_test.go          |   80 +-
 openpgp/packet/opaque_test.go                 |    2 +-
 openpgp/packet/packet.go                      |  117 +-
 openpgp/packet/packet_test.go                 |   38 +-
 openpgp/packet/private_key.go                 |   33 +-
 openpgp/packet/private_key_test.go            |   29 +-
 openpgp/packet/public_key.go                  |   11 +-
 openpgp/packet/public_key_test.go             |   26 +
 openpgp/packet/signature.go                   |    2 +-
 openpgp/packet/symmetric_key_encrypted.go     |    6 +-
 .../packet/symmetric_key_encrypted_test.go    |   82 +-
 openpgp/packet/userattribute.go               |    2 +-
 openpgp/read.go                               |    6 +
 openpgp/read_test.go                          |    2 +-
 openpgp/s2k/s2k.go                            |    6 +
 openpgp/write.go                              |  174 +-
 openpgp/write_test.go                         |   89 +
 otr/otr.go                                    |    6 +-
 pbkdf2/pbkdf2_test.go                         |   19 +
 pkcs12/crypto.go                              |    2 +-
 pkcs12/internal/rc2/rc2.go                    |    3 -
 pkcs12/internal/rc2/rc2_test.go               |    1 -
 pkcs12/pkcs12.go                              |   20 +-
 pkcs12/pkcs12_test.go                         |    3 +
 poly1305/poly1305.go                          |   33 -
 poly1305/poly1305_compat.go                   |   91 +
 poly1305/poly1305_test.go                     |  159 -
 poly1305/sum_amd64.go                         |   22 -
 poly1305/sum_arm.go                           |   22 -
 poly1305/sum_arm.s                            |  427 ---
 poly1305/sum_ref.go                           |  141 -
 ripemd160/ripemd160.go                        |    6 +-
 ripemd160/ripemd160_test.go                   |   18 +-
 ripemd160/ripemd160block.go                   |   64 +-
 salsa20/salsa/salsa20_amd64.go                |    9 +-
 .../{salsa2020_amd64.s => salsa20_amd64.s}    |  246 +-
 salsa20/salsa/salsa20_amd64_test.go           |   32 +
 salsa20/salsa/salsa20_noasm.go                |   15 +
 salsa20/salsa/salsa20_ref.go                  |    9 +-
 salsa20/salsa/salsa_test.go                   |   19 +
 salsa20/salsa20.go                            |   10 +-
 scrypt/example_test.go                        |   26 +
 scrypt/scrypt.go                              |  145 +-
 scrypt/scrypt_test.go                         |    4 +-
 sha3/doc.go                                   |    2 +-
 sha3/hashes.go                                |   40 +-
 sha3/hashes_generic.go                        |   28 +
 sha3/keccakf.go                               |    3 +-
 sha3/keccakf_amd64.go                         |    3 +-
 sha3/keccakf_amd64.s                          |    3 +-
 sha3/register.go                              |    1 +
 sha3/sha3.go                                  |   28 +-
 sha3/sha3_s390x.go                            |  285 ++
 sha3/sha3_s390x.s                             |   34 +
 sha3/sha3_test.go                             |  247 +-
 sha3/shake.go                                 |  125 +-
 sha3/shake_generic.go                         |   20 +
 sha3/testdata/keccakKats.json.deflate         |  Bin 521342 -> 540828 bytes
 sha3/xor.go                                   |   10 +-
 sha3/xor_generic.go                           |    2 +-
 sha3/xor_unaligned.go                         |   14 +-
 ssh/agent/client.go                           |  200 +-
 ssh/agent/client_test.go                      |  260 +-
 ssh/agent/example_test.go                     |   18 +-
 ssh/agent/keyring.go                          |   30 +-
 ssh/agent/server.go                           |  141 +-
 ssh/agent/server_test.go                      |   52 +-
 ssh/benchmark_test.go                         |    6 +-
 ssh/buffer.go                                 |    5 +-
 ssh/certs.go                                  |   63 +-
 ssh/certs_test.go                             |  113 +
 ssh/channel.go                                |  142 +-
 ssh/cipher.go                                 |  280 +-
 ssh/cipher_test.go                            |  100 +-
 ssh/client.go                                 |   29 +-
 ssh/client_auth.go                            |  257 +-
 ssh/client_auth_test.go                       |  288 +-
 ssh/client_test.go                            |  190 +-
 ssh/common.go                                 |   57 +-
 ssh/common_test.go                            |  176 +
 ssh/example_test.go                           |    3 +-
 ssh/handshake.go                              |   11 +-
 ssh/handshake_test.go                         |    3 +
 ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go     |   93 +
 .../bcrypt_pbkdf/bcrypt_pbkdf_test.go         |   97 +
 ssh/kex.go                                    |  268 +-
 ssh/kex_test.go                               |   65 +-
 ssh/keys.go                                   |  666 +++-
 ssh/keys_test.go                              |  210 +-
 ssh/knownhosts/knownhosts.go                  |   66 +-
 ssh/knownhosts/knownhosts_test.go             |   29 +-
 ssh/messages.go                               |  138 +-
 ssh/mux.go                                    |   29 +-
 ssh/mux_test.go                               |  220 +-
 ssh/server.go                                 |  177 +-
 ssh/session.go                                |   22 +-
 ssh/session_test.go                           |   12 +-
 ssh/ssh_gss.go                                |  139 +
 ssh/ssh_gss_test.go                           |  109 +
 ssh/streamlocal.go                            |    1 +
 ssh/tcpip.go                                  |    9 +
 ssh/terminal/terminal.go                      |  951 +-----
 ssh/terminal/terminal_test.go                 |  350 --
 ssh/terminal/util.go                          |  119 -
 ssh/terminal/util_bsd.go                      |   12 -
 ssh/terminal/util_linux.go                    |   11 -
 ssh/terminal/util_plan9.go                    |   58 -
 ssh/terminal/util_solaris.go                  |  128 -
 ssh/terminal/util_windows.go                  |  155 -
 ssh/test/agent_unix_test.go                   |    3 +-
 ssh/test/banner_test.go                       |   33 +
 ssh/test/cert_test.go                         |    3 +-
 ssh/test/dial_unix_test.go                    |    7 +-
 ssh/test/doc.go                               |    2 +-
 ssh/test/forward_unix_test.go                 |   20 +-
 ssh/test/multi_auth_test.go                   |  145 +
 ssh/test/session_test.go                      |  206 +-
 ssh/test/sshd_test_pw.c                       |  173 +
 ssh/test/test_unix_test.go                    |   94 +-
 ssh/testdata/keys.go                          |  141 +-
 ssh/transport.go                              |   82 +-
 ssh/transport_test.go                         |   14 +-
 tea/cipher.go                                 |    9 +-
 twofish/twofish.go                            |    6 +
 xtea/block.go                                 |    2 +-
 xtea/cipher.go                                |   14 +-
 xts/xts.go                                    |   49 +-
 xts/xts_test.go                               |   16 +
 306 files changed, 29378 insertions(+), 9289 deletions(-)
 create mode 100644 acme/autocert/internal/acmetest/ca.go
 create mode 100644 acme/http.go
 create mode 100644 acme/http_test.go
 create mode 100644 acme/internal/acmeprobe/prober.go
 create mode 100644 acme/rfc8555.go
 create mode 100644 acme/rfc8555_test.go
 create mode 100644 acme/version_go112.go
 create mode 100644 argon2/argon2.go
 create mode 100644 argon2/argon2_test.go
 create mode 100644 argon2/blake2b.go
 create mode 100644 argon2/blamka_amd64.go
 create mode 100644 argon2/blamka_amd64.s
 create mode 100644 argon2/blamka_generic.go
 create mode 100644 argon2/blamka_ref.go
 create mode 100644 chacha20/chacha_arm64.go
 create mode 100644 chacha20/chacha_arm64.s
 create mode 100644 chacha20/chacha_generic.go
 create mode 100644 chacha20/chacha_noasm.go
 create mode 100644 chacha20/chacha_ppc64le.go
 create mode 100644 chacha20/chacha_ppc64le.s
 create mode 100644 chacha20/chacha_s390x.go
 create mode 100644 chacha20/chacha_s390x.s
 create mode 100644 chacha20/chacha_test.go
 create mode 100644 chacha20/vectors_test.go
 create mode 100644 chacha20/xor.go
 delete mode 100644 chacha20poly1305/internal/chacha20/chacha_generic.go
 delete mode 100644 chacha20poly1305/internal/chacha20/chacha_test.go
 create mode 100644 chacha20poly1305/xchacha20poly1305.go
 create mode 100644 cryptobyte/asn1/asn1.go
 delete mode 100644 curve25519/const_amd64.h
 delete mode 100644 curve25519/const_amd64.s
 delete mode 100644 curve25519/cswap_amd64.s
 delete mode 100644 curve25519/doc.go
 delete mode 100644 curve25519/freeze_amd64.s
 create mode 100644 curve25519/internal/field/README
 create mode 100644 curve25519/internal/field/_asm/fe_amd64_asm.go
 create mode 100644 curve25519/internal/field/_asm/go.mod
 create mode 100644 curve25519/internal/field/_asm/go.sum
 create mode 100644 curve25519/internal/field/fe.go
 create mode 100644 curve25519/internal/field/fe_alias_test.go
 create mode 100644 curve25519/internal/field/fe_amd64.go
 create mode 100644 curve25519/internal/field/fe_amd64.s
 create mode 100644 curve25519/internal/field/fe_amd64_noasm.go
 create mode 100644 curve25519/internal/field/fe_arm64.go
 create mode 100644 curve25519/internal/field/fe_arm64.s
 create mode 100644 curve25519/internal/field/fe_arm64_noasm.go
 create mode 100644 curve25519/internal/field/fe_bench_test.go
 create mode 100644 curve25519/internal/field/fe_generic.go
 create mode 100644 curve25519/internal/field/fe_test.go
 create mode 100644 curve25519/internal/field/sync.checkpoint
 create mode 100755 curve25519/internal/field/sync.sh
 delete mode 100644 curve25519/ladderstep_amd64.s
 delete mode 100644 curve25519/mont25519_amd64.go
 delete mode 100644 curve25519/mul_amd64.s
 delete mode 100644 curve25519/square_amd64.s
 create mode 100644 curve25519/vectors_test.go
 create mode 100644 ed25519/ed25519_go113.go
 create mode 100644 ed25519/go113_test.go
 create mode 100644 go.mod
 create mode 100644 go.sum
 create mode 100644 internal/poly1305/bits_compat.go
 create mode 100644 internal/poly1305/bits_go1.13.go
 create mode 100644 internal/poly1305/mac_noasm.go
 create mode 100644 internal/poly1305/poly1305.go
 create mode 100644 internal/poly1305/poly1305_test.go
 create mode 100644 internal/poly1305/sum_amd64.go
 rename {poly1305 => internal/poly1305}/sum_amd64.s (72%)
 create mode 100644 internal/poly1305/sum_generic.go
 create mode 100644 internal/poly1305/sum_ppc64le.go
 create mode 100644 internal/poly1305/sum_ppc64le.s
 create mode 100644 internal/poly1305/sum_s390x.go
 create mode 100644 internal/poly1305/sum_s390x.s
 create mode 100644 internal/poly1305/vectors_test.go
 create mode 100644 internal/subtle/aliasing.go
 create mode 100644 internal/subtle/aliasing_purego.go
 create mode 100644 internal/subtle/aliasing_test.go
 create mode 100644 internal/wycheproof/README.md
 create mode 100644 internal/wycheproof/aead_test.go
 create mode 100644 internal/wycheproof/aes_cbc_test.go
 create mode 100644 internal/wycheproof/dsa_test.go
 create mode 100644 internal/wycheproof/ecdsa_compat_test.go
 create mode 100644 internal/wycheproof/ecdsa_go115_test.go
 create mode 100644 internal/wycheproof/ecdsa_test.go
 create mode 100644 internal/wycheproof/eddsa_test.go
 create mode 100644 internal/wycheproof/hkdf_test.go
 create mode 100644 internal/wycheproof/hmac_test.go
 create mode 100644 internal/wycheproof/internal/dsa/dsa.go
 create mode 100644 internal/wycheproof/rsa_oaep_decrypt_test.go
 create mode 100644 internal/wycheproof/rsa_pss_test.go
 create mode 100644 internal/wycheproof/rsa_signature_test.go
 create mode 100644 internal/wycheproof/wycheproof_test.go
 create mode 100644 nacl/auth/auth.go
 create mode 100644 nacl/auth/auth_test.go
 create mode 100644 nacl/auth/example_test.go
 create mode 100644 nacl/sign/sign.go
 create mode 100644 nacl/sign/sign_test.go
 create mode 100644 openpgp/keys_data_test.go
 delete mode 100644 poly1305/poly1305.go
 create mode 100644 poly1305/poly1305_compat.go
 delete mode 100644 poly1305/poly1305_test.go
 delete mode 100644 poly1305/sum_amd64.go
 delete mode 100644 poly1305/sum_arm.go
 delete mode 100644 poly1305/sum_arm.s
 delete mode 100644 poly1305/sum_ref.go
 rename salsa20/salsa/{salsa2020_amd64.s => salsa20_amd64.s} (83%)
 create mode 100644 salsa20/salsa/salsa20_amd64_test.go
 create mode 100644 salsa20/salsa/salsa20_noasm.go
 create mode 100644 scrypt/example_test.go
 create mode 100644 sha3/hashes_generic.go
 create mode 100644 sha3/sha3_s390x.go
 create mode 100644 sha3/sha3_s390x.s
 create mode 100644 sha3/shake_generic.go
 create mode 100644 ssh/common_test.go
 create mode 100644 ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go
 create mode 100644 ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf_test.go
 create mode 100644 ssh/ssh_gss.go
 create mode 100644 ssh/ssh_gss_test.go
 delete mode 100644 ssh/terminal/terminal_test.go
 delete mode 100644 ssh/terminal/util.go
 delete mode 100644 ssh/terminal/util_bsd.go
 delete mode 100644 ssh/terminal/util_linux.go
 delete mode 100644 ssh/terminal/util_plan9.go
 delete mode 100644 ssh/terminal/util_solaris.go
 delete mode 100644 ssh/terminal/util_windows.go
 create mode 100644 ssh/test/banner_test.go
 create mode 100644 ssh/test/multi_auth_test.go
 create mode 100644 ssh/test/sshd_test_pw.c

diff --git a/.gitignore b/.gitignore
index 8339fd61d..5a9d62efd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-# Add no patterns to .hgignore except for files generated by the build.
+# Add no patterns to .gitignore except for files generated by the build.
 last-change
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 88dff59bc..d0485e887 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -4,16 +4,15 @@ Go is an open source project.
 
 It is the work of hundreds of contributors. We appreciate your help!
 
-
 ## Filing issues
 
 When [filing an issue](https://golang.org/issue/new), make sure to answer these five questions:
 
-1. What version of Go are you using (`go version`)?
-2. What operating system and processor architecture are you using?
-3. What did you do?
-4. What did you expect to see?
-5. What did you see instead?
+1.  What version of Go are you using (`go version`)?
+2.  What operating system and processor architecture are you using?
+3.  What did you do?
+4.  What did you expect to see?
+5.  What did you see instead?
 
 General questions should go to the [golang-nuts mailing list](https://groups.google.com/group/golang-nuts) instead of the issue tracker.
 The gophers there will answer or ask you to file an issue if you've tripped over a bug.
@@ -23,9 +22,5 @@ The gophers there will answer or ask you to file an issue if you've tripped over
 Please read the [Contribution Guidelines](https://golang.org/doc/contribute.html)
 before sending patches.
 
-**We do not accept GitHub pull requests**
-(we use [Gerrit](https://code.google.com/p/gerrit/) instead for code review).
-
 Unless otherwise noted, the Go source files are distributed under
 the BSD-style license found in the LICENSE file.
-
diff --git a/README.md b/README.md
index c9d6fecd1..92f73cdfb 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # Go Cryptography
 
+[![Go Reference](https://pkg.go.dev/badge/golang.org/x/crypto.svg)](https://pkg.go.dev/golang.org/x/crypto)
+
 This repository holds supplementary Go cryptography libraries.
 
 ## Download/Install
diff --git a/acme/acme.go b/acme/acme.go
index 4e409be6d..73b19ef35 100644
--- a/acme/acme.go
+++ b/acme/acme.go
@@ -4,7 +4,10 @@
 
 // Package acme provides an implementation of the
 // Automatic Certificate Management Environment (ACME) spec.
-// See https://tools.ietf.org/html/draft-ietf-acme-acme-02 for details.
+// The initial implementation was based on ACME draft-02 and
+// is now being extended to comply with RFC 8555.
+// See https://tools.ietf.org/html/draft-ietf-acme-acme-02
+// and https://tools.ietf.org/html/rfc8555 for details.
 //
 // Most common scenarios will want to use autocert subdirectory instead,
 // which provides automatic access to certificates from Let's Encrypt
@@ -14,7 +17,6 @@
 package acme
 
 import (
-	"bytes"
 	"context"
 	"crypto"
 	"crypto/ecdsa"
@@ -23,6 +25,8 @@ import (
 	"crypto/sha256"
 	"crypto/tls"
 	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/asn1"
 	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
@@ -33,56 +37,40 @@ import (
 	"io/ioutil"
 	"math/big"
 	"net/http"
-	"strconv"
 	"strings"
 	"sync"
 	"time"
 )
 
-// LetsEncryptURL is the Directory endpoint of Let's Encrypt CA.
-const LetsEncryptURL = "https://acme-v01.api.letsencrypt.org/directory"
+const (
+	// LetsEncryptURL is the Directory endpoint of Let's Encrypt CA.
+	LetsEncryptURL = "https://acme-v02.api.letsencrypt.org/directory"
+
+	// ALPNProto is the ALPN protocol name used by a CA server when validating
+	// tls-alpn-01 challenges.
+	//
+	// Package users must ensure their servers can negotiate the ACME ALPN in
+	// order for tls-alpn-01 challenge verifications to succeed.
+	// See the crypto/tls package's Config.NextProtos field.
+	ALPNProto = "acme-tls/1"
+)
+
+// idPeACMEIdentifier is the OID for the ACME extension for the TLS-ALPN challenge.
+// https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05#section-5.1
+var idPeACMEIdentifier = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31}
 
 const (
 	maxChainLen = 5       // max depth and breadth of a certificate chain
-	maxCertSize = 1 << 20 // max size of a certificate, in bytes
+	maxCertSize = 1 << 20 // max size of a certificate, in DER bytes
+	// Used for decoding certs from application/pem-certificate-chain response,
+	// the default when in RFC mode.
+	maxCertChainSize = maxCertSize * maxChainLen
 
 	// Max number of collected nonces kept in memory.
 	// Expect usual peak of 1 or 2.
 	maxNonces = 100
 )
 
-// CertOption is an optional argument type for Client methods which manipulate
-// certificate data.
-type CertOption interface {
-	privateCertOpt()
-}
-
-// WithKey creates an option holding a private/public key pair.
-// The private part signs a certificate, and the public part represents the signee.
-func WithKey(key crypto.Signer) CertOption {
-	return &certOptKey{key}
-}
-
-type certOptKey struct {
-	key crypto.Signer
-}
-
-func (*certOptKey) privateCertOpt() {}
-
-// WithTemplate creates an option for specifying a certificate template.
-// See x509.CreateCertificate for template usage details.
-//
-// In TLSSNIxChallengeCert methods, the template is also used as parent,
-// resulting in a self-signed certificate.
-// The DNSNames field of t is always overwritten for tls-sni challenge certs.
-func WithTemplate(t *x509.Certificate) CertOption {
-	return (*certOptTemplate)(t)
-}
-
-type certOptTemplate x509.Certificate
-
-func (*certOptTemplate) privateCertOpt() {}
-
 // Client is an ACME client.
 // The only required field is Key. An example of creating a client with a new key
 // is as follows:
@@ -96,6 +84,10 @@ func (*certOptTemplate) privateCertOpt() {}
 type Client struct {
 	// Key is the account key used to register with a CA and sign requests.
 	// Key.Public() must return a *rsa.PublicKey or *ecdsa.PublicKey.
+	//
+	// The following algorithms are supported:
+	// RS256, ES256, ES384 and ES512.
+	// See RFC7518 for more details about the algorithms.
 	Key crypto.Signer
 
 	// HTTPClient optionally specifies an HTTP client to use
@@ -108,73 +100,152 @@ type Client struct {
 	// will have no effect.
 	DirectoryURL string
 
-	dirMu sync.Mutex // guards writes to dir
-	dir   *Directory // cached result of Client's Discover method
+	// RetryBackoff computes the duration after which the nth retry of a failed request
+	// should occur. The value of n for the first call on failure is 1.
+	// The values of r and resp are the request and response of the last failed attempt.
+	// If the returned value is negative or zero, no more retries are done and an error
+	// is returned to the caller of the original method.
+	//
+	// Requests which result in a 4xx client error are not retried,
+	// except for 400 Bad Request due to "bad nonce" errors and 429 Too Many Requests.
+	//
+	// If RetryBackoff is nil, a truncated exponential backoff algorithm
+	// with the ceiling of 10 seconds is used, where each subsequent retry n
+	// is done after either ("Retry-After" + jitter) or (2^n seconds + jitter),
+	// preferring the former if "Retry-After" header is found in the resp.
+	// The jitter is a random value up to 1 second.
+	RetryBackoff func(n int, r *http.Request, resp *http.Response) time.Duration
+
+	// UserAgent is prepended to the User-Agent header sent to the ACME server,
+	// which by default is this package's name and version.
+	//
+	// Reusable libraries and tools in particular should set this value to be
+	// identifiable by the server, in case they are causing issues.
+	UserAgent string
+
+	cacheMu sync.Mutex
+	dir     *Directory // cached result of Client's Discover method
+	kid     keyID      // cached Account.URI obtained from registerRFC or getAccountRFC
 
 	noncesMu sync.Mutex
 	nonces   map[string]struct{} // nonces collected from previous responses
 }
 
+// accountKID returns a key ID associated with c.Key, the account identity
+// provided by the CA during RFC based registration.
+// It assumes c.Discover has already been called.
+//
+// accountKID requires at most one network roundtrip.
+// It caches only successful result.
+//
+// When in pre-RFC mode or when c.getRegRFC responds with an error, accountKID
+// returns noKeyID.
+func (c *Client) accountKID(ctx context.Context) keyID {
+	c.cacheMu.Lock()
+	defer c.cacheMu.Unlock()
+	if !c.dir.rfcCompliant() {
+		return noKeyID
+	}
+	if c.kid != noKeyID {
+		return c.kid
+	}
+	a, err := c.getRegRFC(ctx)
+	if err != nil {
+		return noKeyID
+	}
+	c.kid = keyID(a.URI)
+	return c.kid
+}
+
 // Discover performs ACME server discovery using c.DirectoryURL.
 //
 // It caches successful result. So, subsequent calls will not result in
 // a network round-trip. This also means mutating c.DirectoryURL after successful call
 // of this method will have no effect.
 func (c *Client) Discover(ctx context.Context) (Directory, error) {
-	c.dirMu.Lock()
-	defer c.dirMu.Unlock()
+	c.cacheMu.Lock()
+	defer c.cacheMu.Unlock()
 	if c.dir != nil {
 		return *c.dir, nil
 	}
 
-	dirURL := c.DirectoryURL
-	if dirURL == "" {
-		dirURL = LetsEncryptURL
-	}
-	res, err := c.get(ctx, dirURL)
+	res, err := c.get(ctx, c.directoryURL(), wantStatus(http.StatusOK))
 	if err != nil {
 		return Directory{}, err
 	}
 	defer res.Body.Close()
 	c.addNonce(res.Header)
-	if res.StatusCode != http.StatusOK {
-		return Directory{}, responseError(res)
-	}
 
 	var v struct {
-		Reg    string `json:"new-reg"`
-		Authz  string `json:"new-authz"`
-		Cert   string `json:"new-cert"`
-		Revoke string `json:"revoke-cert"`
-		Meta   struct {
-			Terms   string   `json:"terms-of-service"`
-			Website string   `json:"website"`
-			CAA     []string `json:"caa-identities"`
+		Reg          string `json:"new-reg"`
+		RegRFC       string `json:"newAccount"`
+		Authz        string `json:"new-authz"`
+		AuthzRFC     string `json:"newAuthz"`
+		OrderRFC     string `json:"newOrder"`
+		Cert         string `json:"new-cert"`
+		Revoke       string `json:"revoke-cert"`
+		RevokeRFC    string `json:"revokeCert"`
+		NonceRFC     string `json:"newNonce"`
+		KeyChangeRFC string `json:"keyChange"`
+		Meta         struct {
+			Terms           string   `json:"terms-of-service"`
+			TermsRFC        string   `json:"termsOfService"`
+			WebsiteRFC      string   `json:"website"`
+			CAA             []string `json:"caa-identities"`
+			CAARFC          []string `json:"caaIdentities"`
+			ExternalAcctRFC bool     `json:"externalAccountRequired"`
 		}
 	}
 	if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
 		return Directory{}, err
 	}
+	if v.OrderRFC == "" {
+		// Non-RFC compliant ACME CA.
+		c.dir = &Directory{
+			RegURL:    v.Reg,
+			AuthzURL:  v.Authz,
+			CertURL:   v.Cert,
+			RevokeURL: v.Revoke,
+			Terms:     v.Meta.Terms,
+			Website:   v.Meta.WebsiteRFC,
+			CAA:       v.Meta.CAA,
+		}
+		return *c.dir, nil
+	}
+	// RFC compliant ACME CA.
 	c.dir = &Directory{
-		RegURL:    v.Reg,
-		AuthzURL:  v.Authz,
-		CertURL:   v.Cert,
-		RevokeURL: v.Revoke,
-		Terms:     v.Meta.Terms,
-		Website:   v.Meta.Website,
-		CAA:       v.Meta.CAA,
+		RegURL:                  v.RegRFC,
+		AuthzURL:                v.AuthzRFC,
+		OrderURL:                v.OrderRFC,
+		RevokeURL:               v.RevokeRFC,
+		NonceURL:                v.NonceRFC,
+		KeyChangeURL:            v.KeyChangeRFC,
+		Terms:                   v.Meta.TermsRFC,
+		Website:                 v.Meta.WebsiteRFC,
+		CAA:                     v.Meta.CAARFC,
+		ExternalAccountRequired: v.Meta.ExternalAcctRFC,
 	}
 	return *c.dir, nil
 }
 
+func (c *Client) directoryURL() string {
+	if c.DirectoryURL != "" {
+		return c.DirectoryURL
+	}
+	return LetsEncryptURL
+}
+
 // CreateCert requests a new certificate using the Certificate Signing Request csr encoded in DER format.
+// It is incompatible with RFC 8555. Callers should use CreateOrderCert when interfacing
+// with an RFC-compliant CA.
+//
 // The exp argument indicates the desired certificate validity duration. CA may issue a certificate
 // with a different duration.
 // If the bundle argument is true, the returned value will also contain the CA (issuer) certificate chain.
 //
 // In the case where CA server does not provide the issued certificate in the response,
 // CreateCert will poll certURL using c.FetchCert, which will result in additional round-trips.
-// In such scenario the caller can cancel the polling with ctx.
+// In such a scenario, the caller can cancel the polling with ctx.
 //
 // CreateCert returns an error if the CA's response or chain was unreasonably large.
 // Callers are encouraged to parse the returned value to ensure the certificate is valid and has the expected features.
@@ -198,14 +269,11 @@ func (c *Client) CreateCert(ctx context.Context, csr []byte, exp time.Duration,
 		req.NotAfter = now.Add(exp).Format(time.RFC3339)
 	}
 
-	res, err := c.retryPostJWS(ctx, c.Key, c.dir.CertURL, req)
+	res, err := c.post(ctx, nil, c.dir.CertURL, req, wantStatus(http.StatusCreated))
 	if err != nil {
 		return nil, "", err
 	}
 	defer res.Body.Close()
-	if res.StatusCode != http.StatusCreated {
-		return nil, "", responseError(res)
-	}
 
 	curl := res.Header.Get("Location") // cert permanent URL
 	if res.ContentLength == 0 {
@@ -222,32 +290,27 @@ func (c *Client) CreateCert(ctx context.Context, csr []byte, exp time.Duration,
 // It retries the request until the certificate is successfully retrieved,
 // context is cancelled by the caller or an error response is received.
 //
-// The returned value will also contain the CA (issuer) certificate if the bundle argument is true.
+// If the bundle argument is true, the returned value also contains the CA (issuer)
+// certificate chain.
 //
 // FetchCert returns an error if the CA's response or chain was unreasonably large.
 // Callers are encouraged to parse the returned value to ensure the certificate is valid
 // and has expected features.
 func (c *Client) FetchCert(ctx context.Context, url string, bundle bool) ([][]byte, error) {
-	for {
-		res, err := c.get(ctx, url)
-		if err != nil {
-			return nil, err
-		}
-		defer res.Body.Close()
-		if res.StatusCode == http.StatusOK {
-			return c.responseCert(ctx, res, bundle)
-		}
-		if res.StatusCode > 299 {
-			return nil, responseError(res)
-		}
-		d := retryAfter(res.Header.Get("Retry-After"), 3*time.Second)
-		select {
-		case <-time.After(d):
-			// retry
-		case <-ctx.Done():
-			return nil, ctx.Err()
-		}
+	dir, err := c.Discover(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if dir.rfcCompliant() {
+		return c.fetchCertRFC(ctx, url, bundle)
+	}
+
+	// Legacy non-authenticated GET request.
+	res, err := c.get(ctx, url, wantStatus(http.StatusOK))
+	if err != nil {
+		return nil, err
 	}
+	return c.responseCert(ctx, res, bundle)
 }
 
 // RevokeCert revokes a previously issued certificate cert, provided in DER format.
@@ -257,10 +320,15 @@ func (c *Client) FetchCert(ctx context.Context, url string, bundle bool) ([][]by
 // For instance, the key pair of the certificate may be authorized.
 // If the key is nil, c.Key is used instead.
 func (c *Client) RevokeCert(ctx context.Context, key crypto.Signer, cert []byte, reason CRLReasonCode) error {
-	if _, err := c.Discover(ctx); err != nil {
+	dir, err := c.Discover(ctx)
+	if err != nil {
 		return err
 	}
+	if dir.rfcCompliant() {
+		return c.revokeCertRFC(ctx, key, cert, reason)
+	}
 
+	// Legacy CA.
 	body := &struct {
 		Resource string `json:"resource"`
 		Cert     string `json:"certificate"`
@@ -270,17 +338,11 @@ func (c *Client) RevokeCert(ctx context.Context, key crypto.Signer, cert []byte,
 		Cert:     base64.RawURLEncoding.EncodeToString(cert),
 		Reason:   int(reason),
 	}
-	if key == nil {
-		key = c.Key
-	}
-	res, err := c.retryPostJWS(ctx, key, c.dir.RevokeURL, body)
+	res, err := c.post(ctx, key, dir.RevokeURL, body, wantStatus(http.StatusOK))
 	if err != nil {
 		return err
 	}
 	defer res.Body.Close()
-	if res.StatusCode != http.StatusOK {
-		return responseError(res)
-	}
 	return nil
 }
 
@@ -288,20 +350,34 @@ func (c *Client) RevokeCert(ctx context.Context, key crypto.Signer, cert []byte,
 // during account registration. See Register method of Client for more details.
 func AcceptTOS(tosURL string) bool { return true }
 
-// Register creates a new account registration by following the "new-reg" flow.
-// It returns registered account. The a argument is not modified.
+// Register creates a new account with the CA using c.Key.
+// It returns the registered account. The account acct is not modified.
 //
 // The registration may require the caller to agree to the CA's Terms of Service (TOS).
 // If so, and the account has not indicated the acceptance of the terms (see Account for details),
 // Register calls prompt with a TOS URL provided by the CA. Prompt should report
 // whether the caller agrees to the terms. To always accept the terms, the caller can use AcceptTOS.
-func (c *Client) Register(ctx context.Context, a *Account, prompt func(tosURL string) bool) (*Account, error) {
-	if _, err := c.Discover(ctx); err != nil {
+//
+// When interfacing with an RFC-compliant CA, non-RFC 8555 fields of acct are ignored
+// and prompt is called if Directory's Terms field is non-zero.
+// Also see Error's Instance field for when a CA requires already registered accounts to agree
+// to an updated Terms of Service.
+func (c *Client) Register(ctx context.Context, acct *Account, prompt func(tosURL string) bool) (*Account, error) {
+	if c.Key == nil {
+		return nil, errors.New("acme: client.Key must be set to Register")
+	}
+
+	dir, err := c.Discover(ctx)
+	if err != nil {
 		return nil, err
 	}
+	if dir.rfcCompliant() {
+		return c.registerRFC(ctx, acct, prompt)
+	}
 
-	var err error
-	if a, err = c.doReg(ctx, c.dir.RegURL, "new-reg", a); err != nil {
+	// Legacy ACME draft registration flow.
+	a, err := c.doReg(ctx, dir.RegURL, "new-reg", acct)
+	if err != nil {
 		return nil, err
 	}
 	var accept bool
@@ -315,9 +391,20 @@ func (c *Client) Register(ctx context.Context, a *Account, prompt func(tosURL st
 	return a, err
 }
 
-// GetReg retrieves an existing registration.
-// The url argument is an Account URI.
+// GetReg retrieves an existing account associated with c.Key.
+//
+// The url argument is an Account URI used with pre-RFC 8555 CAs.
+// It is ignored when interfacing with an RFC-compliant CA.
 func (c *Client) GetReg(ctx context.Context, url string) (*Account, error) {
+	dir, err := c.Discover(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if dir.rfcCompliant() {
+		return c.getRegRFC(ctx)
+	}
+
+	// Legacy CA.
 	a, err := c.doReg(ctx, url, "reg", nil)
 	if err != nil {
 		return nil, err
@@ -328,9 +415,21 @@ func (c *Client) GetReg(ctx context.Context, url string) (*Account, error) {
 
 // UpdateReg updates an existing registration.
 // It returns an updated account copy. The provided account is not modified.
-func (c *Client) UpdateReg(ctx context.Context, a *Account) (*Account, error) {
-	uri := a.URI
-	a, err := c.doReg(ctx, uri, "reg", a)
+//
+// When interfacing with RFC-compliant CAs, a.URI is ignored and the account URL
+// associated with c.Key is used instead.
+func (c *Client) UpdateReg(ctx context.Context, acct *Account) (*Account, error) {
+	dir, err := c.Discover(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if dir.rfcCompliant() {
+		return c.updateRegRFC(ctx, acct)
+	}
+
+	// Legacy CA.
+	uri := acct.URI
+	a, err := c.doReg(ctx, uri, "reg", acct)
 	if err != nil {
 		return nil, err
 	}
@@ -338,14 +437,36 @@ func (c *Client) UpdateReg(ctx context.Context, a *Account) (*Account, error) {
 	return a, nil
 }
 
-// Authorize performs the initial step in an authorization flow.
+// Authorize performs the initial step in the pre-authorization flow,
+// as opposed to order-based flow.
 // The caller will then need to choose from and perform a set of returned
 // challenges using c.Accept in order to successfully complete authorization.
 //
+// Once complete, the caller can use AuthorizeOrder which the CA
+// should provision with the already satisfied authorization.
+// For pre-RFC CAs, the caller can proceed directly to requesting a certificate
+// using CreateCert method.
+//
 // If an authorization has been previously granted, the CA may return
-// a valid authorization (Authorization.Status is StatusValid). If so, the caller
-// need not fulfill any challenge and can proceed to requesting a certificate.
+// a valid authorization which has its Status field set to StatusValid.
+//
+// More about pre-authorization can be found at
+// https://tools.ietf.org/html/rfc8555#section-7.4.1.
 func (c *Client) Authorize(ctx context.Context, domain string) (*Authorization, error) {
+	return c.authorize(ctx, "dns", domain)
+}
+
+// AuthorizeIP is the same as Authorize but requests IP address authorization.
+// Clients which successfully obtain such authorization may request to issue
+// a certificate for IP addresses.
+//
+// See the ACME spec extension for more details about IP address identifiers:
+// https://tools.ietf.org/html/draft-ietf-acme-ip.
+func (c *Client) AuthorizeIP(ctx context.Context, ipaddr string) (*Authorization, error) {
+	return c.authorize(ctx, "ip", ipaddr)
+}
+
+func (c *Client) authorize(ctx context.Context, typ, val string) (*Authorization, error) {
 	if _, err := c.Discover(ctx); err != nil {
 		return nil, err
 	}
@@ -359,16 +480,13 @@ func (c *Client) Authorize(ctx context.Context, domain string) (*Authorization,
 		Identifier authzID `json:"identifier"`
 	}{
 		Resource:   "new-authz",
-		Identifier: authzID{Type: "dns", Value: domain},
+		Identifier: authzID{Type: typ, Value: val},
 	}
-	res, err := c.retryPostJWS(ctx, c.Key, c.dir.AuthzURL, req)
+	res, err := c.post(ctx, nil, c.dir.AuthzURL, req, wantStatus(http.StatusCreated))
 	if err != nil {
 		return nil, err
 	}
 	defer res.Body.Close()
-	if res.StatusCode != http.StatusCreated {
-		return nil, responseError(res)
-	}
 
 	var v wireAuthz
 	if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
@@ -385,14 +503,21 @@ func (c *Client) Authorize(ctx context.Context, domain string) (*Authorization,
 // If a caller needs to poll an authorization until its status is final,
 // see the WaitAuthorization method.
 func (c *Client) GetAuthorization(ctx context.Context, url string) (*Authorization, error) {
-	res, err := c.get(ctx, url)
+	dir, err := c.Discover(ctx)
 	if err != nil {
 		return nil, err
 	}
-	defer res.Body.Close()
-	if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusAccepted {
-		return nil, responseError(res)
+
+	var res *http.Response
+	if dir.rfcCompliant() {
+		res, err = c.postAsGet(ctx, url, wantStatus(http.StatusOK))
+	} else {
+		res, err = c.get(ctx, url, wantStatus(http.StatusOK, http.StatusAccepted))
 	}
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
 	var v wireAuthz
 	if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
 		return nil, fmt.Errorf("acme: invalid response: %v", err)
@@ -405,11 +530,16 @@ func (c *Client) GetAuthorization(ctx context.Context, url string) (*Authorizati
 // The url argument is an Authorization.URI value.
 //
 // If successful, the caller will be required to obtain a new authorization
-// using the Authorize method before being able to request a new certificate
-// for the domain associated with the authorization.
+// using the Authorize or AuthorizeOrder methods before being able to request
+// a new certificate for the domain associated with the authorization.
 //
 // It does not revoke existing certificates.
 func (c *Client) RevokeAuthorization(ctx context.Context, url string) error {
+	// Required for c.accountKID() when in RFC mode.
+	if _, err := c.Discover(ctx); err != nil {
+		return err
+	}
+
 	req := struct {
 		Resource string `json:"resource"`
 		Status   string `json:"status"`
@@ -419,56 +549,68 @@ func (c *Client) RevokeAuthorization(ctx context.Context, url string) error {
 		Status:   "deactivated",
 		Delete:   true,
 	}
-	res, err := c.retryPostJWS(ctx, c.Key, url, req)
+	res, err := c.post(ctx, nil, url, req, wantStatus(http.StatusOK))
 	if err != nil {
 		return err
 	}
 	defer res.Body.Close()
-	if res.StatusCode != http.StatusOK {
-		return responseError(res)
-	}
 	return nil
 }
 
 // WaitAuthorization polls an authorization at the given URL
 // until it is in one of the final states, StatusValid or StatusInvalid,
-// or the context is done.
+// the ACME CA responded with a 4xx error code, or the context is done.
 //
 // It returns a non-nil Authorization only if its Status is StatusValid.
 // In all other cases WaitAuthorization returns an error.
 // If the Status is StatusInvalid, the returned error is of type *AuthorizationError.
 func (c *Client) WaitAuthorization(ctx context.Context, url string) (*Authorization, error) {
-	sleep := sleeper(ctx)
+	// Required for c.accountKID() when in RFC mode.
+	dir, err := c.Discover(ctx)
+	if err != nil {
+		return nil, err
+	}
+	getfn := c.postAsGet
+	if !dir.rfcCompliant() {
+		getfn = c.get
+	}
+
 	for {
-		res, err := c.get(ctx, url)
+		res, err := getfn(ctx, url, wantStatus(http.StatusOK, http.StatusAccepted))
 		if err != nil {
 			return nil, err
 		}
-		retry := res.Header.Get("Retry-After")
-		if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusAccepted {
-			res.Body.Close()
-			if err := sleep(retry, 1); err != nil {
-				return nil, err
-			}
-			continue
-		}
+
 		var raw wireAuthz
 		err = json.NewDecoder(res.Body).Decode(&raw)
 		res.Body.Close()
-		if err != nil {
-			if err := sleep(retry, 0); err != nil {
-				return nil, err
-			}
-			continue
-		}
-		if raw.Status == StatusValid {
+		switch {
+		case err != nil:
+			// Skip and retry.
+		case raw.Status == StatusValid:
 			return raw.authorization(url), nil
-		}
-		if raw.Status == StatusInvalid {
+		case raw.Status == StatusInvalid:
 			return nil, raw.error(url)
 		}
-		if err := sleep(retry, 0); err != nil {
-			return nil, err
+
+		// Exponential backoff is implemented in c.get above.
+		// This is just to prevent continuously hitting the CA
+		// while waiting for a final authorization status.
+		d := retryAfter(res.Header.Get("Retry-After"))
+		if d == 0 {
+			// Given that the fastest challenges TLS-SNI and HTTP-01
+			// require a CA to make at least 1 network round trip
+			// and most likely persist a challenge state,
+			// this default delay seems reasonable.
+			d = time.Second
+		}
+		t := time.NewTimer(d)
+		select {
+		case <-ctx.Done():
+			t.Stop()
+			return nil, ctx.Err()
+		case <-t.C:
+			// Retry.
 		}
 	}
 }
@@ -477,14 +619,22 @@ func (c *Client) WaitAuthorization(ctx context.Context, url string) (*Authorizat
 //
 // A client typically polls a challenge status using this method.
 func (c *Client) GetChallenge(ctx context.Context, url string) (*Challenge, error) {
-	res, err := c.get(ctx, url)
+	// Required for c.accountKID() when in RFC mode.
+	dir, err := c.Discover(ctx)
 	if err != nil {
 		return nil, err
 	}
-	defer res.Body.Close()
-	if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusAccepted {
-		return nil, responseError(res)
+
+	getfn := c.postAsGet
+	if !dir.rfcCompliant() {
+		getfn = c.get
+	}
+	res, err := getfn(ctx, url, wantStatus(http.StatusOK, http.StatusAccepted))
+	if err != nil {
+		return nil, err
 	}
+
+	defer res.Body.Close()
 	v := wireChallenge{URI: url}
 	if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
 		return nil, fmt.Errorf("acme: invalid response: %v", err)
@@ -497,30 +647,36 @@ func (c *Client) GetChallenge(ctx context.Context, url string) (*Challenge, erro
 //
 // The server will then perform the validation asynchronously.
 func (c *Client) Accept(ctx context.Context, chal *Challenge) (*Challenge, error) {
-	auth, err := keyAuth(c.Key.Public(), chal.Token)
+	// Required for c.accountKID() when in RFC mode.
+	dir, err := c.Discover(ctx)
 	if err != nil {
 		return nil, err
 	}
 
-	req := struct {
-		Resource string `json:"resource"`
-		Type     string `json:"type"`
-		Auth     string `json:"keyAuthorization"`
-	}{
-		Resource: "challenge",
-		Type:     chal.Type,
-		Auth:     auth,
+	var req interface{} = json.RawMessage("{}") // RFC-compliant CA
+	if !dir.rfcCompliant() {
+		auth, err := keyAuth(c.Key.Public(), chal.Token)
+		if err != nil {
+			return nil, err
+		}
+		req = struct {
+			Resource string `json:"resource"`
+			Type     string `json:"type"`
+			Auth     string `json:"keyAuthorization"`
+		}{
+			Resource: "challenge",
+			Type:     chal.Type,
+			Auth:     auth,
+		}
 	}
-	res, err := c.retryPostJWS(ctx, c.Key, chal.URI, req)
+	res, err := c.post(ctx, nil, chal.URI, req, wantStatus(
+		http.StatusOK,       // according to the spec
+		http.StatusAccepted, // Let's Encrypt: see https://goo.gl/WsJ7VT (acme-divergences.md)
+	))
 	if err != nil {
 		return nil, err
 	}
 	defer res.Body.Close()
-	// Note: the protocol specifies 200 as the expected response code, but
-	// letsencrypt seems to be returning 202.
-	if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusAccepted {
-		return nil, responseError(res)
-	}
 
 	var v wireChallenge
 	if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
@@ -563,21 +719,8 @@ func (c *Client) HTTP01ChallengePath(token string) string {
 }
 
 // TLSSNI01ChallengeCert creates a certificate for TLS-SNI-01 challenge response.
-// Servers can present the certificate to validate the challenge and prove control
-// over a domain name.
-//
-// The implementation is incomplete in that the returned value is a single certificate,
-// computed only for Z0 of the key authorization. ACME CAs are expected to update
-// their implementations to use the newer version, TLS-SNI-02.
-// For more details on TLS-SNI-01 see https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-7.3.
-//
-// The token argument is a Challenge.Token value.
-// If a WithKey option is provided, its private part signs the returned cert,
-// and the public part is used to specify the signee.
-// If no WithKey option is provided, a new ECDSA key is generated using P-256 curve.
 //
-// The returned certificate is valid for the next 24 hours and must be presented only when
-// the server name of the client hello matches exactly the returned name value.
+// Deprecated: This challenge type is unused in both draft-02 and RFC versions of ACME spec.
 func (c *Client) TLSSNI01ChallengeCert(token string, opt ...CertOption) (cert tls.Certificate, name string, err error) {
 	ka, err := keyAuth(c.Key.Public(), token)
 	if err != nil {
@@ -594,17 +737,8 @@ func (c *Client) TLSSNI01ChallengeCert(token string, opt ...CertOption) (cert tl
 }
 
 // TLSSNI02ChallengeCert creates a certificate for TLS-SNI-02 challenge response.
-// Servers can present the certificate to validate the challenge and prove control
-// over a domain name. For more details on TLS-SNI-02 see
-// https://tools.ietf.org/html/draft-ietf-acme-acme-03#section-7.3.
-//
-// The token argument is a Challenge.Token value.
-// If a WithKey option is provided, its private part signs the returned cert,
-// and the public part is used to specify the signee.
-// If no WithKey option is provided, a new ECDSA key is generated using P-256 curve.
 //
-// The returned certificate is valid for the next 24 hours and must be presented only when
-// the server name in the client hello matches exactly the returned name value.
+// Deprecated: This challenge type is unused in both draft-02 and RFC versions of ACME spec.
 func (c *Client) TLSSNI02ChallengeCert(token string, opt ...CertOption) (cert tls.Certificate, name string, err error) {
 	b := sha256.Sum256([]byte(token))
 	h := hex.EncodeToString(b[:])
@@ -625,7 +759,53 @@ func (c *Client) TLSSNI02ChallengeCert(token string, opt ...CertOption) (cert tl
 	return cert, sanA, nil
 }
 
-// doReg sends all types of registration requests.
+// TLSALPN01ChallengeCert creates a certificate for TLS-ALPN-01 challenge response.
+// Servers can present the certificate to validate the challenge and prove control
+// over a domain name. For more details on TLS-ALPN-01 see
+// https://tools.ietf.org/html/draft-shoemaker-acme-tls-alpn-00#section-3
+//
+// The token argument is a Challenge.Token value.
+// If a WithKey option is provided, its private part signs the returned cert,
+// and the public part is used to specify the signee.
+// If no WithKey option is provided, a new ECDSA key is generated using P-256 curve.
+//
+// The returned certificate is valid for the next 24 hours and must be presented only when
+// the server name in the TLS ClientHello matches the domain, and the special acme-tls/1 ALPN protocol
+// has been specified.
+func (c *Client) TLSALPN01ChallengeCert(token, domain string, opt ...CertOption) (cert tls.Certificate, err error) {
+	ka, err := keyAuth(c.Key.Public(), token)
+	if err != nil {
+		return tls.Certificate{}, err
+	}
+	shasum := sha256.Sum256([]byte(ka))
+	extValue, err := asn1.Marshal(shasum[:])
+	if err != nil {
+		return tls.Certificate{}, err
+	}
+	acmeExtension := pkix.Extension{
+		Id:       idPeACMEIdentifier,
+		Critical: true,
+		Value:    extValue,
+	}
+
+	tmpl := defaultTLSChallengeCertTemplate()
+
+	var newOpt []CertOption
+	for _, o := range opt {
+		switch o := o.(type) {
+		case *certOptTemplate:
+			t := *(*x509.Certificate)(o) // shallow copy is ok
+			tmpl = &t
+		default:
+			newOpt = append(newOpt, o)
+		}
+	}
+	tmpl.ExtraExtensions = append(tmpl.ExtraExtensions, acmeExtension)
+	newOpt = append(newOpt, WithTemplate(tmpl))
+	return tlsChallengeCert([]string{domain}, newOpt)
+}
+
+// doReg sends all types of registration requests the old way (pre-RFC world).
 // The type of request is identified by typ argument, which is a "resource"
 // in the ACME spec terms.
 //
@@ -644,14 +824,15 @@ func (c *Client) doReg(ctx context.Context, url string, typ string, acct *Accoun
 		req.Contact = acct.Contact
 		req.Agreement = acct.AgreedTerms
 	}
-	res, err := c.retryPostJWS(ctx, c.Key, url, req)
+	res, err := c.post(ctx, nil, url, req, wantStatus(
+		http.StatusOK,       // updates and deletes
+		http.StatusCreated,  // new account creation
+		http.StatusAccepted, // Let's Encrypt divergent implementation
+	))
 	if err != nil {
 		return nil, err
 	}
 	defer res.Body.Close()
-	if res.StatusCode < 200 || res.StatusCode > 299 {
-		return nil, responseError(res)
-	}
 
 	var v struct {
 		Contact        []string
@@ -681,66 +862,23 @@ func (c *Client) doReg(ctx context.Context, url string, typ string, acct *Accoun
 	}, nil
 }
 
-// retryPostJWS will retry calls to postJWS if there is a badNonce error,
-// clearing the stored nonces after each error.
-// If the response was 4XX-5XX, then responseError is called on the body,
-// the body is closed, and the error returned.
-func (c *Client) retryPostJWS(ctx context.Context, key crypto.Signer, url string, body interface{}) (*http.Response, error) {
-	sleep := sleeper(ctx)
-	for {
-		res, err := c.postJWS(ctx, key, url, body)
-		if err != nil {
-			return nil, err
-		}
-		// handle errors 4XX-5XX with responseError
-		if res.StatusCode >= 400 && res.StatusCode <= 599 {
-			err := responseError(res)
-			res.Body.Close()
-			// according to spec badNonce is urn:ietf:params:acme:error:badNonce
-			// however, acme servers in the wild return their version of the error
-			// https://tools.ietf.org/html/draft-ietf-acme-acme-02#section-5.4
-			if ae, ok := err.(*Error); ok && strings.HasSuffix(strings.ToLower(ae.ProblemType), ":badnonce") {
-				// clear any nonces that we might've stored that might now be
-				// considered bad
-				c.clearNonces()
-				retry := res.Header.Get("Retry-After")
-				if err := sleep(retry, 1); err != nil {
-					return nil, err
-				}
-				continue
-			}
-			return nil, err
-		}
-		return res, nil
-	}
-}
-
-// postJWS signs the body with the given key and POSTs it to the provided url.
-// The body argument must be JSON-serializable.
-func (c *Client) postJWS(ctx context.Context, key crypto.Signer, url string, body interface{}) (*http.Response, error) {
-	nonce, err := c.popNonce(ctx, url)
-	if err != nil {
-		return nil, err
-	}
-	b, err := jwsEncodeJSON(body, key, nonce)
-	if err != nil {
-		return nil, err
-	}
-	res, err := c.post(ctx, url, "application/jose+json", bytes.NewReader(b))
-	if err != nil {
-		return nil, err
-	}
-	c.addNonce(res.Header)
-	return res, nil
-}
-
 // popNonce returns a nonce value previously stored with c.addNonce
-// or fetches a fresh one from the given URL.
+// or fetches a fresh one from c.dir.NonceURL.
+// If NonceURL is empty, it first tries c.directoryURL() and, failing that,
+// the provided url.
 func (c *Client) popNonce(ctx context.Context, url string) (string, error) {
 	c.noncesMu.Lock()
 	defer c.noncesMu.Unlock()
 	if len(c.nonces) == 0 {
-		return c.fetchNonce(ctx, url)
+		if c.dir != nil && c.dir.NonceURL != "" {
+			return c.fetchNonce(ctx, c.dir.NonceURL)
+		}
+		dirURL := c.directoryURL()
+		v, err := c.fetchNonce(ctx, dirURL)
+		if err != nil && url != dirURL {
+			v, err = c.fetchNonce(ctx, url)
+		}
+		return v, err
 	}
 	var nonce string
 	for nonce = range c.nonces {
@@ -774,58 +912,12 @@ func (c *Client) addNonce(h http.Header) {
 	c.nonces[v] = struct{}{}
 }
 
-func (c *Client) httpClient() *http.Client {
-	if c.HTTPClient != nil {
-		return c.HTTPClient
-	}
-	return http.DefaultClient
-}
-
-func (c *Client) get(ctx context.Context, urlStr string) (*http.Response, error) {
-	req, err := http.NewRequest("GET", urlStr, nil)
-	if err != nil {
-		return nil, err
-	}
-	return c.do(ctx, req)
-}
-
-func (c *Client) head(ctx context.Context, urlStr string) (*http.Response, error) {
-	req, err := http.NewRequest("HEAD", urlStr, nil)
-	if err != nil {
-		return nil, err
-	}
-	return c.do(ctx, req)
-}
-
-func (c *Client) post(ctx context.Context, urlStr, contentType string, body io.Reader) (*http.Response, error) {
-	req, err := http.NewRequest("POST", urlStr, body)
+func (c *Client) fetchNonce(ctx context.Context, url string) (string, error) {
+	r, err := http.NewRequest("HEAD", url, nil)
 	if err != nil {
-		return nil, err
+		return "", err
 	}
-	req.Header.Set("Content-Type", contentType)
-	return c.do(ctx, req)
-}
-
-func (c *Client) do(ctx context.Context, req *http.Request) (*http.Response, error) {
-	res, err := c.httpClient().Do(req.WithContext(ctx))
-	if err != nil {
-		select {
-		case <-ctx.Done():
-			// Prefer the unadorned context error.
-			// (The acme package had tests assuming this, previously from ctxhttp's
-			// behavior, predating net/http supporting contexts natively)
-			// TODO(bradfitz): reconsider this in the future. But for now this
-			// requires no test updates.
-			return nil, ctx.Err()
-		default:
-			return nil, err
-		}
-	}
-	return res, nil
-}
-
-func (c *Client) fetchNonce(ctx context.Context, url string) (string, error) {
-	resp, err := c.head(ctx, url)
+	resp, err := c.doNoRetry(ctx, r)
 	if err != nil {
 		return "", err
 	}
@@ -877,24 +969,6 @@ func (c *Client) responseCert(ctx context.Context, res *http.Response, bundle bo
 	return cert, nil
 }
 
-// responseError creates an error of Error type from resp.
-func responseError(resp *http.Response) error {
-	// don't care if ReadAll returns an error:
-	// json.Unmarshal will fail in that case anyway
-	b, _ := ioutil.ReadAll(resp.Body)
-	e := &wireError{Status: resp.StatusCode}
-	if err := json.Unmarshal(b, e); err != nil {
-		// this is not a regular error response:
-		// populate detail with anything we received,
-		// e.Status will already contain HTTP response code value
-		e.Detail = string(b)
-		if e.Detail == "" {
-			e.Detail = resp.Status
-		}
-	}
-	return e.error(resp.Header)
-}
-
 // chainCert fetches CA certificate chain recursively by following "up" links.
 // Each recursive call increments the depth by 1, resulting in an error
 // if the recursion level reaches maxChainLen.
@@ -905,14 +979,11 @@ func (c *Client) chainCert(ctx context.Context, url string, depth int) ([][]byte
 		return nil, errors.New("acme: certificate chain is too deep")
 	}
 
-	res, err := c.get(ctx, url)
+	res, err := c.get(ctx, url, wantStatus(http.StatusOK))
 	if err != nil {
 		return nil, err
 	}
 	defer res.Body.Close()
-	if res.StatusCode != http.StatusOK {
-		return nil, responseError(res)
-	}
 	b, err := ioutil.ReadAll(io.LimitReader(res.Body, maxCertSize+1))
 	if err != nil {
 		return nil, err
@@ -957,65 +1028,6 @@ func linkHeader(h http.Header, rel string) []string {
 	return links
 }
 
-// sleeper returns a function that accepts the Retry-After HTTP header value
-// and an increment that's used with backoff to increasingly sleep on
-// consecutive calls until the context is done. If the Retry-After header
-// cannot be parsed, then backoff is used with a maximum sleep time of 10
-// seconds.
-func sleeper(ctx context.Context) func(ra string, inc int) error {
-	var count int
-	return func(ra string, inc int) error {
-		count += inc
-		d := backoff(count, 10*time.Second)
-		d = retryAfter(ra, d)
-		wakeup := time.NewTimer(d)
-		defer wakeup.Stop()
-		select {
-		case <-ctx.Done():
-			return ctx.Err()
-		case <-wakeup.C:
-			return nil
-		}
-	}
-}
-
-// retryAfter parses a Retry-After HTTP header value,
-// trying to convert v into an int (seconds) or use http.ParseTime otherwise.
-// It returns d if v cannot be parsed.
-func retryAfter(v string, d time.Duration) time.Duration {
-	if i, err := strconv.Atoi(v); err == nil {
-		return time.Duration(i) * time.Second
-	}
-	t, err := http.ParseTime(v)
-	if err != nil {
-		return d
-	}
-	return t.Sub(timeNow())
-}
-
-// backoff computes a duration after which an n+1 retry iteration should occur
-// using truncated exponential backoff algorithm.
-//
-// The n argument is always bounded between 0 and 30.
-// The max argument defines upper bound for the returned value.
-func backoff(n int, max time.Duration) time.Duration {
-	if n < 0 {
-		n = 0
-	}
-	if n > 30 {
-		n = 30
-	}
-	var d time.Duration
-	if x, err := rand.Int(rand.Reader, big.NewInt(1000)); err == nil {
-		d = time.Duration(x.Int64()) * time.Millisecond
-	}
-	d += time.Duration(1<<uint(n)) * time.Second
-	if d > max {
-		return max
-	}
-	return d
-}
-
 // keyAuth generates a key authorization string for a given token.
 func keyAuth(pub crypto.PublicKey, token string) (string, error) {
 	th, err := JWKThumbprint(pub)
@@ -1025,14 +1037,25 @@ func keyAuth(pub crypto.PublicKey, token string) (string, error) {
 	return fmt.Sprintf("%s.%s", token, th), nil
 }
 
+// defaultTLSChallengeCertTemplate is a template used to create challenge certs for TLS challenges.
+func defaultTLSChallengeCertTemplate() *x509.Certificate {
+	return &x509.Certificate{
+		SerialNumber:          big.NewInt(1),
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().Add(24 * time.Hour),
+		BasicConstraintsValid: true,
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+	}
+}
+
 // tlsChallengeCert creates a temporary certificate for TLS-SNI challenges
 // with the given SANs and auto-generated public/private key pair.
+// The Subject Common Name is set to the first SAN to aid debugging.
 // To create a cert with a custom key pair, specify WithKey option.
 func tlsChallengeCert(san []string, opt []CertOption) (tls.Certificate, error) {
-	var (
-		key  crypto.Signer
-		tmpl *x509.Certificate
-	)
+	var key crypto.Signer
+	tmpl := defaultTLSChallengeCertTemplate()
 	for _, o := range opt {
 		switch o := o.(type) {
 		case *certOptKey:
@@ -1041,7 +1064,7 @@ func tlsChallengeCert(san []string, opt []CertOption) (tls.Certificate, error) {
 			}
 			key = o.key
 		case *certOptTemplate:
-			var t = *(*x509.Certificate)(o) // shallow copy is ok
+			t := *(*x509.Certificate)(o) // shallow copy is ok
 			tmpl = &t
 		default:
 			// package's fault, if we let this happen:
@@ -1054,17 +1077,10 @@ func tlsChallengeCert(san []string, opt []CertOption) (tls.Certificate, error) {
 			return tls.Certificate{}, err
 		}
 	}
-	if tmpl == nil {
-		tmpl = &x509.Certificate{
-			SerialNumber:          big.NewInt(1),
-			NotBefore:             time.Now(),
-			NotAfter:              time.Now().Add(24 * time.Hour),
-			BasicConstraintsValid: true,
-			KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
-			ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
-		}
-	}
 	tmpl.DNSNames = san
+	if len(san) > 0 {
+		tmpl.Subject.CommonName = san[0]
+	}
 
 	der, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, key.Public(), key)
 	if err != nil {
diff --git a/acme/acme_test.go b/acme/acme_test.go
index 14832de49..db9718a2a 100644
--- a/acme/acme_test.go
+++ b/acme/acme_test.go
@@ -13,9 +13,10 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/base64"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"math/big"
 	"net/http"
 	"net/http/httptest"
@@ -26,12 +27,22 @@ import (
 	"time"
 )
 
+// newTestClient creates a client with a non-nil Directory so that it skips
+// the discovery which is otherwise done on the first call of almost every
+// exported method.
+func newTestClient() *Client {
+	return &Client{
+		Key: testKeyEC,
+		dir: &Directory{}, // skip discovery
+	}
+}
+
 // Decodes a JWS-encoded request and unmarshals the decoded JSON into a provided
 // interface.
-func decodeJWSRequest(t *testing.T, v interface{}, r *http.Request) {
+func decodeJWSRequest(t *testing.T, v interface{}, r io.Reader) {
 	// Decode request
 	var req struct{ Payload string }
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+	if err := json.NewDecoder(r).Decode(&req); err != nil {
 		t.Fatal(err)
 	}
 	payload, err := base64.RawURLEncoding.DecodeString(req.Payload)
@@ -47,12 +58,14 @@ func decodeJWSRequest(t *testing.T, v interface{}, r *http.Request) {
 type jwsHead struct {
 	Alg   string
 	Nonce string
+	URL   string            `json:"url"`
+	KID   string            `json:"kid"`
 	JWK   map[string]string `json:"jwk"`
 }
 
-func decodeJWSHead(r *http.Request) (*jwsHead, error) {
+func decodeJWSHead(r io.Reader) (*jwsHead, error) {
 	var req struct{ Protected string }
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+	if err := json.NewDecoder(r).Decode(&req); err != nil {
 		return nil, err
 	}
 	b, err := base64.RawURLEncoding.DecodeString(req.Protected)
@@ -75,6 +88,7 @@ func TestDiscover(t *testing.T) {
 	)
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
+		w.Header().Set("Replay-Nonce", "testnonce")
 		fmt.Fprintf(w, `{
 			"new-reg": %q,
 			"new-authz": %q,
@@ -100,6 +114,9 @@ func TestDiscover(t *testing.T) {
 	if dir.RevokeURL != revoke {
 		t.Errorf("dir.RevokeURL = %q; want %q", dir.RevokeURL, revoke)
 	}
+	if _, exist := c.nonces["testnonce"]; !exist {
+		t.Errorf("c.nonces = %q; want 'testnonce' in the map", c.nonces)
+	}
 }
 
 func TestRegister(t *testing.T) {
@@ -119,7 +136,7 @@ func TestRegister(t *testing.T) {
 			Contact   []string
 			Agreement string
 		}
-		decodeJWSRequest(t, &j, r)
+		decodeJWSRequest(t, &j, r.Body)
 
 		// Test request
 		if j.Resource != "new-reg" {
@@ -147,7 +164,11 @@ func TestRegister(t *testing.T) {
 		return false
 	}
 
-	c := Client{Key: testKeyEC, dir: &Directory{RegURL: ts.URL}}
+	c := Client{
+		Key:          testKeyEC,
+		DirectoryURL: ts.URL,
+		dir:          &Directory{RegURL: ts.URL},
+	}
 	a := &Account{Contact: contacts}
 	var err error
 	if a, err = c.Register(context.Background(), a, prompt); err != nil {
@@ -167,6 +188,31 @@ func TestRegister(t *testing.T) {
 	}
 }
 
+func TestRegisterWithoutKey(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method == "HEAD" {
+			w.Header().Set("Replay-Nonce", "test-nonce")
+			return
+		}
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprint(w, `{}`)
+	}))
+	defer ts.Close()
+	// First verify that using a complete client results in success.
+	c := Client{
+		Key:          testKeyEC,
+		DirectoryURL: ts.URL,
+		dir:          &Directory{RegURL: ts.URL},
+	}
+	if _, err := c.Register(context.Background(), &Account{}, AcceptTOS); err != nil {
+		t.Fatalf("c.Register() = %v; want success with a complete test client", err)
+	}
+	c.Key = nil
+	if _, err := c.Register(context.Background(), &Account{}, AcceptTOS); err == nil {
+		t.Error("c.Register() from client without key succeeded, wanted error")
+	}
+}
+
 func TestUpdateReg(t *testing.T) {
 	const terms = "https://ca.tld/acme/terms"
 	contacts := []string{"mailto:admin@example.com"}
@@ -185,7 +231,7 @@ func TestUpdateReg(t *testing.T) {
 			Contact   []string
 			Agreement string
 		}
-		decodeJWSRequest(t, &j, r)
+		decodeJWSRequest(t, &j, r.Body)
 
 		// Test request
 		if j.Resource != "reg" {
@@ -207,7 +253,11 @@ func TestUpdateReg(t *testing.T) {
 	}))
 	defer ts.Close()
 
-	c := Client{Key: testKeyEC}
+	c := Client{
+		Key:          testKeyEC,
+		DirectoryURL: ts.URL,       // don't dial outside of localhost
+		dir:          &Directory{}, // don't do discovery
+	}
 	a := &Account{URI: ts.URL, Contact: contacts, AgreedTerms: terms}
 	var err error
 	if a, err = c.UpdateReg(context.Background(), a); err != nil {
@@ -246,7 +296,7 @@ func TestGetReg(t *testing.T) {
 			Contact   []string
 			Agreement string
 		}
-		decodeJWSRequest(t, &j, r)
+		decodeJWSRequest(t, &j, r.Body)
 
 		// Test request
 		if j.Resource != "reg" {
@@ -268,7 +318,11 @@ func TestGetReg(t *testing.T) {
 	}))
 	defer ts.Close()
 
-	c := Client{Key: testKeyEC}
+	c := Client{
+		Key:          testKeyEC,
+		DirectoryURL: ts.URL,       // don't dial outside of localhost
+		dir:          &Directory{}, // don't do discovery
+	}
 	a, err := c.GetReg(context.Background(), ts.URL)
 	if err != nil {
 		t.Fatal(err)
@@ -288,106 +342,131 @@ func TestGetReg(t *testing.T) {
 }
 
 func TestAuthorize(t *testing.T) {
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		if r.Method == "HEAD" {
-			w.Header().Set("Replay-Nonce", "test-nonce")
-			return
-		}
-		if r.Method != "POST" {
-			t.Errorf("r.Method = %q; want POST", r.Method)
-		}
+	tt := []struct{ typ, value string }{
+		{"dns", "example.com"},
+		{"ip", "1.2.3.4"},
+	}
+	for _, test := range tt {
+		t.Run(test.typ, func(t *testing.T) {
+			ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				if r.Method == "HEAD" {
+					w.Header().Set("Replay-Nonce", "test-nonce")
+					return
+				}
+				if r.Method != "POST" {
+					t.Errorf("r.Method = %q; want POST", r.Method)
+				}
 
-		var j struct {
-			Resource   string
-			Identifier struct {
-				Type  string
-				Value string
-			}
-		}
-		decodeJWSRequest(t, &j, r)
+				var j struct {
+					Resource   string
+					Identifier struct {
+						Type  string
+						Value string
+					}
+				}
+				decodeJWSRequest(t, &j, r.Body)
 
-		// Test request
-		if j.Resource != "new-authz" {
-			t.Errorf("j.Resource = %q; want new-authz", j.Resource)
-		}
-		if j.Identifier.Type != "dns" {
-			t.Errorf("j.Identifier.Type = %q; want dns", j.Identifier.Type)
-		}
-		if j.Identifier.Value != "example.com" {
-			t.Errorf("j.Identifier.Value = %q; want example.com", j.Identifier.Value)
-		}
+				// Test request
+				if j.Resource != "new-authz" {
+					t.Errorf("j.Resource = %q; want new-authz", j.Resource)
+				}
+				if j.Identifier.Type != test.typ {
+					t.Errorf("j.Identifier.Type = %q; want %q", j.Identifier.Type, test.typ)
+				}
+				if j.Identifier.Value != test.value {
+					t.Errorf("j.Identifier.Value = %q; want %q", j.Identifier.Value, test.value)
+				}
 
-		w.Header().Set("Location", "https://ca.tld/acme/auth/1")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `{
-			"identifier": {"type":"dns","value":"example.com"},
-			"status":"pending",
-			"challenges":[
-				{
-					"type":"http-01",
+				w.Header().Set("Location", "https://ca.tld/acme/auth/1")
+				w.WriteHeader(http.StatusCreated)
+				fmt.Fprintf(w, `{
+					"identifier": {"type":%q,"value":%q},
 					"status":"pending",
-					"uri":"https://ca.tld/acme/challenge/publickey/id1",
-					"token":"token1"
-				},
-				{
-					"type":"tls-sni-01",
-					"status":"pending",
-					"uri":"https://ca.tld/acme/challenge/publickey/id2",
-					"token":"token2"
-				}
-			],
-			"combinations":[[0],[1]]}`)
-	}))
-	defer ts.Close()
+					"challenges":[
+						{
+							"type":"http-01",
+							"status":"pending",
+							"uri":"https://ca.tld/acme/challenge/publickey/id1",
+							"token":"token1"
+						},
+						{
+							"type":"tls-sni-01",
+							"status":"pending",
+							"uri":"https://ca.tld/acme/challenge/publickey/id2",
+							"token":"token2"
+						}
+					],
+					"combinations":[[0],[1]]
+				}`, test.typ, test.value)
+			}))
+			defer ts.Close()
+
+			var (
+				auth *Authorization
+				err  error
+			)
+			cl := Client{
+				Key:          testKeyEC,
+				DirectoryURL: ts.URL,
+				dir:          &Directory{AuthzURL: ts.URL},
+			}
+			switch test.typ {
+			case "dns":
+				auth, err = cl.Authorize(context.Background(), test.value)
+			case "ip":
+				auth, err = cl.AuthorizeIP(context.Background(), test.value)
+			default:
+				t.Fatalf("unknown identifier type: %q", test.typ)
+			}
+			if err != nil {
+				t.Fatal(err)
+			}
 
-	cl := Client{Key: testKeyEC, dir: &Directory{AuthzURL: ts.URL}}
-	auth, err := cl.Authorize(context.Background(), "example.com")
-	if err != nil {
-		t.Fatal(err)
-	}
+			if auth.URI != "https://ca.tld/acme/auth/1" {
+				t.Errorf("URI = %q; want https://ca.tld/acme/auth/1", auth.URI)
+			}
+			if auth.Status != "pending" {
+				t.Errorf("Status = %q; want pending", auth.Status)
+			}
+			if auth.Identifier.Type != test.typ {
+				t.Errorf("Identifier.Type = %q; want %q", auth.Identifier.Type, test.typ)
+			}
+			if auth.Identifier.Value != test.value {
+				t.Errorf("Identifier.Value = %q; want %q", auth.Identifier.Value, test.value)
+			}
 
-	if auth.URI != "https://ca.tld/acme/auth/1" {
-		t.Errorf("URI = %q; want https://ca.tld/acme/auth/1", auth.URI)
-	}
-	if auth.Status != "pending" {
-		t.Errorf("Status = %q; want pending", auth.Status)
-	}
-	if auth.Identifier.Type != "dns" {
-		t.Errorf("Identifier.Type = %q; want dns", auth.Identifier.Type)
-	}
-	if auth.Identifier.Value != "example.com" {
-		t.Errorf("Identifier.Value = %q; want example.com", auth.Identifier.Value)
-	}
+			if n := len(auth.Challenges); n != 2 {
+				t.Fatalf("len(auth.Challenges) = %d; want 2", n)
+			}
 
-	if n := len(auth.Challenges); n != 2 {
-		t.Fatalf("len(auth.Challenges) = %d; want 2", n)
-	}
+			c := auth.Challenges[0]
+			if c.Type != "http-01" {
+				t.Errorf("c.Type = %q; want http-01", c.Type)
+			}
+			if c.URI != "https://ca.tld/acme/challenge/publickey/id1" {
+				t.Errorf("c.URI = %q; want https://ca.tld/acme/challenge/publickey/id1", c.URI)
+			}
+			if c.Token != "token1" {
+				t.Errorf("c.Token = %q; want token1", c.Token)
+			}
 
-	c := auth.Challenges[0]
-	if c.Type != "http-01" {
-		t.Errorf("c.Type = %q; want http-01", c.Type)
-	}
-	if c.URI != "https://ca.tld/acme/challenge/publickey/id1" {
-		t.Errorf("c.URI = %q; want https://ca.tld/acme/challenge/publickey/id1", c.URI)
-	}
-	if c.Token != "token1" {
-		t.Errorf("c.Token = %q; want token1", c.Token)
-	}
+			c = auth.Challenges[1]
+			if c.Type != "tls-sni-01" {
+				t.Errorf("c.Type = %q; want tls-sni-01", c.Type)
+			}
+			if c.URI != "https://ca.tld/acme/challenge/publickey/id2" {
+				t.Errorf("c.URI = %q; want https://ca.tld/acme/challenge/publickey/id2", c.URI)
+			}
+			if c.Token != "token2" {
+				t.Errorf("c.Token = %q; want token2", c.Token)
+			}
 
-	c = auth.Challenges[1]
-	if c.Type != "tls-sni-01" {
-		t.Errorf("c.Type = %q; want tls-sni-01", c.Type)
-	}
-	if c.URI != "https://ca.tld/acme/challenge/publickey/id2" {
-		t.Errorf("c.URI = %q; want https://ca.tld/acme/challenge/publickey/id2", c.URI)
-	}
-	if c.Token != "token2" {
-		t.Errorf("c.Token = %q; want token2", c.Token)
-	}
+			combs := [][]int{{0}, {1}}
+			if !reflect.DeepEqual(auth.Combinations, combs) {
+				t.Errorf("auth.Combinations: %+v\nwant: %+v\n", auth.Combinations, combs)
+			}
 
-	combs := [][]int{{0}, {1}}
-	if !reflect.DeepEqual(auth.Combinations, combs) {
-		t.Errorf("auth.Combinations: %+v\nwant: %+v\n", auth.Combinations, combs)
+		})
 	}
 }
 
@@ -401,7 +480,11 @@ func TestAuthorizeValid(t *testing.T) {
 		w.Write([]byte(`{"status":"valid"}`))
 	}))
 	defer ts.Close()
-	client := Client{Key: testKey, dir: &Directory{AuthzURL: ts.URL}}
+	client := Client{
+		Key:          testKey,
+		DirectoryURL: ts.URL,
+		dir:          &Directory{AuthzURL: ts.URL},
+	}
 	_, err := client.Authorize(context.Background(), "example.com")
 	if err != nil {
 		t.Errorf("err = %v", err)
@@ -436,7 +519,7 @@ func TestGetAuthorization(t *testing.T) {
 	}))
 	defer ts.Close()
 
-	cl := Client{Key: testKeyEC}
+	cl := Client{Key: testKeyEC, DirectoryURL: ts.URL}
 	auth, err := cl.GetAuthorization(context.Background(), ts.URL)
 	if err != nil {
 		t.Fatal(err)
@@ -485,95 +568,137 @@ func TestGetAuthorization(t *testing.T) {
 }
 
 func TestWaitAuthorization(t *testing.T) {
-	var count int
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		count++
-		w.Header().Set("Retry-After", "0")
-		if count > 1 {
-			fmt.Fprintf(w, `{"status":"valid"}`)
-			return
+	t.Run("wait loop", func(t *testing.T) {
+		var count int
+		authz, err := runWaitAuthorization(context.Background(), t, func(w http.ResponseWriter, r *http.Request) {
+			count++
+			w.Header().Set("Retry-After", "0")
+			if count > 1 {
+				fmt.Fprintf(w, `{"status":"valid"}`)
+				return
+			}
+			fmt.Fprintf(w, `{"status":"pending"}`)
+		})
+		if err != nil {
+			t.Fatalf("non-nil error: %v", err)
+		}
+		if authz == nil {
+			t.Fatal("authz is nil")
+		}
+	})
+	t.Run("invalid status", func(t *testing.T) {
+		_, err := runWaitAuthorization(context.Background(), t, func(w http.ResponseWriter, r *http.Request) {
+			fmt.Fprintf(w, `{"status":"invalid"}`)
+		})
+		if _, ok := err.(*AuthorizationError); !ok {
+			t.Errorf("err is %v (%T); want non-nil *AuthorizationError", err, err)
+		}
+	})
+	t.Run("invalid status with error returns the authorization error", func(t *testing.T) {
+		_, err := runWaitAuthorization(context.Background(), t, func(w http.ResponseWriter, r *http.Request) {
+			fmt.Fprintf(w, `{
+				"type": "dns-01",
+				"status": "invalid",
+				"error": {
+				  "type": "urn:ietf:params:acme:error:caa",
+				  "detail": "CAA record for <domain> prevents issuance",
+				  "status": 403
+				},
+				"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/xxx/xxx",
+				"token": "xxx",
+				"validationRecord": [
+				  {
+					"hostname": "<domain>"
+				  }
+				]
+			  }`)
+		})
+
+		want := &AuthorizationError{
+			Errors: []error{
+				(&wireError{
+					Status: 403,
+					Type:   "urn:ietf:params:acme:error:caa",
+					Detail: "CAA record for <domain> prevents issuance",
+				}).error(nil),
+			},
 		}
-		fmt.Fprintf(w, `{"status":"pending"}`)
-	}))
-	defer ts.Close()
 
-	type res struct {
-		authz *Authorization
-		err   error
-	}
-	done := make(chan res)
-	defer close(done)
-	go func() {
-		var client Client
-		a, err := client.WaitAuthorization(context.Background(), ts.URL)
-		done <- res{a, err}
-	}()
+		_, ok := err.(*AuthorizationError)
+		if !ok {
+			t.Errorf("err is %T; want non-nil *AuthorizationError", err)
+		}
 
-	select {
-	case <-time.After(5 * time.Second):
-		t.Fatal("WaitAuthz took too long to return")
-	case res := <-done:
-		if res.err != nil {
-			t.Fatalf("res.err =  %v", res.err)
+		if err.Error() != want.Error() {
+			t.Errorf("err is %v; want %v", err, want)
+		}
+	})
+	t.Run("non-retriable error", func(t *testing.T) {
+		const code = http.StatusBadRequest
+		_, err := runWaitAuthorization(context.Background(), t, func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(code)
+		})
+		res, ok := err.(*Error)
+		if !ok {
+			t.Fatalf("err is %v (%T); want a non-nil *Error", err, err)
 		}
-		if res.authz == nil {
-			t.Fatal("res.authz is nil")
+		if res.StatusCode != code {
+			t.Errorf("res.StatusCode = %d; want %d", res.StatusCode, code)
 		}
+	})
+	for _, code := range []int{http.StatusTooManyRequests, http.StatusInternalServerError} {
+		t.Run(fmt.Sprintf("retriable %d error", code), func(t *testing.T) {
+			var count int
+			authz, err := runWaitAuthorization(context.Background(), t, func(w http.ResponseWriter, r *http.Request) {
+				count++
+				w.Header().Set("Retry-After", "0")
+				if count > 1 {
+					fmt.Fprintf(w, `{"status":"valid"}`)
+					return
+				}
+				w.WriteHeader(code)
+			})
+			if err != nil {
+				t.Fatalf("non-nil error: %v", err)
+			}
+			if authz == nil {
+				t.Fatal("authz is nil")
+			}
+		})
 	}
-}
-
-func TestWaitAuthorizationInvalid(t *testing.T) {
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		fmt.Fprintf(w, `{"status":"invalid"}`)
-	}))
-	defer ts.Close()
-
-	res := make(chan error)
-	defer close(res)
-	go func() {
-		var client Client
-		_, err := client.WaitAuthorization(context.Background(), ts.URL)
-		res <- err
-	}()
-
-	select {
-	case <-time.After(3 * time.Second):
-		t.Fatal("WaitAuthz took too long to return")
-	case err := <-res:
+	t.Run("context cancel", func(t *testing.T) {
+		ctx, cancel := context.WithTimeout(context.Background(), 200*time.Millisecond)
+		defer cancel()
+		_, err := runWaitAuthorization(ctx, t, func(w http.ResponseWriter, r *http.Request) {
+			w.Header().Set("Retry-After", "60")
+			fmt.Fprintf(w, `{"status":"pending"}`)
+		})
 		if err == nil {
 			t.Error("err is nil")
 		}
-		if _, ok := err.(*AuthorizationError); !ok {
-			t.Errorf("err is %T; want *AuthorizationError", err)
-		}
-	}
+	})
 }
-
-func TestWaitAuthorizationCancel(t *testing.T) {
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Retry-After", "60")
-		fmt.Fprintf(w, `{"status":"pending"}`)
-	}))
+func runWaitAuthorization(ctx context.Context, t *testing.T, h http.HandlerFunc) (*Authorization, error) {
+	t.Helper()
+	ts := httptest.NewServer(h)
 	defer ts.Close()
-
-	res := make(chan error)
-	defer close(res)
+	type res struct {
+		authz *Authorization
+		err   error
+	}
+	ch := make(chan res, 1)
 	go func() {
-		var client Client
-		ctx, cancel := context.WithTimeout(context.Background(), 200*time.Millisecond)
-		defer cancel()
-		_, err := client.WaitAuthorization(ctx, ts.URL)
-		res <- err
+		var client = Client{DirectoryURL: ts.URL}
+		a, err := client.WaitAuthorization(ctx, ts.URL)
+		ch <- res{a, err}
 	}()
-
 	select {
-	case <-time.After(time.Second):
-		t.Fatal("WaitAuthz took too long to return")
-	case err := <-res:
-		if err == nil {
-			t.Error("err is nil")
-		}
+	case <-time.After(3 * time.Second):
+		t.Fatal("WaitAuthorization took too long to return")
+	case v := <-ch:
+		return v.authz, v.err
 	}
+	panic("runWaitAuthorization: out of select")
 }
 
 func TestRevokeAuthorization(t *testing.T) {
@@ -589,7 +714,7 @@ func TestRevokeAuthorization(t *testing.T) {
 				Status   string
 				Delete   bool
 			}
-			decodeJWSRequest(t, &req, r)
+			decodeJWSRequest(t, &req, r.Body)
 			if req.Resource != "authz" {
 				t.Errorf("req.Resource = %q; want authz", req.Resource)
 			}
@@ -600,11 +725,15 @@ func TestRevokeAuthorization(t *testing.T) {
 				t.Errorf("req.Delete is false")
 			}
 		case "/2":
-			w.WriteHeader(http.StatusInternalServerError)
+			w.WriteHeader(http.StatusBadRequest)
 		}
 	}))
 	defer ts.Close()
-	client := &Client{Key: testKey}
+	client := &Client{
+		Key:          testKey,
+		DirectoryURL: ts.URL,       // don't dial outside of localhost
+		dir:          &Directory{}, // don't do discovery
+	}
 	ctx := context.Background()
 	if err := client.RevokeAuthorization(ctx, ts.URL+"/1"); err != nil {
 		t.Errorf("err = %v", err)
@@ -629,7 +758,7 @@ func TestPollChallenge(t *testing.T) {
 	}))
 	defer ts.Close()
 
-	cl := Client{Key: testKeyEC}
+	cl := Client{Key: testKeyEC, DirectoryURL: ts.URL}
 	chall, err := cl.GetChallenge(context.Background(), ts.URL)
 	if err != nil {
 		t.Fatal(err)
@@ -664,7 +793,7 @@ func TestAcceptChallenge(t *testing.T) {
 			Type     string
 			Auth     string `json:"keyAuthorization"`
 		}
-		decodeJWSRequest(t, &j, r)
+		decodeJWSRequest(t, &j, r.Body)
 
 		// Test request
 		if j.Resource != "challenge" {
@@ -690,7 +819,11 @@ func TestAcceptChallenge(t *testing.T) {
 	}))
 	defer ts.Close()
 
-	cl := Client{Key: testKeyEC}
+	cl := Client{
+		Key:          testKeyEC,
+		DirectoryURL: ts.URL,       // don't dial outside of localhost
+		dir:          &Directory{}, // don't do discovery
+	}
 	c, err := cl.Accept(context.Background(), &Challenge{
 		URI:   ts.URL,
 		Token: "token1",
@@ -731,7 +864,7 @@ func TestNewCert(t *testing.T) {
 			NotBefore string `json:"notBefore,omitempty"`
 			NotAfter  string `json:"notAfter,omitempty"`
 		}
-		decodeJWSRequest(t, &j, r)
+		decodeJWSRequest(t, &j, r.Body)
 
 		// Test request
 		if j.Resource != "new-cert" {
@@ -806,7 +939,8 @@ func TestFetchCert(t *testing.T) {
 		w.Write([]byte{count})
 	}))
 	defer ts.Close()
-	res, err := (&Client{}).FetchCert(context.Background(), ts.URL, true)
+	cl := newTestClient()
+	res, err := cl.FetchCert(context.Background(), ts.URL, true)
 	if err != nil {
 		t.Fatalf("FetchCert: %v", err)
 	}
@@ -821,14 +955,15 @@ func TestFetchCertRetry(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if count < 1 {
 			w.Header().Set("Retry-After", "0")
-			w.WriteHeader(http.StatusAccepted)
+			w.WriteHeader(http.StatusTooManyRequests)
 			count++
 			return
 		}
 		w.Write([]byte{1})
 	}))
 	defer ts.Close()
-	res, err := (&Client{}).FetchCert(context.Background(), ts.URL, false)
+	cl := newTestClient()
+	res, err := cl.FetchCert(context.Background(), ts.URL, false)
 	if err != nil {
 		t.Fatalf("FetchCert: %v", err)
 	}
@@ -841,14 +976,15 @@ func TestFetchCertRetry(t *testing.T) {
 func TestFetchCertCancel(t *testing.T) {
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Retry-After", "0")
-		w.WriteHeader(http.StatusAccepted)
+		w.WriteHeader(http.StatusBadRequest)
 	}))
 	defer ts.Close()
 	ctx, cancel := context.WithCancel(context.Background())
 	done := make(chan struct{})
 	var err error
 	go func() {
-		_, err = (&Client{}).FetchCert(ctx, ts.URL, false)
+		cl := newTestClient()
+		_, err = cl.FetchCert(ctx, ts.URL, false)
 		close(done)
 	}()
 	cancel()
@@ -871,7 +1007,8 @@ func TestFetchCertDepth(t *testing.T) {
 		w.Write([]byte{count})
 	}))
 	defer ts.Close()
-	_, err := (&Client{}).FetchCert(context.Background(), ts.URL, true)
+	cl := newTestClient()
+	_, err := cl.FetchCert(context.Background(), ts.URL, true)
 	if err == nil {
 		t.Errorf("err is nil")
 	}
@@ -886,7 +1023,8 @@ func TestFetchCertBreadth(t *testing.T) {
 		w.Write([]byte{1})
 	}))
 	defer ts.Close()
-	_, err := (&Client{}).FetchCert(context.Background(), ts.URL, true)
+	cl := newTestClient()
+	_, err := cl.FetchCert(context.Background(), ts.URL, true)
 	if err == nil {
 		t.Errorf("err is nil")
 	}
@@ -898,7 +1036,8 @@ func TestFetchCertSize(t *testing.T) {
 		w.Write(b)
 	}))
 	defer ts.Close()
-	_, err := (&Client{}).FetchCert(context.Background(), ts.URL, false)
+	cl := newTestClient()
+	_, err := cl.FetchCert(context.Background(), ts.URL, false)
 	if err == nil {
 		t.Errorf("err is nil")
 	}
@@ -916,7 +1055,7 @@ func TestRevokeCert(t *testing.T) {
 			Certificate string
 			Reason      int
 		}
-		decodeJWSRequest(t, &req, r)
+		decodeJWSRequest(t, &req, r.Body)
 		if req.Resource != "revoke-cert" {
 			t.Errorf("req.Resource = %q; want revoke-cert", req.Resource)
 		}
@@ -946,7 +1085,7 @@ func TestNonce_add(t *testing.T) {
 	c.addNonce(http.Header{"Replay-Nonce": {}})
 	c.addNonce(http.Header{"Replay-Nonce": {"nonce"}})
 
-	nonces := map[string]struct{}{"nonce": struct{}{}}
+	nonces := map[string]struct{}{"nonce": {}}
 	if !reflect.DeepEqual(c.nonces, nonces) {
 		t.Errorf("c.nonces = %q; want %q", c.nonces, nonces)
 	}
@@ -983,7 +1122,7 @@ func TestNonce_fetch(t *testing.T) {
 	defer ts.Close()
 	for ; i < len(tests); i++ {
 		test := tests[i]
-		c := &Client{}
+		c := newTestClient()
 		n, err := c.fetchNonce(context.Background(), ts.URL)
 		if n != test.nonce {
 			t.Errorf("%d: n=%q; want %q", i, n, test.nonce)
@@ -1002,7 +1141,7 @@ func TestNonce_fetchError(t *testing.T) {
 		w.WriteHeader(http.StatusTooManyRequests)
 	}))
 	defer ts.Close()
-	c := &Client{}
+	c := newTestClient()
 	_, err := c.fetchNonce(context.Background(), ts.URL)
 	e, ok := err.(*Error)
 	if !ok {
@@ -1013,6 +1152,53 @@ func TestNonce_fetchError(t *testing.T) {
 	}
 }
 
+func TestNonce_popWhenEmpty(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != "HEAD" {
+			t.Errorf("r.Method = %q; want HEAD", r.Method)
+		}
+		switch r.URL.Path {
+		case "/dir-with-nonce":
+			w.Header().Set("Replay-Nonce", "dirnonce")
+		case "/new-nonce":
+			w.Header().Set("Replay-Nonce", "newnonce")
+		case "/dir-no-nonce", "/empty":
+			// No nonce in the header.
+		default:
+			t.Errorf("Unknown URL: %s", r.URL)
+		}
+	}))
+	defer ts.Close()
+	ctx := context.Background()
+
+	tt := []struct {
+		dirURL, popURL, nonce string
+		wantOK                bool
+	}{
+		{ts.URL + "/dir-with-nonce", ts.URL + "/new-nonce", "dirnonce", true},
+		{ts.URL + "/dir-no-nonce", ts.URL + "/new-nonce", "newnonce", true},
+		{ts.URL + "/dir-no-nonce", ts.URL + "/empty", "", false},
+	}
+	for _, test := range tt {
+		t.Run(fmt.Sprintf("nonce:%s wantOK:%v", test.nonce, test.wantOK), func(t *testing.T) {
+			c := Client{DirectoryURL: test.dirURL}
+			v, err := c.popNonce(ctx, test.popURL)
+			if !test.wantOK {
+				if err == nil {
+					t.Fatalf("c.popNonce(%q) returned nil error", test.popURL)
+				}
+				return
+			}
+			if err != nil {
+				t.Fatalf("c.popNonce(%q): %v", test.popURL, err)
+			}
+			if v != test.nonce {
+				t.Errorf("c.popNonce(%q) = %q; want %q", test.popURL, v, test.nonce)
+			}
+		})
+	}
+}
+
 func TestNonce_postJWS(t *testing.T) {
 	var count int
 	seen := make(map[string]bool)
@@ -1030,7 +1216,7 @@ func TestNonce_postJWS(t *testing.T) {
 			w.Write([]byte(`{"status":"valid"}`))
 		}()
 
-		head, err := decodeJWSHead(r)
+		head, err := decodeJWSHead(r.Body)
 		if err != nil {
 			t.Errorf("decodeJWSHead: %v", err)
 			return
@@ -1046,7 +1232,11 @@ func TestNonce_postJWS(t *testing.T) {
 	}))
 	defer ts.Close()
 
-	client := Client{Key: testKey, dir: &Directory{AuthzURL: ts.URL}}
+	client := Client{
+		Key:          testKey,
+		DirectoryURL: ts.URL, // nonces are fetched from here first
+		dir:          &Directory{AuthzURL: ts.URL},
+	}
 	if _, err := client.Authorize(context.Background(), "example.com"); err != nil {
 		t.Errorf("client.Authorize 1: %v", err)
 	}
@@ -1068,44 +1258,6 @@ func TestNonce_postJWS(t *testing.T) {
 	}
 }
 
-func TestRetryPostJWS(t *testing.T) {
-	var count int
-	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		count++
-		w.Header().Set("Replay-Nonce", fmt.Sprintf("nonce%d", count))
-		if r.Method == "HEAD" {
-			// We expect the client to do 2 head requests to fetch
-			// nonces, one to start and another after getting badNonce
-			return
-		}
-
-		head, err := decodeJWSHead(r)
-		if err != nil {
-			t.Errorf("decodeJWSHead: %v", err)
-		} else if head.Nonce == "" {
-			t.Error("head.Nonce is empty")
-		} else if head.Nonce == "nonce1" {
-			// return a badNonce error to force the call to retry
-			w.WriteHeader(http.StatusBadRequest)
-			w.Write([]byte(`{"type":"urn:ietf:params:acme:error:badNonce"}`))
-			return
-		}
-		// Make client.Authorize happy; we're not testing its result.
-		w.WriteHeader(http.StatusCreated)
-		w.Write([]byte(`{"status":"valid"}`))
-	}))
-	defer ts.Close()
-
-	client := Client{Key: testKey, dir: &Directory{AuthzURL: ts.URL}}
-	// This call will fail with badNonce, causing a retry
-	if _, err := client.Authorize(context.Background(), "example.com"); err != nil {
-		t.Errorf("client.Authorize 1: %v", err)
-	}
-	if count != 4 {
-		t.Errorf("total requests count: %d; want 4", count)
-	}
-}
-
 func TestLinkHeader(t *testing.T) {
 	h := http.Header{"Link": {
 		`<https://example.com/acme/new-authz>;rel="next"`,
@@ -1129,37 +1281,6 @@ func TestLinkHeader(t *testing.T) {
 	}
 }
 
-func TestErrorResponse(t *testing.T) {
-	s := `{
-		"status": 400,
-		"type": "urn:acme:error:xxx",
-		"detail": "text"
-	}`
-	res := &http.Response{
-		StatusCode: 400,
-		Status:     "400 Bad Request",
-		Body:       ioutil.NopCloser(strings.NewReader(s)),
-		Header:     http.Header{"X-Foo": {"bar"}},
-	}
-	err := responseError(res)
-	v, ok := err.(*Error)
-	if !ok {
-		t.Fatalf("err = %+v (%T); want *Error type", err, err)
-	}
-	if v.StatusCode != 400 {
-		t.Errorf("v.StatusCode = %v; want 400", v.StatusCode)
-	}
-	if v.ProblemType != "urn:acme:error:xxx" {
-		t.Errorf("v.ProblemType = %q; want urn:acme:error:xxx", v.ProblemType)
-	}
-	if v.Detail != "text" {
-		t.Errorf("v.Detail = %q; want text", v.Detail)
-	}
-	if !reflect.DeepEqual(v.Header, res.Header) {
-		t.Errorf("v.Header = %+v; want %+v", v.Header, res.Header)
-	}
-}
-
 func TestTLSSNI01ChallengeCert(t *testing.T) {
 	const (
 		token = "evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oA"
@@ -1167,8 +1288,7 @@ func TestTLSSNI01ChallengeCert(t *testing.T) {
 		san = "dbbd5eefe7b4d06eb9d1d9f5acb4c7cd.a27d320e4b30332f0b6cb441734ad7b0.acme.invalid"
 	)
 
-	client := &Client{Key: testKeyEC}
-	tlscert, name, err := client.TLSSNI01ChallengeCert(token)
+	tlscert, name, err := newTestClient().TLSSNI01ChallengeCert(token)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -1186,6 +1306,9 @@ func TestTLSSNI01ChallengeCert(t *testing.T) {
 	if cert.DNSNames[0] != name {
 		t.Errorf("cert.DNSNames[0] != name: %q vs %q", cert.DNSNames[0], name)
 	}
+	if cn := cert.Subject.CommonName; cn != san {
+		t.Errorf("cert.Subject.CommonName = %q; want %q", cn, san)
+	}
 }
 
 func TestTLSSNI02ChallengeCert(t *testing.T) {
@@ -1197,8 +1320,7 @@ func TestTLSSNI02ChallengeCert(t *testing.T) {
 		sanB = "dbbd5eefe7b4d06eb9d1d9f5acb4c7cd.a27d320e4b30332f0b6cb441734ad7b0.ka.acme.invalid"
 	)
 
-	client := &Client{Key: testKeyEC}
-	tlscert, name, err := client.TLSSNI02ChallengeCert(token)
+	tlscert, name, err := newTestClient().TLSSNI02ChallengeCert(token)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -1219,6 +1341,60 @@ func TestTLSSNI02ChallengeCert(t *testing.T) {
 	if i >= len(cert.DNSNames) || cert.DNSNames[i] != name {
 		t.Errorf("%v doesn't have %q", cert.DNSNames, name)
 	}
+	if cn := cert.Subject.CommonName; cn != sanA {
+		t.Errorf("CommonName = %q; want %q", cn, sanA)
+	}
+}
+
+func TestTLSALPN01ChallengeCert(t *testing.T) {
+	const (
+		token   = "evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oA"
+		keyAuth = "evaGxfADs6pSRb2LAv9IZf17Dt3juxGJ-PCt92wr-oA." + testKeyECThumbprint
+		// echo -n <token.testKeyECThumbprint> | shasum -a 256
+		h      = "0420dbbd5eefe7b4d06eb9d1d9f5acb4c7cda27d320e4b30332f0b6cb441734ad7b0"
+		domain = "example.com"
+	)
+
+	extValue, err := hex.DecodeString(h)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tlscert, err := newTestClient().TLSALPN01ChallengeCert(token, domain)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if n := len(tlscert.Certificate); n != 1 {
+		t.Fatalf("len(tlscert.Certificate) = %d; want 1", n)
+	}
+	cert, err := x509.ParseCertificate(tlscert.Certificate[0])
+	if err != nil {
+		t.Fatal(err)
+	}
+	names := []string{domain}
+	if !reflect.DeepEqual(cert.DNSNames, names) {
+		t.Fatalf("cert.DNSNames = %v;\nwant %v", cert.DNSNames, names)
+	}
+	if cn := cert.Subject.CommonName; cn != domain {
+		t.Errorf("CommonName = %q; want %q", cn, domain)
+	}
+	acmeExts := []pkix.Extension{}
+	for _, ext := range cert.Extensions {
+		if idPeACMEIdentifier.Equal(ext.Id) {
+			acmeExts = append(acmeExts, ext)
+		}
+	}
+	if len(acmeExts) != 1 {
+		t.Errorf("acmeExts = %v; want exactly one", acmeExts)
+	}
+	if !acmeExts[0].Critical {
+		t.Errorf("acmeExt.Critical = %v; want true", acmeExts[0].Critical)
+	}
+	if bytes.Compare(acmeExts[0].Value, extValue) != 0 {
+		t.Errorf("acmeExt.Value = %v; want %v", acmeExts[0].Value, extValue)
+	}
+
 }
 
 func TestTLSChallengeCertOpt(t *testing.T) {
@@ -1233,7 +1409,7 @@ func TestTLSChallengeCertOpt(t *testing.T) {
 	}
 	opts := []CertOption{WithKey(key), WithTemplate(tmpl)}
 
-	client := &Client{Key: testKeyEC}
+	client := newTestClient()
 	cert1, _, err := client.TLSSNI01ChallengeCert("token", opts...)
 	if err != nil {
 		t.Fatal(err)
@@ -1291,7 +1467,7 @@ func TestHTTP01Challenge(t *testing.T) {
 		value   = token + "." + testKeyECThumbprint
 		urlpath = "/.well-known/acme-challenge/" + token
 	)
-	client := &Client{Key: testKeyEC}
+	client := newTestClient()
 	val, err := client.HTTP01ChallengeResponse(token)
 	if err != nil {
 		t.Fatal(err)
@@ -1310,8 +1486,7 @@ func TestDNS01ChallengeRecord(t *testing.T) {
 	//      base64 | tr -d '=' | tr '/+' '_-'
 	const value = "8DERMexQ5VcdJ_prpPiA0mVdp7imgbCgjsG4SqqNMIo"
 
-	client := &Client{Key: testKeyEC}
-	val, err := client.DNS01ChallengeRecord("xxx")
+	val, err := newTestClient().DNS01ChallengeRecord("xxx")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -1319,28 +1494,3 @@ func TestDNS01ChallengeRecord(t *testing.T) {
 		t.Errorf("val = %q; want %q", val, value)
 	}
 }
-
-func TestBackoff(t *testing.T) {
-	tt := []struct{ min, max time.Duration }{
-		{time.Second, 2 * time.Second},
-		{2 * time.Second, 3 * time.Second},
-		{4 * time.Second, 5 * time.Second},
-		{8 * time.Second, 9 * time.Second},
-	}
-	for i, test := range tt {
-		d := backoff(i, time.Minute)
-		if d < test.min || test.max < d {
-			t.Errorf("%d: d = %v; want between %v and %v", i, d, test.min, test.max)
-		}
-	}
-
-	min, max := time.Second, 2*time.Second
-	if d := backoff(-1, time.Minute); d < min || max < d {
-		t.Errorf("d = %v; want between %v and %v", d, min, max)
-	}
-
-	bound := 10 * time.Second
-	if d := backoff(100, bound); d != bound {
-		t.Errorf("d = %v; want %v", d, bound)
-	}
-}
diff --git a/acme/autocert/autocert.go b/acme/autocert/autocert.go
index a478eff54..c7fbc54c4 100644
--- a/acme/autocert/autocert.go
+++ b/acme/autocert/autocert.go
@@ -24,15 +24,20 @@ import (
 	"fmt"
 	"io"
 	mathrand "math/rand"
+	"net"
 	"net/http"
-	"strconv"
+	"path"
 	"strings"
 	"sync"
 	"time"
 
 	"golang.org/x/crypto/acme"
+	"golang.org/x/net/idna"
 )
 
+// DefaultACMEDirectory is the default ACME Directory URL used when the Manager's Client is nil.
+const DefaultACMEDirectory = "https://acme-v02.api.letsencrypt.org/directory"
+
 // createCertRetryAfter is how much time to wait before removing a failed state
 // entry due to an unsuccessful createCert call.
 // This is a variable instead of a const for testing.
@@ -43,7 +48,7 @@ var createCertRetryAfter = time.Minute
 var pseudoRand *lockedMathRand
 
 func init() {
-	src := mathrand.NewSource(timeNow().UnixNano())
+	src := mathrand.NewSource(time.Now().UnixNano())
 	pseudoRand = &lockedMathRand{rnd: mathrand.New(src)}
 }
 
@@ -61,14 +66,20 @@ type HostPolicy func(ctx context.Context, host string) error
 // HostWhitelist returns a policy where only the specified host names are allowed.
 // Only exact matches are currently supported. Subdomains, regexp or wildcard
 // will not match.
+//
+// Note that all hosts will be converted to Punycode via idna.Lookup.ToASCII so that
+// Manager.GetCertificate can handle the Unicode IDN and mixedcase hosts correctly.
+// Invalid hosts will be silently ignored.
 func HostWhitelist(hosts ...string) HostPolicy {
 	whitelist := make(map[string]bool, len(hosts))
 	for _, h := range hosts {
-		whitelist[h] = true
+		if h, err := idna.Lookup.ToASCII(h); err == nil {
+			whitelist[h] = true
+		}
 	}
 	return func(_ context.Context, host string) error {
 		if !whitelist[host] {
-			return errors.New("acme/autocert: host not configured")
+			return fmt.Errorf("acme/autocert: host %q not configured in HostWhitelist", host)
 		}
 		return nil
 	}
@@ -80,11 +91,14 @@ func defaultHostPolicy(context.Context, string) error {
 }
 
 // Manager is a stateful certificate manager built on top of acme.Client.
-// It obtains and refreshes certificates automatically,
-// as well as providing them to a TLS server via tls.Config.
+// It obtains and refreshes certificates automatically using "tls-alpn-01"
+// or "http-01" challenge types, as well as providing them to a TLS server
+// via tls.Config.
 //
-// To preserve issued certificates and improve overall performance,
-// use a cache implementation of Cache. For instance, DirCache.
+// You must specify a cache implementation, such as DirCache,
+// to reuse obtained certificates across program restarts.
+// Otherwise your server is very likely to exceed the certificate
+// issuer's request rate limits.
 type Manager struct {
 	// Prompt specifies a callback function to conditionally accept a CA's Terms of Service (TOS).
 	// The registration may require the caller to agree to the CA's TOS.
@@ -94,11 +108,11 @@ type Manager struct {
 	// To always accept the terms, the callers can use AcceptTOS.
 	Prompt func(tosURL string) bool
 
-	// Cache optionally stores and retrieves previously-obtained certificates.
-	// If nil, certs will only be cached for the lifetime of the Manager.
+	// Cache optionally stores and retrieves previously-obtained certificates
+	// and other state. If nil, certs will only be cached for the lifetime of
+	// the Manager. Multiple Managers can share the same Cache.
 	//
-	// Manager passes the Cache certificates data encoded in PEM, with private/public
-	// parts combined in a single Cache.Put call, private key first.
+	// Using a persistent Cache, such as DirCache, is strongly recommended.
 	Cache Cache
 
 	// HostPolicy controls which domains the Manager will attempt
@@ -123,8 +137,11 @@ type Manager struct {
 
 	// Client is used to perform low-level operations, such as account registration
 	// and requesting new certificates.
-	// If Client is nil, a zero-value acme.Client is used with acme.LetsEncryptURL
-	// directory endpoint and a newly-generated ECDSA P-256 key.
+	//
+	// If Client is nil, a zero-value acme.Client is used with DefaultACMEDirectory
+	// as the directory endpoint.
+	// If the Client.Key is nil, a new ECDSA P-256 key is generated and,
+	// if Cache is not nil, stored in cache.
 	//
 	// Mutating the field after the first call of GetCertificate method will have no effect.
 	Client *acme.Client
@@ -136,37 +153,92 @@ type Manager struct {
 	// If the Client's account key is already registered, Email is not used.
 	Email string
 
-	// ForceRSA makes the Manager generate certificates with 2048-bit RSA keys.
+	// ForceRSA used to make the Manager generate RSA certificates. It is now ignored.
 	//
-	// If false, a default is used. Currently the default
-	// is EC-based keys using the P-256 curve.
+	// Deprecated: the Manager will request the correct type of certificate based
+	// on what each client supports.
 	ForceRSA bool
 
+	// ExtraExtensions are used when generating a new CSR (Certificate Request),
+	// thus allowing customization of the resulting certificate.
+	// For instance, TLS Feature Extension (RFC 7633) can be used
+	// to prevent an OCSP downgrade attack.
+	//
+	// The field value is passed to crypto/x509.CreateCertificateRequest
+	// in the template's ExtraExtensions field as is.
+	ExtraExtensions []pkix.Extension
+
 	clientMu sync.Mutex
 	client   *acme.Client // initialized by acmeClient method
 
 	stateMu sync.Mutex
-	state   map[string]*certState // keyed by domain name
-
-	// tokenCert is keyed by token domain name, which matches server name
-	// of ClientHello. Keys always have ".acme.invalid" suffix.
-	tokenCertMu sync.RWMutex
-	tokenCert   map[string]*tls.Certificate
+	state   map[certKey]*certState
 
 	// renewal tracks the set of domains currently running renewal timers.
-	// It is keyed by domain name.
 	renewalMu sync.Mutex
-	renewal   map[string]*domainRenewal
+	renewal   map[certKey]*domainRenewal
+
+	// challengeMu guards tryHTTP01, certTokens and httpTokens.
+	challengeMu sync.RWMutex
+	// tryHTTP01 indicates whether the Manager should try "http-01" challenge type
+	// during the authorization flow.
+	tryHTTP01 bool
+	// httpTokens contains response body values for http-01 challenges
+	// and is keyed by the URL path at which a challenge response is expected
+	// to be provisioned.
+	// The entries are stored for the duration of the authorization flow.
+	httpTokens map[string][]byte
+	// certTokens contains temporary certificates for tls-alpn-01 challenges
+	// and is keyed by the domain name which matches the ClientHello server name.
+	// The entries are stored for the duration of the authorization flow.
+	certTokens map[string]*tls.Certificate
+
+	// nowFunc, if not nil, returns the current time. This may be set for
+	// testing purposes.
+	nowFunc func() time.Time
+}
+
+// certKey is the key by which certificates are tracked in state, renewal and cache.
+type certKey struct {
+	domain  string // without trailing dot
+	isRSA   bool   // RSA cert for legacy clients (as opposed to default ECDSA)
+	isToken bool   // tls-based challenge token cert; key type is undefined regardless of isRSA
+}
+
+func (c certKey) String() string {
+	if c.isToken {
+		return c.domain + "+token"
+	}
+	if c.isRSA {
+		return c.domain + "+rsa"
+	}
+	return c.domain
+}
+
+// TLSConfig creates a new TLS config suitable for net/http.Server servers,
+// supporting HTTP/2 and the tls-alpn-01 ACME challenge type.
+func (m *Manager) TLSConfig() *tls.Config {
+	return &tls.Config{
+		GetCertificate: m.GetCertificate,
+		NextProtos: []string{
+			"h2", "http/1.1", // enable HTTP/2
+			acme.ALPNProto, // enable tls-alpn ACME challenges
+		},
+	}
 }
 
 // GetCertificate implements the tls.Config.GetCertificate hook.
 // It provides a TLS certificate for hello.ServerName host, including answering
-// *.acme.invalid (TLS-SNI) challenges. All other fields of hello are ignored.
+// tls-alpn-01 challenges.
+// All other fields of hello are ignored.
 //
 // If m.HostPolicy is non-nil, GetCertificate calls the policy before requesting
 // a new cert. A non-nil error returned from m.HostPolicy halts TLS negotiation.
 // The error is propagated back to the caller of GetCertificate and is user-visible.
 // This does not affect cached certs. See HostPolicy field description for more details.
+//
+// If GetCertificate is used directly, instead of via Manager.TLSConfig, package users will
+// also have to add acme.ALPNProto to NextProtos for tls-alpn-01, or use HTTPHandler for http-01.
 func (m *Manager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 	if m.Prompt == nil {
 		return nil, errors.New("acme/autocert: Manager.Prompt not set")
@@ -179,21 +251,33 @@ func (m *Manager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate,
 	if !strings.Contains(strings.Trim(name, "."), ".") {
 		return nil, errors.New("acme/autocert: server name component count invalid")
 	}
-	if strings.ContainsAny(name, `/\`) {
+
+	// Note that this conversion is necessary because some server names in the handshakes
+	// started by some clients (such as cURL) are not converted to Punycode, which will
+	// prevent us from obtaining certificates for them. In addition, we should also treat
+	// example.com and EXAMPLE.COM as equivalent and return the same certificate for them.
+	// Fortunately, this conversion also helped us deal with this kind of mixedcase problems.
+	//
+	// Due to the "σςΣ" problem (see https://unicode.org/faq/idn.html#22), we can't use
+	// idna.Punycode.ToASCII (or just idna.ToASCII) here.
+	name, err := idna.Lookup.ToASCII(name)
+	if err != nil {
 		return nil, errors.New("acme/autocert: server name contains invalid character")
 	}
 
+	// In the worst-case scenario, the timeout needs to account for caching, host policy,
+	// domain ownership verification and certificate issuance.
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
 	defer cancel()
 
-	// check whether this is a token cert requested for TLS-SNI challenge
-	if strings.HasSuffix(name, ".acme.invalid") {
-		m.tokenCertMu.RLock()
-		defer m.tokenCertMu.RUnlock()
-		if cert := m.tokenCert[name]; cert != nil {
+	// Check whether this is a token cert requested for TLS-ALPN challenge.
+	if wantsTokenCert(hello) {
+		m.challengeMu.RLock()
+		defer m.challengeMu.RUnlock()
+		if cert := m.certTokens[name]; cert != nil {
 			return cert, nil
 		}
-		if cert, err := m.cacheGet(ctx, name); err == nil {
+		if cert, err := m.cacheGet(ctx, certKey{domain: name, isToken: true}); err == nil {
 			return cert, nil
 		}
 		// TODO: cache error results?
@@ -201,8 +285,11 @@ func (m *Manager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate,
 	}
 
 	// regular domain
-	name = strings.TrimSuffix(name, ".") // golang.org/issue/18114
-	cert, err := m.cert(ctx, name)
+	ck := certKey{
+		domain: strings.TrimSuffix(name, "."), // golang.org/issue/18114
+		isRSA:  !supportsECDSA(hello),
+	}
+	cert, err := m.cert(ctx, ck)
 	if err == nil {
 		return cert, nil
 	}
@@ -214,27 +301,145 @@ func (m *Manager) GetCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate,
 	if err := m.hostPolicy()(ctx, name); err != nil {
 		return nil, err
 	}
-	cert, err = m.createCert(ctx, name)
+	cert, err = m.createCert(ctx, ck)
 	if err != nil {
 		return nil, err
 	}
-	m.cachePut(ctx, name, cert)
+	m.cachePut(ctx, ck, cert)
 	return cert, nil
 }
 
+// wantsTokenCert reports whether a TLS request with SNI is made by a CA server
+// for a challenge verification.
+func wantsTokenCert(hello *tls.ClientHelloInfo) bool {
+	// tls-alpn-01
+	if len(hello.SupportedProtos) == 1 && hello.SupportedProtos[0] == acme.ALPNProto {
+		return true
+	}
+	return false
+}
+
+func supportsECDSA(hello *tls.ClientHelloInfo) bool {
+	// The "signature_algorithms" extension, if present, limits the key exchange
+	// algorithms allowed by the cipher suites. See RFC 5246, section 7.4.1.4.1.
+	if hello.SignatureSchemes != nil {
+		ecdsaOK := false
+	schemeLoop:
+		for _, scheme := range hello.SignatureSchemes {
+			const tlsECDSAWithSHA1 tls.SignatureScheme = 0x0203 // constant added in Go 1.10
+			switch scheme {
+			case tlsECDSAWithSHA1, tls.ECDSAWithP256AndSHA256,
+				tls.ECDSAWithP384AndSHA384, tls.ECDSAWithP521AndSHA512:
+				ecdsaOK = true
+				break schemeLoop
+			}
+		}
+		if !ecdsaOK {
+			return false
+		}
+	}
+	if hello.SupportedCurves != nil {
+		ecdsaOK := false
+		for _, curve := range hello.SupportedCurves {
+			if curve == tls.CurveP256 {
+				ecdsaOK = true
+				break
+			}
+		}
+		if !ecdsaOK {
+			return false
+		}
+	}
+	for _, suite := range hello.CipherSuites {
+		switch suite {
+		case tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305:
+			return true
+		}
+	}
+	return false
+}
+
+// HTTPHandler configures the Manager to provision ACME "http-01" challenge responses.
+// It returns an http.Handler that responds to the challenges and must be
+// running on port 80. If it receives a request that is not an ACME challenge,
+// it delegates the request to the optional fallback handler.
+//
+// If fallback is nil, the returned handler redirects all GET and HEAD requests
+// to the default TLS port 443 with 302 Found status code, preserving the original
+// request path and query. It responds with 400 Bad Request to all other HTTP methods.
+// The fallback is not protected by the optional HostPolicy.
+//
+// Because the fallback handler is run with unencrypted port 80 requests,
+// the fallback should not serve TLS-only requests.
+//
+// If HTTPHandler is never called, the Manager will only use the "tls-alpn-01"
+// challenge for domain verification.
+func (m *Manager) HTTPHandler(fallback http.Handler) http.Handler {
+	m.challengeMu.Lock()
+	defer m.challengeMu.Unlock()
+	m.tryHTTP01 = true
+
+	if fallback == nil {
+		fallback = http.HandlerFunc(handleHTTPRedirect)
+	}
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if !strings.HasPrefix(r.URL.Path, "/.well-known/acme-challenge/") {
+			fallback.ServeHTTP(w, r)
+			return
+		}
+		// A reasonable context timeout for cache and host policy only,
+		// because we don't wait for a new certificate issuance here.
+		ctx, cancel := context.WithTimeout(r.Context(), time.Minute)
+		defer cancel()
+		if err := m.hostPolicy()(ctx, r.Host); err != nil {
+			http.Error(w, err.Error(), http.StatusForbidden)
+			return
+		}
+		data, err := m.httpToken(ctx, r.URL.Path)
+		if err != nil {
+			http.Error(w, err.Error(), http.StatusNotFound)
+			return
+		}
+		w.Write(data)
+	})
+}
+
+func handleHTTPRedirect(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "GET" && r.Method != "HEAD" {
+		http.Error(w, "Use HTTPS", http.StatusBadRequest)
+		return
+	}
+	target := "https://" + stripPort(r.Host) + r.URL.RequestURI()
+	http.Redirect(w, r, target, http.StatusFound)
+}
+
+func stripPort(hostport string) string {
+	host, _, err := net.SplitHostPort(hostport)
+	if err != nil {
+		return hostport
+	}
+	return net.JoinHostPort(host, "443")
+}
+
 // cert returns an existing certificate either from m.state or cache.
 // If a certificate is found in cache but not in m.state, the latter will be filled
 // with the cached value.
-func (m *Manager) cert(ctx context.Context, name string) (*tls.Certificate, error) {
+func (m *Manager) cert(ctx context.Context, ck certKey) (*tls.Certificate, error) {
 	m.stateMu.Lock()
-	if s, ok := m.state[name]; ok {
+	if s, ok := m.state[ck]; ok {
 		m.stateMu.Unlock()
 		s.RLock()
 		defer s.RUnlock()
 		return s.tlscert()
 	}
 	defer m.stateMu.Unlock()
-	cert, err := m.cacheGet(ctx, name)
+	cert, err := m.cacheGet(ctx, ck)
 	if err != nil {
 		return nil, err
 	}
@@ -243,25 +448,25 @@ func (m *Manager) cert(ctx context.Context, name string) (*tls.Certificate, erro
 		return nil, errors.New("acme/autocert: private key cannot sign")
 	}
 	if m.state == nil {
-		m.state = make(map[string]*certState)
+		m.state = make(map[certKey]*certState)
 	}
 	s := &certState{
 		key:  signer,
 		cert: cert.Certificate,
 		leaf: cert.Leaf,
 	}
-	m.state[name] = s
-	go m.renew(name, s.key, s.leaf.NotAfter)
+	m.state[ck] = s
+	go m.renew(ck, s.key, s.leaf.NotAfter)
 	return cert, nil
 }
 
 // cacheGet always returns a valid certificate, or an error otherwise.
-// If a cached certficate exists but is not valid, ErrCacheMiss is returned.
-func (m *Manager) cacheGet(ctx context.Context, domain string) (*tls.Certificate, error) {
+// If a cached certificate exists but is not valid, ErrCacheMiss is returned.
+func (m *Manager) cacheGet(ctx context.Context, ck certKey) (*tls.Certificate, error) {
 	if m.Cache == nil {
 		return nil, ErrCacheMiss
 	}
-	data, err := m.Cache.Get(ctx, domain)
+	data, err := m.Cache.Get(ctx, ck.String())
 	if err != nil {
 		return nil, err
 	}
@@ -292,7 +497,7 @@ func (m *Manager) cacheGet(ctx context.Context, domain string) (*tls.Certificate
 	}
 
 	// verify and create TLS cert
-	leaf, err := validCert(domain, pubDER, privKey)
+	leaf, err := validCert(ck, pubDER, privKey, m.now())
 	if err != nil {
 		return nil, ErrCacheMiss
 	}
@@ -304,7 +509,7 @@ func (m *Manager) cacheGet(ctx context.Context, domain string) (*tls.Certificate
 	return tlscert, nil
 }
 
-func (m *Manager) cachePut(ctx context.Context, domain string, tlscert *tls.Certificate) error {
+func (m *Manager) cachePut(ctx context.Context, ck certKey, tlscert *tls.Certificate) error {
 	if m.Cache == nil {
 		return nil
 	}
@@ -336,7 +541,7 @@ func (m *Manager) cachePut(ctx context.Context, domain string, tlscert *tls.Cert
 		}
 	}
 
-	return m.Cache.Put(ctx, domain, buf.Bytes())
+	return m.Cache.Put(ctx, ck.String(), buf.Bytes())
 }
 
 func encodeECDSAKey(w io.Writer, key *ecdsa.PrivateKey) error {
@@ -353,9 +558,9 @@ func encodeECDSAKey(w io.Writer, key *ecdsa.PrivateKey) error {
 //
 // If the domain is already being verified, it waits for the existing verification to complete.
 // Either way, createCert blocks for the duration of the whole process.
-func (m *Manager) createCert(ctx context.Context, domain string) (*tls.Certificate, error) {
+func (m *Manager) createCert(ctx context.Context, ck certKey) (*tls.Certificate, error) {
 	// TODO: maybe rewrite this whole piece using sync.Once
-	state, err := m.certState(domain)
+	state, err := m.certState(ck)
 	if err != nil {
 		return nil, err
 	}
@@ -369,48 +574,48 @@ func (m *Manager) createCert(ctx context.Context, domain string) (*tls.Certifica
 
 	// We are the first; state is locked.
 	// Unblock the readers when domain ownership is verified
-	// and the we got the cert or the process failed.
+	// and we got the cert or the process failed.
 	defer state.Unlock()
 	state.locked = false
 
-	der, leaf, err := m.authorizedCert(ctx, state.key, domain)
+	der, leaf, err := m.authorizedCert(ctx, state.key, ck)
 	if err != nil {
 		// Remove the failed state after some time,
 		// making the manager call createCert again on the following TLS hello.
 		time.AfterFunc(createCertRetryAfter, func() {
-			defer testDidRemoveState(domain)
+			defer testDidRemoveState(ck)
 			m.stateMu.Lock()
 			defer m.stateMu.Unlock()
 			// Verify the state hasn't changed and it's still invalid
 			// before deleting.
-			s, ok := m.state[domain]
+			s, ok := m.state[ck]
 			if !ok {
 				return
 			}
-			if _, err := validCert(domain, s.cert, s.key); err == nil {
+			if _, err := validCert(ck, s.cert, s.key, m.now()); err == nil {
 				return
 			}
-			delete(m.state, domain)
+			delete(m.state, ck)
 		})
 		return nil, err
 	}
 	state.cert = der
 	state.leaf = leaf
-	go m.renew(domain, state.key, state.leaf.NotAfter)
+	go m.renew(ck, state.key, state.leaf.NotAfter)
 	return state.tlscert()
 }
 
 // certState returns a new or existing certState.
 // If a new certState is returned, state.exist is false and the state is locked.
 // The returned error is non-nil only in the case where a new state could not be created.
-func (m *Manager) certState(domain string) (*certState, error) {
+func (m *Manager) certState(ck certKey) (*certState, error) {
 	m.stateMu.Lock()
 	defer m.stateMu.Unlock()
 	if m.state == nil {
-		m.state = make(map[string]*certState)
+		m.state = make(map[certKey]*certState)
 	}
 	// existing state
-	if state, ok := m.state[domain]; ok {
+	if state, ok := m.state[ck]; ok {
 		return state, nil
 	}
 
@@ -419,7 +624,7 @@ func (m *Manager) certState(domain string) (*certState, error) {
 		err error
 		key crypto.Signer
 	)
-	if m.ForceRSA {
+	if ck.isRSA {
 		key, err = rsa.GenerateKey(rand.Reader, 2048)
 	} else {
 		key, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
@@ -433,127 +638,334 @@ func (m *Manager) certState(domain string) (*certState, error) {
 		locked: true,
 	}
 	state.Lock() // will be unlocked by m.certState caller
-	m.state[domain] = state
+	m.state[ck] = state
 	return state, nil
 }
 
-// authorizedCert starts domain ownership verification process and requests a new cert upon success.
+// authorizedCert starts the domain ownership verification process and requests a new cert upon success.
 // The key argument is the certificate private key.
-func (m *Manager) authorizedCert(ctx context.Context, key crypto.Signer, domain string) (der [][]byte, leaf *x509.Certificate, err error) {
-	if err := m.verify(ctx, domain); err != nil {
+func (m *Manager) authorizedCert(ctx context.Context, key crypto.Signer, ck certKey) (der [][]byte, leaf *x509.Certificate, err error) {
+	csr, err := certRequest(key, ck.domain, m.ExtraExtensions)
+	if err != nil {
 		return nil, nil, err
 	}
+
 	client, err := m.acmeClient(ctx)
 	if err != nil {
 		return nil, nil, err
 	}
-	csr, err := certRequest(key, domain)
+	dir, err := client.Discover(ctx)
 	if err != nil {
 		return nil, nil, err
 	}
-	der, _, err = client.CreateCert(ctx, csr, 0, true)
-	if err != nil {
-		return nil, nil, err
+
+	var chain [][]byte
+	switch {
+	// Pre-RFC legacy CA.
+	case dir.OrderURL == "":
+		if err := m.verify(ctx, client, ck.domain); err != nil {
+			return nil, nil, err
+		}
+		der, _, err := client.CreateCert(ctx, csr, 0, true)
+		if err != nil {
+			return nil, nil, err
+		}
+		chain = der
+	// RFC 8555 compliant CA.
+	default:
+		o, err := m.verifyRFC(ctx, client, ck.domain)
+		if err != nil {
+			return nil, nil, err
+		}
+		der, _, err := client.CreateOrderCert(ctx, o.FinalizeURL, csr, true)
+		if err != nil {
+			return nil, nil, err
+		}
+		chain = der
 	}
-	leaf, err = validCert(domain, der, key)
+	leaf, err = validCert(ck, chain, key, m.now())
 	if err != nil {
 		return nil, nil, err
 	}
-	return der, leaf, nil
+	return chain, leaf, nil
 }
 
-// verify starts a new identifier (domain) authorization flow.
-// It prepares a challenge response and then blocks until the authorization
-// is marked as "completed" by the CA (either succeeded or failed).
-//
-// verify returns nil iff the verification was successful.
-func (m *Manager) verify(ctx context.Context, domain string) error {
-	client, err := m.acmeClient(ctx)
-	if err != nil {
-		return err
-	}
+// verify runs the identifier (domain) pre-authorization flow for legacy CAs
+// using each applicable ACME challenge type.
+func (m *Manager) verify(ctx context.Context, client *acme.Client, domain string) error {
+	// Remove all hanging authorizations to reduce rate limit quotas
+	// after we're done.
+	var authzURLs []string
+	defer func() {
+		go m.deactivatePendingAuthz(authzURLs)
+	}()
 
-	// start domain authorization and get the challenge
-	authz, err := client.Authorize(ctx, domain)
-	if err != nil {
-		return err
-	}
-	// maybe don't need to at all
-	if authz.Status == acme.StatusValid {
+	// errs accumulates challenge failure errors, printed if all fail
+	errs := make(map[*acme.Challenge]error)
+	challengeTypes := m.supportedChallengeTypes()
+	var nextTyp int // challengeType index of the next challenge type to try
+	for {
+		// Start domain authorization and get the challenge.
+		authz, err := client.Authorize(ctx, domain)
+		if err != nil {
+			return err
+		}
+		authzURLs = append(authzURLs, authz.URI)
+		// No point in accepting challenges if the authorization status
+		// is in a final state.
+		switch authz.Status {
+		case acme.StatusValid:
+			return nil // already authorized
+		case acme.StatusInvalid:
+			return fmt.Errorf("acme/autocert: invalid authorization %q", authz.URI)
+		}
+
+		// Pick the next preferred challenge.
+		var chal *acme.Challenge
+		for chal == nil && nextTyp < len(challengeTypes) {
+			chal = pickChallenge(challengeTypes[nextTyp], authz.Challenges)
+			nextTyp++
+		}
+		if chal == nil {
+			errorMsg := fmt.Sprintf("acme/autocert: unable to authorize %q", domain)
+			for chal, err := range errs {
+				errorMsg += fmt.Sprintf("; challenge %q failed with error: %v", chal.Type, err)
+			}
+			return errors.New(errorMsg)
+		}
+		cleanup, err := m.fulfill(ctx, client, chal, domain)
+		if err != nil {
+			errs[chal] = err
+			continue
+		}
+		defer cleanup()
+		if _, err := client.Accept(ctx, chal); err != nil {
+			errs[chal] = err
+			continue
+		}
+
+		// A challenge is fulfilled and accepted: wait for the CA to validate.
+		if _, err := client.WaitAuthorization(ctx, authz.URI); err != nil {
+			errs[chal] = err
+			continue
+		}
 		return nil
 	}
+}
 
-	// pick a challenge: prefer tls-sni-02 over tls-sni-01
-	// TODO: consider authz.Combinations
-	var chal *acme.Challenge
-	for _, c := range authz.Challenges {
-		if c.Type == "tls-sni-02" {
-			chal = c
-			break
+// verifyRFC runs the identifier (domain) order-based authorization flow for RFC compliant CAs
+// using each applicable ACME challenge type.
+func (m *Manager) verifyRFC(ctx context.Context, client *acme.Client, domain string) (*acme.Order, error) {
+	// Try each supported challenge type starting with a new order each time.
+	// The nextTyp index of the next challenge type to try is shared across
+	// all order authorizations: if we've tried a challenge type once and it didn't work,
+	// it will most likely not work on another order's authorization either.
+	challengeTypes := m.supportedChallengeTypes()
+	nextTyp := 0 // challengeTypes index
+AuthorizeOrderLoop:
+	for {
+		o, err := client.AuthorizeOrder(ctx, acme.DomainIDs(domain))
+		if err != nil {
+			return nil, err
+		}
+		// Remove all hanging authorizations to reduce rate limit quotas
+		// after we're done.
+		defer func(urls []string) {
+			go m.deactivatePendingAuthz(urls)
+		}(o.AuthzURLs)
+
+		// Check if there's actually anything we need to do.
+		switch o.Status {
+		case acme.StatusReady:
+			// Already authorized.
+			return o, nil
+		case acme.StatusPending:
+			// Continue normal Order-based flow.
+		default:
+			return nil, fmt.Errorf("acme/autocert: invalid new order status %q; order URL: %q", o.Status, o.URI)
+		}
+
+		// Satisfy all pending authorizations.
+		for _, zurl := range o.AuthzURLs {
+			z, err := client.GetAuthorization(ctx, zurl)
+			if err != nil {
+				return nil, err
+			}
+			if z.Status != acme.StatusPending {
+				// We are interested only in pending authorizations.
+				continue
+			}
+			// Pick the next preferred challenge.
+			var chal *acme.Challenge
+			for chal == nil && nextTyp < len(challengeTypes) {
+				chal = pickChallenge(challengeTypes[nextTyp], z.Challenges)
+				nextTyp++
+			}
+			if chal == nil {
+				return nil, fmt.Errorf("acme/autocert: unable to satisfy %q for domain %q: no viable challenge type found", z.URI, domain)
+			}
+			// Respond to the challenge and wait for validation result.
+			cleanup, err := m.fulfill(ctx, client, chal, domain)
+			if err != nil {
+				continue AuthorizeOrderLoop
+			}
+			defer cleanup()
+			if _, err := client.Accept(ctx, chal); err != nil {
+				continue AuthorizeOrderLoop
+			}
+			if _, err := client.WaitAuthorization(ctx, z.URI); err != nil {
+				continue AuthorizeOrderLoop
+			}
 		}
-		if c.Type == "tls-sni-01" {
-			chal = c
+
+		// All authorizations are satisfied.
+		// Wait for the CA to update the order status.
+		o, err = client.WaitOrder(ctx, o.URI)
+		if err != nil {
+			continue AuthorizeOrderLoop
 		}
+		return o, nil
 	}
-	if chal == nil {
-		return errors.New("acme/autocert: no supported challenge type found")
+}
+
+func pickChallenge(typ string, chal []*acme.Challenge) *acme.Challenge {
+	for _, c := range chal {
+		if c.Type == typ {
+			return c
+		}
 	}
+	return nil
+}
 
-	// create a token cert for the challenge response
-	var (
-		cert tls.Certificate
-		name string
-	)
-	switch chal.Type {
-	case "tls-sni-01":
-		cert, name, err = client.TLSSNI01ChallengeCert(chal.Token)
-	case "tls-sni-02":
-		cert, name, err = client.TLSSNI02ChallengeCert(chal.Token)
-	default:
-		err = fmt.Errorf("acme/autocert: unknown challenge type %q", chal.Type)
+func (m *Manager) supportedChallengeTypes() []string {
+	m.challengeMu.RLock()
+	defer m.challengeMu.RUnlock()
+	typ := []string{"tls-alpn-01"}
+	if m.tryHTTP01 {
+		typ = append(typ, "http-01")
 	}
+	return typ
+}
+
+// deactivatePendingAuthz relinquishes all authorizations identified by the elements
+// of the provided uri slice which are in "pending" state.
+// It ignores revocation errors.
+//
+// deactivatePendingAuthz takes no context argument and instead runs with its own
+// "detached" context because deactivations are done in a goroutine separate from
+// that of the main issuance or renewal flow.
+func (m *Manager) deactivatePendingAuthz(uri []string) {
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
+	defer cancel()
+	client, err := m.acmeClient(ctx)
 	if err != nil {
-		return err
+		return
 	}
-	m.putTokenCert(ctx, name, &cert)
-	defer func() {
-		// verification has ended at this point
-		// don't need token cert anymore
-		go m.deleteTokenCert(name)
-	}()
+	for _, u := range uri {
+		z, err := client.GetAuthorization(ctx, u)
+		if err == nil && z.Status == acme.StatusPending {
+			client.RevokeAuthorization(ctx, u)
+		}
+	}
+}
 
-	// ready to fulfill the challenge
-	if _, err := client.Accept(ctx, chal); err != nil {
-		return err
+// fulfill provisions a response to the challenge chal.
+// The cleanup is non-nil only if provisioning succeeded.
+func (m *Manager) fulfill(ctx context.Context, client *acme.Client, chal *acme.Challenge, domain string) (cleanup func(), err error) {
+	switch chal.Type {
+	case "tls-alpn-01":
+		cert, err := client.TLSALPN01ChallengeCert(chal.Token, domain)
+		if err != nil {
+			return nil, err
+		}
+		m.putCertToken(ctx, domain, &cert)
+		return func() { go m.deleteCertToken(domain) }, nil
+	case "http-01":
+		resp, err := client.HTTP01ChallengeResponse(chal.Token)
+		if err != nil {
+			return nil, err
+		}
+		p := client.HTTP01ChallengePath(chal.Token)
+		m.putHTTPToken(ctx, p, resp)
+		return func() { go m.deleteHTTPToken(p) }, nil
+	}
+	return nil, fmt.Errorf("acme/autocert: unknown challenge type %q", chal.Type)
+}
+
+// putCertToken stores the token certificate with the specified name
+// in both m.certTokens map and m.Cache.
+func (m *Manager) putCertToken(ctx context.Context, name string, cert *tls.Certificate) {
+	m.challengeMu.Lock()
+	defer m.challengeMu.Unlock()
+	if m.certTokens == nil {
+		m.certTokens = make(map[string]*tls.Certificate)
 	}
-	// wait for the CA to validate
-	_, err = client.WaitAuthorization(ctx, authz.URI)
-	return err
+	m.certTokens[name] = cert
+	m.cachePut(ctx, certKey{domain: name, isToken: true}, cert)
 }
 
-// putTokenCert stores the cert under the named key in both m.tokenCert map
-// and m.Cache.
-func (m *Manager) putTokenCert(ctx context.Context, name string, cert *tls.Certificate) {
-	m.tokenCertMu.Lock()
-	defer m.tokenCertMu.Unlock()
-	if m.tokenCert == nil {
-		m.tokenCert = make(map[string]*tls.Certificate)
+// deleteCertToken removes the token certificate with the specified name
+// from both m.certTokens map and m.Cache.
+func (m *Manager) deleteCertToken(name string) {
+	m.challengeMu.Lock()
+	defer m.challengeMu.Unlock()
+	delete(m.certTokens, name)
+	if m.Cache != nil {
+		ck := certKey{domain: name, isToken: true}
+		m.Cache.Delete(context.Background(), ck.String())
+	}
+}
+
+// httpToken retrieves an existing http-01 token value from an in-memory map
+// or the optional cache.
+func (m *Manager) httpToken(ctx context.Context, tokenPath string) ([]byte, error) {
+	m.challengeMu.RLock()
+	defer m.challengeMu.RUnlock()
+	if v, ok := m.httpTokens[tokenPath]; ok {
+		return v, nil
+	}
+	if m.Cache == nil {
+		return nil, fmt.Errorf("acme/autocert: no token at %q", tokenPath)
+	}
+	return m.Cache.Get(ctx, httpTokenCacheKey(tokenPath))
+}
+
+// putHTTPToken stores an http-01 token value using tokenPath as key
+// in both in-memory map and the optional Cache.
+//
+// It ignores any error returned from Cache.Put.
+func (m *Manager) putHTTPToken(ctx context.Context, tokenPath, val string) {
+	m.challengeMu.Lock()
+	defer m.challengeMu.Unlock()
+	if m.httpTokens == nil {
+		m.httpTokens = make(map[string][]byte)
+	}
+	b := []byte(val)
+	m.httpTokens[tokenPath] = b
+	if m.Cache != nil {
+		m.Cache.Put(ctx, httpTokenCacheKey(tokenPath), b)
 	}
-	m.tokenCert[name] = cert
-	m.cachePut(ctx, name, cert)
 }
 
-// deleteTokenCert removes the token certificate for the specified domain name
-// from both m.tokenCert map and m.Cache.
-func (m *Manager) deleteTokenCert(name string) {
-	m.tokenCertMu.Lock()
-	defer m.tokenCertMu.Unlock()
-	delete(m.tokenCert, name)
+// deleteHTTPToken removes an http-01 token value from both in-memory map
+// and the optional Cache, ignoring any error returned from the latter.
+//
+// If m.Cache is non-nil, it blocks until Cache.Delete returns without a timeout.
+func (m *Manager) deleteHTTPToken(tokenPath string) {
+	m.challengeMu.Lock()
+	defer m.challengeMu.Unlock()
+	delete(m.httpTokens, tokenPath)
 	if m.Cache != nil {
-		m.Cache.Delete(context.Background(), name)
+		m.Cache.Delete(context.Background(), httpTokenCacheKey(tokenPath))
 	}
 }
 
+// httpTokenCacheKey returns a key at which an http-01 token value may be stored
+// in the Manager's optional Cache.
+func httpTokenCacheKey(tokenPath string) string {
+	return path.Base(tokenPath) + "+http-01"
+}
+
 // renew starts a cert renewal timer loop, one per domain.
 //
 // The loop is scheduled in two cases:
@@ -562,18 +974,18 @@ func (m *Manager) deleteTokenCert(name string) {
 //
 // The key argument is a certificate private key.
 // The exp argument is the cert expiration time (NotAfter).
-func (m *Manager) renew(domain string, key crypto.Signer, exp time.Time) {
+func (m *Manager) renew(ck certKey, key crypto.Signer, exp time.Time) {
 	m.renewalMu.Lock()
 	defer m.renewalMu.Unlock()
-	if m.renewal[domain] != nil {
+	if m.renewal[ck] != nil {
 		// another goroutine is already on it
 		return
 	}
 	if m.renewal == nil {
-		m.renewal = make(map[string]*domainRenewal)
+		m.renewal = make(map[certKey]*domainRenewal)
 	}
-	dr := &domainRenewal{m: m, domain: domain, key: key}
-	m.renewal[domain] = dr
+	dr := &domainRenewal{m: m, ck: ck, key: key}
+	m.renewal[ck] = dr
 	dr.start(exp)
 }
 
@@ -589,7 +1001,10 @@ func (m *Manager) stopRenew() {
 }
 
 func (m *Manager) accountKey(ctx context.Context) (crypto.Signer, error) {
-	const keyName = "acme_account.key"
+	const keyName = "acme_account+key"
+
+	// Previous versions of autocert stored the value under a different key.
+	const legacyKeyName = "acme_account.key"
 
 	genKey := func() (*ecdsa.PrivateKey, error) {
 		return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
@@ -600,6 +1015,9 @@ func (m *Manager) accountKey(ctx context.Context) (crypto.Signer, error) {
 	}
 
 	data, err := m.Cache.Get(ctx, keyName)
+	if err == ErrCacheMiss {
+		data, err = m.Cache.Get(ctx, legacyKeyName)
+	}
 	if err == ErrCacheMiss {
 		key, err := genKey()
 		if err != nil {
@@ -634,7 +1052,7 @@ func (m *Manager) acmeClient(ctx context.Context) (*acme.Client, error) {
 
 	client := m.Client
 	if client == nil {
-		client = &acme.Client{DirectoryURL: acme.LetsEncryptURL}
+		client = &acme.Client{DirectoryURL: DefaultACMEDirectory}
 	}
 	if client.Key == nil {
 		var err error
@@ -643,20 +1061,32 @@ func (m *Manager) acmeClient(ctx context.Context) (*acme.Client, error) {
 			return nil, err
 		}
 	}
+	if client.UserAgent == "" {
+		client.UserAgent = "autocert"
+	}
 	var contact []string
 	if m.Email != "" {
 		contact = []string{"mailto:" + m.Email}
 	}
 	a := &acme.Account{Contact: contact}
 	_, err := client.Register(ctx, a, m.Prompt)
-	if ae, ok := err.(*acme.Error); err == nil || ok && ae.StatusCode == http.StatusConflict {
-		// conflict indicates the key is already registered
+	if err == nil || isAccountAlreadyExist(err) {
 		m.client = client
 		err = nil
 	}
 	return m.client, err
 }
 
+// isAccountAlreadyExist reports whether the err, as returned from acme.Client.Register,
+// indicates the account has already been registered.
+func isAccountAlreadyExist(err error) bool {
+	if err == acme.ErrAccountAlreadyExists {
+		return true
+	}
+	ae, ok := err.(*acme.Error)
+	return ok && ae.StatusCode == http.StatusConflict
+}
+
 func (m *Manager) hostPolicy() HostPolicy {
 	if m.HostPolicy != nil {
 		return m.HostPolicy
@@ -671,6 +1101,13 @@ func (m *Manager) renewBefore() time.Duration {
 	return 720 * time.Hour // 30 days
 }
 
+func (m *Manager) now() time.Time {
+	if m.nowFunc != nil {
+		return m.nowFunc()
+	}
+	return time.Now()
+}
+
 // certState is ready when its mutex is unlocked for reading.
 type certState struct {
 	sync.RWMutex
@@ -696,12 +1133,12 @@ func (s *certState) tlscert() (*tls.Certificate, error) {
 	}, nil
 }
 
-// certRequest creates a certificate request for the given common name cn
-// and optional SANs.
-func certRequest(key crypto.Signer, cn string, san ...string) ([]byte, error) {
+// certRequest generates a CSR for the given common name.
+func certRequest(key crypto.Signer, name string, ext []pkix.Extension) ([]byte, error) {
 	req := &x509.CertificateRequest{
-		Subject:  pkix.Name{CommonName: cn},
-		DNSNames: san,
+		Subject:         pkix.Name{CommonName: name},
+		DNSNames:        []string{name},
+		ExtraExtensions: ext,
 	}
 	return x509.CreateCertificateRequest(rand.Reader, req, key)
 }
@@ -732,12 +1169,12 @@ func parsePrivateKey(der []byte) (crypto.Signer, error) {
 	return nil, errors.New("acme/autocert: failed to parse private key")
 }
 
-// validCert parses a cert chain provided as der argument and verifies the leaf, der[0],
-// corresponds to the private key, as well as the domain match and expiration dates.
-// It doesn't do any revocation checking.
+// validCert parses a cert chain provided as der argument and verifies the leaf and der[0]
+// correspond to the private key, the domain and key type match, and expiration dates
+// are valid. It doesn't do any revocation checking.
 //
 // The returned value is the verified leaf cert.
-func validCert(domain string, der [][]byte, key crypto.Signer) (leaf *x509.Certificate, err error) {
+func validCert(ck certKey, der [][]byte, key crypto.Signer, now time.Time) (leaf *x509.Certificate, err error) {
 	// parse public part(s)
 	var n int
 	for _, b := range der {
@@ -749,22 +1186,21 @@ func validCert(domain string, der [][]byte, key crypto.Signer) (leaf *x509.Certi
 		n += copy(pub[n:], b)
 	}
 	x509Cert, err := x509.ParseCertificates(pub)
-	if len(x509Cert) == 0 {
+	if err != nil || len(x509Cert) == 0 {
 		return nil, errors.New("acme/autocert: no public key found")
 	}
 	// verify the leaf is not expired and matches the domain name
 	leaf = x509Cert[0]
-	now := timeNow()
 	if now.Before(leaf.NotBefore) {
 		return nil, errors.New("acme/autocert: certificate is not valid yet")
 	}
 	if now.After(leaf.NotAfter) {
 		return nil, errors.New("acme/autocert: expired certificate")
 	}
-	if err := leaf.VerifyHostname(domain); err != nil {
+	if err := leaf.VerifyHostname(ck.domain); err != nil {
 		return nil, err
 	}
-	// ensure the leaf corresponds to the private key
+	// ensure the leaf corresponds to the private key and matches the certKey type
 	switch pub := leaf.PublicKey.(type) {
 	case *rsa.PublicKey:
 		prv, ok := key.(*rsa.PrivateKey)
@@ -774,6 +1210,9 @@ func validCert(domain string, der [][]byte, key crypto.Signer) (leaf *x509.Certi
 		if pub.N.Cmp(prv.N) != 0 {
 			return nil, errors.New("acme/autocert: private key does not match public key")
 		}
+		if !ck.isRSA && !ck.isToken {
+			return nil, errors.New("acme/autocert: key type does not match expected value")
+		}
 	case *ecdsa.PublicKey:
 		prv, ok := key.(*ecdsa.PrivateKey)
 		if !ok {
@@ -782,22 +1221,15 @@ func validCert(domain string, der [][]byte, key crypto.Signer) (leaf *x509.Certi
 		if pub.X.Cmp(prv.X) != 0 || pub.Y.Cmp(prv.Y) != 0 {
 			return nil, errors.New("acme/autocert: private key does not match public key")
 		}
+		if ck.isRSA && !ck.isToken {
+			return nil, errors.New("acme/autocert: key type does not match expected value")
+		}
 	default:
 		return nil, errors.New("acme/autocert: unknown public key algorithm")
 	}
 	return leaf, nil
 }
 
-func retryAfter(v string) time.Duration {
-	if i, err := strconv.Atoi(v); err == nil {
-		return time.Duration(i) * time.Second
-	}
-	if t, err := http.ParseTime(v); err == nil {
-		return t.Sub(timeNow())
-	}
-	return time.Second
-}
-
 type lockedMathRand struct {
 	sync.Mutex
 	rnd *mathrand.Rand
@@ -812,8 +1244,6 @@ func (r *lockedMathRand) int63n(max int64) int64 {
 
 // For easier testing.
 var (
-	timeNow = time.Now
-
 	// Called when a state is removed.
-	testDidRemoveState = func(domain string) {}
+	testDidRemoveState = func(certKey) {}
 )
diff --git a/acme/autocert/autocert_test.go b/acme/autocert/autocert_test.go
index 43a62011a..59f39c1c1 100644
--- a/acme/autocert/autocert_test.go
+++ b/acme/autocert/autocert_test.go
@@ -5,6 +5,7 @@
 package autocert
 
 import (
+	"bytes"
 	"context"
 	"crypto"
 	"crypto/ecdsa"
@@ -14,20 +15,30 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
+	"encoding/asn1"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"html/template"
 	"io"
+	"io/ioutil"
 	"math/big"
 	"net/http"
 	"net/http/httptest"
 	"reflect"
+	"strings"
 	"sync"
 	"testing"
 	"time"
 
 	"golang.org/x/crypto/acme"
+	"golang.org/x/crypto/acme/autocert/internal/acmetest"
+)
+
+var (
+	exampleDomain     = "example.org"
+	exampleCertKey    = certKey{domain: exampleDomain}
+	exampleCertKeyRSA = certKey{domain: exampleDomain, isRSA: true}
 )
 
 var discoTmpl = template.Must(template.New("disco").Parse(`{
@@ -40,19 +51,25 @@ var authzTmpl = template.Must(template.New("authz").Parse(`{
 	"status": "pending",
 	"challenges": [
 		{
-			"uri": "{{.}}/challenge/1",
-			"type": "tls-sni-01",
-			"token": "token-01"
+			"uri": "{{.}}/challenge/tls-alpn-01",
+			"type": "tls-alpn-01",
+			"token": "token-alpn"
 		},
 		{
-			"uri": "{{.}}/challenge/2",
-			"type": "tls-sni-02",
-			"token": "token-02"
+			"uri": "{{.}}/challenge/dns-01",
+			"type": "dns-01",
+			"token": "token-dns-01"
+		},
+		{
+			"uri": "{{.}}/challenge/http-01",
+			"type": "http-01",
+			"token": "token-http-01"
 		}
 	]
 }`))
 
 type memCache struct {
+	t       *testing.T
 	mu      sync.Mutex
 	keyData map[string][]byte
 }
@@ -68,7 +85,26 @@ func (m *memCache) Get(ctx context.Context, key string) ([]byte, error) {
 	return v, nil
 }
 
+// filenameSafe returns whether all characters in s are printable ASCII
+// and safe to use in a filename on most filesystems.
+func filenameSafe(s string) bool {
+	for _, c := range s {
+		if c < 0x20 || c > 0x7E {
+			return false
+		}
+		switch c {
+		case '\\', '/', ':', '*', '?', '"', '<', '>', '|':
+			return false
+		}
+	}
+	return true
+}
+
 func (m *memCache) Put(ctx context.Context, key string, data []byte) error {
+	if !filenameSafe(key) {
+		m.t.Errorf("invalid characters in cache key %q", key)
+	}
+
 	m.mu.Lock()
 	defer m.mu.Unlock()
 
@@ -84,12 +120,29 @@ func (m *memCache) Delete(ctx context.Context, key string) error {
 	return nil
 }
 
-func newMemCache() *memCache {
+func newMemCache(t *testing.T) *memCache {
 	return &memCache{
+		t:       t,
 		keyData: make(map[string][]byte),
 	}
 }
 
+func (m *memCache) numCerts() int {
+	m.mu.Lock()
+	defer m.mu.Unlock()
+
+	res := 0
+	for key := range m.keyData {
+		if strings.HasSuffix(key, "+token") ||
+			strings.HasSuffix(key, "+key") ||
+			strings.HasSuffix(key, "+http-01") {
+			continue
+		}
+		res++
+	}
+	return res
+}
+
 func dummyCert(pub interface{}, san ...string) ([]byte, error) {
 	return dateDummyCert(pub, time.Now(), time.Now().Add(90*24*time.Hour), san...)
 }
@@ -126,53 +179,98 @@ func decodePayload(v interface{}, r io.Reader) error {
 	return json.Unmarshal(payload, v)
 }
 
+type algorithmSupport int
+
+const (
+	algRSA algorithmSupport = iota
+	algECDSA
+)
+
+func clientHelloInfo(sni string, alg algorithmSupport) *tls.ClientHelloInfo {
+	hello := &tls.ClientHelloInfo{
+		ServerName:   sni,
+		CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305},
+	}
+	if alg == algECDSA {
+		hello.CipherSuites = append(hello.CipherSuites, tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)
+	}
+	return hello
+}
+
+// tokenCertFn returns a function suitable for startACMEServerStub.
+// The returned function simulates a TLS hello request from a CA
+// during validation of a tls-alpn-01 challenge.
+func tokenCertFn(man *Manager, alg algorithmSupport) getCertificateFunc {
+	return func(sni string) (*tls.Certificate, error) {
+		hello := clientHelloInfo(sni, alg)
+		hello.SupportedProtos = []string{acme.ALPNProto}
+		return man.GetCertificate(hello)
+	}
+}
+
 func TestGetCertificate(t *testing.T) {
 	man := &Manager{Prompt: AcceptTOS}
 	defer man.stopRenew()
-	hello := &tls.ClientHelloInfo{ServerName: "example.org"}
+	hello := clientHelloInfo("example.org", algECDSA)
 	testGetCertificate(t, man, "example.org", hello)
 }
 
 func TestGetCertificate_trailingDot(t *testing.T) {
 	man := &Manager{Prompt: AcceptTOS}
 	defer man.stopRenew()
-	hello := &tls.ClientHelloInfo{ServerName: "example.org."}
+	hello := clientHelloInfo("example.org.", algECDSA)
+	testGetCertificate(t, man, "example.org", hello)
+}
+
+func TestGetCertificate_unicodeIDN(t *testing.T) {
+	man := &Manager{Prompt: AcceptTOS}
+	defer man.stopRenew()
+
+	hello := clientHelloInfo("σσσ.com", algECDSA)
+	testGetCertificate(t, man, "xn--4xaaa.com", hello)
+
+	hello = clientHelloInfo("σςΣ.com", algECDSA)
+	testGetCertificate(t, man, "xn--4xaaa.com", hello)
+}
+
+func TestGetCertificate_mixedcase(t *testing.T) {
+	man := &Manager{Prompt: AcceptTOS}
+	defer man.stopRenew()
+
+	hello := clientHelloInfo("example.org", algECDSA)
+	testGetCertificate(t, man, "example.org", hello)
+
+	hello = clientHelloInfo("EXAMPLE.ORG", algECDSA)
 	testGetCertificate(t, man, "example.org", hello)
 }
 
 func TestGetCertificate_ForceRSA(t *testing.T) {
 	man := &Manager{
 		Prompt:   AcceptTOS,
-		Cache:    newMemCache(),
+		Cache:    newMemCache(t),
 		ForceRSA: true,
 	}
 	defer man.stopRenew()
-	hello := &tls.ClientHelloInfo{ServerName: "example.org"}
-	testGetCertificate(t, man, "example.org", hello)
+	hello := clientHelloInfo(exampleDomain, algECDSA)
+	testGetCertificate(t, man, exampleDomain, hello)
 
-	cert, err := man.cacheGet(context.Background(), "example.org")
+	// ForceRSA was deprecated and is now ignored.
+	cert, err := man.cacheGet(context.Background(), exampleCertKey)
 	if err != nil {
 		t.Fatalf("man.cacheGet: %v", err)
 	}
-	if _, ok := cert.PrivateKey.(*rsa.PrivateKey); !ok {
-		t.Errorf("cert.PrivateKey is %T; want *rsa.PrivateKey", cert.PrivateKey)
+	if _, ok := cert.PrivateKey.(*ecdsa.PrivateKey); !ok {
+		t.Errorf("cert.PrivateKey is %T; want *ecdsa.PrivateKey", cert.PrivateKey)
 	}
 }
 
 func TestGetCertificate_nilPrompt(t *testing.T) {
 	man := &Manager{}
 	defer man.stopRenew()
-	url, finish := startACMEServerStub(t, man, "example.org")
+	url, finish := startACMEServerStub(t, tokenCertFn(man, algECDSA), "example.org")
 	defer finish()
-	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	if err != nil {
-		t.Fatal(err)
-	}
-	man.Client = &acme.Client{
-		Key:          key,
-		DirectoryURL: url,
-	}
-	hello := &tls.ClientHelloInfo{ServerName: "example.org"}
+	man.Client = &acme.Client{DirectoryURL: url}
+	hello := clientHelloInfo("example.org", algECDSA)
 	if _, err := man.GetCertificate(hello); err == nil {
 		t.Error("got certificate for example.org; wanted error")
 	}
@@ -186,7 +284,7 @@ func TestGetCertificate_expiredCache(t *testing.T) {
 	}
 	tmpl := &x509.Certificate{
 		SerialNumber: big.NewInt(1),
-		Subject:      pkix.Name{CommonName: "example.org"},
+		Subject:      pkix.Name{CommonName: exampleDomain},
 		NotAfter:     time.Now(),
 	}
 	pub, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &pk.PublicKey, pk)
@@ -198,16 +296,16 @@ func TestGetCertificate_expiredCache(t *testing.T) {
 		PrivateKey:  pk,
 	}
 
-	man := &Manager{Prompt: AcceptTOS, Cache: newMemCache()}
+	man := &Manager{Prompt: AcceptTOS, Cache: newMemCache(t)}
 	defer man.stopRenew()
-	if err := man.cachePut(context.Background(), "example.org", tlscert); err != nil {
+	if err := man.cachePut(context.Background(), exampleCertKey, tlscert); err != nil {
 		t.Fatalf("man.cachePut: %v", err)
 	}
 
 	// The expired cached cert should trigger a new cert issuance
 	// and return without an error.
-	hello := &tls.ClientHelloInfo{ServerName: "example.org"}
-	testGetCertificate(t, man, "example.org", hello)
+	hello := clientHelloInfo(exampleDomain, algECDSA)
+	testGetCertificate(t, man, exampleDomain, hello)
 }
 
 func TestGetCertificate_failedAttempt(t *testing.T) {
@@ -216,7 +314,6 @@ func TestGetCertificate_failedAttempt(t *testing.T) {
 	}))
 	defer ts.Close()
 
-	const example = "example.org"
 	d := createCertRetryAfter
 	f := testDidRemoveState
 	defer func() {
@@ -225,54 +322,182 @@ func TestGetCertificate_failedAttempt(t *testing.T) {
 	}()
 	createCertRetryAfter = 0
 	done := make(chan struct{})
-	testDidRemoveState = func(domain string) {
-		if domain != example {
-			t.Errorf("testDidRemoveState: domain = %q; want %q", domain, example)
+	testDidRemoveState = func(ck certKey) {
+		if ck != exampleCertKey {
+			t.Errorf("testDidRemoveState: domain = %v; want %v", ck, exampleCertKey)
 		}
 		close(done)
 	}
 
-	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	if err != nil {
-		t.Fatal(err)
-	}
 	man := &Manager{
 		Prompt: AcceptTOS,
 		Client: &acme.Client{
-			Key:          key,
 			DirectoryURL: ts.URL,
 		},
 	}
 	defer man.stopRenew()
-	hello := &tls.ClientHelloInfo{ServerName: example}
+	hello := clientHelloInfo(exampleDomain, algECDSA)
 	if _, err := man.GetCertificate(hello); err == nil {
 		t.Error("GetCertificate: err is nil")
 	}
 	select {
 	case <-time.After(5 * time.Second):
-		t.Errorf("took too long to remove the %q state", example)
+		t.Errorf("took too long to remove the %q state", exampleCertKey)
 	case <-done:
 		man.stateMu.Lock()
 		defer man.stateMu.Unlock()
-		if v, exist := man.state[example]; exist {
-			t.Errorf("state exists for %q: %+v", example, v)
+		if v, exist := man.state[exampleCertKey]; exist {
+			t.Errorf("state exists for %v: %+v", exampleCertKey, v)
 		}
 	}
 }
 
+// testGetCertificate_tokenCache tests the fallback of token certificate fetches
+// to cache when Manager.certTokens misses.
+// algorithmSupport refers to the CA when verifying the certificate token.
+func testGetCertificate_tokenCache(t *testing.T, tokenAlg algorithmSupport) {
+	man1 := &Manager{
+		Cache:  newMemCache(t),
+		Prompt: AcceptTOS,
+	}
+	defer man1.stopRenew()
+	man2 := &Manager{
+		Cache:  man1.Cache,
+		Prompt: AcceptTOS,
+	}
+	defer man2.stopRenew()
+
+	// Send the verification request to a different Manager from the one that
+	// initiated the authorization, when they share caches.
+	url, finish := startACMEServerStub(t, tokenCertFn(man2, tokenAlg), "example.org")
+	defer finish()
+	man1.Client = &acme.Client{DirectoryURL: url}
+	man2.Client = &acme.Client{DirectoryURL: url}
+	hello := clientHelloInfo("example.org", algECDSA)
+	if _, err := man1.GetCertificate(hello); err != nil {
+		t.Error(err)
+	}
+	if _, err := man2.GetCertificate(hello); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestGetCertificate_tokenCache(t *testing.T) {
+	t.Run("ecdsaSupport=true", func(t *testing.T) {
+		testGetCertificate_tokenCache(t, algECDSA)
+	})
+	t.Run("ecdsaSupport=false", func(t *testing.T) {
+		testGetCertificate_tokenCache(t, algRSA)
+	})
+}
+
+func TestGetCertificate_ecdsaVsRSA(t *testing.T) {
+	cache := newMemCache(t)
+	man := &Manager{Prompt: AcceptTOS, Cache: cache}
+	defer man.stopRenew()
+	url, finish := startACMEServerStub(t, tokenCertFn(man, algECDSA), "example.org")
+	defer finish()
+	man.Client = &acme.Client{DirectoryURL: url}
+
+	cert, err := man.GetCertificate(clientHelloInfo("example.org", algECDSA))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, ok := cert.Leaf.PublicKey.(*ecdsa.PublicKey); !ok {
+		t.Error("an ECDSA client was served a non-ECDSA certificate")
+	}
+
+	cert, err = man.GetCertificate(clientHelloInfo("example.org", algRSA))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, ok := cert.Leaf.PublicKey.(*rsa.PublicKey); !ok {
+		t.Error("a RSA client was served a non-RSA certificate")
+	}
+
+	if _, err := man.GetCertificate(clientHelloInfo("example.org", algECDSA)); err != nil {
+		t.Error(err)
+	}
+	if _, err := man.GetCertificate(clientHelloInfo("example.org", algRSA)); err != nil {
+		t.Error(err)
+	}
+	if numCerts := cache.numCerts(); numCerts != 2 {
+		t.Errorf("found %d certificates in cache; want %d", numCerts, 2)
+	}
+}
+
+func TestGetCertificate_wrongCacheKeyType(t *testing.T) {
+	cache := newMemCache(t)
+	man := &Manager{Prompt: AcceptTOS, Cache: cache}
+	defer man.stopRenew()
+	url, finish := startACMEServerStub(t, tokenCertFn(man, algECDSA), exampleDomain)
+	defer finish()
+	man.Client = &acme.Client{DirectoryURL: url}
+
+	// Make an RSA cert and cache it without suffix.
+	pk, err := rsa.GenerateKey(rand.Reader, 512)
+	if err != nil {
+		t.Fatal(err)
+	}
+	tmpl := &x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject:      pkix.Name{CommonName: exampleDomain},
+		NotAfter:     time.Now().Add(90 * 24 * time.Hour),
+	}
+	pub, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &pk.PublicKey, pk)
+	if err != nil {
+		t.Fatal(err)
+	}
+	rsaCert := &tls.Certificate{
+		Certificate: [][]byte{pub},
+		PrivateKey:  pk,
+	}
+	if err := man.cachePut(context.Background(), exampleCertKey, rsaCert); err != nil {
+		t.Fatalf("man.cachePut: %v", err)
+	}
+
+	// The RSA cached cert should be silently ignored and replaced.
+	cert, err := man.GetCertificate(clientHelloInfo(exampleDomain, algECDSA))
+	if err != nil {
+		t.Fatal(err)
+	}
+	if _, ok := cert.Leaf.PublicKey.(*ecdsa.PublicKey); !ok {
+		t.Error("an ECDSA client was served a non-ECDSA certificate")
+	}
+	if numCerts := cache.numCerts(); numCerts != 1 {
+		t.Errorf("found %d certificates in cache; want %d", numCerts, 1)
+	}
+}
+
+type getCertificateFunc func(domain string) (*tls.Certificate, error)
+
 // startACMEServerStub runs an ACME server
 // The domain argument is the expected domain name of a certificate request.
-func startACMEServerStub(t *testing.T, man *Manager, domain string) (url string, finish func()) {
-	// echo token-02 | shasum -a 256
-	// then divide result in 2 parts separated by dot
-	tokenCertName := "4e8eb87631187e9ff2153b56b13a4dec.13a35d002e485d60ff37354b32f665d9.token.acme.invalid"
+// TODO: Drop this in favour of x/crypto/acme/autocert/internal/acmetest.
+func startACMEServerStub(t *testing.T, tokenCert getCertificateFunc, domain string) (url string, finish func()) {
 	verifyTokenCert := func() {
-		hello := &tls.ClientHelloInfo{ServerName: tokenCertName}
-		_, err := man.GetCertificate(hello)
+		tlscert, err := tokenCert(domain)
 		if err != nil {
-			t.Errorf("verifyTokenCert: GetCertificate(%q): %v", tokenCertName, err)
+			t.Errorf("verifyTokenCert: tokenCert(%q): %v", domain, err)
 			return
 		}
+		crt, err := x509.ParseCertificate(tlscert.Certificate[0])
+		if err != nil {
+			t.Errorf("verifyTokenCert: x509.ParseCertificate: %v", err)
+		}
+		if err := crt.VerifyHostname(domain); err != nil {
+			t.Errorf("verifyTokenCert: %v", err)
+		}
+		// See https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05#section-5.1
+		oid := asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 31}
+		for _, x := range crt.Extensions {
+			if x.Id.Equal(oid) {
+				// No need to check the extension value here.
+				// This is done in acme package tests.
+				return
+			}
+		}
+		t.Error("verifyTokenCert: no id-pe-acmeIdentifier extension found")
 	}
 
 	// ACME CA server stub
@@ -300,8 +525,8 @@ func startACMEServerStub(t *testing.T, man *Manager, domain string) (url string,
 			if err := authzTmpl.Execute(w, ca.URL); err != nil {
 				t.Errorf("authzTmpl: %v", err)
 			}
-		// accept tls-sni-02 challenge
-		case "/challenge/2":
+		// accept tls-alpn-01 challenge
+		case "/challenge/tls-alpn-01":
 			verifyTokenCert()
 			w.Write([]byte("{}"))
 		// authorization status
@@ -351,8 +576,7 @@ func startACMEServerStub(t *testing.T, man *Manager, domain string) (url string,
 			tick := time.NewTicker(100 * time.Millisecond)
 			defer tick.Stop()
 			for {
-				hello := &tls.ClientHelloInfo{ServerName: tokenCertName}
-				if _, err := man.GetCertificate(hello); err != nil {
+				if _, err := tokenCert(domain); err != nil {
 					return
 				}
 				select {
@@ -376,21 +600,13 @@ func startACMEServerStub(t *testing.T, man *Manager, domain string) (url string,
 // tests man.GetCertificate flow using the provided hello argument.
 // The domain argument is the expected domain name of a certificate request.
 func testGetCertificate(t *testing.T, man *Manager, domain string, hello *tls.ClientHelloInfo) {
-	url, finish := startACMEServerStub(t, man, domain)
+	url, finish := startACMEServerStub(t, tokenCertFn(man, algECDSA), domain)
 	defer finish()
-
-	// use EC key to run faster on 386
-	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	if err != nil {
-		t.Fatal(err)
-	}
-	man.Client = &acme.Client{
-		Key:          key,
-		DirectoryURL: url,
-	}
+	man.Client = &acme.Client{DirectoryURL: url}
 
 	// simulate tls.Config.GetCertificate
 	var tlscert *tls.Certificate
+	var err error
 	done := make(chan struct{})
 	go func() {
 		tlscert, err = man.GetCertificate(hello)
@@ -419,8 +635,250 @@ func testGetCertificate(t *testing.T, man *Manager, domain string, hello *tls.Cl
 
 }
 
+func TestVerifyHTTP01(t *testing.T) {
+	var (
+		http01 http.Handler
+
+		authzCount      int // num. of created authorizations
+		didAcceptHTTP01 bool
+	)
+
+	verifyHTTPToken := func() {
+		r := httptest.NewRequest("GET", "/.well-known/acme-challenge/token-http-01", nil)
+		w := httptest.NewRecorder()
+		http01.ServeHTTP(w, r)
+		if w.Code != http.StatusOK {
+			t.Errorf("http token: w.Code = %d; want %d", w.Code, http.StatusOK)
+		}
+		if v := w.Body.String(); !strings.HasPrefix(v, "token-http-01.") {
+			t.Errorf("http token value = %q; want 'token-http-01.' prefix", v)
+		}
+	}
+
+	// ACME CA server stub, only the needed bits.
+	// TODO: Replace this with x/crypto/acme/autocert/internal/acmetest.
+	var ca *httptest.Server
+	ca = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Replay-Nonce", "nonce")
+		if r.Method == "HEAD" {
+			// a nonce request
+			return
+		}
+
+		switch r.URL.Path {
+		// Discovery.
+		case "/":
+			if err := discoTmpl.Execute(w, ca.URL); err != nil {
+				t.Errorf("discoTmpl: %v", err)
+			}
+		// Client key registration.
+		case "/new-reg":
+			w.Write([]byte("{}"))
+		// New domain authorization.
+		case "/new-authz":
+			authzCount++
+			w.Header().Set("Location", fmt.Sprintf("%s/authz/%d", ca.URL, authzCount))
+			w.WriteHeader(http.StatusCreated)
+			if err := authzTmpl.Execute(w, ca.URL); err != nil {
+				t.Errorf("authzTmpl: %v", err)
+			}
+		// Reject tls-alpn-01.
+		case "/challenge/tls-alpn-01":
+			http.Error(w, "won't accept tls-sni-01", http.StatusBadRequest)
+		// Should not accept dns-01.
+		case "/challenge/dns-01":
+			t.Errorf("dns-01 challenge was accepted")
+			http.Error(w, "won't accept dns-01", http.StatusBadRequest)
+		// Accept http-01.
+		case "/challenge/http-01":
+			didAcceptHTTP01 = true
+			verifyHTTPToken()
+			w.Write([]byte("{}"))
+		// Authorization statuses.
+		case "/authz/1": // tls-alpn-01
+			w.Write([]byte(`{"status": "invalid"}`))
+		case "/authz/2": // http-01
+			w.Write([]byte(`{"status": "valid"}`))
+		default:
+			http.NotFound(w, r)
+			t.Errorf("unrecognized r.URL.Path: %s", r.URL.Path)
+		}
+	}))
+	defer ca.Close()
+
+	m := &Manager{
+		Client: &acme.Client{
+			DirectoryURL: ca.URL,
+		},
+	}
+	http01 = m.HTTPHandler(nil)
+	ctx := context.Background()
+	client, err := m.acmeClient(ctx)
+	if err != nil {
+		t.Fatalf("m.acmeClient: %v", err)
+	}
+	if err := m.verify(ctx, client, "example.org"); err != nil {
+		t.Errorf("m.verify: %v", err)
+	}
+	// Only tls-alpn-01 and http-01 must be accepted.
+	// The dns-01 challenge is unsupported.
+	if authzCount != 2 {
+		t.Errorf("authzCount = %d; want 2", authzCount)
+	}
+	if !didAcceptHTTP01 {
+		t.Error("did not accept http-01 challenge")
+	}
+}
+
+func TestRevokeFailedAuthz(t *testing.T) {
+	// Prefill authorization URIs expected to be revoked.
+	// The challenges are selected in a specific order,
+	// each tried within a newly created authorization.
+	// This means each authorization URI corresponds to a different challenge type.
+	revokedAuthz := map[string]bool{
+		"/authz/0": false, // tls-alpn-01
+		"/authz/1": false, // http-01
+		"/authz/2": false, // no viable challenge, but authz is created
+	}
+
+	var authzCount int          // num. of created authorizations
+	var revokeCount int         // num. of revoked authorizations
+	done := make(chan struct{}) // closed when revokeCount is 3
+
+	// ACME CA server stub, only the needed bits.
+	// TODO: Replace this with x/crypto/acme/autocert/internal/acmetest.
+	var ca *httptest.Server
+	ca = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Replay-Nonce", "nonce")
+		if r.Method == "HEAD" {
+			// a nonce request
+			return
+		}
+
+		switch r.URL.Path {
+		// Discovery.
+		case "/":
+			if err := discoTmpl.Execute(w, ca.URL); err != nil {
+				t.Errorf("discoTmpl: %v", err)
+			}
+		// Client key registration.
+		case "/new-reg":
+			w.Write([]byte("{}"))
+		// New domain authorization.
+		case "/new-authz":
+			w.Header().Set("Location", fmt.Sprintf("%s/authz/%d", ca.URL, authzCount))
+			w.WriteHeader(http.StatusCreated)
+			if err := authzTmpl.Execute(w, ca.URL); err != nil {
+				t.Errorf("authzTmpl: %v", err)
+			}
+			authzCount++
+		// tls-alpn-01 challenge "accept" request.
+		case "/challenge/tls-alpn-01":
+			// Refuse.
+			http.Error(w, "won't accept tls-alpn-01 challenge", http.StatusBadRequest)
+		// http-01 challenge "accept" request.
+		case "/challenge/http-01":
+			// Refuse.
+			w.WriteHeader(http.StatusBadRequest)
+			w.Write([]byte(`{"status":"invalid"}`))
+		// Authorization requests.
+		case "/authz/0", "/authz/1", "/authz/2":
+			// Revocation requests.
+			if r.Method == "POST" {
+				var req struct{ Status string }
+				if err := decodePayload(&req, r.Body); err != nil {
+					t.Errorf("%s: decodePayload: %v", r.URL, err)
+				}
+				switch req.Status {
+				case "deactivated":
+					revokedAuthz[r.URL.Path] = true
+					revokeCount++
+					if revokeCount >= 3 {
+						// Last authorization is revoked.
+						defer close(done)
+					}
+				default:
+					t.Errorf("%s: req.Status = %q; want 'deactivated'", r.URL, req.Status)
+				}
+				w.Write([]byte(`{"status": "invalid"}`))
+				return
+			}
+			// Authorization status requests.
+			w.Write([]byte(`{"status":"pending"}`))
+		default:
+			http.NotFound(w, r)
+			t.Errorf("unrecognized r.URL.Path: %s", r.URL.Path)
+		}
+	}))
+	defer ca.Close()
+
+	m := &Manager{
+		Client: &acme.Client{DirectoryURL: ca.URL},
+	}
+	m.HTTPHandler(nil) // enable http-01 challenge type
+	// Should fail and revoke 3 authorizations.
+	// The first 2 are tls-alpn-01 and http-01 challenges.
+	// The third time an authorization is created but no viable challenge is found.
+	// See revokedAuthz above for more explanation.
+	if _, err := m.createCert(context.Background(), exampleCertKey); err == nil {
+		t.Errorf("m.createCert returned nil error")
+	}
+	select {
+	case <-time.After(3 * time.Second):
+		t.Error("revocations took too long")
+	case <-done:
+		// revokeCount is at least 3.
+	}
+	for uri, ok := range revokedAuthz {
+		if !ok {
+			t.Errorf("%q authorization was not revoked", uri)
+		}
+	}
+}
+
+func TestHTTPHandlerDefaultFallback(t *testing.T) {
+	tt := []struct {
+		method, url  string
+		wantCode     int
+		wantLocation string
+	}{
+		{"GET", "http://example.org", 302, "https://example.org/"},
+		{"GET", "http://example.org/foo", 302, "https://example.org/foo"},
+		{"GET", "http://example.org/foo/bar/", 302, "https://example.org/foo/bar/"},
+		{"GET", "http://example.org/?a=b", 302, "https://example.org/?a=b"},
+		{"GET", "http://example.org/foo?a=b", 302, "https://example.org/foo?a=b"},
+		{"GET", "http://example.org:80/foo?a=b", 302, "https://example.org:443/foo?a=b"},
+		{"GET", "http://example.org:80/foo%20bar", 302, "https://example.org:443/foo%20bar"},
+		{"GET", "http://[2602:d1:xxxx::c60a]:1234", 302, "https://[2602:d1:xxxx::c60a]:443/"},
+		{"GET", "http://[2602:d1:xxxx::c60a]", 302, "https://[2602:d1:xxxx::c60a]/"},
+		{"GET", "http://[2602:d1:xxxx::c60a]/foo?a=b", 302, "https://[2602:d1:xxxx::c60a]/foo?a=b"},
+		{"HEAD", "http://example.org", 302, "https://example.org/"},
+		{"HEAD", "http://example.org/foo", 302, "https://example.org/foo"},
+		{"HEAD", "http://example.org/foo/bar/", 302, "https://example.org/foo/bar/"},
+		{"HEAD", "http://example.org/?a=b", 302, "https://example.org/?a=b"},
+		{"HEAD", "http://example.org/foo?a=b", 302, "https://example.org/foo?a=b"},
+		{"POST", "http://example.org", 400, ""},
+		{"PUT", "http://example.org", 400, ""},
+		{"GET", "http://example.org/.well-known/acme-challenge/x", 404, ""},
+	}
+	var m Manager
+	h := m.HTTPHandler(nil)
+	for i, test := range tt {
+		r := httptest.NewRequest(test.method, test.url, nil)
+		w := httptest.NewRecorder()
+		h.ServeHTTP(w, r)
+		if w.Code != test.wantCode {
+			t.Errorf("%d: w.Code = %d; want %d", i, w.Code, test.wantCode)
+			t.Errorf("%d: body: %s", i, w.Body.Bytes())
+		}
+		if v := w.Header().Get("Location"); v != test.wantLocation {
+			t.Errorf("%d: Location = %q; want %q", i, v, test.wantLocation)
+		}
+	}
+}
+
 func TestAccountKeyCache(t *testing.T) {
-	m := Manager{Cache: newMemCache()}
+	m := Manager{Cache: newMemCache(t)}
 	ctx := context.Background()
 	k1, err := m.accountKey(ctx)
 	if err != nil {
@@ -436,47 +894,69 @@ func TestAccountKeyCache(t *testing.T) {
 }
 
 func TestCache(t *testing.T) {
-	privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	ecdsaKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
 		t.Fatal(err)
 	}
-	tmpl := &x509.Certificate{
-		SerialNumber: big.NewInt(1),
-		Subject:      pkix.Name{CommonName: "example.org"},
-		NotAfter:     time.Now().Add(time.Hour),
+	cert, err := dummyCert(ecdsaKey.Public(), exampleDomain)
+	if err != nil {
+		t.Fatal(err)
 	}
-	pub, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &privKey.PublicKey, privKey)
+	ecdsaCert := &tls.Certificate{
+		Certificate: [][]byte{cert},
+		PrivateKey:  ecdsaKey,
+	}
+
+	rsaKey, err := rsa.GenerateKey(rand.Reader, 512)
 	if err != nil {
 		t.Fatal(err)
 	}
-	tlscert := &tls.Certificate{
-		Certificate: [][]byte{pub},
-		PrivateKey:  privKey,
+	cert, err = dummyCert(rsaKey.Public(), exampleDomain)
+	if err != nil {
+		t.Fatal(err)
+	}
+	rsaCert := &tls.Certificate{
+		Certificate: [][]byte{cert},
+		PrivateKey:  rsaKey,
 	}
 
-	man := &Manager{Cache: newMemCache()}
+	man := &Manager{Cache: newMemCache(t)}
 	defer man.stopRenew()
 	ctx := context.Background()
-	if err := man.cachePut(ctx, "example.org", tlscert); err != nil {
+
+	if err := man.cachePut(ctx, exampleCertKey, ecdsaCert); err != nil {
 		t.Fatalf("man.cachePut: %v", err)
 	}
-	res, err := man.cacheGet(ctx, "example.org")
+	if err := man.cachePut(ctx, exampleCertKeyRSA, rsaCert); err != nil {
+		t.Fatalf("man.cachePut: %v", err)
+	}
+
+	res, err := man.cacheGet(ctx, exampleCertKey)
 	if err != nil {
 		t.Fatalf("man.cacheGet: %v", err)
 	}
-	if res == nil {
-		t.Fatal("res is nil")
+	if res == nil || !bytes.Equal(res.Certificate[0], ecdsaCert.Certificate[0]) {
+		t.Errorf("man.cacheGet = %+v; want %+v", res, ecdsaCert)
+	}
+
+	res, err = man.cacheGet(ctx, exampleCertKeyRSA)
+	if err != nil {
+		t.Fatalf("man.cacheGet: %v", err)
+	}
+	if res == nil || !bytes.Equal(res.Certificate[0], rsaCert.Certificate[0]) {
+		t.Errorf("man.cacheGet = %+v; want %+v", res, rsaCert)
 	}
 }
 
 func TestHostWhitelist(t *testing.T) {
-	policy := HostWhitelist("example.com", "example.org", "*.example.net")
+	policy := HostWhitelist("example.com", "EXAMPLE.ORG", "*.example.net", "σςΣ.com")
 	tt := []struct {
 		host  string
 		allow bool
 	}{
 		{"example.com", true},
 		{"example.org", true},
+		{"xn--4xaaa.com", true},
 		{"one.example.com", false},
 		{"two.example.org", false},
 		{"three.example.net", false},
@@ -529,26 +1009,28 @@ func TestValidCert(t *testing.T) {
 	}
 
 	tt := []struct {
-		domain string
-		key    crypto.Signer
-		cert   [][]byte
-		ok     bool
+		ck   certKey
+		key  crypto.Signer
+		cert [][]byte
+		ok   bool
 	}{
-		{"example.org", key1, [][]byte{cert1}, true},
-		{"example.org", key3, [][]byte{cert3}, true},
-		{"example.org", key1, [][]byte{cert1, cert2, cert3}, true},
-		{"example.org", key1, [][]byte{cert1, {1}}, false},
-		{"example.org", key1, [][]byte{{1}}, false},
-		{"example.org", key1, [][]byte{cert2}, false},
-		{"example.org", key2, [][]byte{cert1}, false},
-		{"example.org", key1, [][]byte{cert3}, false},
-		{"example.org", key3, [][]byte{cert1}, false},
-		{"example.net", key1, [][]byte{cert1}, false},
-		{"example.org", key1, [][]byte{early}, false},
-		{"example.org", key1, [][]byte{expired}, false},
+		{certKey{domain: "example.org"}, key1, [][]byte{cert1}, true},
+		{certKey{domain: "example.org", isRSA: true}, key3, [][]byte{cert3}, true},
+		{certKey{domain: "example.org"}, key1, [][]byte{cert1, cert2, cert3}, true},
+		{certKey{domain: "example.org"}, key1, [][]byte{cert1, {1}}, false},
+		{certKey{domain: "example.org"}, key1, [][]byte{{1}}, false},
+		{certKey{domain: "example.org"}, key1, [][]byte{cert2}, false},
+		{certKey{domain: "example.org"}, key2, [][]byte{cert1}, false},
+		{certKey{domain: "example.org"}, key1, [][]byte{cert3}, false},
+		{certKey{domain: "example.org"}, key3, [][]byte{cert1}, false},
+		{certKey{domain: "example.net"}, key1, [][]byte{cert1}, false},
+		{certKey{domain: "example.org"}, key1, [][]byte{early}, false},
+		{certKey{domain: "example.org"}, key1, [][]byte{expired}, false},
+		{certKey{domain: "example.org", isRSA: true}, key1, [][]byte{cert1}, false},
+		{certKey{domain: "example.org"}, key3, [][]byte{cert3}, false},
 	}
 	for i, test := range tt {
-		leaf, err := validCert(test.domain, test.cert, test.key)
+		leaf, err := validCert(test.ck, test.cert, test.key, now)
 		if err != nil && test.ok {
 			t.Errorf("%d: err = %v", i, err)
 		}
@@ -597,10 +1079,154 @@ func TestManagerGetCertificateBogusSNI(t *testing.T) {
 		{"fo.o", "cache.Get of fo.o"},
 	}
 	for _, tt := range tests {
-		_, err := m.GetCertificate(&tls.ClientHelloInfo{ServerName: tt.name})
+		_, err := m.GetCertificate(clientHelloInfo(tt.name, algECDSA))
 		got := fmt.Sprint(err)
 		if got != tt.wantErr {
 			t.Errorf("GetCertificate(SNI = %q) = %q; want %q", tt.name, got, tt.wantErr)
 		}
 	}
 }
+
+func TestCertRequest(t *testing.T) {
+	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	// An extension from RFC7633. Any will do.
+	ext := pkix.Extension{
+		Id:    asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1},
+		Value: []byte("dummy"),
+	}
+	b, err := certRequest(key, "example.org", []pkix.Extension{ext})
+	if err != nil {
+		t.Fatalf("certRequest: %v", err)
+	}
+	r, err := x509.ParseCertificateRequest(b)
+	if err != nil {
+		t.Fatalf("ParseCertificateRequest: %v", err)
+	}
+	var found bool
+	for _, v := range r.Extensions {
+		if v.Id.Equal(ext.Id) {
+			found = true
+			break
+		}
+	}
+	if !found {
+		t.Errorf("want %v in Extensions: %v", ext, r.Extensions)
+	}
+}
+
+func TestSupportsECDSA(t *testing.T) {
+	tests := []struct {
+		CipherSuites     []uint16
+		SignatureSchemes []tls.SignatureScheme
+		SupportedCurves  []tls.CurveID
+		ecdsaOk          bool
+	}{
+		{[]uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		}, nil, nil, false},
+		{[]uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		}, nil, nil, true},
+
+		// SignatureSchemes limits, not extends, CipherSuites
+		{[]uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+		}, []tls.SignatureScheme{
+			tls.PKCS1WithSHA256, tls.ECDSAWithP256AndSHA256,
+		}, nil, false},
+		{[]uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		}, []tls.SignatureScheme{
+			tls.PKCS1WithSHA256,
+		}, nil, false},
+		{[]uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		}, []tls.SignatureScheme{
+			tls.PKCS1WithSHA256, tls.ECDSAWithP256AndSHA256,
+		}, nil, true},
+
+		{[]uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		}, []tls.SignatureScheme{
+			tls.PKCS1WithSHA256, tls.ECDSAWithP256AndSHA256,
+		}, []tls.CurveID{
+			tls.CurveP521,
+		}, false},
+		{[]uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+		}, []tls.SignatureScheme{
+			tls.PKCS1WithSHA256, tls.ECDSAWithP256AndSHA256,
+		}, []tls.CurveID{
+			tls.CurveP256,
+			tls.CurveP521,
+		}, true},
+	}
+	for i, tt := range tests {
+		result := supportsECDSA(&tls.ClientHelloInfo{
+			CipherSuites:     tt.CipherSuites,
+			SignatureSchemes: tt.SignatureSchemes,
+			SupportedCurves:  tt.SupportedCurves,
+		})
+		if result != tt.ecdsaOk {
+			t.Errorf("%d: supportsECDSA = %v; want %v", i, result, tt.ecdsaOk)
+		}
+	}
+}
+
+// TODO: add same end-to-end for http-01 challenge type.
+func TestEndToEnd(t *testing.T) {
+	const domain = "example.org"
+
+	// ACME CA server
+	ca := acmetest.NewCAServer([]string{"tls-alpn-01"}, []string{domain})
+	defer ca.Close()
+
+	// User dummy server.
+	m := &Manager{
+		Prompt: AcceptTOS,
+		Client: &acme.Client{DirectoryURL: ca.URL},
+	}
+	us := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte("OK"))
+	}))
+	us.TLS = &tls.Config{
+		NextProtos: []string{"http/1.1", acme.ALPNProto},
+		GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+			cert, err := m.GetCertificate(hello)
+			if err != nil {
+				t.Errorf("m.GetCertificate: %v", err)
+			}
+			return cert, err
+		},
+	}
+	us.StartTLS()
+	defer us.Close()
+	// In TLS-ALPN challenge verification, CA connects to the domain:443 in question.
+	// Because the domain won't resolve in tests, we need to tell the CA
+	// where to dial to instead.
+	ca.Resolve(domain, strings.TrimPrefix(us.URL, "https://"))
+
+	// A client visiting user dummy server.
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{
+			RootCAs:    ca.Roots,
+			ServerName: domain,
+		},
+	}
+	client := &http.Client{Transport: tr}
+	res, err := client.Get(us.URL)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer res.Body.Close()
+	b, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if v := string(b); v != "OK" {
+		t.Errorf("user server response: %q; want 'OK'", v)
+	}
+}
diff --git a/acme/autocert/cache.go b/acme/autocert/cache.go
index 61a5fd239..03f63022f 100644
--- a/acme/autocert/cache.go
+++ b/acme/autocert/cache.go
@@ -16,10 +16,10 @@ import (
 var ErrCacheMiss = errors.New("acme/autocert: certificate cache miss")
 
 // Cache is used by Manager to store and retrieve previously obtained certificates
-// as opaque data.
+// and other account data as opaque blobs.
 //
-// The key argument of the methods refers to a domain name but need not be an FQDN.
-// Cache implementations should not rely on the key naming pattern.
+// Cache implementations should not rely on the key naming pattern. Keys can
+// include any printable ASCII characters, except the following: \/:*?"<>|
 type Cache interface {
 	// Get returns a certificate data for the specified key.
 	// If there's no such key, Get returns ErrCacheMiss.
@@ -77,6 +77,7 @@ func (d DirCache) Put(ctx context.Context, name string, data []byte) error {
 		if tmp, err = d.writeTempFile(name, data); err != nil {
 			return
 		}
+		defer os.Remove(tmp)
 		select {
 		case <-ctx.Done():
 			// Don't overwrite the file if the context was canceled.
@@ -116,12 +117,17 @@ func (d DirCache) Delete(ctx context.Context, name string) error {
 }
 
 // writeTempFile writes b to a temporary file, closes the file and returns its path.
-func (d DirCache) writeTempFile(prefix string, b []byte) (string, error) {
+func (d DirCache) writeTempFile(prefix string, b []byte) (name string, reterr error) {
 	// TempFile uses 0600 permissions
 	f, err := ioutil.TempFile(string(d), prefix)
 	if err != nil {
 		return "", err
 	}
+	defer func() {
+		if reterr != nil {
+			os.Remove(f.Name())
+		}
+	}()
 	if _, err := f.Write(b); err != nil {
 		f.Close()
 		return "", err
diff --git a/acme/autocert/cache_test.go b/acme/autocert/cache_test.go
index 653b05bed..4d0b16270 100644
--- a/acme/autocert/cache_test.go
+++ b/acme/autocert/cache_test.go
@@ -48,6 +48,15 @@ func TestDirCache(t *testing.T) {
 		t.Error(err)
 	}
 
+	// test put deletes temp file
+	tmp, err := filepath.Glob(name + "?*")
+	if err != nil {
+		t.Error(err)
+	}
+	if tmp != nil {
+		t.Errorf("temp file exists: %s", tmp)
+	}
+
 	// test delete
 	if err := cache.Delete(ctx, "dummy"); err != nil {
 		t.Fatalf("delete: %v", err)
diff --git a/acme/autocert/example_test.go b/acme/autocert/example_test.go
index c6267b8dd..d4225e5c7 100644
--- a/acme/autocert/example_test.go
+++ b/acme/autocert/example_test.go
@@ -5,7 +5,6 @@
 package autocert_test
 
 import (
-	"crypto/tls"
 	"fmt"
 	"log"
 	"net/http"
@@ -22,13 +21,14 @@ func ExampleNewListener() {
 }
 
 func ExampleManager() {
-	m := autocert.Manager{
+	m := &autocert.Manager{
+		Cache:      autocert.DirCache("secret-dir"),
 		Prompt:     autocert.AcceptTOS,
-		HostPolicy: autocert.HostWhitelist("example.org"),
+		HostPolicy: autocert.HostWhitelist("example.org", "www.example.org"),
 	}
 	s := &http.Server{
 		Addr:      ":https",
-		TLSConfig: &tls.Config{GetCertificate: m.GetCertificate},
+		TLSConfig: m.TLSConfig(),
 	}
 	s.ListenAndServeTLS("", "")
 }
diff --git a/acme/autocert/internal/acmetest/ca.go b/acme/autocert/internal/acmetest/ca.go
new file mode 100644
index 000000000..faffd20bc
--- /dev/null
+++ b/acme/autocert/internal/acmetest/ca.go
@@ -0,0 +1,552 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package acmetest provides types for testing acme and autocert packages.
+//
+// TODO: Consider moving this to x/crypto/acme/internal/acmetest for acme tests as well.
+package acmetest
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/base64"
+	"encoding/json"
+	"encoding/pem"
+	"fmt"
+	"io"
+	"log"
+	"math/big"
+	"net/http"
+	"net/http/httptest"
+	"path"
+	"sort"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"golang.org/x/crypto/acme"
+)
+
+// CAServer is a simple test server which implements ACME spec bits needed for testing.
+type CAServer struct {
+	URL   string         // server URL after it has been started
+	Roots *x509.CertPool // CA root certificates; initialized in NewCAServer
+
+	rootKey      crypto.Signer
+	rootCert     []byte // DER encoding
+	rootTemplate *x509.Certificate
+
+	server           *httptest.Server
+	challengeTypes   []string // supported challenge types
+	domainsWhitelist []string // only these domains are valid for issuing, unless empty
+
+	mu             sync.Mutex
+	certCount      int                       // number of issued certs
+	domainAddr     map[string]string         // domain name to addr:port resolution
+	authorizations map[string]*authorization // keyed by domain name
+	orders         []*order                  // index is used as order ID
+	errors         []error                   // encountered client errors
+}
+
+// NewCAServer creates a new ACME test server and starts serving requests.
+// The returned CAServer issues certs signed with the CA roots
+// available in the Roots field.
+//
+// The challengeTypes argument defines the supported ACME challenge types
+// sent to a client in a response for a domain authorization.
+// If domainsWhitelist is non-empty, the certs will be issued only for the specified
+// list of domains. Otherwise, any domain name is allowed.
+func NewCAServer(challengeTypes []string, domainsWhitelist []string) *CAServer {
+	var whitelist []string
+	for _, name := range domainsWhitelist {
+		whitelist = append(whitelist, name)
+	}
+	sort.Strings(whitelist)
+	ca := &CAServer{
+		challengeTypes:   challengeTypes,
+		domainsWhitelist: whitelist,
+		domainAddr:       make(map[string]string),
+		authorizations:   make(map[string]*authorization),
+	}
+
+	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		panic(fmt.Sprintf("ecdsa.GenerateKey: %v", err))
+	}
+	tmpl := &x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject: pkix.Name{
+			Organization: []string{"Test Acme Co"},
+			CommonName:   "Root CA",
+		},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().Add(365 * 24 * time.Hour),
+		KeyUsage:              x509.KeyUsageCertSign,
+		BasicConstraintsValid: true,
+		IsCA:                  true,
+	}
+	der, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &key.PublicKey, key)
+	if err != nil {
+		panic(fmt.Sprintf("x509.CreateCertificate: %v", err))
+	}
+	cert, err := x509.ParseCertificate(der)
+	if err != nil {
+		panic(fmt.Sprintf("x509.ParseCertificate: %v", err))
+	}
+	ca.Roots = x509.NewCertPool()
+	ca.Roots.AddCert(cert)
+	ca.rootKey = key
+	ca.rootCert = der
+	ca.rootTemplate = tmpl
+
+	ca.server = httptest.NewServer(http.HandlerFunc(ca.handle))
+	ca.URL = ca.server.URL
+	return ca
+}
+
+// Close shuts down the server and blocks until all outstanding
+// requests on this server have completed.
+func (ca *CAServer) Close() {
+	ca.server.Close()
+}
+
+func (ca *CAServer) serverURL(format string, arg ...interface{}) string {
+	return ca.server.URL + fmt.Sprintf(format, arg...)
+}
+
+func (ca *CAServer) addr(domain string) (string, error) {
+	ca.mu.Lock()
+	defer ca.mu.Unlock()
+	addr, ok := ca.domainAddr[domain]
+	if !ok {
+		return "", fmt.Errorf("CAServer: no addr resolution for %q", domain)
+	}
+	return addr, nil
+}
+
+func (ca *CAServer) httpErrorf(w http.ResponseWriter, code int, format string, a ...interface{}) {
+	s := fmt.Sprintf(format, a...)
+	log.Println(s)
+	http.Error(w, s, code)
+}
+
+// Resolve adds a domain to address resolution for the ca to dial to
+// when validating challenges for the domain authorization.
+func (ca *CAServer) Resolve(domain, addr string) {
+	ca.mu.Lock()
+	defer ca.mu.Unlock()
+	ca.domainAddr[domain] = addr
+}
+
+type discovery struct {
+	NewNonce string `json:"newNonce"`
+	NewReg   string `json:"newAccount"`
+	NewOrder string `json:"newOrder"`
+	NewAuthz string `json:"newAuthz"`
+}
+
+type challenge struct {
+	URI   string `json:"uri"`
+	Type  string `json:"type"`
+	Token string `json:"token"`
+}
+
+type authorization struct {
+	Status     string      `json:"status"`
+	Challenges []challenge `json:"challenges"`
+
+	domain string
+}
+
+type order struct {
+	Status      string   `json:"status"`
+	AuthzURLs   []string `json:"authorizations"`
+	FinalizeURL string   `json:"finalize"`    // CSR submit URL
+	CertURL     string   `json:"certificate"` // already issued cert
+
+	leaf []byte // issued cert in DER format
+}
+
+func (ca *CAServer) handle(w http.ResponseWriter, r *http.Request) {
+	log.Printf("%s %s", r.Method, r.URL)
+	w.Header().Set("Replay-Nonce", "nonce")
+	// TODO: Verify nonce header for all POST requests.
+
+	switch {
+	default:
+		ca.httpErrorf(w, http.StatusBadRequest, "unrecognized r.URL.Path: %s", r.URL.Path)
+
+	// Discovery request.
+	case r.URL.Path == "/":
+		resp := &discovery{
+			NewNonce: ca.serverURL("/new-nonce"),
+			NewReg:   ca.serverURL("/new-reg"),
+			NewOrder: ca.serverURL("/new-order"),
+			NewAuthz: ca.serverURL("/new-authz"),
+		}
+		if err := json.NewEncoder(w).Encode(resp); err != nil {
+			panic(fmt.Sprintf("discovery response: %v", err))
+		}
+
+	// Nonce requests.
+	case r.URL.Path == "/new-nonce":
+		// Nonce values are always set. Nothing else to do.
+		return
+
+	// Client key registration request.
+	case r.URL.Path == "/new-reg":
+		// TODO: Check the user account key against a ca.accountKeys?
+		w.Header().Set("Location", ca.serverURL("/accounts/1"))
+		w.WriteHeader(http.StatusCreated)
+		w.Write([]byte("{}"))
+
+	// New order request.
+	case r.URL.Path == "/new-order":
+		var req struct {
+			Identifiers []struct{ Value string }
+		}
+		if err := decodePayload(&req, r.Body); err != nil {
+			ca.httpErrorf(w, http.StatusBadRequest, err.Error())
+			return
+		}
+		ca.mu.Lock()
+		defer ca.mu.Unlock()
+		o := &order{Status: acme.StatusPending}
+		for _, id := range req.Identifiers {
+			z := ca.authz(id.Value)
+			o.AuthzURLs = append(o.AuthzURLs, ca.serverURL("/authz/%s", z.domain))
+		}
+		orderID := len(ca.orders)
+		ca.orders = append(ca.orders, o)
+		w.Header().Set("Location", ca.serverURL("/orders/%d", orderID))
+		w.WriteHeader(http.StatusCreated)
+		if err := json.NewEncoder(w).Encode(o); err != nil {
+			panic(err)
+		}
+
+	// Existing order status requests.
+	case strings.HasPrefix(r.URL.Path, "/orders/"):
+		ca.mu.Lock()
+		defer ca.mu.Unlock()
+		o, err := ca.storedOrder(strings.TrimPrefix(r.URL.Path, "/orders/"))
+		if err != nil {
+			ca.httpErrorf(w, http.StatusBadRequest, err.Error())
+			return
+		}
+		if err := json.NewEncoder(w).Encode(o); err != nil {
+			panic(err)
+		}
+
+	// Identifier authorization request.
+	case r.URL.Path == "/new-authz":
+		var req struct {
+			Identifier struct{ Value string }
+		}
+		if err := decodePayload(&req, r.Body); err != nil {
+			ca.httpErrorf(w, http.StatusBadRequest, err.Error())
+			return
+		}
+		ca.mu.Lock()
+		defer ca.mu.Unlock()
+		z := ca.authz(req.Identifier.Value)
+		w.Header().Set("Location", ca.serverURL("/authz/%s", z.domain))
+		w.WriteHeader(http.StatusCreated)
+		if err := json.NewEncoder(w).Encode(z); err != nil {
+			panic(fmt.Sprintf("new authz response: %v", err))
+		}
+
+	// Accept tls-alpn-01 challenge type requests.
+	case strings.HasPrefix(r.URL.Path, "/challenge/tls-alpn-01/"):
+		domain := strings.TrimPrefix(r.URL.Path, "/challenge/tls-alpn-01/")
+		ca.mu.Lock()
+		_, exist := ca.authorizations[domain]
+		ca.mu.Unlock()
+		if !exist {
+			ca.httpErrorf(w, http.StatusBadRequest, "challenge accept: no authz for %q", domain)
+			return
+		}
+		go ca.validateChallenge("tls-alpn-01", domain)
+		w.Write([]byte("{}"))
+
+	// Get authorization status requests.
+	case strings.HasPrefix(r.URL.Path, "/authz/"):
+		domain := strings.TrimPrefix(r.URL.Path, "/authz/")
+		ca.mu.Lock()
+		defer ca.mu.Unlock()
+		authz, ok := ca.authorizations[domain]
+		if !ok {
+			ca.httpErrorf(w, http.StatusNotFound, "no authz for %q", domain)
+			return
+		}
+		if err := json.NewEncoder(w).Encode(authz); err != nil {
+			panic(fmt.Sprintf("get authz for %q response: %v", domain, err))
+		}
+
+	// Certificate issuance request.
+	case strings.HasPrefix(r.URL.Path, "/new-cert/"):
+		ca.mu.Lock()
+		defer ca.mu.Unlock()
+		orderID := strings.TrimPrefix(r.URL.Path, "/new-cert/")
+		o, err := ca.storedOrder(orderID)
+		if err != nil {
+			ca.httpErrorf(w, http.StatusBadRequest, err.Error())
+			return
+		}
+		if o.Status != acme.StatusReady {
+			ca.httpErrorf(w, http.StatusForbidden, "order status: %s", o.Status)
+			return
+		}
+		// Validate CSR request.
+		var req struct {
+			CSR string `json:"csr"`
+		}
+		decodePayload(&req, r.Body)
+		b, _ := base64.RawURLEncoding.DecodeString(req.CSR)
+		csr, err := x509.ParseCertificateRequest(b)
+		if err != nil {
+			ca.httpErrorf(w, http.StatusBadRequest, err.Error())
+			return
+		}
+		names := unique(append(csr.DNSNames, csr.Subject.CommonName))
+		if err := ca.matchWhitelist(names); err != nil {
+			ca.httpErrorf(w, http.StatusUnauthorized, err.Error())
+			return
+		}
+		if err := ca.authorized(names); err != nil {
+			ca.httpErrorf(w, http.StatusUnauthorized, err.Error())
+			return
+		}
+		// Issue the certificate.
+		der, err := ca.leafCert(csr)
+		if err != nil {
+			ca.httpErrorf(w, http.StatusBadRequest, "new-cert response: ca.leafCert: %v", err)
+			return
+		}
+		o.leaf = der
+		o.CertURL = ca.serverURL("/issued-cert/%s", orderID)
+		o.Status = acme.StatusValid
+		if err := json.NewEncoder(w).Encode(o); err != nil {
+			panic(err)
+		}
+
+	// Already issued cert download requests.
+	case strings.HasPrefix(r.URL.Path, "/issued-cert/"):
+		ca.mu.Lock()
+		defer ca.mu.Unlock()
+		o, err := ca.storedOrder(strings.TrimPrefix(r.URL.Path, "/issued-cert/"))
+		if err != nil {
+			ca.httpErrorf(w, http.StatusBadRequest, err.Error())
+			return
+		}
+		if o.Status != acme.StatusValid {
+			ca.httpErrorf(w, http.StatusForbidden, "order status: %s", o.Status)
+			return
+		}
+		w.Header().Set("Content-Type", "application/pem-certificate-chain")
+		pem.Encode(w, &pem.Block{Type: "CERTIFICATE", Bytes: o.leaf})
+		pem.Encode(w, &pem.Block{Type: "CERTIFICATE", Bytes: ca.rootCert})
+	}
+}
+
+// matchWhitelist reports whether all dnsNames are whitelisted.
+// The whitelist is provided in NewCAServer.
+func (ca *CAServer) matchWhitelist(dnsNames []string) error {
+	if len(ca.domainsWhitelist) == 0 {
+		return nil
+	}
+	var nomatch []string
+	for _, name := range dnsNames {
+		i := sort.SearchStrings(ca.domainsWhitelist, name)
+		if i == len(ca.domainsWhitelist) || ca.domainsWhitelist[i] != name {
+			nomatch = append(nomatch, name)
+		}
+	}
+	if len(nomatch) > 0 {
+		return fmt.Errorf("matchWhitelist: some domains don't match: %q", nomatch)
+	}
+	return nil
+}
+
+// storedOrder retrieves a previously created order at index i.
+// It requires ca.mu to be locked.
+func (ca *CAServer) storedOrder(i string) (*order, error) {
+	idx, err := strconv.Atoi(i)
+	if err != nil {
+		return nil, fmt.Errorf("storedOrder: %v", err)
+	}
+	if idx < 0 {
+		return nil, fmt.Errorf("storedOrder: invalid order index %d", idx)
+	}
+	if idx > len(ca.orders)-1 {
+		return nil, fmt.Errorf("storedOrder: no such order %d", idx)
+	}
+	return ca.orders[idx], nil
+}
+
+// authz returns an existing authorization for the identifier or creates a new one.
+// It requires ca.mu to be locked.
+func (ca *CAServer) authz(identifier string) *authorization {
+	authz, ok := ca.authorizations[identifier]
+	if !ok {
+		authz = &authorization{
+			domain: identifier,
+			Status: acme.StatusPending,
+		}
+		for _, typ := range ca.challengeTypes {
+			authz.Challenges = append(authz.Challenges, challenge{
+				Type:  typ,
+				URI:   ca.serverURL("/challenge/%s/%s", typ, authz.domain),
+				Token: challengeToken(authz.domain, typ),
+			})
+		}
+		ca.authorizations[authz.domain] = authz
+	}
+	return authz
+}
+
+// authorized reports whether all authorizations for dnsNames have been satisfied.
+// It requires ca.mu to be locked.
+func (ca *CAServer) authorized(dnsNames []string) error {
+	var noauthz []string
+	for _, name := range dnsNames {
+		authz, ok := ca.authorizations[name]
+		if !ok || authz.Status != acme.StatusValid {
+			noauthz = append(noauthz, name)
+		}
+	}
+	if len(noauthz) > 0 {
+		return fmt.Errorf("CAServer: no authz for %q", noauthz)
+	}
+	return nil
+}
+
+// leafCert issues a new certificate.
+// It requires ca.mu to be locked.
+func (ca *CAServer) leafCert(csr *x509.CertificateRequest) (der []byte, err error) {
+	ca.certCount++ // next leaf cert serial number
+	leaf := &x509.Certificate{
+		SerialNumber:          big.NewInt(int64(ca.certCount)),
+		Subject:               pkix.Name{Organization: []string{"Test Acme Co"}},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().Add(90 * 24 * time.Hour),
+		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		DNSNames:              csr.DNSNames,
+		BasicConstraintsValid: true,
+	}
+	if len(csr.DNSNames) == 0 {
+		leaf.DNSNames = []string{csr.Subject.CommonName}
+	}
+	return x509.CreateCertificate(rand.Reader, leaf, ca.rootTemplate, csr.PublicKey, ca.rootKey)
+}
+
+// TODO: Only tls-alpn-01 is currently supported: implement http-01 and dns-01.
+func (ca *CAServer) validateChallenge(typ, identifier string) {
+	var err error
+	switch typ {
+	case "tls-alpn-01":
+		err = ca.verifyALPNChallenge(identifier)
+	default:
+		panic(fmt.Sprintf("validation of %q is not implemented", typ))
+	}
+	ca.mu.Lock()
+	defer ca.mu.Unlock()
+	authz := ca.authorizations[identifier]
+	if err != nil {
+		authz.Status = "invalid"
+	} else {
+		authz.Status = "valid"
+	}
+	log.Printf("validated %q for %q; authz status is now: %s", typ, identifier, authz.Status)
+	// Update all pending orders.
+	// An order becomes "ready" if all authorizations are "valid".
+	// An order becomes "invalid" if any authorization is "invalid".
+	// Status changes: https://tools.ietf.org/html/rfc8555#section-7.1.6
+OrdersLoop:
+	for i, o := range ca.orders {
+		if o.Status != acme.StatusPending {
+			continue
+		}
+		var countValid int
+		for _, zurl := range o.AuthzURLs {
+			z, ok := ca.authorizations[path.Base(zurl)]
+			if !ok {
+				log.Printf("no authz %q for order %d", zurl, i)
+				continue OrdersLoop
+			}
+			if z.Status == acme.StatusInvalid {
+				o.Status = acme.StatusInvalid
+				log.Printf("order %d is now invalid", i)
+				continue OrdersLoop
+			}
+			if z.Status == acme.StatusValid {
+				countValid++
+			}
+		}
+		if countValid == len(o.AuthzURLs) {
+			o.Status = acme.StatusReady
+			o.FinalizeURL = ca.serverURL("/new-cert/%d", i)
+			log.Printf("order %d is now ready", i)
+		}
+	}
+}
+
+func (ca *CAServer) verifyALPNChallenge(domain string) error {
+	const acmeALPNProto = "acme-tls/1"
+
+	addr, err := ca.addr(domain)
+	if err != nil {
+		return err
+	}
+	conn, err := tls.Dial("tcp", addr, &tls.Config{
+		ServerName:         domain,
+		InsecureSkipVerify: true,
+		NextProtos:         []string{acmeALPNProto},
+	})
+	if err != nil {
+		return err
+	}
+	if v := conn.ConnectionState().NegotiatedProtocol; v != acmeALPNProto {
+		return fmt.Errorf("CAServer: verifyALPNChallenge: negotiated proto is %q; want %q", v, acmeALPNProto)
+	}
+	if n := len(conn.ConnectionState().PeerCertificates); n != 1 {
+		return fmt.Errorf("len(PeerCertificates) = %d; want 1", n)
+	}
+	// TODO: verify conn.ConnectionState().PeerCertificates[0]
+	return nil
+}
+
+func decodePayload(v interface{}, r io.Reader) error {
+	var req struct{ Payload string }
+	if err := json.NewDecoder(r).Decode(&req); err != nil {
+		return err
+	}
+	payload, err := base64.RawURLEncoding.DecodeString(req.Payload)
+	if err != nil {
+		return err
+	}
+	return json.Unmarshal(payload, v)
+}
+
+func challengeToken(domain, challType string) string {
+	return fmt.Sprintf("token-%s-%s", domain, challType)
+}
+
+func unique(a []string) []string {
+	seen := make(map[string]bool)
+	var res []string
+	for _, s := range a {
+		if s != "" && !seen[s] {
+			seen[s] = true
+			res = append(res, s)
+		}
+	}
+	return res
+}
diff --git a/acme/autocert/listener.go b/acme/autocert/listener.go
index d744df0ed..cb4860973 100644
--- a/acme/autocert/listener.go
+++ b/acme/autocert/listener.go
@@ -72,18 +72,13 @@ func NewListener(domains ...string) net.Listener {
 // the Manager m's Prompt, Cache, HostPolicy, and other desired options.
 func (m *Manager) Listener() net.Listener {
 	ln := &listener{
-		m: m,
-		conf: &tls.Config{
-			GetCertificate: m.GetCertificate,           // bonus: panic on nil m
-			NextProtos:     []string{"h2", "http/1.1"}, // Enable HTTP/2
-		},
+		conf: m.TLSConfig(),
 	}
 	ln.tcpListener, ln.tcpListenErr = net.Listen("tcp", ":443")
 	return ln
 }
 
 type listener struct {
-	m    *Manager
 	conf *tls.Config
 
 	tcpListener  net.Listener
diff --git a/acme/autocert/renewal.go b/acme/autocert/renewal.go
index 6c5da2bc8..665f870dc 100644
--- a/acme/autocert/renewal.go
+++ b/acme/autocert/renewal.go
@@ -17,9 +17,9 @@ const renewJitter = time.Hour
 // domainRenewal tracks the state used by the periodic timers
 // renewing a single domain's cert.
 type domainRenewal struct {
-	m      *Manager
-	domain string
-	key    crypto.Signer
+	m   *Manager
+	ck  certKey
+	key crypto.Signer
 
 	timerMu sync.Mutex
 	timer   *time.Timer
@@ -71,25 +71,43 @@ func (dr *domainRenewal) renew() {
 	testDidRenewLoop(next, err)
 }
 
+// updateState locks and replaces the relevant Manager.state item with the given
+// state. It additionally updates dr.key with the given state's key.
+func (dr *domainRenewal) updateState(state *certState) {
+	dr.m.stateMu.Lock()
+	defer dr.m.stateMu.Unlock()
+	dr.key = state.key
+	dr.m.state[dr.ck] = state
+}
+
 // do is similar to Manager.createCert but it doesn't lock a Manager.state item.
 // Instead, it requests a new certificate independently and, upon success,
 // replaces dr.m.state item with a new one and updates cache for the given domain.
 //
-// It may return immediately if the expiration date of the currently cached cert
-// is far enough in the future.
+// It may lock and update the Manager.state if the expiration date of the currently
+// cached cert is far enough in the future.
 //
 // The returned value is a time interval after which the renewal should occur again.
 func (dr *domainRenewal) do(ctx context.Context) (time.Duration, error) {
 	// a race is likely unavoidable in a distributed environment
 	// but we try nonetheless
-	if tlscert, err := dr.m.cacheGet(ctx, dr.domain); err == nil {
+	if tlscert, err := dr.m.cacheGet(ctx, dr.ck); err == nil {
 		next := dr.next(tlscert.Leaf.NotAfter)
 		if next > dr.m.renewBefore()+renewJitter {
-			return next, nil
+			signer, ok := tlscert.PrivateKey.(crypto.Signer)
+			if ok {
+				state := &certState{
+					key:  signer,
+					cert: tlscert.Certificate,
+					leaf: tlscert.Leaf,
+				}
+				dr.updateState(state)
+				return next, nil
+			}
 		}
 	}
 
-	der, leaf, err := dr.m.authorizedCert(ctx, dr.key, dr.domain)
+	der, leaf, err := dr.m.authorizedCert(ctx, dr.key, dr.ck)
 	if err != nil {
 		return 0, err
 	}
@@ -102,16 +120,15 @@ func (dr *domainRenewal) do(ctx context.Context) (time.Duration, error) {
 	if err != nil {
 		return 0, err
 	}
-	dr.m.cachePut(ctx, dr.domain, tlscert)
-	dr.m.stateMu.Lock()
-	defer dr.m.stateMu.Unlock()
-	// m.state is guaranteed to be non-nil at this point
-	dr.m.state[dr.domain] = state
+	if err := dr.m.cachePut(ctx, dr.ck, tlscert); err != nil {
+		return 0, err
+	}
+	dr.updateState(state)
 	return dr.next(leaf.NotAfter), nil
 }
 
 func (dr *domainRenewal) next(expiry time.Time) time.Duration {
-	d := expiry.Sub(timeNow()) - dr.m.renewBefore()
+	d := expiry.Sub(dr.m.now()) - dr.m.renewBefore()
 	// add a bit of randomness to renew deadline
 	n := pseudoRand.int63n(int64(renewJitter))
 	d -= time.Duration(n)
diff --git a/acme/autocert/renewal_test.go b/acme/autocert/renewal_test.go
index 11d40ff5d..d13d19041 100644
--- a/acme/autocert/renewal_test.go
+++ b/acme/autocert/renewal_test.go
@@ -23,10 +23,10 @@ import (
 
 func TestRenewalNext(t *testing.T) {
 	now := time.Now()
-	timeNow = func() time.Time { return now }
-	defer func() { timeNow = time.Now }()
-
-	man := &Manager{RenewBefore: 7 * 24 * time.Hour}
+	man := &Manager{
+		RenewBefore: 7 * 24 * time.Hour,
+		nowFunc:     func() time.Time { return now },
+	}
 	defer man.stopRenew()
 	tt := []struct {
 		expiry   time.Time
@@ -48,8 +48,6 @@ func TestRenewalNext(t *testing.T) {
 }
 
 func TestRenewFromCache(t *testing.T) {
-	const domain = "example.org"
-
 	// ACME CA server stub
 	var ca *httptest.Server
 	ca = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -73,6 +71,9 @@ func TestRenewFromCache(t *testing.T) {
 			w.Header().Set("Location", ca.URL+"/authz/1")
 			w.WriteHeader(http.StatusCreated)
 			w.Write([]byte(`{"status": "valid"}`))
+		// authorization status request done by Manager's revokePendingAuthz.
+		case "/authz/1":
+			w.Write([]byte(`{"status": "valid"}`))
 		// cert request
 		case "/new-cert":
 			var req struct {
@@ -84,7 +85,7 @@ func TestRenewFromCache(t *testing.T) {
 			if err != nil {
 				t.Fatalf("new-cert: CSR: %v", err)
 			}
-			der, err := dummyCert(csr.PublicKey, domain)
+			der, err := dummyCert(csr.PublicKey, exampleDomain)
 			if err != nil {
 				t.Fatalf("new-cert: dummyCert: %v", err)
 			}
@@ -105,30 +106,28 @@ func TestRenewFromCache(t *testing.T) {
 	}))
 	defer ca.Close()
 
-	// use EC key to run faster on 386
-	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	if err != nil {
-		t.Fatal(err)
-	}
 	man := &Manager{
 		Prompt:      AcceptTOS,
-		Cache:       newMemCache(),
+		Cache:       newMemCache(t),
 		RenewBefore: 24 * time.Hour,
 		Client: &acme.Client{
-			Key:          key,
 			DirectoryURL: ca.URL,
 		},
 	}
 	defer man.stopRenew()
 
 	// cache an almost expired cert
+	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
 	now := time.Now()
-	cert, err := dateDummyCert(key.Public(), now.Add(-2*time.Hour), now.Add(time.Minute), domain)
+	cert, err := dateDummyCert(key.Public(), now.Add(-2*time.Hour), now.Add(time.Minute), exampleDomain)
 	if err != nil {
 		t.Fatal(err)
 	}
 	tlscert := &tls.Certificate{PrivateKey: key, Certificate: [][]byte{cert}}
-	if err := man.cachePut(context.Background(), domain, tlscert); err != nil {
+	if err := man.cachePut(context.Background(), exampleCertKey, tlscert); err != nil {
 		t.Fatal(err)
 	}
 
@@ -152,7 +151,7 @@ func TestRenewFromCache(t *testing.T) {
 
 		// ensure the new cert is cached
 		after := time.Now().Add(future)
-		tlscert, err := man.cacheGet(context.Background(), domain)
+		tlscert, err := man.cacheGet(context.Background(), exampleCertKey)
 		if err != nil {
 			t.Fatalf("man.cacheGet: %v", err)
 		}
@@ -163,9 +162,9 @@ func TestRenewFromCache(t *testing.T) {
 		// verify the old cert is also replaced in memory
 		man.stateMu.Lock()
 		defer man.stateMu.Unlock()
-		s := man.state[domain]
+		s := man.state[exampleCertKey]
 		if s == nil {
-			t.Fatalf("m.state[%q] is nil", domain)
+			t.Fatalf("m.state[%q] is nil", exampleCertKey)
 		}
 		tlscert, err = s.tlscert()
 		if err != nil {
@@ -177,7 +176,7 @@ func TestRenewFromCache(t *testing.T) {
 	}
 
 	// trigger renew
-	hello := &tls.ClientHelloInfo{ServerName: domain}
+	hello := clientHelloInfo(exampleDomain, algECDSA)
 	if _, err := man.GetCertificate(hello); err != nil {
 		t.Fatal(err)
 	}
@@ -189,3 +188,145 @@ func TestRenewFromCache(t *testing.T) {
 	case <-done:
 	}
 }
+
+func TestRenewFromCacheAlreadyRenewed(t *testing.T) {
+	man := &Manager{
+		Prompt:      AcceptTOS,
+		Cache:       newMemCache(t),
+		RenewBefore: 24 * time.Hour,
+		Client: &acme.Client{
+			DirectoryURL: "invalid",
+		},
+	}
+	defer man.stopRenew()
+
+	// cache a recently renewed cert with a different private key
+	newKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	now := time.Now()
+	newCert, err := dateDummyCert(newKey.Public(), now.Add(-2*time.Hour), now.Add(time.Hour*24*90), exampleDomain)
+	if err != nil {
+		t.Fatal(err)
+	}
+	newLeaf, err := validCert(exampleCertKey, [][]byte{newCert}, newKey, now)
+	if err != nil {
+		t.Fatal(err)
+	}
+	newTLSCert := &tls.Certificate{PrivateKey: newKey, Certificate: [][]byte{newCert}, Leaf: newLeaf}
+	if err := man.cachePut(context.Background(), exampleCertKey, newTLSCert); err != nil {
+		t.Fatal(err)
+	}
+
+	// set internal state to an almost expired cert
+	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		t.Fatal(err)
+	}
+	oldCert, err := dateDummyCert(key.Public(), now.Add(-2*time.Hour), now.Add(time.Minute), exampleDomain)
+	if err != nil {
+		t.Fatal(err)
+	}
+	oldLeaf, err := validCert(exampleCertKey, [][]byte{oldCert}, key, now)
+	if err != nil {
+		t.Fatal(err)
+	}
+	man.stateMu.Lock()
+	if man.state == nil {
+		man.state = make(map[certKey]*certState)
+	}
+	s := &certState{
+		key:  key,
+		cert: [][]byte{oldCert},
+		leaf: oldLeaf,
+	}
+	man.state[exampleCertKey] = s
+	man.stateMu.Unlock()
+
+	// veriy the renewal accepted the newer cached cert
+	defer func() {
+		testDidRenewLoop = func(next time.Duration, err error) {}
+	}()
+	done := make(chan struct{})
+	testDidRenewLoop = func(next time.Duration, err error) {
+		defer close(done)
+		if err != nil {
+			t.Errorf("testDidRenewLoop: %v", err)
+		}
+		// Next should be about 90 days
+		// Previous expiration was within 1 min.
+		future := 88 * 24 * time.Hour
+		if next < future {
+			t.Errorf("testDidRenewLoop: next = %v; want >= %v", next, future)
+		}
+
+		// ensure the cached cert was not modified
+		tlscert, err := man.cacheGet(context.Background(), exampleCertKey)
+		if err != nil {
+			t.Fatalf("man.cacheGet: %v", err)
+		}
+		if !tlscert.Leaf.NotAfter.Equal(newLeaf.NotAfter) {
+			t.Errorf("cache leaf.NotAfter = %v; want == %v", tlscert.Leaf.NotAfter, newLeaf.NotAfter)
+		}
+
+		// verify the old cert is also replaced in memory
+		man.stateMu.Lock()
+		defer man.stateMu.Unlock()
+		s := man.state[exampleCertKey]
+		if s == nil {
+			t.Fatalf("m.state[%q] is nil", exampleCertKey)
+		}
+		stateKey := s.key.Public().(*ecdsa.PublicKey)
+		if stateKey.X.Cmp(newKey.X) != 0 || stateKey.Y.Cmp(newKey.Y) != 0 {
+			t.Fatalf("state key was not updated from cache x: %v y: %v; want x: %v y: %v", stateKey.X, stateKey.Y, newKey.X, newKey.Y)
+		}
+		tlscert, err = s.tlscert()
+		if err != nil {
+			t.Fatalf("s.tlscert: %v", err)
+		}
+		if !tlscert.Leaf.NotAfter.Equal(newLeaf.NotAfter) {
+			t.Errorf("state leaf.NotAfter = %v; want == %v", tlscert.Leaf.NotAfter, newLeaf.NotAfter)
+		}
+
+		// verify the private key is replaced in the renewal state
+		r := man.renewal[exampleCertKey]
+		if r == nil {
+			t.Fatalf("m.renewal[%q] is nil", exampleCertKey)
+		}
+		renewalKey := r.key.Public().(*ecdsa.PublicKey)
+		if renewalKey.X.Cmp(newKey.X) != 0 || renewalKey.Y.Cmp(newKey.Y) != 0 {
+			t.Fatalf("renewal private key was not updated from cache x: %v y: %v; want x: %v y: %v", renewalKey.X, renewalKey.Y, newKey.X, newKey.Y)
+		}
+
+	}
+
+	// assert the expiring cert is returned from state
+	hello := clientHelloInfo(exampleDomain, algECDSA)
+	tlscert, err := man.GetCertificate(hello)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !oldLeaf.NotAfter.Equal(tlscert.Leaf.NotAfter) {
+		t.Errorf("state leaf.NotAfter = %v; want == %v", tlscert.Leaf.NotAfter, oldLeaf.NotAfter)
+	}
+
+	// trigger renew
+	go man.renew(exampleCertKey, s.key, s.leaf.NotAfter)
+
+	// wait for renew loop
+	select {
+	case <-time.After(10 * time.Second):
+		t.Fatal("renew took too long to occur")
+	case <-done:
+		// assert the new cert is returned from state after renew
+		hello := clientHelloInfo(exampleDomain, algECDSA)
+		tlscert, err := man.GetCertificate(hello)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !newTLSCert.Leaf.NotAfter.Equal(tlscert.Leaf.NotAfter) {
+			t.Errorf("state leaf.NotAfter = %v; want == %v", tlscert.Leaf.NotAfter, newTLSCert.Leaf.NotAfter)
+		}
+	}
+}
diff --git a/acme/http.go b/acme/http.go
new file mode 100644
index 000000000..2b4c1a10d
--- /dev/null
+++ b/acme/http.go
@@ -0,0 +1,325 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package acme
+
+import (
+	"bytes"
+	"context"
+	"crypto"
+	"crypto/rand"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"math/big"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+)
+
+// retryTimer encapsulates common logic for retrying unsuccessful requests.
+// It is not safe for concurrent use.
+type retryTimer struct {
+	// backoffFn provides backoff delay sequence for retries.
+	// See Client.RetryBackoff doc comment.
+	backoffFn func(n int, r *http.Request, res *http.Response) time.Duration
+	// n is the current retry attempt.
+	n int
+}
+
+func (t *retryTimer) inc() {
+	t.n++
+}
+
+// backoff pauses the current goroutine as described in Client.RetryBackoff.
+func (t *retryTimer) backoff(ctx context.Context, r *http.Request, res *http.Response) error {
+	d := t.backoffFn(t.n, r, res)
+	if d <= 0 {
+		return fmt.Errorf("acme: no more retries for %s; tried %d time(s)", r.URL, t.n)
+	}
+	wakeup := time.NewTimer(d)
+	defer wakeup.Stop()
+	select {
+	case <-ctx.Done():
+		return ctx.Err()
+	case <-wakeup.C:
+		return nil
+	}
+}
+
+func (c *Client) retryTimer() *retryTimer {
+	f := c.RetryBackoff
+	if f == nil {
+		f = defaultBackoff
+	}
+	return &retryTimer{backoffFn: f}
+}
+
+// defaultBackoff provides default Client.RetryBackoff implementation
+// using a truncated exponential backoff algorithm,
+// as described in Client.RetryBackoff.
+//
+// The n argument is always bounded between 1 and 30.
+// The returned value is always greater than 0.
+func defaultBackoff(n int, r *http.Request, res *http.Response) time.Duration {
+	const max = 10 * time.Second
+	var jitter time.Duration
+	if x, err := rand.Int(rand.Reader, big.NewInt(1000)); err == nil {
+		// Set the minimum to 1ms to avoid a case where
+		// an invalid Retry-After value is parsed into 0 below,
+		// resulting in the 0 returned value which would unintentionally
+		// stop the retries.
+		jitter = (1 + time.Duration(x.Int64())) * time.Millisecond
+	}
+	if v, ok := res.Header["Retry-After"]; ok {
+		return retryAfter(v[0]) + jitter
+	}
+
+	if n < 1 {
+		n = 1
+	}
+	if n > 30 {
+		n = 30
+	}
+	d := time.Duration(1<<uint(n-1))*time.Second + jitter
+	if d > max {
+		return max
+	}
+	return d
+}
+
+// retryAfter parses a Retry-After HTTP header value,
+// trying to convert v into an int (seconds) or use http.ParseTime otherwise.
+// It returns zero value if v cannot be parsed.
+func retryAfter(v string) time.Duration {
+	if i, err := strconv.Atoi(v); err == nil {
+		return time.Duration(i) * time.Second
+	}
+	t, err := http.ParseTime(v)
+	if err != nil {
+		return 0
+	}
+	return t.Sub(timeNow())
+}
+
+// resOkay is a function that reports whether the provided response is okay.
+// It is expected to keep the response body unread.
+type resOkay func(*http.Response) bool
+
+// wantStatus returns a function which reports whether the code
+// matches the status code of a response.
+func wantStatus(codes ...int) resOkay {
+	return func(res *http.Response) bool {
+		for _, code := range codes {
+			if code == res.StatusCode {
+				return true
+			}
+		}
+		return false
+	}
+}
+
+// get issues an unsigned GET request to the specified URL.
+// It returns a non-error value only when ok reports true.
+//
+// get retries unsuccessful attempts according to c.RetryBackoff
+// until the context is done or a non-retriable error is received.
+func (c *Client) get(ctx context.Context, url string, ok resOkay) (*http.Response, error) {
+	retry := c.retryTimer()
+	for {
+		req, err := http.NewRequest("GET", url, nil)
+		if err != nil {
+			return nil, err
+		}
+		res, err := c.doNoRetry(ctx, req)
+		switch {
+		case err != nil:
+			return nil, err
+		case ok(res):
+			return res, nil
+		case isRetriable(res.StatusCode):
+			retry.inc()
+			resErr := responseError(res)
+			res.Body.Close()
+			// Ignore the error value from retry.backoff
+			// and return the one from last retry, as received from the CA.
+			if retry.backoff(ctx, req, res) != nil {
+				return nil, resErr
+			}
+		default:
+			defer res.Body.Close()
+			return nil, responseError(res)
+		}
+	}
+}
+
+// postAsGet is POST-as-GET, a replacement for GET in RFC8555
+// as described in https://tools.ietf.org/html/rfc8555#section-6.3.
+// It makes a POST request in KID form with zero JWS payload.
+// See nopayload doc comments in jws.go.
+func (c *Client) postAsGet(ctx context.Context, url string, ok resOkay) (*http.Response, error) {
+	return c.post(ctx, nil, url, noPayload, ok)
+}
+
+// post issues a signed POST request in JWS format using the provided key
+// to the specified URL. If key is nil, c.Key is used instead.
+// It returns a non-error value only when ok reports true.
+//
+// post retries unsuccessful attempts according to c.RetryBackoff
+// until the context is done or a non-retriable error is received.
+// It uses postNoRetry to make individual requests.
+func (c *Client) post(ctx context.Context, key crypto.Signer, url string, body interface{}, ok resOkay) (*http.Response, error) {
+	retry := c.retryTimer()
+	for {
+		res, req, err := c.postNoRetry(ctx, key, url, body)
+		if err != nil {
+			return nil, err
+		}
+		if ok(res) {
+			return res, nil
+		}
+		resErr := responseError(res)
+		res.Body.Close()
+		switch {
+		// Check for bad nonce before isRetriable because it may have been returned
+		// with an unretriable response code such as 400 Bad Request.
+		case isBadNonce(resErr):
+			// Consider any previously stored nonce values to be invalid.
+			c.clearNonces()
+		case !isRetriable(res.StatusCode):
+			return nil, resErr
+		}
+		retry.inc()
+		// Ignore the error value from retry.backoff
+		// and return the one from last retry, as received from the CA.
+		if err := retry.backoff(ctx, req, res); err != nil {
+			return nil, resErr
+		}
+	}
+}
+
+// postNoRetry signs the body with the given key and POSTs it to the provided url.
+// It is used by c.post to retry unsuccessful attempts.
+// The body argument must be JSON-serializable.
+//
+// If key argument is nil, c.Key is used to sign the request.
+// If key argument is nil and c.accountKID returns a non-zero keyID,
+// the request is sent in KID form. Otherwise, JWK form is used.
+//
+// In practice, when interfacing with RFC-compliant CAs most requests are sent in KID form
+// and JWK is used only when KID is unavailable: new account endpoint and certificate
+// revocation requests authenticated by a cert key.
+// See jwsEncodeJSON for other details.
+func (c *Client) postNoRetry(ctx context.Context, key crypto.Signer, url string, body interface{}) (*http.Response, *http.Request, error) {
+	kid := noKeyID
+	if key == nil {
+		if c.Key == nil {
+			return nil, nil, errors.New("acme: Client.Key must be populated to make POST requests")
+		}
+		key = c.Key
+		kid = c.accountKID(ctx)
+	}
+	nonce, err := c.popNonce(ctx, url)
+	if err != nil {
+		return nil, nil, err
+	}
+	b, err := jwsEncodeJSON(body, key, kid, nonce, url)
+	if err != nil {
+		return nil, nil, err
+	}
+	req, err := http.NewRequest("POST", url, bytes.NewReader(b))
+	if err != nil {
+		return nil, nil, err
+	}
+	req.Header.Set("Content-Type", "application/jose+json")
+	res, err := c.doNoRetry(ctx, req)
+	if err != nil {
+		return nil, nil, err
+	}
+	c.addNonce(res.Header)
+	return res, req, nil
+}
+
+// doNoRetry issues a request req, replacing its context (if any) with ctx.
+func (c *Client) doNoRetry(ctx context.Context, req *http.Request) (*http.Response, error) {
+	req.Header.Set("User-Agent", c.userAgent())
+	res, err := c.httpClient().Do(req.WithContext(ctx))
+	if err != nil {
+		select {
+		case <-ctx.Done():
+			// Prefer the unadorned context error.
+			// (The acme package had tests assuming this, previously from ctxhttp's
+			// behavior, predating net/http supporting contexts natively)
+			// TODO(bradfitz): reconsider this in the future. But for now this
+			// requires no test updates.
+			return nil, ctx.Err()
+		default:
+			return nil, err
+		}
+	}
+	return res, nil
+}
+
+func (c *Client) httpClient() *http.Client {
+	if c.HTTPClient != nil {
+		return c.HTTPClient
+	}
+	return http.DefaultClient
+}
+
+// packageVersion is the version of the module that contains this package, for
+// sending as part of the User-Agent header. It's set in version_go112.go.
+var packageVersion string
+
+// userAgent returns the User-Agent header value. It includes the package name,
+// the module version (if available), and the c.UserAgent value (if set).
+func (c *Client) userAgent() string {
+	ua := "golang.org/x/crypto/acme"
+	if packageVersion != "" {
+		ua += "@" + packageVersion
+	}
+	if c.UserAgent != "" {
+		ua = c.UserAgent + " " + ua
+	}
+	return ua
+}
+
+// isBadNonce reports whether err is an ACME "badnonce" error.
+func isBadNonce(err error) bool {
+	// According to the spec badNonce is urn:ietf:params:acme:error:badNonce.
+	// However, ACME servers in the wild return their versions of the error.
+	// See https://tools.ietf.org/html/draft-ietf-acme-acme-02#section-5.4
+	// and https://github.com/letsencrypt/boulder/blob/0e07eacb/docs/acme-divergences.md#section-66.
+	ae, ok := err.(*Error)
+	return ok && strings.HasSuffix(strings.ToLower(ae.ProblemType), ":badnonce")
+}
+
+// isRetriable reports whether a request can be retried
+// based on the response status code.
+//
+// Note that a "bad nonce" error is returned with a non-retriable 400 Bad Request code.
+// Callers should parse the response and check with isBadNonce.
+func isRetriable(code int) bool {
+	return code <= 399 || code >= 500 || code == http.StatusTooManyRequests
+}
+
+// responseError creates an error of Error type from resp.
+func responseError(resp *http.Response) error {
+	// don't care if ReadAll returns an error:
+	// json.Unmarshal will fail in that case anyway
+	b, _ := ioutil.ReadAll(resp.Body)
+	e := &wireError{Status: resp.StatusCode}
+	if err := json.Unmarshal(b, e); err != nil {
+		// this is not a regular error response:
+		// populate detail with anything we received,
+		// e.Status will already contain HTTP response code value
+		e.Detail = string(b)
+		if e.Detail == "" {
+			e.Detail = resp.Status
+		}
+	}
+	return e.error(resp.Header)
+}
diff --git a/acme/http_test.go b/acme/http_test.go
new file mode 100644
index 000000000..cf1df36eb
--- /dev/null
+++ b/acme/http_test.go
@@ -0,0 +1,255 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package acme
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"reflect"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestDefaultBackoff(t *testing.T) {
+	tt := []struct {
+		nretry     int
+		retryAfter string        // Retry-After header
+		out        time.Duration // expected min; max = min + jitter
+	}{
+		{-1, "", time.Second},       // verify the lower bound is 1
+		{0, "", time.Second},        // verify the lower bound is 1
+		{100, "", 10 * time.Second}, // verify the ceiling
+		{1, "3600", time.Hour},      // verify the header value is used
+		{1, "", 1 * time.Second},
+		{2, "", 2 * time.Second},
+		{3, "", 4 * time.Second},
+		{4, "", 8 * time.Second},
+	}
+	for i, test := range tt {
+		r := httptest.NewRequest("GET", "/", nil)
+		resp := &http.Response{Header: http.Header{}}
+		if test.retryAfter != "" {
+			resp.Header.Set("Retry-After", test.retryAfter)
+		}
+		d := defaultBackoff(test.nretry, r, resp)
+		max := test.out + time.Second // + max jitter
+		if d < test.out || max < d {
+			t.Errorf("%d: defaultBackoff(%v) = %v; want between %v and %v", i, test.nretry, d, test.out, max)
+		}
+	}
+}
+
+func TestErrorResponse(t *testing.T) {
+	s := `{
+		"status": 400,
+		"type": "urn:acme:error:xxx",
+		"detail": "text"
+	}`
+	res := &http.Response{
+		StatusCode: 400,
+		Status:     "400 Bad Request",
+		Body:       ioutil.NopCloser(strings.NewReader(s)),
+		Header:     http.Header{"X-Foo": {"bar"}},
+	}
+	err := responseError(res)
+	v, ok := err.(*Error)
+	if !ok {
+		t.Fatalf("err = %+v (%T); want *Error type", err, err)
+	}
+	if v.StatusCode != 400 {
+		t.Errorf("v.StatusCode = %v; want 400", v.StatusCode)
+	}
+	if v.ProblemType != "urn:acme:error:xxx" {
+		t.Errorf("v.ProblemType = %q; want urn:acme:error:xxx", v.ProblemType)
+	}
+	if v.Detail != "text" {
+		t.Errorf("v.Detail = %q; want text", v.Detail)
+	}
+	if !reflect.DeepEqual(v.Header, res.Header) {
+		t.Errorf("v.Header = %+v; want %+v", v.Header, res.Header)
+	}
+}
+
+func TestPostWithRetries(t *testing.T) {
+	var count int
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		count++
+		w.Header().Set("Replay-Nonce", fmt.Sprintf("nonce%d", count))
+		if r.Method == "HEAD" {
+			// We expect the client to do 2 head requests to fetch
+			// nonces, one to start and another after getting badNonce
+			return
+		}
+
+		head, err := decodeJWSHead(r.Body)
+		switch {
+		case err != nil:
+			t.Errorf("decodeJWSHead: %v", err)
+		case head.Nonce == "":
+			t.Error("head.Nonce is empty")
+		case head.Nonce == "nonce1":
+			// Return a badNonce error to force the call to retry.
+			w.Header().Set("Retry-After", "0")
+			w.WriteHeader(http.StatusBadRequest)
+			w.Write([]byte(`{"type":"urn:ietf:params:acme:error:badNonce"}`))
+			return
+		}
+		// Make client.Authorize happy; we're not testing its result.
+		w.WriteHeader(http.StatusCreated)
+		w.Write([]byte(`{"status":"valid"}`))
+	}))
+	defer ts.Close()
+
+	client := &Client{
+		Key:          testKey,
+		DirectoryURL: ts.URL,
+		dir:          &Directory{AuthzURL: ts.URL},
+	}
+	// This call will fail with badNonce, causing a retry
+	if _, err := client.Authorize(context.Background(), "example.com"); err != nil {
+		t.Errorf("client.Authorize 1: %v", err)
+	}
+	if count != 4 {
+		t.Errorf("total requests count: %d; want 4", count)
+	}
+}
+
+func TestRetryErrorType(t *testing.T) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Replay-Nonce", "nonce")
+		w.WriteHeader(http.StatusTooManyRequests)
+		w.Write([]byte(`{"type":"rateLimited"}`))
+	}))
+	defer ts.Close()
+
+	client := &Client{
+		Key: testKey,
+		RetryBackoff: func(n int, r *http.Request, res *http.Response) time.Duration {
+			// Do no retries.
+			return 0
+		},
+		dir: &Directory{AuthzURL: ts.URL},
+	}
+
+	t.Run("post", func(t *testing.T) {
+		testRetryErrorType(t, func() error {
+			_, err := client.Authorize(context.Background(), "example.com")
+			return err
+		})
+	})
+	t.Run("get", func(t *testing.T) {
+		testRetryErrorType(t, func() error {
+			_, err := client.GetAuthorization(context.Background(), ts.URL)
+			return err
+		})
+	})
+}
+
+func testRetryErrorType(t *testing.T, callClient func() error) {
+	t.Helper()
+	err := callClient()
+	if err == nil {
+		t.Fatal("client.Authorize returned nil error")
+	}
+	acmeErr, ok := err.(*Error)
+	if !ok {
+		t.Fatalf("err is %v (%T); want *Error", err, err)
+	}
+	if acmeErr.StatusCode != http.StatusTooManyRequests {
+		t.Errorf("acmeErr.StatusCode = %d; want %d", acmeErr.StatusCode, http.StatusTooManyRequests)
+	}
+	if acmeErr.ProblemType != "rateLimited" {
+		t.Errorf("acmeErr.ProblemType = %q; want 'rateLimited'", acmeErr.ProblemType)
+	}
+}
+
+func TestRetryBackoffArgs(t *testing.T) {
+	const resCode = http.StatusInternalServerError
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Replay-Nonce", "test-nonce")
+		w.WriteHeader(resCode)
+	}))
+	defer ts.Close()
+
+	// Canceled in backoff.
+	ctx, cancel := context.WithCancel(context.Background())
+
+	var nretry int
+	backoff := func(n int, r *http.Request, res *http.Response) time.Duration {
+		nretry++
+		if n != nretry {
+			t.Errorf("n = %d; want %d", n, nretry)
+		}
+		if nretry == 3 {
+			cancel()
+		}
+
+		if r == nil {
+			t.Error("r is nil")
+		}
+		if res.StatusCode != resCode {
+			t.Errorf("res.StatusCode = %d; want %d", res.StatusCode, resCode)
+		}
+		return time.Millisecond
+	}
+
+	client := &Client{
+		Key:          testKey,
+		RetryBackoff: backoff,
+		dir:          &Directory{AuthzURL: ts.URL},
+	}
+	if _, err := client.Authorize(ctx, "example.com"); err == nil {
+		t.Error("err is nil")
+	}
+	if nretry != 3 {
+		t.Errorf("nretry = %d; want 3", nretry)
+	}
+}
+
+func TestUserAgent(t *testing.T) {
+	for _, custom := range []string{"", "CUSTOM_UA"} {
+		ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			t.Log(r.UserAgent())
+			if s := "golang.org/x/crypto/acme"; !strings.Contains(r.UserAgent(), s) {
+				t.Errorf("expected User-Agent to contain %q, got %q", s, r.UserAgent())
+			}
+			if !strings.Contains(r.UserAgent(), custom) {
+				t.Errorf("expected User-Agent to contain %q, got %q", custom, r.UserAgent())
+			}
+
+			w.WriteHeader(http.StatusOK)
+			w.Write([]byte(`{}`))
+		}))
+		defer ts.Close()
+
+		client := &Client{
+			Key:          testKey,
+			DirectoryURL: ts.URL,
+			UserAgent:    custom,
+		}
+		if _, err := client.Discover(context.Background()); err != nil {
+			t.Errorf("client.Discover: %v", err)
+		}
+	}
+}
+
+func TestAccountKidLoop(t *testing.T) {
+	// if Client.postNoRetry is called with a nil key argument
+	// then Client.Key must be set, otherwise we fall into an
+	// infinite loop (which also causes a deadlock).
+	client := &Client{dir: &Directory{OrderURL: ":)"}}
+	_, _, err := client.postNoRetry(context.Background(), nil, "", nil)
+	if err == nil {
+		t.Fatal("Client.postNoRetry didn't fail with a nil key")
+	}
+	expected := "acme: Client.Key must be populated to make POST requests"
+	if err.Error() != expected {
+		t.Fatalf("Unexpected error returned: wanted %q, got %q", expected, err.Error())
+	}
+}
diff --git a/acme/internal/acmeprobe/prober.go b/acme/internal/acmeprobe/prober.go
new file mode 100644
index 000000000..55d702b76
--- /dev/null
+++ b/acme/internal/acmeprobe/prober.go
@@ -0,0 +1,480 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// The acmeprober program runs against an actual ACME CA implementation.
+// It spins up an HTTP server to fulfill authorization challenges
+// or execute a DNS script to provision a response to dns-01 challenge.
+//
+// For http-01 and tls-alpn-01 challenge types this requires the ACME CA
+// to be able to reach the HTTP server.
+//
+// A usage example:
+//
+//     go run prober.go \
+//       -d https://acme-staging-v02.api.letsencrypt.org/directory \
+//       -f order \
+//       -t http-01 \
+//       -a :8080 \
+//       -domain some.example.org
+//
+// The above assumes a TCP tunnel from some.example.org:80 to 0.0.0.0:8080
+// in order for the test to be able to fulfill http-01 challenge.
+// To test tls-alpn-01 challenge, 443 port would need to be tunneled
+// to 0.0.0.0:8080.
+// When running with dns-01 challenge type, use -s argument instead of -a.
+package main
+
+import (
+	"context"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"flag"
+	"fmt"
+	"log"
+	"net"
+	"net/http"
+	"os"
+	"os/exec"
+	"strings"
+	"time"
+
+	"golang.org/x/crypto/acme"
+)
+
+var (
+	// ACME CA directory URL.
+	// Let's Encrypt v1 prod: https://acme-v01.api.letsencrypt.org/directory
+	// Let's Encrypt v2 prod: https://acme-v02.api.letsencrypt.org/directory
+	// Let's Encrypt v2 staging: https://acme-staging-v02.api.letsencrypt.org/directory
+	// See the following for more CAs implementing ACME protocol:
+	// https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment#CAs_&_PKIs_that_offer_ACME_certificates
+	directory = flag.String("d", "", "ACME directory URL.")
+	reginfo   = flag.String("r", "", "ACME account registration info.")
+	flow      = flag.String("f", "", "Flow to run: order, preauthz (RFC8555) or preauthz02 (draft-02).")
+	chaltyp   = flag.String("t", "", "Challenge type: tls-alpn-01, http-01 or dns-01.")
+	addr      = flag.String("a", "", "Local server address for tls-alpn-01 and http-01.")
+	dnsscript = flag.String("s", "", "Script to run for provisioning dns-01 challenges.")
+	domain    = flag.String("domain", "", "Space separate domain identifiers.")
+	ipaddr    = flag.String("ip", "", "Space separate IP address identifiers.")
+)
+
+func main() {
+	flag.Usage = func() {
+		fmt.Fprintln(flag.CommandLine.Output(), `
+The prober program runs against an actual ACME CA implementation.
+It spins up an HTTP server to fulfill authorization challenges
+or execute a DNS script to provision a response to dns-01 challenge.
+
+For http-01 and tls-alpn-01 challenge types this requires the ACME CA
+to be able to reach the HTTP server.
+
+A usage example:
+
+    go run prober.go \
+      -d https://acme-staging-v02.api.letsencrypt.org/directory \
+      -f order \
+      -t http-01 \
+      -a :8080 \
+      -domain some.example.org
+
+The above assumes a TCP tunnel from some.example.org:80 to 0.0.0.0:8080
+in order for the test to be able to fulfill http-01 challenge.
+To test tls-alpn-01 challenge, 443 port would need to be tunneled
+to 0.0.0.0:8080.
+When running with dns-01 challenge type, use -s argument instead of -a.
+		`)
+		flag.PrintDefaults()
+	}
+	flag.Parse()
+
+	identifiers := acme.DomainIDs(strings.Fields(*domain)...)
+	identifiers = append(identifiers, acme.IPIDs(strings.Fields(*ipaddr)...)...)
+	if len(identifiers) == 0 {
+		log.Fatal("at least one domain or IP addr identifier is required")
+	}
+
+	// Duration of the whole run.
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Minute)
+	defer cancel()
+
+	// Create and register a new account.
+	akey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		log.Fatal(err)
+	}
+	cl := &acme.Client{Key: akey, DirectoryURL: *directory}
+	a := &acme.Account{Contact: strings.Fields(*reginfo)}
+	if _, err := cl.Register(ctx, a, acme.AcceptTOS); err != nil {
+		log.Fatalf("Register: %v", err)
+	}
+
+	// Run the desired flow test.
+	p := &prober{
+		client:    cl,
+		chalType:  *chaltyp,
+		localAddr: *addr,
+		dnsScript: *dnsscript,
+	}
+	switch *flow {
+	case "order":
+		p.runOrder(ctx, identifiers)
+	case "preauthz":
+		p.runPreauthz(ctx, identifiers)
+	case "preauthz02":
+		p.runPreauthzLegacy(ctx, identifiers)
+	default:
+		log.Fatalf("unknown flow: %q", *flow)
+	}
+	if len(p.errors) > 0 {
+		os.Exit(1)
+	}
+}
+
+type prober struct {
+	client    *acme.Client
+	chalType  string
+	localAddr string
+	dnsScript string
+
+	errors []error
+}
+
+func (p *prober) errorf(format string, a ...interface{}) {
+	err := fmt.Errorf(format, a...)
+	log.Print(err)
+	p.errors = append(p.errors, err)
+}
+
+func (p *prober) runOrder(ctx context.Context, identifiers []acme.AuthzID) {
+	// Create a new order and pick a challenge.
+	// Note that Let's Encrypt will reply with 400 error:malformed
+	// "NotBefore and NotAfter are not supported" when providing a NotAfter
+	// value like WithOrderNotAfter(time.Now().Add(24 * time.Hour)).
+	o, err := p.client.AuthorizeOrder(ctx, identifiers)
+	if err != nil {
+		log.Fatalf("AuthorizeOrder: %v", err)
+	}
+
+	var zurls []string
+	for _, u := range o.AuthzURLs {
+		z, err := p.client.GetAuthorization(ctx, u)
+		if err != nil {
+			log.Fatalf("GetAuthorization(%q): %v", u, err)
+		}
+		log.Printf("%+v", z)
+		if z.Status != acme.StatusPending {
+			log.Printf("authz status is %q; skipping", z.Status)
+			continue
+		}
+		if err := p.fulfill(ctx, z); err != nil {
+			log.Fatalf("fulfill(%s): %v", z.URI, err)
+		}
+		zurls = append(zurls, z.URI)
+		log.Printf("authorized for %+v", z.Identifier)
+	}
+
+	log.Print("all challenges are done")
+	if _, err := p.client.WaitOrder(ctx, o.URI); err != nil {
+		log.Fatalf("WaitOrder(%q): %v", o.URI, err)
+	}
+	csr, certkey := newCSR(identifiers)
+	der, curl, err := p.client.CreateOrderCert(ctx, o.FinalizeURL, csr, true)
+	if err != nil {
+		log.Fatalf("CreateOrderCert: %v", err)
+	}
+	log.Printf("cert URL: %s", curl)
+	if err := checkCert(der, identifiers); err != nil {
+		p.errorf("invalid cert: %v", err)
+	}
+
+	// Deactivate all authorizations we satisfied earlier.
+	for _, v := range zurls {
+		if err := p.client.RevokeAuthorization(ctx, v); err != nil {
+			p.errorf("RevokAuthorization(%q): %v", v, err)
+			continue
+		}
+	}
+	// Deactivate the account. We don't need it for any further calls.
+	if err := p.client.DeactivateReg(ctx); err != nil {
+		p.errorf("DeactivateReg: %v", err)
+	}
+	// Try revoking the issued cert using its private key.
+	if err := p.client.RevokeCert(ctx, certkey, der[0], acme.CRLReasonCessationOfOperation); err != nil {
+		p.errorf("RevokeCert: %v", err)
+	}
+}
+
+func (p *prober) runPreauthz(ctx context.Context, identifiers []acme.AuthzID) {
+	dir, err := p.client.Discover(ctx)
+	if err != nil {
+		log.Fatalf("Discover: %v", err)
+	}
+	if dir.AuthzURL == "" {
+		log.Fatal("CA does not support pre-authorization")
+	}
+
+	var zurls []string
+	for _, id := range identifiers {
+		z, err := authorize(ctx, p.client, id)
+		if err != nil {
+			log.Fatalf("AuthorizeID(%+v): %v", z, err)
+		}
+		if z.Status == acme.StatusValid {
+			log.Printf("authz %s is valid; skipping", z.URI)
+			continue
+		}
+		if err := p.fulfill(ctx, z); err != nil {
+			log.Fatalf("fulfill(%s): %v", z.URI, err)
+		}
+		zurls = append(zurls, z.URI)
+		log.Printf("authorized for %+v", id)
+	}
+
+	// We should be all set now.
+	// Expect all authorizations to be satisfied.
+	log.Print("all challenges are done")
+	o, err := p.client.AuthorizeOrder(ctx, identifiers)
+	if err != nil {
+		log.Fatalf("AuthorizeOrder: %v", err)
+	}
+	waitCtx, cancel := context.WithTimeout(ctx, time.Minute)
+	defer cancel()
+	if _, err := p.client.WaitOrder(waitCtx, o.URI); err != nil {
+		log.Fatalf("WaitOrder(%q): %v", o.URI, err)
+	}
+	csr, certkey := newCSR(identifiers)
+	der, curl, err := p.client.CreateOrderCert(ctx, o.FinalizeURL, csr, true)
+	if err != nil {
+		log.Fatalf("CreateOrderCert: %v", err)
+	}
+	log.Printf("cert URL: %s", curl)
+	if err := checkCert(der, identifiers); err != nil {
+		p.errorf("invalid cert: %v", err)
+	}
+
+	// Deactivate all authorizations we satisfied earlier.
+	for _, v := range zurls {
+		if err := p.client.RevokeAuthorization(ctx, v); err != nil {
+			p.errorf("RevokeAuthorization(%q): %v", v, err)
+			continue
+		}
+	}
+	// Deactivate the account. We don't need it for any further calls.
+	if err := p.client.DeactivateReg(ctx); err != nil {
+		p.errorf("DeactivateReg: %v", err)
+	}
+	// Try revoking the issued cert using its private key.
+	if err := p.client.RevokeCert(ctx, certkey, der[0], acme.CRLReasonCessationOfOperation); err != nil {
+		p.errorf("RevokeCert: %v", err)
+	}
+}
+
+func (p *prober) runPreauthzLegacy(ctx context.Context, identifiers []acme.AuthzID) {
+	var zurls []string
+	for _, id := range identifiers {
+		z, err := authorize(ctx, p.client, id)
+		if err != nil {
+			log.Fatalf("AuthorizeID(%+v): %v", id, err)
+		}
+		if z.Status == acme.StatusValid {
+			log.Printf("authz %s is valid; skipping", z.URI)
+			continue
+		}
+		if err := p.fulfill(ctx, z); err != nil {
+			log.Fatalf("fulfill(%s): %v", z.URI, err)
+		}
+		zurls = append(zurls, z.URI)
+		log.Printf("authorized for %+v", id)
+	}
+
+	// We should be all set now.
+	log.Print("all authorizations are done")
+	csr, certkey := newCSR(identifiers)
+	der, curl, err := p.client.CreateCert(ctx, csr, 48*time.Hour, true)
+	if err != nil {
+		log.Fatalf("CreateCert: %v", err)
+	}
+	log.Printf("cert URL: %s", curl)
+	if err := checkCert(der, identifiers); err != nil {
+		p.errorf("invalid cert: %v", err)
+	}
+
+	// Deactivate all authorizations we satisfied earlier.
+	for _, v := range zurls {
+		if err := p.client.RevokeAuthorization(ctx, v); err != nil {
+			p.errorf("RevokAuthorization(%q): %v", v, err)
+			continue
+		}
+	}
+	// Try revoking the issued cert using its private key.
+	if err := p.client.RevokeCert(ctx, certkey, der[0], acme.CRLReasonCessationOfOperation); err != nil {
+		p.errorf("RevokeCert: %v", err)
+	}
+
+}
+
+func (p *prober) fulfill(ctx context.Context, z *acme.Authorization) error {
+	var chal *acme.Challenge
+	for i, c := range z.Challenges {
+		log.Printf("challenge %d: %+v", i, c)
+		if c.Type == p.chalType {
+			log.Printf("picked %s for authz %s", c.URI, z.URI)
+			chal = c
+		}
+	}
+	if chal == nil {
+		return fmt.Errorf("challenge type %q wasn't offered for authz %s", p.chalType, z.URI)
+	}
+
+	switch chal.Type {
+	case "tls-alpn-01":
+		return p.runTLSALPN01(ctx, z, chal)
+	case "http-01":
+		return p.runHTTP01(ctx, z, chal)
+	case "dns-01":
+		return p.runDNS01(ctx, z, chal)
+	default:
+		return fmt.Errorf("unknown challenge type %q", chal.Type)
+	}
+}
+
+func (p *prober) runTLSALPN01(ctx context.Context, z *acme.Authorization, chal *acme.Challenge) error {
+	tokenCert, err := p.client.TLSALPN01ChallengeCert(chal.Token, z.Identifier.Value)
+	if err != nil {
+		return fmt.Errorf("TLSALPN01ChallengeCert: %v", err)
+	}
+	s := &http.Server{
+		Addr: p.localAddr,
+		TLSConfig: &tls.Config{
+			NextProtos: []string{acme.ALPNProto},
+			GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+				log.Printf("hello: %+v", hello)
+				return &tokenCert, nil
+			},
+		},
+		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			log.Printf("%s %s", r.Method, r.URL)
+			w.WriteHeader(http.StatusNotFound)
+		}),
+	}
+	go s.ListenAndServeTLS("", "")
+	defer s.Close()
+
+	if _, err := p.client.Accept(ctx, chal); err != nil {
+		return fmt.Errorf("Accept(%q): %v", chal.URI, err)
+	}
+	_, zerr := p.client.WaitAuthorization(ctx, z.URI)
+	return zerr
+}
+
+func (p *prober) runHTTP01(ctx context.Context, z *acme.Authorization, chal *acme.Challenge) error {
+	body, err := p.client.HTTP01ChallengeResponse(chal.Token)
+	if err != nil {
+		return fmt.Errorf("HTTP01ChallengeResponse: %v", err)
+	}
+	s := &http.Server{
+		Addr: p.localAddr,
+		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			log.Printf("%s %s", r.Method, r.URL)
+			if r.URL.Path != p.client.HTTP01ChallengePath(chal.Token) {
+				w.WriteHeader(http.StatusNotFound)
+				return
+			}
+			w.Write([]byte(body))
+		}),
+	}
+	go s.ListenAndServe()
+	defer s.Close()
+
+	if _, err := p.client.Accept(ctx, chal); err != nil {
+		return fmt.Errorf("Accept(%q): %v", chal.URI, err)
+	}
+	_, zerr := p.client.WaitAuthorization(ctx, z.URI)
+	return zerr
+}
+
+func (p *prober) runDNS01(ctx context.Context, z *acme.Authorization, chal *acme.Challenge) error {
+	token, err := p.client.DNS01ChallengeRecord(chal.Token)
+	if err != nil {
+		return fmt.Errorf("DNS01ChallengeRecord: %v", err)
+	}
+
+	name := fmt.Sprintf("_acme-challenge.%s", z.Identifier.Value)
+	cmd := exec.CommandContext(ctx, p.dnsScript, name, token)
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+	if err := cmd.Run(); err != nil {
+		return fmt.Errorf("%s: %v", p.dnsScript, err)
+	}
+
+	if _, err := p.client.Accept(ctx, chal); err != nil {
+		return fmt.Errorf("Accept(%q): %v", chal.URI, err)
+	}
+	_, zerr := p.client.WaitAuthorization(ctx, z.URI)
+	return zerr
+}
+
+func authorize(ctx context.Context, client *acme.Client, id acme.AuthzID) (*acme.Authorization, error) {
+	if id.Type == "ip" {
+		return client.AuthorizeIP(ctx, id.Value)
+	}
+	return client.Authorize(ctx, id.Value)
+}
+
+func checkCert(derChain [][]byte, id []acme.AuthzID) error {
+	if len(derChain) == 0 {
+		return errors.New("cert chain is zero bytes")
+	}
+	for i, b := range derChain {
+		crt, err := x509.ParseCertificate(b)
+		if err != nil {
+			return fmt.Errorf("%d: ParseCertificate: %v", i, err)
+		}
+		log.Printf("%d: serial: 0x%s", i, crt.SerialNumber)
+		log.Printf("%d: subject: %s", i, crt.Subject)
+		log.Printf("%d: issuer: %s", i, crt.Issuer)
+		log.Printf("%d: expires in %.1f day(s)", i, time.Until(crt.NotAfter).Hours()/24)
+		if i > 0 { // not a leaf cert
+			continue
+		}
+		p := &pem.Block{Type: "CERTIFICATE", Bytes: b}
+		log.Printf("%d: leaf:\n%s", i, pem.EncodeToMemory(p))
+		for _, v := range id {
+			if err := crt.VerifyHostname(v.Value); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func newCSR(identifiers []acme.AuthzID) ([]byte, crypto.Signer) {
+	var csr x509.CertificateRequest
+	for _, id := range identifiers {
+		switch id.Type {
+		case "dns":
+			csr.DNSNames = append(csr.DNSNames, id.Value)
+		case "ip":
+			csr.IPAddresses = append(csr.IPAddresses, net.ParseIP(id.Value))
+		default:
+			panic(fmt.Sprintf("newCSR: unknown identifier type %q", id.Type))
+		}
+	}
+	k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		panic(fmt.Sprintf("newCSR: ecdsa.GenerateKey for a cert: %v", err))
+	}
+	b, err := x509.CreateCertificateRequest(rand.Reader, &csr, k)
+	if err != nil {
+		panic(fmt.Sprintf("newCSR: x509.CreateCertificateRequest: %v", err))
+	}
+	return b, k
+}
diff --git a/acme/jws.go b/acme/jws.go
index 6cbca25de..8c3ecceca 100644
--- a/acme/jws.go
+++ b/acme/jws.go
@@ -7,47 +7,81 @@ package acme
 import (
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/hmac"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
 	_ "crypto/sha512" // need for EC keys
+	"encoding/asn1"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"math/big"
 )
 
+// keyID is the account identity provided by a CA during registration.
+type keyID string
+
+// noKeyID indicates that jwsEncodeJSON should compute and use JWK instead of a KID.
+// See jwsEncodeJSON for details.
+const noKeyID = keyID("")
+
+// noPayload indicates jwsEncodeJSON will encode zero-length octet string
+// in a JWS request. This is called POST-as-GET in RFC 8555 and is used to make
+// authenticated GET requests via POSTing with an empty payload.
+// See https://tools.ietf.org/html/rfc8555#section-6.3 for more details.
+const noPayload = ""
+
+// jsonWebSignature can be easily serialized into a JWS following
+// https://tools.ietf.org/html/rfc7515#section-3.2.
+type jsonWebSignature struct {
+	Protected string `json:"protected"`
+	Payload   string `json:"payload"`
+	Sig       string `json:"signature"`
+}
+
 // jwsEncodeJSON signs claimset using provided key and a nonce.
-// The result is serialized in JSON format.
+// The result is serialized in JSON format containing either kid or jwk
+// fields based on the provided keyID value.
+//
+// If kid is non-empty, its quoted value is inserted in the protected head
+// as "kid" field value. Otherwise, JWK is computed using jwkEncode and inserted
+// as "jwk" field value. The "jwk" and "kid" fields are mutually exclusive.
+//
 // See https://tools.ietf.org/html/rfc7515#section-7.
-func jwsEncodeJSON(claimset interface{}, key crypto.Signer, nonce string) ([]byte, error) {
-	jwk, err := jwkEncode(key.Public())
-	if err != nil {
-		return nil, err
-	}
-	alg, sha := jwsHasher(key)
+func jwsEncodeJSON(claimset interface{}, key crypto.Signer, kid keyID, nonce, url string) ([]byte, error) {
+	alg, sha := jwsHasher(key.Public())
 	if alg == "" || !sha.Available() {
 		return nil, ErrUnsupportedKey
 	}
-	phead := fmt.Sprintf(`{"alg":%q,"jwk":%s,"nonce":%q}`, alg, jwk, nonce)
+	var phead string
+	switch kid {
+	case noKeyID:
+		jwk, err := jwkEncode(key.Public())
+		if err != nil {
+			return nil, err
+		}
+		phead = fmt.Sprintf(`{"alg":%q,"jwk":%s,"nonce":%q,"url":%q}`, alg, jwk, nonce, url)
+	default:
+		phead = fmt.Sprintf(`{"alg":%q,"kid":%q,"nonce":%q,"url":%q}`, alg, kid, nonce, url)
+	}
 	phead = base64.RawURLEncoding.EncodeToString([]byte(phead))
-	cs, err := json.Marshal(claimset)
-	if err != nil {
-		return nil, err
+	var payload string
+	if claimset != noPayload {
+		cs, err := json.Marshal(claimset)
+		if err != nil {
+			return nil, err
+		}
+		payload = base64.RawURLEncoding.EncodeToString(cs)
 	}
-	payload := base64.RawURLEncoding.EncodeToString(cs)
 	hash := sha.New()
 	hash.Write([]byte(phead + "." + payload))
 	sig, err := jwsSign(key, sha, hash.Sum(nil))
 	if err != nil {
 		return nil, err
 	}
-
-	enc := struct {
-		Protected string `json:"protected"`
-		Payload   string `json:"payload"`
-		Sig       string `json:"signature"`
-	}{
+	enc := jsonWebSignature{
 		Protected: phead,
 		Payload:   payload,
 		Sig:       base64.RawURLEncoding.EncodeToString(sig),
@@ -55,6 +89,43 @@ func jwsEncodeJSON(claimset interface{}, key crypto.Signer, nonce string) ([]byt
 	return json.Marshal(&enc)
 }
 
+// jwsWithMAC creates and signs a JWS using the given key and the HS256
+// algorithm. kid and url are included in the protected header. rawPayload
+// should not be base64-URL-encoded.
+func jwsWithMAC(key []byte, kid, url string, rawPayload []byte) (*jsonWebSignature, error) {
+	if len(key) == 0 {
+		return nil, errors.New("acme: cannot sign JWS with an empty MAC key")
+	}
+	header := struct {
+		Algorithm string `json:"alg"`
+		KID       string `json:"kid"`
+		URL       string `json:"url,omitempty"`
+	}{
+		// Only HMAC-SHA256 is supported.
+		Algorithm: "HS256",
+		KID:       kid,
+		URL:       url,
+	}
+	rawProtected, err := json.Marshal(header)
+	if err != nil {
+		return nil, err
+	}
+	protected := base64.RawURLEncoding.EncodeToString(rawProtected)
+	payload := base64.RawURLEncoding.EncodeToString(rawPayload)
+
+	h := hmac.New(sha256.New, key)
+	if _, err := h.Write([]byte(protected + "." + payload)); err != nil {
+		return nil, err
+	}
+	mac := h.Sum(nil)
+
+	return &jsonWebSignature{
+		Protected: protected,
+		Payload:   payload,
+		Sig:       base64.RawURLEncoding.EncodeToString(mac),
+	}, nil
+}
+
 // jwkEncode encodes public part of an RSA or ECDSA key into a JWK.
 // The result is also suitable for creating a JWK thumbprint.
 // https://tools.ietf.org/html/rfc7517
@@ -97,19 +168,24 @@ func jwkEncode(pub crypto.PublicKey) (string, error) {
 }
 
 // jwsSign signs the digest using the given key.
-// It returns ErrUnsupportedKey if the key type is unknown.
-// The hash is used only for RSA keys.
+// The hash is unused for ECDSA keys.
 func jwsSign(key crypto.Signer, hash crypto.Hash, digest []byte) ([]byte, error) {
-	switch key := key.(type) {
-	case *rsa.PrivateKey:
+	switch pub := key.Public().(type) {
+	case *rsa.PublicKey:
 		return key.Sign(rand.Reader, digest, hash)
-	case *ecdsa.PrivateKey:
-		r, s, err := ecdsa.Sign(rand.Reader, key, digest)
+	case *ecdsa.PublicKey:
+		sigASN1, err := key.Sign(rand.Reader, digest, hash)
 		if err != nil {
 			return nil, err
 		}
-		rb, sb := r.Bytes(), s.Bytes()
-		size := key.Params().BitSize / 8
+
+		var rs struct{ R, S *big.Int }
+		if _, err := asn1.Unmarshal(sigASN1, &rs); err != nil {
+			return nil, err
+		}
+
+		rb, sb := rs.R.Bytes(), rs.S.Bytes()
+		size := pub.Params().BitSize / 8
 		if size%8 > 0 {
 			size++
 		}
@@ -124,12 +200,12 @@ func jwsSign(key crypto.Signer, hash crypto.Hash, digest []byte) ([]byte, error)
 // jwsHasher indicates suitable JWS algorithm name and a hash function
 // to use for signing a digest with the provided key.
 // It returns ("", 0) if the key is not supported.
-func jwsHasher(key crypto.Signer) (string, crypto.Hash) {
-	switch key := key.(type) {
-	case *rsa.PrivateKey:
+func jwsHasher(pub crypto.PublicKey) (string, crypto.Hash) {
+	switch pub := pub.(type) {
+	case *rsa.PublicKey:
 		return "RS256", crypto.SHA256
-	case *ecdsa.PrivateKey:
-		switch key.Params().Name {
+	case *ecdsa.PublicKey:
+		switch pub.Params().Name {
 		case "P-256":
 			return "ES256", crypto.SHA256
 		case "P-384":
diff --git a/acme/jws_test.go b/acme/jws_test.go
index 0ff0fb5a3..c8a1e8b31 100644
--- a/acme/jws_test.go
+++ b/acme/jws_test.go
@@ -5,19 +5,33 @@
 package acme
 
 import (
+	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rsa"
+	"crypto/sha256"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
 	"encoding/pem"
 	"fmt"
+	"io"
 	"math/big"
 	"testing"
 )
 
+// The following shell command alias is used in the comments
+// throughout this file:
+// alias b64raw="base64 -w0 | tr -d '=' | tr '/+' '_-'"
+
 const (
+	// Modulus in raw base64:
+	// 4xgZ3eRPkwoRvy7qeRUbmMDe0V-xH9eWLdu0iheeLlrmD2mqWXfP9IeSKApbn34
+	// g8TuAS9g5zhq8ELQ3kmjr-KV86GAMgI6VAcGlq3QrzpTCf_30Ab7-zawrfRaFON
+	// a1HwEzPY1KHnGVkxJc85gNkwYI9SY2RHXtvln3zs5wITNrdosqEXeaIkVYBEhbh
+	// Nu54pp3kxo6TuWLi9e6pXeWetEwmlBwtWZlPoib2j3TxLBksKZfoyFyek380mHg
+	// JAumQ_I2fjj98_97mk3ihOY4AgVdCDj1z_GCoZkG5Rq7nbCGyosyKWyDX00Zs-n
+	// NqVhoLeIvXC4nnWdJMZ6rogxyQQ
 	testKeyPEM = `
 -----BEGIN RSA PRIVATE KEY-----
 MIIEowIBAAKCAQEA4xgZ3eRPkwoRvy7qeRUbmMDe0V+xH9eWLdu0iheeLlrmD2mq
@@ -80,7 +94,7 @@ GGnm6rb+NnWR9DIopM0nKNkToWoF/hzopxu4Ae/GsQ==
 `
 	// 1. openssl ec -in key.pem -noout -text
 	// 2. remove first byte, 04 (the header); the rest is X and Y
-	// 3. convert each with: echo <val> | xxd -r -p | base64 -w 100 | tr -d '=' | tr '/+' '_-'
+	// 3. convert each with: echo <val> | xxd -r -p | b64raw
 	testKeyECPubX    = "5lhEug5xK4xBDZ2nAbaxLtaLiv85bxJ7ePd1dkO23HQ"
 	testKeyECPubY    = "4aiK72sBeUAGkv0TaLsmwokYUYyNxGsS5EMIKwsNIKk"
 	testKeyEC384PubX = "MyrY_jLNLx6E1-Xc79_y-WDFzlriOVCkYyYoKWoWAqlw9gQNY9BP9sbeb5T3_oJt"
@@ -89,7 +103,7 @@ GGnm6rb+NnWR9DIopM0nKNkToWoF/hzopxu4Ae/GsQ==
 	testKeyEC512PubY = "AXbmSeogEiDlDwz0Gc670YYByFzC3c7tEMeap7CckkOtuN0Yaebqtv42dZH0MiikzSco2ROhagX-HOinG7gB78ax"
 
 	// echo -n '{"crv":"P-256","kty":"EC","x":"<testKeyECPubX>","y":"<testKeyECPubY>"}' | \
-	// openssl dgst -binary -sha256 | base64 | tr -d '=' | tr '/+' '_-'
+	// openssl dgst -binary -sha256 | b64raw
 	testKeyECThumbprint = "zedj-Bd1Zshp8KLePv2MB-lJ_Hagp7wAwdkA0NUTniU"
 )
 
@@ -138,7 +152,7 @@ func TestJWSEncodeJSON(t *testing.T) {
 	// JWS signed with testKey and "nonce" as the nonce value
 	// JSON-serialized JWS fields are split for easier testing
 	const (
-		// {"alg":"RS256","jwk":{"e":"AQAB","kty":"RSA","n":"..."},"nonce":"nonce"}
+		// {"alg":"RS256","jwk":{"e":"AQAB","kty":"RSA","n":"..."},"nonce":"nonce","url":"url"}
 		protected = "eyJhbGciOiJSUzI1NiIsImp3ayI6eyJlIjoiQVFBQiIsImt0eSI6" +
 			"IlJTQSIsIm4iOiI0eGdaM2VSUGt3b1J2eTdxZVJVYm1NRGUwVi14" +
 			"SDllV0xkdTBpaGVlTGxybUQybXFXWGZQOUllU0tBcGJuMzRnOFR1" +
@@ -149,19 +163,20 @@ func TestJWSEncodeJSON(t *testing.T) {
 			"bFBvaWIyajNUeExCa3NLWmZveUZ5ZWszODBtSGdKQXVtUV9JMmZq" +
 			"ajk4Xzk3bWszaWhPWTRBZ1ZkQ0RqMXpfR0NvWmtHNVJxN25iQ0d5" +
 			"b3N5S1d5RFgwMFpzLW5OcVZob0xlSXZYQzRubldkSk1aNnJvZ3h5" +
-			"UVEifSwibm9uY2UiOiJub25jZSJ9"
+			"UVEifSwibm9uY2UiOiJub25jZSIsInVybCI6InVybCJ9"
 		// {"Msg":"Hello JWS"}
-		payload   = "eyJNc2ciOiJIZWxsbyBKV1MifQ"
-		signature = "eAGUikStX_UxyiFhxSLMyuyBcIB80GeBkFROCpap2sW3EmkU_ggF" +
-			"knaQzxrTfItICSAXsCLIquZ5BbrSWA_4vdEYrwWtdUj7NqFKjHRa" +
-			"zpLHcoR7r1rEHvkoP1xj49lS5fc3Wjjq8JUhffkhGbWZ8ZVkgPdC" +
-			"4tMBWiQDoth-x8jELP_3LYOB_ScUXi2mETBawLgOT2K8rA0Vbbmx" +
-			"hWNlOWuUf-8hL5YX4IOEwsS8JK_TrTq5Zc9My0zHJmaieqDV0UlP" +
-			"k0onFjPFkGm7MrPSgd0MqRG-4vSAg2O4hDo7rKv4n8POjjXlNQvM" +
-			"9IPLr8qZ7usYBKhEGwX3yq_eicAwBw"
+		payload = "eyJNc2ciOiJIZWxsbyBKV1MifQ"
+		// printf '<protected>.<payload>' | openssl dgst -binary -sha256 -sign testKey | b64raw
+		signature = "YFyl_xz1E7TR-3E1bIuASTr424EgCvBHjt25WUFC2VaDjXYV0Rj_" +
+			"Hd3dJ_2IRqBrXDZZ2n4ZeA_4mm3QFwmwyeDwe2sWElhb82lCZ8iX" +
+			"uFnjeOmSOjx-nWwPa5ibCXzLq13zZ-OBV1Z4oN_TuailQeRoSfA3" +
+			"nO8gG52mv1x2OMQ5MAFtt8jcngBLzts4AyhI6mBJ2w7Yaj3ZCriq" +
+			"DWA3GLFvvHdW1Ba9Z01wtGT2CuZI7DUk_6Qj1b3BkBGcoKur5C9i" +
+			"bUJtCkABwBMvBQNyD3MmXsrRFRTgvVlyU_yMaucYm7nmzEr_2PaQ" +
+			"50rFt_9qOfJ4sfbLtG1Wwae57BQx1g"
 	)
 
-	b, err := jwsEncodeJSON(claims, testKey, "nonce")
+	b, err := jwsEncodeJSON(claims, testKey, noKeyID, "nonce", "url")
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -180,6 +195,46 @@ func TestJWSEncodeJSON(t *testing.T) {
 	}
 }
 
+func TestJWSEncodeKID(t *testing.T) {
+	kid := keyID("https://example.org/account/1")
+	claims := struct{ Msg string }{"Hello JWS"}
+	// JWS signed with testKeyEC
+	const (
+		// {"alg":"ES256","kid":"https://example.org/account/1","nonce":"nonce","url":"url"}
+		protected = "eyJhbGciOiJFUzI1NiIsImtpZCI6Imh0dHBzOi8vZXhhbXBsZS5" +
+			"vcmcvYWNjb3VudC8xIiwibm9uY2UiOiJub25jZSIsInVybCI6InVybCJ9"
+		// {"Msg":"Hello JWS"}
+		payload = "eyJNc2ciOiJIZWxsbyBKV1MifQ"
+	)
+
+	b, err := jwsEncodeJSON(claims, testKeyEC, kid, "nonce", "url")
+	if err != nil {
+		t.Fatal(err)
+	}
+	var jws struct{ Protected, Payload, Signature string }
+	if err := json.Unmarshal(b, &jws); err != nil {
+		t.Fatal(err)
+	}
+	if jws.Protected != protected {
+		t.Errorf("protected:\n%s\nwant:\n%s", jws.Protected, protected)
+	}
+	if jws.Payload != payload {
+		t.Errorf("payload:\n%s\nwant:\n%s", jws.Payload, payload)
+	}
+
+	sig, err := base64.RawURLEncoding.DecodeString(jws.Signature)
+	if err != nil {
+		t.Fatalf("jws.Signature: %v", err)
+	}
+	r, s := big.NewInt(0), big.NewInt(0)
+	r.SetBytes(sig[:len(sig)/2])
+	s.SetBytes(sig[len(sig)/2:])
+	h := sha256.Sum256([]byte(protected + "." + payload))
+	if !ecdsa.Verify(testKeyEC.Public().(*ecdsa.PublicKey), h[:], r, s) {
+		t.Error("invalid signature")
+	}
+}
+
 func TestJWSEncodeJSONEC(t *testing.T) {
 	tt := []struct {
 		key      *ecdsa.PrivateKey
@@ -192,7 +247,7 @@ func TestJWSEncodeJSONEC(t *testing.T) {
 	}
 	for i, test := range tt {
 		claims := struct{ Msg string }{"Hello JWS"}
-		b, err := jwsEncodeJSON(claims, test.key, "nonce")
+		b, err := jwsEncodeJSON(claims, test.key, noKeyID, "nonce", "url")
 		if err != nil {
 			t.Errorf("%d: %v", i, err)
 			continue
@@ -210,6 +265,8 @@ func TestJWSEncodeJSONEC(t *testing.T) {
 		var head struct {
 			Alg   string
 			Nonce string
+			URL   string `json:"url"`
+			KID   string `json:"kid"`
 			JWK   struct {
 				Crv string
 				Kty string
@@ -226,6 +283,13 @@ func TestJWSEncodeJSONEC(t *testing.T) {
 		if head.Nonce != "nonce" {
 			t.Errorf("%d: head.Nonce = %q; want nonce", i, head.Nonce)
 		}
+		if head.URL != "url" {
+			t.Errorf("%d: head.URL = %q; want 'url'", i, head.URL)
+		}
+		if head.KID != "" {
+			// We used noKeyID in jwsEncodeJSON: expect no kid value.
+			t.Errorf("%d: head.KID = %q; want empty", i, head.KID)
+		}
 		if head.JWK.Crv != test.crv {
 			t.Errorf("%d: head.JWK.Crv = %q; want %q", i, head.JWK.Crv, test.crv)
 		}
@@ -241,6 +305,137 @@ func TestJWSEncodeJSONEC(t *testing.T) {
 	}
 }
 
+type customTestSigner struct {
+	sig []byte
+	pub crypto.PublicKey
+}
+
+func (s *customTestSigner) Public() crypto.PublicKey { return s.pub }
+func (s *customTestSigner) Sign(io.Reader, []byte, crypto.SignerOpts) ([]byte, error) {
+	return s.sig, nil
+}
+
+func TestJWSEncodeJSONCustom(t *testing.T) {
+	claims := struct{ Msg string }{"hello"}
+	const (
+		// printf '{"Msg":"hello"}' | b64raw
+		payload = "eyJNc2ciOiJoZWxsbyJ9"
+		// printf 'testsig' | b64raw
+		testsig = "dGVzdHNpZw"
+
+		// the example P256 curve point from https://tools.ietf.org/html/rfc7515#appendix-A.3.1
+		// encoded as ASN.1…
+		es256stdsig = "MEUCIA7RIVN5Y2xIPC9/FVgH1AKjsigDOvl8fheBmsMWnqZlAiEA" +
+			"xQoH04w8cOXY8S2vCEpUgKZlkMXyk1Cajz9/ioOjVNU"
+		// …and RFC7518 (https://tools.ietf.org/html/rfc7518#section-3.4)
+		es256jwsig = "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw" +
+			"5djxLa8ISlSApmWQxfKTUJqPP3-Kg6NU1Q"
+
+		// printf '{"alg":"ES256","jwk":{"crv":"P-256","kty":"EC","x":<testKeyECPubY>,"y":<testKeyECPubY>},"nonce":"nonce","url":"url"}' | b64raw
+		es256phead = "eyJhbGciOiJFUzI1NiIsImp3ayI6eyJjcnYiOiJQLTI1NiIsImt0" +
+			"eSI6IkVDIiwieCI6IjVsaEV1ZzV4SzR4QkRaMm5BYmF4THRhTGl2" +
+			"ODVieEo3ZVBkMWRrTzIzSFEiLCJ5IjoiNGFpSzcyc0JlVUFHa3Yw" +
+			"VGFMc213b2tZVVl5TnhHc1M1RU1JS3dzTklLayJ9LCJub25jZSI6" +
+			"Im5vbmNlIiwidXJsIjoidXJsIn0"
+
+		// {"alg":"RS256","jwk":{"e":"AQAB","kty":"RSA","n":"..."},"nonce":"nonce","url":"url"}
+		rs256phead = "eyJhbGciOiJSUzI1NiIsImp3ayI6eyJlIjoiQVFBQiIsImt0eSI6" +
+			"IlJTQSIsIm4iOiI0eGdaM2VSUGt3b1J2eTdxZVJVYm1NRGUwVi14" +
+			"SDllV0xkdTBpaGVlTGxybUQybXFXWGZQOUllU0tBcGJuMzRnOFR1" +
+			"QVM5ZzV6aHE4RUxRM2ttanItS1Y4NkdBTWdJNlZBY0dscTNRcnpw" +
+			"VENmXzMwQWI3LXphd3JmUmFGT05hMUh3RXpQWTFLSG5HVmt4SmM4" +
+			"NWdOa3dZSTlTWTJSSFh0dmxuM3pzNXdJVE5yZG9zcUVYZWFJa1ZZ" +
+			"QkVoYmhOdTU0cHAza3hvNlR1V0xpOWU2cFhlV2V0RXdtbEJ3dFda" +
+			"bFBvaWIyajNUeExCa3NLWmZveUZ5ZWszODBtSGdKQXVtUV9JMmZq" +
+			"ajk4Xzk3bWszaWhPWTRBZ1ZkQ0RqMXpfR0NvWmtHNVJxN25iQ0d5" +
+			"b3N5S1d5RFgwMFpzLW5OcVZob0xlSXZYQzRubldkSk1aNnJvZ3h5" +
+			"UVEifSwibm9uY2UiOiJub25jZSIsInVybCI6InVybCJ9"
+	)
+
+	tt := []struct {
+		alg, phead    string
+		pub           crypto.PublicKey
+		stdsig, jwsig string
+	}{
+		{"ES256", es256phead, testKeyEC.Public(), es256stdsig, es256jwsig},
+		{"RS256", rs256phead, testKey.Public(), testsig, testsig},
+	}
+	for _, tc := range tt {
+		tc := tc
+		t.Run(tc.alg, func(t *testing.T) {
+			stdsig, err := base64.RawStdEncoding.DecodeString(tc.stdsig)
+			if err != nil {
+				t.Errorf("couldn't decode test vector: %v", err)
+			}
+			signer := &customTestSigner{
+				sig: stdsig,
+				pub: tc.pub,
+			}
+
+			b, err := jwsEncodeJSON(claims, signer, noKeyID, "nonce", "url")
+			if err != nil {
+				t.Fatal(err)
+			}
+			var j jsonWebSignature
+			if err := json.Unmarshal(b, &j); err != nil {
+				t.Fatal(err)
+			}
+			if j.Protected != tc.phead {
+				t.Errorf("j.Protected = %q\nwant %q", j.Protected, tc.phead)
+			}
+			if j.Payload != payload {
+				t.Errorf("j.Payload = %q\nwant %q", j.Payload, payload)
+			}
+			if j.Sig != tc.jwsig {
+				t.Errorf("j.Sig = %q\nwant %q", j.Sig, tc.jwsig)
+			}
+		})
+	}
+}
+
+func TestJWSWithMAC(t *testing.T) {
+	// Example from RFC 7520 Section 4.4.3.
+	// https://tools.ietf.org/html/rfc7520#section-4.4.3
+	b64Key := "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"
+	rawPayload := []byte("It\xe2\x80\x99s a dangerous business, Frodo, going out your " +
+		"door. You step onto the road, and if you don't keep your feet, " +
+		"there\xe2\x80\x99s no knowing where you might be swept off " +
+		"to.")
+	protected := "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LW" +
+		"VlZjMxNGJjNzAzNyJ9"
+	payload := "SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywg" +
+		"Z29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9h" +
+		"ZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXi" +
+		"gJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9m" +
+		"ZiB0by4"
+	sig := "s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
+
+	key, err := base64.RawURLEncoding.DecodeString(b64Key)
+	if err != nil {
+		t.Fatalf("unable to decode key: %q", b64Key)
+	}
+	got, err := jwsWithMAC(key, "018c0ae5-4d9b-471b-bfd6-eef314bc7037", "", rawPayload)
+	if err != nil {
+		t.Fatalf("jwsWithMAC() = %q", err)
+	}
+	if got.Protected != protected {
+		t.Errorf("got.Protected = %q\nwant %q", got.Protected, protected)
+	}
+	if got.Payload != payload {
+		t.Errorf("got.Payload = %q\nwant %q", got.Payload, payload)
+	}
+	if got.Sig != sig {
+		t.Errorf("got.Signature = %q\nwant %q", got.Sig, sig)
+	}
+}
+
+func TestJWSWithMACError(t *testing.T) {
+	p := "{}"
+	if _, err := jwsWithMAC(nil, "", "", []byte(p)); err == nil {
+		t.Errorf("jwsWithMAC(nil, ...) = success; want err")
+	}
+}
+
 func TestJWKThumbprintRSA(t *testing.T) {
 	// Key example from RFC 7638
 	const base64N = "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAt" +
@@ -277,10 +472,8 @@ func TestJWKThumbprintRSA(t *testing.T) {
 func TestJWKThumbprintEC(t *testing.T) {
 	// Key example from RFC 7520
 	// expected was computed with
-	// echo -n '{"crv":"P-521","kty":"EC","x":"<base64X>","y":"<base64Y>"}' | \
-	// openssl dgst -binary -sha256 | \
-	// base64 | \
-	// tr -d '=' | tr '/+' '_-'
+	// printf '{"crv":"P-521","kty":"EC","x":"<base64X>","y":"<base64Y>"}' | \
+	// openssl dgst -binary -sha256 | b64raw
 	const (
 		base64X = "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkT" +
 			"KqjqvjyekWF-7ytDyRXYgCF5cj0Kt"
diff --git a/acme/rfc8555.go b/acme/rfc8555.go
new file mode 100644
index 000000000..f9d3011ff
--- /dev/null
+++ b/acme/rfc8555.go
@@ -0,0 +1,438 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package acme
+
+import (
+	"context"
+	"crypto"
+	"encoding/base64"
+	"encoding/json"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"time"
+)
+
+// DeactivateReg permanently disables an existing account associated with c.Key.
+// A deactivated account can no longer request certificate issuance or access
+// resources related to the account, such as orders or authorizations.
+//
+// It only works with CAs implementing RFC 8555.
+func (c *Client) DeactivateReg(ctx context.Context) error {
+	url := string(c.accountKID(ctx))
+	if url == "" {
+		return ErrNoAccount
+	}
+	req := json.RawMessage(`{"status": "deactivated"}`)
+	res, err := c.post(ctx, nil, url, req, wantStatus(http.StatusOK))
+	if err != nil {
+		return err
+	}
+	res.Body.Close()
+	return nil
+}
+
+// registerRFC is equivalent to c.Register but for CAs implementing RFC 8555.
+// It expects c.Discover to have already been called.
+func (c *Client) registerRFC(ctx context.Context, acct *Account, prompt func(tosURL string) bool) (*Account, error) {
+	c.cacheMu.Lock() // guard c.kid access
+	defer c.cacheMu.Unlock()
+
+	req := struct {
+		TermsAgreed            bool              `json:"termsOfServiceAgreed,omitempty"`
+		Contact                []string          `json:"contact,omitempty"`
+		ExternalAccountBinding *jsonWebSignature `json:"externalAccountBinding,omitempty"`
+	}{
+		Contact: acct.Contact,
+	}
+	if c.dir.Terms != "" {
+		req.TermsAgreed = prompt(c.dir.Terms)
+	}
+
+	// set 'externalAccountBinding' field if requested
+	if acct.ExternalAccountBinding != nil {
+		eabJWS, err := c.encodeExternalAccountBinding(acct.ExternalAccountBinding)
+		if err != nil {
+			return nil, fmt.Errorf("acme: failed to encode external account binding: %v", err)
+		}
+		req.ExternalAccountBinding = eabJWS
+	}
+
+	res, err := c.post(ctx, c.Key, c.dir.RegURL, req, wantStatus(
+		http.StatusOK,      // account with this key already registered
+		http.StatusCreated, // new account created
+	))
+	if err != nil {
+		return nil, err
+	}
+
+	defer res.Body.Close()
+	a, err := responseAccount(res)
+	if err != nil {
+		return nil, err
+	}
+	// Cache Account URL even if we return an error to the caller.
+	// It is by all means a valid and usable "kid" value for future requests.
+	c.kid = keyID(a.URI)
+	if res.StatusCode == http.StatusOK {
+		return nil, ErrAccountAlreadyExists
+	}
+	return a, nil
+}
+
+// encodeExternalAccountBinding will encode an external account binding stanza
+// as described in https://tools.ietf.org/html/rfc8555#section-7.3.4.
+func (c *Client) encodeExternalAccountBinding(eab *ExternalAccountBinding) (*jsonWebSignature, error) {
+	jwk, err := jwkEncode(c.Key.Public())
+	if err != nil {
+		return nil, err
+	}
+	return jwsWithMAC(eab.Key, eab.KID, c.dir.RegURL, []byte(jwk))
+}
+
+// updateRegRFC is equivalent to c.UpdateReg but for CAs implementing RFC 8555.
+// It expects c.Discover to have already been called.
+func (c *Client) updateRegRFC(ctx context.Context, a *Account) (*Account, error) {
+	url := string(c.accountKID(ctx))
+	if url == "" {
+		return nil, ErrNoAccount
+	}
+	req := struct {
+		Contact []string `json:"contact,omitempty"`
+	}{
+		Contact: a.Contact,
+	}
+	res, err := c.post(ctx, nil, url, req, wantStatus(http.StatusOK))
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	return responseAccount(res)
+}
+
+// getGegRFC is equivalent to c.GetReg but for CAs implementing RFC 8555.
+// It expects c.Discover to have already been called.
+func (c *Client) getRegRFC(ctx context.Context) (*Account, error) {
+	req := json.RawMessage(`{"onlyReturnExisting": true}`)
+	res, err := c.post(ctx, c.Key, c.dir.RegURL, req, wantStatus(http.StatusOK))
+	if e, ok := err.(*Error); ok && e.ProblemType == "urn:ietf:params:acme:error:accountDoesNotExist" {
+		return nil, ErrNoAccount
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	defer res.Body.Close()
+	return responseAccount(res)
+}
+
+func responseAccount(res *http.Response) (*Account, error) {
+	var v struct {
+		Status  string
+		Contact []string
+		Orders  string
+	}
+	if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
+		return nil, fmt.Errorf("acme: invalid account response: %v", err)
+	}
+	return &Account{
+		URI:       res.Header.Get("Location"),
+		Status:    v.Status,
+		Contact:   v.Contact,
+		OrdersURL: v.Orders,
+	}, nil
+}
+
+// AuthorizeOrder initiates the order-based application for certificate issuance,
+// as opposed to pre-authorization in Authorize.
+// It is only supported by CAs implementing RFC 8555.
+//
+// The caller then needs to fetch each authorization with GetAuthorization,
+// identify those with StatusPending status and fulfill a challenge using Accept.
+// Once all authorizations are satisfied, the caller will typically want to poll
+// order status using WaitOrder until it's in StatusReady state.
+// To finalize the order and obtain a certificate, the caller submits a CSR with CreateOrderCert.
+func (c *Client) AuthorizeOrder(ctx context.Context, id []AuthzID, opt ...OrderOption) (*Order, error) {
+	dir, err := c.Discover(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	req := struct {
+		Identifiers []wireAuthzID `json:"identifiers"`
+		NotBefore   string        `json:"notBefore,omitempty"`
+		NotAfter    string        `json:"notAfter,omitempty"`
+	}{}
+	for _, v := range id {
+		req.Identifiers = append(req.Identifiers, wireAuthzID{
+			Type:  v.Type,
+			Value: v.Value,
+		})
+	}
+	for _, o := range opt {
+		switch o := o.(type) {
+		case orderNotBeforeOpt:
+			req.NotBefore = time.Time(o).Format(time.RFC3339)
+		case orderNotAfterOpt:
+			req.NotAfter = time.Time(o).Format(time.RFC3339)
+		default:
+			// Package's fault if we let this happen.
+			panic(fmt.Sprintf("unsupported order option type %T", o))
+		}
+	}
+
+	res, err := c.post(ctx, nil, dir.OrderURL, req, wantStatus(http.StatusCreated))
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	return responseOrder(res)
+}
+
+// GetOrder retrives an order identified by the given URL.
+// For orders created with AuthorizeOrder, the url value is Order.URI.
+//
+// If a caller needs to poll an order until its status is final,
+// see the WaitOrder method.
+func (c *Client) GetOrder(ctx context.Context, url string) (*Order, error) {
+	if _, err := c.Discover(ctx); err != nil {
+		return nil, err
+	}
+
+	res, err := c.postAsGet(ctx, url, wantStatus(http.StatusOK))
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	return responseOrder(res)
+}
+
+// WaitOrder polls an order from the given URL until it is in one of the final states,
+// StatusReady, StatusValid or StatusInvalid, the CA responded with a non-retryable error
+// or the context is done.
+//
+// It returns a non-nil Order only if its Status is StatusReady or StatusValid.
+// In all other cases WaitOrder returns an error.
+// If the Status is StatusInvalid, the returned error is of type *OrderError.
+func (c *Client) WaitOrder(ctx context.Context, url string) (*Order, error) {
+	if _, err := c.Discover(ctx); err != nil {
+		return nil, err
+	}
+	for {
+		res, err := c.postAsGet(ctx, url, wantStatus(http.StatusOK))
+		if err != nil {
+			return nil, err
+		}
+		o, err := responseOrder(res)
+		res.Body.Close()
+		switch {
+		case err != nil:
+			// Skip and retry.
+		case o.Status == StatusInvalid:
+			return nil, &OrderError{OrderURL: o.URI, Status: o.Status}
+		case o.Status == StatusReady || o.Status == StatusValid:
+			return o, nil
+		}
+
+		d := retryAfter(res.Header.Get("Retry-After"))
+		if d == 0 {
+			// Default retry-after.
+			// Same reasoning as in WaitAuthorization.
+			d = time.Second
+		}
+		t := time.NewTimer(d)
+		select {
+		case <-ctx.Done():
+			t.Stop()
+			return nil, ctx.Err()
+		case <-t.C:
+			// Retry.
+		}
+	}
+}
+
+func responseOrder(res *http.Response) (*Order, error) {
+	var v struct {
+		Status         string
+		Expires        time.Time
+		Identifiers    []wireAuthzID
+		NotBefore      time.Time
+		NotAfter       time.Time
+		Error          *wireError
+		Authorizations []string
+		Finalize       string
+		Certificate    string
+	}
+	if err := json.NewDecoder(res.Body).Decode(&v); err != nil {
+		return nil, fmt.Errorf("acme: error reading order: %v", err)
+	}
+	o := &Order{
+		URI:         res.Header.Get("Location"),
+		Status:      v.Status,
+		Expires:     v.Expires,
+		NotBefore:   v.NotBefore,
+		NotAfter:    v.NotAfter,
+		AuthzURLs:   v.Authorizations,
+		FinalizeURL: v.Finalize,
+		CertURL:     v.Certificate,
+	}
+	for _, id := range v.Identifiers {
+		o.Identifiers = append(o.Identifiers, AuthzID{Type: id.Type, Value: id.Value})
+	}
+	if v.Error != nil {
+		o.Error = v.Error.error(nil /* headers */)
+	}
+	return o, nil
+}
+
+// CreateOrderCert submits the CSR (Certificate Signing Request) to a CA at the specified URL.
+// The URL is the FinalizeURL field of an Order created with AuthorizeOrder.
+//
+// If the bundle argument is true, the returned value also contain the CA (issuer)
+// certificate chain. Otherwise, only a leaf certificate is returned.
+// The returned URL can be used to re-fetch the certificate using FetchCert.
+//
+// This method is only supported by CAs implementing RFC 8555. See CreateCert for pre-RFC CAs.
+//
+// CreateOrderCert returns an error if the CA's response is unreasonably large.
+// Callers are encouraged to parse the returned value to ensure the certificate is valid and has the expected features.
+func (c *Client) CreateOrderCert(ctx context.Context, url string, csr []byte, bundle bool) (der [][]byte, certURL string, err error) {
+	if _, err := c.Discover(ctx); err != nil { // required by c.accountKID
+		return nil, "", err
+	}
+
+	// RFC describes this as "finalize order" request.
+	req := struct {
+		CSR string `json:"csr"`
+	}{
+		CSR: base64.RawURLEncoding.EncodeToString(csr),
+	}
+	res, err := c.post(ctx, nil, url, req, wantStatus(http.StatusOK))
+	if err != nil {
+		return nil, "", err
+	}
+	defer res.Body.Close()
+	o, err := responseOrder(res)
+	if err != nil {
+		return nil, "", err
+	}
+
+	// Wait for CA to issue the cert if they haven't.
+	if o.Status != StatusValid {
+		o, err = c.WaitOrder(ctx, o.URI)
+	}
+	if err != nil {
+		return nil, "", err
+	}
+	// The only acceptable status post finalize and WaitOrder is "valid".
+	if o.Status != StatusValid {
+		return nil, "", &OrderError{OrderURL: o.URI, Status: o.Status}
+	}
+	crt, err := c.fetchCertRFC(ctx, o.CertURL, bundle)
+	return crt, o.CertURL, err
+}
+
+// fetchCertRFC downloads issued certificate from the given URL.
+// It expects the CA to respond with PEM-encoded certificate chain.
+//
+// The URL argument is the CertURL field of Order.
+func (c *Client) fetchCertRFC(ctx context.Context, url string, bundle bool) ([][]byte, error) {
+	res, err := c.postAsGet(ctx, url, wantStatus(http.StatusOK))
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+
+	// Get all the bytes up to a sane maximum.
+	// Account very roughly for base64 overhead.
+	const max = maxCertChainSize + maxCertChainSize/33
+	b, err := ioutil.ReadAll(io.LimitReader(res.Body, max+1))
+	if err != nil {
+		return nil, fmt.Errorf("acme: fetch cert response stream: %v", err)
+	}
+	if len(b) > max {
+		return nil, errors.New("acme: certificate chain is too big")
+	}
+
+	// Decode PEM chain.
+	var chain [][]byte
+	for {
+		var p *pem.Block
+		p, b = pem.Decode(b)
+		if p == nil {
+			break
+		}
+		if p.Type != "CERTIFICATE" {
+			return nil, fmt.Errorf("acme: invalid PEM cert type %q", p.Type)
+		}
+
+		chain = append(chain, p.Bytes)
+		if !bundle {
+			return chain, nil
+		}
+		if len(chain) > maxChainLen {
+			return nil, errors.New("acme: certificate chain is too long")
+		}
+	}
+	if len(chain) == 0 {
+		return nil, errors.New("acme: certificate chain is empty")
+	}
+	return chain, nil
+}
+
+// sends a cert revocation request in either JWK form when key is non-nil or KID form otherwise.
+func (c *Client) revokeCertRFC(ctx context.Context, key crypto.Signer, cert []byte, reason CRLReasonCode) error {
+	req := &struct {
+		Cert   string `json:"certificate"`
+		Reason int    `json:"reason"`
+	}{
+		Cert:   base64.RawURLEncoding.EncodeToString(cert),
+		Reason: int(reason),
+	}
+	res, err := c.post(ctx, key, c.dir.RevokeURL, req, wantStatus(http.StatusOK))
+	if err != nil {
+		if isAlreadyRevoked(err) {
+			// Assume it is not an error to revoke an already revoked cert.
+			return nil
+		}
+		return err
+	}
+	defer res.Body.Close()
+	return nil
+}
+
+func isAlreadyRevoked(err error) bool {
+	e, ok := err.(*Error)
+	return ok && e.ProblemType == "urn:ietf:params:acme:error:alreadyRevoked"
+}
+
+// ListCertAlternates retrieves any alternate certificate chain URLs for the
+// given certificate chain URL. These alternate URLs can be passed to FetchCert
+// in order to retrieve the alternate certificate chains.
+//
+// If there are no alternate issuer certificate chains, a nil slice will be
+// returned.
+func (c *Client) ListCertAlternates(ctx context.Context, url string) ([]string, error) {
+	if _, err := c.Discover(ctx); err != nil { // required by c.accountKID
+		return nil, err
+	}
+
+	res, err := c.postAsGet(ctx, url, wantStatus(http.StatusOK))
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+
+	// We don't need the body but we need to discard it so we don't end up
+	// preventing keep-alive
+	if _, err := io.Copy(ioutil.Discard, res.Body); err != nil {
+		return nil, fmt.Errorf("acme: cert alternates response stream: %v", err)
+	}
+	alts := linkHeader(res.Header, "alternate")
+	return alts, nil
+}
diff --git a/acme/rfc8555_test.go b/acme/rfc8555_test.go
new file mode 100644
index 000000000..07e2f29db
--- /dev/null
+++ b/acme/rfc8555_test.go
@@ -0,0 +1,916 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package acme
+
+import (
+	"bytes"
+	"context"
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/base64"
+	"encoding/json"
+	"encoding/pem"
+	"fmt"
+	"io/ioutil"
+	"math/big"
+	"net/http"
+	"net/http/httptest"
+	"reflect"
+	"sync"
+	"testing"
+	"time"
+)
+
+// While contents of this file is pertinent only to RFC8555,
+// it is complementary to the tests in the other _test.go files
+// many of which are valid for both pre- and RFC8555.
+// This will make it easier to clean up the tests once non-RFC compliant
+// code is removed.
+
+func TestRFC_Discover(t *testing.T) {
+	const (
+		nonce       = "https://example.com/acme/new-nonce"
+		reg         = "https://example.com/acme/new-acct"
+		order       = "https://example.com/acme/new-order"
+		authz       = "https://example.com/acme/new-authz"
+		revoke      = "https://example.com/acme/revoke-cert"
+		keychange   = "https://example.com/acme/key-change"
+		metaTerms   = "https://example.com/acme/terms/2017-5-30"
+		metaWebsite = "https://www.example.com/"
+		metaCAA     = "example.com"
+	)
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintf(w, `{
+			"newNonce": %q,
+			"newAccount": %q,
+			"newOrder": %q,
+			"newAuthz": %q,
+			"revokeCert": %q,
+			"keyChange": %q,
+			"meta": {
+				"termsOfService": %q,
+				"website": %q,
+				"caaIdentities": [%q],
+				"externalAccountRequired": true
+			}
+		}`, nonce, reg, order, authz, revoke, keychange, metaTerms, metaWebsite, metaCAA)
+	}))
+	defer ts.Close()
+	c := Client{DirectoryURL: ts.URL}
+	dir, err := c.Discover(context.Background())
+	if err != nil {
+		t.Fatal(err)
+	}
+	if dir.NonceURL != nonce {
+		t.Errorf("dir.NonceURL = %q; want %q", dir.NonceURL, nonce)
+	}
+	if dir.RegURL != reg {
+		t.Errorf("dir.RegURL = %q; want %q", dir.RegURL, reg)
+	}
+	if dir.OrderURL != order {
+		t.Errorf("dir.OrderURL = %q; want %q", dir.OrderURL, order)
+	}
+	if dir.AuthzURL != authz {
+		t.Errorf("dir.AuthzURL = %q; want %q", dir.AuthzURL, authz)
+	}
+	if dir.RevokeURL != revoke {
+		t.Errorf("dir.RevokeURL = %q; want %q", dir.RevokeURL, revoke)
+	}
+	if dir.KeyChangeURL != keychange {
+		t.Errorf("dir.KeyChangeURL = %q; want %q", dir.KeyChangeURL, keychange)
+	}
+	if dir.Terms != metaTerms {
+		t.Errorf("dir.Terms = %q; want %q", dir.Terms, metaTerms)
+	}
+	if dir.Website != metaWebsite {
+		t.Errorf("dir.Website = %q; want %q", dir.Website, metaWebsite)
+	}
+	if len(dir.CAA) == 0 || dir.CAA[0] != metaCAA {
+		t.Errorf("dir.CAA = %q; want [%q]", dir.CAA, metaCAA)
+	}
+	if !dir.ExternalAccountRequired {
+		t.Error("dir.Meta.ExternalAccountRequired is false")
+	}
+}
+
+func TestRFC_popNonce(t *testing.T) {
+	var count int
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// The Client uses only Directory.NonceURL when specified.
+		// Expect no other URL paths.
+		if r.URL.Path != "/new-nonce" {
+			t.Errorf("r.URL.Path = %q; want /new-nonce", r.URL.Path)
+		}
+		if count > 0 {
+			w.WriteHeader(http.StatusTooManyRequests)
+			return
+		}
+		count++
+		w.Header().Set("Replay-Nonce", "second")
+	}))
+	cl := &Client{
+		DirectoryURL: ts.URL,
+		dir:          &Directory{NonceURL: ts.URL + "/new-nonce"},
+	}
+	cl.addNonce(http.Header{"Replay-Nonce": {"first"}})
+
+	for i, nonce := range []string{"first", "second"} {
+		v, err := cl.popNonce(context.Background(), "")
+		if err != nil {
+			t.Errorf("%d: cl.popNonce: %v", i, err)
+		}
+		if v != nonce {
+			t.Errorf("%d: cl.popNonce = %q; want %q", i, v, nonce)
+		}
+	}
+	// No more nonces and server replies with an error past first nonce fetch.
+	// Expected to fail.
+	if _, err := cl.popNonce(context.Background(), ""); err == nil {
+		t.Error("last cl.popNonce returned nil error")
+	}
+}
+
+func TestRFC_postKID(t *testing.T) {
+	var ts *httptest.Server
+	ts = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case "/new-nonce":
+			w.Header().Set("Replay-Nonce", "nonce")
+		case "/new-account":
+			w.Header().Set("Location", "/account-1")
+			w.Write([]byte(`{"status":"valid"}`))
+		case "/post":
+			b, _ := ioutil.ReadAll(r.Body) // check err later in decodeJWSxxx
+			head, err := decodeJWSHead(bytes.NewReader(b))
+			if err != nil {
+				t.Errorf("decodeJWSHead: %v", err)
+				return
+			}
+			if head.KID != "/account-1" {
+				t.Errorf("head.KID = %q; want /account-1", head.KID)
+			}
+			if len(head.JWK) != 0 {
+				t.Errorf("head.JWK = %q; want zero map", head.JWK)
+			}
+			if v := ts.URL + "/post"; head.URL != v {
+				t.Errorf("head.URL = %q; want %q", head.URL, v)
+			}
+
+			var payload struct{ Msg string }
+			decodeJWSRequest(t, &payload, bytes.NewReader(b))
+			if payload.Msg != "ping" {
+				t.Errorf("payload.Msg = %q; want ping", payload.Msg)
+			}
+			w.Write([]byte("pong"))
+		default:
+			t.Errorf("unhandled %s %s", r.Method, r.URL)
+			w.WriteHeader(http.StatusBadRequest)
+		}
+	}))
+	defer ts.Close()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	cl := &Client{
+		Key:          testKey,
+		DirectoryURL: ts.URL,
+		dir: &Directory{
+			NonceURL: ts.URL + "/new-nonce",
+			RegURL:   ts.URL + "/new-account",
+			OrderURL: "/force-rfc-mode",
+		},
+	}
+	req := json.RawMessage(`{"msg":"ping"}`)
+	res, err := cl.post(ctx, nil /* use kid */, ts.URL+"/post", req, wantStatus(http.StatusOK))
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer res.Body.Close()
+	b, _ := ioutil.ReadAll(res.Body) // don't care about err - just checking b
+	if string(b) != "pong" {
+		t.Errorf("res.Body = %q; want pong", b)
+	}
+}
+
+// acmeServer simulates a subset of RFC8555 compliant CA.
+//
+// TODO: We also have x/crypto/acme/autocert/acmetest and startACMEServerStub in autocert_test.go.
+// It feels like this acmeServer is a sweet spot between usefulness and added complexity.
+// Also, acmetest and startACMEServerStub were both written for draft-02, no RFC support.
+// The goal is to consolidate all into one ACME test server.
+type acmeServer struct {
+	ts      *httptest.Server
+	handler map[string]http.HandlerFunc // keyed by r.URL.Path
+
+	mu     sync.Mutex
+	nnonce int
+}
+
+func newACMEServer() *acmeServer {
+	return &acmeServer{handler: make(map[string]http.HandlerFunc)}
+}
+
+func (s *acmeServer) handle(path string, f func(http.ResponseWriter, *http.Request)) {
+	s.handler[path] = http.HandlerFunc(f)
+}
+
+func (s *acmeServer) start() {
+	s.ts = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+
+		// Directory request.
+		if r.URL.Path == "/" {
+			fmt.Fprintf(w, `{
+				"newNonce": %q,
+				"newAccount": %q,
+				"newOrder": %q,
+				"newAuthz": %q,
+				"revokeCert": %q,
+				"meta": {"termsOfService": %q}
+				}`,
+				s.url("/acme/new-nonce"),
+				s.url("/acme/new-account"),
+				s.url("/acme/new-order"),
+				s.url("/acme/new-authz"),
+				s.url("/acme/revoke-cert"),
+				s.url("/terms"),
+			)
+			return
+		}
+
+		// All other responses contain a nonce value unconditionally.
+		w.Header().Set("Replay-Nonce", s.nonce())
+		if r.URL.Path == "/acme/new-nonce" {
+			return
+		}
+
+		h := s.handler[r.URL.Path]
+		if h == nil {
+			w.WriteHeader(http.StatusBadRequest)
+			fmt.Fprintf(w, "Unhandled %s", r.URL.Path)
+			return
+		}
+		h.ServeHTTP(w, r)
+	}))
+}
+
+func (s *acmeServer) close() {
+	s.ts.Close()
+}
+
+func (s *acmeServer) url(path string) string {
+	return s.ts.URL + path
+}
+
+func (s *acmeServer) nonce() string {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	s.nnonce++
+	return fmt.Sprintf("nonce%d", s.nnonce)
+}
+
+func (s *acmeServer) error(w http.ResponseWriter, e *wireError) {
+	w.WriteHeader(e.Status)
+	json.NewEncoder(w).Encode(e)
+}
+
+func TestRFC_Register(t *testing.T) {
+	const email = "mailto:user@example.org"
+
+	s := newACMEServer()
+	s.handle("/acme/new-account", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/accounts/1"))
+		w.WriteHeader(http.StatusCreated) // 201 means new account created
+		fmt.Fprintf(w, `{
+			"status": "valid",
+			"contact": [%q],
+			"orders": %q
+		}`, email, s.url("/accounts/1/orders"))
+
+		b, _ := ioutil.ReadAll(r.Body) // check err later in decodeJWSxxx
+		head, err := decodeJWSHead(bytes.NewReader(b))
+		if err != nil {
+			t.Errorf("decodeJWSHead: %v", err)
+			return
+		}
+		if len(head.JWK) == 0 {
+			t.Error("head.JWK is empty")
+		}
+
+		var req struct{ Contact []string }
+		decodeJWSRequest(t, &req, bytes.NewReader(b))
+		if len(req.Contact) != 1 || req.Contact[0] != email {
+			t.Errorf("req.Contact = %q; want [%q]", req.Contact, email)
+		}
+	})
+	s.start()
+	defer s.close()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	cl := &Client{
+		Key:          testKeyEC,
+		DirectoryURL: s.url("/"),
+	}
+
+	var didPrompt bool
+	a := &Account{Contact: []string{email}}
+	acct, err := cl.Register(ctx, a, func(tos string) bool {
+		didPrompt = true
+		terms := s.url("/terms")
+		if tos != terms {
+			t.Errorf("tos = %q; want %q", tos, terms)
+		}
+		return true
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	okAccount := &Account{
+		URI:       s.url("/accounts/1"),
+		Status:    StatusValid,
+		Contact:   []string{email},
+		OrdersURL: s.url("/accounts/1/orders"),
+	}
+	if !reflect.DeepEqual(acct, okAccount) {
+		t.Errorf("acct = %+v; want %+v", acct, okAccount)
+	}
+	if !didPrompt {
+		t.Error("tos prompt wasn't called")
+	}
+	if v := cl.accountKID(ctx); v != keyID(okAccount.URI) {
+		t.Errorf("account kid = %q; want %q", v, okAccount.URI)
+	}
+}
+
+func TestRFC_RegisterExternalAccountBinding(t *testing.T) {
+	eab := &ExternalAccountBinding{
+		KID: "kid-1",
+		Key: []byte("secret"),
+	}
+
+	type protected struct {
+		Algorithm string `json:"alg"`
+		KID       string `json:"kid"`
+		URL       string `json:"url"`
+	}
+	const email = "mailto:user@example.org"
+
+	s := newACMEServer()
+	s.handle("/acme/new-account", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/accounts/1"))
+		if r.Method != "POST" {
+			t.Errorf("r.Method = %q; want POST", r.Method)
+		}
+
+		var j struct {
+			Protected              string
+			Contact                []string
+			TermsOfServiceAgreed   bool
+			ExternalaccountBinding struct {
+				Protected string
+				Payload   string
+				Signature string
+			}
+		}
+		decodeJWSRequest(t, &j, r.Body)
+		protData, err := base64.RawURLEncoding.DecodeString(j.ExternalaccountBinding.Protected)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		var prot protected
+		err = json.Unmarshal(protData, &prot)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		if !reflect.DeepEqual(j.Contact, []string{email}) {
+			t.Errorf("j.Contact = %v; want %v", j.Contact, []string{email})
+		}
+		if !j.TermsOfServiceAgreed {
+			t.Error("j.TermsOfServiceAgreed = false; want true")
+		}
+
+		// Ensure same KID.
+		if prot.KID != eab.KID {
+			t.Errorf("j.ExternalAccountBinding.KID = %s; want %s", prot.KID, eab.KID)
+		}
+		// Ensure expected Algorithm.
+		if prot.Algorithm != "HS256" {
+			t.Errorf("j.ExternalAccountBinding.Alg = %s; want %s",
+				prot.Algorithm, "HS256")
+		}
+
+		// Ensure same URL as outer JWS.
+		url := fmt.Sprintf("http://%s/acme/new-account", r.Host)
+		if prot.URL != url {
+			t.Errorf("j.ExternalAccountBinding.URL = %s; want %s",
+				prot.URL, url)
+		}
+
+		// Ensure payload is base64URL encoded string of JWK in outer JWS
+		jwk, err := jwkEncode(testKeyEC.Public())
+		if err != nil {
+			t.Fatal(err)
+		}
+		decodedPayload, err := base64.RawURLEncoding.DecodeString(j.ExternalaccountBinding.Payload)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if jwk != string(decodedPayload) {
+			t.Errorf("j.ExternalAccountBinding.Payload = %s; want %s", decodedPayload, jwk)
+		}
+
+		// Check signature on inner external account binding JWS
+		hmac := hmac.New(sha256.New, []byte("secret"))
+		_, err = hmac.Write([]byte(j.ExternalaccountBinding.Protected + "." + j.ExternalaccountBinding.Payload))
+		if err != nil {
+			t.Fatal(err)
+		}
+		mac := hmac.Sum(nil)
+		encodedMAC := base64.RawURLEncoding.EncodeToString(mac)
+
+		if !bytes.Equal([]byte(encodedMAC), []byte(j.ExternalaccountBinding.Signature)) {
+			t.Errorf("j.ExternalAccountBinding.Signature = %v; want %v",
+				[]byte(j.ExternalaccountBinding.Signature), encodedMAC)
+		}
+
+		w.Header().Set("Location", s.url("/accounts/1"))
+		w.WriteHeader(http.StatusCreated)
+		b, _ := json.Marshal([]string{email})
+		fmt.Fprintf(w, `{"status":"valid","orders":"%s","contact":%s}`, s.url("/accounts/1/orders"), b)
+	})
+	s.start()
+	defer s.close()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+	cl := &Client{
+		Key:          testKeyEC,
+		DirectoryURL: s.url("/"),
+	}
+
+	var didPrompt bool
+	a := &Account{Contact: []string{email}, ExternalAccountBinding: eab}
+	acct, err := cl.Register(ctx, a, func(tos string) bool {
+		didPrompt = true
+		terms := s.url("/terms")
+		if tos != terms {
+			t.Errorf("tos = %q; want %q", tos, terms)
+		}
+		return true
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	okAccount := &Account{
+		URI:       s.url("/accounts/1"),
+		Status:    StatusValid,
+		Contact:   []string{email},
+		OrdersURL: s.url("/accounts/1/orders"),
+	}
+	if !reflect.DeepEqual(acct, okAccount) {
+		t.Errorf("acct = %+v; want %+v", acct, okAccount)
+	}
+	if !didPrompt {
+		t.Error("tos prompt wasn't called")
+	}
+	if v := cl.accountKID(ctx); v != keyID(okAccount.URI) {
+		t.Errorf("account kid = %q; want %q", v, okAccount.URI)
+	}
+}
+
+func TestRFC_RegisterExisting(t *testing.T) {
+	s := newACMEServer()
+	s.handle("/acme/new-account", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/accounts/1"))
+		w.WriteHeader(http.StatusOK) // 200 means account already exists
+		w.Write([]byte(`{"status": "valid"}`))
+	})
+	s.start()
+	defer s.close()
+
+	cl := &Client{Key: testKeyEC, DirectoryURL: s.url("/")}
+	_, err := cl.Register(context.Background(), &Account{}, AcceptTOS)
+	if err != ErrAccountAlreadyExists {
+		t.Errorf("err = %v; want %v", err, ErrAccountAlreadyExists)
+	}
+	kid := keyID(s.url("/accounts/1"))
+	if v := cl.accountKID(context.Background()); v != kid {
+		t.Errorf("account kid = %q; want %q", v, kid)
+	}
+}
+
+func TestRFC_UpdateReg(t *testing.T) {
+	const email = "mailto:user@example.org"
+
+	s := newACMEServer()
+	s.handle("/acme/new-account", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/accounts/1"))
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(`{"status": "valid"}`))
+	})
+	var didUpdate bool
+	s.handle("/accounts/1", func(w http.ResponseWriter, r *http.Request) {
+		didUpdate = true
+		w.Header().Set("Location", s.url("/accounts/1"))
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(`{"status": "valid"}`))
+
+		b, _ := ioutil.ReadAll(r.Body) // check err later in decodeJWSxxx
+		head, err := decodeJWSHead(bytes.NewReader(b))
+		if err != nil {
+			t.Errorf("decodeJWSHead: %v", err)
+			return
+		}
+		if len(head.JWK) != 0 {
+			t.Error("head.JWK is non-zero")
+		}
+		kid := s.url("/accounts/1")
+		if head.KID != kid {
+			t.Errorf("head.KID = %q; want %q", head.KID, kid)
+		}
+
+		var req struct{ Contact []string }
+		decodeJWSRequest(t, &req, bytes.NewReader(b))
+		if len(req.Contact) != 1 || req.Contact[0] != email {
+			t.Errorf("req.Contact = %q; want [%q]", req.Contact, email)
+		}
+	})
+	s.start()
+	defer s.close()
+
+	cl := &Client{Key: testKeyEC, DirectoryURL: s.url("/")}
+	_, err := cl.UpdateReg(context.Background(), &Account{Contact: []string{email}})
+	if err != nil {
+		t.Error(err)
+	}
+	if !didUpdate {
+		t.Error("UpdateReg didn't update the account")
+	}
+}
+
+func TestRFC_GetReg(t *testing.T) {
+	s := newACMEServer()
+	s.handle("/acme/new-account", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/accounts/1"))
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(`{"status": "valid"}`))
+
+		head, err := decodeJWSHead(r.Body)
+		if err != nil {
+			t.Errorf("decodeJWSHead: %v", err)
+			return
+		}
+		if len(head.JWK) == 0 {
+			t.Error("head.JWK is empty")
+		}
+	})
+	s.start()
+	defer s.close()
+
+	cl := &Client{Key: testKeyEC, DirectoryURL: s.url("/")}
+	acct, err := cl.GetReg(context.Background(), "")
+	if err != nil {
+		t.Fatal(err)
+	}
+	okAccount := &Account{
+		URI:    s.url("/accounts/1"),
+		Status: StatusValid,
+	}
+	if !reflect.DeepEqual(acct, okAccount) {
+		t.Errorf("acct = %+v; want %+v", acct, okAccount)
+	}
+}
+
+func TestRFC_GetRegNoAccount(t *testing.T) {
+	s := newACMEServer()
+	s.handle("/acme/new-account", func(w http.ResponseWriter, r *http.Request) {
+		s.error(w, &wireError{
+			Status: http.StatusBadRequest,
+			Type:   "urn:ietf:params:acme:error:accountDoesNotExist",
+		})
+	})
+	s.start()
+	defer s.close()
+
+	cl := &Client{Key: testKeyEC, DirectoryURL: s.url("/")}
+	if _, err := cl.GetReg(context.Background(), ""); err != ErrNoAccount {
+		t.Errorf("err = %v; want %v", err, ErrNoAccount)
+	}
+}
+
+func TestRFC_GetRegOtherError(t *testing.T) {
+	s := newACMEServer()
+	s.handle("/acme/new-account", func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusBadRequest)
+	})
+	s.start()
+	defer s.close()
+
+	cl := &Client{Key: testKeyEC, DirectoryURL: s.url("/")}
+	if _, err := cl.GetReg(context.Background(), ""); err == nil || err == ErrNoAccount {
+		t.Errorf("GetReg: %v; want any other non-nil err", err)
+	}
+}
+
+func TestRFC_AuthorizeOrder(t *testing.T) {
+	s := newACMEServer()
+	s.handle("/acme/new-account", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/accounts/1"))
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(`{"status": "valid"}`))
+	})
+	s.handle("/acme/new-order", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/orders/1"))
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `{
+			"status": "pending",
+			"expires": "2019-09-01T00:00:00Z",
+			"notBefore": "2019-08-31T00:00:00Z",
+			"notAfter": "2019-09-02T00:00:00Z",
+			"identifiers": [{"type":"dns", "value":"example.org"}],
+			"authorizations": [%q]
+		}`, s.url("/authz/1"))
+	})
+	s.start()
+	defer s.close()
+
+	cl := &Client{Key: testKeyEC, DirectoryURL: s.url("/")}
+	o, err := cl.AuthorizeOrder(context.Background(), DomainIDs("example.org"),
+		WithOrderNotBefore(time.Date(2019, 8, 31, 0, 0, 0, 0, time.UTC)),
+		WithOrderNotAfter(time.Date(2019, 9, 2, 0, 0, 0, 0, time.UTC)),
+	)
+	if err != nil {
+		t.Fatal(err)
+	}
+	okOrder := &Order{
+		URI:         s.url("/orders/1"),
+		Status:      StatusPending,
+		Expires:     time.Date(2019, 9, 1, 0, 0, 0, 0, time.UTC),
+		NotBefore:   time.Date(2019, 8, 31, 0, 0, 0, 0, time.UTC),
+		NotAfter:    time.Date(2019, 9, 2, 0, 0, 0, 0, time.UTC),
+		Identifiers: []AuthzID{AuthzID{Type: "dns", Value: "example.org"}},
+		AuthzURLs:   []string{s.url("/authz/1")},
+	}
+	if !reflect.DeepEqual(o, okOrder) {
+		t.Errorf("AuthorizeOrder = %+v; want %+v", o, okOrder)
+	}
+}
+
+func TestRFC_GetOrder(t *testing.T) {
+	s := newACMEServer()
+	s.handle("/acme/new-account", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/accounts/1"))
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(`{"status": "valid"}`))
+	})
+	s.handle("/orders/1", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/orders/1"))
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(`{
+			"status": "invalid",
+			"expires": "2019-09-01T00:00:00Z",
+			"notBefore": "2019-08-31T00:00:00Z",
+			"notAfter": "2019-09-02T00:00:00Z",
+			"identifiers": [{"type":"dns", "value":"example.org"}],
+			"authorizations": ["/authz/1"],
+			"finalize": "/orders/1/fin",
+			"certificate": "/orders/1/cert",
+			"error": {"type": "badRequest"}
+		}`))
+	})
+	s.start()
+	defer s.close()
+
+	cl := &Client{Key: testKeyEC, DirectoryURL: s.url("/")}
+	o, err := cl.GetOrder(context.Background(), s.url("/orders/1"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	okOrder := &Order{
+		URI:         s.url("/orders/1"),
+		Status:      StatusInvalid,
+		Expires:     time.Date(2019, 9, 1, 0, 0, 0, 0, time.UTC),
+		NotBefore:   time.Date(2019, 8, 31, 0, 0, 0, 0, time.UTC),
+		NotAfter:    time.Date(2019, 9, 2, 0, 0, 0, 0, time.UTC),
+		Identifiers: []AuthzID{AuthzID{Type: "dns", Value: "example.org"}},
+		AuthzURLs:   []string{"/authz/1"},
+		FinalizeURL: "/orders/1/fin",
+		CertURL:     "/orders/1/cert",
+		Error:       &Error{ProblemType: "badRequest"},
+	}
+	if !reflect.DeepEqual(o, okOrder) {
+		t.Errorf("GetOrder = %+v\nwant %+v", o, okOrder)
+	}
+}
+
+func TestRFC_WaitOrder(t *testing.T) {
+	for _, st := range []string{StatusReady, StatusValid} {
+		t.Run(st, func(t *testing.T) {
+			testWaitOrderStatus(t, st)
+		})
+	}
+}
+
+func testWaitOrderStatus(t *testing.T, okStatus string) {
+	s := newACMEServer()
+	s.handle("/acme/new-account", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/accounts/1"))
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(`{"status": "valid"}`))
+	})
+	var count int
+	s.handle("/orders/1", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/orders/1"))
+		w.WriteHeader(http.StatusOK)
+		s := StatusPending
+		if count > 0 {
+			s = okStatus
+		}
+		fmt.Fprintf(w, `{"status": %q}`, s)
+		count++
+	})
+	s.start()
+	defer s.close()
+
+	var order *Order
+	var err error
+	done := make(chan struct{})
+	go func() {
+		cl := &Client{Key: testKeyEC, DirectoryURL: s.url("/")}
+		order, err = cl.WaitOrder(context.Background(), s.url("/orders/1"))
+		close(done)
+	}()
+	select {
+	case <-time.After(3 * time.Second):
+		t.Fatal("WaitOrder took too long to return")
+	case <-done:
+		if err != nil {
+			t.Fatalf("WaitOrder: %v", err)
+		}
+		if order.Status != okStatus {
+			t.Errorf("order.Status = %q; want %q", order.Status, okStatus)
+		}
+	}
+}
+
+func TestRFC_WaitOrderError(t *testing.T) {
+	s := newACMEServer()
+	s.handle("/acme/new-account", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/accounts/1"))
+		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(`{"status": "valid"}`))
+	})
+	var count int
+	s.handle("/orders/1", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/orders/1"))
+		w.WriteHeader(http.StatusOK)
+		s := StatusPending
+		if count > 0 {
+			s = StatusInvalid
+		}
+		fmt.Fprintf(w, `{"status": %q}`, s)
+		count++
+	})
+	s.start()
+	defer s.close()
+
+	var err error
+	done := make(chan struct{})
+	go func() {
+		cl := &Client{Key: testKeyEC, DirectoryURL: s.url("/")}
+		_, err = cl.WaitOrder(context.Background(), s.url("/orders/1"))
+		close(done)
+	}()
+	select {
+	case <-time.After(3 * time.Second):
+		t.Fatal("WaitOrder took too long to return")
+	case <-done:
+		if err == nil {
+			t.Fatal("WaitOrder returned nil error")
+		}
+		e, ok := err.(*OrderError)
+		if !ok {
+			t.Fatalf("err = %v (%T); want OrderError", err, err)
+		}
+		if e.OrderURL != s.url("/orders/1") {
+			t.Errorf("e.OrderURL = %q; want %q", e.OrderURL, s.url("/orders/1"))
+		}
+		if e.Status != StatusInvalid {
+			t.Errorf("e.Status = %q; want %q", e.Status, StatusInvalid)
+		}
+	}
+}
+
+func TestRFC_CreateOrderCert(t *testing.T) {
+	q := &x509.CertificateRequest{
+		Subject: pkix.Name{CommonName: "example.org"},
+	}
+	csr, err := x509.CreateCertificateRequest(rand.Reader, q, testKeyEC)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tmpl := &x509.Certificate{SerialNumber: big.NewInt(1)}
+	leaf, err := x509.CreateCertificate(rand.Reader, tmpl, tmpl, &testKeyEC.PublicKey, testKeyEC)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	s := newACMEServer()
+	s.handle("/acme/new-account", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/accounts/1"))
+		w.Write([]byte(`{"status": "valid"}`))
+	})
+	var count int
+	s.handle("/pleaseissue", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Location", s.url("/pleaseissue"))
+		st := StatusProcessing
+		if count > 0 {
+			st = StatusValid
+		}
+		fmt.Fprintf(w, `{"status":%q, "certificate":%q}`, st, s.url("/crt"))
+		count++
+	})
+	s.handle("/crt", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/pem-certificate-chain")
+		pem.Encode(w, &pem.Block{Type: "CERTIFICATE", Bytes: leaf})
+	})
+	s.start()
+	defer s.close()
+	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
+	defer cancel()
+
+	cl := &Client{Key: testKeyEC, DirectoryURL: s.url("/")}
+	cert, curl, err := cl.CreateOrderCert(ctx, s.url("/pleaseissue"), csr, true)
+	if err != nil {
+		t.Fatalf("CreateOrderCert: %v", err)
+	}
+	if _, err := x509.ParseCertificate(cert[0]); err != nil {
+		t.Errorf("ParseCertificate: %v", err)
+	}
+	if !reflect.DeepEqual(cert[0], leaf) {
+		t.Errorf("cert and leaf bytes don't match")
+	}
+	if u := s.url("/crt"); curl != u {
+		t.Errorf("curl = %q; want %q", curl, u)
+	}
+}
+
+func TestRFC_AlreadyRevokedCert(t *testing.T) {
+	s := newACMEServer()
+	s.handle("/acme/revoke-cert", func(w http.ResponseWriter, r *http.Request) {
+		s.error(w, &wireError{
+			Status: http.StatusBadRequest,
+			Type:   "urn:ietf:params:acme:error:alreadyRevoked",
+		})
+	})
+	s.start()
+	defer s.close()
+
+	cl := &Client{Key: testKeyEC, DirectoryURL: s.url("/")}
+	err := cl.RevokeCert(context.Background(), testKeyEC, []byte{0}, CRLReasonUnspecified)
+	if err != nil {
+		t.Fatalf("RevokeCert: %v", err)
+	}
+}
+
+func TestRFC_ListCertAlternates(t *testing.T) {
+	s := newACMEServer()
+	s.handle("/crt", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/pem-certificate-chain")
+		w.Header().Add("Link", `<https://example.com/crt/2>;rel="alternate"`)
+		w.Header().Add("Link", `<https://example.com/crt/3>; rel="alternate"`)
+		w.Header().Add("Link", `<https://example.com/acme>; rel="index"`)
+	})
+	s.handle("/crt2", func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/pem-certificate-chain")
+	})
+	s.start()
+	defer s.close()
+
+	cl := &Client{Key: testKeyEC, DirectoryURL: s.url("/")}
+	crts, err := cl.ListCertAlternates(context.Background(), s.url("/crt"))
+	if err != nil {
+		t.Fatalf("ListCertAlternates: %v", err)
+	}
+	want := []string{"https://example.com/crt/2", "https://example.com/crt/3"}
+	if !reflect.DeepEqual(crts, want) {
+		t.Errorf("ListCertAlternates(/crt): %v; want %v", crts, want)
+	}
+	crts, err = cl.ListCertAlternates(context.Background(), s.url("/crt2"))
+	if err != nil {
+		t.Fatalf("ListCertAlternates: %v", err)
+	}
+	if crts != nil {
+		t.Errorf("ListCertAlternates(/crt2): %v; want nil", crts)
+	}
+}
diff --git a/acme/types.go b/acme/types.go
index ab4de0b88..eaae45290 100644
--- a/acme/types.go
+++ b/acme/types.go
@@ -5,6 +5,8 @@
 package acme
 
 import (
+	"crypto"
+	"crypto/x509"
 	"errors"
 	"fmt"
 	"net/http"
@@ -12,14 +14,18 @@ import (
 	"time"
 )
 
-// ACME server response statuses used to describe Authorization and Challenge states.
+// ACME status values of Account, Order, Authorization and Challenge objects.
+// See https://tools.ietf.org/html/rfc8555#section-7.1.6 for details.
 const (
-	StatusUnknown    = "unknown"
-	StatusPending    = "pending"
-	StatusProcessing = "processing"
-	StatusValid      = "valid"
-	StatusInvalid    = "invalid"
-	StatusRevoked    = "revoked"
+	StatusDeactivated = "deactivated"
+	StatusExpired     = "expired"
+	StatusInvalid     = "invalid"
+	StatusPending     = "pending"
+	StatusProcessing  = "processing"
+	StatusReady       = "ready"
+	StatusRevoked     = "revoked"
+	StatusUnknown     = "unknown"
+	StatusValid       = "valid"
 )
 
 // CRLReasonCode identifies the reason for a certificate revocation.
@@ -39,8 +45,43 @@ const (
 	CRLReasonAACompromise         CRLReasonCode = 10
 )
 
-// ErrUnsupportedKey is returned when an unsupported key type is encountered.
-var ErrUnsupportedKey = errors.New("acme: unknown key type; only RSA and ECDSA are supported")
+var (
+	// ErrUnsupportedKey is returned when an unsupported key type is encountered.
+	ErrUnsupportedKey = errors.New("acme: unknown key type; only RSA and ECDSA are supported")
+
+	// ErrAccountAlreadyExists indicates that the Client's key has already been registered
+	// with the CA. It is returned by Register method.
+	ErrAccountAlreadyExists = errors.New("acme: account already exists")
+
+	// ErrNoAccount indicates that the Client's key has not been registered with the CA.
+	ErrNoAccount = errors.New("acme: account does not exist")
+)
+
+// A Subproblem describes an ACME subproblem as reported in an Error.
+type Subproblem struct {
+	// Type is a URI reference that identifies the problem type,
+	// typically in a "urn:acme:error:xxx" form.
+	Type string
+	// Detail is a human-readable explanation specific to this occurrence of the problem.
+	Detail string
+	// Instance indicates a URL that the client should direct a human user to visit
+	// in order for instructions on how to agree to the updated Terms of Service.
+	// In such an event CA sets StatusCode to 403, Type to
+	// "urn:ietf:params:acme:error:userActionRequired", and adds a Link header with relation
+	// "terms-of-service" containing the latest TOS URL.
+	Instance string
+	// Identifier may contain the ACME identifier that the error is for.
+	Identifier *AuthzID
+}
+
+func (sp Subproblem) String() string {
+	str := fmt.Sprintf("%s: ", sp.Type)
+	if sp.Identifier != nil {
+		str += fmt.Sprintf("[%s: %s] ", sp.Identifier.Type, sp.Identifier.Value)
+	}
+	str += sp.Detail
+	return str
+}
 
 // Error is an ACME error, defined in Problem Details for HTTP APIs doc
 // http://tools.ietf.org/html/draft-ietf-appsawg-http-problem.
@@ -52,13 +93,30 @@ type Error struct {
 	ProblemType string
 	// Detail is a human-readable explanation specific to this occurrence of the problem.
 	Detail string
+	// Instance indicates a URL that the client should direct a human user to visit
+	// in order for instructions on how to agree to the updated Terms of Service.
+	// In such an event CA sets StatusCode to 403, ProblemType to
+	// "urn:ietf:params:acme:error:userActionRequired" and a Link header with relation
+	// "terms-of-service" containing the latest TOS URL.
+	Instance string
 	// Header is the original server error response headers.
 	// It may be nil.
 	Header http.Header
+	// Subproblems may contain more detailed information about the individual problems
+	// that caused the error. This field is only sent by RFC 8555 compatible ACME
+	// servers. Defined in RFC 8555 Section 6.7.1.
+	Subproblems []Subproblem
 }
 
 func (e *Error) Error() string {
-	return fmt.Sprintf("%d %s: %s", e.StatusCode, e.ProblemType, e.Detail)
+	str := fmt.Sprintf("%d %s: %s", e.StatusCode, e.ProblemType, e.Detail)
+	if len(e.Subproblems) > 0 {
+		str += fmt.Sprintf("; subproblems:")
+		for _, sp := range e.Subproblems {
+			str += fmt.Sprintf("\n\t%s", sp)
+		}
+	}
+	return str
 }
 
 // AuthorizationError indicates that an authorization for an identifier
@@ -81,7 +139,27 @@ func (a *AuthorizationError) Error() string {
 	for i, err := range a.Errors {
 		e[i] = err.Error()
 	}
-	return fmt.Sprintf("acme: authorization error for %s: %s", a.Identifier, strings.Join(e, "; "))
+
+	if a.Identifier != "" {
+		return fmt.Sprintf("acme: authorization error for %s: %s", a.Identifier, strings.Join(e, "; "))
+	}
+
+	return fmt.Sprintf("acme: authorization error: %s", strings.Join(e, "; "))
+}
+
+// OrderError is returned from Client's order related methods.
+// It indicates the order is unusable and the clients should start over with
+// AuthorizeOrder.
+//
+// The clients can still fetch the order object from CA using GetOrder
+// to inspect its state.
+type OrderError struct {
+	OrderURL string
+	Status   string
+}
+
+func (oe *OrderError) Error() string {
+	return fmt.Sprintf("acme: order %s status: %s", oe.OrderURL, oe.Status)
 }
 
 // RateLimit reports whether err represents a rate limit error and
@@ -102,53 +180,114 @@ func RateLimit(err error) (time.Duration, bool) {
 	if e.Header == nil {
 		return 0, true
 	}
-	return retryAfter(e.Header.Get("Retry-After"), 0), true
+	return retryAfter(e.Header.Get("Retry-After")), true
 }
 
 // Account is a user account. It is associated with a private key.
+// Non-RFC 8555 fields are empty when interfacing with a compliant CA.
 type Account struct {
 	// URI is the account unique ID, which is also a URL used to retrieve
 	// account data from the CA.
+	// When interfacing with RFC 8555-compliant CAs, URI is the "kid" field
+	// value in JWS signed requests.
 	URI string
 
 	// Contact is a slice of contact info used during registration.
+	// See https://tools.ietf.org/html/rfc8555#section-7.3 for supported
+	// formats.
 	Contact []string
 
+	// Status indicates current account status as returned by the CA.
+	// Possible values are StatusValid, StatusDeactivated, and StatusRevoked.
+	Status string
+
+	// OrdersURL is a URL from which a list of orders submitted by this account
+	// can be fetched.
+	OrdersURL string
+
 	// The terms user has agreed to.
 	// A value not matching CurrentTerms indicates that the user hasn't agreed
 	// to the actual Terms of Service of the CA.
+	//
+	// It is non-RFC 8555 compliant. Package users can store the ToS they agree to
+	// during Client's Register call in the prompt callback function.
 	AgreedTerms string
 
 	// Actual terms of a CA.
+	//
+	// It is non-RFC 8555 compliant. Use Directory's Terms field.
+	// When a CA updates their terms and requires an account agreement,
+	// a URL at which instructions to do so is available in Error's Instance field.
 	CurrentTerms string
 
 	// Authz is the authorization URL used to initiate a new authz flow.
+	//
+	// It is non-RFC 8555 compliant. Use Directory's AuthzURL or OrderURL.
 	Authz string
 
 	// Authorizations is a URI from which a list of authorizations
 	// granted to this account can be fetched via a GET request.
+	//
+	// It is non-RFC 8555 compliant and is obsoleted by OrdersURL.
 	Authorizations string
 
 	// Certificates is a URI from which a list of certificates
 	// issued for this account can be fetched via a GET request.
+	//
+	// It is non-RFC 8555 compliant and is obsoleted by OrdersURL.
 	Certificates string
+
+	// ExternalAccountBinding represents an arbitrary binding to an account of
+	// the CA which the ACME server is tied to.
+	// See https://tools.ietf.org/html/rfc8555#section-7.3.4 for more details.
+	ExternalAccountBinding *ExternalAccountBinding
+}
+
+// ExternalAccountBinding contains the data needed to form a request with
+// an external account binding.
+// See https://tools.ietf.org/html/rfc8555#section-7.3.4 for more details.
+type ExternalAccountBinding struct {
+	// KID is the Key ID of the symmetric MAC key that the CA provides to
+	// identify an external account from ACME.
+	KID string
+
+	// Key is the bytes of the symmetric key that the CA provides to identify
+	// the account. Key must correspond to the KID.
+	Key []byte
+}
+
+func (e *ExternalAccountBinding) String() string {
+	return fmt.Sprintf("&{KID: %q, Key: redacted}", e.KID)
 }
 
 // Directory is ACME server discovery data.
+// See https://tools.ietf.org/html/rfc8555#section-7.1.1 for more details.
 type Directory struct {
-	// RegURL is an account endpoint URL, allowing for creating new
-	// and modifying existing accounts.
+	// NonceURL indicates an endpoint where to fetch fresh nonce values from.
+	NonceURL string
+
+	// RegURL is an account endpoint URL, allowing for creating new accounts.
+	// Pre-RFC 8555 CAs also allow modifying existing accounts at this URL.
 	RegURL string
 
-	// AuthzURL is used to initiate Identifier Authorization flow.
+	// OrderURL is used to initiate the certificate issuance flow
+	// as described in RFC 8555.
+	OrderURL string
+
+	// AuthzURL is used to initiate identifier pre-authorization flow.
+	// Empty string indicates the flow is unsupported by the CA.
 	AuthzURL string
 
 	// CertURL is a new certificate issuance endpoint URL.
+	// It is non-RFC 8555 compliant and is obsoleted by OrderURL.
 	CertURL string
 
 	// RevokeURL is used to initiate a certificate revocation flow.
 	RevokeURL string
 
+	// KeyChangeURL allows to perform account key rollover flow.
+	KeyChangeURL string
+
 	// Term is a URI identifying the current terms of service.
 	Terms string
 
@@ -160,44 +299,126 @@ type Directory struct {
 	// recognises as referring to itself for the purposes of CAA record validation
 	// as defined in RFC6844.
 	CAA []string
+
+	// ExternalAccountRequired indicates that the CA requires for all account-related
+	// requests to include external account binding information.
+	ExternalAccountRequired bool
 }
 
-// Challenge encodes a returned CA challenge.
-// Its Error field may be non-nil if the challenge is part of an Authorization
-// with StatusInvalid.
-type Challenge struct {
-	// Type is the challenge type, e.g. "http-01", "tls-sni-02", "dns-01".
-	Type string
+// rfcCompliant reports whether the ACME server implements RFC 8555.
+// Note that some servers may have incomplete RFC implementation
+// even if the returned value is true.
+// If rfcCompliant reports false, the server most likely implements draft-02.
+func (d *Directory) rfcCompliant() bool {
+	return d.OrderURL != ""
+}
 
-	// URI is where a challenge response can be posted to.
+// Order represents a client's request for a certificate.
+// It tracks the request flow progress through to issuance.
+type Order struct {
+	// URI uniquely identifies an order.
 	URI string
 
-	// Token is a random value that uniquely identifies the challenge.
-	Token string
-
-	// Status identifies the status of this challenge.
+	// Status represents the current status of the order.
+	// It indicates which action the client should take.
+	//
+	// Possible values are StatusPending, StatusReady, StatusProcessing, StatusValid and StatusInvalid.
+	// Pending means the CA does not believe that the client has fulfilled the requirements.
+	// Ready indicates that the client has fulfilled all the requirements and can submit a CSR
+	// to obtain a certificate. This is done with Client's CreateOrderCert.
+	// Processing means the certificate is being issued.
+	// Valid indicates the CA has issued the certificate. It can be downloaded
+	// from the Order's CertURL. This is done with Client's FetchCert.
+	// Invalid means the certificate will not be issued. Users should consider this order
+	// abandoned.
 	Status string
 
-	// Error indicates the reason for an authorization failure
-	// when this challenge was used.
-	// The type of a non-nil value is *Error.
-	Error error
+	// Expires is the timestamp after which CA considers this order invalid.
+	Expires time.Time
+
+	// Identifiers contains all identifier objects which the order pertains to.
+	Identifiers []AuthzID
+
+	// NotBefore is the requested value of the notBefore field in the certificate.
+	NotBefore time.Time
+
+	// NotAfter is the requested value of the notAfter field in the certificate.
+	NotAfter time.Time
+
+	// AuthzURLs represents authorizations to complete before a certificate
+	// for identifiers specified in the order can be issued.
+	// It also contains unexpired authorizations that the client has completed
+	// in the past.
+	//
+	// Authorization objects can be fetched using Client's GetAuthorization method.
+	//
+	// The required authorizations are dictated by CA policies.
+	// There may not be a 1:1 relationship between the identifiers and required authorizations.
+	// Required authorizations can be identified by their StatusPending status.
+	//
+	// For orders in the StatusValid or StatusInvalid state these are the authorizations
+	// which were completed.
+	AuthzURLs []string
+
+	// FinalizeURL is the endpoint at which a CSR is submitted to obtain a certificate
+	// once all the authorizations are satisfied.
+	FinalizeURL string
+
+	// CertURL points to the certificate that has been issued in response to this order.
+	CertURL string
+
+	// The error that occurred while processing the order as received from a CA, if any.
+	Error *Error
+}
+
+// OrderOption allows customizing Client.AuthorizeOrder call.
+type OrderOption interface {
+	privateOrderOpt()
+}
+
+// WithOrderNotBefore sets order's NotBefore field.
+func WithOrderNotBefore(t time.Time) OrderOption {
+	return orderNotBeforeOpt(t)
 }
 
+// WithOrderNotAfter sets order's NotAfter field.
+func WithOrderNotAfter(t time.Time) OrderOption {
+	return orderNotAfterOpt(t)
+}
+
+type orderNotBeforeOpt time.Time
+
+func (orderNotBeforeOpt) privateOrderOpt() {}
+
+type orderNotAfterOpt time.Time
+
+func (orderNotAfterOpt) privateOrderOpt() {}
+
 // Authorization encodes an authorization response.
 type Authorization struct {
 	// URI uniquely identifies a authorization.
 	URI string
 
-	// Status identifies the status of an authorization.
+	// Status is the current status of an authorization.
+	// Possible values are StatusPending, StatusValid, StatusInvalid, StatusDeactivated,
+	// StatusExpired and StatusRevoked.
 	Status string
 
 	// Identifier is what the account is authorized to represent.
 	Identifier AuthzID
 
+	// The timestamp after which the CA considers the authorization invalid.
+	Expires time.Time
+
+	// Wildcard is true for authorizations of a wildcard domain name.
+	Wildcard bool
+
 	// Challenges that the client needs to fulfill in order to prove possession
 	// of the identifier (for pending authorizations).
-	// For final authorizations, the challenges that were used.
+	// For valid authorizations, the challenge that was validated.
+	// For invalid authorizations, the challenge that was attempted and failed.
+	//
+	// RFC 8555 compatible CAs require users to fuflfill only one of the challenges.
 	Challenges []*Challenge
 
 	// A collection of sets of challenges, each of which would be sufficient
@@ -205,24 +426,52 @@ type Authorization struct {
 	// Clients must complete a set of challenges that covers at least one set.
 	// Challenges are identified by their indices in the challenges array.
 	// If this field is empty, the client needs to complete all challenges.
+	//
+	// This field is unused in RFC 8555.
 	Combinations [][]int
 }
 
 // AuthzID is an identifier that an account is authorized to represent.
 type AuthzID struct {
-	Type  string // The type of identifier, e.g. "dns".
+	Type  string // The type of identifier, "dns" or "ip".
 	Value string // The identifier itself, e.g. "example.org".
 }
 
+// DomainIDs creates a slice of AuthzID with "dns" identifier type.
+func DomainIDs(names ...string) []AuthzID {
+	a := make([]AuthzID, len(names))
+	for i, v := range names {
+		a[i] = AuthzID{Type: "dns", Value: v}
+	}
+	return a
+}
+
+// IPIDs creates a slice of AuthzID with "ip" identifier type.
+// Each element of addr is textual form of an address as defined
+// in RFC1123 Section 2.1 for IPv4 and in RFC5952 Section 4 for IPv6.
+func IPIDs(addr ...string) []AuthzID {
+	a := make([]AuthzID, len(addr))
+	for i, v := range addr {
+		a[i] = AuthzID{Type: "ip", Value: v}
+	}
+	return a
+}
+
+// wireAuthzID is ACME JSON representation of authorization identifier objects.
+type wireAuthzID struct {
+	Type  string `json:"type"`
+	Value string `json:"value"`
+}
+
 // wireAuthz is ACME JSON representation of Authorization objects.
 type wireAuthz struct {
+	Identifier   wireAuthzID
 	Status       string
+	Expires      time.Time
+	Wildcard     bool
 	Challenges   []wireChallenge
 	Combinations [][]int
-	Identifier   struct {
-		Type  string
-		Value string
-	}
+	Error        *wireError
 }
 
 func (z *wireAuthz) authorization(uri string) *Authorization {
@@ -230,8 +479,10 @@ func (z *wireAuthz) authorization(uri string) *Authorization {
 		URI:          uri,
 		Status:       z.Status,
 		Identifier:   AuthzID{Type: z.Identifier.Type, Value: z.Identifier.Value},
-		Combinations: z.Combinations, // shallow copy
+		Expires:      z.Expires,
+		Wildcard:     z.Wildcard,
 		Challenges:   make([]*Challenge, len(z.Challenges)),
+		Combinations: z.Combinations, // shallow copy
 	}
 	for i, v := range z.Challenges {
 		a.Challenges[i] = v.challenge()
@@ -244,30 +495,69 @@ func (z *wireAuthz) error(uri string) *AuthorizationError {
 		URI:        uri,
 		Identifier: z.Identifier.Value,
 	}
+
+	if z.Error != nil {
+		err.Errors = append(err.Errors, z.Error.error(nil))
+	}
+
 	for _, raw := range z.Challenges {
 		if raw.Error != nil {
 			err.Errors = append(err.Errors, raw.Error.error(nil))
 		}
 	}
+
 	return err
 }
 
+// Challenge encodes a returned CA challenge.
+// Its Error field may be non-nil if the challenge is part of an Authorization
+// with StatusInvalid.
+type Challenge struct {
+	// Type is the challenge type, e.g. "http-01", "tls-alpn-01", "dns-01".
+	Type string
+
+	// URI is where a challenge response can be posted to.
+	URI string
+
+	// Token is a random value that uniquely identifies the challenge.
+	Token string
+
+	// Status identifies the status of this challenge.
+	// In RFC 8555, possible values are StatusPending, StatusProcessing, StatusValid,
+	// and StatusInvalid.
+	Status string
+
+	// Validated is the time at which the CA validated this challenge.
+	// Always zero value in pre-RFC 8555.
+	Validated time.Time
+
+	// Error indicates the reason for an authorization failure
+	// when this challenge was used.
+	// The type of a non-nil value is *Error.
+	Error error
+}
+
 // wireChallenge is ACME JSON challenge representation.
 type wireChallenge struct {
-	URI    string `json:"uri"`
-	Type   string
-	Token  string
-	Status string
-	Error  *wireError
+	URL       string `json:"url"` // RFC
+	URI       string `json:"uri"` // pre-RFC
+	Type      string
+	Token     string
+	Status    string
+	Validated time.Time
+	Error     *wireError
 }
 
 func (c *wireChallenge) challenge() *Challenge {
 	v := &Challenge{
-		URI:    c.URI,
+		URI:    c.URL,
 		Type:   c.Type,
 		Token:  c.Token,
 		Status: c.Status,
 	}
+	if v.URI == "" {
+		v.URI = c.URI // c.URL was empty; use legacy
+	}
 	if v.Status == "" {
 		v.Status = StatusPending
 	}
@@ -280,16 +570,53 @@ func (c *wireChallenge) challenge() *Challenge {
 // wireError is a subset of fields of the Problem Details object
 // as described in https://tools.ietf.org/html/rfc7807#section-3.1.
 type wireError struct {
-	Status int
-	Type   string
-	Detail string
+	Status      int
+	Type        string
+	Detail      string
+	Instance    string
+	Subproblems []Subproblem
 }
 
 func (e *wireError) error(h http.Header) *Error {
-	return &Error{
+	err := &Error{
 		StatusCode:  e.Status,
 		ProblemType: e.Type,
 		Detail:      e.Detail,
+		Instance:    e.Instance,
 		Header:      h,
+		Subproblems: e.Subproblems,
 	}
+	return err
+}
+
+// CertOption is an optional argument type for the TLS ChallengeCert methods for
+// customizing a temporary certificate for TLS-based challenges.
+type CertOption interface {
+	privateCertOpt()
+}
+
+// WithKey creates an option holding a private/public key pair.
+// The private part signs a certificate, and the public part represents the signee.
+func WithKey(key crypto.Signer) CertOption {
+	return &certOptKey{key}
+}
+
+type certOptKey struct {
+	key crypto.Signer
 }
+
+func (*certOptKey) privateCertOpt() {}
+
+// WithTemplate creates an option for specifying a certificate template.
+// See x509.CreateCertificate for template usage details.
+//
+// In TLS ChallengeCert methods, the template is also used as parent,
+// resulting in a self-signed certificate.
+// The DNSNames field of t is always overwritten for tls-sni challenge certs.
+func WithTemplate(t *x509.Certificate) CertOption {
+	return (*certOptTemplate)(t)
+}
+
+type certOptTemplate x509.Certificate
+
+func (*certOptTemplate) privateCertOpt() {}
diff --git a/acme/types_test.go b/acme/types_test.go
index a7553e6b7..59ce7e760 100644
--- a/acme/types_test.go
+++ b/acme/types_test.go
@@ -7,10 +7,23 @@ package acme
 import (
 	"errors"
 	"net/http"
+	"reflect"
 	"testing"
 	"time"
 )
 
+func TestExternalAccountBindingString(t *testing.T) {
+	eab := ExternalAccountBinding{
+		KID: "kid",
+		Key: []byte("key"),
+	}
+	got := eab.String()
+	want := `&{KID: "kid", Key: redacted}`
+	if got != want {
+		t.Errorf("eab.String() = %q, want: %q", got, want)
+	}
+}
+
 func TestRateLimit(t *testing.T) {
 	now := time.Date(2017, 04, 27, 10, 0, 0, 0, time.UTC)
 	f := timeNow
@@ -61,3 +74,146 @@ func TestRateLimit(t *testing.T) {
 		}
 	}
 }
+
+func TestAuthorizationError(t *testing.T) {
+	tests := []struct {
+		desc string
+		err  *AuthorizationError
+		msg  string
+	}{
+		{
+			desc: "when auth error identifier is set",
+			err: &AuthorizationError{
+				Identifier: "domain.com",
+				Errors: []error{
+					(&wireError{
+						Status: 403,
+						Type:   "urn:ietf:params:acme:error:caa",
+						Detail: "CAA record for domain.com prevents issuance",
+					}).error(nil),
+				},
+			},
+			msg: "acme: authorization error for domain.com: 403 urn:ietf:params:acme:error:caa: CAA record for domain.com prevents issuance",
+		},
+
+		{
+			desc: "when auth error identifier is unset",
+			err: &AuthorizationError{
+				Errors: []error{
+					(&wireError{
+						Status: 403,
+						Type:   "urn:ietf:params:acme:error:caa",
+						Detail: "CAA record for domain.com prevents issuance",
+					}).error(nil),
+				},
+			},
+			msg: "acme: authorization error: 403 urn:ietf:params:acme:error:caa: CAA record for domain.com prevents issuance",
+		},
+	}
+
+	for _, tt := range tests {
+		if tt.err.Error() != tt.msg {
+			t.Errorf("got: %s\nwant: %s", tt.err, tt.msg)
+		}
+	}
+}
+
+func TestSubproblems(t *testing.T) {
+	tests := []struct {
+		wire        wireError
+		expectedOut Error
+	}{
+		{
+			wire: wireError{
+				Status: 1,
+				Type:   "urn:error",
+				Detail: "it's an error",
+			},
+			expectedOut: Error{
+				StatusCode:  1,
+				ProblemType: "urn:error",
+				Detail:      "it's an error",
+			},
+		},
+		{
+			wire: wireError{
+				Status: 1,
+				Type:   "urn:error",
+				Detail: "it's an error",
+				Subproblems: []Subproblem{
+					{
+						Type:   "urn:error:sub",
+						Detail: "it's a subproblem",
+					},
+				},
+			},
+			expectedOut: Error{
+				StatusCode:  1,
+				ProblemType: "urn:error",
+				Detail:      "it's an error",
+				Subproblems: []Subproblem{
+					{
+						Type:   "urn:error:sub",
+						Detail: "it's a subproblem",
+					},
+				},
+			},
+		},
+		{
+			wire: wireError{
+				Status: 1,
+				Type:   "urn:error",
+				Detail: "it's an error",
+				Subproblems: []Subproblem{
+					{
+						Type:       "urn:error:sub",
+						Detail:     "it's a subproblem",
+						Identifier: &AuthzID{Type: "dns", Value: "example"},
+					},
+				},
+			},
+			expectedOut: Error{
+				StatusCode:  1,
+				ProblemType: "urn:error",
+				Detail:      "it's an error",
+				Subproblems: []Subproblem{
+					{
+						Type:       "urn:error:sub",
+						Detail:     "it's a subproblem",
+						Identifier: &AuthzID{Type: "dns", Value: "example"},
+					},
+				},
+			},
+		},
+	}
+
+	for _, tc := range tests {
+		out := tc.wire.error(nil)
+		if !reflect.DeepEqual(*out, tc.expectedOut) {
+			t.Errorf("Unexpected error: wanted %v, got %v", tc.expectedOut, *out)
+		}
+	}
+}
+
+func TestErrorStringerWithSubproblems(t *testing.T) {
+	err := Error{
+		StatusCode:  1,
+		ProblemType: "urn:error",
+		Detail:      "it's an error",
+		Subproblems: []Subproblem{
+			{
+				Type:   "urn:error:sub",
+				Detail: "it's a subproblem",
+			},
+			{
+				Type:       "urn:error:sub",
+				Detail:     "it's a subproblem",
+				Identifier: &AuthzID{Type: "dns", Value: "example"},
+			},
+		},
+	}
+	expectedStr := "1 urn:error: it's an error; subproblems:\n\turn:error:sub: it's a subproblem\n\turn:error:sub: [dns: example] it's a subproblem"
+	if err.Error() != expectedStr {
+		t.Errorf("Unexpected error string: wanted %q, got %q", expectedStr, err.Error())
+	}
+}
diff --git a/acme/version_go112.go b/acme/version_go112.go
new file mode 100644
index 000000000..b9efdb59e
--- /dev/null
+++ b/acme/version_go112.go
@@ -0,0 +1,28 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.12
+// +build go1.12
+
+package acme
+
+import "runtime/debug"
+
+func init() {
+	// Set packageVersion if the binary was built in modules mode and x/crypto
+	// was not replaced with a different module.
+	info, ok := debug.ReadBuildInfo()
+	if !ok {
+		return
+	}
+	for _, m := range info.Deps {
+		if m.Path != "golang.org/x/crypto" {
+			continue
+		}
+		if m.Replace == nil {
+			packageVersion = m.Version
+		}
+		break
+	}
+}
diff --git a/argon2/argon2.go b/argon2/argon2.go
new file mode 100644
index 000000000..b423feaea
--- /dev/null
+++ b/argon2/argon2.go
@@ -0,0 +1,285 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package argon2 implements the key derivation function Argon2.
+// Argon2 was selected as the winner of the Password Hashing Competition and can
+// be used to derive cryptographic keys from passwords.
+//
+// For a detailed specification of Argon2 see [1].
+//
+// If you aren't sure which function you need, use Argon2id (IDKey) and
+// the parameter recommendations for your scenario.
+//
+//
+// Argon2i
+//
+// Argon2i (implemented by Key) is the side-channel resistant version of Argon2.
+// It uses data-independent memory access, which is preferred for password
+// hashing and password-based key derivation. Argon2i requires more passes over
+// memory than Argon2id to protect from trade-off attacks. The recommended
+// parameters (taken from [2]) for non-interactive operations are time=3 and to
+// use the maximum available memory.
+//
+//
+// Argon2id
+//
+// Argon2id (implemented by IDKey) is a hybrid version of Argon2 combining
+// Argon2i and Argon2d. It uses data-independent memory access for the first
+// half of the first iteration over the memory and data-dependent memory access
+// for the rest. Argon2id is side-channel resistant and provides better brute-
+// force cost savings due to time-memory tradeoffs than Argon2i. The recommended
+// parameters for non-interactive operations (taken from [2]) are time=1 and to
+// use the maximum available memory.
+//
+// [1] https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
+// [2] https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-9.3
+package argon2
+
+import (
+	"encoding/binary"
+	"sync"
+
+	"golang.org/x/crypto/blake2b"
+)
+
+// The Argon2 version implemented by this package.
+const Version = 0x13
+
+const (
+	argon2d = iota
+	argon2i
+	argon2id
+)
+
+// Key derives a key from the password, salt, and cost parameters using Argon2i
+// returning a byte slice of length keyLen that can be used as cryptographic
+// key. The CPU cost and parallelism degree must be greater than zero.
+//
+// For example, you can get a derived key for e.g. AES-256 (which needs a
+// 32-byte key) by doing:
+//
+//      key := argon2.Key([]byte("some password"), salt, 3, 32*1024, 4, 32)
+//
+// The draft RFC recommends[2] time=3, and memory=32*1024 is a sensible number.
+// If using that amount of memory (32 MB) is not possible in some contexts then
+// the time parameter can be increased to compensate.
+//
+// The time parameter specifies the number of passes over the memory and the
+// memory parameter specifies the size of the memory in KiB. For example
+// memory=32*1024 sets the memory cost to ~32 MB. The number of threads can be
+// adjusted to the number of available CPUs. The cost parameters should be
+// increased as memory latency and CPU parallelism increases. Remember to get a
+// good random salt.
+func Key(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte {
+	return deriveKey(argon2i, password, salt, nil, nil, time, memory, threads, keyLen)
+}
+
+// IDKey derives a key from the password, salt, and cost parameters using
+// Argon2id returning a byte slice of length keyLen that can be used as
+// cryptographic key. The CPU cost and parallelism degree must be greater than
+// zero.
+//
+// For example, you can get a derived key for e.g. AES-256 (which needs a
+// 32-byte key) by doing:
+//
+//      key := argon2.IDKey([]byte("some password"), salt, 1, 64*1024, 4, 32)
+//
+// The draft RFC recommends[2] time=1, and memory=64*1024 is a sensible number.
+// If using that amount of memory (64 MB) is not possible in some contexts then
+// the time parameter can be increased to compensate.
+//
+// The time parameter specifies the number of passes over the memory and the
+// memory parameter specifies the size of the memory in KiB. For example
+// memory=64*1024 sets the memory cost to ~64 MB. The number of threads can be
+// adjusted to the numbers of available CPUs. The cost parameters should be
+// increased as memory latency and CPU parallelism increases. Remember to get a
+// good random salt.
+func IDKey(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte {
+	return deriveKey(argon2id, password, salt, nil, nil, time, memory, threads, keyLen)
+}
+
+func deriveKey(mode int, password, salt, secret, data []byte, time, memory uint32, threads uint8, keyLen uint32) []byte {
+	if time < 1 {
+		panic("argon2: number of rounds too small")
+	}
+	if threads < 1 {
+		panic("argon2: parallelism degree too low")
+	}
+	h0 := initHash(password, salt, secret, data, time, memory, uint32(threads), keyLen, mode)
+
+	memory = memory / (syncPoints * uint32(threads)) * (syncPoints * uint32(threads))
+	if memory < 2*syncPoints*uint32(threads) {
+		memory = 2 * syncPoints * uint32(threads)
+	}
+	B := initBlocks(&h0, memory, uint32(threads))
+	processBlocks(B, time, memory, uint32(threads), mode)
+	return extractKey(B, memory, uint32(threads), keyLen)
+}
+
+const (
+	blockLength = 128
+	syncPoints  = 4
+)
+
+type block [blockLength]uint64
+
+func initHash(password, salt, key, data []byte, time, memory, threads, keyLen uint32, mode int) [blake2b.Size + 8]byte {
+	var (
+		h0     [blake2b.Size + 8]byte
+		params [24]byte
+		tmp    [4]byte
+	)
+
+	b2, _ := blake2b.New512(nil)
+	binary.LittleEndian.PutUint32(params[0:4], threads)
+	binary.LittleEndian.PutUint32(params[4:8], keyLen)
+	binary.LittleEndian.PutUint32(params[8:12], memory)
+	binary.LittleEndian.PutUint32(params[12:16], time)
+	binary.LittleEndian.PutUint32(params[16:20], uint32(Version))
+	binary.LittleEndian.PutUint32(params[20:24], uint32(mode))
+	b2.Write(params[:])
+	binary.LittleEndian.PutUint32(tmp[:], uint32(len(password)))
+	b2.Write(tmp[:])
+	b2.Write(password)
+	binary.LittleEndian.PutUint32(tmp[:], uint32(len(salt)))
+	b2.Write(tmp[:])
+	b2.Write(salt)
+	binary.LittleEndian.PutUint32(tmp[:], uint32(len(key)))
+	b2.Write(tmp[:])
+	b2.Write(key)
+	binary.LittleEndian.PutUint32(tmp[:], uint32(len(data)))
+	b2.Write(tmp[:])
+	b2.Write(data)
+	b2.Sum(h0[:0])
+	return h0
+}
+
+func initBlocks(h0 *[blake2b.Size + 8]byte, memory, threads uint32) []block {
+	var block0 [1024]byte
+	B := make([]block, memory)
+	for lane := uint32(0); lane < threads; lane++ {
+		j := lane * (memory / threads)
+		binary.LittleEndian.PutUint32(h0[blake2b.Size+4:], lane)
+
+		binary.LittleEndian.PutUint32(h0[blake2b.Size:], 0)
+		blake2bHash(block0[:], h0[:])
+		for i := range B[j+0] {
+			B[j+0][i] = binary.LittleEndian.Uint64(block0[i*8:])
+		}
+
+		binary.LittleEndian.PutUint32(h0[blake2b.Size:], 1)
+		blake2bHash(block0[:], h0[:])
+		for i := range B[j+1] {
+			B[j+1][i] = binary.LittleEndian.Uint64(block0[i*8:])
+		}
+	}
+	return B
+}
+
+func processBlocks(B []block, time, memory, threads uint32, mode int) {
+	lanes := memory / threads
+	segments := lanes / syncPoints
+
+	processSegment := func(n, slice, lane uint32, wg *sync.WaitGroup) {
+		var addresses, in, zero block
+		if mode == argon2i || (mode == argon2id && n == 0 && slice < syncPoints/2) {
+			in[0] = uint64(n)
+			in[1] = uint64(lane)
+			in[2] = uint64(slice)
+			in[3] = uint64(memory)
+			in[4] = uint64(time)
+			in[5] = uint64(mode)
+		}
+
+		index := uint32(0)
+		if n == 0 && slice == 0 {
+			index = 2 // we have already generated the first two blocks
+			if mode == argon2i || mode == argon2id {
+				in[6]++
+				processBlock(&addresses, &in, &zero)
+				processBlock(&addresses, &addresses, &zero)
+			}
+		}
+
+		offset := lane*lanes + slice*segments + index
+		var random uint64
+		for index < segments {
+			prev := offset - 1
+			if index == 0 && slice == 0 {
+				prev += lanes // last block in lane
+			}
+			if mode == argon2i || (mode == argon2id && n == 0 && slice < syncPoints/2) {
+				if index%blockLength == 0 {
+					in[6]++
+					processBlock(&addresses, &in, &zero)
+					processBlock(&addresses, &addresses, &zero)
+				}
+				random = addresses[index%blockLength]
+			} else {
+				random = B[prev][0]
+			}
+			newOffset := indexAlpha(random, lanes, segments, threads, n, slice, lane, index)
+			processBlockXOR(&B[offset], &B[prev], &B[newOffset])
+			index, offset = index+1, offset+1
+		}
+		wg.Done()
+	}
+
+	for n := uint32(0); n < time; n++ {
+		for slice := uint32(0); slice < syncPoints; slice++ {
+			var wg sync.WaitGroup
+			for lane := uint32(0); lane < threads; lane++ {
+				wg.Add(1)
+				go processSegment(n, slice, lane, &wg)
+			}
+			wg.Wait()
+		}
+	}
+
+}
+
+func extractKey(B []block, memory, threads, keyLen uint32) []byte {
+	lanes := memory / threads
+	for lane := uint32(0); lane < threads-1; lane++ {
+		for i, v := range B[(lane*lanes)+lanes-1] {
+			B[memory-1][i] ^= v
+		}
+	}
+
+	var block [1024]byte
+	for i, v := range B[memory-1] {
+		binary.LittleEndian.PutUint64(block[i*8:], v)
+	}
+	key := make([]byte, keyLen)
+	blake2bHash(key, block[:])
+	return key
+}
+
+func indexAlpha(rand uint64, lanes, segments, threads, n, slice, lane, index uint32) uint32 {
+	refLane := uint32(rand>>32) % threads
+	if n == 0 && slice == 0 {
+		refLane = lane
+	}
+	m, s := 3*segments, ((slice+1)%syncPoints)*segments
+	if lane == refLane {
+		m += index
+	}
+	if n == 0 {
+		m, s = slice*segments, 0
+		if slice == 0 || lane == refLane {
+			m += index
+		}
+	}
+	if index == 0 || lane == refLane {
+		m--
+	}
+	return phi(rand, uint64(m), uint64(s), refLane, lanes)
+}
+
+func phi(rand, m, s uint64, lane, lanes uint32) uint32 {
+	p := rand & 0xFFFFFFFF
+	p = (p * p) >> 32
+	p = (p * m) >> 32
+	return lane*lanes + uint32((s+m-(p+1))%uint64(lanes))
+}
diff --git a/argon2/argon2_test.go b/argon2/argon2_test.go
new file mode 100644
index 000000000..775b97a40
--- /dev/null
+++ b/argon2/argon2_test.go
@@ -0,0 +1,233 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package argon2
+
+import (
+	"bytes"
+	"encoding/hex"
+	"testing"
+)
+
+var (
+	genKatPassword = []byte{
+		0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
+		0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
+		0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
+		0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
+	}
+	genKatSalt   = []byte{0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02}
+	genKatSecret = []byte{0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03}
+	genKatAAD    = []byte{0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04}
+)
+
+func TestArgon2(t *testing.T) {
+	defer func(sse4 bool) { useSSE4 = sse4 }(useSSE4)
+
+	if useSSE4 {
+		t.Log("SSE4.1 version")
+		testArgon2i(t)
+		testArgon2d(t)
+		testArgon2id(t)
+		useSSE4 = false
+	}
+	t.Log("generic version")
+	testArgon2i(t)
+	testArgon2d(t)
+	testArgon2id(t)
+}
+
+func testArgon2d(t *testing.T) {
+	want := []byte{
+		0x51, 0x2b, 0x39, 0x1b, 0x6f, 0x11, 0x62, 0x97,
+		0x53, 0x71, 0xd3, 0x09, 0x19, 0x73, 0x42, 0x94,
+		0xf8, 0x68, 0xe3, 0xbe, 0x39, 0x84, 0xf3, 0xc1,
+		0xa1, 0x3a, 0x4d, 0xb9, 0xfa, 0xbe, 0x4a, 0xcb,
+	}
+	hash := deriveKey(argon2d, genKatPassword, genKatSalt, genKatSecret, genKatAAD, 3, 32, 4, 32)
+	if !bytes.Equal(hash, want) {
+		t.Errorf("derived key does not match - got: %s , want: %s", hex.EncodeToString(hash), hex.EncodeToString(want))
+	}
+}
+
+func testArgon2i(t *testing.T) {
+	want := []byte{
+		0xc8, 0x14, 0xd9, 0xd1, 0xdc, 0x7f, 0x37, 0xaa,
+		0x13, 0xf0, 0xd7, 0x7f, 0x24, 0x94, 0xbd, 0xa1,
+		0xc8, 0xde, 0x6b, 0x01, 0x6d, 0xd3, 0x88, 0xd2,
+		0x99, 0x52, 0xa4, 0xc4, 0x67, 0x2b, 0x6c, 0xe8,
+	}
+	hash := deriveKey(argon2i, genKatPassword, genKatSalt, genKatSecret, genKatAAD, 3, 32, 4, 32)
+	if !bytes.Equal(hash, want) {
+		t.Errorf("derived key does not match - got: %s , want: %s", hex.EncodeToString(hash), hex.EncodeToString(want))
+	}
+}
+
+func testArgon2id(t *testing.T) {
+	want := []byte{
+		0x0d, 0x64, 0x0d, 0xf5, 0x8d, 0x78, 0x76, 0x6c,
+		0x08, 0xc0, 0x37, 0xa3, 0x4a, 0x8b, 0x53, 0xc9,
+		0xd0, 0x1e, 0xf0, 0x45, 0x2d, 0x75, 0xb6, 0x5e,
+		0xb5, 0x25, 0x20, 0xe9, 0x6b, 0x01, 0xe6, 0x59,
+	}
+	hash := deriveKey(argon2id, genKatPassword, genKatSalt, genKatSecret, genKatAAD, 3, 32, 4, 32)
+	if !bytes.Equal(hash, want) {
+		t.Errorf("derived key does not match - got: %s , want: %s", hex.EncodeToString(hash), hex.EncodeToString(want))
+	}
+}
+
+func TestVectors(t *testing.T) {
+	password, salt := []byte("password"), []byte("somesalt")
+	for i, v := range testVectors {
+		want, err := hex.DecodeString(v.hash)
+		if err != nil {
+			t.Fatalf("Test %d: failed to decode hash: %v", i, err)
+		}
+		hash := deriveKey(v.mode, password, salt, nil, nil, v.time, v.memory, v.threads, uint32(len(want)))
+		if !bytes.Equal(hash, want) {
+			t.Errorf("Test %d - got: %s want: %s", i, hex.EncodeToString(hash), hex.EncodeToString(want))
+		}
+	}
+}
+
+func benchmarkArgon2(mode int, time, memory uint32, threads uint8, keyLen uint32, b *testing.B) {
+	password := []byte("password")
+	salt := []byte("choosing random salts is hard")
+	b.ReportAllocs()
+	for i := 0; i < b.N; i++ {
+		deriveKey(mode, password, salt, nil, nil, time, memory, threads, keyLen)
+	}
+}
+
+func BenchmarkArgon2i(b *testing.B) {
+	b.Run(" Time: 3 Memory: 32 MB, Threads: 1", func(b *testing.B) { benchmarkArgon2(argon2i, 3, 32*1024, 1, 32, b) })
+	b.Run(" Time: 4 Memory: 32 MB, Threads: 1", func(b *testing.B) { benchmarkArgon2(argon2i, 4, 32*1024, 1, 32, b) })
+	b.Run(" Time: 5 Memory: 32 MB, Threads: 1", func(b *testing.B) { benchmarkArgon2(argon2i, 5, 32*1024, 1, 32, b) })
+	b.Run(" Time: 3 Memory: 64 MB, Threads: 4", func(b *testing.B) { benchmarkArgon2(argon2i, 3, 64*1024, 4, 32, b) })
+	b.Run(" Time: 4 Memory: 64 MB, Threads: 4", func(b *testing.B) { benchmarkArgon2(argon2i, 4, 64*1024, 4, 32, b) })
+	b.Run(" Time: 5 Memory: 64 MB, Threads: 4", func(b *testing.B) { benchmarkArgon2(argon2i, 5, 64*1024, 4, 32, b) })
+}
+
+func BenchmarkArgon2d(b *testing.B) {
+	b.Run(" Time: 3, Memory: 32 MB, Threads: 1", func(b *testing.B) { benchmarkArgon2(argon2d, 3, 32*1024, 1, 32, b) })
+	b.Run(" Time: 4, Memory: 32 MB, Threads: 1", func(b *testing.B) { benchmarkArgon2(argon2d, 4, 32*1024, 1, 32, b) })
+	b.Run(" Time: 5, Memory: 32 MB, Threads: 1", func(b *testing.B) { benchmarkArgon2(argon2d, 5, 32*1024, 1, 32, b) })
+	b.Run(" Time: 3, Memory: 64 MB, Threads: 4", func(b *testing.B) { benchmarkArgon2(argon2d, 3, 64*1024, 4, 32, b) })
+	b.Run(" Time: 4, Memory: 64 MB, Threads: 4", func(b *testing.B) { benchmarkArgon2(argon2d, 4, 64*1024, 4, 32, b) })
+	b.Run(" Time: 5, Memory: 64 MB, Threads: 4", func(b *testing.B) { benchmarkArgon2(argon2d, 5, 64*1024, 4, 32, b) })
+}
+
+func BenchmarkArgon2id(b *testing.B) {
+	b.Run(" Time: 3, Memory: 32 MB, Threads: 1", func(b *testing.B) { benchmarkArgon2(argon2id, 3, 32*1024, 1, 32, b) })
+	b.Run(" Time: 4, Memory: 32 MB, Threads: 1", func(b *testing.B) { benchmarkArgon2(argon2id, 4, 32*1024, 1, 32, b) })
+	b.Run(" Time: 5, Memory: 32 MB, Threads: 1", func(b *testing.B) { benchmarkArgon2(argon2id, 5, 32*1024, 1, 32, b) })
+	b.Run(" Time: 3, Memory: 64 MB, Threads: 4", func(b *testing.B) { benchmarkArgon2(argon2id, 3, 64*1024, 4, 32, b) })
+	b.Run(" Time: 4, Memory: 64 MB, Threads: 4", func(b *testing.B) { benchmarkArgon2(argon2id, 4, 64*1024, 4, 32, b) })
+	b.Run(" Time: 5, Memory: 64 MB, Threads: 4", func(b *testing.B) { benchmarkArgon2(argon2id, 5, 64*1024, 4, 32, b) })
+}
+
+// Generated with the CLI of https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
+var testVectors = []struct {
+	mode         int
+	time, memory uint32
+	threads      uint8
+	hash         string
+}{
+	{
+		mode: argon2i, time: 1, memory: 64, threads: 1,
+		hash: "b9c401d1844a67d50eae3967dc28870b22e508092e861a37",
+	},
+	{
+		mode: argon2d, time: 1, memory: 64, threads: 1,
+		hash: "8727405fd07c32c78d64f547f24150d3f2e703a89f981a19",
+	},
+	{
+		mode: argon2id, time: 1, memory: 64, threads: 1,
+		hash: "655ad15eac652dc59f7170a7332bf49b8469be1fdb9c28bb",
+	},
+	{
+		mode: argon2i, time: 2, memory: 64, threads: 1,
+		hash: "8cf3d8f76a6617afe35fac48eb0b7433a9a670ca4a07ed64",
+	},
+	{
+		mode: argon2d, time: 2, memory: 64, threads: 1,
+		hash: "3be9ec79a69b75d3752acb59a1fbb8b295a46529c48fbb75",
+	},
+	{
+		mode: argon2id, time: 2, memory: 64, threads: 1,
+		hash: "068d62b26455936aa6ebe60060b0a65870dbfa3ddf8d41f7",
+	},
+	{
+		mode: argon2i, time: 2, memory: 64, threads: 2,
+		hash: "2089f3e78a799720f80af806553128f29b132cafe40d059f",
+	},
+	{
+		mode: argon2d, time: 2, memory: 64, threads: 2,
+		hash: "68e2462c98b8bc6bb60ec68db418ae2c9ed24fc6748a40e9",
+	},
+	{
+		mode: argon2id, time: 2, memory: 64, threads: 2,
+		hash: "350ac37222f436ccb5c0972f1ebd3bf6b958bf2071841362",
+	},
+	{
+		mode: argon2i, time: 3, memory: 256, threads: 2,
+		hash: "f5bbf5d4c3836af13193053155b73ec7476a6a2eb93fd5e6",
+	},
+	{
+		mode: argon2d, time: 3, memory: 256, threads: 2,
+		hash: "f4f0669218eaf3641f39cc97efb915721102f4b128211ef2",
+	},
+	{
+		mode: argon2id, time: 3, memory: 256, threads: 2,
+		hash: "4668d30ac4187e6878eedeacf0fd83c5a0a30db2cc16ef0b",
+	},
+	{
+		mode: argon2i, time: 4, memory: 4096, threads: 4,
+		hash: "a11f7b7f3f93f02ad4bddb59ab62d121e278369288a0d0e7",
+	},
+	{
+		mode: argon2d, time: 4, memory: 4096, threads: 4,
+		hash: "935598181aa8dc2b720914aa6435ac8d3e3a4210c5b0fb2d",
+	},
+	{
+		mode: argon2id, time: 4, memory: 4096, threads: 4,
+		hash: "145db9733a9f4ee43edf33c509be96b934d505a4efb33c5a",
+	},
+	{
+		mode: argon2i, time: 4, memory: 1024, threads: 8,
+		hash: "0cdd3956aa35e6b475a7b0c63488822f774f15b43f6e6e17",
+	},
+	{
+		mode: argon2d, time: 4, memory: 1024, threads: 8,
+		hash: "83604fc2ad0589b9d055578f4d3cc55bc616df3578a896e9",
+	},
+	{
+		mode: argon2id, time: 4, memory: 1024, threads: 8,
+		hash: "8dafa8e004f8ea96bf7c0f93eecf67a6047476143d15577f",
+	},
+	{
+		mode: argon2i, time: 2, memory: 64, threads: 3,
+		hash: "5cab452fe6b8479c8661def8cd703b611a3905a6d5477fe6",
+	},
+	{
+		mode: argon2d, time: 2, memory: 64, threads: 3,
+		hash: "22474a423bda2ccd36ec9afd5119e5c8949798cadf659f51",
+	},
+	{
+		mode: argon2id, time: 2, memory: 64, threads: 3,
+		hash: "4a15b31aec7c2590b87d1f520be7d96f56658172deaa3079",
+	},
+	{
+		mode: argon2i, time: 3, memory: 1024, threads: 6,
+		hash: "d236b29c2b2a09babee842b0dec6aa1e83ccbdea8023dced",
+	},
+	{
+		mode: argon2d, time: 3, memory: 1024, threads: 6,
+		hash: "a3351b0319a53229152023d9206902f4ef59661cdca89481",
+	},
+	{
+		mode: argon2id, time: 3, memory: 1024, threads: 6,
+		hash: "1640b932f4b60e272f5d2207b9a9c626ffa1bd88d2349016",
+	},
+}
diff --git a/argon2/blake2b.go b/argon2/blake2b.go
new file mode 100644
index 000000000..10f46948d
--- /dev/null
+++ b/argon2/blake2b.go
@@ -0,0 +1,53 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package argon2
+
+import (
+	"encoding/binary"
+	"hash"
+
+	"golang.org/x/crypto/blake2b"
+)
+
+// blake2bHash computes an arbitrary long hash value of in
+// and writes the hash to out.
+func blake2bHash(out []byte, in []byte) {
+	var b2 hash.Hash
+	if n := len(out); n < blake2b.Size {
+		b2, _ = blake2b.New(n, nil)
+	} else {
+		b2, _ = blake2b.New512(nil)
+	}
+
+	var buffer [blake2b.Size]byte
+	binary.LittleEndian.PutUint32(buffer[:4], uint32(len(out)))
+	b2.Write(buffer[:4])
+	b2.Write(in)
+
+	if len(out) <= blake2b.Size {
+		b2.Sum(out[:0])
+		return
+	}
+
+	outLen := len(out)
+	b2.Sum(buffer[:0])
+	b2.Reset()
+	copy(out, buffer[:32])
+	out = out[32:]
+	for len(out) > blake2b.Size {
+		b2.Write(buffer[:])
+		b2.Sum(buffer[:0])
+		copy(out, buffer[:32])
+		out = out[32:]
+		b2.Reset()
+	}
+
+	if outLen%blake2b.Size > 0 { // outLen > 64
+		r := ((outLen + 31) / 32) - 2 // ⌈τ /32⌉-2
+		b2, _ = blake2b.New(outLen-32*r, nil)
+	}
+	b2.Write(buffer[:])
+	b2.Sum(out[:0])
+}
diff --git a/argon2/blamka_amd64.go b/argon2/blamka_amd64.go
new file mode 100644
index 000000000..a014ac92a
--- /dev/null
+++ b/argon2/blamka_amd64.go
@@ -0,0 +1,61 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build amd64 && gc && !purego
+// +build amd64,gc,!purego
+
+package argon2
+
+import "golang.org/x/sys/cpu"
+
+func init() {
+	useSSE4 = cpu.X86.HasSSE41
+}
+
+//go:noescape
+func mixBlocksSSE2(out, a, b, c *block)
+
+//go:noescape
+func xorBlocksSSE2(out, a, b, c *block)
+
+//go:noescape
+func blamkaSSE4(b *block)
+
+func processBlockSSE(out, in1, in2 *block, xor bool) {
+	var t block
+	mixBlocksSSE2(&t, in1, in2, &t)
+	if useSSE4 {
+		blamkaSSE4(&t)
+	} else {
+		for i := 0; i < blockLength; i += 16 {
+			blamkaGeneric(
+				&t[i+0], &t[i+1], &t[i+2], &t[i+3],
+				&t[i+4], &t[i+5], &t[i+6], &t[i+7],
+				&t[i+8], &t[i+9], &t[i+10], &t[i+11],
+				&t[i+12], &t[i+13], &t[i+14], &t[i+15],
+			)
+		}
+		for i := 0; i < blockLength/8; i += 2 {
+			blamkaGeneric(
+				&t[i], &t[i+1], &t[16+i], &t[16+i+1],
+				&t[32+i], &t[32+i+1], &t[48+i], &t[48+i+1],
+				&t[64+i], &t[64+i+1], &t[80+i], &t[80+i+1],
+				&t[96+i], &t[96+i+1], &t[112+i], &t[112+i+1],
+			)
+		}
+	}
+	if xor {
+		xorBlocksSSE2(out, in1, in2, &t)
+	} else {
+		mixBlocksSSE2(out, in1, in2, &t)
+	}
+}
+
+func processBlock(out, in1, in2 *block) {
+	processBlockSSE(out, in1, in2, false)
+}
+
+func processBlockXOR(out, in1, in2 *block) {
+	processBlockSSE(out, in1, in2, true)
+}
diff --git a/argon2/blamka_amd64.s b/argon2/blamka_amd64.s
new file mode 100644
index 000000000..b2cc05150
--- /dev/null
+++ b/argon2/blamka_amd64.s
@@ -0,0 +1,244 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build amd64 && gc && !purego
+// +build amd64,gc,!purego
+
+#include "textflag.h"
+
+DATA ·c40<>+0x00(SB)/8, $0x0201000706050403
+DATA ·c40<>+0x08(SB)/8, $0x0a09080f0e0d0c0b
+GLOBL ·c40<>(SB), (NOPTR+RODATA), $16
+
+DATA ·c48<>+0x00(SB)/8, $0x0100070605040302
+DATA ·c48<>+0x08(SB)/8, $0x09080f0e0d0c0b0a
+GLOBL ·c48<>(SB), (NOPTR+RODATA), $16
+
+#define SHUFFLE(v2, v3, v4, v5, v6, v7, t1, t2) \
+	MOVO       v4, t1; \
+	MOVO       v5, v4; \
+	MOVO       t1, v5; \
+	MOVO       v6, t1; \
+	PUNPCKLQDQ v6, t2; \
+	PUNPCKHQDQ v7, v6; \
+	PUNPCKHQDQ t2, v6; \
+	PUNPCKLQDQ v7, t2; \
+	MOVO       t1, v7; \
+	MOVO       v2, t1; \
+	PUNPCKHQDQ t2, v7; \
+	PUNPCKLQDQ v3, t2; \
+	PUNPCKHQDQ t2, v2; \
+	PUNPCKLQDQ t1, t2; \
+	PUNPCKHQDQ t2, v3
+
+#define SHUFFLE_INV(v2, v3, v4, v5, v6, v7, t1, t2) \
+	MOVO       v4, t1; \
+	MOVO       v5, v4; \
+	MOVO       t1, v5; \
+	MOVO       v2, t1; \
+	PUNPCKLQDQ v2, t2; \
+	PUNPCKHQDQ v3, v2; \
+	PUNPCKHQDQ t2, v2; \
+	PUNPCKLQDQ v3, t2; \
+	MOVO       t1, v3; \
+	MOVO       v6, t1; \
+	PUNPCKHQDQ t2, v3; \
+	PUNPCKLQDQ v7, t2; \
+	PUNPCKHQDQ t2, v6; \
+	PUNPCKLQDQ t1, t2; \
+	PUNPCKHQDQ t2, v7
+
+#define HALF_ROUND(v0, v1, v2, v3, v4, v5, v6, v7, t0, c40, c48) \
+	MOVO    v0, t0;        \
+	PMULULQ v2, t0;        \
+	PADDQ   v2, v0;        \
+	PADDQ   t0, v0;        \
+	PADDQ   t0, v0;        \
+	PXOR    v0, v6;        \
+	PSHUFD  $0xB1, v6, v6; \
+	MOVO    v4, t0;        \
+	PMULULQ v6, t0;        \
+	PADDQ   v6, v4;        \
+	PADDQ   t0, v4;        \
+	PADDQ   t0, v4;        \
+	PXOR    v4, v2;        \
+	PSHUFB  c40, v2;       \
+	MOVO    v0, t0;        \
+	PMULULQ v2, t0;        \
+	PADDQ   v2, v0;        \
+	PADDQ   t0, v0;        \
+	PADDQ   t0, v0;        \
+	PXOR    v0, v6;        \
+	PSHUFB  c48, v6;       \
+	MOVO    v4, t0;        \
+	PMULULQ v6, t0;        \
+	PADDQ   v6, v4;        \
+	PADDQ   t0, v4;        \
+	PADDQ   t0, v4;        \
+	PXOR    v4, v2;        \
+	MOVO    v2, t0;        \
+	PADDQ   v2, t0;        \
+	PSRLQ   $63, v2;       \
+	PXOR    t0, v2;        \
+	MOVO    v1, t0;        \
+	PMULULQ v3, t0;        \
+	PADDQ   v3, v1;        \
+	PADDQ   t0, v1;        \
+	PADDQ   t0, v1;        \
+	PXOR    v1, v7;        \
+	PSHUFD  $0xB1, v7, v7; \
+	MOVO    v5, t0;        \
+	PMULULQ v7, t0;        \
+	PADDQ   v7, v5;        \
+	PADDQ   t0, v5;        \
+	PADDQ   t0, v5;        \
+	PXOR    v5, v3;        \
+	PSHUFB  c40, v3;       \
+	MOVO    v1, t0;        \
+	PMULULQ v3, t0;        \
+	PADDQ   v3, v1;        \
+	PADDQ   t0, v1;        \
+	PADDQ   t0, v1;        \
+	PXOR    v1, v7;        \
+	PSHUFB  c48, v7;       \
+	MOVO    v5, t0;        \
+	PMULULQ v7, t0;        \
+	PADDQ   v7, v5;        \
+	PADDQ   t0, v5;        \
+	PADDQ   t0, v5;        \
+	PXOR    v5, v3;        \
+	MOVO    v3, t0;        \
+	PADDQ   v3, t0;        \
+	PSRLQ   $63, v3;       \
+	PXOR    t0, v3
+
+#define LOAD_MSG_0(block, off) \
+	MOVOU 8*(off+0)(block), X0;  \
+	MOVOU 8*(off+2)(block), X1;  \
+	MOVOU 8*(off+4)(block), X2;  \
+	MOVOU 8*(off+6)(block), X3;  \
+	MOVOU 8*(off+8)(block), X4;  \
+	MOVOU 8*(off+10)(block), X5; \
+	MOVOU 8*(off+12)(block), X6; \
+	MOVOU 8*(off+14)(block), X7
+
+#define STORE_MSG_0(block, off) \
+	MOVOU X0, 8*(off+0)(block);  \
+	MOVOU X1, 8*(off+2)(block);  \
+	MOVOU X2, 8*(off+4)(block);  \
+	MOVOU X3, 8*(off+6)(block);  \
+	MOVOU X4, 8*(off+8)(block);  \
+	MOVOU X5, 8*(off+10)(block); \
+	MOVOU X6, 8*(off+12)(block); \
+	MOVOU X7, 8*(off+14)(block)
+
+#define LOAD_MSG_1(block, off) \
+	MOVOU 8*off+0*8(block), X0;  \
+	MOVOU 8*off+16*8(block), X1; \
+	MOVOU 8*off+32*8(block), X2; \
+	MOVOU 8*off+48*8(block), X3; \
+	MOVOU 8*off+64*8(block), X4; \
+	MOVOU 8*off+80*8(block), X5; \
+	MOVOU 8*off+96*8(block), X6; \
+	MOVOU 8*off+112*8(block), X7
+
+#define STORE_MSG_1(block, off) \
+	MOVOU X0, 8*off+0*8(block);  \
+	MOVOU X1, 8*off+16*8(block); \
+	MOVOU X2, 8*off+32*8(block); \
+	MOVOU X3, 8*off+48*8(block); \
+	MOVOU X4, 8*off+64*8(block); \
+	MOVOU X5, 8*off+80*8(block); \
+	MOVOU X6, 8*off+96*8(block); \
+	MOVOU X7, 8*off+112*8(block)
+
+#define BLAMKA_ROUND_0(block, off, t0, t1, c40, c48) \
+	LOAD_MSG_0(block, off);                                   \
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \
+	SHUFFLE(X2, X3, X4, X5, X6, X7, t0, t1);                  \
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, t0, t1);              \
+	STORE_MSG_0(block, off)
+
+#define BLAMKA_ROUND_1(block, off, t0, t1, c40, c48) \
+	LOAD_MSG_1(block, off);                                   \
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \
+	SHUFFLE(X2, X3, X4, X5, X6, X7, t0, t1);                  \
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, t0, c40, c48); \
+	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, t0, t1);              \
+	STORE_MSG_1(block, off)
+
+// func blamkaSSE4(b *block)
+TEXT ·blamkaSSE4(SB), 4, $0-8
+	MOVQ b+0(FP), AX
+
+	MOVOU ·c40<>(SB), X10
+	MOVOU ·c48<>(SB), X11
+
+	BLAMKA_ROUND_0(AX, 0, X8, X9, X10, X11)
+	BLAMKA_ROUND_0(AX, 16, X8, X9, X10, X11)
+	BLAMKA_ROUND_0(AX, 32, X8, X9, X10, X11)
+	BLAMKA_ROUND_0(AX, 48, X8, X9, X10, X11)
+	BLAMKA_ROUND_0(AX, 64, X8, X9, X10, X11)
+	BLAMKA_ROUND_0(AX, 80, X8, X9, X10, X11)
+	BLAMKA_ROUND_0(AX, 96, X8, X9, X10, X11)
+	BLAMKA_ROUND_0(AX, 112, X8, X9, X10, X11)
+
+	BLAMKA_ROUND_1(AX, 0, X8, X9, X10, X11)
+	BLAMKA_ROUND_1(AX, 2, X8, X9, X10, X11)
+	BLAMKA_ROUND_1(AX, 4, X8, X9, X10, X11)
+	BLAMKA_ROUND_1(AX, 6, X8, X9, X10, X11)
+	BLAMKA_ROUND_1(AX, 8, X8, X9, X10, X11)
+	BLAMKA_ROUND_1(AX, 10, X8, X9, X10, X11)
+	BLAMKA_ROUND_1(AX, 12, X8, X9, X10, X11)
+	BLAMKA_ROUND_1(AX, 14, X8, X9, X10, X11)
+	RET
+
+// func mixBlocksSSE2(out, a, b, c *block)
+TEXT ·mixBlocksSSE2(SB), 4, $0-32
+	MOVQ out+0(FP), DX
+	MOVQ a+8(FP), AX
+	MOVQ b+16(FP), BX
+	MOVQ a+24(FP), CX
+	MOVQ $128, BP
+
+loop:
+	MOVOU 0(AX), X0
+	MOVOU 0(BX), X1
+	MOVOU 0(CX), X2
+	PXOR  X1, X0
+	PXOR  X2, X0
+	MOVOU X0, 0(DX)
+	ADDQ  $16, AX
+	ADDQ  $16, BX
+	ADDQ  $16, CX
+	ADDQ  $16, DX
+	SUBQ  $2, BP
+	JA    loop
+	RET
+
+// func xorBlocksSSE2(out, a, b, c *block)
+TEXT ·xorBlocksSSE2(SB), 4, $0-32
+	MOVQ out+0(FP), DX
+	MOVQ a+8(FP), AX
+	MOVQ b+16(FP), BX
+	MOVQ a+24(FP), CX
+	MOVQ $128, BP
+
+loop:
+	MOVOU 0(AX), X0
+	MOVOU 0(BX), X1
+	MOVOU 0(CX), X2
+	MOVOU 0(DX), X3
+	PXOR  X1, X0
+	PXOR  X2, X0
+	PXOR  X3, X0
+	MOVOU X0, 0(DX)
+	ADDQ  $16, AX
+	ADDQ  $16, BX
+	ADDQ  $16, CX
+	ADDQ  $16, DX
+	SUBQ  $2, BP
+	JA    loop
+	RET
diff --git a/argon2/blamka_generic.go b/argon2/blamka_generic.go
new file mode 100644
index 000000000..a481b2243
--- /dev/null
+++ b/argon2/blamka_generic.go
@@ -0,0 +1,163 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package argon2
+
+var useSSE4 bool
+
+func processBlockGeneric(out, in1, in2 *block, xor bool) {
+	var t block
+	for i := range t {
+		t[i] = in1[i] ^ in2[i]
+	}
+	for i := 0; i < blockLength; i += 16 {
+		blamkaGeneric(
+			&t[i+0], &t[i+1], &t[i+2], &t[i+3],
+			&t[i+4], &t[i+5], &t[i+6], &t[i+7],
+			&t[i+8], &t[i+9], &t[i+10], &t[i+11],
+			&t[i+12], &t[i+13], &t[i+14], &t[i+15],
+		)
+	}
+	for i := 0; i < blockLength/8; i += 2 {
+		blamkaGeneric(
+			&t[i], &t[i+1], &t[16+i], &t[16+i+1],
+			&t[32+i], &t[32+i+1], &t[48+i], &t[48+i+1],
+			&t[64+i], &t[64+i+1], &t[80+i], &t[80+i+1],
+			&t[96+i], &t[96+i+1], &t[112+i], &t[112+i+1],
+		)
+	}
+	if xor {
+		for i := range t {
+			out[i] ^= in1[i] ^ in2[i] ^ t[i]
+		}
+	} else {
+		for i := range t {
+			out[i] = in1[i] ^ in2[i] ^ t[i]
+		}
+	}
+}
+
+func blamkaGeneric(t00, t01, t02, t03, t04, t05, t06, t07, t08, t09, t10, t11, t12, t13, t14, t15 *uint64) {
+	v00, v01, v02, v03 := *t00, *t01, *t02, *t03
+	v04, v05, v06, v07 := *t04, *t05, *t06, *t07
+	v08, v09, v10, v11 := *t08, *t09, *t10, *t11
+	v12, v13, v14, v15 := *t12, *t13, *t14, *t15
+
+	v00 += v04 + 2*uint64(uint32(v00))*uint64(uint32(v04))
+	v12 ^= v00
+	v12 = v12>>32 | v12<<32
+	v08 += v12 + 2*uint64(uint32(v08))*uint64(uint32(v12))
+	v04 ^= v08
+	v04 = v04>>24 | v04<<40
+
+	v00 += v04 + 2*uint64(uint32(v00))*uint64(uint32(v04))
+	v12 ^= v00
+	v12 = v12>>16 | v12<<48
+	v08 += v12 + 2*uint64(uint32(v08))*uint64(uint32(v12))
+	v04 ^= v08
+	v04 = v04>>63 | v04<<1
+
+	v01 += v05 + 2*uint64(uint32(v01))*uint64(uint32(v05))
+	v13 ^= v01
+	v13 = v13>>32 | v13<<32
+	v09 += v13 + 2*uint64(uint32(v09))*uint64(uint32(v13))
+	v05 ^= v09
+	v05 = v05>>24 | v05<<40
+
+	v01 += v05 + 2*uint64(uint32(v01))*uint64(uint32(v05))
+	v13 ^= v01
+	v13 = v13>>16 | v13<<48
+	v09 += v13 + 2*uint64(uint32(v09))*uint64(uint32(v13))
+	v05 ^= v09
+	v05 = v05>>63 | v05<<1
+
+	v02 += v06 + 2*uint64(uint32(v02))*uint64(uint32(v06))
+	v14 ^= v02
+	v14 = v14>>32 | v14<<32
+	v10 += v14 + 2*uint64(uint32(v10))*uint64(uint32(v14))
+	v06 ^= v10
+	v06 = v06>>24 | v06<<40
+
+	v02 += v06 + 2*uint64(uint32(v02))*uint64(uint32(v06))
+	v14 ^= v02
+	v14 = v14>>16 | v14<<48
+	v10 += v14 + 2*uint64(uint32(v10))*uint64(uint32(v14))
+	v06 ^= v10
+	v06 = v06>>63 | v06<<1
+
+	v03 += v07 + 2*uint64(uint32(v03))*uint64(uint32(v07))
+	v15 ^= v03
+	v15 = v15>>32 | v15<<32
+	v11 += v15 + 2*uint64(uint32(v11))*uint64(uint32(v15))
+	v07 ^= v11
+	v07 = v07>>24 | v07<<40
+
+	v03 += v07 + 2*uint64(uint32(v03))*uint64(uint32(v07))
+	v15 ^= v03
+	v15 = v15>>16 | v15<<48
+	v11 += v15 + 2*uint64(uint32(v11))*uint64(uint32(v15))
+	v07 ^= v11
+	v07 = v07>>63 | v07<<1
+
+	v00 += v05 + 2*uint64(uint32(v00))*uint64(uint32(v05))
+	v15 ^= v00
+	v15 = v15>>32 | v15<<32
+	v10 += v15 + 2*uint64(uint32(v10))*uint64(uint32(v15))
+	v05 ^= v10
+	v05 = v05>>24 | v05<<40
+
+	v00 += v05 + 2*uint64(uint32(v00))*uint64(uint32(v05))
+	v15 ^= v00
+	v15 = v15>>16 | v15<<48
+	v10 += v15 + 2*uint64(uint32(v10))*uint64(uint32(v15))
+	v05 ^= v10
+	v05 = v05>>63 | v05<<1
+
+	v01 += v06 + 2*uint64(uint32(v01))*uint64(uint32(v06))
+	v12 ^= v01
+	v12 = v12>>32 | v12<<32
+	v11 += v12 + 2*uint64(uint32(v11))*uint64(uint32(v12))
+	v06 ^= v11
+	v06 = v06>>24 | v06<<40
+
+	v01 += v06 + 2*uint64(uint32(v01))*uint64(uint32(v06))
+	v12 ^= v01
+	v12 = v12>>16 | v12<<48
+	v11 += v12 + 2*uint64(uint32(v11))*uint64(uint32(v12))
+	v06 ^= v11
+	v06 = v06>>63 | v06<<1
+
+	v02 += v07 + 2*uint64(uint32(v02))*uint64(uint32(v07))
+	v13 ^= v02
+	v13 = v13>>32 | v13<<32
+	v08 += v13 + 2*uint64(uint32(v08))*uint64(uint32(v13))
+	v07 ^= v08
+	v07 = v07>>24 | v07<<40
+
+	v02 += v07 + 2*uint64(uint32(v02))*uint64(uint32(v07))
+	v13 ^= v02
+	v13 = v13>>16 | v13<<48
+	v08 += v13 + 2*uint64(uint32(v08))*uint64(uint32(v13))
+	v07 ^= v08
+	v07 = v07>>63 | v07<<1
+
+	v03 += v04 + 2*uint64(uint32(v03))*uint64(uint32(v04))
+	v14 ^= v03
+	v14 = v14>>32 | v14<<32
+	v09 += v14 + 2*uint64(uint32(v09))*uint64(uint32(v14))
+	v04 ^= v09
+	v04 = v04>>24 | v04<<40
+
+	v03 += v04 + 2*uint64(uint32(v03))*uint64(uint32(v04))
+	v14 ^= v03
+	v14 = v14>>16 | v14<<48
+	v09 += v14 + 2*uint64(uint32(v09))*uint64(uint32(v14))
+	v04 ^= v09
+	v04 = v04>>63 | v04<<1
+
+	*t00, *t01, *t02, *t03 = v00, v01, v02, v03
+	*t04, *t05, *t06, *t07 = v04, v05, v06, v07
+	*t08, *t09, *t10, *t11 = v08, v09, v10, v11
+	*t12, *t13, *t14, *t15 = v12, v13, v14, v15
+}
diff --git a/argon2/blamka_ref.go b/argon2/blamka_ref.go
new file mode 100644
index 000000000..167c59d2d
--- /dev/null
+++ b/argon2/blamka_ref.go
@@ -0,0 +1,16 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !amd64 || purego || !gc
+// +build !amd64 purego !gc
+
+package argon2
+
+func processBlock(out, in1, in2 *block) {
+	processBlockGeneric(out, in1, in2, false)
+}
+
+func processBlockXOR(out, in1, in2 *block) {
+	processBlockGeneric(out, in1, in2, true)
+}
diff --git a/bcrypt/bcrypt.go b/bcrypt/bcrypt.go
index 202fa8aff..aeb73f81a 100644
--- a/bcrypt/bcrypt.go
+++ b/bcrypt/bcrypt.go
@@ -241,11 +241,11 @@ func (p *hashed) Hash() []byte {
 		n = 3
 	}
 	arr[n] = '$'
-	n += 1
+	n++
 	copy(arr[n:], []byte(fmt.Sprintf("%02d", p.cost)))
 	n += 2
 	arr[n] = '$'
-	n += 1
+	n++
 	copy(arr[n:], p.salt)
 	n += encodedSaltSize
 	copy(arr[n:], p.hash)
diff --git a/bcrypt/bcrypt_test.go b/bcrypt/bcrypt_test.go
index aecf759eb..b7162d821 100644
--- a/bcrypt/bcrypt_test.go
+++ b/bcrypt/bcrypt_test.go
@@ -209,19 +209,19 @@ func TestMinorNotRequired(t *testing.T) {
 func BenchmarkEqual(b *testing.B) {
 	b.StopTimer()
 	passwd := []byte("somepasswordyoulike")
-	hash, _ := GenerateFromPassword(passwd, 10)
+	hash, _ := GenerateFromPassword(passwd, DefaultCost)
 	b.StartTimer()
 	for i := 0; i < b.N; i++ {
 		CompareHashAndPassword(hash, passwd)
 	}
 }
 
-func BenchmarkGeneration(b *testing.B) {
+func BenchmarkDefaultCost(b *testing.B) {
 	b.StopTimer()
 	passwd := []byte("mylongpassword1234")
 	b.StartTimer()
 	for i := 0; i < b.N; i++ {
-		GenerateFromPassword(passwd, 10)
+		GenerateFromPassword(passwd, DefaultCost)
 	}
 }
 
diff --git a/blake2b/blake2b.go b/blake2b/blake2b.go
index 7f0a86e44..d2e98d429 100644
--- a/blake2b/blake2b.go
+++ b/blake2b/blake2b.go
@@ -5,6 +5,8 @@
 // Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693
 // and the extendable output function (XOF) BLAKE2Xb.
 //
+// BLAKE2b is optimized for 64-bit platforms—including NEON-enabled ARMs—and
+// produces digests of any size between 1 and 64 bytes.
 // For a detailed specification of BLAKE2b see https://blake2.net/blake2.pdf
 // and for BLAKE2Xb see https://blake2.net/blake2x.pdf
 //
@@ -39,7 +41,10 @@ var (
 	useSSE4 bool
 )
 
-var errKeySize = errors.New("blake2b: invalid key size")
+var (
+	errKeySize  = errors.New("blake2b: invalid key size")
+	errHashSize = errors.New("blake2b: invalid hash size")
+)
 
 var iv = [8]uint64{
 	0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
@@ -72,18 +77,31 @@ func Sum256(data []byte) [Size256]byte {
 }
 
 // New512 returns a new hash.Hash computing the BLAKE2b-512 checksum. A non-nil
-// key turns the hash into a MAC. The key must between zero and 64 bytes long.
+// key turns the hash into a MAC. The key must be between zero and 64 bytes long.
 func New512(key []byte) (hash.Hash, error) { return newDigest(Size, key) }
 
 // New384 returns a new hash.Hash computing the BLAKE2b-384 checksum. A non-nil
-// key turns the hash into a MAC. The key must between zero and 64 bytes long.
+// key turns the hash into a MAC. The key must be between zero and 64 bytes long.
 func New384(key []byte) (hash.Hash, error) { return newDigest(Size384, key) }
 
 // New256 returns a new hash.Hash computing the BLAKE2b-256 checksum. A non-nil
-// key turns the hash into a MAC. The key must between zero and 64 bytes long.
+// key turns the hash into a MAC. The key must be between zero and 64 bytes long.
 func New256(key []byte) (hash.Hash, error) { return newDigest(Size256, key) }
 
+// New returns a new hash.Hash computing the BLAKE2b checksum with a custom length.
+// A non-nil key turns the hash into a MAC. The key must be between zero and 64 bytes long.
+// The hash size can be a value between 1 and 64 but it is highly recommended to use
+// values equal or greater than:
+// - 32 if BLAKE2b is used as a hash function (The key is zero bytes long).
+// - 16 if BLAKE2b is used as a MAC function (The key is at least 16 bytes long).
+// When the key is nil, the returned hash.Hash implements BinaryMarshaler
+// and BinaryUnmarshaler for state (de)serialization as documented by hash.Hash.
+func New(size int, key []byte) (hash.Hash, error) { return newDigest(size, key) }
+
 func newDigest(hashSize int, key []byte) (*digest, error) {
+	if hashSize < 1 || hashSize > Size {
+		return nil, errHashSize
+	}
 	if len(key) > Size {
 		return nil, errKeySize
 	}
@@ -136,6 +154,50 @@ type digest struct {
 	keyLen int
 }
 
+const (
+	magic         = "b2b"
+	marshaledSize = len(magic) + 8*8 + 2*8 + 1 + BlockSize + 1
+)
+
+func (d *digest) MarshalBinary() ([]byte, error) {
+	if d.keyLen != 0 {
+		return nil, errors.New("crypto/blake2b: cannot marshal MACs")
+	}
+	b := make([]byte, 0, marshaledSize)
+	b = append(b, magic...)
+	for i := 0; i < 8; i++ {
+		b = appendUint64(b, d.h[i])
+	}
+	b = appendUint64(b, d.c[0])
+	b = appendUint64(b, d.c[1])
+	// Maximum value for size is 64
+	b = append(b, byte(d.size))
+	b = append(b, d.block[:]...)
+	b = append(b, byte(d.offset))
+	return b, nil
+}
+
+func (d *digest) UnmarshalBinary(b []byte) error {
+	if len(b) < len(magic) || string(b[:len(magic)]) != magic {
+		return errors.New("crypto/blake2b: invalid hash state identifier")
+	}
+	if len(b) != marshaledSize {
+		return errors.New("crypto/blake2b: invalid hash state size")
+	}
+	b = b[len(magic):]
+	for i := 0; i < 8; i++ {
+		b, d.h[i] = consumeUint64(b)
+	}
+	b, d.c[0] = consumeUint64(b)
+	b, d.c[1] = consumeUint64(b)
+	d.size = int(b[0])
+	b = b[1:]
+	copy(d.block[:], b[:BlockSize])
+	b = b[BlockSize:]
+	d.offset = int(b[0])
+	return nil
+}
+
 func (d *digest) BlockSize() int { return BlockSize }
 
 func (d *digest) Size() int { return d.size }
@@ -205,3 +267,25 @@ func (d *digest) finalize(hash *[Size]byte) {
 		binary.LittleEndian.PutUint64(hash[8*i:], v)
 	}
 }
+
+func appendUint64(b []byte, x uint64) []byte {
+	var a [8]byte
+	binary.BigEndian.PutUint64(a[:], x)
+	return append(b, a[:]...)
+}
+
+func appendUint32(b []byte, x uint32) []byte {
+	var a [4]byte
+	binary.BigEndian.PutUint32(a[:], x)
+	return append(b, a[:]...)
+}
+
+func consumeUint64(b []byte) ([]byte, uint64) {
+	x := binary.BigEndian.Uint64(b)
+	return b[8:], x
+}
+
+func consumeUint32(b []byte) ([]byte, uint32) {
+	x := binary.BigEndian.Uint32(b)
+	return b[4:], x
+}
diff --git a/blake2b/blake2bAVX2_amd64.go b/blake2b/blake2bAVX2_amd64.go
index 8c41cf6c7..56bfaaa17 100644
--- a/blake2b/blake2bAVX2_amd64.go
+++ b/blake2b/blake2bAVX2_amd64.go
@@ -2,25 +2,19 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.7,amd64,!gccgo,!appengine
+//go:build go1.7 && amd64 && gc && !purego
+// +build go1.7,amd64,gc,!purego
 
 package blake2b
 
+import "golang.org/x/sys/cpu"
+
 func init() {
-	useAVX2 = supportsAVX2()
-	useAVX = supportsAVX()
-	useSSE4 = supportsSSE4()
+	useAVX2 = cpu.X86.HasAVX2
+	useAVX = cpu.X86.HasAVX
+	useSSE4 = cpu.X86.HasSSE41
 }
 
-//go:noescape
-func supportsSSE4() bool
-
-//go:noescape
-func supportsAVX() bool
-
-//go:noescape
-func supportsAVX2() bool
-
 //go:noescape
 func hashBlocksAVX2(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
 
@@ -31,13 +25,14 @@ func hashBlocksAVX(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
 func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
 
 func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
-	if useAVX2 {
+	switch {
+	case useAVX2:
 		hashBlocksAVX2(h, c, flag, blocks)
-	} else if useAVX {
+	case useAVX:
 		hashBlocksAVX(h, c, flag, blocks)
-	} else if useSSE4 {
+	case useSSE4:
 		hashBlocksSSE4(h, c, flag, blocks)
-	} else {
+	default:
 		hashBlocksGeneric(h, c, flag, blocks)
 	}
 }
diff --git a/blake2b/blake2bAVX2_amd64.s b/blake2b/blake2bAVX2_amd64.s
index 784bce6a9..4b9daa18d 100644
--- a/blake2b/blake2bAVX2_amd64.s
+++ b/blake2b/blake2bAVX2_amd64.s
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.7,amd64,!gccgo,!appengine
+//go:build go1.7 && amd64 && gc && !purego
+// +build go1.7,amd64,gc,!purego
 
 #include "textflag.h"
 
@@ -282,14 +283,12 @@ TEXT ·hashBlocksAVX2(SB), 4, $320-48 // frame size = 288 + 32 byte alignment
 	MOVQ blocks_len+32(FP), DI
 
 	MOVQ SP, DX
-	MOVQ SP, R9
-	ADDQ $31, R9
-	ANDQ $~31, R9
-	MOVQ R9, SP
+	ADDQ $31, DX
+	ANDQ $~31, DX
 
-	MOVQ CX, 16(SP)
+	MOVQ CX, 16(DX)
 	XORQ CX, CX
-	MOVQ CX, 24(SP)
+	MOVQ CX, 24(DX)
 
 	VMOVDQU ·AVX2_c40<>(SB), Y4
 	VMOVDQU ·AVX2_c48<>(SB), Y5
@@ -301,33 +300,33 @@ TEXT ·hashBlocksAVX2(SB), 4, $320-48 // frame size = 288 + 32 byte alignment
 
 	MOVQ 0(BX), R8
 	MOVQ 8(BX), R9
-	MOVQ R9, 8(SP)
+	MOVQ R9, 8(DX)
 
 loop:
 	ADDQ $128, R8
-	MOVQ R8, 0(SP)
+	MOVQ R8, 0(DX)
 	CMPQ R8, $128
 	JGE  noinc
 	INCQ R9
-	MOVQ R9, 8(SP)
+	MOVQ R9, 8(DX)
 
 noinc:
 	VMOVDQA Y8, Y0
 	VMOVDQA Y9, Y1
 	VMOVDQA Y6, Y2
-	VPXOR   0(SP), Y7, Y3
+	VPXOR   0(DX), Y7, Y3
 
 	LOAD_MSG_AVX2_0_2_4_6_1_3_5_7_8_10_12_14_9_11_13_15()
-	VMOVDQA Y12, 32(SP)
-	VMOVDQA Y13, 64(SP)
-	VMOVDQA Y14, 96(SP)
-	VMOVDQA Y15, 128(SP)
+	VMOVDQA Y12, 32(DX)
+	VMOVDQA Y13, 64(DX)
+	VMOVDQA Y14, 96(DX)
+	VMOVDQA Y15, 128(DX)
 	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
 	LOAD_MSG_AVX2_14_4_9_13_10_8_15_6_1_0_11_5_12_2_7_3()
-	VMOVDQA Y12, 160(SP)
-	VMOVDQA Y13, 192(SP)
-	VMOVDQA Y14, 224(SP)
-	VMOVDQA Y15, 256(SP)
+	VMOVDQA Y12, 160(DX)
+	VMOVDQA Y13, 192(DX)
+	VMOVDQA Y14, 224(DX)
+	VMOVDQA Y15, 256(DX)
 
 	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
 	LOAD_MSG_AVX2_11_12_5_15_8_0_2_13_10_3_7_9_14_6_1_4()
@@ -347,8 +346,8 @@ noinc:
 	LOAD_MSG_AVX2_10_8_7_1_2_4_6_5_15_9_3_13_11_14_12_0()
 	ROUND_AVX2(Y12, Y13, Y14, Y15, Y10, Y4, Y5)
 
-	ROUND_AVX2(32(SP), 64(SP), 96(SP), 128(SP), Y10, Y4, Y5)
-	ROUND_AVX2(160(SP), 192(SP), 224(SP), 256(SP), Y10, Y4, Y5)
+	ROUND_AVX2(32(DX), 64(DX), 96(DX), 128(DX), Y10, Y4, Y5)
+	ROUND_AVX2(160(DX), 192(DX), 224(DX), 256(DX), Y10, Y4, Y5)
 
 	VPXOR Y0, Y8, Y8
 	VPXOR Y1, Y9, Y9
@@ -366,7 +365,6 @@ noinc:
 	VMOVDQU Y9, 32(AX)
 	VZEROUPPER
 
-	MOVQ DX, SP
 	RET
 
 #define VPUNPCKLQDQ_X2_X2_X15 BYTE $0xC5; BYTE $0x69; BYTE $0x6C; BYTE $0xFA
@@ -584,11 +582,9 @@ TEXT ·hashBlocksAVX(SB), 4, $288-48 // frame size = 272 + 16 byte alignment
 	MOVQ blocks_base+24(FP), SI
 	MOVQ blocks_len+32(FP), DI
 
-	MOVQ SP, BP
-	MOVQ SP, R9
-	ADDQ $15, R9
-	ANDQ $~15, R9
-	MOVQ R9, SP
+	MOVQ SP, R10
+	ADDQ $15, R10
+	ANDQ $~15, R10
 
 	VMOVDQU ·AVX_c40<>(SB), X0
 	VMOVDQU ·AVX_c48<>(SB), X1
@@ -596,8 +592,8 @@ TEXT ·hashBlocksAVX(SB), 4, $288-48 // frame size = 272 + 16 byte alignment
 	VMOVDQA X1, X9
 
 	VMOVDQU ·AVX_iv3<>(SB), X0
-	VMOVDQA X0, 0(SP)
-	XORQ    CX, 0(SP)          // 0(SP) = ·AVX_iv3 ^ (CX || 0)
+	VMOVDQA X0, 0(R10)
+	XORQ    CX, 0(R10)          // 0(R10) = ·AVX_iv3 ^ (CX || 0)
 
 	VMOVDQU 0(AX), X10
 	VMOVDQU 16(AX), X11
@@ -624,35 +620,35 @@ noinc:
 	VMOVDQU ·AVX_iv2<>(SB), X6
 
 	VPXOR   X15, X6, X6
-	VMOVDQA 0(SP), X7
+	VMOVDQA 0(R10), X7
 
 	LOAD_MSG_AVX_0_2_4_6_1_3_5_7()
-	VMOVDQA X12, 16(SP)
-	VMOVDQA X13, 32(SP)
-	VMOVDQA X14, 48(SP)
-	VMOVDQA X15, 64(SP)
+	VMOVDQA X12, 16(R10)
+	VMOVDQA X13, 32(R10)
+	VMOVDQA X14, 48(R10)
+	VMOVDQA X15, 64(R10)
 	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
 	SHUFFLE_AVX()
 	LOAD_MSG_AVX(8, 10, 12, 14, 9, 11, 13, 15)
-	VMOVDQA X12, 80(SP)
-	VMOVDQA X13, 96(SP)
-	VMOVDQA X14, 112(SP)
-	VMOVDQA X15, 128(SP)
+	VMOVDQA X12, 80(R10)
+	VMOVDQA X13, 96(R10)
+	VMOVDQA X14, 112(R10)
+	VMOVDQA X15, 128(R10)
 	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
 	SHUFFLE_AVX_INV()
 
 	LOAD_MSG_AVX(14, 4, 9, 13, 10, 8, 15, 6)
-	VMOVDQA X12, 144(SP)
-	VMOVDQA X13, 160(SP)
-	VMOVDQA X14, 176(SP)
-	VMOVDQA X15, 192(SP)
+	VMOVDQA X12, 144(R10)
+	VMOVDQA X13, 160(R10)
+	VMOVDQA X14, 176(R10)
+	VMOVDQA X15, 192(R10)
 	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
 	SHUFFLE_AVX()
 	LOAD_MSG_AVX_1_0_11_5_12_2_7_3()
-	VMOVDQA X12, 208(SP)
-	VMOVDQA X13, 224(SP)
-	VMOVDQA X14, 240(SP)
-	VMOVDQA X15, 256(SP)
+	VMOVDQA X12, 208(R10)
+	VMOVDQA X13, 224(R10)
+	VMOVDQA X14, 240(R10)
+	VMOVDQA X15, 256(R10)
 	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
 	SHUFFLE_AVX_INV()
 
@@ -712,14 +708,14 @@ noinc:
 	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, X12, X13, X14, X15, X15, X8, X9)
 	SHUFFLE_AVX_INV()
 
-	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 16(SP), 32(SP), 48(SP), 64(SP), X15, X8, X9)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 16(R10), 32(R10), 48(R10), 64(R10), X15, X8, X9)
 	SHUFFLE_AVX()
-	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 80(SP), 96(SP), 112(SP), 128(SP), X15, X8, X9)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 80(R10), 96(R10), 112(R10), 128(R10), X15, X8, X9)
 	SHUFFLE_AVX_INV()
 
-	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 144(SP), 160(SP), 176(SP), 192(SP), X15, X8, X9)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 144(R10), 160(R10), 176(R10), 192(R10), X15, X8, X9)
 	SHUFFLE_AVX()
-	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 208(SP), 224(SP), 240(SP), 256(SP), X15, X8, X9)
+	HALF_ROUND_AVX(X0, X1, X2, X3, X4, X5, X6, X7, 208(R10), 224(R10), 240(R10), 256(R10), X15, X8, X9)
 	SHUFFLE_AVX_INV()
 
 	VMOVDQU 32(AX), X14
@@ -746,17 +742,4 @@ noinc:
 	MOVQ R9, 8(BX)
 	VZEROUPPER
 
-	MOVQ BP, SP
-	RET
-
-// func supportsAVX2() bool
-TEXT ·supportsAVX2(SB), 4, $0-1
-	MOVQ runtime·support_avx2(SB), AX
-	MOVB AX, ret+0(FP)
-	RET
-
-// func supportsAVX() bool
-TEXT ·supportsAVX(SB), 4, $0-1
-	MOVQ runtime·support_avx(SB), AX
-	MOVB AX, ret+0(FP)
 	RET
diff --git a/blake2b/blake2b_amd64.go b/blake2b/blake2b_amd64.go
index 2ab7c30fc..5fa1b3284 100644
--- a/blake2b/blake2b_amd64.go
+++ b/blake2b/blake2b_amd64.go
@@ -2,17 +2,17 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !go1.7,amd64,!gccgo,!appengine
+//go:build !go1.7 && amd64 && gc && !purego
+// +build !go1.7,amd64,gc,!purego
 
 package blake2b
 
+import "golang.org/x/sys/cpu"
+
 func init() {
-	useSSE4 = supportsSSE4()
+	useSSE4 = cpu.X86.HasSSE41
 }
 
-//go:noescape
-func supportsSSE4() bool
-
 //go:noescape
 func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
 
diff --git a/blake2b/blake2b_amd64.s b/blake2b/blake2b_amd64.s
index 64530740b..ae75eb9af 100644
--- a/blake2b/blake2b_amd64.s
+++ b/blake2b/blake2b_amd64.s
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!gccgo,!appengine
+//go:build amd64 && gc && !purego
+// +build amd64,gc,!purego
 
 #include "textflag.h"
 
@@ -118,15 +119,13 @@ TEXT ·hashBlocksSSE4(SB), 4, $288-48 // frame size = 272 + 16 byte alignment
 	MOVQ blocks_base+24(FP), SI
 	MOVQ blocks_len+32(FP), DI
 
-	MOVQ SP, BP
-	MOVQ SP, R9
-	ADDQ $15, R9
-	ANDQ $~15, R9
-	MOVQ R9, SP
+	MOVQ SP, R10
+	ADDQ $15, R10
+	ANDQ $~15, R10
 
 	MOVOU ·iv3<>(SB), X0
-	MOVO  X0, 0(SP)
-	XORQ  CX, 0(SP)     // 0(SP) = ·iv3 ^ (CX || 0)
+	MOVO  X0, 0(R10)
+	XORQ  CX, 0(R10)     // 0(R10) = ·iv3 ^ (CX || 0)
 
 	MOVOU ·c40<>(SB), X13
 	MOVOU ·c48<>(SB), X14
@@ -156,35 +155,35 @@ noinc:
 	MOVOU ·iv2<>(SB), X6
 
 	PXOR X8, X6
-	MOVO 0(SP), X7
+	MOVO 0(R10), X7
 
 	LOAD_MSG(X8, X9, X10, X11, SI, 0, 2, 4, 6, 1, 3, 5, 7)
-	MOVO X8, 16(SP)
-	MOVO X9, 32(SP)
-	MOVO X10, 48(SP)
-	MOVO X11, 64(SP)
+	MOVO X8, 16(R10)
+	MOVO X9, 32(R10)
+	MOVO X10, 48(R10)
+	MOVO X11, 64(R10)
 	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
 	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
 	LOAD_MSG(X8, X9, X10, X11, SI, 8, 10, 12, 14, 9, 11, 13, 15)
-	MOVO X8, 80(SP)
-	MOVO X9, 96(SP)
-	MOVO X10, 112(SP)
-	MOVO X11, 128(SP)
+	MOVO X8, 80(R10)
+	MOVO X9, 96(R10)
+	MOVO X10, 112(R10)
+	MOVO X11, 128(R10)
 	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
 	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
 
 	LOAD_MSG(X8, X9, X10, X11, SI, 14, 4, 9, 13, 10, 8, 15, 6)
-	MOVO X8, 144(SP)
-	MOVO X9, 160(SP)
-	MOVO X10, 176(SP)
-	MOVO X11, 192(SP)
+	MOVO X8, 144(R10)
+	MOVO X9, 160(R10)
+	MOVO X10, 176(R10)
+	MOVO X11, 192(R10)
 	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
 	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
 	LOAD_MSG(X8, X9, X10, X11, SI, 1, 0, 11, 5, 12, 2, 7, 3)
-	MOVO X8, 208(SP)
-	MOVO X9, 224(SP)
-	MOVO X10, 240(SP)
-	MOVO X11, 256(SP)
+	MOVO X8, 208(R10)
+	MOVO X9, 224(R10)
+	MOVO X10, 240(R10)
+	MOVO X11, 256(R10)
 	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
 	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
 
@@ -244,14 +243,14 @@ noinc:
 	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X11, X13, X14)
 	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
 
-	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 16(SP), 32(SP), 48(SP), 64(SP), X11, X13, X14)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 16(R10), 32(R10), 48(R10), 64(R10), X11, X13, X14)
 	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
-	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 80(SP), 96(SP), 112(SP), 128(SP), X11, X13, X14)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 80(R10), 96(R10), 112(R10), 128(R10), X11, X13, X14)
 	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
 
-	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 144(SP), 160(SP), 176(SP), 192(SP), X11, X13, X14)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 144(R10), 160(R10), 176(R10), 192(R10), X11, X13, X14)
 	SHUFFLE(X2, X3, X4, X5, X6, X7, X8, X9)
-	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 208(SP), 224(SP), 240(SP), 256(SP), X11, X13, X14)
+	HALF_ROUND(X0, X1, X2, X3, X4, X5, X6, X7, 208(R10), 224(R10), 240(R10), 256(R10), X11, X13, X14)
 	SHUFFLE_INV(X2, X3, X4, X5, X6, X7, X8, X9)
 
 	MOVOU 32(AX), X10
@@ -277,14 +276,4 @@ noinc:
 	MOVQ R8, 0(BX)
 	MOVQ R9, 8(BX)
 
-	MOVQ BP, SP
-	RET
-
-// func supportsSSE4() bool
-TEXT ·supportsSSE4(SB), 4, $0-1
-	MOVL $1, AX
-	CPUID
-	SHRL $19, CX  // Bit 19 indicates SSE4 support
-	ANDL $1, CX  // CX != 0 if support SSE4
-	MOVB CX, ret+0(FP)
 	RET
diff --git a/blake2b/blake2b_generic.go b/blake2b/blake2b_generic.go
index 4bd2abc91..3168a8aa3 100644
--- a/blake2b/blake2b_generic.go
+++ b/blake2b/blake2b_generic.go
@@ -4,7 +4,10 @@
 
 package blake2b
 
-import "encoding/binary"
+import (
+	"encoding/binary"
+	"math/bits"
+)
 
 // the precomputed values for BLAKE2b
 // there are 12 16-byte arrays - one for each round
@@ -51,118 +54,118 @@ func hashBlocksGeneric(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
 			v0 += m[s[0]]
 			v0 += v4
 			v12 ^= v0
-			v12 = v12<<(64-32) | v12>>32
+			v12 = bits.RotateLeft64(v12, -32)
 			v8 += v12
 			v4 ^= v8
-			v4 = v4<<(64-24) | v4>>24
+			v4 = bits.RotateLeft64(v4, -24)
 			v1 += m[s[1]]
 			v1 += v5
 			v13 ^= v1
-			v13 = v13<<(64-32) | v13>>32
+			v13 = bits.RotateLeft64(v13, -32)
 			v9 += v13
 			v5 ^= v9
-			v5 = v5<<(64-24) | v5>>24
+			v5 = bits.RotateLeft64(v5, -24)
 			v2 += m[s[2]]
 			v2 += v6
 			v14 ^= v2
-			v14 = v14<<(64-32) | v14>>32
+			v14 = bits.RotateLeft64(v14, -32)
 			v10 += v14
 			v6 ^= v10
-			v6 = v6<<(64-24) | v6>>24
+			v6 = bits.RotateLeft64(v6, -24)
 			v3 += m[s[3]]
 			v3 += v7
 			v15 ^= v3
-			v15 = v15<<(64-32) | v15>>32
+			v15 = bits.RotateLeft64(v15, -32)
 			v11 += v15
 			v7 ^= v11
-			v7 = v7<<(64-24) | v7>>24
+			v7 = bits.RotateLeft64(v7, -24)
 
 			v0 += m[s[4]]
 			v0 += v4
 			v12 ^= v0
-			v12 = v12<<(64-16) | v12>>16
+			v12 = bits.RotateLeft64(v12, -16)
 			v8 += v12
 			v4 ^= v8
-			v4 = v4<<(64-63) | v4>>63
+			v4 = bits.RotateLeft64(v4, -63)
 			v1 += m[s[5]]
 			v1 += v5
 			v13 ^= v1
-			v13 = v13<<(64-16) | v13>>16
+			v13 = bits.RotateLeft64(v13, -16)
 			v9 += v13
 			v5 ^= v9
-			v5 = v5<<(64-63) | v5>>63
+			v5 = bits.RotateLeft64(v5, -63)
 			v2 += m[s[6]]
 			v2 += v6
 			v14 ^= v2
-			v14 = v14<<(64-16) | v14>>16
+			v14 = bits.RotateLeft64(v14, -16)
 			v10 += v14
 			v6 ^= v10
-			v6 = v6<<(64-63) | v6>>63
+			v6 = bits.RotateLeft64(v6, -63)
 			v3 += m[s[7]]
 			v3 += v7
 			v15 ^= v3
-			v15 = v15<<(64-16) | v15>>16
+			v15 = bits.RotateLeft64(v15, -16)
 			v11 += v15
 			v7 ^= v11
-			v7 = v7<<(64-63) | v7>>63
+			v7 = bits.RotateLeft64(v7, -63)
 
 			v0 += m[s[8]]
 			v0 += v5
 			v15 ^= v0
-			v15 = v15<<(64-32) | v15>>32
+			v15 = bits.RotateLeft64(v15, -32)
 			v10 += v15
 			v5 ^= v10
-			v5 = v5<<(64-24) | v5>>24
+			v5 = bits.RotateLeft64(v5, -24)
 			v1 += m[s[9]]
 			v1 += v6
 			v12 ^= v1
-			v12 = v12<<(64-32) | v12>>32
+			v12 = bits.RotateLeft64(v12, -32)
 			v11 += v12
 			v6 ^= v11
-			v6 = v6<<(64-24) | v6>>24
+			v6 = bits.RotateLeft64(v6, -24)
 			v2 += m[s[10]]
 			v2 += v7
 			v13 ^= v2
-			v13 = v13<<(64-32) | v13>>32
+			v13 = bits.RotateLeft64(v13, -32)
 			v8 += v13
 			v7 ^= v8
-			v7 = v7<<(64-24) | v7>>24
+			v7 = bits.RotateLeft64(v7, -24)
 			v3 += m[s[11]]
 			v3 += v4
 			v14 ^= v3
-			v14 = v14<<(64-32) | v14>>32
+			v14 = bits.RotateLeft64(v14, -32)
 			v9 += v14
 			v4 ^= v9
-			v4 = v4<<(64-24) | v4>>24
+			v4 = bits.RotateLeft64(v4, -24)
 
 			v0 += m[s[12]]
 			v0 += v5
 			v15 ^= v0
-			v15 = v15<<(64-16) | v15>>16
+			v15 = bits.RotateLeft64(v15, -16)
 			v10 += v15
 			v5 ^= v10
-			v5 = v5<<(64-63) | v5>>63
+			v5 = bits.RotateLeft64(v5, -63)
 			v1 += m[s[13]]
 			v1 += v6
 			v12 ^= v1
-			v12 = v12<<(64-16) | v12>>16
+			v12 = bits.RotateLeft64(v12, -16)
 			v11 += v12
 			v6 ^= v11
-			v6 = v6<<(64-63) | v6>>63
+			v6 = bits.RotateLeft64(v6, -63)
 			v2 += m[s[14]]
 			v2 += v7
 			v13 ^= v2
-			v13 = v13<<(64-16) | v13>>16
+			v13 = bits.RotateLeft64(v13, -16)
 			v8 += v13
 			v7 ^= v8
-			v7 = v7<<(64-63) | v7>>63
+			v7 = bits.RotateLeft64(v7, -63)
 			v3 += m[s[15]]
 			v3 += v4
 			v14 ^= v3
-			v14 = v14<<(64-16) | v14>>16
+			v14 = bits.RotateLeft64(v14, -16)
 			v9 += v14
 			v4 ^= v9
-			v4 = v4<<(64-63) | v4>>63
+			v4 = bits.RotateLeft64(v4, -63)
 
 		}
 
diff --git a/blake2b/blake2b_ref.go b/blake2b/blake2b_ref.go
index da156a1ba..b0137cdf0 100644
--- a/blake2b/blake2b_ref.go
+++ b/blake2b/blake2b_ref.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !amd64 appengine gccgo
+//go:build !amd64 || purego || !gc
+// +build !amd64 purego !gc
 
 package blake2b
 
diff --git a/blake2b/blake2b_test.go b/blake2b/blake2b_test.go
index 4aa49579a..723327ab5 100644
--- a/blake2b/blake2b_test.go
+++ b/blake2b/blake2b_test.go
@@ -6,6 +6,7 @@ package blake2b
 
 import (
 	"bytes"
+	"encoding"
 	"encoding/hex"
 	"fmt"
 	"hash"
@@ -69,6 +70,54 @@ func TestHashes2X(t *testing.T) {
 	testHashes2X(t)
 }
 
+func TestMarshal(t *testing.T) {
+	input := make([]byte, 255)
+	for i := range input {
+		input[i] = byte(i)
+	}
+	for _, size := range []int{Size, Size256, Size384, 12, 25, 63} {
+		for i := 0; i < 256; i++ {
+			h, err := New(size, nil)
+			if err != nil {
+				t.Fatalf("size=%d, len(input)=%d: error from New(%v, nil): %v", size, i, size, err)
+			}
+			h2, err := New(size, nil)
+			if err != nil {
+				t.Fatalf("size=%d, len(input)=%d: error from New(%v, nil): %v", size, i, size, err)
+			}
+
+			h.Write(input[:i/2])
+			halfstate, err := h.(encoding.BinaryMarshaler).MarshalBinary()
+			if err != nil {
+				t.Fatalf("size=%d, len(input)=%d: could not marshal: %v", size, i, err)
+			}
+			err = h2.(encoding.BinaryUnmarshaler).UnmarshalBinary(halfstate)
+			if err != nil {
+				t.Fatalf("size=%d, len(input)=%d: could not unmarshal: %v", size, i, err)
+			}
+
+			h.Write(input[i/2 : i])
+			sum := h.Sum(nil)
+			h2.Write(input[i/2 : i])
+			sum2 := h2.Sum(nil)
+
+			if !bytes.Equal(sum, sum2) {
+				t.Fatalf("size=%d, len(input)=%d: results do not match; sum = %v, sum2 = %v", size, i, sum, sum2)
+			}
+
+			h3, err := New(size, nil)
+			if err != nil {
+				t.Fatalf("size=%d, len(input)=%d: error from New(%v, nil): %v", size, i, size, err)
+			}
+			h3.Write(input[:i])
+			sum3 := h3.Sum(nil)
+			if !bytes.Equal(sum, sum3) {
+				t.Fatalf("size=%d, len(input)=%d: sum = %v, want %v", size, i, sum, sum3)
+			}
+		}
+	}
+}
+
 func testHashes(t *testing.T) {
 	key, _ := hex.DecodeString("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f")
 
@@ -126,7 +175,7 @@ func testHashes2X(t *testing.T) {
 			t.Fatalf("#%d (single write): error from Read: %v", i, err)
 		}
 		if n, err := h.Read(sum); n != 0 || err != io.EOF {
-			t.Fatalf("#%d (single write): Read did not return (0, os.EOF) after exhaustion, got (%v, %v)", i, n, err)
+			t.Fatalf("#%d (single write): Read did not return (0, io.EOF) after exhaustion, got (%v, %v)", i, n, err)
 		}
 		if gotHex := fmt.Sprintf("%x", sum); gotHex != expectedHex {
 			t.Fatalf("#%d (single write): got %s, wanted %s", i, gotHex, expectedHex)
diff --git a/blake2b/blake2x.go b/blake2b/blake2x.go
index c814496a7..52c414db0 100644
--- a/blake2b/blake2x.go
+++ b/blake2b/blake2x.go
@@ -29,7 +29,7 @@ type XOF interface {
 }
 
 // OutputLengthUnknown can be used as the size argument to NewXOF to indicate
-// the the length of the output is not known in advance.
+// the length of the output is not known in advance.
 const OutputLengthUnknown = 0
 
 // magicUnknownOutputLength is a magic value for the output size that indicates
diff --git a/blake2b/register.go b/blake2b/register.go
index efd689af4..9d8633963 100644
--- a/blake2b/register.go
+++ b/blake2b/register.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build go1.9
 // +build go1.9
 
 package blake2b
diff --git a/blake2s/blake2s.go b/blake2s/blake2s.go
index ae0dc922b..e3f46aab3 100644
--- a/blake2s/blake2s.go
+++ b/blake2s/blake2s.go
@@ -5,6 +5,8 @@
 // Package blake2s implements the BLAKE2s hash algorithm defined by RFC 7693
 // and the extendable output function (XOF) BLAKE2Xs.
 //
+// BLAKE2s is optimized for 8- to 32-bit platforms and produces digests of any
+// size between 1 and 32 bytes.
 // For a detailed specification of BLAKE2s see https://blake2.net/blake2.pdf
 // and for BLAKE2Xs see https://blake2.net/blake2x.pdf
 //
@@ -49,6 +51,8 @@ func Sum256(data []byte) [Size]byte {
 
 // New256 returns a new hash.Hash computing the BLAKE2s-256 checksum. A non-nil
 // key turns the hash into a MAC. The key must between zero and 32 bytes long.
+// When the key is nil, the returned hash.Hash implements BinaryMarshaler
+// and BinaryUnmarshaler for state (de)serialization as documented by hash.Hash.
 func New256(key []byte) (hash.Hash, error) { return newDigest(Size, key) }
 
 // New128 returns a new hash.Hash computing the BLAKE2s-128 checksum given a
@@ -120,6 +124,50 @@ type digest struct {
 	keyLen int
 }
 
+const (
+	magic         = "b2s"
+	marshaledSize = len(magic) + 8*4 + 2*4 + 1 + BlockSize + 1
+)
+
+func (d *digest) MarshalBinary() ([]byte, error) {
+	if d.keyLen != 0 {
+		return nil, errors.New("crypto/blake2s: cannot marshal MACs")
+	}
+	b := make([]byte, 0, marshaledSize)
+	b = append(b, magic...)
+	for i := 0; i < 8; i++ {
+		b = appendUint32(b, d.h[i])
+	}
+	b = appendUint32(b, d.c[0])
+	b = appendUint32(b, d.c[1])
+	// Maximum value for size is 32
+	b = append(b, byte(d.size))
+	b = append(b, d.block[:]...)
+	b = append(b, byte(d.offset))
+	return b, nil
+}
+
+func (d *digest) UnmarshalBinary(b []byte) error {
+	if len(b) < len(magic) || string(b[:len(magic)]) != magic {
+		return errors.New("crypto/blake2s: invalid hash state identifier")
+	}
+	if len(b) != marshaledSize {
+		return errors.New("crypto/blake2s: invalid hash state size")
+	}
+	b = b[len(magic):]
+	for i := 0; i < 8; i++ {
+		b, d.h[i] = consumeUint32(b)
+	}
+	b, d.c[0] = consumeUint32(b)
+	b, d.c[1] = consumeUint32(b)
+	d.size = int(b[0])
+	b = b[1:]
+	copy(d.block[:], b[:BlockSize])
+	b = b[BlockSize:]
+	d.offset = int(b[0])
+	return nil
+}
+
 func (d *digest) BlockSize() int { return BlockSize }
 
 func (d *digest) Size() int { return d.size }
@@ -185,3 +233,14 @@ func (d *digest) finalize(hash *[Size]byte) {
 		binary.LittleEndian.PutUint32(hash[4*i:], v)
 	}
 }
+
+func appendUint32(b []byte, x uint32) []byte {
+	var a [4]byte
+	binary.BigEndian.PutUint32(a[:], x)
+	return append(b, a[:]...)
+}
+
+func consumeUint32(b []byte) ([]byte, uint32) {
+	x := binary.BigEndian.Uint32(b)
+	return b[4:], x
+}
diff --git a/blake2s/blake2s_386.go b/blake2s/blake2s_386.go
index 45ae54614..b4463fb4d 100644
--- a/blake2s/blake2s_386.go
+++ b/blake2s/blake2s_386.go
@@ -2,22 +2,19 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build 386,!gccgo,!appengine
+//go:build 386 && gc && !purego
+// +build 386,gc,!purego
 
 package blake2s
 
+import "golang.org/x/sys/cpu"
+
 var (
 	useSSE4  = false
-	useSSSE3 = supportSSSE3()
-	useSSE2  = supportSSE2()
+	useSSSE3 = cpu.X86.HasSSSE3
+	useSSE2  = cpu.X86.HasSSE2
 )
 
-//go:noescape
-func supportSSE2() bool
-
-//go:noescape
-func supportSSSE3() bool
-
 //go:noescape
 func hashBlocksSSE2(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte)
 
@@ -25,11 +22,12 @@ func hashBlocksSSE2(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte)
 func hashBlocksSSSE3(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte)
 
 func hashBlocks(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte) {
-	if useSSSE3 {
+	switch {
+	case useSSSE3:
 		hashBlocksSSSE3(h, c, flag, blocks)
-	} else if useSSE2 {
+	case useSSE2:
 		hashBlocksSSE2(h, c, flag, blocks)
-	} else {
+	default:
 		hashBlocksGeneric(h, c, flag, blocks)
 	}
 }
diff --git a/blake2s/blake2s_386.s b/blake2s/blake2s_386.s
index 0bb65c70f..603d00ca3 100644
--- a/blake2s/blake2s_386.s
+++ b/blake2s/blake2s_386.s
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build 386,!gccgo,!appengine
+//go:build 386 && gc && !purego
+// +build 386,gc,!purego
 
 #include "textflag.h"
 
@@ -297,19 +298,17 @@ TEXT ·hashBlocksSSE2(SB), 0, $672-24 // frame = 656 + 16 byte alignment
 	MOVL blocks_base+12(FP), SI
 	MOVL blocks_len+16(FP), DX
 
-	MOVL SP, BP
 	MOVL SP, DI
 	ADDL $15, DI
 	ANDL $~15, DI
-	MOVL DI, SP
 
-	MOVL CX, 8(SP)
+	MOVL CX, 8(DI)
 	MOVL 0(BX), CX
-	MOVL CX, 0(SP)
+	MOVL CX, 0(DI)
 	MOVL 4(BX), CX
-	MOVL CX, 4(SP)
+	MOVL CX, 4(DI)
 	XORL CX, CX
-	MOVL CX, 12(SP)
+	MOVL CX, 12(DI)
 
 	MOVOU 0(AX), X0
 	MOVOU 16(AX), X1
@@ -321,22 +320,22 @@ loop:
 	MOVOU iv0<>(SB), X6
 	MOVOU iv1<>(SB), X7
 
-	MOVO  0(SP), X3
+	MOVO  0(DI), X3
 	PADDQ X2, X3
 	PXOR  X3, X7
-	MOVO  X3, 0(SP)
-
-	PRECOMPUTE(SP, 16, SI, CX)
-	ROUND_SSE2(X4, X5, X6, X7, 16(SP), 32(SP), 48(SP), 64(SP), X3)
-	ROUND_SSE2(X4, X5, X6, X7, 16+64(SP), 32+64(SP), 48+64(SP), 64+64(SP), X3)
-	ROUND_SSE2(X4, X5, X6, X7, 16+128(SP), 32+128(SP), 48+128(SP), 64+128(SP), X3)
-	ROUND_SSE2(X4, X5, X6, X7, 16+192(SP), 32+192(SP), 48+192(SP), 64+192(SP), X3)
-	ROUND_SSE2(X4, X5, X6, X7, 16+256(SP), 32+256(SP), 48+256(SP), 64+256(SP), X3)
-	ROUND_SSE2(X4, X5, X6, X7, 16+320(SP), 32+320(SP), 48+320(SP), 64+320(SP), X3)
-	ROUND_SSE2(X4, X5, X6, X7, 16+384(SP), 32+384(SP), 48+384(SP), 64+384(SP), X3)
-	ROUND_SSE2(X4, X5, X6, X7, 16+448(SP), 32+448(SP), 48+448(SP), 64+448(SP), X3)
-	ROUND_SSE2(X4, X5, X6, X7, 16+512(SP), 32+512(SP), 48+512(SP), 64+512(SP), X3)
-	ROUND_SSE2(X4, X5, X6, X7, 16+576(SP), 32+576(SP), 48+576(SP), 64+576(SP), X3)
+	MOVO  X3, 0(DI)
+
+	PRECOMPUTE(DI, 16, SI, CX)
+	ROUND_SSE2(X4, X5, X6, X7, 16(DI), 32(DI), 48(DI), 64(DI), X3)
+	ROUND_SSE2(X4, X5, X6, X7, 16+64(DI), 32+64(DI), 48+64(DI), 64+64(DI), X3)
+	ROUND_SSE2(X4, X5, X6, X7, 16+128(DI), 32+128(DI), 48+128(DI), 64+128(DI), X3)
+	ROUND_SSE2(X4, X5, X6, X7, 16+192(DI), 32+192(DI), 48+192(DI), 64+192(DI), X3)
+	ROUND_SSE2(X4, X5, X6, X7, 16+256(DI), 32+256(DI), 48+256(DI), 64+256(DI), X3)
+	ROUND_SSE2(X4, X5, X6, X7, 16+320(DI), 32+320(DI), 48+320(DI), 64+320(DI), X3)
+	ROUND_SSE2(X4, X5, X6, X7, 16+384(DI), 32+384(DI), 48+384(DI), 64+384(DI), X3)
+	ROUND_SSE2(X4, X5, X6, X7, 16+448(DI), 32+448(DI), 48+448(DI), 64+448(DI), X3)
+	ROUND_SSE2(X4, X5, X6, X7, 16+512(DI), 32+512(DI), 48+512(DI), 64+512(DI), X3)
+	ROUND_SSE2(X4, X5, X6, X7, 16+576(DI), 32+576(DI), 48+576(DI), 64+576(DI), X3)
 
 	PXOR X4, X0
 	PXOR X5, X1
@@ -347,15 +346,14 @@ loop:
 	SUBL $64, DX
 	JNE  loop
 
-	MOVL 0(SP), CX
+	MOVL 0(DI), CX
 	MOVL CX, 0(BX)
-	MOVL 4(SP), CX
+	MOVL 4(DI), CX
 	MOVL CX, 4(BX)
 
 	MOVOU X0, 0(AX)
 	MOVOU X1, 16(AX)
 
-	MOVL BP, SP
 	RET
 
 // func hashBlocksSSSE3(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte)
@@ -366,54 +364,52 @@ TEXT ·hashBlocksSSSE3(SB), 0, $704-24 // frame = 688 + 16 byte alignment
 	MOVL blocks_base+12(FP), SI
 	MOVL blocks_len+16(FP), DX
 
-	MOVL SP, BP
 	MOVL SP, DI
 	ADDL $15, DI
 	ANDL $~15, DI
-	MOVL DI, SP
 
-	MOVL CX, 8(SP)
+	MOVL CX, 8(DI)
 	MOVL 0(BX), CX
-	MOVL CX, 0(SP)
+	MOVL CX, 0(DI)
 	MOVL 4(BX), CX
-	MOVL CX, 4(SP)
+	MOVL CX, 4(DI)
 	XORL CX, CX
-	MOVL CX, 12(SP)
+	MOVL CX, 12(DI)
 
 	MOVOU 0(AX), X0
 	MOVOU 16(AX), X1
 	MOVOU counter<>(SB), X2
 
 loop:
-	MOVO  X0, 656(SP)
-	MOVO  X1, 672(SP)
+	MOVO  X0, 656(DI)
+	MOVO  X1, 672(DI)
 	MOVO  X0, X4
 	MOVO  X1, X5
 	MOVOU iv0<>(SB), X6
 	MOVOU iv1<>(SB), X7
 
-	MOVO  0(SP), X3
+	MOVO  0(DI), X3
 	PADDQ X2, X3
 	PXOR  X3, X7
-	MOVO  X3, 0(SP)
+	MOVO  X3, 0(DI)
 
 	MOVOU rol16<>(SB), X0
 	MOVOU rol8<>(SB), X1
 
-	PRECOMPUTE(SP, 16, SI, CX)
-	ROUND_SSSE3(X4, X5, X6, X7, 16(SP), 32(SP), 48(SP), 64(SP), X3, X0, X1)
-	ROUND_SSSE3(X4, X5, X6, X7, 16+64(SP), 32+64(SP), 48+64(SP), 64+64(SP), X3, X0, X1)
-	ROUND_SSSE3(X4, X5, X6, X7, 16+128(SP), 32+128(SP), 48+128(SP), 64+128(SP), X3, X0, X1)
-	ROUND_SSSE3(X4, X5, X6, X7, 16+192(SP), 32+192(SP), 48+192(SP), 64+192(SP), X3, X0, X1)
-	ROUND_SSSE3(X4, X5, X6, X7, 16+256(SP), 32+256(SP), 48+256(SP), 64+256(SP), X3, X0, X1)
-	ROUND_SSSE3(X4, X5, X6, X7, 16+320(SP), 32+320(SP), 48+320(SP), 64+320(SP), X3, X0, X1)
-	ROUND_SSSE3(X4, X5, X6, X7, 16+384(SP), 32+384(SP), 48+384(SP), 64+384(SP), X3, X0, X1)
-	ROUND_SSSE3(X4, X5, X6, X7, 16+448(SP), 32+448(SP), 48+448(SP), 64+448(SP), X3, X0, X1)
-	ROUND_SSSE3(X4, X5, X6, X7, 16+512(SP), 32+512(SP), 48+512(SP), 64+512(SP), X3, X0, X1)
-	ROUND_SSSE3(X4, X5, X6, X7, 16+576(SP), 32+576(SP), 48+576(SP), 64+576(SP), X3, X0, X1)
-
-	MOVO 656(SP), X0
-	MOVO 672(SP), X1
+	PRECOMPUTE(DI, 16, SI, CX)
+	ROUND_SSSE3(X4, X5, X6, X7, 16(DI), 32(DI), 48(DI), 64(DI), X3, X0, X1)
+	ROUND_SSSE3(X4, X5, X6, X7, 16+64(DI), 32+64(DI), 48+64(DI), 64+64(DI), X3, X0, X1)
+	ROUND_SSSE3(X4, X5, X6, X7, 16+128(DI), 32+128(DI), 48+128(DI), 64+128(DI), X3, X0, X1)
+	ROUND_SSSE3(X4, X5, X6, X7, 16+192(DI), 32+192(DI), 48+192(DI), 64+192(DI), X3, X0, X1)
+	ROUND_SSSE3(X4, X5, X6, X7, 16+256(DI), 32+256(DI), 48+256(DI), 64+256(DI), X3, X0, X1)
+	ROUND_SSSE3(X4, X5, X6, X7, 16+320(DI), 32+320(DI), 48+320(DI), 64+320(DI), X3, X0, X1)
+	ROUND_SSSE3(X4, X5, X6, X7, 16+384(DI), 32+384(DI), 48+384(DI), 64+384(DI), X3, X0, X1)
+	ROUND_SSSE3(X4, X5, X6, X7, 16+448(DI), 32+448(DI), 48+448(DI), 64+448(DI), X3, X0, X1)
+	ROUND_SSSE3(X4, X5, X6, X7, 16+512(DI), 32+512(DI), 48+512(DI), 64+512(DI), X3, X0, X1)
+	ROUND_SSSE3(X4, X5, X6, X7, 16+576(DI), 32+576(DI), 48+576(DI), 64+576(DI), X3, X0, X1)
+
+	MOVO 656(DI), X0
+	MOVO 672(DI), X1
 	PXOR X4, X0
 	PXOR X5, X1
 	PXOR X6, X0
@@ -423,38 +419,12 @@ loop:
 	SUBL $64, DX
 	JNE  loop
 
-	MOVL 0(SP), CX
+	MOVL 0(DI), CX
 	MOVL CX, 0(BX)
-	MOVL 4(SP), CX
+	MOVL 4(DI), CX
 	MOVL CX, 4(BX)
 
 	MOVOU X0, 0(AX)
 	MOVOU X1, 16(AX)
 
-	MOVL BP, SP
-	RET
-
-// func supportSSSE3() bool
-TEXT ·supportSSSE3(SB), 4, $0-1
-	MOVL $1, AX
-	CPUID
-	MOVL CX, BX
-	ANDL $0x1, BX      // supports SSE3
-	JZ   FALSE
-	ANDL $0x200, CX    // supports SSSE3
-	JZ   FALSE
-	MOVB $1, ret+0(FP)
-	RET
-
-FALSE:
-	MOVB $0, ret+0(FP)
-	RET
-
-// func supportSSE2() bool
-TEXT ·supportSSE2(SB), 4, $0-1
-	MOVL $1, AX
-	CPUID
-	SHRL $26, DX
-	ANDL $1, DX        // DX != 0 if support SSE2
-	MOVB DX, ret+0(FP)
 	RET
diff --git a/blake2s/blake2s_amd64.go b/blake2s/blake2s_amd64.go
index a925e6b20..becdaa120 100644
--- a/blake2s/blake2s_amd64.go
+++ b/blake2s/blake2s_amd64.go
@@ -2,22 +2,19 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!gccgo,!appengine
+//go:build amd64 && gc && !purego
+// +build amd64,gc,!purego
 
 package blake2s
 
+import "golang.org/x/sys/cpu"
+
 var (
-	useSSE4  = supportSSE4()
-	useSSSE3 = supportSSSE3()
-	useSSE2  = true // Always available on amd64
+	useSSE4  = cpu.X86.HasSSE41
+	useSSSE3 = cpu.X86.HasSSSE3
+	useSSE2  = cpu.X86.HasSSE2
 )
 
-//go:noescape
-func supportSSSE3() bool
-
-//go:noescape
-func supportSSE4() bool
-
 //go:noescape
 func hashBlocksSSE2(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte)
 
@@ -28,13 +25,14 @@ func hashBlocksSSSE3(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte)
 func hashBlocksSSE4(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte)
 
 func hashBlocks(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte) {
-	if useSSE4 {
+	switch {
+	case useSSE4:
 		hashBlocksSSE4(h, c, flag, blocks)
-	} else if useSSSE3 {
+	case useSSSE3:
 		hashBlocksSSSE3(h, c, flag, blocks)
-	} else if useSSE2 {
+	case useSSE2:
 		hashBlocksSSE2(h, c, flag, blocks)
-	} else {
+	default:
 		hashBlocksGeneric(h, c, flag, blocks)
 	}
 }
diff --git a/blake2s/blake2s_amd64.s b/blake2s/blake2s_amd64.s
index 6cdf5a94c..e9df7a7c2 100644
--- a/blake2s/blake2s_amd64.s
+++ b/blake2s/blake2s_amd64.s
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!gccgo,!appengine
+//go:build amd64 && gc && !purego
+// +build amd64,gc,!purego
 
 #include "textflag.h"
 
@@ -317,30 +318,30 @@ GLOBL counter<>(SB), (NOPTR+RODATA), $16
 	MOVL R15, 8*4+off+576(dst)
 
 #define BLAKE2s_SSE2() \
-	PRECOMPUTE_MSG(SP, 16, SI, R8, R9, R10, R11, R12, R13, R14, R15);               \
-	ROUND_SSE2(X4, X5, X6, X7, 16(SP), 32(SP), 48(SP), 64(SP), X8);                 \
-	ROUND_SSE2(X4, X5, X6, X7, 16+64(SP), 32+64(SP), 48+64(SP), 64+64(SP), X8);     \
-	ROUND_SSE2(X4, X5, X6, X7, 16+128(SP), 32+128(SP), 48+128(SP), 64+128(SP), X8); \
-	ROUND_SSE2(X4, X5, X6, X7, 16+192(SP), 32+192(SP), 48+192(SP), 64+192(SP), X8); \
-	ROUND_SSE2(X4, X5, X6, X7, 16+256(SP), 32+256(SP), 48+256(SP), 64+256(SP), X8); \
-	ROUND_SSE2(X4, X5, X6, X7, 16+320(SP), 32+320(SP), 48+320(SP), 64+320(SP), X8); \
-	ROUND_SSE2(X4, X5, X6, X7, 16+384(SP), 32+384(SP), 48+384(SP), 64+384(SP), X8); \
-	ROUND_SSE2(X4, X5, X6, X7, 16+448(SP), 32+448(SP), 48+448(SP), 64+448(SP), X8); \
-	ROUND_SSE2(X4, X5, X6, X7, 16+512(SP), 32+512(SP), 48+512(SP), 64+512(SP), X8); \
-	ROUND_SSE2(X4, X5, X6, X7, 16+576(SP), 32+576(SP), 48+576(SP), 64+576(SP), X8)
+	PRECOMPUTE_MSG(BP, 16, SI, R8, R9, R10, R11, R12, R13, R14, R15);               \
+	ROUND_SSE2(X4, X5, X6, X7, 16(BP), 32(BP), 48(BP), 64(BP), X8);                 \
+	ROUND_SSE2(X4, X5, X6, X7, 16+64(BP), 32+64(BP), 48+64(BP), 64+64(BP), X8);     \
+	ROUND_SSE2(X4, X5, X6, X7, 16+128(BP), 32+128(BP), 48+128(BP), 64+128(BP), X8); \
+	ROUND_SSE2(X4, X5, X6, X7, 16+192(BP), 32+192(BP), 48+192(BP), 64+192(BP), X8); \
+	ROUND_SSE2(X4, X5, X6, X7, 16+256(BP), 32+256(BP), 48+256(BP), 64+256(BP), X8); \
+	ROUND_SSE2(X4, X5, X6, X7, 16+320(BP), 32+320(BP), 48+320(BP), 64+320(BP), X8); \
+	ROUND_SSE2(X4, X5, X6, X7, 16+384(BP), 32+384(BP), 48+384(BP), 64+384(BP), X8); \
+	ROUND_SSE2(X4, X5, X6, X7, 16+448(BP), 32+448(BP), 48+448(BP), 64+448(BP), X8); \
+	ROUND_SSE2(X4, X5, X6, X7, 16+512(BP), 32+512(BP), 48+512(BP), 64+512(BP), X8); \
+	ROUND_SSE2(X4, X5, X6, X7, 16+576(BP), 32+576(BP), 48+576(BP), 64+576(BP), X8)
 
 #define BLAKE2s_SSSE3() \
-	PRECOMPUTE_MSG(SP, 16, SI, R8, R9, R10, R11, R12, R13, R14, R15);                          \
-	ROUND_SSSE3(X4, X5, X6, X7, 16(SP), 32(SP), 48(SP), 64(SP), X8, X13, X14);                 \
-	ROUND_SSSE3(X4, X5, X6, X7, 16+64(SP), 32+64(SP), 48+64(SP), 64+64(SP), X8, X13, X14);     \
-	ROUND_SSSE3(X4, X5, X6, X7, 16+128(SP), 32+128(SP), 48+128(SP), 64+128(SP), X8, X13, X14); \
-	ROUND_SSSE3(X4, X5, X6, X7, 16+192(SP), 32+192(SP), 48+192(SP), 64+192(SP), X8, X13, X14); \
-	ROUND_SSSE3(X4, X5, X6, X7, 16+256(SP), 32+256(SP), 48+256(SP), 64+256(SP), X8, X13, X14); \
-	ROUND_SSSE3(X4, X5, X6, X7, 16+320(SP), 32+320(SP), 48+320(SP), 64+320(SP), X8, X13, X14); \
-	ROUND_SSSE3(X4, X5, X6, X7, 16+384(SP), 32+384(SP), 48+384(SP), 64+384(SP), X8, X13, X14); \
-	ROUND_SSSE3(X4, X5, X6, X7, 16+448(SP), 32+448(SP), 48+448(SP), 64+448(SP), X8, X13, X14); \
-	ROUND_SSSE3(X4, X5, X6, X7, 16+512(SP), 32+512(SP), 48+512(SP), 64+512(SP), X8, X13, X14); \
-	ROUND_SSSE3(X4, X5, X6, X7, 16+576(SP), 32+576(SP), 48+576(SP), 64+576(SP), X8, X13, X14)
+	PRECOMPUTE_MSG(BP, 16, SI, R8, R9, R10, R11, R12, R13, R14, R15);                          \
+	ROUND_SSSE3(X4, X5, X6, X7, 16(BP), 32(BP), 48(BP), 64(BP), X8, X13, X14);                 \
+	ROUND_SSSE3(X4, X5, X6, X7, 16+64(BP), 32+64(BP), 48+64(BP), 64+64(BP), X8, X13, X14);     \
+	ROUND_SSSE3(X4, X5, X6, X7, 16+128(BP), 32+128(BP), 48+128(BP), 64+128(BP), X8, X13, X14); \
+	ROUND_SSSE3(X4, X5, X6, X7, 16+192(BP), 32+192(BP), 48+192(BP), 64+192(BP), X8, X13, X14); \
+	ROUND_SSSE3(X4, X5, X6, X7, 16+256(BP), 32+256(BP), 48+256(BP), 64+256(BP), X8, X13, X14); \
+	ROUND_SSSE3(X4, X5, X6, X7, 16+320(BP), 32+320(BP), 48+320(BP), 64+320(BP), X8, X13, X14); \
+	ROUND_SSSE3(X4, X5, X6, X7, 16+384(BP), 32+384(BP), 48+384(BP), 64+384(BP), X8, X13, X14); \
+	ROUND_SSSE3(X4, X5, X6, X7, 16+448(BP), 32+448(BP), 48+448(BP), 64+448(BP), X8, X13, X14); \
+	ROUND_SSSE3(X4, X5, X6, X7, 16+512(BP), 32+512(BP), 48+512(BP), 64+512(BP), X8, X13, X14); \
+	ROUND_SSSE3(X4, X5, X6, X7, 16+576(BP), 32+576(BP), 48+576(BP), 64+576(BP), X8, X13, X14)
 
 #define BLAKE2s_SSE4() \
 	LOAD_MSG_SSE4(X8, X9, X10, X11, SI, 0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15); \
@@ -372,16 +373,12 @@ GLOBL counter<>(SB), (NOPTR+RODATA), $16
 	MOVQ  blocks_len, DX;          \
 	                               \
 	MOVQ  SP, BP;                  \
-	MOVQ  SP, R9;                  \
-	ADDQ  $15, R9;                 \
-	ANDQ  $~15, R9;                \
-	MOVQ  R9, SP;                  \
+	ADDQ  $15, BP;                 \
+	ANDQ  $~15, BP;                \
 	                               \
 	MOVQ  0(BX), R9;               \
-	MOVQ  R9, 0(SP);               \
-	XORQ  R9, R9;                  \
-	MOVQ  R9, 8(SP);               \
-	MOVL  CX, 8(SP);               \
+	MOVQ  R9, 0(BP);               \
+	MOVQ  CX, 8(BP);               \
 	                               \
 	MOVOU 0(AX), X0;               \
 	MOVOU 16(AX), X1;              \
@@ -391,7 +388,7 @@ GLOBL counter<>(SB), (NOPTR+RODATA), $16
 	MOVOU counter<>(SB), X12;      \
 	MOVOU rol16<>(SB), X13;        \
 	MOVOU rol8<>(SB), X14;         \
-	MOVO  0(SP), X15;              \
+	MOVO  0(BP), X15;              \
 	                               \
 	loop:                          \
 	MOVO  X0, X4;                  \
@@ -413,14 +410,12 @@ GLOBL counter<>(SB), (NOPTR+RODATA), $16
 	SUBQ  $64, DX;                 \
 	JNE   loop;                    \
 	                               \
-	MOVO  X15, 0(SP);              \
-	MOVQ  0(SP), R9;               \
+	MOVO  X15, 0(BP);              \
+	MOVQ  0(BP), R9;               \
 	MOVQ  R9, 0(BX);               \
 	                               \
 	MOVOU X0, 0(AX);               \
-	MOVOU X1, 16(AX);              \
-	                               \
-	MOVQ  BP, SP
+	MOVOU X1, 16(AX)
 
 // func hashBlocksSSE2(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte)
 TEXT ·hashBlocksSSE2(SB), 0, $672-48 // frame = 656 + 16 byte alignment
@@ -436,28 +431,3 @@ TEXT ·hashBlocksSSSE3(SB), 0, $672-48 // frame = 656 + 16 byte alignment
 TEXT ·hashBlocksSSE4(SB), 0, $32-48 // frame = 16 + 16 byte alignment
 	HASH_BLOCKS(h+0(FP), c+8(FP), flag+16(FP), blocks_base+24(FP), blocks_len+32(FP), BLAKE2s_SSE4)
 	RET
-
-// func supportSSE4() bool
-TEXT ·supportSSE4(SB), 4, $0-1
-	MOVL $1, AX
-	CPUID
-	SHRL $19, CX       // Bit 19 indicates SSE4.1.
-	ANDL $1, CX
-	MOVB CX, ret+0(FP)
-	RET
-
-// func supportSSSE3() bool
-TEXT ·supportSSSE3(SB), 4, $0-1
-	MOVL $1, AX
-	CPUID
-	MOVL CX, BX
-	ANDL $0x1, BX      // Bit zero indicates SSE3 support.
-	JZ   FALSE
-	ANDL $0x200, CX    // Bit nine indicates SSSE3 support.
-	JZ   FALSE
-	MOVB $1, ret+0(FP)
-	RET
-
-FALSE:
-	MOVB $0, ret+0(FP)
-	RET
diff --git a/blake2s/blake2s_generic.go b/blake2s/blake2s_generic.go
index f7e065378..24a1ff22a 100644
--- a/blake2s/blake2s_generic.go
+++ b/blake2s/blake2s_generic.go
@@ -4,6 +4,10 @@
 
 package blake2s
 
+import (
+	"math/bits"
+)
+
 // the precomputed values for BLAKE2s
 // there are 10 16-byte arrays - one for each round
 // the entries are calculated from the sigma constants.
@@ -47,118 +51,118 @@ func hashBlocksGeneric(h *[8]uint32, c *[2]uint32, flag uint32, blocks []byte) {
 			v0 += m[s[0]]
 			v0 += v4
 			v12 ^= v0
-			v12 = v12<<(32-16) | v12>>16
+			v12 = bits.RotateLeft32(v12, -16)
 			v8 += v12
 			v4 ^= v8
-			v4 = v4<<(32-12) | v4>>12
+			v4 = bits.RotateLeft32(v4, -12)
 			v1 += m[s[1]]
 			v1 += v5
 			v13 ^= v1
-			v13 = v13<<(32-16) | v13>>16
+			v13 = bits.RotateLeft32(v13, -16)
 			v9 += v13
 			v5 ^= v9
-			v5 = v5<<(32-12) | v5>>12
+			v5 = bits.RotateLeft32(v5, -12)
 			v2 += m[s[2]]
 			v2 += v6
 			v14 ^= v2
-			v14 = v14<<(32-16) | v14>>16
+			v14 = bits.RotateLeft32(v14, -16)
 			v10 += v14
 			v6 ^= v10
-			v6 = v6<<(32-12) | v6>>12
+			v6 = bits.RotateLeft32(v6, -12)
 			v3 += m[s[3]]
 			v3 += v7
 			v15 ^= v3
-			v15 = v15<<(32-16) | v15>>16
+			v15 = bits.RotateLeft32(v15, -16)
 			v11 += v15
 			v7 ^= v11
-			v7 = v7<<(32-12) | v7>>12
+			v7 = bits.RotateLeft32(v7, -12)
 
 			v0 += m[s[4]]
 			v0 += v4
 			v12 ^= v0
-			v12 = v12<<(32-8) | v12>>8
+			v12 = bits.RotateLeft32(v12, -8)
 			v8 += v12
 			v4 ^= v8
-			v4 = v4<<(32-7) | v4>>7
+			v4 = bits.RotateLeft32(v4, -7)
 			v1 += m[s[5]]
 			v1 += v5
 			v13 ^= v1
-			v13 = v13<<(32-8) | v13>>8
+			v13 = bits.RotateLeft32(v13, -8)
 			v9 += v13
 			v5 ^= v9
-			v5 = v5<<(32-7) | v5>>7
+			v5 = bits.RotateLeft32(v5, -7)
 			v2 += m[s[6]]
 			v2 += v6
 			v14 ^= v2
-			v14 = v14<<(32-8) | v14>>8
+			v14 = bits.RotateLeft32(v14, -8)
 			v10 += v14
 			v6 ^= v10
-			v6 = v6<<(32-7) | v6>>7
+			v6 = bits.RotateLeft32(v6, -7)
 			v3 += m[s[7]]
 			v3 += v7
 			v15 ^= v3
-			v15 = v15<<(32-8) | v15>>8
+			v15 = bits.RotateLeft32(v15, -8)
 			v11 += v15
 			v7 ^= v11
-			v7 = v7<<(32-7) | v7>>7
+			v7 = bits.RotateLeft32(v7, -7)
 
 			v0 += m[s[8]]
 			v0 += v5
 			v15 ^= v0
-			v15 = v15<<(32-16) | v15>>16
+			v15 = bits.RotateLeft32(v15, -16)
 			v10 += v15
 			v5 ^= v10
-			v5 = v5<<(32-12) | v5>>12
+			v5 = bits.RotateLeft32(v5, -12)
 			v1 += m[s[9]]
 			v1 += v6
 			v12 ^= v1
-			v12 = v12<<(32-16) | v12>>16
+			v12 = bits.RotateLeft32(v12, -16)
 			v11 += v12
 			v6 ^= v11
-			v6 = v6<<(32-12) | v6>>12
+			v6 = bits.RotateLeft32(v6, -12)
 			v2 += m[s[10]]
 			v2 += v7
 			v13 ^= v2
-			v13 = v13<<(32-16) | v13>>16
+			v13 = bits.RotateLeft32(v13, -16)
 			v8 += v13
 			v7 ^= v8
-			v7 = v7<<(32-12) | v7>>12
+			v7 = bits.RotateLeft32(v7, -12)
 			v3 += m[s[11]]
 			v3 += v4
 			v14 ^= v3
-			v14 = v14<<(32-16) | v14>>16
+			v14 = bits.RotateLeft32(v14, -16)
 			v9 += v14
 			v4 ^= v9
-			v4 = v4<<(32-12) | v4>>12
+			v4 = bits.RotateLeft32(v4, -12)
 
 			v0 += m[s[12]]
 			v0 += v5
 			v15 ^= v0
-			v15 = v15<<(32-8) | v15>>8
+			v15 = bits.RotateLeft32(v15, -8)
 			v10 += v15
 			v5 ^= v10
-			v5 = v5<<(32-7) | v5>>7
+			v5 = bits.RotateLeft32(v5, -7)
 			v1 += m[s[13]]
 			v1 += v6
 			v12 ^= v1
-			v12 = v12<<(32-8) | v12>>8
+			v12 = bits.RotateLeft32(v12, -8)
 			v11 += v12
 			v6 ^= v11
-			v6 = v6<<(32-7) | v6>>7
+			v6 = bits.RotateLeft32(v6, -7)
 			v2 += m[s[14]]
 			v2 += v7
 			v13 ^= v2
-			v13 = v13<<(32-8) | v13>>8
+			v13 = bits.RotateLeft32(v13, -8)
 			v8 += v13
 			v7 ^= v8
-			v7 = v7<<(32-7) | v7>>7
+			v7 = bits.RotateLeft32(v7, -7)
 			v3 += m[s[15]]
 			v3 += v4
 			v14 ^= v3
-			v14 = v14<<(32-8) | v14>>8
+			v14 = bits.RotateLeft32(v14, -8)
 			v9 += v14
 			v4 ^= v9
-			v4 = v4<<(32-7) | v4>>7
+			v4 = bits.RotateLeft32(v4, -7)
 		}
 
 		h[0] ^= v0 ^ v8
diff --git a/blake2s/blake2s_ref.go b/blake2s/blake2s_ref.go
index a31127345..799dba0c4 100644
--- a/blake2s/blake2s_ref.go
+++ b/blake2s/blake2s_ref.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !amd64,!386 gccgo appengine
+//go:build (!amd64 && !386) || !gc || purego
+// +build !amd64,!386 !gc purego
 
 package blake2s
 
diff --git a/blake2s/blake2s_test.go b/blake2s/blake2s_test.go
index 938fef375..cde79fb1c 100644
--- a/blake2s/blake2s_test.go
+++ b/blake2s/blake2s_test.go
@@ -5,6 +5,8 @@
 package blake2s
 
 import (
+	"bytes"
+	"encoding"
 	"encoding/hex"
 	"fmt"
 	"testing"
@@ -64,6 +66,52 @@ func TestHashes2X(t *testing.T) {
 	testHashes2X(t)
 }
 
+func TestMarshal(t *testing.T) {
+	input := make([]byte, 255)
+	for i := range input {
+		input[i] = byte(i)
+	}
+	for i := 0; i < 256; i++ {
+		h, err := New256(nil)
+		if err != nil {
+			t.Fatalf("len(input)=%d: error from New256(nil): %v", i, err)
+		}
+		h2, err := New256(nil)
+		if err != nil {
+			t.Fatalf("len(input)=%d: error from New256(nil): %v", i, err)
+		}
+
+		h.Write(input[:i/2])
+		halfstate, err := h.(encoding.BinaryMarshaler).MarshalBinary()
+		if err != nil {
+			t.Fatalf("len(input)=%d: could not marshal: %v", i, err)
+		}
+		err = h2.(encoding.BinaryUnmarshaler).UnmarshalBinary(halfstate)
+		if err != nil {
+			t.Fatalf("len(input)=%d: could not unmarshal: %v", i, err)
+		}
+
+		h.Write(input[i/2 : i])
+		sum := h.Sum(nil)
+		h2.Write(input[i/2 : i])
+		sum2 := h2.Sum(nil)
+
+		if !bytes.Equal(sum, sum2) {
+			t.Fatalf("len(input)=%d: results do not match; sum = %v, sum2 = %v", i, sum, sum2)
+		}
+
+		h3, err := New256(nil)
+		if err != nil {
+			t.Fatalf("len(input)=%d: error from New256(nil): %v", i, err)
+		}
+		h3.Write(input[:i])
+		sum3 := h3.Sum(nil)
+		if !bytes.Equal(sum, sum3) {
+			t.Fatalf("len(input)=%d: sum = %v, want %v", i, sum, sum3)
+		}
+	}
+}
+
 func testHashes(t *testing.T) {
 	key, _ := hex.DecodeString("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f")
 
@@ -185,7 +233,7 @@ func testHashes2X(t *testing.T) {
 	if n, err := h.Read(result[:]); err != nil {
 		t.Fatalf("#unknown length: error from Read: %v", err)
 	} else if n != len(result) {
-		t.Fatalf("#unknown length: Read returned %d bytes, want %d: %v", n, len(result))
+		t.Fatalf("#unknown length: Read returned %d bytes, want %d", n, len(result))
 	}
 
 	const expected = "2a9a6977d915a2c4dd07dbcafe1918bf1682e56d9c8e567ecd19bfd7cd93528833c764d12b34a5e2a219c9fd463dab45e972c5574d73f45de5b2e23af72530d8"
diff --git a/blake2s/blake2x.go b/blake2s/blake2x.go
index eaff2a7f8..828749ff0 100644
--- a/blake2s/blake2x.go
+++ b/blake2s/blake2x.go
@@ -29,7 +29,7 @@ type XOF interface {
 }
 
 // OutputLengthUnknown can be used as the size argument to NewXOF to indicate
-// the the length of the output is not known in advance.
+// the length of the output is not known in advance.
 const OutputLengthUnknown = 0
 
 // magicUnknownOutputLength is a magic value for the output size that indicates
diff --git a/blake2s/register.go b/blake2s/register.go
index d277459a1..ef79ff3c6 100644
--- a/blake2s/register.go
+++ b/blake2s/register.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build go1.9
 // +build go1.9
 
 package blake2s
diff --git a/blowfish/cipher.go b/blowfish/cipher.go
index 2641dadd6..213bf204a 100644
--- a/blowfish/cipher.go
+++ b/blowfish/cipher.go
@@ -3,6 +3,14 @@
 // license that can be found in the LICENSE file.
 
 // Package blowfish implements Bruce Schneier's Blowfish encryption algorithm.
+//
+// Blowfish is a legacy cipher and its short block size makes it vulnerable to
+// birthday bound attacks (see https://sweet32.info). It should only be used
+// where compatibility with legacy systems, not security, is the goal.
+//
+// Deprecated: any new system should use AES (from crypto/aes, if necessary in
+// an AEAD mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from
+// golang.org/x/crypto/chacha20poly1305).
 package blowfish // import "golang.org/x/crypto/blowfish"
 
 // The code is a port of Bruce Schneier's C implementation.
diff --git a/bn256/bn256.go b/bn256/bn256.go
index 014f8b355..9c99fcdb5 100644
--- a/bn256/bn256.go
+++ b/bn256/bn256.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package bn256 implements a particular bilinear group at the 128-bit security level.
+// Package bn256 implements a particular bilinear group.
 //
 // Bilinear groups are the basis of many of the new cryptographic protocols
 // that have been proposed over the past decade. They consist of a triplet of
@@ -14,6 +14,15 @@
 // Barreto-Naehrig curve as described in
 // http://cryptojedi.org/papers/dclxvi-20100714.pdf. Its output is compatible
 // with the implementation described in that paper.
+//
+// This package previously claimed to operate at a 128-bit security level.
+// However, recent improvements in attacks mean that is no longer true. See
+// https://moderncrypto.org/mail-archive/curves/2016/000740.html.
+//
+// Deprecated: due to its weakened security, new systems should not rely on this
+// elliptic curve. This package is frozen, and not implemented in constant time.
+// There is a more complete implementation at github.com/cloudflare/bn256, but
+// note that it suffers from the same security issues of the underlying curve.
 package bn256 // import "golang.org/x/crypto/bn256"
 
 import (
@@ -22,9 +31,6 @@ import (
 	"math/big"
 )
 
-// BUG(agl): this implementation is not constant time.
-// TODO(agl): keep GF(p²) elements in Mongomery form.
-
 // G1 is an abstract cyclic group. The zero value is suitable for use as the
 // output of an operation, but cannot be used as an input.
 type G1 struct {
@@ -49,8 +55,11 @@ func RandomG1(r io.Reader) (*big.Int, *G1, error) {
 	return k, new(G1).ScalarBaseMult(k), nil
 }
 
-func (g *G1) String() string {
-	return "bn256.G1" + g.p.String()
+func (e *G1) String() string {
+	if e.p == nil {
+		return "bn256.G1" + newCurvePoint(nil).String()
+	}
+	return "bn256.G1" + e.p.String()
 }
 
 // ScalarBaseMult sets e to g*k where g is the generator of the group and
@@ -73,7 +82,8 @@ func (e *G1) ScalarMult(a *G1, k *big.Int) *G1 {
 }
 
 // Add sets e to a+b and then returns e.
-// BUG(agl): this function is not complete: a==b fails.
+//
+// Warning: this function is not complete, it fails for a equal to b.
 func (e *G1) Add(a, b *G1) *G1 {
 	if e.p == nil {
 		e.p = newCurvePoint(nil)
@@ -92,15 +102,19 @@ func (e *G1) Neg(a *G1) *G1 {
 }
 
 // Marshal converts n to a byte slice.
-func (n *G1) Marshal() []byte {
-	n.p.MakeAffine(nil)
-
-	xBytes := new(big.Int).Mod(n.p.x, p).Bytes()
-	yBytes := new(big.Int).Mod(n.p.y, p).Bytes()
-
+func (e *G1) Marshal() []byte {
 	// Each value is a 256-bit number.
 	const numBytes = 256 / 8
 
+	if e.p.IsInfinity() {
+		return make([]byte, numBytes*2)
+	}
+
+	e.p.MakeAffine(nil)
+
+	xBytes := new(big.Int).Mod(e.p.x, p).Bytes()
+	yBytes := new(big.Int).Mod(e.p.y, p).Bytes()
+
 	ret := make([]byte, numBytes*2)
 	copy(ret[1*numBytes-len(xBytes):], xBytes)
 	copy(ret[2*numBytes-len(yBytes):], yBytes)
@@ -166,8 +180,11 @@ func RandomG2(r io.Reader) (*big.Int, *G2, error) {
 	return k, new(G2).ScalarBaseMult(k), nil
 }
 
-func (g *G2) String() string {
-	return "bn256.G2" + g.p.String()
+func (e *G2) String() string {
+	if e.p == nil {
+		return "bn256.G2" + newTwistPoint(nil).String()
+	}
+	return "bn256.G2" + e.p.String()
 }
 
 // ScalarBaseMult sets e to g*k where g is the generator of the group and
@@ -190,7 +207,8 @@ func (e *G2) ScalarMult(a *G2, k *big.Int) *G2 {
 }
 
 // Add sets e to a+b and then returns e.
-// BUG(agl): this function is not complete: a==b fails.
+//
+// Warning: this function is not complete, it fails for a equal to b.
 func (e *G2) Add(a, b *G2) *G2 {
 	if e.p == nil {
 		e.p = newTwistPoint(nil)
@@ -201,6 +219,13 @@ func (e *G2) Add(a, b *G2) *G2 {
 
 // Marshal converts n into a byte slice.
 func (n *G2) Marshal() []byte {
+	// Each value is a 256-bit number.
+	const numBytes = 256 / 8
+
+	if n.p.IsInfinity() {
+		return make([]byte, numBytes*4)
+	}
+
 	n.p.MakeAffine(nil)
 
 	xxBytes := new(big.Int).Mod(n.p.x.x, p).Bytes()
@@ -208,9 +233,6 @@ func (n *G2) Marshal() []byte {
 	yxBytes := new(big.Int).Mod(n.p.y.x, p).Bytes()
 	yyBytes := new(big.Int).Mod(n.p.y.y, p).Bytes()
 
-	// Each value is a 256-bit number.
-	const numBytes = 256 / 8
-
 	ret := make([]byte, numBytes*4)
 	copy(ret[1*numBytes-len(xxBytes):], xxBytes)
 	copy(ret[2*numBytes-len(xyBytes):], xyBytes)
@@ -265,8 +287,11 @@ type GT struct {
 	p *gfP12
 }
 
-func (g *GT) String() string {
-	return "bn256.GT" + g.p.String()
+func (e *GT) String() string {
+	if e.p == nil {
+		return "bn256.GT" + newGFp12(nil).String()
+	}
+	return "bn256.GT" + e.p.String()
 }
 
 // ScalarMult sets e to a*k and then returns e.
diff --git a/bn256/curve.go b/bn256/curve.go
index 55b7063f1..63c052bc2 100644
--- a/bn256/curve.go
+++ b/bn256/curve.go
@@ -245,10 +245,19 @@ func (c *curvePoint) Mul(a *curvePoint, scalar *big.Int, pool *bnPool) *curvePoi
 	return c
 }
 
+// MakeAffine converts c to affine form and returns c. If c is ∞, then it sets
+// c to 0 : 1 : 0.
 func (c *curvePoint) MakeAffine(pool *bnPool) *curvePoint {
 	if words := c.z.Bits(); len(words) == 1 && words[0] == 1 {
 		return c
 	}
+	if c.IsInfinity() {
+		c.x.SetInt64(0)
+		c.y.SetInt64(1)
+		c.z.SetInt64(0)
+		c.t.SetInt64(0)
+		return c
+	}
 
 	zInv := pool.Get().ModInverse(c.z, p)
 	t := pool.Get().Mul(c.y, zInv)
diff --git a/bn256/gfp12.go b/bn256/gfp12.go
index f084eddf2..2b0151ebc 100644
--- a/bn256/gfp12.go
+++ b/bn256/gfp12.go
@@ -125,8 +125,8 @@ func (e *gfP12) Mul(a, b *gfP12, pool *bnPool) *gfP12 {
 }
 
 func (e *gfP12) MulScalar(a *gfP12, b *gfP6, pool *bnPool) *gfP12 {
-	e.x.Mul(e.x, b, pool)
-	e.y.Mul(e.y, b, pool)
+	e.x.Mul(a.x, b, pool)
+	e.y.Mul(a.y, b, pool)
 	return e
 }
 
diff --git a/bn256/twist.go b/bn256/twist.go
index 4f8b3fede..056d80f18 100644
--- a/bn256/twist.go
+++ b/bn256/twist.go
@@ -219,10 +219,19 @@ func (c *twistPoint) Mul(a *twistPoint, scalar *big.Int, pool *bnPool) *twistPoi
 	return c
 }
 
+// MakeAffine converts c to affine form and returns c. If c is ∞, then it sets
+// c to 0 : 1 : 0.
 func (c *twistPoint) MakeAffine(pool *bnPool) *twistPoint {
 	if c.z.IsOne() {
 		return c
 	}
+	if c.IsInfinity() {
+		c.x.SetZero()
+		c.y.SetOne()
+		c.z.SetZero()
+		c.t.SetZero()
+		return c
+	}
 
 	zInv := newGFp2(pool).Invert(c.z, pool)
 	t := newGFp2(pool).Mul(c.y, zInv, pool)
diff --git a/cast5/cast5.go b/cast5/cast5.go
index 0b4af37bd..ddcbeb6f2 100644
--- a/cast5/cast5.go
+++ b/cast5/cast5.go
@@ -2,8 +2,15 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package cast5 implements CAST5, as defined in RFC 2144. CAST5 is a common
-// OpenPGP cipher.
+// Package cast5 implements CAST5, as defined in RFC 2144.
+//
+// CAST5 is a legacy cipher and its short block size makes it vulnerable to
+// birthday bound attacks (see https://sweet32.info). It should only be used
+// where compatibility with legacy systems, not security, is the goal.
+//
+// Deprecated: any new system should use AES (from crypto/aes, if necessary in
+// an AEAD mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from
+// golang.org/x/crypto/chacha20poly1305).
 package cast5 // import "golang.org/x/crypto/cast5"
 
 import "errors"
diff --git a/chacha20/chacha_arm64.go b/chacha20/chacha_arm64.go
new file mode 100644
index 000000000..94c71ac1a
--- /dev/null
+++ b/chacha20/chacha_arm64.go
@@ -0,0 +1,17 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.11 && gc && !purego
+// +build go1.11,gc,!purego
+
+package chacha20
+
+const bufSize = 256
+
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
+}
diff --git a/chacha20/chacha_arm64.s b/chacha20/chacha_arm64.s
new file mode 100644
index 000000000..63cae9e6f
--- /dev/null
+++ b/chacha20/chacha_arm64.s
@@ -0,0 +1,308 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.11 && gc && !purego
+// +build go1.11,gc,!purego
+
+#include "textflag.h"
+
+#define NUM_ROUNDS 10
+
+// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
+	MOVD	dst+0(FP), R1
+	MOVD	src+24(FP), R2
+	MOVD	src_len+32(FP), R3
+	MOVD	key+48(FP), R4
+	MOVD	nonce+56(FP), R6
+	MOVD	counter+64(FP), R7
+
+	MOVD	$·constants(SB), R10
+	MOVD	$·incRotMatrix(SB), R11
+
+	MOVW	(R7), R20
+
+	AND	$~255, R3, R13
+	ADD	R2, R13, R12 // R12 for block end
+	AND	$255, R3, R13
+loop:
+	MOVD	$NUM_ROUNDS, R21
+	VLD1	(R11), [V30.S4, V31.S4]
+
+	// load contants
+	// VLD4R (R10), [V0.S4, V1.S4, V2.S4, V3.S4]
+	WORD	$0x4D60E940
+
+	// load keys
+	// VLD4R 16(R4), [V4.S4, V5.S4, V6.S4, V7.S4]
+	WORD	$0x4DFFE884
+	// VLD4R 16(R4), [V8.S4, V9.S4, V10.S4, V11.S4]
+	WORD	$0x4DFFE888
+	SUB	$32, R4
+
+	// load counter + nonce
+	// VLD1R (R7), [V12.S4]
+	WORD	$0x4D40C8EC
+
+	// VLD3R (R6), [V13.S4, V14.S4, V15.S4]
+	WORD	$0x4D40E8CD
+
+	// update counter
+	VADD	V30.S4, V12.S4, V12.S4
+
+chacha:
+	// V0..V3 += V4..V7
+	// V12..V15 <<<= ((V12..V15 XOR V0..V3), 16)
+	VADD	V0.S4, V4.S4, V0.S4
+	VADD	V1.S4, V5.S4, V1.S4
+	VADD	V2.S4, V6.S4, V2.S4
+	VADD	V3.S4, V7.S4, V3.S4
+	VEOR	V12.B16, V0.B16, V12.B16
+	VEOR	V13.B16, V1.B16, V13.B16
+	VEOR	V14.B16, V2.B16, V14.B16
+	VEOR	V15.B16, V3.B16, V15.B16
+	VREV32	V12.H8, V12.H8
+	VREV32	V13.H8, V13.H8
+	VREV32	V14.H8, V14.H8
+	VREV32	V15.H8, V15.H8
+	// V8..V11 += V12..V15
+	// V4..V7 <<<= ((V4..V7 XOR V8..V11), 12)
+	VADD	V8.S4, V12.S4, V8.S4
+	VADD	V9.S4, V13.S4, V9.S4
+	VADD	V10.S4, V14.S4, V10.S4
+	VADD	V11.S4, V15.S4, V11.S4
+	VEOR	V8.B16, V4.B16, V16.B16
+	VEOR	V9.B16, V5.B16, V17.B16
+	VEOR	V10.B16, V6.B16, V18.B16
+	VEOR	V11.B16, V7.B16, V19.B16
+	VSHL	$12, V16.S4, V4.S4
+	VSHL	$12, V17.S4, V5.S4
+	VSHL	$12, V18.S4, V6.S4
+	VSHL	$12, V19.S4, V7.S4
+	VSRI	$20, V16.S4, V4.S4
+	VSRI	$20, V17.S4, V5.S4
+	VSRI	$20, V18.S4, V6.S4
+	VSRI	$20, V19.S4, V7.S4
+
+	// V0..V3 += V4..V7
+	// V12..V15 <<<= ((V12..V15 XOR V0..V3), 8)
+	VADD	V0.S4, V4.S4, V0.S4
+	VADD	V1.S4, V5.S4, V1.S4
+	VADD	V2.S4, V6.S4, V2.S4
+	VADD	V3.S4, V7.S4, V3.S4
+	VEOR	V12.B16, V0.B16, V12.B16
+	VEOR	V13.B16, V1.B16, V13.B16
+	VEOR	V14.B16, V2.B16, V14.B16
+	VEOR	V15.B16, V3.B16, V15.B16
+	VTBL	V31.B16, [V12.B16], V12.B16
+	VTBL	V31.B16, [V13.B16], V13.B16
+	VTBL	V31.B16, [V14.B16], V14.B16
+	VTBL	V31.B16, [V15.B16], V15.B16
+
+	// V8..V11 += V12..V15
+	// V4..V7 <<<= ((V4..V7 XOR V8..V11), 7)
+	VADD	V12.S4, V8.S4, V8.S4
+	VADD	V13.S4, V9.S4, V9.S4
+	VADD	V14.S4, V10.S4, V10.S4
+	VADD	V15.S4, V11.S4, V11.S4
+	VEOR	V8.B16, V4.B16, V16.B16
+	VEOR	V9.B16, V5.B16, V17.B16
+	VEOR	V10.B16, V6.B16, V18.B16
+	VEOR	V11.B16, V7.B16, V19.B16
+	VSHL	$7, V16.S4, V4.S4
+	VSHL	$7, V17.S4, V5.S4
+	VSHL	$7, V18.S4, V6.S4
+	VSHL	$7, V19.S4, V7.S4
+	VSRI	$25, V16.S4, V4.S4
+	VSRI	$25, V17.S4, V5.S4
+	VSRI	$25, V18.S4, V6.S4
+	VSRI	$25, V19.S4, V7.S4
+
+	// V0..V3 += V5..V7, V4
+	// V15,V12-V14 <<<= ((V15,V12-V14 XOR V0..V3), 16)
+	VADD	V0.S4, V5.S4, V0.S4
+	VADD	V1.S4, V6.S4, V1.S4
+	VADD	V2.S4, V7.S4, V2.S4
+	VADD	V3.S4, V4.S4, V3.S4
+	VEOR	V15.B16, V0.B16, V15.B16
+	VEOR	V12.B16, V1.B16, V12.B16
+	VEOR	V13.B16, V2.B16, V13.B16
+	VEOR	V14.B16, V3.B16, V14.B16
+	VREV32	V12.H8, V12.H8
+	VREV32	V13.H8, V13.H8
+	VREV32	V14.H8, V14.H8
+	VREV32	V15.H8, V15.H8
+
+	// V10 += V15; V5 <<<= ((V10 XOR V5), 12)
+	// ...
+	VADD	V15.S4, V10.S4, V10.S4
+	VADD	V12.S4, V11.S4, V11.S4
+	VADD	V13.S4, V8.S4, V8.S4
+	VADD	V14.S4, V9.S4, V9.S4
+	VEOR	V10.B16, V5.B16, V16.B16
+	VEOR	V11.B16, V6.B16, V17.B16
+	VEOR	V8.B16, V7.B16, V18.B16
+	VEOR	V9.B16, V4.B16, V19.B16
+	VSHL	$12, V16.S4, V5.S4
+	VSHL	$12, V17.S4, V6.S4
+	VSHL	$12, V18.S4, V7.S4
+	VSHL	$12, V19.S4, V4.S4
+	VSRI	$20, V16.S4, V5.S4
+	VSRI	$20, V17.S4, V6.S4
+	VSRI	$20, V18.S4, V7.S4
+	VSRI	$20, V19.S4, V4.S4
+
+	// V0 += V5; V15 <<<= ((V0 XOR V15), 8)
+	// ...
+	VADD	V5.S4, V0.S4, V0.S4
+	VADD	V6.S4, V1.S4, V1.S4
+	VADD	V7.S4, V2.S4, V2.S4
+	VADD	V4.S4, V3.S4, V3.S4
+	VEOR	V0.B16, V15.B16, V15.B16
+	VEOR	V1.B16, V12.B16, V12.B16
+	VEOR	V2.B16, V13.B16, V13.B16
+	VEOR	V3.B16, V14.B16, V14.B16
+	VTBL	V31.B16, [V12.B16], V12.B16
+	VTBL	V31.B16, [V13.B16], V13.B16
+	VTBL	V31.B16, [V14.B16], V14.B16
+	VTBL	V31.B16, [V15.B16], V15.B16
+
+	// V10 += V15; V5 <<<= ((V10 XOR V5), 7)
+	// ...
+	VADD	V15.S4, V10.S4, V10.S4
+	VADD	V12.S4, V11.S4, V11.S4
+	VADD	V13.S4, V8.S4, V8.S4
+	VADD	V14.S4, V9.S4, V9.S4
+	VEOR	V10.B16, V5.B16, V16.B16
+	VEOR	V11.B16, V6.B16, V17.B16
+	VEOR	V8.B16, V7.B16, V18.B16
+	VEOR	V9.B16, V4.B16, V19.B16
+	VSHL	$7, V16.S4, V5.S4
+	VSHL	$7, V17.S4, V6.S4
+	VSHL	$7, V18.S4, V7.S4
+	VSHL	$7, V19.S4, V4.S4
+	VSRI	$25, V16.S4, V5.S4
+	VSRI	$25, V17.S4, V6.S4
+	VSRI	$25, V18.S4, V7.S4
+	VSRI	$25, V19.S4, V4.S4
+
+	SUB	$1, R21
+	CBNZ	R21, chacha
+
+	// VLD4R (R10), [V16.S4, V17.S4, V18.S4, V19.S4]
+	WORD	$0x4D60E950
+
+	// VLD4R 16(R4), [V20.S4, V21.S4, V22.S4, V23.S4]
+	WORD	$0x4DFFE894
+	VADD	V30.S4, V12.S4, V12.S4
+	VADD	V16.S4, V0.S4, V0.S4
+	VADD	V17.S4, V1.S4, V1.S4
+	VADD	V18.S4, V2.S4, V2.S4
+	VADD	V19.S4, V3.S4, V3.S4
+	// VLD4R 16(R4), [V24.S4, V25.S4, V26.S4, V27.S4]
+	WORD	$0x4DFFE898
+	// restore R4
+	SUB	$32, R4
+
+	// load counter + nonce
+	// VLD1R (R7), [V28.S4]
+	WORD	$0x4D40C8FC
+	// VLD3R (R6), [V29.S4, V30.S4, V31.S4]
+	WORD	$0x4D40E8DD
+
+	VADD	V20.S4, V4.S4, V4.S4
+	VADD	V21.S4, V5.S4, V5.S4
+	VADD	V22.S4, V6.S4, V6.S4
+	VADD	V23.S4, V7.S4, V7.S4
+	VADD	V24.S4, V8.S4, V8.S4
+	VADD	V25.S4, V9.S4, V9.S4
+	VADD	V26.S4, V10.S4, V10.S4
+	VADD	V27.S4, V11.S4, V11.S4
+	VADD	V28.S4, V12.S4, V12.S4
+	VADD	V29.S4, V13.S4, V13.S4
+	VADD	V30.S4, V14.S4, V14.S4
+	VADD	V31.S4, V15.S4, V15.S4
+
+	VZIP1	V1.S4, V0.S4, V16.S4
+	VZIP2	V1.S4, V0.S4, V17.S4
+	VZIP1	V3.S4, V2.S4, V18.S4
+	VZIP2	V3.S4, V2.S4, V19.S4
+	VZIP1	V5.S4, V4.S4, V20.S4
+	VZIP2	V5.S4, V4.S4, V21.S4
+	VZIP1	V7.S4, V6.S4, V22.S4
+	VZIP2	V7.S4, V6.S4, V23.S4
+	VZIP1	V9.S4, V8.S4, V24.S4
+	VZIP2	V9.S4, V8.S4, V25.S4
+	VZIP1	V11.S4, V10.S4, V26.S4
+	VZIP2	V11.S4, V10.S4, V27.S4
+	VZIP1	V13.S4, V12.S4, V28.S4
+	VZIP2	V13.S4, V12.S4, V29.S4
+	VZIP1	V15.S4, V14.S4, V30.S4
+	VZIP2	V15.S4, V14.S4, V31.S4
+	VZIP1	V18.D2, V16.D2, V0.D2
+	VZIP2	V18.D2, V16.D2, V4.D2
+	VZIP1	V19.D2, V17.D2, V8.D2
+	VZIP2	V19.D2, V17.D2, V12.D2
+	VLD1.P	64(R2), [V16.B16, V17.B16, V18.B16, V19.B16]
+
+	VZIP1	V22.D2, V20.D2, V1.D2
+	VZIP2	V22.D2, V20.D2, V5.D2
+	VZIP1	V23.D2, V21.D2, V9.D2
+	VZIP2	V23.D2, V21.D2, V13.D2
+	VLD1.P	64(R2), [V20.B16, V21.B16, V22.B16, V23.B16]
+	VZIP1	V26.D2, V24.D2, V2.D2
+	VZIP2	V26.D2, V24.D2, V6.D2
+	VZIP1	V27.D2, V25.D2, V10.D2
+	VZIP2	V27.D2, V25.D2, V14.D2
+	VLD1.P	64(R2), [V24.B16, V25.B16, V26.B16, V27.B16]
+	VZIP1	V30.D2, V28.D2, V3.D2
+	VZIP2	V30.D2, V28.D2, V7.D2
+	VZIP1	V31.D2, V29.D2, V11.D2
+	VZIP2	V31.D2, V29.D2, V15.D2
+	VLD1.P	64(R2), [V28.B16, V29.B16, V30.B16, V31.B16]
+	VEOR	V0.B16, V16.B16, V16.B16
+	VEOR	V1.B16, V17.B16, V17.B16
+	VEOR	V2.B16, V18.B16, V18.B16
+	VEOR	V3.B16, V19.B16, V19.B16
+	VST1.P	[V16.B16, V17.B16, V18.B16, V19.B16], 64(R1)
+	VEOR	V4.B16, V20.B16, V20.B16
+	VEOR	V5.B16, V21.B16, V21.B16
+	VEOR	V6.B16, V22.B16, V22.B16
+	VEOR	V7.B16, V23.B16, V23.B16
+	VST1.P	[V20.B16, V21.B16, V22.B16, V23.B16], 64(R1)
+	VEOR	V8.B16, V24.B16, V24.B16
+	VEOR	V9.B16, V25.B16, V25.B16
+	VEOR	V10.B16, V26.B16, V26.B16
+	VEOR	V11.B16, V27.B16, V27.B16
+	VST1.P	[V24.B16, V25.B16, V26.B16, V27.B16], 64(R1)
+	VEOR	V12.B16, V28.B16, V28.B16
+	VEOR	V13.B16, V29.B16, V29.B16
+	VEOR	V14.B16, V30.B16, V30.B16
+	VEOR	V15.B16, V31.B16, V31.B16
+	VST1.P	[V28.B16, V29.B16, V30.B16, V31.B16], 64(R1)
+
+	ADD	$4, R20
+	MOVW	R20, (R7) // update counter
+
+	CMP	R2, R12
+	BGT	loop
+
+	RET
+
+
+DATA	·constants+0x00(SB)/4, $0x61707865
+DATA	·constants+0x04(SB)/4, $0x3320646e
+DATA	·constants+0x08(SB)/4, $0x79622d32
+DATA	·constants+0x0c(SB)/4, $0x6b206574
+GLOBL	·constants(SB), NOPTR|RODATA, $32
+
+DATA	·incRotMatrix+0x00(SB)/4, $0x00000000
+DATA	·incRotMatrix+0x04(SB)/4, $0x00000001
+DATA	·incRotMatrix+0x08(SB)/4, $0x00000002
+DATA	·incRotMatrix+0x0c(SB)/4, $0x00000003
+DATA	·incRotMatrix+0x10(SB)/4, $0x02010003
+DATA	·incRotMatrix+0x14(SB)/4, $0x06050407
+DATA	·incRotMatrix+0x18(SB)/4, $0x0A09080B
+DATA	·incRotMatrix+0x1c(SB)/4, $0x0E0D0C0F
+GLOBL	·incRotMatrix(SB), NOPTR|RODATA, $32
diff --git a/chacha20/chacha_generic.go b/chacha20/chacha_generic.go
new file mode 100644
index 000000000..a2ecf5c32
--- /dev/null
+++ b/chacha20/chacha_generic.go
@@ -0,0 +1,398 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package chacha20 implements the ChaCha20 and XChaCha20 encryption algorithms
+// as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01.
+package chacha20
+
+import (
+	"crypto/cipher"
+	"encoding/binary"
+	"errors"
+	"math/bits"
+
+	"golang.org/x/crypto/internal/subtle"
+)
+
+const (
+	// KeySize is the size of the key used by this cipher, in bytes.
+	KeySize = 32
+
+	// NonceSize is the size of the nonce used with the standard variant of this
+	// cipher, in bytes.
+	//
+	// Note that this is too short to be safely generated at random if the same
+	// key is reused more than 2³² times.
+	NonceSize = 12
+
+	// NonceSizeX is the size of the nonce used with the XChaCha20 variant of
+	// this cipher, in bytes.
+	NonceSizeX = 24
+)
+
+// Cipher is a stateful instance of ChaCha20 or XChaCha20 using a particular key
+// and nonce. A *Cipher implements the cipher.Stream interface.
+type Cipher struct {
+	// The ChaCha20 state is 16 words: 4 constant, 8 of key, 1 of counter
+	// (incremented after each block), and 3 of nonce.
+	key     [8]uint32
+	counter uint32
+	nonce   [3]uint32
+
+	// The last len bytes of buf are leftover key stream bytes from the previous
+	// XORKeyStream invocation. The size of buf depends on how many blocks are
+	// computed at a time by xorKeyStreamBlocks.
+	buf [bufSize]byte
+	len int
+
+	// overflow is set when the counter overflowed, no more blocks can be
+	// generated, and the next XORKeyStream call should panic.
+	overflow bool
+
+	// The counter-independent results of the first round are cached after they
+	// are computed the first time.
+	precompDone      bool
+	p1, p5, p9, p13  uint32
+	p2, p6, p10, p14 uint32
+	p3, p7, p11, p15 uint32
+}
+
+var _ cipher.Stream = (*Cipher)(nil)
+
+// NewUnauthenticatedCipher creates a new ChaCha20 stream cipher with the given
+// 32 bytes key and a 12 or 24 bytes nonce. If a nonce of 24 bytes is provided,
+// the XChaCha20 construction will be used. It returns an error if key or nonce
+// have any other length.
+//
+// Note that ChaCha20, like all stream ciphers, is not authenticated and allows
+// attackers to silently tamper with the plaintext. For this reason, it is more
+// appropriate as a building block than as a standalone encryption mechanism.
+// Instead, consider using package golang.org/x/crypto/chacha20poly1305.
+func NewUnauthenticatedCipher(key, nonce []byte) (*Cipher, error) {
+	// This function is split into a wrapper so that the Cipher allocation will
+	// be inlined, and depending on how the caller uses the return value, won't
+	// escape to the heap.
+	c := &Cipher{}
+	return newUnauthenticatedCipher(c, key, nonce)
+}
+
+func newUnauthenticatedCipher(c *Cipher, key, nonce []byte) (*Cipher, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20: wrong key size")
+	}
+	if len(nonce) == NonceSizeX {
+		// XChaCha20 uses the ChaCha20 core to mix 16 bytes of the nonce into a
+		// derived key, allowing it to operate on a nonce of 24 bytes. See
+		// draft-irtf-cfrg-xchacha-01, Section 2.3.
+		key, _ = HChaCha20(key, nonce[0:16])
+		cNonce := make([]byte, NonceSize)
+		copy(cNonce[4:12], nonce[16:24])
+		nonce = cNonce
+	} else if len(nonce) != NonceSize {
+		return nil, errors.New("chacha20: wrong nonce size")
+	}
+
+	key, nonce = key[:KeySize], nonce[:NonceSize] // bounds check elimination hint
+	c.key = [8]uint32{
+		binary.LittleEndian.Uint32(key[0:4]),
+		binary.LittleEndian.Uint32(key[4:8]),
+		binary.LittleEndian.Uint32(key[8:12]),
+		binary.LittleEndian.Uint32(key[12:16]),
+		binary.LittleEndian.Uint32(key[16:20]),
+		binary.LittleEndian.Uint32(key[20:24]),
+		binary.LittleEndian.Uint32(key[24:28]),
+		binary.LittleEndian.Uint32(key[28:32]),
+	}
+	c.nonce = [3]uint32{
+		binary.LittleEndian.Uint32(nonce[0:4]),
+		binary.LittleEndian.Uint32(nonce[4:8]),
+		binary.LittleEndian.Uint32(nonce[8:12]),
+	}
+	return c, nil
+}
+
+// The constant first 4 words of the ChaCha20 state.
+const (
+	j0 uint32 = 0x61707865 // expa
+	j1 uint32 = 0x3320646e // nd 3
+	j2 uint32 = 0x79622d32 // 2-by
+	j3 uint32 = 0x6b206574 // te k
+)
+
+const blockSize = 64
+
+// quarterRound is the core of ChaCha20. It shuffles the bits of 4 state words.
+// It's executed 4 times for each of the 20 ChaCha20 rounds, operating on all 16
+// words each round, in columnar or diagonal groups of 4 at a time.
+func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
+	a += b
+	d ^= a
+	d = bits.RotateLeft32(d, 16)
+	c += d
+	b ^= c
+	b = bits.RotateLeft32(b, 12)
+	a += b
+	d ^= a
+	d = bits.RotateLeft32(d, 8)
+	c += d
+	b ^= c
+	b = bits.RotateLeft32(b, 7)
+	return a, b, c, d
+}
+
+// SetCounter sets the Cipher counter. The next invocation of XORKeyStream will
+// behave as if (64 * counter) bytes had been encrypted so far.
+//
+// To prevent accidental counter reuse, SetCounter panics if counter is less
+// than the current value.
+//
+// Note that the execution time of XORKeyStream is not independent of the
+// counter value.
+func (s *Cipher) SetCounter(counter uint32) {
+	// Internally, s may buffer multiple blocks, which complicates this
+	// implementation slightly. When checking whether the counter has rolled
+	// back, we must use both s.counter and s.len to determine how many blocks
+	// we have already output.
+	outputCounter := s.counter - uint32(s.len)/blockSize
+	if s.overflow || counter < outputCounter {
+		panic("chacha20: SetCounter attempted to rollback counter")
+	}
+
+	// In the general case, we set the new counter value and reset s.len to 0,
+	// causing the next call to XORKeyStream to refill the buffer. However, if
+	// we're advancing within the existing buffer, we can save work by simply
+	// setting s.len.
+	if counter < s.counter {
+		s.len = int(s.counter-counter) * blockSize
+	} else {
+		s.counter = counter
+		s.len = 0
+	}
+}
+
+// XORKeyStream XORs each byte in the given slice with a byte from the
+// cipher's key stream. Dst and src must overlap entirely or not at all.
+//
+// If len(dst) < len(src), XORKeyStream will panic. It is acceptable
+// to pass a dst bigger than src, and in that case, XORKeyStream will
+// only update dst[:len(src)] and will not touch the rest of dst.
+//
+// Multiple calls to XORKeyStream behave as if the concatenation of
+// the src buffers was passed in a single run. That is, Cipher
+// maintains state and does not reset at each XORKeyStream call.
+func (s *Cipher) XORKeyStream(dst, src []byte) {
+	if len(src) == 0 {
+		return
+	}
+	if len(dst) < len(src) {
+		panic("chacha20: output smaller than input")
+	}
+	dst = dst[:len(src)]
+	if subtle.InexactOverlap(dst, src) {
+		panic("chacha20: invalid buffer overlap")
+	}
+
+	// First, drain any remaining key stream from a previous XORKeyStream.
+	if s.len != 0 {
+		keyStream := s.buf[bufSize-s.len:]
+		if len(src) < len(keyStream) {
+			keyStream = keyStream[:len(src)]
+		}
+		_ = src[len(keyStream)-1] // bounds check elimination hint
+		for i, b := range keyStream {
+			dst[i] = src[i] ^ b
+		}
+		s.len -= len(keyStream)
+		dst, src = dst[len(keyStream):], src[len(keyStream):]
+	}
+	if len(src) == 0 {
+		return
+	}
+
+	// If we'd need to let the counter overflow and keep generating output,
+	// panic immediately. If instead we'd only reach the last block, remember
+	// not to generate any more output after the buffer is drained.
+	numBlocks := (uint64(len(src)) + blockSize - 1) / blockSize
+	if s.overflow || uint64(s.counter)+numBlocks > 1<<32 {
+		panic("chacha20: counter overflow")
+	} else if uint64(s.counter)+numBlocks == 1<<32 {
+		s.overflow = true
+	}
+
+	// xorKeyStreamBlocks implementations expect input lengths that are a
+	// multiple of bufSize. Platform-specific ones process multiple blocks at a
+	// time, so have bufSizes that are a multiple of blockSize.
+
+	full := len(src) - len(src)%bufSize
+	if full > 0 {
+		s.xorKeyStreamBlocks(dst[:full], src[:full])
+	}
+	dst, src = dst[full:], src[full:]
+
+	// If using a multi-block xorKeyStreamBlocks would overflow, use the generic
+	// one that does one block at a time.
+	const blocksPerBuf = bufSize / blockSize
+	if uint64(s.counter)+blocksPerBuf > 1<<32 {
+		s.buf = [bufSize]byte{}
+		numBlocks := (len(src) + blockSize - 1) / blockSize
+		buf := s.buf[bufSize-numBlocks*blockSize:]
+		copy(buf, src)
+		s.xorKeyStreamBlocksGeneric(buf, buf)
+		s.len = len(buf) - copy(dst, buf)
+		return
+	}
+
+	// If we have a partial (multi-)block, pad it for xorKeyStreamBlocks, and
+	// keep the leftover keystream for the next XORKeyStream invocation.
+	if len(src) > 0 {
+		s.buf = [bufSize]byte{}
+		copy(s.buf[:], src)
+		s.xorKeyStreamBlocks(s.buf[:], s.buf[:])
+		s.len = bufSize - copy(dst, s.buf[:])
+	}
+}
+
+func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) {
+	if len(dst) != len(src) || len(dst)%blockSize != 0 {
+		panic("chacha20: internal error: wrong dst and/or src length")
+	}
+
+	// To generate each block of key stream, the initial cipher state
+	// (represented below) is passed through 20 rounds of shuffling,
+	// alternatively applying quarterRounds by columns (like 1, 5, 9, 13)
+	// or by diagonals (like 1, 6, 11, 12).
+	//
+	//      0:cccccccc   1:cccccccc   2:cccccccc   3:cccccccc
+	//      4:kkkkkkkk   5:kkkkkkkk   6:kkkkkkkk   7:kkkkkkkk
+	//      8:kkkkkkkk   9:kkkkkkkk  10:kkkkkkkk  11:kkkkkkkk
+	//     12:bbbbbbbb  13:nnnnnnnn  14:nnnnnnnn  15:nnnnnnnn
+	//
+	//            c=constant k=key b=blockcount n=nonce
+	var (
+		c0, c1, c2, c3   = j0, j1, j2, j3
+		c4, c5, c6, c7   = s.key[0], s.key[1], s.key[2], s.key[3]
+		c8, c9, c10, c11 = s.key[4], s.key[5], s.key[6], s.key[7]
+		_, c13, c14, c15 = s.counter, s.nonce[0], s.nonce[1], s.nonce[2]
+	)
+
+	// Three quarters of the first round don't depend on the counter, so we can
+	// calculate them here, and reuse them for multiple blocks in the loop, and
+	// for future XORKeyStream invocations.
+	if !s.precompDone {
+		s.p1, s.p5, s.p9, s.p13 = quarterRound(c1, c5, c9, c13)
+		s.p2, s.p6, s.p10, s.p14 = quarterRound(c2, c6, c10, c14)
+		s.p3, s.p7, s.p11, s.p15 = quarterRound(c3, c7, c11, c15)
+		s.precompDone = true
+	}
+
+	// A condition of len(src) > 0 would be sufficient, but this also
+	// acts as a bounds check elimination hint.
+	for len(src) >= 64 && len(dst) >= 64 {
+		// The remainder of the first column round.
+		fcr0, fcr4, fcr8, fcr12 := quarterRound(c0, c4, c8, s.counter)
+
+		// The second diagonal round.
+		x0, x5, x10, x15 := quarterRound(fcr0, s.p5, s.p10, s.p15)
+		x1, x6, x11, x12 := quarterRound(s.p1, s.p6, s.p11, fcr12)
+		x2, x7, x8, x13 := quarterRound(s.p2, s.p7, fcr8, s.p13)
+		x3, x4, x9, x14 := quarterRound(s.p3, fcr4, s.p9, s.p14)
+
+		// The remaining 18 rounds.
+		for i := 0; i < 9; i++ {
+			// Column round.
+			x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+			x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+			x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+			x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+			// Diagonal round.
+			x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+			x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+			x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+			x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+		}
+
+		// Add back the initial state to generate the key stream, then
+		// XOR the key stream with the source and write out the result.
+		addXor(dst[0:4], src[0:4], x0, c0)
+		addXor(dst[4:8], src[4:8], x1, c1)
+		addXor(dst[8:12], src[8:12], x2, c2)
+		addXor(dst[12:16], src[12:16], x3, c3)
+		addXor(dst[16:20], src[16:20], x4, c4)
+		addXor(dst[20:24], src[20:24], x5, c5)
+		addXor(dst[24:28], src[24:28], x6, c6)
+		addXor(dst[28:32], src[28:32], x7, c7)
+		addXor(dst[32:36], src[32:36], x8, c8)
+		addXor(dst[36:40], src[36:40], x9, c9)
+		addXor(dst[40:44], src[40:44], x10, c10)
+		addXor(dst[44:48], src[44:48], x11, c11)
+		addXor(dst[48:52], src[48:52], x12, s.counter)
+		addXor(dst[52:56], src[52:56], x13, c13)
+		addXor(dst[56:60], src[56:60], x14, c14)
+		addXor(dst[60:64], src[60:64], x15, c15)
+
+		s.counter += 1
+
+		src, dst = src[blockSize:], dst[blockSize:]
+	}
+}
+
+// HChaCha20 uses the ChaCha20 core to generate a derived key from a 32 bytes
+// key and a 16 bytes nonce. It returns an error if key or nonce have any other
+// length. It is used as part of the XChaCha20 construction.
+func HChaCha20(key, nonce []byte) ([]byte, error) {
+	// This function is split into a wrapper so that the slice allocation will
+	// be inlined, and depending on how the caller uses the return value, won't
+	// escape to the heap.
+	out := make([]byte, 32)
+	return hChaCha20(out, key, nonce)
+}
+
+func hChaCha20(out, key, nonce []byte) ([]byte, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20: wrong HChaCha20 key size")
+	}
+	if len(nonce) != 16 {
+		return nil, errors.New("chacha20: wrong HChaCha20 nonce size")
+	}
+
+	x0, x1, x2, x3 := j0, j1, j2, j3
+	x4 := binary.LittleEndian.Uint32(key[0:4])
+	x5 := binary.LittleEndian.Uint32(key[4:8])
+	x6 := binary.LittleEndian.Uint32(key[8:12])
+	x7 := binary.LittleEndian.Uint32(key[12:16])
+	x8 := binary.LittleEndian.Uint32(key[16:20])
+	x9 := binary.LittleEndian.Uint32(key[20:24])
+	x10 := binary.LittleEndian.Uint32(key[24:28])
+	x11 := binary.LittleEndian.Uint32(key[28:32])
+	x12 := binary.LittleEndian.Uint32(nonce[0:4])
+	x13 := binary.LittleEndian.Uint32(nonce[4:8])
+	x14 := binary.LittleEndian.Uint32(nonce[8:12])
+	x15 := binary.LittleEndian.Uint32(nonce[12:16])
+
+	for i := 0; i < 10; i++ {
+		// Diagonal round.
+		x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+		x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+		x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+		x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+		// Column round.
+		x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+		x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+		x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+		x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+	}
+
+	_ = out[31] // bounds check elimination hint
+	binary.LittleEndian.PutUint32(out[0:4], x0)
+	binary.LittleEndian.PutUint32(out[4:8], x1)
+	binary.LittleEndian.PutUint32(out[8:12], x2)
+	binary.LittleEndian.PutUint32(out[12:16], x3)
+	binary.LittleEndian.PutUint32(out[16:20], x12)
+	binary.LittleEndian.PutUint32(out[20:24], x13)
+	binary.LittleEndian.PutUint32(out[24:28], x14)
+	binary.LittleEndian.PutUint32(out[28:32], x15)
+	return out, nil
+}
diff --git a/chacha20/chacha_noasm.go b/chacha20/chacha_noasm.go
new file mode 100644
index 000000000..025b49897
--- /dev/null
+++ b/chacha20/chacha_noasm.go
@@ -0,0 +1,14 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (!arm64 && !s390x && !ppc64le) || (arm64 && !go1.11) || !gc || purego
+// +build !arm64,!s390x,!ppc64le arm64,!go1.11 !gc purego
+
+package chacha20
+
+const bufSize = blockSize
+
+func (s *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	s.xorKeyStreamBlocksGeneric(dst, src)
+}
diff --git a/chacha20/chacha_ppc64le.go b/chacha20/chacha_ppc64le.go
new file mode 100644
index 000000000..da420b2e9
--- /dev/null
+++ b/chacha20/chacha_ppc64le.go
@@ -0,0 +1,17 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package chacha20
+
+const bufSize = 256
+
+//go:noescape
+func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	chaCha20_ctr32_vsx(&dst[0], &src[0], len(src), &c.key, &c.counter)
+}
diff --git a/chacha20/chacha_ppc64le.s b/chacha20/chacha_ppc64le.s
new file mode 100644
index 000000000..5c0fed26f
--- /dev/null
+++ b/chacha20/chacha_ppc64le.s
@@ -0,0 +1,450 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Based on CRYPTOGAMS code with the following comment:
+// # ====================================================================
+// # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+// # project. The module is, however, dual licensed under OpenSSL and
+// # CRYPTOGAMS licenses depending on where you obtain it. For further
+// # details see http://www.openssl.org/~appro/cryptogams/.
+// # ====================================================================
+
+// Code for the perl script that generates the ppc64 assembler
+// can be found in the cryptogams repository at the link below. It is based on
+// the original from openssl.
+
+// https://github.com/dot-asm/cryptogams/commit/a60f5b50ed908e91
+
+// The differences in this and the original implementation are
+// due to the calling conventions and initialization of constants.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+#define OUT  R3
+#define INP  R4
+#define LEN  R5
+#define KEY  R6
+#define CNT  R7
+#define TMP  R15
+
+#define CONSTBASE  R16
+#define BLOCKS R17
+
+DATA consts<>+0x00(SB)/8, $0x3320646e61707865
+DATA consts<>+0x08(SB)/8, $0x6b20657479622d32
+DATA consts<>+0x10(SB)/8, $0x0000000000000001
+DATA consts<>+0x18(SB)/8, $0x0000000000000000
+DATA consts<>+0x20(SB)/8, $0x0000000000000004
+DATA consts<>+0x28(SB)/8, $0x0000000000000000
+DATA consts<>+0x30(SB)/8, $0x0a0b08090e0f0c0d
+DATA consts<>+0x38(SB)/8, $0x0203000106070405
+DATA consts<>+0x40(SB)/8, $0x090a0b080d0e0f0c
+DATA consts<>+0x48(SB)/8, $0x0102030005060704
+DATA consts<>+0x50(SB)/8, $0x6170786561707865
+DATA consts<>+0x58(SB)/8, $0x6170786561707865
+DATA consts<>+0x60(SB)/8, $0x3320646e3320646e
+DATA consts<>+0x68(SB)/8, $0x3320646e3320646e
+DATA consts<>+0x70(SB)/8, $0x79622d3279622d32
+DATA consts<>+0x78(SB)/8, $0x79622d3279622d32
+DATA consts<>+0x80(SB)/8, $0x6b2065746b206574
+DATA consts<>+0x88(SB)/8, $0x6b2065746b206574
+DATA consts<>+0x90(SB)/8, $0x0000000100000000
+DATA consts<>+0x98(SB)/8, $0x0000000300000002
+GLOBL consts<>(SB), RODATA, $0xa0
+
+//func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
+TEXT ·chaCha20_ctr32_vsx(SB),NOSPLIT,$64-40
+	MOVD out+0(FP), OUT
+	MOVD inp+8(FP), INP
+	MOVD len+16(FP), LEN
+	MOVD key+24(FP), KEY
+	MOVD counter+32(FP), CNT
+
+	// Addressing for constants
+	MOVD $consts<>+0x00(SB), CONSTBASE
+	MOVD $16, R8
+	MOVD $32, R9
+	MOVD $48, R10
+	MOVD $64, R11
+	SRD $6, LEN, BLOCKS
+	// V16
+	LXVW4X (CONSTBASE)(R0), VS48
+	ADD $80,CONSTBASE
+
+	// Load key into V17,V18
+	LXVW4X (KEY)(R0), VS49
+	LXVW4X (KEY)(R8), VS50
+
+	// Load CNT, NONCE into V19
+	LXVW4X (CNT)(R0), VS51
+
+	// Clear V27
+	VXOR V27, V27, V27
+
+	// V28
+	LXVW4X (CONSTBASE)(R11), VS60
+
+	// splat slot from V19 -> V26
+	VSPLTW $0, V19, V26
+
+	VSLDOI $4, V19, V27, V19
+	VSLDOI $12, V27, V19, V19
+
+	VADDUWM V26, V28, V26
+
+	MOVD $10, R14
+	MOVD R14, CTR
+
+loop_outer_vsx:
+	// V0, V1, V2, V3
+	LXVW4X (R0)(CONSTBASE), VS32
+	LXVW4X (R8)(CONSTBASE), VS33
+	LXVW4X (R9)(CONSTBASE), VS34
+	LXVW4X (R10)(CONSTBASE), VS35
+
+	// splat values from V17, V18 into V4-V11
+	VSPLTW $0, V17, V4
+	VSPLTW $1, V17, V5
+	VSPLTW $2, V17, V6
+	VSPLTW $3, V17, V7
+	VSPLTW $0, V18, V8
+	VSPLTW $1, V18, V9
+	VSPLTW $2, V18, V10
+	VSPLTW $3, V18, V11
+
+	// VOR
+	VOR V26, V26, V12
+
+	// splat values from V19 -> V13, V14, V15
+	VSPLTW $1, V19, V13
+	VSPLTW $2, V19, V14
+	VSPLTW $3, V19, V15
+
+	// splat   const values
+	VSPLTISW $-16, V27
+	VSPLTISW $12, V28
+	VSPLTISW $8, V29
+	VSPLTISW $7, V30
+
+loop_vsx:
+	VADDUWM V0, V4, V0
+	VADDUWM V1, V5, V1
+	VADDUWM V2, V6, V2
+	VADDUWM V3, V7, V3
+
+	VXOR V12, V0, V12
+	VXOR V13, V1, V13
+	VXOR V14, V2, V14
+	VXOR V15, V3, V15
+
+	VRLW V12, V27, V12
+	VRLW V13, V27, V13
+	VRLW V14, V27, V14
+	VRLW V15, V27, V15
+
+	VADDUWM V8, V12, V8
+	VADDUWM V9, V13, V9
+	VADDUWM V10, V14, V10
+	VADDUWM V11, V15, V11
+
+	VXOR V4, V8, V4
+	VXOR V5, V9, V5
+	VXOR V6, V10, V6
+	VXOR V7, V11, V7
+
+	VRLW V4, V28, V4
+	VRLW V5, V28, V5
+	VRLW V6, V28, V6
+	VRLW V7, V28, V7
+
+	VADDUWM V0, V4, V0
+	VADDUWM V1, V5, V1
+	VADDUWM V2, V6, V2
+	VADDUWM V3, V7, V3
+
+	VXOR V12, V0, V12
+	VXOR V13, V1, V13
+	VXOR V14, V2, V14
+	VXOR V15, V3, V15
+
+	VRLW V12, V29, V12
+	VRLW V13, V29, V13
+	VRLW V14, V29, V14
+	VRLW V15, V29, V15
+
+	VADDUWM V8, V12, V8
+	VADDUWM V9, V13, V9
+	VADDUWM V10, V14, V10
+	VADDUWM V11, V15, V11
+
+	VXOR V4, V8, V4
+	VXOR V5, V9, V5
+	VXOR V6, V10, V6
+	VXOR V7, V11, V7
+
+	VRLW V4, V30, V4
+	VRLW V5, V30, V5
+	VRLW V6, V30, V6
+	VRLW V7, V30, V7
+
+	VADDUWM V0, V5, V0
+	VADDUWM V1, V6, V1
+	VADDUWM V2, V7, V2
+	VADDUWM V3, V4, V3
+
+	VXOR V15, V0, V15
+	VXOR V12, V1, V12
+	VXOR V13, V2, V13
+	VXOR V14, V3, V14
+
+	VRLW V15, V27, V15
+	VRLW V12, V27, V12
+	VRLW V13, V27, V13
+	VRLW V14, V27, V14
+
+	VADDUWM V10, V15, V10
+	VADDUWM V11, V12, V11
+	VADDUWM V8, V13, V8
+	VADDUWM V9, V14, V9
+
+	VXOR V5, V10, V5
+	VXOR V6, V11, V6
+	VXOR V7, V8, V7
+	VXOR V4, V9, V4
+
+	VRLW V5, V28, V5
+	VRLW V6, V28, V6
+	VRLW V7, V28, V7
+	VRLW V4, V28, V4
+
+	VADDUWM V0, V5, V0
+	VADDUWM V1, V6, V1
+	VADDUWM V2, V7, V2
+	VADDUWM V3, V4, V3
+
+	VXOR V15, V0, V15
+	VXOR V12, V1, V12
+	VXOR V13, V2, V13
+	VXOR V14, V3, V14
+
+	VRLW V15, V29, V15
+	VRLW V12, V29, V12
+	VRLW V13, V29, V13
+	VRLW V14, V29, V14
+
+	VADDUWM V10, V15, V10
+	VADDUWM V11, V12, V11
+	VADDUWM V8, V13, V8
+	VADDUWM V9, V14, V9
+
+	VXOR V5, V10, V5
+	VXOR V6, V11, V6
+	VXOR V7, V8, V7
+	VXOR V4, V9, V4
+
+	VRLW V5, V30, V5
+	VRLW V6, V30, V6
+	VRLW V7, V30, V7
+	VRLW V4, V30, V4
+	BC   16, LT, loop_vsx
+
+	VADDUWM V12, V26, V12
+
+	WORD $0x13600F8C		// VMRGEW V0, V1, V27
+	WORD $0x13821F8C		// VMRGEW V2, V3, V28
+
+	WORD $0x10000E8C		// VMRGOW V0, V1, V0
+	WORD $0x10421E8C		// VMRGOW V2, V3, V2
+
+	WORD $0x13A42F8C		// VMRGEW V4, V5, V29
+	WORD $0x13C63F8C		// VMRGEW V6, V7, V30
+
+	XXPERMDI VS32, VS34, $0, VS33
+	XXPERMDI VS32, VS34, $3, VS35
+	XXPERMDI VS59, VS60, $0, VS32
+	XXPERMDI VS59, VS60, $3, VS34
+
+	WORD $0x10842E8C		// VMRGOW V4, V5, V4
+	WORD $0x10C63E8C		// VMRGOW V6, V7, V6
+
+	WORD $0x13684F8C		// VMRGEW V8, V9, V27
+	WORD $0x138A5F8C		// VMRGEW V10, V11, V28
+
+	XXPERMDI VS36, VS38, $0, VS37
+	XXPERMDI VS36, VS38, $3, VS39
+	XXPERMDI VS61, VS62, $0, VS36
+	XXPERMDI VS61, VS62, $3, VS38
+
+	WORD $0x11084E8C		// VMRGOW V8, V9, V8
+	WORD $0x114A5E8C		// VMRGOW V10, V11, V10
+
+	WORD $0x13AC6F8C		// VMRGEW V12, V13, V29
+	WORD $0x13CE7F8C		// VMRGEW V14, V15, V30
+
+	XXPERMDI VS40, VS42, $0, VS41
+	XXPERMDI VS40, VS42, $3, VS43
+	XXPERMDI VS59, VS60, $0, VS40
+	XXPERMDI VS59, VS60, $3, VS42
+
+	WORD $0x118C6E8C		// VMRGOW V12, V13, V12
+	WORD $0x11CE7E8C		// VMRGOW V14, V15, V14
+
+	VSPLTISW $4, V27
+	VADDUWM V26, V27, V26
+
+	XXPERMDI VS44, VS46, $0, VS45
+	XXPERMDI VS44, VS46, $3, VS47
+	XXPERMDI VS61, VS62, $0, VS44
+	XXPERMDI VS61, VS62, $3, VS46
+
+	VADDUWM V0, V16, V0
+	VADDUWM V4, V17, V4
+	VADDUWM V8, V18, V8
+	VADDUWM V12, V19, V12
+
+	CMPU LEN, $64
+	BLT tail_vsx
+
+	// Bottom of loop
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V1, V16, V0
+	VADDUWM V5, V17, V4
+	VADDUWM V9, V18, V8
+	VADDUWM V13, V19, V12
+
+	CMPU  LEN, $64
+	BLT   tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+	VXOR   V27, V0, V27
+
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(V10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V2, V16, V0
+	VADDUWM V6, V17, V4
+	VADDUWM V10, V18, V8
+	VADDUWM V14, V19, V12
+
+	CMPU LEN, $64
+	BLT  tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+	BEQ     done_vsx
+
+	VADDUWM V3, V16, V0
+	VADDUWM V7, V17, V4
+	VADDUWM V11, V18, V8
+	VADDUWM V15, V19, V12
+
+	CMPU  LEN, $64
+	BLT   tail_vsx
+
+	LXVW4X (INP)(R0), VS59
+	LXVW4X (INP)(R8), VS60
+	LXVW4X (INP)(R9), VS61
+	LXVW4X (INP)(R10), VS62
+
+	VXOR V27, V0, V27
+	VXOR V28, V4, V28
+	VXOR V29, V8, V29
+	VXOR V30, V12, V30
+
+	STXVW4X VS59, (OUT)(R0)
+	STXVW4X VS60, (OUT)(R8)
+	ADD     $64, INP
+	STXVW4X VS61, (OUT)(R9)
+	ADD     $-64, LEN
+	STXVW4X VS62, (OUT)(R10)
+	ADD     $64, OUT
+
+	MOVD $10, R14
+	MOVD R14, CTR
+	BNE  loop_outer_vsx
+
+done_vsx:
+	// Increment counter by number of 64 byte blocks
+	MOVD (CNT), R14
+	ADD  BLOCKS, R14
+	MOVD R14, (CNT)
+	RET
+
+tail_vsx:
+	ADD  $32, R1, R11
+	MOVD LEN, CTR
+
+	// Save values on stack to copy from
+	STXVW4X VS32, (R11)(R0)
+	STXVW4X VS36, (R11)(R8)
+	STXVW4X VS40, (R11)(R9)
+	STXVW4X VS44, (R11)(R10)
+	ADD $-1, R11, R12
+	ADD $-1, INP
+	ADD $-1, OUT
+
+looptail_vsx:
+	// Copying the result to OUT
+	// in bytes.
+	MOVBZU 1(R12), KEY
+	MOVBZU 1(INP), TMP
+	XOR    KEY, TMP, KEY
+	MOVBU  KEY, 1(OUT)
+	BC     16, LT, looptail_vsx
+
+	// Clear the stack values
+	STXVW4X VS48, (R11)(R0)
+	STXVW4X VS48, (R11)(R8)
+	STXVW4X VS48, (R11)(R9)
+	STXVW4X VS48, (R11)(R10)
+	BR      done_vsx
diff --git a/chacha20/chacha_s390x.go b/chacha20/chacha_s390x.go
new file mode 100644
index 000000000..c5898db46
--- /dev/null
+++ b/chacha20/chacha_s390x.go
@@ -0,0 +1,27 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package chacha20
+
+import "golang.org/x/sys/cpu"
+
+var haveAsm = cpu.S390X.HasVX
+
+const bufSize = 256
+
+// xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
+// be called when the vector facility is available. Implementation in asm_s390x.s.
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+	if cpu.S390X.HasVX {
+		xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
+	} else {
+		c.xorKeyStreamBlocksGeneric(dst, src)
+	}
+}
diff --git a/chacha20/chacha_s390x.s b/chacha20/chacha_s390x.s
new file mode 100644
index 000000000..f3ef5a019
--- /dev/null
+++ b/chacha20/chacha_s390x.s
@@ -0,0 +1,225 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "go_asm.h"
+#include "textflag.h"
+
+// This is an implementation of the ChaCha20 encryption algorithm as
+// specified in RFC 7539. It uses vector instructions to compute
+// 4 keystream blocks in parallel (256 bytes) which are then XORed
+// with the bytes in the input slice.
+
+GLOBL ·constants<>(SB), RODATA|NOPTR, $32
+// BSWAP: swap bytes in each 4-byte element
+DATA ·constants<>+0x00(SB)/4, $0x03020100
+DATA ·constants<>+0x04(SB)/4, $0x07060504
+DATA ·constants<>+0x08(SB)/4, $0x0b0a0908
+DATA ·constants<>+0x0c(SB)/4, $0x0f0e0d0c
+// J0: [j0, j1, j2, j3]
+DATA ·constants<>+0x10(SB)/4, $0x61707865
+DATA ·constants<>+0x14(SB)/4, $0x3320646e
+DATA ·constants<>+0x18(SB)/4, $0x79622d32
+DATA ·constants<>+0x1c(SB)/4, $0x6b206574
+
+#define BSWAP V5
+#define J0    V6
+#define KEY0  V7
+#define KEY1  V8
+#define NONCE V9
+#define CTR   V10
+#define M0    V11
+#define M1    V12
+#define M2    V13
+#define M3    V14
+#define INC   V15
+#define X0    V16
+#define X1    V17
+#define X2    V18
+#define X3    V19
+#define X4    V20
+#define X5    V21
+#define X6    V22
+#define X7    V23
+#define X8    V24
+#define X9    V25
+#define X10   V26
+#define X11   V27
+#define X12   V28
+#define X13   V29
+#define X14   V30
+#define X15   V31
+
+#define NUM_ROUNDS 20
+
+#define ROUND4(a0, a1, a2, a3, b0, b1, b2, b3, c0, c1, c2, c3, d0, d1, d2, d3) \
+	VAF    a1, a0, a0  \
+	VAF    b1, b0, b0  \
+	VAF    c1, c0, c0  \
+	VAF    d1, d0, d0  \
+	VX     a0, a2, a2  \
+	VX     b0, b2, b2  \
+	VX     c0, c2, c2  \
+	VX     d0, d2, d2  \
+	VERLLF $16, a2, a2 \
+	VERLLF $16, b2, b2 \
+	VERLLF $16, c2, c2 \
+	VERLLF $16, d2, d2 \
+	VAF    a2, a3, a3  \
+	VAF    b2, b3, b3  \
+	VAF    c2, c3, c3  \
+	VAF    d2, d3, d3  \
+	VX     a3, a1, a1  \
+	VX     b3, b1, b1  \
+	VX     c3, c1, c1  \
+	VX     d3, d1, d1  \
+	VERLLF $12, a1, a1 \
+	VERLLF $12, b1, b1 \
+	VERLLF $12, c1, c1 \
+	VERLLF $12, d1, d1 \
+	VAF    a1, a0, a0  \
+	VAF    b1, b0, b0  \
+	VAF    c1, c0, c0  \
+	VAF    d1, d0, d0  \
+	VX     a0, a2, a2  \
+	VX     b0, b2, b2  \
+	VX     c0, c2, c2  \
+	VX     d0, d2, d2  \
+	VERLLF $8, a2, a2  \
+	VERLLF $8, b2, b2  \
+	VERLLF $8, c2, c2  \
+	VERLLF $8, d2, d2  \
+	VAF    a2, a3, a3  \
+	VAF    b2, b3, b3  \
+	VAF    c2, c3, c3  \
+	VAF    d2, d3, d3  \
+	VX     a3, a1, a1  \
+	VX     b3, b1, b1  \
+	VX     c3, c1, c1  \
+	VX     d3, d1, d1  \
+	VERLLF $7, a1, a1  \
+	VERLLF $7, b1, b1  \
+	VERLLF $7, c1, c1  \
+	VERLLF $7, d1, d1
+
+#define PERMUTE(mask, v0, v1, v2, v3) \
+	VPERM v0, v0, mask, v0 \
+	VPERM v1, v1, mask, v1 \
+	VPERM v2, v2, mask, v2 \
+	VPERM v3, v3, mask, v3
+
+#define ADDV(x, v0, v1, v2, v3) \
+	VAF x, v0, v0 \
+	VAF x, v1, v1 \
+	VAF x, v2, v2 \
+	VAF x, v3, v3
+
+#define XORV(off, dst, src, v0, v1, v2, v3) \
+	VLM  off(src), M0, M3          \
+	PERMUTE(BSWAP, v0, v1, v2, v3) \
+	VX   v0, M0, M0                \
+	VX   v1, M1, M1                \
+	VX   v2, M2, M2                \
+	VX   v3, M3, M3                \
+	VSTM M0, M3, off(dst)
+
+#define SHUFFLE(a, b, c, d, t, u, v, w) \
+	VMRHF a, c, t \ // t = {a[0], c[0], a[1], c[1]}
+	VMRHF b, d, u \ // u = {b[0], d[0], b[1], d[1]}
+	VMRLF a, c, v \ // v = {a[2], c[2], a[3], c[3]}
+	VMRLF b, d, w \ // w = {b[2], d[2], b[3], d[3]}
+	VMRHF t, u, a \ // a = {a[0], b[0], c[0], d[0]}
+	VMRLF t, u, b \ // b = {a[1], b[1], c[1], d[1]}
+	VMRHF v, w, c \ // c = {a[2], b[2], c[2], d[2]}
+	VMRLF v, w, d // d = {a[3], b[3], c[3], d[3]}
+
+// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
+	MOVD $·constants<>(SB), R1
+	MOVD dst+0(FP), R2         // R2=&dst[0]
+	LMG  src+24(FP), R3, R4    // R3=&src[0] R4=len(src)
+	MOVD key+48(FP), R5        // R5=key
+	MOVD nonce+56(FP), R6      // R6=nonce
+	MOVD counter+64(FP), R7    // R7=counter
+
+	// load BSWAP and J0
+	VLM (R1), BSWAP, J0
+
+	// setup
+	MOVD  $95, R0
+	VLM   (R5), KEY0, KEY1
+	VLL   R0, (R6), NONCE
+	VZERO M0
+	VLEIB $7, $32, M0
+	VSRLB M0, NONCE, NONCE
+
+	// initialize counter values
+	VLREPF (R7), CTR
+	VZERO  INC
+	VLEIF  $1, $1, INC
+	VLEIF  $2, $2, INC
+	VLEIF  $3, $3, INC
+	VAF    INC, CTR, CTR
+	VREPIF $4, INC
+
+chacha:
+	VREPF $0, J0, X0
+	VREPF $1, J0, X1
+	VREPF $2, J0, X2
+	VREPF $3, J0, X3
+	VREPF $0, KEY0, X4
+	VREPF $1, KEY0, X5
+	VREPF $2, KEY0, X6
+	VREPF $3, KEY0, X7
+	VREPF $0, KEY1, X8
+	VREPF $1, KEY1, X9
+	VREPF $2, KEY1, X10
+	VREPF $3, KEY1, X11
+	VLR   CTR, X12
+	VREPF $1, NONCE, X13
+	VREPF $2, NONCE, X14
+	VREPF $3, NONCE, X15
+
+	MOVD $(NUM_ROUNDS/2), R1
+
+loop:
+	ROUND4(X0, X4, X12,  X8, X1, X5, X13,  X9, X2, X6, X14, X10, X3, X7, X15, X11)
+	ROUND4(X0, X5, X15, X10, X1, X6, X12, X11, X2, X7, X13, X8,  X3, X4, X14, X9)
+
+	ADD $-1, R1
+	BNE loop
+
+	// decrement length
+	ADD $-256, R4
+
+	// rearrange vectors
+	SHUFFLE(X0, X1, X2, X3, M0, M1, M2, M3)
+	ADDV(J0, X0, X1, X2, X3)
+	SHUFFLE(X4, X5, X6, X7, M0, M1, M2, M3)
+	ADDV(KEY0, X4, X5, X6, X7)
+	SHUFFLE(X8, X9, X10, X11, M0, M1, M2, M3)
+	ADDV(KEY1, X8, X9, X10, X11)
+	VAF CTR, X12, X12
+	SHUFFLE(X12, X13, X14, X15, M0, M1, M2, M3)
+	ADDV(NONCE, X12, X13, X14, X15)
+
+	// increment counters
+	VAF INC, CTR, CTR
+
+	// xor keystream with plaintext
+	XORV(0*64, R2, R3, X0, X4,  X8, X12)
+	XORV(1*64, R2, R3, X1, X5,  X9, X13)
+	XORV(2*64, R2, R3, X2, X6, X10, X14)
+	XORV(3*64, R2, R3, X3, X7, X11, X15)
+
+	// increment pointers
+	MOVD $256(R2), R2
+	MOVD $256(R3), R3
+
+	CMPBNE  R4, $0, chacha
+
+	VSTEF $0, CTR, (R7)
+	RET
diff --git a/chacha20/chacha_test.go b/chacha20/chacha_test.go
new file mode 100644
index 000000000..60b11d92f
--- /dev/null
+++ b/chacha20/chacha_test.go
@@ -0,0 +1,274 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package chacha20
+
+import (
+	"bytes"
+	"encoding/hex"
+	"fmt"
+	"math/rand"
+	"testing"
+)
+
+func _() {
+	// Assert that bufSize is a multiple of blockSize.
+	var b [1]byte
+	_ = b[bufSize%blockSize]
+}
+
+func hexDecode(s string) []byte {
+	ss, err := hex.DecodeString(s)
+	if err != nil {
+		panic(fmt.Sprintf("cannot decode input %#v: %v", s, err))
+	}
+	return ss
+}
+
+// Run the test cases with the input and output in different buffers.
+func TestNoOverlap(t *testing.T) {
+	for _, c := range testVectors {
+		s, _ := NewUnauthenticatedCipher(hexDecode(c.key), hexDecode(c.nonce))
+		input := hexDecode(c.input)
+		output := make([]byte, len(input))
+		s.XORKeyStream(output, input)
+		got := hex.EncodeToString(output)
+		if got != c.output {
+			t.Errorf("length=%v: got %#v, want %#v", len(input), got, c.output)
+		}
+	}
+}
+
+// Run the test cases with the input and output overlapping entirely.
+func TestOverlap(t *testing.T) {
+	for _, c := range testVectors {
+		s, _ := NewUnauthenticatedCipher(hexDecode(c.key), hexDecode(c.nonce))
+		data := hexDecode(c.input)
+		s.XORKeyStream(data, data)
+		got := hex.EncodeToString(data)
+		if got != c.output {
+			t.Errorf("length=%v: got %#v, want %#v", len(data), got, c.output)
+		}
+	}
+}
+
+// Run the test cases with various source and destination offsets.
+func TestUnaligned(t *testing.T) {
+	const max = 8 // max offset (+1) to test
+	for _, c := range testVectors {
+		data := hexDecode(c.input)
+		input := make([]byte, len(data)+max)
+		output := make([]byte, len(data)+max)
+		for i := 0; i < max; i++ { // input offsets
+			for j := 0; j < max; j++ { // output offsets
+				s, _ := NewUnauthenticatedCipher(hexDecode(c.key), hexDecode(c.nonce))
+
+				input := input[i : i+len(data)]
+				output := output[j : j+len(data)]
+
+				copy(input, data)
+				s.XORKeyStream(output, input)
+				got := hex.EncodeToString(output)
+				if got != c.output {
+					t.Errorf("length=%v: got %#v, want %#v", len(data), got, c.output)
+				}
+			}
+		}
+	}
+}
+
+// Run the test cases by calling XORKeyStream multiple times.
+func TestStep(t *testing.T) {
+	// wide range of step sizes to try and hit edge cases
+	steps := [...]int{1, 3, 4, 7, 8, 17, 24, 30, 64, 256}
+	rnd := rand.New(rand.NewSource(123))
+	for _, c := range testVectors {
+		s, _ := NewUnauthenticatedCipher(hexDecode(c.key), hexDecode(c.nonce))
+		input := hexDecode(c.input)
+		output := make([]byte, len(input))
+
+		// step through the buffers
+		i, step := 0, steps[rnd.Intn(len(steps))]
+		for i+step < len(input) {
+			s.XORKeyStream(output[i:i+step], input[i:i+step])
+			if i+step < len(input) && output[i+step] != 0 {
+				t.Errorf("length=%v, i=%v, step=%v: output overwritten", len(input), i, step)
+			}
+			i += step
+			step = steps[rnd.Intn(len(steps))]
+		}
+		// finish the encryption
+		s.XORKeyStream(output[i:], input[i:])
+		// ensure we tolerate a call with an empty input
+		s.XORKeyStream(output[len(output):], input[len(input):])
+
+		got := hex.EncodeToString(output)
+		if got != c.output {
+			t.Errorf("length=%v: got %#v, want %#v", len(input), got, c.output)
+		}
+	}
+}
+
+func TestSetCounter(t *testing.T) {
+	newCipher := func() *Cipher {
+		s, _ := NewUnauthenticatedCipher(make([]byte, KeySize), make([]byte, NonceSize))
+		return s
+	}
+	s := newCipher()
+	src := bytes.Repeat([]byte("test"), 32) // two 64-byte blocks
+	dst1 := make([]byte, len(src))
+	s.XORKeyStream(dst1, src)
+	// advance counter to 1 and xor second block
+	s = newCipher()
+	s.SetCounter(1)
+	dst2 := make([]byte, len(src))
+	s.XORKeyStream(dst2[64:], src[64:])
+	if !bytes.Equal(dst1[64:], dst2[64:]) {
+		t.Error("failed to produce identical output using SetCounter")
+	}
+
+	// test again with unaligned blocks; SetCounter should reset the buffer
+	s = newCipher()
+	s.XORKeyStream(dst1[:70], src[:70])
+	s = newCipher()
+	s.XORKeyStream([]byte{0}, []byte{0})
+	s.SetCounter(1)
+	s.XORKeyStream(dst2[64:70], src[64:70])
+	if !bytes.Equal(dst1[64:70], dst2[64:70]) {
+		t.Error("SetCounter did not reset buffer")
+	}
+
+	// advancing to a lower counter value should cause a panic
+	panics := func(fn func()) (p bool) {
+		defer func() { p = recover() != nil }()
+		fn()
+		return
+	}
+	if !panics(func() { s.SetCounter(0) }) {
+		t.Error("counter decreasing should trigger a panic")
+	}
+}
+
+func TestLastBlock(t *testing.T) {
+	panics := func(fn func()) (p bool) {
+		defer func() { p = recover() != nil }()
+		fn()
+		return
+	}
+
+	checkLastBlock := func(b []byte) {
+		t.Helper()
+		// Hardcoded result to check all implementations generate the same output.
+		lastBlock := "ace4cd09e294d1912d4ad205d06f95d9c2f2bfcf453e8753f128765b62215f4d" +
+			"92c74f2f626c6a640c0b1284d839ec81f1696281dafc3e684593937023b58b1d"
+		if got := hex.EncodeToString(b); got != lastBlock {
+			t.Errorf("wrong output for the last block, got %q, want %q", got, lastBlock)
+		}
+	}
+
+	// setting the counter to 0xffffffff and crypting multiple blocks should
+	// trigger a panic
+	s, _ := NewUnauthenticatedCipher(make([]byte, KeySize), make([]byte, NonceSize))
+	s.SetCounter(0xffffffff)
+	blocks := make([]byte, blockSize*2)
+	if !panics(func() { s.XORKeyStream(blocks, blocks) }) {
+		t.Error("crypting multiple blocks should trigger a panic")
+	}
+
+	// setting the counter to 0xffffffff - 1 and crypting two blocks should not
+	// trigger a panic
+	s, _ = NewUnauthenticatedCipher(make([]byte, KeySize), make([]byte, NonceSize))
+	s.SetCounter(0xffffffff - 1)
+	if panics(func() { s.XORKeyStream(blocks, blocks) }) {
+		t.Error("crypting the last blocks should not trigger a panic")
+	}
+	checkLastBlock(blocks[blockSize:])
+	// once all the keystream is spent, setting the counter should panic
+	if !panics(func() { s.SetCounter(0xffffffff) }) {
+		t.Error("setting the counter after overflow should trigger a panic")
+	}
+	// crypting a subsequent block *should* panic
+	block := make([]byte, blockSize)
+	if !panics(func() { s.XORKeyStream(block, block) }) {
+		t.Error("crypting after overflow should trigger a panic")
+	}
+
+	// if we crypt less than a full block, we should be able to crypt the rest
+	// in a subsequent call without panicking
+	s, _ = NewUnauthenticatedCipher(make([]byte, KeySize), make([]byte, NonceSize))
+	s.SetCounter(0xffffffff)
+	if panics(func() { s.XORKeyStream(block[:7], block[:7]) }) {
+		t.Error("crypting part of the last block should not trigger a panic")
+	}
+	if panics(func() { s.XORKeyStream(block[7:], block[7:]) }) {
+		t.Error("crypting part of the last block should not trigger a panic")
+	}
+	checkLastBlock(block)
+	// as before, a third call should trigger a panic because all keystream is spent
+	if !panics(func() { s.XORKeyStream(block[:1], block[:1]) }) {
+		t.Error("crypting after overflow should trigger a panic")
+	}
+}
+
+func benchmarkChaCha20(b *testing.B, step, count int) {
+	tot := step * count
+	src := make([]byte, tot)
+	dst := make([]byte, tot)
+	key := make([]byte, KeySize)
+	nonce := make([]byte, NonceSize)
+	b.SetBytes(int64(tot))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		c, _ := NewUnauthenticatedCipher(key, nonce)
+		for i := 0; i < tot; i += step {
+			c.XORKeyStream(dst[i:], src[i:i+step])
+		}
+	}
+}
+
+func BenchmarkChaCha20(b *testing.B) {
+	b.Run("64", func(b *testing.B) {
+		benchmarkChaCha20(b, 64, 1)
+	})
+	b.Run("256", func(b *testing.B) {
+		benchmarkChaCha20(b, 256, 1)
+	})
+	b.Run("10x25", func(b *testing.B) {
+		benchmarkChaCha20(b, 10, 25)
+	})
+	b.Run("4096", func(b *testing.B) {
+		benchmarkChaCha20(b, 4096, 1)
+	})
+	b.Run("100x40", func(b *testing.B) {
+		benchmarkChaCha20(b, 100, 40)
+	})
+	b.Run("65536", func(b *testing.B) {
+		benchmarkChaCha20(b, 65536, 1)
+	})
+	b.Run("1000x65", func(b *testing.B) {
+		benchmarkChaCha20(b, 1000, 65)
+	})
+}
+
+func TestHChaCha20(t *testing.T) {
+	// See draft-irtf-cfrg-xchacha-00, Section 2.2.1.
+	key := []byte{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}
+	nonce := []byte{0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x4a,
+		0x00, 0x00, 0x00, 0x00, 0x31, 0x41, 0x59, 0x27}
+	expected := []byte{0x82, 0x41, 0x3b, 0x42, 0x27, 0xb2, 0x7b, 0xfe,
+		0xd3, 0x0e, 0x42, 0x50, 0x8a, 0x87, 0x7d, 0x73,
+		0xa0, 0xf9, 0xe4, 0xd5, 0x8a, 0x74, 0xa8, 0x53,
+		0xc1, 0x2e, 0xc4, 0x13, 0x26, 0xd3, 0xec, 0xdc,
+	}
+	result, err := HChaCha20(key[:], nonce[:])
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(expected, result) {
+		t.Errorf("want %x, got %x", expected, result)
+	}
+}
diff --git a/chacha20/vectors_test.go b/chacha20/vectors_test.go
new file mode 100644
index 000000000..3d3bbcdc5
--- /dev/null
+++ b/chacha20/vectors_test.go
@@ -0,0 +1,511 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package chacha20
+
+// Test vectors for ChaCha20 implementations.
+
+type testCase struct {
+	nonce  string
+	key    string
+	input  string
+	output string
+}
+
+var testVectors = [...]testCase{
+	{
+		// From libsodium/test/default/xchacha20.c
+		nonce:  "c047548266b7c370d33566a2425cbf30d82d1eaf5294109e",
+		key:    "9d23bd4149cb979ccf3c5c94dd217e9808cb0e50cd0f67812235eaaf601d6232",
+		input:  "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+		output: "a21209096594de8c5667b1d13ad93f744106d054df210e4782cd396fec692d3515a20bf351eec011a92c367888bc464c32f0807acd6c203a247e0db854148468e9f96bee4cf718d68d5f637cbd5a376457788e6fae90fc31097cfc",
+	},
+	{
+		// From draft-irtf-cfrg-xchacha-01
+		nonce:  "404142434445464748494a4b4c4d4e4f5051525354555658",
+		key:    "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+		input:  "5468652064686f6c65202870726f6e6f756e6365642022646f6c65222920697320616c736f206b6e6f776e2061732074686520417369617469632077696c6420646f672c2072656420646f672c20616e642077686973746c696e6720646f672e2049742069732061626f7574207468652073697a65206f662061204765726d616e20736865706865726420627574206c6f6f6b73206d6f7265206c696b652061206c6f6e672d6c656767656420666f782e205468697320686967686c7920656c757369766520616e6420736b696c6c6564206a756d70657220697320636c6173736966696564207769746820776f6c7665732c20636f796f7465732c206a61636b616c732c20616e6420666f78657320696e20746865207461786f6e6f6d69632066616d696c792043616e696461652e",
+		output: "4559abba4e48c16102e8bb2c05e6947f50a786de162f9b0b7e592a9b53d0d4e98d8d6410d540a1a6375b26d80dace4fab52384c731acbf16a5923c0c48d3575d4d0d2c673b666faa731061277701093a6bf7a158a8864292a41c48e3a9b4c0daece0f8d98d0d7e05b37a307bbb66333164ec9e1b24ea0d6c3ffddcec4f68e7443056193a03c810e11344ca06d8ed8a2bfb1e8d48cfa6bc0eb4e2464b748142407c9f431aee769960e15ba8b96890466ef2457599852385c661f752ce20f9da0c09ab6b19df74e76a95967446f8d0fd415e7bee2a12a114c20eb5292ae7a349ae577820d5520a1f3fb62a17ce6a7e68fa7c79111d8860920bc048ef43fe84486ccb87c25f0ae045f0cce1e7989a9aa220a28bdd4827e751a24a6d5c62d790a66393b93111c1a55dd7421a10184974c7c5",
+	},
+	{
+		nonce:  "1733d194b3a2b6063600fe3f",
+		key:    "b6a3a89de64abf3aae9cf1a207c768101e80e472925d16ce8f02e761573dac82",
+		input:  "",
+		output: "",
+	},
+	{
+		nonce:  "ddfa69041ecc3feeb077cf45",
+		key:    "2be077349f80bf45faa1f427e81d90dbdc90a1d8d4212c1dacf2bd870000bfdf",
+		input:  "23dbad0780",
+		output: "415a3e498d",
+	},
+	{
+		nonce:  "496b2a516daff98da5a23653",
+		key:    "254c12e973a3d14fbbf7457964f0d5ee5d18c42913cf9a3c67a3944c532c2c7c",
+		input:  "f518831fab69c054a6",
+		output: "cfe40f63f81391484b",
+	},
+	{
+		nonce:  "9e7a69ca17672f6b209285b7",
+		key:    "205082fc0b41a45cd085527d9d1c0a16410b47152a743436faa74ae67ae60bca",
+		input:  "805fad1d62951537aeed9859",
+		output: "47bd303f93c3ce04bce44710",
+	},
+	{
+		nonce:  "b33dedcd7f0a77359bdeae06",
+		key:    "ef2d6344a720e4a58f2ac10f159ab76314e37d3316bf2fb857bc043127927c67",
+		input:  "f4e8a7577affb841cf48392cf5df",
+		output: "f445c0fb7e3d5bfdab47090ddee6",
+	},
+	{
+		nonce:  "b1508a348092cc4ace14608d",
+		key:    "a831bd347ef40828f9198b9d8396f54d48435831454aa734a274e10ddcc7d429",
+		input:  "1179b71ec4dc34bd812f742b5a0b27",
+		output: "cc7f80f333c647d6e592e4f7ecc834",
+	},
+	{
+		nonce:  "034775c821c58891a6e88cac",
+		key:    "ed793ce92b1689ce66836a117f65dcec981dc85b522f5dffbb3e1f172f3f7750",
+		input:  "7bd94943d55392d0311c413ac755ce0347872ba3",
+		output: "c43665de15136af232675d9d5dbbeca77f3c542a",
+	},
+	{
+		nonce:  "cb55869aa56e9d6e5e70ad5d",
+		key:    "b3d542358ffd7b1ff8ab3810ece814729356d0edbd63e66006d5e5e8a223a9ee",
+		input:  "1505f669acc5ad9aaa0e993ba8c24e744d13655e1f",
+		output: "26cad1ccf4cf4c49b267ab7be10bc2ffa3ba66bc86",
+	},
+	{
+		nonce:  "a42c203f86fc63000ea16072",
+		key:    "d6b18ae2473d3be8ca711267ffbc77b97644f6a2b4791d31d0910d180c6e1aec",
+		input:  "20070523ddb4ebf0d5f20fd95aacf47fb269ebadda6879638a",
+		output: "5ce972624cb2b7e7c28f5b865ba08c887911b4f5e361830a4b",
+	},
+	{
+		nonce:  "ea7186cf2fdf728d8a535a8b",
+		key:    "bba26ce4efb56ad06b96e2b02d0cdd549ad81588a9306c421e0f5b0175ae4b25",
+		input:  "d10f8050c1186f92e26f351db36490d82ea677498562d8d4f487a0a4058adf",
+		output: "f30c11bc553b2baf6870760d735680897c9fee168f976b2a33ef395fdbd4fc",
+	},
+	{
+		nonce:  "3a98bed189a35a0fe1c726fa",
+		key:    "a76d5c79dcaab18c9a3542a0272eea95c45382122f59bcaa10e8910371d941f6",
+		input:  "e88dc380b7d45a4a762c34f310199587867516fac4a2634022b96a9f862e17714d17",
+		output: "aac98ba3821399e55a5eab5862f7f1bfc63637d700125878c2b17151f306c9aec80e",
+	},
+	{
+		nonce:  "b8f4f598731d183f2e57f45b",
+		key:    "f78c6fa82b1ab48d5631e0e0598aad3dbad1e4b338fbf6759d7094dbf334dbc3",
+		input:  "b0fcf0a731e2902787309697db2384e1cda07b60002c95355a4e261fb601f034b2b3",
+		output: "b6c8c40ddda029a70a21c25f724cc90c43f6edc407055683572a9f5e9690a1d571bb",
+	},
+	{
+		nonce:  "18ae8972507ebe7e7691817d",
+		key:    "a0076c332ba22e4a462f87a8285e7ba43f5e64be91651c377a23dcd28095c592",
+		input:  "cf9ec6fa3f0a67488adb5598a48ed916729a1e416d206f9675dfa9fd6585793f274f363bbca348b3",
+		output: "bb7ed8a199aa329dcd18736ce705804ffae8c3e2ba341ae907f94f4672d57175df25d28e16962fd6",
+	},
+	{
+		nonce:  "de8131fd263e198b99c7eb0b",
+		key:    "2e4c1a78e255ab2743af4a8101ab0b0ae02ce69dd2032b47e818eedf935b858b",
+		input:  "be9a8211d68642310724eda3dd02f63fcc03a101d9564b0ecee6f4ecececcb0099bb26aabee46b1a2c0416b4ac269e",
+		output: "3152f317cf3626e26d02cff9392619ea02e22115b6d43d6dd2e1177c6bb3cb71c4a90c3d13b63c43e03605ec98d9a1",
+	},
+	{
+		nonce:  "f62fb0273e6110a5d8228b21",
+		key:    "3277fc62f46cf0ced55ef4a44f65962f6e952b9ff472b542869cb55b4f78e435",
+		input:  "495343a257250f8970f791f493b89d10edba89806b88aaaeb3b5aefd078ba7b765746164bce653f5e6c096dd8499fb76d97d77",
+		output: "62c01f426581551b5b16e8b1a3a23c86bcdd189ab695dbea4bf811a14741e6ebbb0261ef8ae47778a6be7e0ef11697b891412c",
+	},
+	{
+		nonce:  "637ab99d4802f50f56dfb6f2",
+		key:    "8f7a652b5d5767fe61d256aa979a1730f1fffcae98b68e9b5637fe1e0c45eab4",
+		input:  "e37fbbd3fe37ce5a99d18e5dcb0dafe7adf8b596528708f7d310569ab44c251377f7363a390c653965e0cb8dd217464b3d8f79c1",
+		output: "b07d4c56fb83a49e8d9fc992e1230bb5086fecbd828cdbc7353f61b1a3cec0baf9c5bf67c9da06b49469a999ba3b37916ec125be",
+	},
+	{
+		nonce:  "38ecdfc1d303757d663c3e9a",
+		key:    "e7d8148613049bdefab4482a44e7bdcb5edc5dad3ed8449117d6d97445db0b23",
+		input:  "9efab614388a7d99102bcc901e3623d31fd9dd9d3c3338d086f69c13e7aa8653f9ce76e722e5a6a8cbbbee067a6cb9c59aa9b4b4c518bbed",
+		output: "829d9fe74b7a4b3aeb04580b41d38a156ffbebba5d49ad55d1b0370f25abcd41221304941ad8e0d5095e15fbd839295bf1e7a509a807c005",
+	},
+	{
+		nonce:  "1c52e2c7b4995479d76c94c7",
+		key:    "74e7fc53bf534b9a3441615f1494c3a3727ca0a81123249399ecae435aeb6d21",
+		input:  "03b5d7ab4bd8c9a4f47ec122cbeb595bd1a0d58de3bb3dcc66c4e288f29622d6863e846fdfb27a90740feb03a4761c6017250bc0f129cc65d19680ab9d6970",
+		output: "83db55d9eb441a909268311da67d432c732ad6bda0a0dae710d1bce040b91269deb558a68ced4aa5760ca0b9c5efc84e725f297bdbdadbc368bea4e20261c5",
+	},
+	{
+		nonce:  "a1f0411d78773b7ca5ee9169",
+		key:    "393e211f141d26562c7cfc15c5ccfe21c58456a9060560266bc0dcdab010c8f2",
+		input:  "2f4da518578a2a82c8c855155645838ca431cdf35d9f8562f256746150580ca1c74f79b3e9ae78224573da8b47a4b3cc63fbed8d4e831a6b4d796c124d87c78a66e5",
+		output: "6fc086ded3d1d5566577ccd9971e713c1126ec52d3894f09ab701116c7b5abda959cbb207f4468eb7b6a6b7e1b6d2bc6047f337499d63522f256ee751b91f84f70b6",
+	},
+	{
+		nonce:  "2c029f74b0da21a052228c64",
+		key:    "b0e7aca1a10e7a56b913af52080ca3cb746d7ae039ca3b5c07acb285c0afb503",
+		input:  "55739a1738b4a4028021b21549e2661b050e3d830ad9a56f57bfcaca3e0f72051b9ca92411840061083e5e45124d8425061ab26c632ac7852118411ac80026da946357c630f27225",
+		output: "8051bf98f8f2617e159ba205a9342ab700973dd045e09321805eed89e419f37f3211c5aa82666b9a097270babc26d3bfe0c990fe245ae982a31f23cfbf6156b5c8cfb77f340e2bf5",
+	},
+	{
+		nonce:  "a86bc1234ecdd19fcb4e22cb",
+		key:    "4a4094b698f1b586ff1bfd10544ea81309e521ab64d74374f1b33109f2876e68",
+		input:  "7ffd8d5970fdee613eeae531d1c673fd379d64b0b6bfedd010433b080b561038f7f266fa7e15d7d8e10d23f21b9d7724bb200b0f58b9250483e784f4a6555d09c234e8d1c549ebb76a8e",
+		output: "c173617e36ea20ce04c490803b2098bd4f1ff4b31fdca1c51c6475ade83892c5f12731652d5774631d55ae2938617a5e9462bb6083328a23a4fba52de50ca9075586f2efc22aae56e3a8",
+	},
+	{
+		nonce:  "296f5fd61962f7f39e3c039a",
+		key:    "c417a0eb1a42e06917239e44118a85293a52c8d0a2c9b0a884cab20a451a01af",
+		input:  "7a5766097562361cfaeac5b8a6175e1ceeeda30aec5e354df4302e7700ea48c505da9fdc57874da879480ecfea9c6c8904f330cbac5e27f296b33b667fea483348f031bef761d0b8e318a8132caa7a5943",
+		output: "5e9fbf427c4f0fcf44db3180ea47d923f52bee933a985543622eff70e2b3f5c673be8e05cd7acbcadd8593da454c60d5f19131e61730a73b9c0f87e3921ee5a591a086446b2a0fadd8a4bc7b49a8e83764",
+	},
+	{
+		nonce:  "6ee50ec741ec580e616fd9af",
+		key:    "bbf22a177cd285904dc4a28cda48a18ab0880c29397418888147d518ce2c3f63",
+		input:  "0777c02a2900052d9b79f38387d2c234108a2ad066cbf7df6ea6acc5a3f86b3d6156abb5b18ad4ecf79e171383a1897e64a95ecdbba6aa3f1c7c12fe31283629ff547cb113a826cb348a7c10507cc645fa2eb97b5f22e44d",
+		output: "368c90db3464ba488340b1960e9f75d2c3b5b392bdd5622ff70e85e6d00b1e6a996ba3978ce64f8f2b5a9a90576c8f32b908233e15d2f443cccc98af87745c93c8056603407a3fb37ce0c1f8ab6384cc37c69c98bfecf337",
+	},
+	{
+		nonce:  "79da06301d054827dc7cc172",
+		key:    "e8b7cd6028e9cbceb97a9be13715d63099c1fba0bf387789a90577dd63175c3e",
+		input:  "cf2dccbcfd781c030376f9019d841ca701cb54a1791f50f50bee0c2bf178182603a4712b5916eebd5001595c3f48283f1ba097ce2e7bf94f2b7fa957ce776e14a7a570093be2de386ececbd6525e72c5970c3e7d35974b8f0b831fbc",
+		output: "7c92b8c75e6eb8675229660cedcb10334965a7737cde7336512d9eff846c670d1fa8f8a427ea4f43e66be609466711fd241ccff7d3f049bda3a2394e5aa2108abc80e859611dbd3c7ba2d044a3ececa4980dd65e823dd110fea7a548",
+	},
+	{
+		nonce:  "eeb10ffc0ac64c4167bd4441",
+		key:    "c6913210b6032b8248b59ad2fe3e8fc86a0536691fa6aa285878dfa01935a2da",
+		input:  "e08a8949a1bfd6a8c1186b431b6ad59b106ae5552821db69b66dc03fbc4a2b970dcf9c7da4f5082572bc978f8ee27c554c8884b5a450b36d70453348cd6cac9b80c9900cf98a4088803f564bb1281d24507b2f61ba737c8145c71b50eb0f6dfc",
+		output: "73d043acf9dcd758c7299bd1fd1f4100d61ff77d339e279bfbe6f9233b0d9afa24992a9c1c7a19545d469fdfb369c201322f6fe8c633fcdcffef31032bfb41b9fb55506e301d049fd447d61f974a713debeaed886f486a98efd3d6c3f25fbb30",
+	},
+	{
+		nonce:  "570c03c2e1593b1e1ade7e60",
+		key:    "b5c2bad18345a9569b478b621ea556308f8fbf693de0f12dd2489d4b79c3f57d",
+		input:  "a0c302120111f00c99cff7d839cdf43207a7e2f73d5dd888daa00d84254db0e621a72493480420c9c61ce1cfc54188ff525bb7a0e6c1cd298f598973a1de9fd2d79a21401588775b0adbe261ba4e4f79a894d1bd5835b5924d09ba32ef03cb4bc0bd6eb4ee4274",
+		output: "bc714bd7d8399beedc238f7ddeb0b99d94ad6bf8bf54548a3e4b90a76aa5673c91db6482591e8ff9126e1412bce56d52a4c2d89f22c29858e24482f177abacef428d0ae1779f0ae0778c44f9f02fe474da93c35c615b5fad29eca697978891f426714441317f2b",
+	},
+	{
+		nonce:  "1fc84df4e7036ecf966796f4",
+		key:    "f4127b0d89473f68b48f82c7a0c60f82eb3112c5d71667e493ef36406cb9af26",
+		input:  "ebce290c03c7cb65d053918ba2da0256dc700b337b8c124c43d5da4746888ca78387feea1a3a72c5e249d3d93a1907977dd4009699a15be5da2ca89c60e971c8df5d4553b61b710d92d3453dea595a0e45ae1e093f02ea70608b7b32f9c6aadc661a052f9b14c03ea0117a3192",
+		output: "cbb8c4ec827a1123c1141327c594d4a8b0b4a74b0008115bb9ec4275db3a8e5529a4f145551af29c473764cbaa0794b2d1eb1066f32a07fd39f5f3fe51498c46fba5310ae7c3664571d6a851e673ded3badc25e426f9c6038724779aa6d2d8ec3f54865f7df612e25575635ab5",
+	},
+	{
+		nonce:  "1b463e8d60c3057eddafbb3b",
+		key:    "c917b9f9f79bf89ac9bbec7d7beae5e755ab4a9bbef6ef90906d9ba11a9bf6b9",
+		input:  "275c97de985aa265332065ccce437770b110737a77dea62137a5d6cb62e9cb8b504d34334a58a71aba153d9b86f21377467b2fafaf54829331bf2ce0009acb37842b7a4b5f152aab650a393153f1ed479abc21f7a6fe205b9852ff2f7f3a0e3bfe76ca9770efada4e29e06db0569a99d08648e",
+		output: "b225aa01d5c438d572deaea51ac12c0c694e0f9dc0ed2884a98e5e2943d52bb4692d7d8f12486de12d0559087e8c09e4f2d5b74e350838aa2bd36023032ccbcae56be75c6a17c59583d81a1fd60e305af5053ac89f753c9347f3040e48405232dc8428c49dcb3d9b899145f5b3bc955f34dbbe",
+	},
+	{
+		nonce:  "f5331f87bae3fee4931e8ccb",
+		key:    "03491233e587027e8f98d6e95f406219b5c1215fe695c62ac900b246ba98da9f",
+		input:  "ceda15cfffd53ccebe31b5886facd863f6166e02ec65f46f54148860a5c2702e34fd204d881af6055952690cd1ffa8ba4d0e297cc165d981b371932adb935398c987baff335108c5e77f2e5dd5e1ca9a017bc376cbdbe3c0f45e079c212e8986b438444e79cd37927c1479f45c9e75b0076cc9f8679011",
+		output: "a3f1c3f885583b999c85cd118e2ababfa5a2de0c8eb28aacc161b1efee89d8de36ddeb584174c0e92011b8d667cb64009049976082072e6262933dbf7b14839805e1face375b7cbb54f9828ba1ed8aa55634ec5d72b6351feff4d77a3a22b34203b02e096f5e5f9ae9ad6a9dd16c57ce6d94dcc8873d18",
+	},
+	{
+		nonce:  "e83c55efea20e1df3a7e049a",
+		key:    "c179f4be8b4f555989f097bf1e6f315228e4410104dc26ff578f0ce1598a56a7",
+		input:  "799bb2d634406753416b3a2b67513293a0b3496ef5b2d019758dedaaac2edd72502fc4a375b3f0d4237bc16b0e3d47e7ddc315c6aef3a23fcae2eb3a6083bc7ac4fd1b5bf0025cc1cb266b40234b77db762c747d3a7b27956cf3a4cf72320fb60c0d0713fa60b37a6cb5b21a599e79d0f06a5b7201aeb5d2",
+		output: "e84dfb3dbaac364085497aeabd197db852d3140c0c07f5f10e5c144c1fe26a50a9877649e88c6fe04283f4b7590a8d0d042ef577693f76f706e31c4979437590fe0ab03d89afb089d1be50ae173ea5458810372838eceac53bf4bac792735d8149e548efb432e236da92bf3168bbcf36f644c23efb478a4e",
+	},
+	{
+		nonce:  "a02481d9aa80cd78fc5cc53d",
+		key:    "416e2802e3383ef16b4735f7fc4bc433978797d795459c4a13040806d8fd9912",
+		input:  "b2d060bd173955f44ee01b8bfcf0a6fad017c3517e4e8c8da728379f6d54471c955615e2b1effe4ce3d0139df225223c361be1cac416ade10a749c5da324563696dae8272577e44e8588cd5306bff0bfbdb32af3ac7cbc78be24b51baf4d5e47cf8f1d6b0a63ed9359da45c3e7297b2314028848f5816feab885e2",
+		output: "ffa4aa66dd5d39694ae64696bfa96f771accef68f195456ad815751e25c47ed4f27b436f1b3e3fcaa3e0d04133b53559c100cd633ced3d4321fc56225c85d2443727bce40434455aa4c1f3e6768c0fe58ad88b3a928313d41a7629f1ce874d2c8bcf822ebdaebfd9d95a31bb62daab5385eb8eefe026e8cbf1ff7a",
+	},
+	{
+		nonce:  "0f6b105381fd11dff3b6d169",
+		key:    "38b1360794e1cd55c173820fe668c2f7d52b366155b43cbbfcc9d344fdd3567d",
+		input:  "4f0171d7309493a349530940feece3c6200693f9cff38924114d53f723d090fffa3c80731b5ca989d3e924d1fa14266632cb9ab879e1a36df22dc9f8d1dadea229db72fded0c42187c38b9fa263c20e5fb5b4aa80eb90e8616e36d9b8c613b371c402343823184ecad3532058a46cf9e7ea5a9ecad043ac3028cbcc3f36d32",
+		output: "88c773ff34b23e691e14018ba1b2bd48a4a6979b377eb0d68336ce6192dcd5177e6b4f1c4bea2df90af56b35fe2a1d6279d253c0194dcbca9bf136f92d69165b216e4c9d1ce6b3fbe40c71e32c3f4088de352732d0e2bad9c16fd0bb9bde3d6c30257ce063432d09f19da79d49aa7641124a6c9e3f09449e911edbae11a053",
+	},
+	{
+		nonce:  "bdff905e73f198a8889a9f26",
+		key:    "5fe044529bbeadf9ac549f9e46004623eacd8267962c98ba6b5021c7e3f710ed",
+		input:  "8f8d9e18d3212bd20b96d75c06d1a63622fd83d13f79d542e45996135368772ea81511302a0d87e246dd346314cfe019bae8a5c97f567f12d82aca98dfea397c6a47dd0c419f1c609d9c52dcfcbe7eee68b2635954206ed592b7081442ce9ce3187d10ccd41cc856fb924b011f817c676c9419f52a2938c7af5f76755a75eb065411",
+		output: "4e130c5df384b9c3c84aa38a744260735e93783da0337ade99f777e692c5ea276ac4cc65880b4ae9c3b96888760fdddb74bc2e2694bedf1ee6f14619c8015f951ba81b274b466e318d09defe80bdbed57bc213ac4631d2eb14c8e348181d60f6295ceee1e9231ae047830ef4778ff66146621b76974773b5d11c8e17a476450f46ef",
+	},
+	{
+		nonce:  "e8398e304ff1a49a96db11f5",
+		key:    "19523b8388e5824b2c652d4bd76e8f7c63e84bfee5503a9d9b0988b868198d9f",
+		input:  "30d2379dd3ceae612182576f9acf6de505ab5a9445fe1a86ae75c5c29429e11c50fd9ec657b29b173a3763b1e171b5a7da1803ba5d64fccb2d32cb7788be194dbca00c3c91774c4c4c8ede48c1027d7cc8b387101a4fe5e44a1d9693b2f627626025072806083aadbced91c9711a0171f52ffb8ed5596cf34130022398c8a1da99c7",
+		output: "b1e8da34ad0189038ee24673979b405ef73fdbdd6f376f800031d64005a4ebed51a37f2180571223848decbea6dd22b198ab9560d7edc047c5d69183dc69b5fca346911d25cb2a1a9f830dc6382ad0024e8c3eef3aa2d155abcfe43bff01956a5e20a862fbed5c5e8df8eed0601a120caac634b068314e221f175baa11ae29002bb9",
+	},
+	{
+		nonce:  "5acafea5b4c13a750966a4c5",
+		key:    "5948bfabf69b8d826daaf7f7a28c2025adc0a4d78232dd2fc2b8fc2b4bd88983",
+		input:  "d9404ccdcc8ef128a1b1ace4f9f1669d274ec82aa914cac34b83ac00b236478fd6167e96ec658850c6c139eb0f6fc0dd7191ba9a39828032008f7f37eb9a8df9d6cdd54240e600efe7fc49a674000c5030d825b2c5c96d0f19b8ecdbf4eeb86d3e569c5e3131abc7d6359dd4255284ccacf150d42e7a899536d51ee6db329654a4581c5ac6e419",
+		output: "c5534b5fb40b4834300e9577a9d87440c5272263d06e6aee84aa92cdf5d1b033145d336f26e5fe55c09a7e75753af93d0786dfc1cb435e86c67bd3ec8e766d0801b99e68691e2c3c3ffec539cf62e68285ea9027daa2716cd6f97e8eb7b9e266357a25eb2d4839a829508a6b7228f2832b3cd998f77597ae530430e6e4ecb53eb9efe456863a04",
+	},
+	{
+		nonce:  "4658aa126c4f608885950dc1",
+		key:    "d6cc91149d552f60060c08d4bdfa0202f8f4d3ff174c14bf3c3fbf8875330808",
+		input:  "231765f832927461f338aceb0f4cf51fd8469348c69c549c1dec7333d4aa4968c1ed58b65ab3fe3d0562600a2b076d56fd9ef91f589752e0455dd1d2e614cacfc0d757a11a4a2264bd38f23d3cca108632201b4f6c3b06477467726dde0c2f3aee01d66d788247663f1d0e66b044da9393ede27b9905b44115b067914961bdade85a2eca2844e1",
+		output: "1dd35f3f774f66d88cb7c2b23820ee078a093d0d85f86c4f103d869f93e2dbdd8a7cb8f101084fe1d7281a71754ec9aac5eb4fca8c365b24ed80e695caace1a8781a5a225938b50b8be96d0499752fdabd4f50d0b6ce396c6e2ca45308d1f2cc5a2a2361a8ca7a334e6ee62d466d74a1b0bf5b352f4ef6d8f8c589b733748bd3d7cda593243fab",
+	},
+	{
+		nonce:  "f0709d1c67a388a02b4dc24e",
+		key:    "75974e4952a8070d4af28aaf5c825bc68067e0c5cebafb17b5711d65efd848f5",
+		input:  "e46841f12d98aeb7710b9162d342895a971b0e3a499886bbb6aa74dc744a28d89a54542b628acdc2f693cb7c03f73fc3b74069bc3f2d000a145fb8a806cdc7d6fa971da09a33b92851cc3d1f6f5646d7fa2b1d564876feefeb63b6e66dba1c0b86ca345235bb822e0f93132346840d2a3d6eb1b541178ea51affc7b31f8da02732cc4e5bcb5d8683ae0a91c9",
+		output: "1dcbfd0bb2b905656c52bd7b1bcdad9b4d434ae9ac221a0d3a316115cdd4a463fa9b3444d2612a4e277d0dcd881fa6e80e59e5a54e35e1a14747aed31edf4ac24214f9d9c329ebe2157620b64efaded9976549bc4aa100d5c15be3f85f700f8a21dfe77590dfee2de9a23cc1ed1e44f32ebf68ca289b097bc13b42802dc7c75309c4afc25b5741839f7db3d5",
+	},
+	{
+		nonce:  "8b7b06236d6c275b606ccaae",
+		key:    "8844d62973293a89efb4e332d4d5f32a1bc05e094cb605c87d8b4e8862708d79",
+		input:  "e98e4a9550bdd29e4106f0cc8669dcc646a69438408e9a72c7cdb9b9d437b5f7a13fcb197629541c55bca1f8972a80cd1c1f591a0e24f977cdeb84763eab2648e42286e6473ea95e3a6a43b07a32b6a6cd80fe007ba0cf7f5ac7e651431f5e72690ec52a7134f9757daf0d8eff6b831a229db4ab8288f6bbf81e16fedebe621fd1737c8792cfd15fb3040f4f6a4cbc1e",
+		output: "5c69cf522c058790a3bc38979e172b60e71f7896d362d754edc1668d4f388b3fc0acdf40786d2f34886e107a142b1e724b9b9b171cb0e38fd78b35f8ac5269d74296c39c9f8628d848f57af9d8525a33f19021db2b9c64ba113171ebb3882075019ec7e77b51ce80b063ed41d48dad481d9536c030002a75d15c1c10ce0ec3ff17bc483f8416055a99b53035f4b6ea60",
+	},
+	{
+		nonce:  "5896072b85daf5bd0d45758a",
+		key:    "a3eac94919880462a5cfaa9bdcad7038e182c605f3fff9f44b8e84a3c1ebc10a",
+		input:  "ce0f0d900dd0d31749d08631ec59f216a1391f66a73bae81d3b0e2919a461bc9a14d6a01b827e3bcb55bbccf27c1ed574157e6becd5cf47181a73c9d3e865ab48a20551027e560e965876b0e1a256bfa5cb5179bf54bd8ec65e5570e374b853b37bf4b3ef1ec612d288ebc19275fa88da9419e012f957f9b6a7e375b3377db0eb3619c731aebfeb0930772b4020d3a3e90723e72",
+		output: "b06981b57fe184091ef9f8ccf522a5bcdb59bf9a68a3ddb817fdd999a6ecf81053a602141cf1b17017bae592b6b6e64756631a2b29a9e1b4f877c8b2ae30f71bc921e4f34b6f9cd8e587c57a30245f80e95005d0f18f5114400785140e6743da352d921fb4a74632a9c40115ad7706263ac9b41a11609fa0c42fc00f8d60931976162598df63ebad9496dd8943d25a03fa47475c",
+	},
+	{
+		nonce:  "b88a8e097be7d884415830bb",
+		key:    "3cf9b5468d77b2c88f27c52c4c90a3d24f5dce06e859440c305ca30402dcea2f",
+		input:  "eccfd66bdc691478f354b8423d6a3f20932a1f591d8e6cefa734975fb8ee6881b6dc92c0d1d5ed54fd1999efd7f11ac697a1f130587dd895eb498c9a8fc7d1714c385ec156ecae3bdea2a3462834245e724531d0fedda2b77693a53ed7354b758e875b23cfc83219a091fb2076e7a88cd77f779ed96f8d81ffa3fe5059303ac706086494b9f2982f4f88a0c6fadc3748625004db",
+		output: "925529047d4177b72bf50905ba77e47608815522c1829b24046e439d5451901257903a5409fb910373167e8b7f4fdfa543a477608ddfc11bbd1efc138366961463b9915b302a346b795dd593f6fcf4fa73529b6fe83079552aabbe99474a72806f59688d826675fa7f6649b9f5307e5028853c9821b8c4a1a0fc4bfdc7c8c78b25aeaba2b5821d17b36317381a3bd578917d2504",
+	},
+	{
+		nonce:  "4a6e2a2e8a486d9ab66c96f9",
+		key:    "ff3b90583f17bec2b52861e253afb6b6eb8e2f093633cf38fb90df7f374be27a",
+		input:  "f0c7139c69413869bca980d7f192b2bc3f57e34ca4f26164e1a54a234e84e1aa285cc02cfbaef3dfba2dbb52a555ec1f6ef0e89d0b2f0bd1846e65b74444b5f003a7308965e67bed558689be2668ca10ca368fac072e0e4535a031af23b3c37c561e185872b86c9bceddb5c1199e43fb5f735384766d33710460b541b52d3f5b6c108c08e76724bcac7ad2d866a8bbeeea92a3d867660d2e",
+		output: "d2c16c7a242b493038203daec65960de384c030eb698ef6a53c36eabb7556cbfa4770eaa8bc0a2b385ad97495eeb1c03ff4e6efcb804aefa81c177dc62700a9eefe6e8dd10cff5d43a2f47463cab5eb1ee260c3826cac9bfa070f1e0435541a89ebd224d13cc43f8fff12f38091c2b3f2102d5c20d8b1c3ae4f129364bbe9f9ce2147dcf0639668ddb90dffe6a50f939f53fa7ba358e913f",
+	},
+	{
+		nonce:  "98013e248c44840860e7319a",
+		key:    "bc17e037902e1e9baa9d6715ee234af9fe6da80d4ca8eec3999719dd92fbef6e",
+		input:  "7024974ebf3f66e25631c0699bcc057be0af06bc60d81a7131acaa620a998e15f385c4eaf51ff1e0a81ae5c6a7442d28a3cdc8aeb9701055e75d39ecac35f1e0ac9f9affb6f9197c0066bf39338a2286316e9d1bb7464398e411da1507c470d64f88d11d86d09e6958fa856583ace697f4ee4edc82618662cb3c5380cb4ce7f01c770aab3467d6367c409a83e447c36768a92fc78f9cbe5698c11e",
+		output: "ff56a3a6e3867588c753260b320c301ce80de8c406545fdd69025abc21ce7430cba6b4f4a08ad3d95dc09be50e67beeff20d1983a98b9cb544b91165f9a0a5b803a66c4e21bd3a10b463b7c1f565e66064f7019362290c77238d72b0ea1e264c0939d76799843439b9f09e220982eb1dc075d449412f838709428a6b8975db25163c58f40bf320514abf7a685150d37a98bac8b34ccb5245edb551",
+	},
+	{
+		nonce:  "6d864ed2d8259dc5f123f6fc",
+		key:    "a0cc325fc5ca6741ee4349c0eca17f50c0df8fad2dfa66624153f0223e147480",
+		input:  "8d79329cf647e966fde65a57fc959223c745801c55312046b791671773cca0af4cd48ead1f316eba0da44aa5d18025eced0c9ed97abaabb24570d89b5b00c179dca15dbae89c0b12bb9e67028e3ae4d6065041b76e508706bec36517a135554d8e6ef7cf3b613cbf894bec65d4dc4e8cb5ca8734ad397238e1e5f528fa11181a57dc71cc3d8c29f3aba45f746b1e8c7faace119c9ba23a05fffd9022c6c85260",
+		output: "60aea840869f7be6fcc5584b87f43d7ba91ed2d246a8f0a58e82c5153772a9561bdf08e31a0a974f8a057b04a238feb014403cd5ffe9cf231db292199198271f9793c9202387f0835a1e1dc24f85dd86cb34608923783fd38226244a2dd745071b27d49cbffebea80d9dacad1578c09852406aa15250de58d6d09cf50c3fcfff3313fac92c8dad5cb0a61ccc02c91cecee3f628e30c666698edecf81831e55ec",
+	},
+	{
+		nonce:  "4710b63001f90c812415684d",
+		key:    "d07614e58d0098df9ee6df596691b30d4a4a1e6c5e1676fb85f1805135fb5973",
+		input:  "85484293a843d2d80b72924b7972dfa97cbe5b8c6bcc096f4d5b38956eb3f13f47b02b0f759ea37014ecdecfb55f2707ef6d7e81fd4973c92b0043eac160aaf90a4f32b83067b708a08b48db7c5900d87e4f2f62b932cf0981de72b4feea50a5eb00e39429c374698cbe5b86cf3e1fc313a6156a1559f73c5bac146ceaaaf3ccf81917c3fdd0b639d57cf19ab5bc98295fff3c779242f8be486ba348bd757ba920ca6579be2156",
+		output: "bb1650260ef2e86d96d39170f355411b6561082dcc763df0e018fdea8f10e9dc48489fb7a075f7f84260aecc10abcfadbc6e1cd26924b25dedb1cc887ada49bb4e3e02006bdd39098ef404c1c320fb3b294ded3e82b3920c8798727badfb0d63853138c29cf1ebf1759423a1457b3d2c252acf0d1cde8165f01c0b2266297e688ff03756d1b06cb79a2cc3ba649d161b8d9ef1f8fb792bd823c4eabb7fb799393f4106ab324d98",
+	},
+	{
+		nonce:  "be0c024290af62adcd539e02",
+		key:    "9520adab77c41e60a123c93b1adede1e5523613358485b281467fdd3c3bcf4e0",
+		input:  "a2fc6e1b5281a4e0330eecd1ab4c41670570423173255979953142b78733b2910fa5540e8294208df6ae4f18672d5ac65acf851bcd394e1932db13c81b21e6f165e5538aff862e46126c650bbe055e54b31c78f2f0221d2631d66ef6d3f4c5ae25eada043b74d8770e2c29799c0954d8ccbd17766b79e6e94e88f478db3566a20cb890846917591a07738328d5c05f7ed4695a82607660f1239661faa9af0368aeb89726f13c2aaecf0deaf7",
+		output: "d8fe402a641c388522842385de98be60f87d922c318215947d4b7562d4ca1e2dbc7ee86494e65fb0bfddfdebdb2ae6469312f95b32c722b2720d64bb8d7cc3dd82f9055b1d89f05b77984f91f94ba4ac79c5129cd7c91cc751b0defc3f2799518e372d27aa683f1e7bbd4f55414c48fe8a3a37ac1f179a1a329cda775aec0d31d75a5a38addb1de67c06bddbedf4c8d87abc18c9f9dd072d457ea29ad4dfb109ce7e99a4a82fbe330b0afbb5",
+	},
+	{
+		nonce:  "8f1c02a8c4027a6693b6687a",
+		key:    "c801e4ec475a80faca2f576d0c781c9ce5457564114cefd7461edc914e692aba",
+		input:  "480387bc6d2bbc9e4ced2448d9ec39a4f27abe8cfb46752d773552ad7808a794058962b49e005fef4e403e6a391d1d3f59025eeb5fb8fbbe920f5361862c205d430eac613cd66108f2f2f0bd4d95a8f6ca7bd1f917eaeb388be87d8b7084a2eb98c575034578edf1b3dafff051a59313873a7be78908599e7e1c442d883d3fd3d26787eb7467eed3a3fb2d40046a4460d5d14215565606bcf8b6270af8500e3504d6d27dacf45bace32214472d525fdc",
+		output: "ab81a9c28358dfe12e35a21e96f5f4190afb59214f3cf310c092ab273c63cd73a783d080c7d4db2faccd70d1180b954cd700c0a56b086691e2c2cd735c88e765e2266cd9ebe1830d63df4b34e2611a8abeeca9c8c4fac71135dafb1cb3569540ed1362ddeb744ed62f6fd21de87b836ec2980f165c02506e0c316ae3cf3d18a862954d9781f726ecc1723af4a730ccc6d6de82553450a52499acb58fb2008969401c45b2f20e12b58f308db1d199b4ff",
+	},
+	{
+		nonce:  "7c684e41c269fcc6d312cad3",
+		key:    "ca1cb501af5584bc4248903f52b4426064d14dcdf0f383da72b904ff0edd72f9",
+		input:  "b274e61059f3215173ae226e30a92ee4b4f8a3da95f2e768e3fac2e54ddac92c200c525f190403a6ef9d13c0661c6a7e52ed14c73b821c9680f1f29711f28a6f3163cf762742ed9474dbea51ff94503a5a404adbbdfbf4c6041e57cb14ea90945dc6cb095a52a1c57c69c5f62ac1a91cd8784b925666335bbfee331820b5f7470bc566f8bbb303366aafe75d77c4df5de2649ed55b2e5e514c3cb9f632b567594a0cf02ec6089a950dbe00554ee4dfb9",
+		output: "a0969730d48ee881792a3927b2f5d279aba9f2ed01e6b31b92d0e1fb8ba7f35a236d838e0ce5f8654957167de864f324c870864b4e7450a6050cd4950aa35e5a1a34a595e88dd6f6396300aff285de369691b6e0e894106dc5b31525e4539c1e56df3ceedbbab1e85da8c0914e816270a4bae3af294b04a3ea6e9ef7e2aab4da5f5370df2706b5e3f000d88179ac756deaa652a1cc85e80ad9622f1bf91a2776262eb7289846d44f7f8192e763cb37aa",
+	},
+	{
+		nonce:  "1d5c31dd98da35230fdaa0e0",
+		key:    "d6c71964420f340db8f4f27a42cf3635fbc6682f5f859dac90d4c407b1b11197",
+		input:  "ee849039c6cd972dc943d2a4468844d130c0150276f4e0889047e2300c3ecc6792c4527bfe9437dad877eb986e6b1aa9b867d1798c9d314243f0a87ec9ee5b601c2554876c87cbf50df3334a077c4152f8b8fef4a2d301ddbfa90c887ece757c3eb6c4fc1e0212d6b5a8bb038acaec28cba064c9b34f5364cb7f0fc2ac4ef2c7ddde0f5ba17014459eaa78f08a46a01882ebf7c6e409dadda250bb899dc8b3b70e160bbcb4412a9963b174d0fc6bc16383a46ffaacb6e0",
+		output: "3e272ded9c0a5cebe7cf17ac03f69eb20f62996e047501b6cc3c8691ddb2780ea72c21a81888bfea96e4373a412c55ca95648390de740102d661143043baec3976230e024477d134b8504a223c36a215b34164c9e9e1fa99a49fdc56f2f04ea525a6b82997d9bbc95c4b5baeab4dec50061efb7c1a757887acb8b47b142e0a2e61885a2c14c4642d83d718a0546b90699adc545a48129603862a1c89d8e665cde54b3ba487754db6d6f5acf6a4b95693cc569577a2dc48",
+	},
+	{
+		nonce:  "7c4fb4ebddc714af7acd4345",
+		key:    "7719e70c860e7999dcd61065e78a96379afb17295ff29e0185d082d243d02861",
+		input:  "0992396a6f29b861dd0bc256e1d1b7dce88435733506a6aa20c62e43afa542d1c46e28b2e6d8e2eacb7c08db05e356fe404684b0e3a9849596db82eb788aa09258c28eb19e9838f757425b4edef12deeca56e30cf030272e325d4246d6e083219b2f965124963ca91f066d47bf5a8282a011a78b0155aa70038259a4a59135f241fd2f88c908b9f4eef7b7df0f3a1c16a52c009b522f89dabd52601bbf6e3ce68732e1a6d444469480f06da218786cf6c9666362e7a7f7be12",
+		output: "545c05a84b5a4fffd1dd623c8f2b11443818560bdb0c26dadd3b694d4790d294b99059f4127b7cca122c4000954d745af96094ff4623f60db33e994bb6903263d775f48d7047427b3a498c2ecde65bd37bcb8ee7e240a1e08c884c0079cab518f4e1c38ba5ea547f4da83b7c6036e4259bee91c42e8fae895df07781cc166f1d50e1550a88ee0244bb2950070714dd80a891aa8a9f0580a67a35cb44609b82a5cc7235f16deea2c4f3667f2c2b33e8eeef944e1abdc25e48fa",
+	},
+	{
+		nonce:  "9071cb35869a2e21e43c42bc",
+		key:    "dece19faf2e86a57ab5d05585d35b3911a50d269c223637385136c2657454f13",
+		input:  "3b9efcbbb607fad5e9f1263dad014cc5c2617d439fcd980408f4f9a93acb1a33d1c3a22f38c037e4603dfbbfb5571bc08c4a1958cbbf510e3e4dd19007fe15fad7808369149a9c4db7ca0496f7a600a6f2454ee1cffd5a68d45c270e4b53ac9b77f33a1ffbb1804244f57d2b05b8036fe2cda9efead3d4eff074ea5c07128e0b354a4a11ffa179163933bc6bd10d200804cc93b64575746e94e975f990bddcc8a4335e99e2459fbe9bc0e004ffcd6cac52f48ef55cc0637a75c1dc",
+		output: "631ba7301e33236da2477506ea98d3b732447389e849b68e1f09bd5fd814f40dc3247a1012fa654f08e3dda0c104ee2dff12ecf5cb018644de50d70dfb6c8cc1f5f552e5f1e50466bbb538ad6b98fd37f33fe615c326efc9cc97899b829b007f91569fa9b28ce0076c53daedf9cc0f838e22cf1125b86a6a2c2eb4a45dadea45ad00fb4f054e7d6b09c13ab1dd5328debfbf4f1b70af2b8a5b1d02df8a87d7661473e0c180ba4c815f14db87c5bdc15f11a29d8e0ce3d747d5dcd4",
+	},
+	{
+		nonce:  "ac41c9cc025ba4dbd67a0dab",
+		key:    "5207759b0a0927a6f0957c963f2cfff87eb9be69c1990ba383dcdd0aaf9b3f44",
+		input:  "f28a71efd95e963e5e0bc0fcf04d8768ce93cb55dc73c32e6496022e214596314b7f843f5c7b136a371c2776a0bfbdd534dccbe7f55e9d3d3b5e938f2d7e74393e4caf6c38fa4b05c948e31dc6a9126817fa3d7892c478f75ab9f6ab85c0e12091bd06e89c7d3ca8d9dcdd4c21fead3d769a253919c2c72dd068474ea322b7e71cafa31684e05a63e179e6432fb70661792cc626a5060cec9e506b35d9286f15dc53cc220b1826314eec337dd8e7af688e5950b2316c30516620569ea65aab",
+		output: "1bcea54b1bf4e6e17f87e0d16388abe49b988b9c785b31f67f49f2ca4011ecd2ad5283d52ef707dd3b803e73a17663b5bfa9027710e045a0da4237f77a725cf92792b178575456de731b2971718937dd0e9ea12558c3fa06e80bbf769e9799f7470db5b91476d6175f1a6d8e974fd505854c1230b252bb892a318e6d0c24dcc9ecb4861769cd746abab58805bc41c6086a6d22b951fba57b00c5b78f6dcb2831715b9d4d788b11c06086f1d6e6279cd130bc752218d7836abc77d255a9e7a1",
+	},
+	{
+		nonce:  "587c7e98949a83cc602e9530",
+		key:    "6f284ae396d9dc4a12871697e8dd820ae54942010b81825ee845a4b4b0ad7995",
+		input:  "c1d1ede73bd89b7c3d4ea43b7d49c065a99f789c57452670d1f92f04f2e26f4f5325c825f545016c854f2db2b3448f3dc00afe37c547d0740223515de57fd7a0861b00acfb39931dc9b1681035d69702183e4b9c6559fb8196acbf80b45e8cc5348b638c6d12cea11f6ef3cc370073c5467d0e077d2fb75e6bf89cea9e93e5cf9612862219ca743ef1696783140d833cd2147d8821a33310e3a49360cb26e393b3fee6dba08fcda38d1b7e2310ec1f715e3d8fa0c6b5e291eea07c25afd5c82759a834a89cc5",
+		output: "11a8493cdc495c179f0d29c2b4672997205a9080f596ee3c80d79b55162b1c875ac18eb94bf2a9e05b08024f524a1e9665912394a330c593d23260e6bdf87620c10a48f678693196fb744c49054182fba667c601e7b7ebf0f068e8d69ba004b804fda616a4a0d5350e1a3bd424b8266462be282308219c578569aefc1ccd09ecdf5da283356c9e524e14e69d25b0e19643dab26f54373a7272b43755c3f1ddaee6c5fb9e8e093110c41697e95f73a68c75454e050239197c9fbd8cec76698bd11894ebf6e2b2",
+	},
+	{
+		nonce:  "5a021f8500c8f3e63075ae85",
+		key:    "47be0d2d65e405dab2b3f6429ee726708066449e76f91d69a23db2f7fa2134bb",
+		input:  "37b2dc4b6a5203d3a753d2aeffcdaed5a7c1741ed04d755dd6325902128f63b6981f93c8cc540f678987f0ddb13aae6965abb975a565f0769528e2bc8c6c19d66b8934f2a39f1234f5a5e16f8f0e47789cd3042ca24d7e1d4ddb9f69d6a96e4fd648673a3a7e988a0730229512382caaded327b6bbbbd00a35df681aca21b186bc7ac3356d50889bbf891839a22bb85db4c00bfa43717b26699c485892eb5e16d1034b08d3afa61f3b5f798af502bba33d7281f2f1942b18fb733ca983244e57963615a43b64184f00a5e220",
+		output: "b68c7a2a1c8d8c8a03fc33495199c432726b9a1500bc5b0f8034ce32c3e3a78c42c1078e087665bd93c72a41df6bfa4e5beb63e3d3226aeeba686128229a584fab0c8c074a65cef417ad06ab1565675a41cf06bb0fb38f51204eccccb75edd724cdd16b1d65a272f939c01508f0385ca55ac68a0e145806317cc12e6848b1124943a6b2d99a8c92083fc5f31ab2e7354db3f8f2d783dbf1cfec9c54f8bfcb93d6f28ef66f18f19b0fab8836458e9b09bee742ba936cb2b747dd9dcf97ca7f6c82bf0af6f1b433592d65143fe",
+	},
+	{
+		nonce:  "7fd9bfae2d4483f51f2fab15",
+		key:    "9bcfd1d3e68731e457a77150b4832a416f71273f88c4fd17ed771f2756b04b6c",
+		input:  "68c2c5612912b5f994172720130dff092ee85a2c1395111efa64d5a281ca864d3db9600e685854d81c6de7e8747b92fb7c4c2efa829d3d4c0c9fc9d689e2e5c84c9eae8ba4ab536fb6c7523124b9e9f2997f0b36e05fb16163d6952eee066dd22fb7585925ffded0204cc76818bcead0d1f8095ca2cf9cd1ddcd0361b9c9451940e14332dac4e870e8b2af57f8c55996447e2a8c9d548255fe3ed6c08aedaf05bb599743ecb0df8655152bbb162a52e3f21bea51cb8bf29f6df8525eb1aa9f2dd73cd3d99f4cca31f90c05316a146aab2b5b",
+		output: "d0ae327fa3c4d6270a2750b1125145bdeef8ab5d0a11662c25372e56f368c82c6f5fc99115a06a5968f22ffe1e4c3034c231614dd6304e6853090c5940b4d1f7905ef4588356d16d903199186167fec57e3d5ce72c900fe1330a389200ed61eec0bdc3672554f1588ec342961bf4be874139b95df66431178d1d10b178e11fcbd26963ff589d5d5faf301b7774a56bbfa836112a6ea9c3026ebdd051085f9131132c2700674bef6e6c2c5b96aace94eb2ba6c0e0aef0eefa88995e742ca51ac50af83683b801b7c2c5af4880e2b344cc5564",
+	},
+	{
+		nonce:  "b873e9f9a7a68524e6dea72e",
+		key:    "11efed96267ff58c3ca8e3b6c634f49e48ea07464d7ee8ac7574d8a058949c3a",
+		input:  "fed3d1efa309c8b50cb9da02b95167f3b77c76e0f213490a404f049270a9c105158160357b7922e6be78bc014053360534add61c2052265d9d1985022af6c2327cf2d565e9cef25a13202577948c01edc22337dc4c45defe6adbfb36385b2766e4fa7e9059b23754b1bad52e42fce76c87782918c5911f57a9394a565620d4b2d46716aa6b2ba73e9c4001298c77bfdca6e9f7df8c20807fa71278bd11d6c318ed323584978ad345c9d383b9186db3bd9cec6d128f43ff89998f315dd07fa56e2230c89d803c1c000a1b749107a3159a54398dac37487d9a",
+		output: "6a95fba06be8147a269599bccda0ce8f5c693398a83738512e972808ec2f25bc72402d4bcd1bc808cc7772b6e863b0e49d1d70c58fcf4fcaa442215eeb3a4648ade085177b4e7a0b0e2198f0acf5465c97bd63f93781db3f0b9a0a184c3e06a76c4793a13923f83b2242b62511c2edff00b5304584cbe317c538de23785d2504fae8faabee81c5315298186ce3dcbf63370d1ccd9efec718cbc90b3d2e0b0b6aefb3a9b31e4311f8f518be22fdc2b0f00e79a283701c53f6936dd63734ecb24480d5365d1a81392498faf9a1ddee577007acc5f8c87895be",
+	},
+	{
+		nonce:  "444cbde3315ab7a30f0192fe",
+		key:    "8bab05ddd17cac05203711b806475253a1ee0c8ee723eb520b73851cd51439b3",
+		input:  "d776bee5625d29a2ebf6fec4df94d2b9ac62e8e7c56704fd38a87ee932b787cbc555621535e76ea30183cb0ee30604f485b541f45feb8c01b9750d37fded5cdffbbc34fb90fdc9c7c7ddf949a1d50b796f1ea5db437238c7fb83c4b22c9e491f75b33d84746f1cd10bfda56851b8514ff0ded0adfd5092a66a85202d06bd967485d06a2c56011110da74bf40b6e59f61b0273164744da02ce2b285d5c3f03aee79eea4d4503e517177692ed3bb035071d77fc1b95c97a4d6cc0d41462ae4a357edf478d457c4805fa586515614697e647e19271091d5734d90",
+		output: "60e9b2dd15da511770162345251edfb15cea929fb79285a42f6c616dfde6befc77f252e653b2d7902a403032fc4ce4934620931a2ec952a8d0f14bf1c0b65cc287b23c2300999ed993446eb416749bf0c9c7dfe60181903e5d78a92d85e7a46b5e1f824c6004d851810b0875ec7b4083e7d861aabdd251b255b3f1fd1ee64619a17d97fde45c5704ab1ef28242d607d9501709a3ac28ee7d91a3aac00cd7f27eb9e7feaf7279962b9d3468bb4367e8e725ecf168a2e1af0b0dc5ca3f5a205b8a7a2aae6534edd224efa2cf1a9cd113b372577decaaf83c1afd",
+	},
+	{
+		nonce:  "50fdabcd995b0dd1850a169e",
+		key:    "e9a431828b3cf3891bb1960f9dae3c85334a62f6ee2395ee5378bb28f8c68a68",
+		input:  "4f57848ff5398e61bcafd4d4609bcd616ef109c0f5aa826c84f0e5055d475c6a3a90f978a38d0bd773df153179465ab6402b2c03a4bf43de1f7516eb8626d057ae1ab455316dd87f7636b15762a9e46a332645648b707b139e609b377165207bb501b8bccfa05f1bf0084631c648279afdf51c26798899777812de520f6a6f0d3c7f3ef866982f5d57f9c8d81c9a4eabb036651e8055a43c23a7f558b893dd66d8534bf8d179d8aa7d9e8987cfdaaa7b5a9381ba9c79d5c1161b1bdbd30defdd304ee07f19b7ba829a0d5b40a04b42edd6407b68399caac69069",
+		output: "e096cc68956ed16d2dea1154a259e01647913eeea488be0b54bd1816c781a35e161772ae1f7a26b82e864ade297a51cc9be518641b2e5f195b557ec6fc183e4e5c1fc01d84fe6ca75e5b073af8339427569b1b8ee7fcff0ffa5e7e6237987c40deec0abf091c06a3b28469c8f955fc72e4f3727557f78e8606123e0639dff782e954d55e236448f4223ff6301accda9f8fa6cd43a8d6381e5dde61851a5aec0f23aeca7262659bc793ce71fa7992f80e44611ae080b7d36066e5c75c30851306f0af514591d4d5034ecdf0d6c704bfdf85473f86141c9eb59377",
+	},
+	{
+		nonce:  "3f32de67c92a44a0d9b1779d",
+		key:    "d4338dcad949438381d5685e0ec3a79938607fdc638b7e69ce2e4c28fa3b3eee",
+		input:  "046a61c0f09dcbf3e3af52fab8bbcded365092fad817b66ed8ca6603b649780ed812af0150adbc8b988c43a6ada564a70df677661aff7b9f380d62977d8180d2506c63637c0585dcef6fe3f7a2cf3bbb7b3d0df7769f04bf0f2e3af9439ab7615c304b32055aea0fc060890beb34fa9f90084814b6ed7363b400dfc52ee87925c5b4a14a98e3b50c7f65adc48c89ddd6414626c5e0bdefabab85c4a0e012243e682d4931be413af62fd7123ab7e7774fcae7e423bf1d3a31d036195437e9ea8f38aa40182daa9aacf3c9f3d90cc0050977c6065c9a46bcca6ba745",
+		output: "cd5a6a263e3ee50dda0e34c614b94c3ec1b14b99a2f4095a6b5715fdfc3449fcdf8a09d1ae02d4c52e5e638f1ee87a4a629f99f15a23dd06718792f24285f5a415e40f698752c697ee81f2f9248da1506ce04a7f489f8e2b02e6834671a2da79acc1cdfb78ea01822d09a1c4a87ffa44e56c4f85f97507044cf946ccb6a2e06e2917bac013f608d75ee78fa422a5efc9c569226bf7068d4705fde3a9fad2030256db0acf9a1d12666e0acf9f5346ad62e5af4c01a008d67ab1224b3e98278d073116ff966cdc779fb3aff985ec9411a3eefa042d71dd4ae5b15d5e",
+	},
+	{
+		nonce:  "5a3d6aa35fa04717b40e4405",
+		key:    "e61e702d1a5a3d14abb967bbcc8cc8ab8fadba208be40765391b1edb801d529e",
+		input:  "af516216f74a6344cbe458cbba820f7e25c0b10aa84b790da2ee6317e059171076d7246c2878be83fc00c200d546c007f849e4c163d52c7b0da31beff4abff481be3266b92e668cf4dd1c84d9d7b3e5191dcd6ddb51d17d337621046e83e9ac035fccfb239648bc3c6fd340fbb50707e5a33b3ef439d292192d0e4bc727690c61450e5a28789e5ea50e746bc66d039493e080fb70e9ae06d89004cb71de8178941c422f1e9862492fc9149a4864ff52b1277b9f5a63c2f16e9adb5263cf65a034a62ebb0f1a385d2681c87a35f1c45670b4edef1c68fe9544fcf411d95",
+		output: "b22ffd8f0e549bd3e0206d7f01ff222f92d39b41cf995a331d5ef0cf5c24bcc3ddb36e64d351b5755400246fe4989b5f912e18daa46cdd33e52dafbd2872f16e94220b56315d72c1dbb1525fd34831d7202970c11711ff36de3fc479407c34fef0aea86e172f9beb0f393194355b9dd59625639f4a6bf72ba571c229f2fb053c1114e82793deb2dfe8232f1a327949689d2fb2820662dcd2a39a2546c7df12b3ff7e87e58c74badf568cddebd3c558f0f7874c834c4b8aa988653f138ec79620f5e3ed737690928a30f981dca9f2920ac7307607063b40f87c204de47c",
+	},
+	{
+		nonce:  "22e02bb9c757121e1ec0d70a",
+		key:    "9cbb1dca0495dbaa5ca9b8775eeb0dc5b80fbc2dc24b659e5a92d89466fb9cfe",
+		input:  "a3d70bdb509f10bb28a8caab96db61652467cf4d8e608ee365699d6148d4e84d5d93bdabe29aa4f0bc8ee155f0b1fb73293c5293929eaacdd070e770c7cccfb2de120b0c3811abeeddaf77b7214a375ca67d618a5d169bb274a477421d71a651cfb9370bcf7e0d38f913754c11002089cf6cd6a8de1c8a937fb216591d57b37efdf3797f280773950f7eddeb9c3385c8315ff5ff581c64610a86ada7ff6a1657e262df94892dff9fdfb6e958d101f4c26296470c138dc4e1ca4bb565b3ff877a7f78b3d11d64b7c24e27ba6f6b06f6e368f5ac218cd5d11b815ab0987678eb",
+		output: "646314264896a6e25601e536f6e783d465b2ead1e0be4422bc9cc8eacabae4a749ad533eb28091be8397328dcfb34c92006bbda930ab070ed7b806095bb1c8f476350e7b08ffbd4d7d6055c8defaa8deff9d54f5215c2d7db27ce09e08f5d87a859145ea3126e2a01882921c3fddef3985bd451bca44063258390aec8ec725b07d064314fe43a9c83e9287b47616dfefbf539b82da209aa08a6d3176b7e3b4be4a17d44e581280a684e4a64414649bfcea82b541729f8178b580e8b972a89f5b8c4f9b68205e9396d8ae5e81873b61da074080fd44c52d50fb0880ee9c35da",
+	},
+	{
+		nonce:  "27190905ba751c66ad3dc200",
+		key:    "9d49002edb63dcaffb2ec6c3197a15b4138bce84796232859d1ee72ee4218731",
+		input:  "f48b5ae62f9968baa9ba0754276cd8e9dcfa8a88e4571856d483ee857b1e7bc98b4732e81f1b4421a3bf05ab9020d56c573474b2a2ac4a2daf0a7e0c3a692a097e746d12507ba6c47bec1d91d4c7cfc8993c6700c65a0e5f11b1ccd07a04eac41f59b15b085c1e2a38b7d3be9eb7d08984782753ae23acdafbd01ae0065ab9c6d2a2d157c1fc9c49c2444f2e5f9b0f0bbfb055cc04e29b2658b85d414b448a5b62d32af9a1e115d3d396387d4bb97ba656a9202f868b32353cc05f15ae46cbe983d47b78ba73d2578a94d149e2c64a48d0c1a04fc68baf34c24b641ea0b7a800",
+		output: "b9af1016275eaff9905356292944168c3fe5fdffd9e4494eb33d539b34546680936c664420769204e91ead32c2bb33a8b4868b563174d1a46108b9dfe6d9ac6cc1e975f9662c8473b14950cbc9bc2c08de19d5d0653bb460bea37b4c20a9ab118a9550bfeb1b4892a3ff774e8efe3656adcdf48239f96e844d242525ee9f9559f6a469e920dcb3eaa283a0f31f5dfac3c4fac7befa586ac31bd17f8406f5c4379ba8c3e03a6992a1915afa526d5ed8cc7d5a2605423ece9f4a44f0c41d6dc35a5d2085916ca8cabd85ac257421eb78d73451f69aaedeb4ec57840231436654ce",
+	},
+	{
+		nonce:  "7c996d5d8739629d36de4257",
+		key:    "eaa5b2578bd6bdc5c6b0c79960a9ae26f1755cba6bcf04a9de315068990e0f0a",
+		input:  "b39101601efa2ecdf41878b0fd920a3005ce709e4ec2970abb76e32c232ea21069f81b246eda75aace7555ce8ae203455d3723e684bd671389300e353eec0d2f499d10654fafda2e7a69bfca7198eb172249167ca8864b5d5f58d28723090ec86e251a1bac0346d52fd81f06e0c05429e0b2b895588290b7d00878a4da3378eb6c7e61487de2b318fedf68fa7ad7c88ee746827c1f60d98c7716f3f9695c5ffd4670f71a0fa78a1fb554ba482c5de83feaed7c65fc71acc9f541342eb8f7622b12bb2cfa222fa2ddd8b3ed210ce442275afa3132c8a0e17dd504ecbc92525c118952be",
+		output: "50eb5b21c179a03b9a822f0075906a3ce4acc32486139f92635c7d834f69071d5a6dc0e15ed06a5cee37147071d59641d140a82ad5815b954e7f28e080c3dbbeaf13943d7b7c66d49d51ba1132eeadd4cb7a7e7d726d08d95f1578d55519f267f753f3e16ff39504a87b2286d8bfba0fe6bc28887b466bf276453a82cdd0abbbbf08db0e1c26c317d50ad9b8dc09cd621bc566d362024e8404739df6468869d2125c58b25d70e392f5e75924c4341be81c263915bb514ad436fb24c2c67450e84f6d1b72d1a02a3310c07a7814d930264fdbbf5ddca7067e18e8a44faa87169b7f2e35",
+	},
+	{
+		nonce:  "07a7bc75f4d1f6897a656f2a",
+		key:    "cc429f94483c5d2b73e40bfeaa92ac17ddd9c9bd26dff97408754826a2417b7c",
+		input:  "0a42f63b975ad0e12a1e32615813dfd6f79e53ce011e2a2f0534dd054689f8df73a8326fecfd517ff7fe530d78081af66c3a8c7c189eb9d9efed1e5577b5512d42ef1fe273f670ce380c64bc62e217a7e410a8ed89998344e29301e4e053a3a3cf7e71587fd056a6bd976f16e157476a06997dfaaff32172dd84190570621f2221420c0a0ea607ea756e9792c8c0e7157c95b89c9490e20b750ee85e4c27c9b8f409e848ec90afcad33342010bb9808358afbcb3d9b094127c38c243a204e76899677079758e7cbada9a5c18363449eebc07bab516a16372722403a046df85c7dd2ffc804c54d38aab",
+		output: "87a47bcaa1c1eb8e55151011c4f39af4b9e108a55a7124cdcf66d0dee727306e6971f783b038bd6b215f530cdbb53e17975742ec304fdb3792a88b674504396978c6a5e4a9c87a7c3ca430d61165c1a3f6162eeaf38c93e18b6ccb6a595ad428cdc98efef8f84463eed757a72ffd827b71c0579fcc1f4baa11812be2bc5a2a95df8e41d04b33343df09ce628c367d1f88488f7a2787f013c8e76f0b9257cee777ec4adc6df8c5790e41ea02da85142b777a0d4e7c7157a48118046935f8888b5352d1750bf00b92843027a349cf5685e8a2a2efde16dcf5e1c1ed8c779bb38cabfb42ec4dd87d58273",
+	},
+	{
+		nonce:  "f7a40350de8cbd4025fb35fe",
+		key:    "d9496e57dfe9840ea327f209e09d7c43dec86ac42b2d6a1a8476ab42b6fb5342",
+		input:  "abeff48fa082dfe78cac33636c421991b0d94c3bc9e5bd6d22763601a55201fa47b09ce60cb959ba107020213c28ae31d54923d1e74ab1d9ddc2762b2d23d8c6961d81068230884a39682fa4b30676ffec19319362c075df0b879a0f083a67b23597bf95c4bb997fae4736479cb8a9c00520ba2f6e5962d54c313c576180d17779ff239ad60f1f1373627770d50a1c49718b2b2e536846299e052f8c1a5d3079e91cb1b8eac4661daac32d73b3b99e2051f8f694a61d1e9d3935f802921a4d979b6ade453cf30d73a4a498a6a2c5395c60fcf271d50b4967ac12b0d7bf818c2679d552e9b3b963f9f789",
+		output: "a0d11e732984ad575570ed51031b8ac2d7b4c536f7e85f6fce9ef5d2b946cefe2ee009227d6747c7d133ba69609f4a1e2253d0eb59d1f930611e0c26a7c0cf2d2ce7ccea6e079eadf2eb1acf0463d90fb4b3269faae3febfc88cb9fb0873d8b74894506199394c8e44a96e6b479bd3e045749cce1c3f57243abdb37e67084eb573cd820c6cee424227019592a027e9da8f7b8997bfb292627a986f83c8fb8d156a91a12a8b52659cf9272924631745ed3a2453a4c2d87a167faa9104e799c715ed597bcb66949ab15dae29a86ba147507e8d8af66e96c09c53caa053ad3b79d9ed3c0c6c00169eaec3a3",
+	},
+	{
+		nonce:  "ce48aec66f90f026bfb88afd",
+		key:    "502cb8420d9e517f9850b9cb32e5756f1bf6c9e242f94a5a7b7779269c1c8e6a",
+		input:  "a77b7a5870335b9145fd2e08ec898ba2f158fda16e8a2661a7a416857b6ba6937b4843ecaa79d3635d28383af80290842de9ca0bb621ee22b7fd6bf379922741e812b1739c33dd6923d0607826fc84d46bbdbd1fe9d1255f56a167779a560a6eed1b9c9579b8f771147df467e67a070d9e9ce8ad92dc0543d1c28216c1dec82614ac5e853ed49b6abac7eb3426ef0c749febce2ca4e589d06ccfc8f9f622ede388282d69ceb2fd5122ba024b7a194da9dffc7acb481eabfcd127e9b854be1da727483452a83d1ca14238a496db89958afd7140dd057773ea9a1eee412875b552d464ba0fab31239c752d7dd3d9",
+		output: "b330c33a511d9809436ab0c4b84253eeda63b095d5e8dc74803de5f070444a0256d21d6c1cf82054a231b43648c3547aa37919b32cfd9893e265b55545be6d7cd11d3f238ef66c3c278fcccb7dd0dc59f57750562cb28da05d86ee30265ff6a3991a466ba7e6208c56fc8862e19ac332e5fb3cbcc84e83a6205dee61a71acd363a3c9de96d54070a69860c152d4ceb9c4b4cc3b878547b6116699885654b11f888dc3c23483a4b24fbe27c52545c06dd80ab7223d4578ab89bff5f9cbf5d55b19611a5251031df5da5060a1f198226c638ab5e8ec5db459e9cd8210f64b2521a2329d79228cc484c5065ef8a1d",
+	},
+	{
+		nonce:  "8b6738eadaea410c7b148133",
+		key:    "acc28f26867e2921cff89edf3452b4d4f2c4952ae36cc3cec938fad59037c47d",
+		input:  "322d634bc180458123e10d0509870b54e0f0a3a72a2bd9e9cf44324c7a1ca37dd6adf9db1fcc8dadabd881f91d47d93b58382802b42ee936802fac8612ea4dd9eca5f215935ea9ba6233b9c8bddba3385861de669d95c888c8977851cb305db577a4eb2360f362fa459d61ffc8fcaa1502905b073bd8e9567ac7cff8e5fb1002c55641a3af5fc47ac0131fae372f073e19721ffcce9821e0241d7fa67bfc499c8f100e050d39bd4d7cae4557d208629603ec4a007852762ec1905d0e81b873510fd334dedcd9c288eb8415db505913af06bea94d197ab627d58f6a9944f6c56247595fc54ae3f8604aa37c3466f74561131e11dc",
+		output: "edbfb1090987762f75eba2439d746cdbefe8605b8ebad59e075d28b54edfe48813ccae891f6ed655c5ab5211ba896fff0c8e09bd1554aad987dc53f355d0822e9b0f524a99a79c68a9f3b4e30506cd725b07be135e4540078be88dac64fc545c433837b96a924452f6b844291c4c3fb5f8cc94f06d9f19dad7fc945f093020e82ed19f9eb3ddff68b813629991d1a460e5455e1cb41cf23bb3d96fdb6b96581c3bf9ef72814406329bbbba5b835e7724c728cebe88efcd996dea71d0fd5c53e081c21ce8b3764738d693e390fbf8e0137a716760fc9cd2014cd9bf3fd706bc3464d1f15803606976e96b1077cda0a62921ff7c32",
+	},
+	{
+		nonce:  "84c53a88d5e7b88f66de07df",
+		key:    "477e74c7c6883d8531a69abf8064f1788080247c3b97ff15408a5231e5869662",
+		input:  "e6b8a9012cdfd2041ab2b65b4e4f1442794fdf1c3685e6622ce70f80b9c2252ba6d9e6384d474a7622053d35df946a3b19408b3e1712da00525070279ce381359b542a9ad7c07750e393e0834593777352c1f7dbc84cc1a2b1eba787377d2cb1d08a7d20e1393d44022107acac5d765be37f9075af02e4bbf8e60ceb262aa34e2b870cc7adcf54329a667249cb4958393bff4f4333338cae45cbca419d59e605aa0cecb1241080339198b9b283e4201afc07360b8ae2a57b0b9b97167c315f03fd7a87a00ae73f91ca560a1505f3cdf04576b9aee5ea775f719916f1e1942ad5311c7f87153f8e62855ace3f34afb08d4d7c7f4fd2bf83e42f76",
+		output: "fc2673c80812d101bca7a2e0e105fa449550e695a016596f5c3cde11fb7dc518b94fdb74058e634546a726c37896110e1d1f9cdeccba1c89958041061ded8e8bc2751ec6dad76a305e70c57f9c81a5a65b5116390af4f7bf7053a03ec13f5d60a58cc5ba61f8c46ef6d2d291de490082dcfdf294aeb3a9414d64e4bd6497d4625acfa591627bfd98f0aec7e7def71515c09942db6911d73b96b4bd2d6df03bb729e945d71549d40e4bc401e1f73baf263a74280537692240638619f92645a5ade1eb8151191c7ff8bd715b3c1cd667e69745b806e16d46d9aa680a7367b8fb45a1598631cf3d44c1f5cfcd95bc8dafdb65a2083905a6937fcf21",
+	},
+	{
+		nonce:  "627acd79be19e60a36d2967d",
+		key:    "648eec7d142bf1092adf706c0daae0ea14acb12733d8007aca0a3ce6e2389418",
+		input:  "0cfd93b195e37dd15dfae83132c24ed5bfce7fe6fad4064b213b2c31a39e39ddad2f977e904c9c5b055ed03db46fcdd845bbb6ff0ab5a8c92e89295b6801f36ae63eba61fba24a3858aeb36f2da226b23b24d7b2c7d2670f23a9a1b60db85c0ecee584bef1b00e42d10ca17432a74bbb220d88356d82c850da4c09dd5baf413caf8f9479e02a330065fb865489c0f59605d56146ec8434182345de2d15e2a1dceeeee2fe94871d41913f6788738947ed9849ca0ae985e3e19a97bee82b96feeddceb196c9b6012264661945981c279f43db9599a4ef01116f592478619690daa64387290484d21e8d2444751194e1f361fb37f04014a3c7e4b409e5c828d8990",
+		output: "0502848571d1472ff10bec06c1299fad23a2cb824d88bf91b5447c5139500bd837a2fddc629e4a964e84907c1e6740263f1fef4f5ed41062982c150d9e77a1047b7d86c0e191945e8db00ca3845a39560857fc9e0e4a394eea4ba80a689cb5714c4bab7124ffdbfa8bbb91c3eb3caa1621f49dba1eea3ebf1d547ee337f9085638a12317b86c11aa1525813445107038942fc519eebdc1b98d313ad822bf0b94a054259aa8cf1be4b3a68f974269729941747f9a23fa5d83453071b431dac62274c24f6a32248b0785ff90aad5840fadc89af0aef7553d9352cfb00d3999ffbe28cd9fde7854e95710f4532b8bf5011e518c93361e58d22a2302182e00e8bccd",
+	},
+	{
+		nonce:  "001e58b792ba1b9a74663564",
+		key:    "cd9f2cdc1ade505e6b464685219bb4c1cd70a63667f387280043bf2f74030af9",
+		input:  "0d8d864010ce8df1c0179cf0236dce1c100f9c115eaa5294c24a2e1afa27f9d57ebc18f00482be0218d44262bd4db73002ff53c6388f5e333470aced2a42a73b376686c8d02e05ece27cdd8b1e3f675c715981f8b656d68d0e16227b529cf881d2433e4371fbcd933eaa72346e77e688ac80ee95324512c66a4c16338cf38c941b72c21c3d01e005a07c0eb436014fb1ee61806de7e96842ca3217ab8c7607d609dd2f637f9fda8a85cb0549f262c9e4a955c384319a6ad2b696e2593d7d174f5ddb98e2a8d5d12558c18ab67571e9a0202e91ce26d720cbe41a3a6a4f309296ca4d9d9a59a9043dd2e5a707ed7d5034023d5ea06ab14b39b7852e5c984848d5670c6f2f0b189c2a8a4a4bca",
+		output: "d2a5693c9d503a8821751d085a0837579233e65b691366e4a7464481d22800e786939349f721a815f28b4e47c8889f0814fb95d592d1185e45d6dbcac14ffa4f1d6c79194f2f7eb7323439d9607edf80f01e3a968b483eb93c01d9cb9d3625d21d66927e7aeedc1d9bd589560ed2b61cbed5ad0e0310c8ebe140c64c67d4909c010902d5386efa359ab60a9573493d3e5d8761cfd4023eba23de48372032d4673b5f6ad66cd0dfab02a73aa81f269ae88fcabb3ae9cb09f6bf60fd3575a3046bc6843f444e1e9fb9ff9b991620344fb99da68df09496b40f8b9dfc34e830a87f65710940603ebab554d36e8b4c9228bc9c26c07b828f34cdfdd40b161717236ba325e8c20bd018b324345e09",
+	},
+	{
+		nonce:  "cb1f642ce2c770518836a262",
+		key:    "1559ed5a18ccc4c57415e5f0c694d875d182701bdba12e5d24fd09079898f6f5",
+		input:  "07c50a69e168e388caf6f91471cf436886a3de58ef2c44795d94fba6538add8d414d84f3ef0ac9377fd5bed6aa6805a695f3a711025550bb6f014893c664e09bd05f4d3b850771991fc02f41c7353cd062156243b67fce9c1f0c21eb73087a5de0db0578923eb49bf87a583351e8441c7b121645bcb64ef5960fdca85af863dca7ebb56662e9707d541513bc91bf9b301431423b552e2c148e66ecfd48045ecb3a940dd65694d7fc8bf511e691b9cfd7547fe7bca6465b72ff9f1748723c4eb14f8bc1efb2fbc6726115c597a3881e0d5019335daf2e5ea8796c2a8b893ca798c4ef2639465505c4bd492bf7e934bb35be9b66c9f35730736c65fa4c1a2485378b9d71912cb924634a8e0db2802b75728818dc00fc28effdf1d8a05e4de4608bb6a78bb19c377d5ec77dca1b5ad38fded7",
+		output: "3dff5fde2ca24bf419e13cb7d12368e70449d41f2aa22e4b567f5cbdbcf3257975e44097deb180f2621ec36acf375dad3b7a19234b9856dc6c7842a7f86be00304b41a8c1662a02e8390346cbd0ff6be7bc1ceb821dbd805ab5c93c9c6ea5093249b5dc52081cbbbe1b326e831ef3c6c42fb791790086d1586f7daf031e70a71b54e9134f942e9ce229fc77980eb80c985ee0c5965eaba375d156f9b423b0615f4ca6fd77de28e28f35aba327e4f1b75725730155b7b4d6c5c264bf3d9dc9a16e7ededcc261add8c666278bac5cf0b3275d6d6678060eae30bbf2ce5f63e6a53a450b65aa0adbd1c90cf045f5ddd9700c2a99c80586c5244cf4c08035b6ff630c82cec3a4fcc83860e987898b42fe746939f8b37c814f8dab65de276e9784fb90f0751d3ba0826889e1e7e4fdbf8a90942",
+	},
+	{
+		nonce:  "cc72b199d056100933750548",
+		key:    "8e39cfe66660c5c34c19ffc5c4d8d2f608891d6d6520e663cb85a4ccd63db01e",
+		input:  "3ddcd3c00014747903c95e49f64258615455a0b26c5070a9532382a9bbd18eeb19c9fe1a902f5c6baf544c5938fc256d310a9332223dc3c54a6eb79a4b4091c3b01c798d2800418863f2865c1cd8add760e445588576d4a6c945e1d6d50dc913674daa4737ac94d84eb0ff57cda95df915989c75adc97c4e3c1c837c798a432ba4803a246bb274b032db77e5c1bb554a5342ef2e5d3ff7f102adb5d4e282ad800ccae83f68c4bfd3b6046786a8cfaa2b63c62d64c938189b1039ae1a81ce5c91530772cca0f4a3470ba68e4e0548a221eb4addf91554e603155a4592dc5c338aa0f75a8cc2822b318fbfba4a8f73fa08512132705dae792eed6b809c251d35cca60c476406d964187b63cd59333771e37367671d0ccb393f5b8bde77bebc133485ec5c66bdd631d98cdbee78a3cf435d2f824fa2f9e91e89af28b2e155df4fb04bbe4ce0b6162dcd8e81ee8d5922ebf9c957b26c343a0396d91f6287a4af9e11b7fbb5a5a5c1fcdb186365a20617d4ff5037b0bfa97b6213a6ebcf0b78b81c65737378787b255cba03d715fed4addc2c70c1fb4d3ab16f2bff287186c26a164dae2fe9dbe3c4a2e1617f01cae79f",
+		output: "ecea5fc18dc4aed23359cacb8f79a457512e0a27d9816f353e315519d2b2faf74d14ae8ae5e227b203823998a47a050c363a807f45f610942fed4518b8091b88dff8b2af8fb6552eb654c85d2b6a918bcf56fb898392941d983b1afd867ef840e12313059ed3e4d217498dd511563a939c3c536fbbf8e019deed29262f0a655fc680b15939475e0cee0ce2e8bab5834f7354b93e2e0958a5bc608fab369b6aee3c9d73a6898e402484eac7300150517bbd137bf55762897696a3dc4be74b0c141755ac8f2f6e59f707b1690c451a774c46bbe195d826a6784f8d807b78f8ebc343ecacf37cb9b1b2fdbff6a1237b5098853d783e77515c419894c2628f8b5117042294ee2ed58a33746f9e79b13fdfaa25a75fc95340a89076e786e0ecad7de437a9a3fb3092146d255005b22895310b1252a3e34572cf74665b97f4adc30dd0f34e3216c7757953a4b618a775bbe68f9e0922d75afc80a1379aaf1745f2263afb6f0b37553d9c984f1ef781ea75b1980c559c77565c83f3e0bd7a3cd7cdb594658beb7e5eb940633dbc6ae2f50383beea676cb6c814b17b1d73dd133f544da88ab371415889ead21803c1ffe3f2",
+	},
+	{
+		nonce:  "6d4adb2a1c0cd0333c19a010",
+		key:    "df07d78b19202170815568dba3d1db9c1affb97dee19f11affc0d8b1cb224a3c",
+		input:  "93ce72a518ae892e00c271a08ead720cc4a32b676016612b5bf2b45d9ae9a27da52e664dbbdf709d9a69ba0506e2c988bb5a587400bca8ae4773bf1f315a8f383826741bfd36afeae5219796f5ce34b229cac71c066988dbcae2cbcfcdbb49efcf335380519669aaf3058e9df7f364bfd66c84703d3faaf8747442bdd35ac98acdc719011d27beba39f62eab8656060df02fab7039223f2a96caac8649bc34da45f6f224f928d69c18b281a9b3065f376858c9fd10f26658ae21f5166a50fe9a0d20739402eec84f5240ee05e61268f34408089e264e7006a59bb63eeaa629ba72603e65718d48e94e244e7b39d21d85848d5f6f417631f3876f51b76b6c264356d7d7b1b27bbac78316c5167b689eff236078cf9e2e4626a4ae8bedeecbcaf6883e2e6e9304969b4fc7a4280dcdc5196267e9bb980e225fcbf7a9b2f7098f7f5c9edd06f50c8791edaf387ff3e85ff7bee1f61e4660fddd4eaf5ab0320508e3ccaa9823ae5a71faa86bd76e16d862d83ed57bf6a13de046a3095a74a10c4da952b3c9b8fbde36048537f76eef631a83d55d3a13096e48f02b96a5a8da74c287a9164ce03ddf2f868e9ca3119ec41f0233792e64086c903eb9247dbae80e923eae",
+		output: "bcf49d62dcd1cff9dc37d7096df0c39031e64ccaeea3830fa485edb71b7fcf2ec709a4b327ef9c7d4ea2b35f113a8485d4c236e06b3baccee30e79c6c08739fe5fbed59db30479b56dfbe584a5d79b169b200430ed27072137e940a34170606b31f22095f2151b4d9b901f6337f991a23e4c8997a1ebf5105361fdade1c889b8dc9565e3b33e0bd608c39d725becbb60da8a797186fe0986736112da3d09906442364d6e253e5b27fd5ad72e877c120ea7a11d42b19948f0df5ddabf9cf661c5ce14b81adc2a95b6b0009ece48922b6a2b6efffdf961be8f8ec1b51ad7cfc5c1bca371f42cdac2389cbddcdc5373b6507cdf3ffc7bfb7e81487a778fcf380b934f7326b131cb568bbaa14c8f427920aa78cc0b323d6ea65260022113e2febfb93dcfce791ab6a18489e9b38de281169f1cd3b35eee0a57ed30533d7411a7e50641a78d2e80db1f872398e4ae49938b8d5aa930c0c0da2182bd176e3df56ab90af3e46cdb862cfc12070bc3bd62d6b0387e4eee66d90c50972427b34acaf2baff9d8a76002a20f43c22ac93686defc68b98b7b707d78d0e7265aabadde32507a67f425cbd16c22a426d56b9892bac3a73dd2d2c03efdb22ecc6483f8d1ca67fc7d5",
+	},
+	{
+		nonce:  "1552f1ecdd1ae345319d4956",
+		key:    "968498f5dfc2bc49c3a34b7bbe38515d6b46cbd6f8828ce9273f7d14f08923c8",
+		input:  "f72bec13b0f0b6f2317118f14c2a0d8e963b1bd49ae7584e710dbde75bb1e30c79281847cb822a5f3ae4fa56825e511212f17f0d293cfe80f872e6992d304e9283d08ce65ceeacb003b36a862c91282a22536e0b9c19953512a1bf9e20d3e7a8f1a2dff45dec0b9b04c592e88a7814540cf636a024d10008463d0b3aafbc4c9359889149433ef173124866aa6f53526ef3b3f2c630860ecdd08ffd9fc050e95da512cc87f812f9391085cdec5cc87258b8560806a52336d612da7ab05e0f60566b950904aa27c975a48c7d78455728c87f9b53aa4978374ab9592e12c22d9a760e26eb527133534ac5bbf969596b71cde8b4ef3587fa7ffa7116834348c275ad4dce68ab3397521ddc8e54380129cc81b981f9b32db20dddb0ecaa0f1ff7b06495a42b4a800a207b8e9ca38794e2fa9f40546e0e3aef7b5236d7fdadd72b1158714a5ad8d6264df1e75120088e449b9e911eddac59f1f19a795205ab7532783a93159876133b3fe3a518475a545fbe8dd2ac143f33c35d98e3ee13b63606b1e671917ac3ff9412773a3ac47b8c6627b8ba9dde6820f4f16c2ed9cb7d7086cfbb0cf2d7533eff253d14f634ab2aad3fb4289b9a0bb667a6fdd0acd5949185d53f1dd2b96ff060bb44f872a67259100669e6eaf1a7e2b11dd5fc35792db0c44a1127765934a068bf",
+		output: "bb618ae6b7739a4dedde1dbacf864b0892b93dea3007237d2f6f23be0718bdd29321e6b0fcb6a44dacf0f5c53d91e16165997e2302ae7ebc2dbd02c0fd8e8606a4ad13e409a4e807f331cf4174171c5fff23ca232192906b4eefdf2ffb4c65af78be01b0ba7d15b4341dd5a2edd49b17db2812358c8af0a4a9724e0169f50d1d331936bc2400012a60849876c3ead52cc9fe60173c9992f83f3e41ebd24fe3961835109612994c7620280539d483f91ef9a64c16032a35612a119589efe6357fa35b19531274576e304be75bc7e91d58015792095bb00ce4de251a52b946554366ea7ed9ce9317020ec155ae0071e022af36ad10eda5d671e5090c136e381cecdb8bc179474fabc7dab2d8a134772976cf0791b6cebe2333d34b4b8e2b6b2eab2b5dc7c6a08a583d091df64328cbcde36bc1b81095d82c741a1503c55d833d551a855e098166c5efffb8e4146e32e54abcaa85076ca6660abdfca9e82824217b5d3f23f7ff3455872bc76751480c1a8e3e725365c82fc135cd3713cc0f1ea733754142f8c37716a2a4fa8a6b898215c287565325774c2510df6b49e78cb986853ac5ca532c9a7e2bceb7c0157f60433f29fe29009343d6035d7b5892c77f821b644590615dc505604501dd218dcab789e6f0525387919cf25c7c6d62a8979e39d346decbed2657",
+	},
+	{
+		nonce:  "478ca60b970002bca7147dbf",
+		key:    "deedbe3b6c4d8f6e72cd276e60f30f14a0ef91c87f22aa4af2fe3c73f3f1512b",
+		input:  "96eb94e1adbcc0646440c8824a2fc0f2c4b17d9cbddbb8ba8d9dbd6482fbf7201c74eb923153e0138b2f6f182f9c3d5656ee40bb7c26a01740b5c7d125261d4e4197614800aa152b402ba581bfbf4288e73c9ef7e7e37491212b921420eaaff880eeb458e3d0aa108b01b53492c97e328e9d10e3220b924351d583c00e76aee9325d6b89b1f162ffa30b386b37b5eaf4dfc25d22987dde4496158818c4d8f19ea300fe140be921d3f1abdaf9ab8946833a57cda5f41f995ff80e98b0f10f7afd736dd33438dfd395547f11563056078ff8f7c202aac262955f0ca5dae2365472de40f069028104ac552ea5a45ff2773335e5d3242f1e62e0e98003333dc51a3c8abbaf368f284536672e55d005b24b7aeba8e4cef23289adc12db2213aa037c797e7e753ae985568199cfe14cf1704fbca443e6036bdd05859e3583897cbefe7a0cf268b75d554b2da6e503ee04b126fbf74eaac0ebca37e84ab9c726973af780fe2bc9869fe67b7d9e4a04062ee535b2c1740d1347224e211b5cd37ee14c3325f40abee930eb6a1634986e756b3a1f86a3d7ee7184d95ea948506d8ab8b23f92ecf3eb0586f7a8b1bc227e08a0e32ca75ca4eeffc5c0a2a623547788bca66f3dc2c48671e462544d52a87d34307a7f111aeacb7da50262deab33d9f29dd6b47c3bb555be598d619cc66be8c4b74b01772725268a43d467f39bc565e5efcd0",
+		output: "590965d18ebdf1a89689662cfae1b8c8a73db8b26941313006b9b9bd6afa6a57149d09a27390b8883069e4fc2dfcf75035def1f8b865e24c21b1a1ed3e9f220d7b48046577b661bc92d9888a912984ad415ea2fc92c9e37da0bef5c7dab11495c612c27b5babe6eee28fd26482272fce69ca7f11bac95251735ad808365ac587830ec04105304f8e440a4da47d30e788718da4282941c9c76f18de4f954b8be750b54cb1145489edf273625a0df9a694a23fe7bfea12579b53c3b2a3de85705568cd7e603f3b8beba9a14cad9979ea283a8a291d3e1105b7f890e2a569804d9b7dd4c7e50bd0dcd11223fd7247af77f04212ece1b98c238d2fa0386a994bc502f83dcdd2e5a0d45b185155e1a395d91726d383c2c198fff1590e983c65ee041638510787c8c59c2e96f31678226a033e027bb40c416b73c3dbef31affc93a659c8ec7ffeca313fd5283a80533b2d63941c8f245d22b160c5fe57c5fa4b759c407b9acd6d9c4f80f244360b9acd11e2b43d4af757e16a6ef9d6756df39ca3a8a235e74351f50b2ebf54df633c8c400fd80b41b07117676d486377095660f2f20f62c034563b4560b473a8f4d6a740306d2a822fd8bd98012a840ba9b1709df9a0d61ecc305f7180fd764e334045d9a8ca23cb8036c05616a8b21fc488429ba4168c59dfa231f0ffa668a3be7b16583df1a55bb9c15d51660ddeca730d66f7a9",
+	},
+	{
+		nonce:  "54df19942a3f5904d66dc071",
+		key:    "4077517b5363e841089462edea2ce35fdfc56bb050b3c9ae6f2a0cc04ff4aab3",
+		input:  "be3f309c6e7b89e1ec4a855cf161156d09f8a04d5630534ee19e9e071e3f4603f23f0c59a7b7f8a32c4c203ec8c129a268faba09abde7b61135c6c37fd091e2d695f0e242488098ebed30c7d321f4dcef0bdd23fa85a53569868cf2008bf4d2ee7a12a6673298c7e797321b9f4559748223b590e6fcf17aa72251586b01181cefcd32c6a1a20a0fc27143426f6572b1aab0e7301e390cb857f912d78d5153906c698ee140b36cdc72693cc019cb7add747ca3a07b2b82a2332bfa76c962b186ad94209fcf590ed0f6a73b08a771a58eb9649f2f1da4f7c385da83d50c939231f745514d14b0920deedd9c4dc6d2e547f83643d13541870875e52c610372b14b602e7a47f0b3721cfca60ec68e2eee91f40ceba2d0fdb4ebe19cb1d1ab170726c9e600030454ef355f9a40033672be520e528937f38e7a862a5ae50cd94f667cd015a72ee3f91b1a09031bf4c207e0c516b2e7a4baedf373f1ee71843e560741ed3a3094d2b513e2248caf27ce135716f6887d9f1fe5b11e02c12c989d29054ab183a3f55d9b40d78e12ff56edf936ab966c7c3130bea472b71fd69e70165a76afbf720e2c1587a77943b35acfd81b2ab6f39476623edf3663024fb84da8057ed3a361e9533caf9fc58a5e4897e4bf84f58ed063b5c353bdca3792952eec0a1404149ebeb5b17cd6350ab3e27e44e40fbcb00780d001a48d0365d534ff830553409919608881e665f83bb5cf0736d728c41cc4e985c377f89ee1186303d0d76bc634875ab3ebd87059969f24b0464ae11967bcc47f300a34e3b917b1affceea716c5ad9abf1aa3a1106e2f4d006514dc62cfd2a52426968f2f3991c9f9d8fcd",
+		output: "e4032c01bcece73fde73961ed216820dcb44ce20134678c98afb674bb03afec2f4aacbade7f87a32fff57ae9213eaf0509e9d9db1313b06fd1df53561f85896ba627cccd2d0e2ae4f24f5579bf02f6599f5e63412ba084cf53a5bc9a8061b5c029b755329fcd73f629fadd3bcf6cb4c572fea86466cb5159d19eaaf0f44c3471d0323bc7206bb514ed8117a61c6d98d44faff6a83716657531d965ba3efbcf067c452e0d2807db3423958d9a4421886fe132d7c47e82086db9507616b67f0051dffc1a49ecce3ca8e4d5f5af15684cd8837a471430ddd333ea0b6ee603b7d9e702692f857fab060ccf26f2a8e61dfd3b12923acca78b83a6004e4ff09113becf6bdd0bec3a449a195559dfeafd4e2a79ead5ae3c993a15ad9b1a2ce818e18edb010b7fece9aa437d85ba9841d89026d6aac1a3a6ab6dad932a26d7db6f3664b06d51584cf4d22a75c06e2840db7292798306e4d39379af85a6bc8dcaebb5246e07fadd5e336f122de0ecb99ca24a971701a1f43bd69933beef6e52d299b132e7510caf27b99739e32bd272afc36755ea80cc7ed3957d91325584b338d15b19fe554ee70bee903babe21d0cbecd49235c70a3a4f516ce16761d1cfcd70bb4b9c7c73c359f3fdd0753d6c1ac1a1463142f18266b6a9c84675f247d56563646fb2c8c3b6b81944c2ba2b76b685ba5ea40cf539bcf3850a8af3e0a69c0b38164de520a3bea82b91f67d36bbd87877b5be7f06c2d26b2dc747a26a51f51fe293197db0e91e6ac617c71ddc6edfeb7db8f067ac2012268deb7e5f00a640c1bbec5c4c71f10f921071308cadededad5c90e72d744d0bf790b043fd35729570889ebe5",
+	},
+	{
+		nonce:  "90bece179b25feefcad4f9bd",
+		key:    "e8512d17c6f5805b38e4c9b9c01961a523232162896538f5a37970de43e66906",
+		input:  "0aa4fbce7e1774f0607e7ea01fc0e6d210bb283964ae75e180a9f6ff3d2c4d50914bfc32bca6d243eb33551521d54d66f377fdc1d31974ece79b157905ff7e7a9b064f349727ce37c83c15ae13df635c3e6b4baf994d9aa0bb90b06c6cda51deefda72c97a2993448e654b746b216d2b949bff1af5238558205cfc3162f1d7a020a919db4d4eb44bcf7b269d4df57e24133d1e540694b9148444cee16e64035ef006a6079dff449949c1b342991f2a27f21c8bd74ccf4bc944284a46e9fd9f9bfd4b95f80c05553950fabbf5e5aed6babb8427832266aa4d175114de9127ff6ee848534d6dd5aa6d2dc361319863cdf32cfb1b074faed17d368964393352df01fe8d86af0e994bc9dac315f7d9efa7bef47a16676cdf17a535ae71d399c4c11a3a3ba0491e8d41f419685258a4ec7d1ae588b3ca341719c0827ce5f5a653959a8671844f2d0293c09bc7d35497ed18c160fc7b6d073a311b621a7a37f7ded1df3d73dcba1821278c9e17a191997fa4dab0802e1ee1b468e91e4272c4569a17dc0b2805b980bde798640aa328a3605abea1865083d7446e960c27f69d32882a2a2295efc9c440dc203872373411925f8839715e9441d31dd9cc14bab09a3e03b4a63e14db3039d58725796326ea6327f189beecd63955f1409467c81f4691ecfe9f0ac5234f23dfb84e3199e415ee7b4f67189e8857ff6cb3f64c2ac1b554bfbd679a6ea8491cfd69d96d08ee2744d9103e0b044212560ff707974b1a9043e1f2c3592828fde8ab5e993652c00e2b3fdb19082611b67866ece6c4a2635f87e04d2136d679f632416b03ece4d7e9406f3437163f4fe0c8cc7b87d487f6de3b3022665bcafa847c2b9199e1ba9af7deb0e29b66ad41688d03a8369416dfbee6d03526adb3ebc4b4f8531d73589499a3010b5309e9d9d2f5a9cf347983a92722dbf6c4f0bae8aba57b37d322",
+		output: "a31f9a532f35f20ba604a9ab9989260e5a4ed04e6ecfa1cb9e0e1d16943906acbbb4e761a2bebc86cad0ce8b3f26d98b455e4b0835eb8b43791cea29fe8fa6e5187b60198142059bbce98917aa2957ae2555bee70e6e9e21ff6197a51ac2ca2952c413efec4d9903a2f6883e88aebe7ca8316831f6a8f2cd0e486319b58dc8db862779adff98b7f35c33faa53d56acd7a81e0feffc286b728f3a11afab7cace4c30b1a45780276b1f0ab89242410d07cb1191c7b9da5d09db7c9a729d91ac3ed82f4350f2871a12d125ba672861d1b0af7219c360a0e023a8b7c23fb9d72631c72e032c097118d90e5db0576586d8224165a8376fe8d04de93516848e7c2653cb4f7d24a971ccf4f16c527ea5b4153fad5fd5bf473b15806671854507bf1a6d9e5fe4a6f6ec977197d21d69a041dd955e199031f895adefd850c8b0ae327ba0c18ca1783560e1ff0feb2f659137e34a91e9e9ff04fe3375b7db6e4326986e6265e5fef00297f6ae627c7563846e531762748fe8d0b6baff17acf1e6c5cfefa35a95ef634ff96f83f16342a6c62311fc653d314f8a6de109356ab7801316e69a48834cb6325816b1f66d5c67d6e9c9cbc8e1a0521fd6e4bf77a7d2609f99c9579e143f530677b99d198a97620d087f058edf35eb7271701ecebb8bfde5671641ed21aeee9e7db06b932e0def91be93cf2955159e9666c770cdffa03886eb6e98dfca8f91ff5cef1927c0f82b9226d65c68d011416cbef802c264e34244ead7a6ebbe28a510a37e1276f4f3cf27a3944a08aaa23bd321092761627dae20dc269b6150545c75e995cfee0a9bcedb1ad8b364beb8839fd5c9f7984fa0a08a1a354aebe18f62acf6d6664978fcfda2ce6fc16eaa2cda5b835339001b3b98d3a407a3e18e0ec2da6ee3d1448c1ece2ed67c3f51f01e76ed59f0e61102b103a3c65aea94275e8d1f0d331538efe",
+	},
+	{
+		nonce:  "09bdc9b17d49e6db953bc716",
+		key:    "e5d9f90b68e6ed2e95ca1d636de3334244e63fd8891fb199175705ef5f69e91a",
+		input:  "e097b1e8dea40f63714e63ab3ad9bdd518ac3e188926d1086a9850a5580affb592f6e421abc617c103479ba39a3924eea1c0bbbb051614c4b5003bbd5fcbb8093864fc1c130748194d6b560e203b889b98b574a98ec3e0e07cb2d9f271ba7794e5419123b4f2ebc7e0d65cd404104868905ff2c38d30c967fe9d77ebdd4b8fa836c3b0ad15e3e70e9a28236d5593e761e694b047f63bc62c7b0d493c3e2528c8af78f56725172ac9416ec2bdc54de92b92a63f9ccb61e686f9249c7cc337d99b2160400bb5535eb8f8eb1e3cafcbceaa821c1088edbacb3b01b5bed977e702de747ad00268ffe72e3d877dd75816db65b5459607cd1b963fe43bf2405ec223ddc0de514d59cde74f7522dc72285caa3eeb7eae527a7723b33d21ce91c91c8d26bf36eeb1dcdfc1e9e475c1565ed9c7e64ef601874a4f277280a5ceec26717e9385aee8b159379e3feed7952b87240c942970d63351259aa7a286ddb4a2620fa67565c92f592902e49422f1eecea2f44d1c0bbbf54a9e5612b86a9549aa3e6639a924c7bbe2d3c1b5669da73c0e2c6f6f6084f54a912ad2635d0141c2f5ac925414dce0da09ab8f86eae2a7b7e48741253189e5fd554d5c04d9807ac6ffd8a4f8229a3e8ab75ca5c778bd7ec5a5c02085faba9792cbc47f9e9311f3444e6544359769e1b3eb4d42ac8923ec94536e1a44497766b5da523f5763749dbc2738dfa8e13c191dfeac56c7614a96bd3ae23e4e6e5ac00be851ac9831108989b491eaade62113c531385ef3e964ce817c8ed0857adca946467682c2f4387fab2f31ce71b58370853171720268459588d5d216faca58d0bebbd7cd83a78445d9b49e83ec2cdb59b5d760880bf60532178d60372752b47d52562b316c7de5c74af9cd588643002d66bc6260595a540d2f82cf2c07fa64e0cdd1f79877b6a25b0608c735a7d35ca10852da441fcfb31061fd7e482a0989866f9eea8b0b39c3d519715c1c2766c3ad99f041143cdb36557ed647403458155dccbb80c3a365f0a85b1135695648ab67ac76b3d219c7b77e49d735c72ac947b1d7eeb279beb9d2602aba7b36ca",
+		output: "7b6e07e6415660affba56047b988f4548b308e7a642c76791f5c3742cc4cb744cde48fc30e50d458084e06c6dd29a52cb4c306a69a493a17c0838d14b107d07b81c983a2dbad09b80f087ba48465a8beaae5b16e8093e17cfb9e84ea3bdb9af00889268a5c01ddf25af434de56f65882322432aa275fac8519e317ef4d89478f29182143f97350983050f5d37c4b518611da6fa2aed7bb73e614231a194fe17c9073e377fc6ea0aa491e15ca54808e0536c8c3f1bf657283f807ebfc89b55049ac8fb86f89f17974fcf0afc1a2c690c0442842d0f4af9ee29dd960e499d1077bfdad4c0c9189a6e83799bb585acdb853c1e99da7ce9c7eeb9bf431f8d364d0ea80b0a95a7807f196c6ee69fe90e6d1f5d23e5cb256e37e65826d7a111f2272884d6319f968580b3164b2697ea6556816cea3ca316651fe2fd68dfa905d080c28622606f7d24da216289fa2c54c6f42dc244ecb047512ace62f0801f2dfad8f0218f45e2b3bbac97c2176c842398b16dfa1fdfc9a68b7b5a1e785d2a0cc592bc491f5a69c81127b758ee02c66b81674d3135c5882d1dc89dadcffa06f4b0644df5c7fd65c72611d79be7ad637edd6fc38b39946aa2a2c6d08ca9d3ff9a8ffe2e7989546489539b1a623fa937c468e59e0978602526b4367de277526895aa222fbaeae2084f418c5745d8ee844da0baa47f592970c14cf710f49539c12104a62baddb3382f5773dd18c83ecb238ae2e749a51584a38e394ebadd175bf5c3cec787907abb1d94af70ae63d3b7d8d5ff254da90b78ec8fe2ea95dfbc6e3e69ecad856c9e54906df8fe39859f2014b74dc3ca0ee2a957001939d37a6c0b489bd3f1658b835a57b24aa282c23e875c9e67e6eb8b32fe44e7d7d8e285d85da0ce1b53990f9fdb5e2e74728e433ed2c1044df9e89cb9bb316c39fc6fc8bcc74a382093926a288170e857d6b7f47858a4c2d05c74263dc9e8199332d0179687f4a4cdfc80ee6737300cefba75905b22d21e897f887b67aa3051877fff11d98bf96ca5091bb225bddd5eae697f3dfb0efcdb788ebf6694b5b39dbb0d4bf9427382a3a58f0b",
+	},
+	{
+		nonce:  "3e507e0cdf0d11f88c6c3183",
+		key:    "cdd1a20f05f9e74f1b4c9e2b81c85b11c5bc222925aa603f316dc21363af9620",
+		input:  "0a1064714f20d9e47fe53250ecfec759f4137e60afaf65755f4709a483504c3855833b6dcaf7aa0180fd735fa9a73d46697f6c45004adf12452ea4c04a720fd7c20b9783b74b8b3ea0c8b1563d5a85f44af8afd7d91ca6298ca22642a684f66e365edd6f6bdb2dd32dfa13c62dc497fb341b86f65d40655931171416e23e3b2623c0b4a67d448877b6e3d4e0fe284034a10162b2b5e21639047036874f4bcde22b145b5f18aa8ff32dec81e6a5ac68b3c30c24bd8fd3b8e098a1cf202e2ab2a3bb66a9393222b9f7384653cda7707f00bc3c81e9591fd040a07d3629410c2db78781a4c9db3df5f9d648162f1b087974f56a89db07aa21ba827e3864a1618945b2fba06853a13c35da2909f5013feb313bae09870b8eab904024adab0d6ac46c1a1499791b47413139dee59db676949b9e9ab8d3d6abaa954ec2a9fc83953c91b483c3b6bd6700b96484850734e72e3710a1b379c0d0698aeaf68f13a0d317bfd689471e3299288e7a383a58522f0daaff210cc4917fa05f0b8ceefc2afc46148a05a100d30787accfb4da094e61ea6b58f132692aedcabae928e53c2594b01507b8fc2d0a85a1d111d1f4de0b95258281ae01873a72606753b6f878ecd8c4f613fb3477710d260f0bca0d4c06f675ab7113eded395f88755a98a0ad22b4a002cfe9447c4e39eda13738f4eccb9c13367ebc2878257c4647d31b67e5e32b6a77f23e9593658d19c0a40e8a7228767afba1cf23072b013b2d76ee66e42b57bec2797ce3619c695a661004c8129cb5c5d6a2836be22483f3b7e40bf8ac5535bf6cd065c4821a87829948c88163cfe3c0f60cea4e7ff59df4cdbf80064b2d664b39487413039999b5e86f1d467b12682d0cd355e9f7cd980e87d584ddbda89f68632d3b8fd6bc3b80205d7feb97a46842b093f74aa14bb21accda7474247b5e39ac76ef75e9b5b52b6a829a7e2297ab88fb0eb690d54ab1af2d7437149a6202035ce15f1e6c6267458d62677c263d83d3f8119af191b7d766582620e0f08b411c996c25ba6a32c2d73f592e789ed662e94103329bfa5e6573f1116ec04438997f3e4ad91b4123b570743455020d914bde2d8417fb24671e6db261732fb89dda1a36614b095529e4f97374c9bc0e55aa577bfffa663c816ca9fae3472e0a",
+		output: "b00a7caf5359c5bcebe590e6bab9aa03370050c55cbd45a257f4869937e922a15f2d38121b1493d6b5dd4a8a47d7b4e5cb049d396ad84ed421df774b0408b6939f18ebf5cf83f48c540affcc2a885967bf4bd222c42904b8a73c4185bde3f97e874fad25b46714235e60c9ff53ed2975c9c85ebad0752249e4b627ffa41555eb9074f63a5f7d61d207d2ce11b2a9fa23a13a0832eccb91efa2afd8d9acfee94ac78a733fa156bfea5006da1d0127c32aadbb75c015b68c627903e1c85bf3a1a9f99c6cfbdbb5c871f7f9661b78cf5e16d819f53e9930e201d4f58e69bcdce77ec5b9b1d2cf206a71f744342273c26b9abc71303c20df3d51f52222893d803fc8e0e0afcd99ee1c7f95b48680403566f7f9e296d7ccc0ec348b6ad515af58d11fd82c628ea29ee6a5d67aaeabd8823addc01a078b04313af73105d4ce4abef8e6ee8ce649640a19678292d4f1017d121549fd2c19ba6cdc0b613e512bc9551d759c6d38aea7e35c0847a142e273a16bb1495e652f9668b97801ba3f6d9931c0a1efaa4452e15732dca1ca9cb45ed289e0fd08d1cee1cdcc9dfba8d0b2562b0b1a180f4ee69d63573222c8d4789bf0d63d2a201a70c7b27c84e620e33e8a863cf49b784269a51ead3d4ad26f044d5859988d5485a11533ea805f5a8f6313caa6b421071a34f57170fdd8e4663e9a4cdcdcc1ddaa9f6e651fb365cf827667b018ae7d028c7f96295b2b4f9eeb4b361b48af86463a79f50b107ab0935e3cec3f4f203cea801ff95fb870d2c2f0e315dc8a6a547dd3c390a1f5403917315164bd2d40362489b389a54e8dc0ddb83e6a43a26c65923e6f76ee0ee0e3a33b0a9066620a01f0319e20b9f1beb3910ad962a3000e6aacb0ae57f3f6c5e0315be5de93edcf0e45e0e47332f9daf7f33e6e8bf1929910b78b8f88ca12bf5519a3217b7554c8c8350cc314561d580bf67a3878e3979430d070121a5e070a3458742e8549bda972f603222e2b30eb8a49a955805307e6e02f8c60a08188f69340e116422458d4a8841f46a78c833b1a822e3f6c9c97422c918f17c36175ca4b3d1c081ee4b175b4b07bf101c3836eb5b9e3cbd08a89b4a1c50edcb41ea8ea6ceb1532f5b842715d50dc21e2499e08c373d3dedb96bb477c8802ab7aa957e0b5810f38",
+	},
+	{
+		nonce:  "c9da02eb6ca0cba74c76240c",
+		key:    "574a41e94695e2d54c2f5e1a464c6e801f8d09481aca51437cd93e05ca95a4a6",
+		input:  "00fa3b13b5cfa9b5d65a41cc2d3c420518802c22c4582873f1ad52a22032d2cef7c975078b199787e852fb1f914529f60d1cc854e5d6d547216dce043e0fc94866bb2193343c3a07fde60e668266d1cee3067c6f2ce0f9f63456ad08094b6c7f515f7ca90caa96494e2a6835ba1f3f166012ad1ff6af6b5f8455d5c26e72402966af9066ca70ad027eed23b0eb02c751195064a62283975efeb29bc5993f83360d012a2f5275ac758a9e8fe458fc7cc0673e6b9e338678f0faff60a67fff3784c3054dcbd95d1b00ed4c6156b3831cc42a2ccdeee55541f228b88e6c318e2d797c6fc035ae12868c4a4e3843b5b25a530b1477dec3f5ac27644476b5766e0ee132d833f9a63200eb0980bf72c3666150e567e01e3e1f469cf36beea65946fce714a3f354983e54ca4315b57ea35c5f48bd5eada05f49db1004cbb39888ebab3afad62f6509abad77ca8c4ff28731c7ae545e6876c8f4a80b6cc26928ee05001a9764694b52edd605e182d5a3a5fd192bff58aba90f57e4debe612d02cf6f08af33a78ebf8823bb3eb46d4da25b7dfa15ad436c380633d3db3d0dc4dfec6c2324d105e7090e65342b554854e777b40b5dab8125a58e8b212364ff88459a8466ff5ae661034abc8286a78ad5aa582e2dabbcd7a0b0cedcb9fd5f0bb8c3bef9117f2ca6520a72b94e528c1a4a464398e654995d5f4c77cbabf2b204b96a058cf1b38284b34e41ac37b05a003ed51be9602050f21c6b9326714bc425c1e22833da95a6e77571691d4dcab4ef9056c4c7f85d5b445b902eb375b5164c6bdf629ccfd4127a6c024bb6c4da0b6b08350432e58f8229e04e2e76f704be17d36e0c04fcc7a98f721d4572aa7f66ae8e9664300a189bc3862da47b60c8b33424f6d577cc10f4755f36c2a6decc30ba81bf48f96616ccfcfb74965d6bdcab82728bb224c560d1cfd7a175413ad1c14c734746be3b062b4e7514e9075c688103515e32e3335dbd272a315024d56f4ecd354264da9bc712080657b2b51b06dc7c4c441d9858935a4c3e6b207bde38ea83bba4c6854b2bcf914d758e0a174c0528e0e385c7cff355c38db1c22440369141e91266824c59f1ed23e7d4b99d31b0baa7bed4526e24259dbef5c9ae275e97267b756645f804c274d65ac7ab0f7683435bc2e4f24075cd1b790aa2b53fbf044e8f2092bdf0dbe88a582ff8f8de291e8220",
+		output: "bea32587095caac661c3ac49e65654b282192b2addf5b9a403aea6c8bd0096291a0a66ca4062acf1da91fb5749952096ec63ab652ecf94c29807f0aaac939b6896edcd6f0cd8dd8d208b906ef4d7a8766831fecd6ce98f4ea0c34fa9a5114dbeb23c2cd6d3aa962e39b18cb343c24e65d49fad0a0fb50736f8d2b24b011108932484399f4c4510ac9a5e6bc78ff0b450e67f87b49f253b99d95d6294e15a9934fc8b89a5913c08f75d3516766fb0f60f82e2b2647b4619991c78adbcf548c07c0dda30c629349d84f298313c3e629e03760b1cf860264205a950d6fd86732a6513827f72c0dff5aff96f7203464f60849c1065beb70f282cca1334f6f6c767dfff94f063361f592e85597de5d313eaed17bd533db24818d9ba9aea2afa797721fbd19eea7b8d46bbc4b9dc0164636d2e754f5e9e8c04e2a381096331731c645ea1f613a37bfa9a6fb2c6307e9bacacbeab7f5672163ff9742a8115049bce0269d7d5f6f35787be031dbee1535b0516ec0b46d12f5833cde5f2cc569edcdd20993e9776aacf48ace7bfadf79065f2803fba6b2b27aa622abb7ae023ff2b27b727f509f313f92026392485a5ed4fd53b2e22b2d2dc1538ce158d34921214638be30ae054a0f5f1d4f9c590a2d215ac2a5b23ed33871ab26c8bb6db7fe9d6f51e527c9547248a4e9734c64658b22893f4f6867a35f18e2bbfd7d62142025955cb51af8e40b6fcb91c7e959cea2c92022c87c29dae107a306f41b00e73c7bceef8cb070e8f9e830caeee463170e919cba6eee63092a5a7ee33b74db09cdd022fdafbcd5d524253a29a103ba6f4d668d31d18f867557871c0e0258221c3050d57c18bdae4cc4ff8da0daddb5c08619be127ee76a317b59a9d8e67808603a1bfce6b4e0d070082b283bf9c0e6ef8256208e482f3e2d1a40d30807f60a868e2279dfbc3586d44ee25fdca3505cd39fd469c2cd03bc2f921d22a8346750f346c919e7247301c1c8a4a3ddb8eabc6e80d85cd2459afe1cbb4851ea2c86b8075e0fef3177cb074894410ecf681242fac62b5fa4ed3a10ddaa595427851d376cf69e350207b667f7aa26d003f1ec739a8792532ebd93f3cafb1fea40d227bcadda2fb6da794cea3371240f257f80b1b8a857ea453b46938397c1f4b303a46257750003a60666a11d03bf2afb5c71e059933d617288891733b63784bd9c662234f",
+	},
+	{
+		nonce:  "a4472b3c13c814f614706fa2",
+		key:    "183dbd3967cdaac9b58554cb226a532087ac22bb80a59d1c2e6b997d61e46f45",
+		input:  "01847d8a97d56e55e12f89adb13c8c0f9dea5555e8dc61171fbb8e181f6cf846a4dd68b2c75335c0896fa215bf7f9eb7e398e4520aaaf33461ecfb61051f43d43569fb75fabd79d319bf39469f951e4da7932a74624c46d8d26a9499c701c00d3dea57a6f65b4c0f33b568d13989340294d17cd005b26d89cf6fa1c88e7b6ef4d074291fa8c117ae05d7c785459ef4561c45af63a811e9aa1c31b69a5bdac2356d955a0f579791247a757a691b3de447a53619878397cd82a74053f06da3574045bc856500ec01fd2afbc64d8dd283ac876a50e9396f78c424ab157f481316fd9c90cd899f5aca46dad32c68f1d64ea7f1c4bdb994ad847072609bd89adc2fa8382a5d573b680533640b8321b6adf27926274660b2cbaf04fbc9a4fb17ce8957c38c7bab1aafd5bf7263171e47d2e1ae5cf0494815642209d303dba561754479c24ea01a573c9083b68acc49907b1748924d3c6a82feb9417ca932578c123f9db35521c0d992565f7396f0c23e436289c1720e4e7c6e285c04a8159f93e06801334e523b18fe188355cc6a155febe64ba053e6b5d1cc87787fd5ae68fa86d8c51868b9f6a9664cf0d56aa6cb8463362bb671e6b8423bcbefe2a1a0acba3f135496736b5cec5e329494af46aba322bf5d1cc108c98298459558773a316e09b0bb960a26f4b0bfbaa493b5f98a0e522b6203c471b10e662abe9b9e60de2a1517843933add02017fadd62608383ad53796159f3d21b2c8ed7295802ca79ea65d550114ca2bcc7f7c3b4c6709fffc3c2de00da06e83d8f0cf04b8c8edd21c0fc11a0b2aa7f6adad255fef25e5c0a9d59546e97446e1fbf6a51a8ea6cad54cabfdd19cd10d7d33ff0549b710557e3931821dd8809ab0a9d3aaa761a01ae0f2e378906672924d6a1b12fb1cca7bed41f31974b9917a05de60c32796f502e7035a2c01cb49bc8e1734b9fa138b81b4dfe19d37f5942dd1b42f03e1e5a6a046ecd457174150e17dd148e4bfea44b72da35ef42a7251244700e59e702033677d42611168fd246e1b18b9a464b6c20fc7fcf6360cd00466ece059a69d7d54a4f5565d08799f85dd3c849a08ba43415077c1c0e5dbdba52bb3167ee99a11db551f0260493be1dde58d2072e8c02251f4f574b6e115cbb6136dc2c3fbce75fdcefe812d9c07a91a89088985a52cb1fb9f6cef80fa30364706414175e42c75e8e37f6e7cd028c99f59caa88c49db5b46e8d6301bc39034013718a9eeef5506415016fb21d70e46a03b4c5ba72f91dd9321ff5e210e5e5f7b0723a3bc4bb02b5a74c1f4a63aa5a993a31f79a768fe8033c9abfeb4deb536af1054be02d8d1c4a6a0fa75f3eb787d57a03b7ae994fb1b54b2c43b230ce32e6245d944b3cea4fa6",
+		output: "785dbea5d1e50af4743ed5fd2209e441fc7c50bc7f6fd9cc7f24654c619e2606178dcbbd81a1f94c1b3176837024098bd31326145be326b32fd9277a55a6fb38780c8dc8b471a3184379d90da4aa87d80b889b1f4d8d0755c1704a526b99ac829b8ad157ca54b2b05ff8b2917e27b0c147ab54add9a89fdcad7b93ba1fe2d5be9de88b68a5324f1b42943e45ee31c4ef783ec9e2337b3f2834b10cf452b313fafdf0c03719140f64060da0a565e185cb8e544e1c185ca230ff2321739a285abe8be4be0ce76678a7b0902a77a645194de49fef8ff64cc464ea25e1f1d72c775e450f08ddd7680d27a4142879787b198583d93b84cd87fd5b4063d92d13d9c9cb580c01fac0174686a18f64e6fa0b3589624cfae04aad74950559bdf92b2b199c60cb04013aa0ef56d1f9ec5b7e968f6a83756ecc9cee7dd8b433f64649f948df5474a64549e71e46fd8bb16568d21f5fb67f5ed555f2b8aec4709383e8cbc45b9fe47c0434178ad4c6d0d42606d6eef0e21d0370898d1d5d646830a88d5f024094fe9c7a2003ca13d20ab7cd748dc11a22f578ddab416f3500eff3d89fc177b46436108e2e2c7973910cb8454a01c9e9b98f966848325444b2ac205b1ed6919fa76aaf63717574761b7f62b10649357df49f85a845a30b6acd57fa202fe58673930ec59399f537e9682b1f5f6f409988789a8e0c1f803478dded14b40d3b6eb3109758efeb6a7fe21f41c4dcc8027258da27ad74010839dbfdf8fe55050511f85c321e653f76e55f22248f46da529a380c6b1a16a19ce73af9715545c2cae098dc42dd61248dbcf7b295f4dc6b8930b41baeef677156c534869be65e723e1aa0336e8be8a3b138f840c9cd63bab6d9d61f239a47d8cf56258544e6ef65edca27069f7a57f087a7cc021fa1294b75c0c0f1093c025e426e4f041ed5187f358402676d5da5fb6ceba76a178f65c8c3046f258531c165b8808bdd221c59ff56e3e06247576e144aac01ea96a07f1be15d7a2b0b3b6c259a9133f8a50b56154ecf9f61022f470027247e6e70e6eaf7ece5e324ec8f95667ffed10337652b119e7cb8d197e306e81ea251340b9fb2c33aa230c0a16e1ca783f9344b3acbf413acd96616e6d477dba90e39326089934bc5ca6620855cdc442e25bf8b8debf335e16e7e25cceb68659cc81b13a507fbd9f30b347126beeb57016bd348fe3df592d4778011664a218227e70d7360d139480500b7f6f84153e61ca4dea105875e19ce3d11a3dfd0ad0074035ff6a9fac0ece91afd8be74c168da20c8baafcc14632eb0e774db758a3d90709cddf0266c27963788c35a842beea8ba2d916234431efde4bb32fd7e1cef51dcf580f4697206bbc3f991f4046360aea6e88ec",
+	},
+}
diff --git a/chacha20/xor.go b/chacha20/xor.go
new file mode 100644
index 000000000..c2d04851e
--- /dev/null
+++ b/chacha20/xor.go
@@ -0,0 +1,42 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found src the LICENSE file.
+
+package chacha20
+
+import "runtime"
+
+// Platforms that have fast unaligned 32-bit little endian accesses.
+const unaligned = runtime.GOARCH == "386" ||
+	runtime.GOARCH == "amd64" ||
+	runtime.GOARCH == "arm64" ||
+	runtime.GOARCH == "ppc64le" ||
+	runtime.GOARCH == "s390x"
+
+// addXor reads a little endian uint32 from src, XORs it with (a + b) and
+// places the result in little endian byte order in dst.
+func addXor(dst, src []byte, a, b uint32) {
+	_, _ = src[3], dst[3] // bounds check elimination hint
+	if unaligned {
+		// The compiler should optimize this code into
+		// 32-bit unaligned little endian loads and stores.
+		// TODO: delete once the compiler does a reliably
+		// good job with the generic code below.
+		// See issue #25111 for more details.
+		v := uint32(src[0])
+		v |= uint32(src[1]) << 8
+		v |= uint32(src[2]) << 16
+		v |= uint32(src[3]) << 24
+		v ^= a + b
+		dst[0] = byte(v)
+		dst[1] = byte(v >> 8)
+		dst[2] = byte(v >> 16)
+		dst[3] = byte(v >> 24)
+	} else {
+		a += b
+		dst[0] = src[0] ^ byte(a)
+		dst[1] = src[1] ^ byte(a>>8)
+		dst[2] = src[2] ^ byte(a>>16)
+		dst[3] = src[3] ^ byte(a>>24)
+	}
+}
diff --git a/chacha20poly1305/chacha20poly1305.go b/chacha20poly1305/chacha20poly1305.go
index 3f0dcb9d8..93da7322b 100644
--- a/chacha20poly1305/chacha20poly1305.go
+++ b/chacha20poly1305/chacha20poly1305.go
@@ -2,7 +2,9 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD as specified in RFC 7539.
+// Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD and its
+// extended nonce variant XChaCha20-Poly1305, as specified in RFC 8439 and
+// draft-irtf-cfrg-xchacha-01.
 package chacha20poly1305 // import "golang.org/x/crypto/chacha20poly1305"
 
 import (
@@ -13,15 +15,28 @@ import (
 const (
 	// KeySize is the size of the key used by this AEAD, in bytes.
 	KeySize = 32
-	// NonceSize is the size of the nonce used with this AEAD, in bytes.
+
+	// NonceSize is the size of the nonce used with the standard variant of this
+	// AEAD, in bytes.
+	//
+	// Note that this is too short to be safely generated at random if the same
+	// key is reused more than 2³² times.
 	NonceSize = 12
+
+	// NonceSizeX is the size of the nonce used with the XChaCha20-Poly1305
+	// variant of this AEAD, in bytes.
+	NonceSizeX = 24
+
+	// Overhead is the size of the Poly1305 authentication tag, and the
+	// difference between a ciphertext length and its plaintext.
+	Overhead = 16
 )
 
 type chacha20poly1305 struct {
-	key [32]byte
+	key [KeySize]byte
 }
 
-// New returns a ChaCha20-Poly1305 AEAD that uses the given, 256-bit key.
+// New returns a ChaCha20-Poly1305 AEAD that uses the given 256-bit key.
 func New(key []byte) (cipher.AEAD, error) {
 	if len(key) != KeySize {
 		return nil, errors.New("chacha20poly1305: bad key length")
@@ -36,7 +51,7 @@ func (c *chacha20poly1305) NonceSize() int {
 }
 
 func (c *chacha20poly1305) Overhead() int {
-	return 16
+	return Overhead
 }
 
 func (c *chacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
diff --git a/chacha20poly1305/chacha20poly1305_amd64.go b/chacha20poly1305/chacha20poly1305_amd64.go
index 7cd7ad834..25959b9a6 100644
--- a/chacha20poly1305/chacha20poly1305_amd64.go
+++ b/chacha20poly1305/chacha20poly1305_amd64.go
@@ -2,11 +2,17 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build go1.7,amd64,!gccgo,!appengine
+//go:build gc && !purego
+// +build gc,!purego
 
 package chacha20poly1305
 
-import "encoding/binary"
+import (
+	"encoding/binary"
+
+	"golang.org/x/crypto/internal/subtle"
+	"golang.org/x/sys/cpu"
+)
 
 //go:noescape
 func chacha20Poly1305Open(dst []byte, key []uint32, src, ad []byte) bool
@@ -14,62 +20,10 @@ func chacha20Poly1305Open(dst []byte, key []uint32, src, ad []byte) bool
 //go:noescape
 func chacha20Poly1305Seal(dst []byte, key []uint32, src, ad []byte)
 
-// cpuid is implemented in chacha20poly1305_amd64.s.
-func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
-
-// xgetbv with ecx = 0 is implemented in chacha20poly1305_amd64.s.
-func xgetbv() (eax, edx uint32)
-
 var (
-	useASM  bool
-	useAVX2 bool
+	useAVX2 = cpu.X86.HasAVX2 && cpu.X86.HasBMI2
 )
 
-func init() {
-	detectCPUFeatures()
-}
-
-// detectCPUFeatures is used to detect if cpu instructions
-// used by the functions implemented in assembler in
-// chacha20poly1305_amd64.s are supported.
-func detectCPUFeatures() {
-	maxID, _, _, _ := cpuid(0, 0)
-	if maxID < 1 {
-		return
-	}
-
-	_, _, ecx1, _ := cpuid(1, 0)
-
-	haveSSSE3 := isSet(9, ecx1)
-	useASM = haveSSSE3
-
-	haveOSXSAVE := isSet(27, ecx1)
-
-	osSupportsAVX := false
-	// For XGETBV, OSXSAVE bit is required and sufficient.
-	if haveOSXSAVE {
-		eax, _ := xgetbv()
-		// Check if XMM and YMM registers have OS support.
-		osSupportsAVX = isSet(1, eax) && isSet(2, eax)
-	}
-	haveAVX := isSet(28, ecx1) && osSupportsAVX
-
-	if maxID < 7 {
-		return
-	}
-
-	_, ebx7, _, _ := cpuid(7, 0)
-	haveAVX2 := isSet(5, ebx7) && haveAVX
-	haveBMI2 := isSet(8, ebx7)
-
-	useAVX2 = haveAVX2 && haveBMI2
-}
-
-// isSet checks if bit at bitpos is set in value.
-func isSet(bitpos uint, value uint32) bool {
-	return value&(1<<bitpos) != 0
-}
-
 // setupState writes a ChaCha20 input matrix to state. See
 // https://tools.ietf.org/html/rfc7539#section-2.3.
 func setupState(state *[16]uint32, key *[32]byte, nonce []byte) {
@@ -78,7 +32,7 @@ func setupState(state *[16]uint32, key *[32]byte, nonce []byte) {
 	state[2] = 0x79622d32
 	state[3] = 0x6b206574
 
-	state[4] = binary.LittleEndian.Uint32(key[:4])
+	state[4] = binary.LittleEndian.Uint32(key[0:4])
 	state[5] = binary.LittleEndian.Uint32(key[4:8])
 	state[6] = binary.LittleEndian.Uint32(key[8:12])
 	state[7] = binary.LittleEndian.Uint32(key[12:16])
@@ -88,13 +42,13 @@ func setupState(state *[16]uint32, key *[32]byte, nonce []byte) {
 	state[11] = binary.LittleEndian.Uint32(key[28:32])
 
 	state[12] = 0
-	state[13] = binary.LittleEndian.Uint32(nonce[:4])
+	state[13] = binary.LittleEndian.Uint32(nonce[0:4])
 	state[14] = binary.LittleEndian.Uint32(nonce[4:8])
 	state[15] = binary.LittleEndian.Uint32(nonce[8:12])
 }
 
 func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []byte {
-	if !useASM {
+	if !cpu.X86.HasSSSE3 {
 		return c.sealGeneric(dst, nonce, plaintext, additionalData)
 	}
 
@@ -102,12 +56,15 @@ func (c *chacha20poly1305) seal(dst, nonce, plaintext, additionalData []byte) []
 	setupState(&state, &c.key, nonce)
 
 	ret, out := sliceForAppend(dst, len(plaintext)+16)
+	if subtle.InexactOverlap(out, plaintext) {
+		panic("chacha20poly1305: invalid buffer overlap")
+	}
 	chacha20Poly1305Seal(out[:], state[:], plaintext, additionalData)
 	return ret
 }
 
 func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
-	if !useASM {
+	if !cpu.X86.HasSSSE3 {
 		return c.openGeneric(dst, nonce, ciphertext, additionalData)
 	}
 
@@ -116,6 +73,9 @@ func (c *chacha20poly1305) open(dst, nonce, ciphertext, additionalData []byte) (
 
 	ciphertext = ciphertext[:len(ciphertext)-16]
 	ret, out := sliceForAppend(dst, len(ciphertext))
+	if subtle.InexactOverlap(out, ciphertext) {
+		panic("chacha20poly1305: invalid buffer overlap")
+	}
 	if !chacha20Poly1305Open(out, state[:], ciphertext, additionalData) {
 		for i := range out {
 			out[i] = 0
diff --git a/chacha20poly1305/chacha20poly1305_amd64.s b/chacha20poly1305/chacha20poly1305_amd64.s
index 1c57e3894..867c181a1 100644
--- a/chacha20poly1305/chacha20poly1305_amd64.s
+++ b/chacha20poly1305/chacha20poly1305_amd64.s
@@ -4,7 +4,8 @@
 
 // This file was originally from https://golang.org/cl/24717 by Vlad Krasnov of CloudFlare.
 
-// +build go1.7,amd64,!gccgo,!appengine
+//go:build gc && !purego
+// +build gc,!purego
 
 #include "textflag.h"
 // General register allocation
@@ -200,7 +201,7 @@ GLOBL ·andMask<>(SB), (NOPTR+RODATA), $240
 #define polyMulStage1 MOVQ (0*8)(BP), AX; MOVQ AX, t2; MULQ acc0; MOVQ AX, t0; MOVQ DX, t1; MOVQ (0*8)(BP), AX; MULQ acc1; IMULQ acc2, t2; ADDQ AX, t1; ADCQ DX, t2
 #define polyMulStage2 MOVQ (1*8)(BP), AX; MOVQ AX, t3; MULQ acc0; ADDQ AX, t1; ADCQ $0, DX; MOVQ DX, acc0; MOVQ (1*8)(BP), AX; MULQ acc1; ADDQ AX, t2; ADCQ $0, DX
 #define polyMulStage3 IMULQ acc2, t3; ADDQ acc0, t2; ADCQ DX, t3
-#define polyMulReduceStage MOVQ t0, acc0; MOVQ t1, acc1; MOVQ t2, acc2; ANDQ $3, acc2; MOVQ t2, t0; ANDQ $-4, t0; MOVQ t3, t1; SHRQ $2, t2:t3; SHRQ $2, t3; ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $0, acc2; ADDQ t2, acc0; ADCQ t3, acc1; ADCQ $0, acc2
+#define polyMulReduceStage MOVQ t0, acc0; MOVQ t1, acc1; MOVQ t2, acc2; ANDQ $3, acc2; MOVQ t2, t0; ANDQ $-4, t0; MOVQ t3, t1; SHRQ $2, t3, t2; SHRQ $2, t3; ADDQ t0, acc0; ADCQ t1, acc1; ADCQ $0, acc2; ADDQ t2, acc0; ADCQ t3, acc1; ADCQ $0, acc2
 
 #define polyMulStage1_AVX2 MOVQ (0*8)(BP), DX; MOVQ DX, t2; MULXQ acc0, t0, t1; IMULQ acc2, t2; MULXQ acc1, AX, DX; ADDQ AX, t1; ADCQ DX, t2
 #define polyMulStage2_AVX2 MOVQ (1*8)(BP), DX; MULXQ acc0, acc0, AX; ADDQ acc0, t1; MULXQ acc1, acc1, t3; ADCQ acc1, t2; ADCQ $0, t3
@@ -248,7 +249,7 @@ hashADTail:
 	ADDQ itr2, adp
 
 hashADTailLoop:
-	SHLQ $8, t1:t0
+	SHLQ $8, t0, t1
 	SHLQ $8, t0
 	MOVB -1(adp), t2
 	XORQ t2, t0
@@ -2693,22 +2694,3 @@ sealAVX2Tail512LoopB:
 	VPERM2I128 $0x13, tmpStoreAVX2, DD3, DD0
 
 	JMP sealAVX2SealHash
-
-// func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
-TEXT ·cpuid(SB), NOSPLIT, $0-24
-	MOVL eaxArg+0(FP), AX
-	MOVL ecxArg+4(FP), CX
-	CPUID
-	MOVL AX, eax+8(FP)
-	MOVL BX, ebx+12(FP)
-	MOVL CX, ecx+16(FP)
-	MOVL DX, edx+20(FP)
-	RET
-
-// func xgetbv() (eax, edx uint32)
-TEXT ·xgetbv(SB),NOSPLIT,$0-8
-	MOVL $0, CX
-	XGETBV
-	MOVL AX, eax+0(FP)
-	MOVL DX, edx+4(FP)
-	RET
diff --git a/chacha20poly1305/chacha20poly1305_generic.go b/chacha20poly1305/chacha20poly1305_generic.go
index f7e4bfb1c..96b2fd898 100644
--- a/chacha20poly1305/chacha20poly1305_generic.go
+++ b/chacha20poly1305/chacha20poly1305_generic.go
@@ -7,64 +7,75 @@ package chacha20poly1305
 import (
 	"encoding/binary"
 
-	"golang.org/x/crypto/chacha20poly1305/internal/chacha20"
-	"golang.org/x/crypto/poly1305"
+	"golang.org/x/crypto/chacha20"
+	"golang.org/x/crypto/internal/poly1305"
+	"golang.org/x/crypto/internal/subtle"
 )
 
-func roundTo16(n int) int {
-	return 16 * ((n + 15) / 16)
+func writeWithPadding(p *poly1305.MAC, b []byte) {
+	p.Write(b)
+	if rem := len(b) % 16; rem != 0 {
+		var buf [16]byte
+		padLen := 16 - rem
+		p.Write(buf[:padLen])
+	}
 }
 
-func (c *chacha20poly1305) sealGeneric(dst, nonce, plaintext, additionalData []byte) []byte {
-	var counter [16]byte
-	copy(counter[4:], nonce)
-
-	var polyKey [32]byte
-	chacha20.XORKeyStream(polyKey[:], polyKey[:], &counter, &c.key)
+func writeUint64(p *poly1305.MAC, n int) {
+	var buf [8]byte
+	binary.LittleEndian.PutUint64(buf[:], uint64(n))
+	p.Write(buf[:])
+}
 
+func (c *chacha20poly1305) sealGeneric(dst, nonce, plaintext, additionalData []byte) []byte {
 	ret, out := sliceForAppend(dst, len(plaintext)+poly1305.TagSize)
-	counter[0] = 1
-	chacha20.XORKeyStream(out, plaintext, &counter, &c.key)
-
-	polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(plaintext))+8+8)
-	copy(polyInput, additionalData)
-	copy(polyInput[roundTo16(len(additionalData)):], out[:len(plaintext)])
-	binary.LittleEndian.PutUint64(polyInput[len(polyInput)-16:], uint64(len(additionalData)))
-	binary.LittleEndian.PutUint64(polyInput[len(polyInput)-8:], uint64(len(plaintext)))
+	ciphertext, tag := out[:len(plaintext)], out[len(plaintext):]
+	if subtle.InexactOverlap(out, plaintext) {
+		panic("chacha20poly1305: invalid buffer overlap")
+	}
 
-	var tag [poly1305.TagSize]byte
-	poly1305.Sum(&tag, polyInput, &polyKey)
-	copy(out[len(plaintext):], tag[:])
+	var polyKey [32]byte
+	s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
+	s.XORKeyStream(polyKey[:], polyKey[:])
+	s.SetCounter(1) // set the counter to 1, skipping 32 bytes
+	s.XORKeyStream(ciphertext, plaintext)
+
+	p := poly1305.New(&polyKey)
+	writeWithPadding(p, additionalData)
+	writeWithPadding(p, ciphertext)
+	writeUint64(p, len(additionalData))
+	writeUint64(p, len(plaintext))
+	p.Sum(tag[:0])
 
 	return ret
 }
 
 func (c *chacha20poly1305) openGeneric(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
-	var tag [poly1305.TagSize]byte
-	copy(tag[:], ciphertext[len(ciphertext)-16:])
+	tag := ciphertext[len(ciphertext)-16:]
 	ciphertext = ciphertext[:len(ciphertext)-16]
 
-	var counter [16]byte
-	copy(counter[4:], nonce)
-
 	var polyKey [32]byte
-	chacha20.XORKeyStream(polyKey[:], polyKey[:], &counter, &c.key)
+	s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
+	s.XORKeyStream(polyKey[:], polyKey[:])
+	s.SetCounter(1) // set the counter to 1, skipping 32 bytes
 
-	polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(ciphertext))+8+8)
-	copy(polyInput, additionalData)
-	copy(polyInput[roundTo16(len(additionalData)):], ciphertext)
-	binary.LittleEndian.PutUint64(polyInput[len(polyInput)-16:], uint64(len(additionalData)))
-	binary.LittleEndian.PutUint64(polyInput[len(polyInput)-8:], uint64(len(ciphertext)))
+	p := poly1305.New(&polyKey)
+	writeWithPadding(p, additionalData)
+	writeWithPadding(p, ciphertext)
+	writeUint64(p, len(additionalData))
+	writeUint64(p, len(ciphertext))
 
 	ret, out := sliceForAppend(dst, len(ciphertext))
-	if !poly1305.Verify(&tag, polyInput, &polyKey) {
+	if subtle.InexactOverlap(out, ciphertext) {
+		panic("chacha20poly1305: invalid buffer overlap")
+	}
+	if !p.Verify(tag) {
 		for i := range out {
 			out[i] = 0
 		}
 		return nil, errOpen
 	}
 
-	counter[0] = 1
-	chacha20.XORKeyStream(out, ciphertext, &counter, &c.key)
+	s.XORKeyStream(out, ciphertext)
 	return ret, nil
 }
diff --git a/chacha20poly1305/chacha20poly1305_noasm.go b/chacha20poly1305/chacha20poly1305_noasm.go
index 4c2eb703c..f832b33d4 100644
--- a/chacha20poly1305/chacha20poly1305_noasm.go
+++ b/chacha20poly1305/chacha20poly1305_noasm.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !amd64 !go1.7 gccgo appengine
+//go:build !amd64 || !gc || purego
+// +build !amd64 !gc purego
 
 package chacha20poly1305
 
diff --git a/chacha20poly1305/chacha20poly1305_test.go b/chacha20poly1305/chacha20poly1305_test.go
index 78f981a74..82a4a3610 100644
--- a/chacha20poly1305/chacha20poly1305_test.go
+++ b/chacha20poly1305/chacha20poly1305_test.go
@@ -6,9 +6,12 @@ package chacha20poly1305
 
 import (
 	"bytes"
-	cr "crypto/rand"
+	"crypto/cipher"
+	cryptorand "crypto/rand"
 	"encoding/hex"
-	mr "math/rand"
+	"fmt"
+	mathrand "math/rand"
+	"strconv"
 	"testing"
 )
 
@@ -19,7 +22,18 @@ func TestVectors(t *testing.T) {
 		ad, _ := hex.DecodeString(test.aad)
 		plaintext, _ := hex.DecodeString(test.plaintext)
 
-		aead, err := New(key)
+		var (
+			aead cipher.AEAD
+			err  error
+		)
+		switch len(nonce) {
+		case NonceSize:
+			aead, err = New(key)
+		case NonceSizeX:
+			aead, err = NewX(key)
+		default:
+			t.Fatalf("#%d: wrong nonce length: %d", i, len(nonce))
+		}
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -42,7 +56,7 @@ func TestVectors(t *testing.T) {
 		}
 
 		if len(ad) > 0 {
-			alterAdIdx := mr.Intn(len(ad))
+			alterAdIdx := mathrand.Intn(len(ad))
 			ad[alterAdIdx] ^= 0x80
 			if _, err := aead.Open(nil, nonce, ct, ad); err == nil {
 				t.Errorf("#%d: Open was successful after altering additional data", i)
@@ -50,14 +64,14 @@ func TestVectors(t *testing.T) {
 			ad[alterAdIdx] ^= 0x80
 		}
 
-		alterNonceIdx := mr.Intn(aead.NonceSize())
+		alterNonceIdx := mathrand.Intn(aead.NonceSize())
 		nonce[alterNonceIdx] ^= 0x80
 		if _, err := aead.Open(nil, nonce, ct, ad); err == nil {
 			t.Errorf("#%d: Open was successful after altering nonce", i)
 		}
 		nonce[alterNonceIdx] ^= 0x80
 
-		alterCtIdx := mr.Intn(len(ct))
+		alterCtIdx := mathrand.Intn(len(ct))
 		ct[alterCtIdx] ^= 0x80
 		if _, err := aead.Open(nil, nonce, ct, ad); err == nil {
 			t.Errorf("#%d: Open was successful after altering ciphertext", i)
@@ -68,87 +82,117 @@ func TestVectors(t *testing.T) {
 
 func TestRandom(t *testing.T) {
 	// Some random tests to verify Open(Seal) == Plaintext
-	for i := 0; i < 256; i++ {
-		var nonce [12]byte
-		var key [32]byte
-
-		al := mr.Intn(128)
-		pl := mr.Intn(16384)
-		ad := make([]byte, al)
-		plaintext := make([]byte, pl)
-		cr.Read(key[:])
-		cr.Read(nonce[:])
-		cr.Read(ad)
-		cr.Read(plaintext)
-
-		aead, err := New(key[:])
-		if err != nil {
-			t.Fatal(err)
-		}
+	f := func(t *testing.T, nonceSize int) {
+		for i := 0; i < 256; i++ {
+			var nonce = make([]byte, nonceSize)
+			var key [32]byte
+
+			al := mathrand.Intn(128)
+			pl := mathrand.Intn(16384)
+			ad := make([]byte, al)
+			plaintext := make([]byte, pl)
+			cryptorand.Read(key[:])
+			cryptorand.Read(nonce[:])
+			cryptorand.Read(ad)
+			cryptorand.Read(plaintext)
+
+			var (
+				aead cipher.AEAD
+				err  error
+			)
+			switch len(nonce) {
+			case NonceSize:
+				aead, err = New(key[:])
+			case NonceSizeX:
+				aead, err = NewX(key[:])
+			default:
+				t.Fatalf("#%d: wrong nonce length: %d", i, len(nonce))
+			}
+			if err != nil {
+				t.Fatal(err)
+			}
 
-		ct := aead.Seal(nil, nonce[:], plaintext, ad)
+			ct := aead.Seal(nil, nonce[:], plaintext, ad)
 
-		plaintext2, err := aead.Open(nil, nonce[:], ct, ad)
-		if err != nil {
-			t.Errorf("Random #%d: Open failed", i)
-			continue
-		}
+			plaintext2, err := aead.Open(nil, nonce[:], ct, ad)
+			if err != nil {
+				t.Errorf("Random #%d: Open failed", i)
+				continue
+			}
 
-		if !bytes.Equal(plaintext, plaintext2) {
-			t.Errorf("Random #%d: plaintext's don't match: got %x vs %x", i, plaintext2, plaintext)
-			continue
-		}
+			if !bytes.Equal(plaintext, plaintext2) {
+				t.Errorf("Random #%d: plaintext's don't match: got %x vs %x", i, plaintext2, plaintext)
+				continue
+			}
 
-		if len(ad) > 0 {
-			alterAdIdx := mr.Intn(len(ad))
-			ad[alterAdIdx] ^= 0x80
-			if _, err := aead.Open(nil, nonce[:], ct, ad); err == nil {
-				t.Errorf("Random #%d: Open was successful after altering additional data", i)
+			if len(ad) > 0 {
+				alterAdIdx := mathrand.Intn(len(ad))
+				ad[alterAdIdx] ^= 0x80
+				if _, err := aead.Open(nil, nonce[:], ct, ad); err == nil {
+					t.Errorf("Random #%d: Open was successful after altering additional data", i)
+				}
+				ad[alterAdIdx] ^= 0x80
 			}
-			ad[alterAdIdx] ^= 0x80
-		}
 
-		alterNonceIdx := mr.Intn(aead.NonceSize())
-		nonce[alterNonceIdx] ^= 0x80
-		if _, err := aead.Open(nil, nonce[:], ct, ad); err == nil {
-			t.Errorf("Random #%d: Open was successful after altering nonce", i)
-		}
-		nonce[alterNonceIdx] ^= 0x80
+			alterNonceIdx := mathrand.Intn(aead.NonceSize())
+			nonce[alterNonceIdx] ^= 0x80
+			if _, err := aead.Open(nil, nonce[:], ct, ad); err == nil {
+				t.Errorf("Random #%d: Open was successful after altering nonce", i)
+			}
+			nonce[alterNonceIdx] ^= 0x80
 
-		alterCtIdx := mr.Intn(len(ct))
-		ct[alterCtIdx] ^= 0x80
-		if _, err := aead.Open(nil, nonce[:], ct, ad); err == nil {
-			t.Errorf("Random #%d: Open was successful after altering ciphertext", i)
+			alterCtIdx := mathrand.Intn(len(ct))
+			ct[alterCtIdx] ^= 0x80
+			if _, err := aead.Open(nil, nonce[:], ct, ad); err == nil {
+				t.Errorf("Random #%d: Open was successful after altering ciphertext", i)
+			}
+			ct[alterCtIdx] ^= 0x80
 		}
-		ct[alterCtIdx] ^= 0x80
 	}
+	t.Run("Standard", func(t *testing.T) { f(t, NonceSize) })
+	t.Run("X", func(t *testing.T) { f(t, NonceSizeX) })
 }
 
-func benchamarkChaCha20Poly1305Seal(b *testing.B, buf []byte) {
+func benchamarkChaCha20Poly1305Seal(b *testing.B, buf []byte, nonceSize int) {
+	b.ReportAllocs()
 	b.SetBytes(int64(len(buf)))
 
 	var key [32]byte
-	var nonce [12]byte
+	var nonce = make([]byte, nonceSize)
 	var ad [13]byte
 	var out []byte
 
-	aead, _ := New(key[:])
+	var aead cipher.AEAD
+	switch len(nonce) {
+	case NonceSize:
+		aead, _ = New(key[:])
+	case NonceSizeX:
+		aead, _ = NewX(key[:])
+	}
+
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		out = aead.Seal(out[:0], nonce[:], buf[:], ad[:])
 	}
 }
 
-func benchamarkChaCha20Poly1305Open(b *testing.B, buf []byte) {
+func benchamarkChaCha20Poly1305Open(b *testing.B, buf []byte, nonceSize int) {
+	b.ReportAllocs()
 	b.SetBytes(int64(len(buf)))
 
 	var key [32]byte
-	var nonce [12]byte
+	var nonce = make([]byte, nonceSize)
 	var ad [13]byte
 	var ct []byte
 	var out []byte
 
-	aead, _ := New(key[:])
+	var aead cipher.AEAD
+	switch len(nonce) {
+	case NonceSize:
+		aead, _ = New(key[:])
+	case NonceSizeX:
+		aead, _ = NewX(key[:])
+	}
 	ct = aead.Seal(ct[:0], nonce[:], buf[:], ad[:])
 
 	b.ResetTimer()
@@ -157,26 +201,68 @@ func benchamarkChaCha20Poly1305Open(b *testing.B, buf []byte) {
 	}
 }
 
-func BenchmarkChacha20Poly1305Open_64(b *testing.B) {
-	benchamarkChaCha20Poly1305Open(b, make([]byte, 64))
+func BenchmarkChacha20Poly1305(b *testing.B) {
+	for _, length := range []int{64, 1350, 8 * 1024} {
+		b.Run("Open-"+strconv.Itoa(length), func(b *testing.B) {
+			benchamarkChaCha20Poly1305Open(b, make([]byte, length), NonceSize)
+		})
+		b.Run("Seal-"+strconv.Itoa(length), func(b *testing.B) {
+			benchamarkChaCha20Poly1305Seal(b, make([]byte, length), NonceSize)
+		})
+
+		b.Run("Open-"+strconv.Itoa(length)+"-X", func(b *testing.B) {
+			benchamarkChaCha20Poly1305Open(b, make([]byte, length), NonceSizeX)
+		})
+		b.Run("Seal-"+strconv.Itoa(length)+"-X", func(b *testing.B) {
+			benchamarkChaCha20Poly1305Seal(b, make([]byte, length), NonceSizeX)
+		})
+	}
 }
 
-func BenchmarkChacha20Poly1305Seal_64(b *testing.B) {
-	benchamarkChaCha20Poly1305Seal(b, make([]byte, 64))
-}
+func ExampleNewX() {
+	// key should be randomly generated or derived from a function like Argon2.
+	key := make([]byte, KeySize)
+	if _, err := cryptorand.Read(key); err != nil {
+		panic(err)
+	}
 
-func BenchmarkChacha20Poly1305Open_1350(b *testing.B) {
-	benchamarkChaCha20Poly1305Open(b, make([]byte, 1350))
-}
+	aead, err := NewX(key)
+	if err != nil {
+		panic(err)
+	}
 
-func BenchmarkChacha20Poly1305Seal_1350(b *testing.B) {
-	benchamarkChaCha20Poly1305Seal(b, make([]byte, 1350))
-}
+	// Encryption.
+	var encryptedMsg []byte
+	{
+		msg := []byte("Gophers, gophers, gophers everywhere!")
 
-func BenchmarkChacha20Poly1305Open_8K(b *testing.B) {
-	benchamarkChaCha20Poly1305Open(b, make([]byte, 8*1024))
-}
+		// Select a random nonce, and leave capacity for the ciphertext.
+		nonce := make([]byte, aead.NonceSize(), aead.NonceSize()+len(msg)+aead.Overhead())
+		if _, err := cryptorand.Read(nonce); err != nil {
+			panic(err)
+		}
+
+		// Encrypt the message and append the ciphertext to the nonce.
+		encryptedMsg = aead.Seal(nonce, nonce, msg, nil)
+	}
+
+	// Decryption.
+	{
+		if len(encryptedMsg) < aead.NonceSize() {
+			panic("ciphertext too short")
+		}
+
+		// Split nonce and ciphertext.
+		nonce, ciphertext := encryptedMsg[:aead.NonceSize()], encryptedMsg[aead.NonceSize():]
+
+		// Decrypt the message and check it wasn't tampered with.
+		plaintext, err := aead.Open(nil, nonce, ciphertext, nil)
+		if err != nil {
+			panic(err)
+		}
+
+		fmt.Printf("%s\n", plaintext)
+	}
 
-func BenchmarkChacha20Poly1305Seal_8K(b *testing.B) {
-	benchamarkChaCha20Poly1305Seal(b, make([]byte, 8*1024))
+	// Output: Gophers, gophers, gophers everywhere!
 }
diff --git a/chacha20poly1305/chacha20poly1305_vectors_test.go b/chacha20poly1305/chacha20poly1305_vectors_test.go
index 49f0da6b7..76823d13e 100644
--- a/chacha20poly1305/chacha20poly1305_vectors_test.go
+++ b/chacha20poly1305/chacha20poly1305_vectors_test.go
@@ -8,11 +8,19 @@ var chacha20Poly1305Tests = []struct {
 	plaintext, aad, key, nonce, out string
 }{
 	{
+		"",
+		"",
+		"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+		"070000004041424344454647",
+		"a0784d7a4716f3feb4f64e7f4b39bf04",
+	},
+	{
+		// https://tools.ietf.org/html/draft-irtf-cfrg-xchacha-01#appendix-A.3.1
 		"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
 		"50515253c0c1c2c3c4c5c6c7",
 		"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
-		"070000004041424344454647",
-		"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd0600691",
+		"404142434445464748494a4b4c4d4e4f5051525354555657",
+		"bd6d179d3e83d43b9576579493c0e939572a1700252bfaccbed2902c21396cbb731c7f1b0b4aa6440bf3a82f4eda7e39ae64c6708c54c216cb96b72e1213b4522f8c9ba40db5d945b11b69b982c1bb9e3f3fac2bc369488f76b2383565d3fff921f9664c97637da9768812f615c68b13b52ec0875924c1c7987947deafd8780acf49",
 	},
 	{
 		"1400000cebccee3bf561b292340fec60",
@@ -329,4 +337,391 @@ var chacha20Poly1305Tests = []struct {
 		"129039b5572e8a7a8131f76a",
 		"2c125232a59879aee36cacc4aca5085a4688c4f776667a8fbd86862b5cfb1d57c976688fdd652eafa2b88b1b8e358aa2110ff6ef13cdc1ceca9c9f087c35c38d89d6fbd8de89538070f17916ecb19ca3ef4a1c834f0bdaa1df62aaabef2e117106787056c909e61ecd208357dd5c363f11c5d6cf24992cc873cf69f59360a820fcf290bd90b2cab24c47286acb4e1033962b6d41e562a206a94796a8ab1c6b8bade804ff9bdf5ba6062d2c1f8fe0f4dfc05720bd9a612b92c26789f9f6a7ce43f5e8e3aee99a9cd7d6c11eaa611983c36935b0dda57d898a60a0ab7c4b54",
 	},
+
+	// XChaCha20-Poly1305 vectors
+	{
+		"000000000000000000000000000000",
+		"",
+		"0000000000000000000000000000000000000000000000000000000000000000",
+		"000000000000000000000000000000000000000000000000",
+		"789e9689e5208d7fd9e1f3c5b5341fb2f7033812ac9ebd3745e2c99c7bbfeb",
+	},
+	{
+		"02dc819b71875e49f5e1e5a768141cfd3f14307ae61a34d81decd9a3367c00c7",
+		"",
+		"b7bbfe61b8041658ddc95d5cbdc01bbe7626d24f3a043b70ddee87541234cff7",
+		"e293239d4c0a07840c5f83cb515be7fd59c333933027e99c",
+		"7a51f271bd2e547943c7be3316c05519a5d16803712289aa2369950b1504dd8267222e47b13280077ecada7b8795d535",
+	},
+	{
+		"7afc5f3f24155002e17dc176a8f1f3a097ff5a991b02ff4640f70b90db0c15c328b696d6998ea7988edfe3b960e47824e4ae002fbe589be57896a9b7bf5578599c6ba0153c7c",
+		"d499bb9758debe59a93783c61974b7",
+		"4ea8fab44a07f7ffc0329b2c2f8f994efdb6d505aec32113ae324def5d929ba1",
+		"404d5086271c58bf27b0352a205d21ce4367d7b6a7628961",
+		"26d2b46ad58b6988e2dcf1d09ba8ab6f532dc7e0847cdbc0ed00284225c02bbdb278ee8381ebd127a06926107d1b731cfb1521b267168926492e8f77219ad922257a5be2c5e52e6183ca4dfd0ad3912d7bd1ec968065",
+	},
+	{
+		"",
+		"",
+		"48d8bd02c2e9947eae58327114d35e055407b5519c8019535efcb4fc875b5e2b",
+		"cc0a587a475caba06f8dbc09afec1462af081fe1908c2cba",
+		"fc3322d0a9d6fac3eb4a9e09b00b361e",
+	},
+	{
+		"e0862731e5",
+		"",
+		"6579e7ee96151131a1fcd06fe0d52802c0021f214960ecceec14b2b8591f62cd",
+		"e2230748649bc22e2b71e46a7814ecabe3a7005e949bd491",
+		"e991efb85d8b1cfa3f92cb72b8d3c882e88f4529d9",
+	},
+	{
+		"00c7dd8f440af1530b44",
+		"",
+		"ffb733657c849d50ab4ab40c4ae18f8ee2f0acf7c907afefdc04dff3537fdff3",
+		"02c6fd8032a8d89edbedcd1db024c09d29f08b1e74325085",
+		"13dbcdb8c60c3ed28449a57688edfaea89e309ab4faa6d51e532",
+	},
+	{
+		"7422f311ea476cf819cb8b3c77369f",
+		"",
+		"ef0d05d028d6abdd5e99d1761d2028de75ee6eb376ff0dc8036e9a8e10743876",
+		"f772745200b0f92e38f1d8dae79bf8138e84b301f0be74df",
+		"d5f992f9834df1be86b580ac59c7eae063a68072829c51bc8a26970dd3d310",
+	},
+	{
+		"ba09ca69450e6c7bece31a7a3f216e3b9ed0e536",
+		"",
+		"8d93e31abfe22a63faf45cbea91877050718f13fef6e2664a1892d7f23007ccf",
+		"260b7b3554a7e6ff8aae7dd6234077ca539689a20c1610a8",
+		"c99e9a768eb2ec8569bdff8a37295069552faebcafb1a76e98bc7c5b6b778b3d1b6291f0",
+	},
+	{
+		"424ec5f98a0fdc5a7388532d11ab0edb26733505627b7f2d1f",
+		"",
+		"b68d5e6c46cdbb0060445522bdc5c562ae803b6aaaf1e103c146e93527a59299",
+		"80bb5dc1dd44a35ec4f91307f1a95b4ca31183a1a596fb7c",
+		"29d4eed0fff0050d4bb40de3b055d836206e7cbd62de1a63904f0cf731129ba3f9c2b9d46251a6de89",
+	},
+	{
+		"e7e4515cc0a6ef0491af983eaac4f862d6e726758a3c657f4ec444841e42",
+		"",
+		"e31a1d3af650e8e2848bd78432d89ecd1fdece9842dc2792e7bda080f537b17b",
+		"f3f09905e9a871e757348834f483ed71be9c0f437c8d74b0",
+		"f5c69528963e17db725a28885d30a45194f12848b8b7644c7bded47a2ee83e6d4ef34006305cfdf82effdced461d",
+	},
+	{
+		"0f5ca45a54875d1d19e952e53caeaa19389342f776dab11723535503338d6f77202a37",
+		"",
+		"1031bc920d4fcb4434553b1bf2d25ab375200643bf523ff037bf8914297e8dca",
+		"4cc77e2ef5445e07b5f44de2dc5bf62d35b8c6f69502d2bf",
+		"7aa8669e1bfe8b0688899cdddbb8cee31265928c66a69a5090478da7397573b1cc0f64121e7d8bff8db0ddd3c17460d7f29a12",
+	},
+	{
+		"c45578c04c194994e89025c7ffb015e5f138be3cd1a93640af167706aee2ad25ad38696df41ad805",
+		"",
+		"ac8648b7c94328419c668ce1c57c71893adf73abbb98892a4fc8da17400e3a5e",
+		"4ad637facf97af5fc03207ae56219da9972858b7430b3611",
+		"49e093fcd074fb67a755669119b8bd430d98d9232ca988882deeb3508bde7c00160c35cea89092db864dcb6d440aefa5aacb8aa7b9c04cf0",
+	},
+	{
+		"b877bfa192ea7e4c7569b9ee973f89924d45f9d8ed03c7098ad0cad6e7880906befedcaf6417bb43efabca7a2f",
+		"",
+		"125e331d5da423ecabc8adf693cdbc2fc3d3589740d40a3894f914db86c02492",
+		"913f8b2f08006e6260de41ec3ee01d938a3e68fb12dc44c4",
+		"1be334253423c90fc8ea885ee5cd3a54268c035ba8a2119e5bd4f7822cd7bf9cb4cec568d5b6d6292606d32979e044df3504e6eb8c0b2fc7e2a0e17d62",
+	},
+	{
+		"d946484a1df5f85ff72c92ff9e192660cde5074bd0ddd5de900c35eb10ed991113b1b19884631bc8ceb386bcd83908061ce9",
+		"",
+		"b7e83276373dcf8929b6a6ea80314c9de871f5f241c9144189ee4caf62726332",
+		"f59f9d6e3e6c00720dc20dc21586e8330431ebf42cf9180e",
+		"a38a662b18c2d15e1b7b14443cc23267a10bee23556b084b6254226389c414069b694159a4d0b5abbe34de381a0e2c88b947b4cfaaebf50c7a1ad6c656e386280ad7",
+	},
+	{
+		"d266927ca40b2261d5a4722f3b4da0dd5bec74e103fab431702309fd0d0f1a259c767b956aa7348ca923d64c04f0a2e898b0670988b15e",
+		"",
+		"a60e09cd0bea16f26e54b62b2908687aa89722c298e69a3a22cf6cf1c46b7f8a",
+		"92da9d67854c53597fc099b68d955be32df2f0d9efe93614",
+		"9dd6d05832f6b4d7f555a5a83930d6aed5423461d85f363efb6c474b6c4c8261b680dea393e24c2a3c8d1cc9db6df517423085833aa21f9ab5b42445b914f2313bcd205d179430",
+	},
+	{
+		"f7e11b4d372ed7cb0c0e157f2f9488d8efea0f9bbe089a345f51bdc77e30d1392813c5d22ca7e2c7dfc2e2d0da67efb2a559058d4de7a11bd2a2915e",
+		"",
+		"194b1190fa31d483c222ec475d2d6117710dd1ac19a6f1a1e8e894885b7fa631",
+		"6b07ea26bb1f2d92e04207b447f2fd1dd2086b442a7b6852",
+		"25ae14585790d71d39a6e88632228a70b1f6a041839dc89a74701c06bfa7c4de3288b7772cb2919818d95777ab58fe5480d6e49958f5d2481431014a8f88dab8f7e08d2a9aebbe691430011d",
+	},
+	{
+		"",
+		"1e2b11e3",
+		"70cd96817da85ede0efdf03a358103a84561b25453dee73735e5fb0161b0d493",
+		"5ddeba49f7266d11827a43931d1c300dd47a3c33f9f8bf9b",
+		"592fc4c19f3cddec517b2a00f9df9665",
+	},
+	{
+		"81b3cb7eb3",
+		"efcfd0cf",
+		"a977412f889281a6d75c24186f1bfaa00dcc5132f0929f20ef15bbf9e63c4c91",
+		"3f26ca997fb9166d9c615babe3e543ca43ab7cab20634ac5",
+		"8e4ade3e254cf52e93eace5c46667f150832725594",
+	},
+	{
+		"556f97f2ebdb4e949923",
+		"f7cee2e0",
+		"787b3e86546a51028501c801dadf8d5b996fd6f6f2363d5d0f900c44f6a2f4c2",
+		"7fa6af59a779657d1cada847439ea5b92a1337cfbebbc3b1",
+		"608ec22dae5f48b89d6f0d2a940d5a7661e0a8e68aaee4ad2d96",
+	},
+	{
+		"c06847a36ad031595b60edd44dc245",
+		"d4175e1f",
+		"16de31e534dd5af32801b1acd0ec541d1f8d82bcbc3af25ec815f3575b7aca73",
+		"29f6656972838f56c1684f6a278f9e4e207b51d68706fc25",
+		"836082cc51303e500fceade0b1a18f1d97d64ff41cc81754c07d6231b9fd1b",
+	},
+	{
+		"0d03c22ced7b29c6741e72166cd61792028dfc80",
+		"e505dad0",
+		"ac2b426e5c5c8e00666180a3410e8a2f6e52247a43aecea9622163e8433c93b2",
+		"c1123430468228625967bbc0fbd0f963e674372259ff2deb",
+		"bf09979bf4fed2eec6c97f6e1bcfac35eeffc6d54a55cc1d83d8767ae74db2d7cdfbc371",
+	},
+	{
+		"05bf00e1707cffe7ccbd06a9f846d0fd471a700ed43b4facb8",
+		"d863bebe",
+		"66c121f0f84b95ba1e6d29e7d81900bc96a642421b9b6105ae5eb5f2e7b07577",
+		"8ed6ae211a661e967995b71f7316ba88f44322bb62b4187b",
+		"b2c5c85d087e0305e9058fba52b661fb3d7f21cb4d4915ae048bc9e5d66a2f921dd4a1c1b030f442c9",
+	},
+	{
+		"5f2b91a9be8bfaa21451ddc6c5cf28d1cc00b046b76270b95cda3c280c83",
+		"a8750275",
+		"39592eb276877fca9dd11e2181c0b23127328407e3cc11e315e5d748f43529cc",
+		"1084bebd756f193d9eea608b3a0193a5028f8ced19684821",
+		"eaee1f49ac8468154c601a5dd8b84d597602e5a73534b5fad5664f97d0f017dd114752be969679cf610340c6a312",
+	},
+	{
+		"01e8e269b5376943f3b2d245483a76461dc8b7634868b559165f5dbb20839029fae9bb",
+		"a1e96da0",
+		"b8386123b87e50d9d046242cf1bf141fce7f65aff0fba76861a2bc72582d6ff0",
+		"0fbe2a13a89bea031de96d78f9f11358ba7b6a5e724b4392",
+		"705ec3f910ec85c6005baa99641de6ca43332ff52b5466df6af4ffbe4ef2a376a8f871d1eae503b5896601fee005cdc1f4c1c6",
+	},
+	{
+		"706daba66e2edb1f828f3c0051e3cc214b12210bde0587bba02580f741a4c83e84d4e9fe961120cd",
+		"87663c5a",
+		"d519d82ba8a3f0c3af9efe36682b62e285167be101a526c1d73000f169c2a486",
+		"ad651aac536978e2bc1a54816345ac5e9a9b43b3d9cc0bfc",
+		"07051b5e72da9c4811beb07ff9f95aece67eae18420eb3f0e8bb8a5e26d4b483fa40eb063a2354842d0c8a41d981cc2b77c530b496db01c8",
+	},
+	{
+		"1f6b24f2f0d9eb460d726bed953d66fcc4ecc29da6ed2fd711358eac3b2609d74ba3e21885156cde3cbe6d9b6f",
+		"f5efbc4e",
+		"86068a00544f749ad4ad15bb8e427ae78577ae22f4ca9778efff828ba10f6b20",
+		"c8420412c9626dcd34ece14593730f6aa2d01ec51cacd59f",
+		"a99f6c88eac35bb34439e34b292fe9db8192446dcdc81e2192060ec36d98b47de2bee12bf0f67cb24fb0949c07733a6781cd9455cdc61123f506886b04",
+	},
+	{
+		"d69389d83362be8c0ddb738659a6cc4bd65d88cb5b525232f4d59a7d4751a7203c254923ecb6873e803220aab19664789a63",
+		"bc35fb1c",
+		"835855b326a98682b3075b4d7f1b89059c3cdfc547d4296c80ce7a77ba6434e3",
+		"c27cb75fc319ba431cbaeb120341d0c4745d883eb47e92bc",
+		"db6dc3f9a0f4f1a6df2495a88910550c2c6205478bfc1e81282e34b5b36d984c72c0509c522c987c61d2e640ced69402a6d33aa10d3d0b81e680b3c19bc142e81923",
+	},
+	{
+		"a66a7f089115ed9e2d5bb5d33d7282a7afe401269b00f2a233a59c04b794a42901d862140b61d18d7c7f0ad5da040613e557f8abc74219",
+		"2c060aaf",
+		"99758aa7714fd707931f71803eefe04a06955041308a0b2a1104313b270ccf34",
+		"63f690d8926408c7a34fe8ddd505a8dc58769dc74e8d5da6",
+		"92b21ee85afcd8996ac28f3aed1047ad814d6e4ffbca3159af16f26eded83e4abda9e4275eb3ff0ad90dffe09f2d443b628f824f680b46527ce0128e8de1920f7c44350ebe7913",
+	},
+	{
+		"f955183b1f762d4536d3f6885ea7f5ac27414caf46c2e24a2fd3bd56b91c53d840fb657224565e0a6f686f8ba320e04a401057399d9a3d995ab17c13",
+		"c372ddc5",
+		"a188be3795b2ca2e69b6aa263244f0963c492d694cf6c9b705a1d7045f3f2a26",
+		"51bb484ea094ee140474681e1c838e4442fd148de2cc345a",
+		"48759a5ddfdd829d11de8e0c538ce4a9c475faab6912039b568ad92d737d172fc1eb0c00c3793de6dddbfacfdbbc7f44aeba33684e18005aa982b6fc6c556e63bb90ff7a1dde8153a63eabe0",
+	},
+	{
+		"",
+		"e013cd0bfafd486d",
+		"af3d3ba094d38299ecb91c17bfe3d085da5bd42e11acf8acb5bc26a4be9a7583",
+		"7dd63c14173831f109761b1c1abe18f6ba937d825957011b",
+		"8bc685a7d9d501952295cd25d8c92517",
+	},
+	{
+		"284b64597e",
+		"31d013e53aa3ea79",
+		"93c77409d7f805f97fe683b2dd6ee06152a5e918b3eed5b731acccffdcb2cc04",
+		"3d331e90c4597cf0c30d1b7cfbd07bcb6ab927eda056873c",
+		"3538a449d6c18d148a8c6cb76f1bc288657ac7036a",
+	},
+	{
+		"9fe67f5c78180ede8274",
+		"188608d230d75860",
+		"b7cca89a82640aea6f80b458c9e633d88594fb498959d39787be87030892d48f",
+		"ef891d50e8c08958f814590fdb7a9f16c61cc2aae1682109",
+		"bbb40c30f3d1391a5b38df480cbbf964b71e763e8140751f4e28",
+	},
+	{
+		"3a2826b6f7e3d542e4ded8f23c9aa4",
+		"260033e789c4676a",
+		"7fe2731214f2b4b42f93217d43f1776498413725e4f6cfe62b756e5a52df10ea",
+		"888728219ebf761547f5e2218532714403020e5a8b7a49d0",
+		"fe0328f883fcd88930ae017c0f54ed90f883041efc020e959125af370c1d47",
+	},
+	{
+		"91858bf7b969005d7164acbd5678052b651c53e0",
+		"f3cc53ecafcbadb3",
+		"d69c04e9726b22d51f97bc9da0f0fda86736e6b78e8ef9f6f0000f79890d6d43",
+		"6de3c45161b434e05445cf6bf69eef7bddf595fc6d8836bd",
+		"a8869dd578c0835e120c843bb7dedc7a1e9eae24ffd742be6bf5b74088a8a2c550976fcb",
+	},
+	{
+		"b3b1a4d6b2a2b9c5a1ca6c1efaec34dcfa1acbe7074d5e10cc",
+		"d0f72bd16cda3bae",
+		"2b317857b089c9305c49b83019f6e158bc4ecc3339b39ade02ee10c37c268da0",
+		"cb5fa6d1e14a0b4bdf350cd10c8a7bd638102911ec74be09",
+		"e6372f77c14343650074e07a2b7223c37b29242224b722b24d63b5956f27aa64ce7ce4e39cd14a2787",
+	},
+	{
+		"057d3e9f865be7dff774938cab6d080e50cf9a1593f53c0063201e0bb7ae",
+		"fd3881e505c8b12d",
+		"36e42b1ef1ee8d068f09b5fad3ee43d98d34aa3e3f994f2055aee139da71de9d",
+		"24124da36473d01bdca30297c9eef4fe61955525a453da17",
+		"a8b28139524c98c1f8776f442eac4c22766fe6aac83224641c58bf021fc9cb709ec4706f49c2d0c1828acf2bfe8d",
+	},
+	{
+		"bd8f13e928c34d67a6c70c3c7efdf2982ecc31d8cee68f9cbddc75912cd828ac93d28b",
+		"193206c8fcc5b19b",
+		"6e47c40c9d7b757c2efca4d73890e4c73f3c859aab4fdc64b564b8480dd84e72",
+		"ca31340ae20d30fe488be355cb36652c5db7c9d6265a3e95",
+		"a121efc5e1843deade4b8adbfef1808de4eda222f176630ad34fb476fca19e0299e4a13668e53cf13882035ba4f04f47c8b4e3",
+	},
+	{
+		"23067a196e977d10039c14ff358061c918d2148d31961bb3e12c27c5122383cb25c4d1d79c775720",
+		"62338d02fff78a00",
+		"2c5c79c92d91fb40ef7d0a77e8033f7b265e3bab998b8116d17b2e62bb4f8a09",
+		"024736adb1d5c01006dffd8158b57936d158d5b42054336d",
+		"46d0905473a995d38c7cdbb8ef3da96ecc82a22c5b3c6c9d1c4a61ae7a17db53cb88c5f7eccf2da1d0c417c300f989b4273470e36f03542f",
+	},
+	{
+		"252e966c680329eb687bff813b78fea3bfd3505333f106c6f9f45ba69896723c41bb763793d9b266e897d05557",
+		"1e93e0cfe6523380",
+		"9ec6fd1baa13ee16aec3fac16718a2baccf18a403cec467c25b7448e9b321110",
+		"e7120b1018ab363a36e61102eedbcbe9847a6cbacaa9c328",
+		"2934f034587d4144bb11182679cd2cd1c99c8088d18e233379e9bc9c41107a1f57a2723ecc7b9ba4e6ee198adf0fd766738e828827dc73136fc5b996e9",
+	},
+	{
+		"6744aefcb318f12bc6eeb59d4d62f7eb95f347cea14bd5158415f07f84e4e3baa3de07512d9b76095ac1312cfcb1bb77f499",
+		"608d2a33ce5d0b04",
+		"0f665cbdaaa40f4f5a00c53d951b0a98aac2342be259a52670f650a783be7aab",
+		"378bdb57e957b8c2e1500c9513052a3b02ff5b7edbd4a3a7",
+		"341c60fcb374b394f1b01a4a80aedef49ab0b67ec963675e6eec43ef106f7003be87dbf4a8976709583dccc55abc7f979c4721837e8664a69804ea31736aa2af615a",
+	},
+	{
+		"bcf1004f988220b7ce063ef2ec4e276ffd074f0a90aa807de1532679d2a1505568eaa4192d9a6ea52cc500322343ce9f8e68cc2c606d83",
+		"e64bd00126c8792c",
+		"58e65150d6a15dcefbc14a171998987ad0d709fb06a17d68d6a778759681c308",
+		"106d2bd120b06e4eb10bc674fe55c77a3742225268319303",
+		"a28052a6686a1e9435fee8702f7da563a7b3d7b5d3e9e27f11abf73db309cd1f39a34756258c1c5c7f2fb12cf15eb20175c2a08fc93dd19c5e482ef3fbef3d8404a3cfd54a7baf",
+	},
+	{
+		"acd08d4938a224b4cb2d723bf75420f3ea27b698fadd815bb7db9548a05651398644354334e69f8e4e5503bf1a6f92b38e860044a7edca6874038ce1",
+		"28a137808d0225b8",
+		"a031203b963a395b08be55844d81af39d19b23b7cc24b21afa31edc1eea6edd6",
+		"e8b31c52b6690f10f4ae62ba9d50ba39fb5edcfb78400e35",
+		"35cf39ba31da95ac9b661cdbd5e9c9655d13b8ff065c4ec10c810833a47a87d8057dd1948a7801bfe6904b49fed0aabfb3cd755a1a262d372786908ddcf64cae9f71cb9ed199c3ddacc50116",
+	},
+	{
+		"",
+		"cda7ee2857e09e9054ef6806",
+		"d91dffb18132d8dd3d144a2f10ba28bc5df36cb60369f3b19893ec91db3cf904",
+		"ee56f19c62b0438da6a0d9e01844313902be44f84a6a4ce7",
+		"ccd48b61a5683c195d4424009eb1d147",
+	},
+	{
+		"350f4c7ac2",
+		"7c104b539c1d2ae022434cd6",
+		"cbb61e369117f9250f68fa707240c554359262a4d66c757f80e3aeb6920894fb",
+		"fbb14c9943444eac5413c6f5c8095451eddece02c9461043",
+		"b5c6a35865ed8e5216ff6c77339ee1ab570de50e51",
+	},
+	{
+		"4f0d61d3ea03a44a8df0",
+		"51c20a8ae9e9794da931fe23",
+		"ba6ced943aa62f9261d7513b822e02054e099acafb5360f0d850064da48b5a4f",
+		"04c68cb50cdbb0ec03f8381cf59b886e64c40548bf8e3f82",
+		"ea45a73957e2a853655623f2a3bb58791f7ea36dd2957ed66ffa",
+	},
+	{
+		"4fbdd4d4293a8f34fdbc8f3ad44cf6",
+		"8212f315e3759c3253c588bb",
+		"5354791bc2370415811818e913e310dd12e6a0cf5dcab2b6424816eecccf4b65",
+		"7ee6353c2fbc73c9ebc652270bc86e4008e09583e623e679",
+		"50a354811a918e1801fb567621a8924baf8dd79da6d36702855d3753f1319c",
+	},
+	{
+		"5a6f68b5a9a9920ca9c6edf5be7c0af150a063c4",
+		"9a524aa62938fb7a1e50ed06",
+		"fd91605a6ad85d8ba7a71b08dce1032aa9992bf4f28d407a53ddda04c043cada",
+		"46791d99d6de33e79025bf9e97c198e7cf409614c6284b4d",
+		"648033c1eb615467e90b7d3ac24202d8b849549141f9bab03e9e910c29b8eab3d4fb3f2c",
+	},
+	{
+		"d9318c2c0d9ed89e35d242a6b1d496e7e0c5bbdf77eba14c56",
+		"a16053c35fbe8dc93c14a81f",
+		"f21406aec83134ebf7bc48c6d0f45acb5f341fbc7d3b5a9bff3ea1333c916af7",
+		"de6b977be450d5efa7777e006802ddbb10814a22da1c3cd9",
+		"8d3dad487d5161663da830b71c3e24ec5cdb74d858cbb73b084ed0902198532aad3a18416966bff223",
+	},
+	{
+		"68d0ee08d38cb4bcc9268fee3030666e70e41fcabf6fe06536eeec43eec5",
+		"11e09447d40b22dc98070eec",
+		"da5ee1ec02eab13220fcb94f16efec848a8dd57c0f4d67955423f5d17fde5aa3",
+		"8f13e61d773a250810f75d46bf163a3f9205be5751f6049a",
+		"92a103b03764c1ad1f88500d22eeae5c0fe1044c872987c0b97affc5e8c3d783f8cc28a11dc91990ea22dd1bad74",
+	},
+	{
+		"a1d960bda08efcf19e136dc1e8b05b6b381c820eda5f9a8047e1a2dd1803a1e4d11a7f",
+		"aa73d8d4aaa0cfd9d80a9ae8",
+		"08028833d617c28ba75b48f177cb5da87189189abb68dcb8974eca9230c25945",
+		"f7b6f34a910fd11588f567de8555932291f7df05f6e2b193",
+		"99cfc4cca193998bae153b744e6c94a82a2867780aa0f43acddb7c433fcb297311313ec2199f00d7ca7da0646b40113c60e935",
+	},
+	{
+		"3b4ae39a745b6247ce5baf675ec36c5065b1bf76c8379eab4b769961d43a753896d068938017777e",
+		"128c017a985052f8cdbc6b28",
+		"4683d5caff613187a9b16af897253848e9c54fc0ec319de62452a86961d3cbb2",
+		"5612a13c2da003b91188921cbac3fa093eba99d8cbbb51ff",
+		"91a98b93b2174257175f7c882b45cc252e0db8667612bd270c1c12fe28b6bf209760bf8f370318f92ae3f88a5d4773b05714132cc28dddb8",
+	},
+	{
+		"22ccf680d2995ef6563de281cff76882a036a59ad73f250e710b3040590d69bccde8a8411abe8b0d3cb728ca82",
+		"13a97d0a167a61aa21e531ec",
+		"9e140762eed274948b66de25e6e8f36ab65dc730b0cb096ef15aaba900a5588c",
+		"d0e9594cfd42ab72553bf34062a263f588bb8f1fc86a19f5",
+		"f194fc866dfba30e42c4508b7d90b3fa3f8983831ede713334563e36aa861f2f885b40be1dbe20ba2d10958a12823588d4bbbefb81a87d87315204f5e3",
+	},
+	{
+		"a65f5d10c482b3381af296e631eb605eba6a11ccec6ceab021460d0bd35feb676ec6dbba5d4ad6c9f4d683ea541035bc80fa",
+		"f15ae71ffed50a8fcc4996b0",
+		"f535d60e8b75ac7e526041eed86eb4d65ae7e315eff15dba6c0133acc2a6a4bf",
+		"01ba61691ebb3c66d2f94c1b1c597ecd7b5ff7d2a30be405",
+		"d79e7c3893df5a5879c2f0a3f7ca619f08e4540f3ac7db35790b4211b9d47ae735adadf35fd47252a4763e3fd2b2cd8157f6ea7986108a53437962670a97d68ee281",
+	},
+	{
+		"8c014655b97f6da76b0b168b565fd62de874c164fd7e227346a0ec22c908bed1e2a0b429620e6f3a68dd518f13a2c0250608a1cb08a7c3",
+		"10a7eff999029c5040c1b3bd",
+		"bf11af23e88c350a443493f6fa0eb34f234f4daa2676e26f0701bce5642d13f4",
+		"f14c97392afd2e32e2c625910ca029f9b6e81676c79cc42f",
+		"78d5226f372d5d60681dbfc749d12df74249f196b0cbf14fa65a3a59dc65ae458455ec39baa1df3397afe752bb06f6f13bf03c99abda7a95c1d0b73fd92d5f888a5f6f889a9aea",
+	},
+	{
+		"66234d7a5b71eef134d60eccf7d5096ee879a33983d6f7a575e3a5e3a4022edccffe7865dde20b5b0a37252e31cb9a3650c63e35b057a1bc200a5b5b",
+		"ccc2406f997bcae737ddd0f5",
+		"d009eeb5b9b029577b14d200b7687b655eedb7d74add488f092681787999d66d",
+		"99319712626b400f9458dbb7a9abc9f5810f25b47fc90b39",
+		"543a2bbf52fd999027ae7c297353f3ce986f810bc2382583d0a81fda5939e4c87b6e8d262790cd614d6f753d8035b32adf43acc7f6d4c2c44289538928564b6587c2fcb99de1d8e34ffff323",
+	},
 }
diff --git a/chacha20poly1305/internal/chacha20/chacha_generic.go b/chacha20poly1305/internal/chacha20/chacha_generic.go
deleted file mode 100644
index f9e8a3a2f..000000000
--- a/chacha20poly1305/internal/chacha20/chacha_generic.go
+++ /dev/null
@@ -1,199 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package ChaCha20 implements the core ChaCha20 function as specified in https://tools.ietf.org/html/rfc7539#section-2.3.
-package chacha20
-
-import "encoding/binary"
-
-const rounds = 20
-
-// core applies the ChaCha20 core function to 16-byte input in, 32-byte key k,
-// and 16-byte constant c, and puts the result into 64-byte array out.
-func core(out *[64]byte, in *[16]byte, k *[32]byte) {
-	j0 := uint32(0x61707865)
-	j1 := uint32(0x3320646e)
-	j2 := uint32(0x79622d32)
-	j3 := uint32(0x6b206574)
-	j4 := binary.LittleEndian.Uint32(k[0:4])
-	j5 := binary.LittleEndian.Uint32(k[4:8])
-	j6 := binary.LittleEndian.Uint32(k[8:12])
-	j7 := binary.LittleEndian.Uint32(k[12:16])
-	j8 := binary.LittleEndian.Uint32(k[16:20])
-	j9 := binary.LittleEndian.Uint32(k[20:24])
-	j10 := binary.LittleEndian.Uint32(k[24:28])
-	j11 := binary.LittleEndian.Uint32(k[28:32])
-	j12 := binary.LittleEndian.Uint32(in[0:4])
-	j13 := binary.LittleEndian.Uint32(in[4:8])
-	j14 := binary.LittleEndian.Uint32(in[8:12])
-	j15 := binary.LittleEndian.Uint32(in[12:16])
-
-	x0, x1, x2, x3, x4, x5, x6, x7 := j0, j1, j2, j3, j4, j5, j6, j7
-	x8, x9, x10, x11, x12, x13, x14, x15 := j8, j9, j10, j11, j12, j13, j14, j15
-
-	for i := 0; i < rounds; i += 2 {
-		x0 += x4
-		x12 ^= x0
-		x12 = (x12 << 16) | (x12 >> (16))
-		x8 += x12
-		x4 ^= x8
-		x4 = (x4 << 12) | (x4 >> (20))
-		x0 += x4
-		x12 ^= x0
-		x12 = (x12 << 8) | (x12 >> (24))
-		x8 += x12
-		x4 ^= x8
-		x4 = (x4 << 7) | (x4 >> (25))
-		x1 += x5
-		x13 ^= x1
-		x13 = (x13 << 16) | (x13 >> 16)
-		x9 += x13
-		x5 ^= x9
-		x5 = (x5 << 12) | (x5 >> 20)
-		x1 += x5
-		x13 ^= x1
-		x13 = (x13 << 8) | (x13 >> 24)
-		x9 += x13
-		x5 ^= x9
-		x5 = (x5 << 7) | (x5 >> 25)
-		x2 += x6
-		x14 ^= x2
-		x14 = (x14 << 16) | (x14 >> 16)
-		x10 += x14
-		x6 ^= x10
-		x6 = (x6 << 12) | (x6 >> 20)
-		x2 += x6
-		x14 ^= x2
-		x14 = (x14 << 8) | (x14 >> 24)
-		x10 += x14
-		x6 ^= x10
-		x6 = (x6 << 7) | (x6 >> 25)
-		x3 += x7
-		x15 ^= x3
-		x15 = (x15 << 16) | (x15 >> 16)
-		x11 += x15
-		x7 ^= x11
-		x7 = (x7 << 12) | (x7 >> 20)
-		x3 += x7
-		x15 ^= x3
-		x15 = (x15 << 8) | (x15 >> 24)
-		x11 += x15
-		x7 ^= x11
-		x7 = (x7 << 7) | (x7 >> 25)
-		x0 += x5
-		x15 ^= x0
-		x15 = (x15 << 16) | (x15 >> 16)
-		x10 += x15
-		x5 ^= x10
-		x5 = (x5 << 12) | (x5 >> 20)
-		x0 += x5
-		x15 ^= x0
-		x15 = (x15 << 8) | (x15 >> 24)
-		x10 += x15
-		x5 ^= x10
-		x5 = (x5 << 7) | (x5 >> 25)
-		x1 += x6
-		x12 ^= x1
-		x12 = (x12 << 16) | (x12 >> 16)
-		x11 += x12
-		x6 ^= x11
-		x6 = (x6 << 12) | (x6 >> 20)
-		x1 += x6
-		x12 ^= x1
-		x12 = (x12 << 8) | (x12 >> 24)
-		x11 += x12
-		x6 ^= x11
-		x6 = (x6 << 7) | (x6 >> 25)
-		x2 += x7
-		x13 ^= x2
-		x13 = (x13 << 16) | (x13 >> 16)
-		x8 += x13
-		x7 ^= x8
-		x7 = (x7 << 12) | (x7 >> 20)
-		x2 += x7
-		x13 ^= x2
-		x13 = (x13 << 8) | (x13 >> 24)
-		x8 += x13
-		x7 ^= x8
-		x7 = (x7 << 7) | (x7 >> 25)
-		x3 += x4
-		x14 ^= x3
-		x14 = (x14 << 16) | (x14 >> 16)
-		x9 += x14
-		x4 ^= x9
-		x4 = (x4 << 12) | (x4 >> 20)
-		x3 += x4
-		x14 ^= x3
-		x14 = (x14 << 8) | (x14 >> 24)
-		x9 += x14
-		x4 ^= x9
-		x4 = (x4 << 7) | (x4 >> 25)
-	}
-
-	x0 += j0
-	x1 += j1
-	x2 += j2
-	x3 += j3
-	x4 += j4
-	x5 += j5
-	x6 += j6
-	x7 += j7
-	x8 += j8
-	x9 += j9
-	x10 += j10
-	x11 += j11
-	x12 += j12
-	x13 += j13
-	x14 += j14
-	x15 += j15
-
-	binary.LittleEndian.PutUint32(out[0:4], x0)
-	binary.LittleEndian.PutUint32(out[4:8], x1)
-	binary.LittleEndian.PutUint32(out[8:12], x2)
-	binary.LittleEndian.PutUint32(out[12:16], x3)
-	binary.LittleEndian.PutUint32(out[16:20], x4)
-	binary.LittleEndian.PutUint32(out[20:24], x5)
-	binary.LittleEndian.PutUint32(out[24:28], x6)
-	binary.LittleEndian.PutUint32(out[28:32], x7)
-	binary.LittleEndian.PutUint32(out[32:36], x8)
-	binary.LittleEndian.PutUint32(out[36:40], x9)
-	binary.LittleEndian.PutUint32(out[40:44], x10)
-	binary.LittleEndian.PutUint32(out[44:48], x11)
-	binary.LittleEndian.PutUint32(out[48:52], x12)
-	binary.LittleEndian.PutUint32(out[52:56], x13)
-	binary.LittleEndian.PutUint32(out[56:60], x14)
-	binary.LittleEndian.PutUint32(out[60:64], x15)
-}
-
-// XORKeyStream crypts bytes from in to out using the given key and counters.
-// In and out may be the same slice but otherwise should not overlap. Counter
-// contains the raw ChaCha20 counter bytes (i.e. block counter followed by
-// nonce).
-func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
-	var block [64]byte
-	var counterCopy [16]byte
-	copy(counterCopy[:], counter[:])
-
-	for len(in) >= 64 {
-		core(&block, &counterCopy, key)
-		for i, x := range block {
-			out[i] = in[i] ^ x
-		}
-		u := uint32(1)
-		for i := 0; i < 4; i++ {
-			u += uint32(counterCopy[i])
-			counterCopy[i] = byte(u)
-			u >>= 8
-		}
-		in = in[64:]
-		out = out[64:]
-	}
-
-	if len(in) > 0 {
-		core(&block, &counterCopy, key)
-		for i, v := range in {
-			out[i] = v ^ block[i]
-		}
-	}
-}
diff --git a/chacha20poly1305/internal/chacha20/chacha_test.go b/chacha20poly1305/internal/chacha20/chacha_test.go
deleted file mode 100644
index b80d34cdd..000000000
--- a/chacha20poly1305/internal/chacha20/chacha_test.go
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package chacha20
-
-import (
-	"encoding/hex"
-	"testing"
-)
-
-func TestCore(t *testing.T) {
-	// This is just a smoke test that checks the example from
-	// https://tools.ietf.org/html/rfc7539#section-2.3.2. The
-	// chacha20poly1305 package contains much more extensive tests of this
-	// code.
-	var key [32]byte
-	for i := range key {
-		key[i] = byte(i)
-	}
-
-	var input [16]byte
-	input[0] = 1
-	input[7] = 9
-	input[11] = 0x4a
-
-	var out [64]byte
-	XORKeyStream(out[:], out[:], &input, &key)
-	const expected = "10f1e7e4d13b5915500fdd1fa32071c4c7d1f4c733c068030422aa9ac3d46c4ed2826446079faa0914c2d705d98b02a2b5129cd1de164eb9cbd083e8a2503c4e"
-	if result := hex.EncodeToString(out[:]); result != expected {
-		t.Errorf("wanted %x but got %x", expected, result)
-	}
-}
diff --git a/chacha20poly1305/xchacha20poly1305.go b/chacha20poly1305/xchacha20poly1305.go
new file mode 100644
index 000000000..1cebfe946
--- /dev/null
+++ b/chacha20poly1305/xchacha20poly1305.go
@@ -0,0 +1,86 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package chacha20poly1305
+
+import (
+	"crypto/cipher"
+	"errors"
+
+	"golang.org/x/crypto/chacha20"
+)
+
+type xchacha20poly1305 struct {
+	key [KeySize]byte
+}
+
+// NewX returns a XChaCha20-Poly1305 AEAD that uses the given 256-bit key.
+//
+// XChaCha20-Poly1305 is a ChaCha20-Poly1305 variant that takes a longer nonce,
+// suitable to be generated randomly without risk of collisions. It should be
+// preferred when nonce uniqueness cannot be trivially ensured, or whenever
+// nonces are randomly generated.
+func NewX(key []byte) (cipher.AEAD, error) {
+	if len(key) != KeySize {
+		return nil, errors.New("chacha20poly1305: bad key length")
+	}
+	ret := new(xchacha20poly1305)
+	copy(ret.key[:], key)
+	return ret, nil
+}
+
+func (*xchacha20poly1305) NonceSize() int {
+	return NonceSizeX
+}
+
+func (*xchacha20poly1305) Overhead() int {
+	return Overhead
+}
+
+func (x *xchacha20poly1305) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
+	if len(nonce) != NonceSizeX {
+		panic("chacha20poly1305: bad nonce length passed to Seal")
+	}
+
+	// XChaCha20-Poly1305 technically supports a 64-bit counter, so there is no
+	// size limit. However, since we reuse the ChaCha20-Poly1305 implementation,
+	// the second half of the counter is not available. This is unlikely to be
+	// an issue because the cipher.AEAD API requires the entire message to be in
+	// memory, and the counter overflows at 256 GB.
+	if uint64(len(plaintext)) > (1<<38)-64 {
+		panic("chacha20poly1305: plaintext too large")
+	}
+
+	c := new(chacha20poly1305)
+	hKey, _ := chacha20.HChaCha20(x.key[:], nonce[0:16])
+	copy(c.key[:], hKey)
+
+	// The first 4 bytes of the final nonce are unused counter space.
+	cNonce := make([]byte, NonceSize)
+	copy(cNonce[4:12], nonce[16:24])
+
+	return c.seal(dst, cNonce[:], plaintext, additionalData)
+}
+
+func (x *xchacha20poly1305) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) {
+	if len(nonce) != NonceSizeX {
+		panic("chacha20poly1305: bad nonce length passed to Open")
+	}
+	if len(ciphertext) < 16 {
+		return nil, errOpen
+	}
+	if uint64(len(ciphertext)) > (1<<38)-48 {
+		panic("chacha20poly1305: ciphertext too large")
+	}
+
+	c := new(chacha20poly1305)
+	hKey, _ := chacha20.HChaCha20(x.key[:], nonce[0:16])
+	copy(c.key[:], hKey)
+
+	// The first 4 bytes of the final nonce are unused counter space.
+	cNonce := make([]byte, NonceSize)
+	copy(cNonce[4:12], nonce[16:24])
+
+	return c.open(dst, cNonce[:], ciphertext, additionalData)
+}
diff --git a/cryptobyte/asn1.go b/cryptobyte/asn1.go
index 166e22d7b..83c776de0 100644
--- a/cryptobyte/asn1.go
+++ b/cryptobyte/asn1.go
@@ -5,40 +5,36 @@
 package cryptobyte
 
 import (
-	"encoding/asn1"
+	encoding_asn1 "encoding/asn1"
 	"fmt"
 	"math/big"
 	"reflect"
 	"time"
+
+	"golang.org/x/crypto/cryptobyte/asn1"
 )
 
 // This file contains ASN.1-related methods for String and Builder.
 
-// Tag represents an ASN.1 tag number and class (together also referred to as
-// identifier octets). Methods in this package only support the low-tag-number
-// form, i.e. a single identifier octet with bits 7-8 encoding the class and
-// bits 1-6 encoding the tag number.
-type Tag uint8
-
-// Contructed returns t with the context-specific class bit set.
-func (t Tag) ContextSpecific() Tag { return t | 0x80 }
-
-// Contructed returns t with the constructed class bit set.
-func (t Tag) Constructed() Tag { return t | 0x20 }
-
 // Builder
 
 // AddASN1Int64 appends a DER-encoded ASN.1 INTEGER.
 func (b *Builder) AddASN1Int64(v int64) {
-	b.addASN1Signed(asn1.TagInteger, v)
+	b.addASN1Signed(asn1.INTEGER, v)
+}
+
+// AddASN1Int64WithTag appends a DER-encoded ASN.1 INTEGER with the
+// given tag.
+func (b *Builder) AddASN1Int64WithTag(v int64, tag asn1.Tag) {
+	b.addASN1Signed(tag, v)
 }
 
 // AddASN1Enum appends a DER-encoded ASN.1 ENUMERATION.
 func (b *Builder) AddASN1Enum(v int64) {
-	b.addASN1Signed(asn1.TagEnum, v)
+	b.addASN1Signed(asn1.ENUM, v)
 }
 
-func (b *Builder) addASN1Signed(tag Tag, v int64) {
+func (b *Builder) addASN1Signed(tag asn1.Tag, v int64) {
 	b.AddASN1(tag, func(c *Builder) {
 		length := 1
 		for i := v; i >= 0x80 || i < -0x80; i >>= 8 {
@@ -54,7 +50,7 @@ func (b *Builder) addASN1Signed(tag Tag, v int64) {
 
 // AddASN1Uint64 appends a DER-encoded ASN.1 INTEGER.
 func (b *Builder) AddASN1Uint64(v uint64) {
-	b.AddASN1(asn1.TagInteger, func(c *Builder) {
+	b.AddASN1(asn1.INTEGER, func(c *Builder) {
 		length := 1
 		for i := v; i >= 0x80; i >>= 8 {
 			length++
@@ -73,7 +69,7 @@ func (b *Builder) AddASN1BigInt(n *big.Int) {
 		return
 	}
 
-	b.AddASN1(asn1.TagInteger, func(c *Builder) {
+	b.AddASN1(asn1.INTEGER, func(c *Builder) {
 		if n.Sign() < 0 {
 			// A negative number has to be converted to two's-complement form. So we
 			// invert and subtract 1. If the most-significant-bit isn't set then
@@ -85,7 +81,7 @@ func (b *Builder) AddASN1BigInt(n *big.Int) {
 			for i := range bytes {
 				bytes[i] ^= 0xff
 			}
-			if bytes[0]&0x80 == 0 {
+			if len(bytes) == 0 || bytes[0]&0x80 == 0 {
 				c.add(0xff)
 			}
 			c.add(bytes...)
@@ -103,7 +99,7 @@ func (b *Builder) AddASN1BigInt(n *big.Int) {
 
 // AddASN1OctetString appends a DER-encoded ASN.1 OCTET STRING.
 func (b *Builder) AddASN1OctetString(bytes []byte) {
-	b.AddASN1(asn1.TagOctetString, func(c *Builder) {
+	b.AddASN1(asn1.OCTET_STRING, func(c *Builder) {
 		c.AddBytes(bytes)
 	})
 }
@@ -116,27 +112,110 @@ func (b *Builder) AddASN1GeneralizedTime(t time.Time) {
 		b.err = fmt.Errorf("cryptobyte: cannot represent %v as a GeneralizedTime", t)
 		return
 	}
-	b.AddASN1(asn1.TagGeneralizedTime, func(c *Builder) {
+	b.AddASN1(asn1.GeneralizedTime, func(c *Builder) {
 		c.AddBytes([]byte(t.Format(generalizedTimeFormatStr)))
 	})
 }
 
-// AddASN1BitString appends a DER-encoded ASN.1 BIT STRING.
-func (b *Builder) AddASN1BitString(s asn1.BitString) {
-	// TODO(martinkr): Implement.
-	b.MarshalASN1(s)
+// AddASN1UTCTime appends a DER-encoded ASN.1 UTCTime.
+func (b *Builder) AddASN1UTCTime(t time.Time) {
+	b.AddASN1(asn1.UTCTime, func(c *Builder) {
+		// As utilized by the X.509 profile, UTCTime can only
+		// represent the years 1950 through 2049.
+		if t.Year() < 1950 || t.Year() >= 2050 {
+			b.err = fmt.Errorf("cryptobyte: cannot represent %v as a UTCTime", t)
+			return
+		}
+		c.AddBytes([]byte(t.Format(defaultUTCTimeFormatStr)))
+	})
+}
+
+// AddASN1BitString appends a DER-encoded ASN.1 BIT STRING. This does not
+// support BIT STRINGs that are not a whole number of bytes.
+func (b *Builder) AddASN1BitString(data []byte) {
+	b.AddASN1(asn1.BIT_STRING, func(b *Builder) {
+		b.AddUint8(0)
+		b.AddBytes(data)
+	})
+}
+
+func (b *Builder) addBase128Int(n int64) {
+	var length int
+	if n == 0 {
+		length = 1
+	} else {
+		for i := n; i > 0; i >>= 7 {
+			length++
+		}
+	}
+
+	for i := length - 1; i >= 0; i-- {
+		o := byte(n >> uint(i*7))
+		o &= 0x7f
+		if i != 0 {
+			o |= 0x80
+		}
+
+		b.add(o)
+	}
+}
+
+func isValidOID(oid encoding_asn1.ObjectIdentifier) bool {
+	if len(oid) < 2 {
+		return false
+	}
+
+	if oid[0] > 2 || (oid[0] <= 1 && oid[1] >= 40) {
+		return false
+	}
+
+	for _, v := range oid {
+		if v < 0 {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (b *Builder) AddASN1ObjectIdentifier(oid encoding_asn1.ObjectIdentifier) {
+	b.AddASN1(asn1.OBJECT_IDENTIFIER, func(b *Builder) {
+		if !isValidOID(oid) {
+			b.err = fmt.Errorf("cryptobyte: invalid OID: %v", oid)
+			return
+		}
+
+		b.addBase128Int(int64(oid[0])*40 + int64(oid[1]))
+		for _, v := range oid[2:] {
+			b.addBase128Int(int64(v))
+		}
+	})
+}
+
+func (b *Builder) AddASN1Boolean(v bool) {
+	b.AddASN1(asn1.BOOLEAN, func(b *Builder) {
+		if v {
+			b.AddUint8(0xff)
+		} else {
+			b.AddUint8(0)
+		}
+	})
 }
 
-// MarshalASN1 calls asn1.Marshal on its input and appends the result if
+func (b *Builder) AddASN1NULL() {
+	b.add(uint8(asn1.NULL), 0)
+}
+
+// MarshalASN1 calls encoding_asn1.Marshal on its input and appends the result if
 // successful or records an error if one occurred.
 func (b *Builder) MarshalASN1(v interface{}) {
 	// NOTE(martinkr): This is somewhat of a hack to allow propagation of
-	// asn1.Marshal errors into Builder.err. N.B. if you call MarshalASN1 with a
+	// encoding_asn1.Marshal errors into Builder.err. N.B. if you call MarshalASN1 with a
 	// value embedded into a struct, its tag information is lost.
 	if b.err != nil {
 		return
 	}
-	bytes, err := asn1.Marshal(v)
+	bytes, err := encoding_asn1.Marshal(v)
 	if err != nil {
 		b.err = err
 		return
@@ -148,7 +227,7 @@ func (b *Builder) MarshalASN1(v interface{}) {
 // Tags greater than 30 are not supported and result in an error (i.e.
 // low-tag-number form only). The child builder passed to the
 // BuilderContinuation can be used to build the content of the ASN.1 object.
-func (b *Builder) AddASN1(tag Tag, f BuilderContinuation) {
+func (b *Builder) AddASN1(tag asn1.Tag, f BuilderContinuation) {
 	if b.err != nil {
 		return
 	}
@@ -164,11 +243,32 @@ func (b *Builder) AddASN1(tag Tag, f BuilderContinuation) {
 
 // String
 
+// ReadASN1Boolean decodes an ASN.1 BOOLEAN and converts it to a boolean
+// representation into out and advances. It reports whether the read
+// was successful.
+func (s *String) ReadASN1Boolean(out *bool) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.BOOLEAN) || len(bytes) != 1 {
+		return false
+	}
+
+	switch bytes[0] {
+	case 0:
+		*out = false
+	case 0xff:
+		*out = true
+	default:
+		return false
+	}
+
+	return true
+}
+
 var bigIntType = reflect.TypeOf((*big.Int)(nil)).Elem()
 
 // ReadASN1Integer decodes an ASN.1 INTEGER into out and advances. If out does
-// not point to an integer or to a big.Int, it panics. It returns true on
-// success and false on error.
+// not point to an integer or to a big.Int, it panics. It reports whether the
+// read was successful.
 func (s *String) ReadASN1Integer(out interface{}) bool {
 	if reflect.TypeOf(out).Kind() != reflect.Ptr {
 		panic("out is not a pointer")
@@ -215,7 +315,7 @@ var bigOne = big.NewInt(1)
 
 func (s *String) readASN1BigInt(out *big.Int) bool {
 	var bytes String
-	if !s.ReadASN1(&bytes, asn1.TagInteger) || !checkASN1Integer(bytes) {
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) {
 		return false
 	}
 	if bytes[0]&0x80 == 0x80 {
@@ -235,7 +335,7 @@ func (s *String) readASN1BigInt(out *big.Int) bool {
 
 func (s *String) readASN1Int64(out *int64) bool {
 	var bytes String
-	if !s.ReadASN1(&bytes, asn1.TagInteger) || !checkASN1Integer(bytes) || !asn1Signed(out, bytes) {
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Signed(out, bytes) {
 		return false
 	}
 	return true
@@ -258,7 +358,7 @@ func asn1Signed(out *int64, n []byte) bool {
 
 func (s *String) readASN1Uint64(out *uint64) bool {
 	var bytes String
-	if !s.ReadASN1(&bytes, asn1.TagInteger) || !checkASN1Integer(bytes) || !asn1Unsigned(out, bytes) {
+	if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Unsigned(out, bytes) {
 		return false
 	}
 	return true
@@ -281,12 +381,20 @@ func asn1Unsigned(out *uint64, n []byte) bool {
 	return true
 }
 
-// ReadASN1Enum decodes an ASN.1 ENUMERATION into out and advances. It returns
-// true on success and false on error.
+// ReadASN1Int64WithTag decodes an ASN.1 INTEGER with the given tag into out
+// and advances. It reports whether the read was successful and resulted in a
+// value that can be represented in an int64.
+func (s *String) ReadASN1Int64WithTag(out *int64, tag asn1.Tag) bool {
+	var bytes String
+	return s.ReadASN1(&bytes, tag) && checkASN1Integer(bytes) && asn1Signed(out, bytes)
+}
+
+// ReadASN1Enum decodes an ASN.1 ENUMERATION into out and advances. It reports
+// whether the read was successful.
 func (s *String) ReadASN1Enum(out *int) bool {
 	var bytes String
 	var i int64
-	if !s.ReadASN1(&bytes, asn1.TagEnum) || !checkASN1Integer(bytes) || !asn1Signed(&i, bytes) {
+	if !s.ReadASN1(&bytes, asn1.ENUM) || !checkASN1Integer(bytes) || !asn1Signed(&i, bytes) {
 		return false
 	}
 	if int64(int(i)) != i {
@@ -314,10 +422,10 @@ func (s *String) readBase128Int(out *int) bool {
 }
 
 // ReadASN1ObjectIdentifier decodes an ASN.1 OBJECT IDENTIFIER into out and
-// advances. It returns true on success and false on error.
-func (s *String) ReadASN1ObjectIdentifier(out *asn1.ObjectIdentifier) bool {
+// advances. It reports whether the read was successful.
+func (s *String) ReadASN1ObjectIdentifier(out *encoding_asn1.ObjectIdentifier) bool {
 	var bytes String
-	if !s.ReadASN1(&bytes, asn1.TagOID) || len(bytes) == 0 {
+	if !s.ReadASN1(&bytes, asn1.OBJECT_IDENTIFIER) || len(bytes) == 0 {
 		return false
 	}
 
@@ -353,10 +461,10 @@ func (s *String) ReadASN1ObjectIdentifier(out *asn1.ObjectIdentifier) bool {
 }
 
 // ReadASN1GeneralizedTime decodes an ASN.1 GENERALIZEDTIME into out and
-// advances. It returns true on success and false on error.
+// advances. It reports whether the read was successful.
 func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
 	var bytes String
-	if !s.ReadASN1(&bytes, asn1.TagGeneralizedTime) {
+	if !s.ReadASN1(&bytes, asn1.GeneralizedTime) {
 		return false
 	}
 	t := string(bytes)
@@ -371,11 +479,51 @@ func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
 	return true
 }
 
-// ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances. It
-// returns true on success and false on error.
-func (s *String) ReadASN1BitString(out *asn1.BitString) bool {
+const defaultUTCTimeFormatStr = "060102150405Z0700"
+
+// ReadASN1UTCTime decodes an ASN.1 UTCTime into out and advances.
+// It reports whether the read was successful.
+func (s *String) ReadASN1UTCTime(out *time.Time) bool {
 	var bytes String
-	if !s.ReadASN1(&bytes, asn1.TagBitString) || len(bytes) == 0 {
+	if !s.ReadASN1(&bytes, asn1.UTCTime) {
+		return false
+	}
+	t := string(bytes)
+
+	formatStr := defaultUTCTimeFormatStr
+	var err error
+	res, err := time.Parse(formatStr, t)
+	if err != nil {
+		// Fallback to minute precision if we can't parse second
+		// precision. If we are following X.509 or X.690 we shouldn't
+		// support this, but we do.
+		formatStr = "0601021504Z0700"
+		res, err = time.Parse(formatStr, t)
+	}
+	if err != nil {
+		return false
+	}
+
+	if serialized := res.Format(formatStr); serialized != t {
+		return false
+	}
+
+	if res.Year() >= 2050 {
+		// UTCTime interprets the low order digits 50-99 as 1950-99.
+		// This only applies to its use in the X.509 profile.
+		// See https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1
+		res = res.AddDate(-100, 0, 0)
+	}
+	*out = res
+	return true
+}
+
+// ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances.
+// It reports whether the read was successful.
+func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 ||
+		len(bytes)*8/8 != len(bytes) {
 		return false
 	}
 
@@ -392,20 +540,37 @@ func (s *String) ReadASN1BitString(out *asn1.BitString) bool {
 	return true
 }
 
+// ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances. It is
+// an error if the BIT STRING is not a whole number of bytes. It reports
+// whether the read was successful.
+func (s *String) ReadASN1BitStringAsBytes(out *[]byte) bool {
+	var bytes String
+	if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 {
+		return false
+	}
+
+	paddingBits := uint8(bytes[0])
+	if paddingBits != 0 {
+		return false
+	}
+	*out = bytes[1:]
+	return true
+}
+
 // ReadASN1Bytes reads the contents of a DER-encoded ASN.1 element (not including
 // tag and length bytes) into out, and advances. The element must match the
-// given tag. It returns true on success and false on error.
-func (s *String) ReadASN1Bytes(out *[]byte, tag Tag) bool {
+// given tag. It reports whether the read was successful.
+func (s *String) ReadASN1Bytes(out *[]byte, tag asn1.Tag) bool {
 	return s.ReadASN1((*String)(out), tag)
 }
 
 // ReadASN1 reads the contents of a DER-encoded ASN.1 element (not including
 // tag and length bytes) into out, and advances. The element must match the
-// given tag. It returns true on success and false on error.
+// given tag. It reports whether the read was successful.
 //
 // Tags greater than 30 are not supported (i.e. low-tag-number format only).
-func (s *String) ReadASN1(out *String, tag Tag) bool {
-	var t Tag
+func (s *String) ReadASN1(out *String, tag asn1.Tag) bool {
+	var t asn1.Tag
 	if !s.ReadAnyASN1(out, &t) || t != tag {
 		return false
 	}
@@ -414,11 +579,11 @@ func (s *String) ReadASN1(out *String, tag Tag) bool {
 
 // ReadASN1Element reads the contents of a DER-encoded ASN.1 element (including
 // tag and length bytes) into out, and advances. The element must match the
-// given tag. It returns true on success and false on error.
+// given tag. It reports whether the read was successful.
 //
 // Tags greater than 30 are not supported (i.e. low-tag-number format only).
-func (s *String) ReadASN1Element(out *String, tag Tag) bool {
-	var t Tag
+func (s *String) ReadASN1Element(out *String, tag asn1.Tag) bool {
+	var t asn1.Tag
 	if !s.ReadAnyASN1Element(out, &t) || t != tag {
 		return false
 	}
@@ -426,37 +591,44 @@ func (s *String) ReadASN1Element(out *String, tag Tag) bool {
 }
 
 // ReadAnyASN1 reads the contents of a DER-encoded ASN.1 element (not including
-// tag and length bytes) into out, sets outTag to its tag, and advances. It
-// returns true on success and false on error.
+// tag and length bytes) into out, sets outTag to its tag, and advances.
+// It reports whether the read was successful.
 //
 // Tags greater than 30 are not supported (i.e. low-tag-number format only).
-func (s *String) ReadAnyASN1(out *String, outTag *Tag) bool {
+func (s *String) ReadAnyASN1(out *String, outTag *asn1.Tag) bool {
 	return s.readASN1(out, outTag, true /* skip header */)
 }
 
 // ReadAnyASN1Element reads the contents of a DER-encoded ASN.1 element
 // (including tag and length bytes) into out, sets outTag to is tag, and
-// advances. It returns true on success and false on error.
+// advances. It reports whether the read was successful.
 //
 // Tags greater than 30 are not supported (i.e. low-tag-number format only).
-func (s *String) ReadAnyASN1Element(out *String, outTag *Tag) bool {
+func (s *String) ReadAnyASN1Element(out *String, outTag *asn1.Tag) bool {
 	return s.readASN1(out, outTag, false /* include header */)
 }
 
-// PeekASN1Tag returns true if the next ASN.1 value on the string starts with
+// PeekASN1Tag reports whether the next ASN.1 value on the string starts with
 // the given tag.
-func (s String) PeekASN1Tag(tag Tag) bool {
+func (s String) PeekASN1Tag(tag asn1.Tag) bool {
 	if len(s) == 0 {
 		return false
 	}
-	return Tag(s[0]) == tag
+	return asn1.Tag(s[0]) == tag
+}
+
+// SkipASN1 reads and discards an ASN.1 element with the given tag. It
+// reports whether the operation was successful.
+func (s *String) SkipASN1(tag asn1.Tag) bool {
+	var unused String
+	return s.ReadASN1(&unused, tag)
 }
 
-// ReadOptionalASN1 attempts to read the contents of a DER-encoded ASN.Element
-// (not including tag and length bytes) tagged with the given tag into out. It
-// stores whether an element with the tag was found in outPresent, unless
-// outPresent is nil. It returns true on success and false on error.
-func (s *String) ReadOptionalASN1(out *String, outPresent *bool, tag Tag) bool {
+// ReadOptionalASN1 attempts to read the contents of a DER-encoded ASN.1
+// element (not including tag and length bytes) tagged with the given tag into
+// out. It stores whether an element with the tag was found in outPresent,
+// unless outPresent is nil. It reports whether the read was successful.
+func (s *String) ReadOptionalASN1(out *String, outPresent *bool, tag asn1.Tag) bool {
 	present := s.PeekASN1Tag(tag)
 	if outPresent != nil {
 		*outPresent = present
@@ -467,12 +639,22 @@ func (s *String) ReadOptionalASN1(out *String, outPresent *bool, tag Tag) bool {
 	return true
 }
 
+// SkipOptionalASN1 advances s over an ASN.1 element with the given tag, or
+// else leaves s unchanged. It reports whether the operation was successful.
+func (s *String) SkipOptionalASN1(tag asn1.Tag) bool {
+	if !s.PeekASN1Tag(tag) {
+		return true
+	}
+	var unused String
+	return s.ReadASN1(&unused, tag)
+}
+
 // ReadOptionalASN1Integer attempts to read an optional ASN.1 INTEGER
 // explicitly tagged with tag into out and advances. If no element with a
 // matching tag is present, it writes defaultValue into out instead. If out
-// does not point to an integer or to a big.Int, it panics. It returns true on
-// success and false on error.
-func (s *String) ReadOptionalASN1Integer(out interface{}, tag Tag, defaultValue interface{}) bool {
+// does not point to an integer or to a big.Int, it panics. It reports
+// whether the read was successful.
+func (s *String) ReadOptionalASN1Integer(out interface{}, tag asn1.Tag, defaultValue interface{}) bool {
 	if reflect.TypeOf(out).Kind() != reflect.Ptr {
 		panic("out is not a pointer")
 	}
@@ -508,9 +690,9 @@ func (s *String) ReadOptionalASN1Integer(out interface{}, tag Tag, defaultValue
 
 // ReadOptionalASN1OctetString attempts to read an optional ASN.1 OCTET STRING
 // explicitly tagged with tag into out and advances. If no element with a
-// matching tag is present, it writes defaultValue into out instead. It returns
-// true on success and false on error.
-func (s *String) ReadOptionalASN1OctetString(out *[]byte, outPresent *bool, tag Tag) bool {
+// matching tag is present, it sets "out" to nil instead. It reports
+// whether the read was successful.
+func (s *String) ReadOptionalASN1OctetString(out *[]byte, outPresent *bool, tag asn1.Tag) bool {
 	var present bool
 	var child String
 	if !s.ReadOptionalASN1(&child, &present, tag) {
@@ -521,7 +703,7 @@ func (s *String) ReadOptionalASN1OctetString(out *[]byte, outPresent *bool, tag
 	}
 	if present {
 		var oct String
-		if !child.ReadASN1(&oct, asn1.TagOctetString) || !child.Empty() {
+		if !child.ReadASN1(&oct, asn1.OCTET_STRING) || !child.Empty() {
 			return false
 		}
 		*out = oct
@@ -531,7 +713,25 @@ func (s *String) ReadOptionalASN1OctetString(out *[]byte, outPresent *bool, tag
 	return true
 }
 
-func (s *String) readASN1(out *String, outTag *Tag, skipHeader bool) bool {
+// ReadOptionalASN1Boolean sets *out to the value of the next ASN.1 BOOLEAN or,
+// if the next bytes are not an ASN.1 BOOLEAN, to the value of defaultValue.
+// It reports whether the operation was successful.
+func (s *String) ReadOptionalASN1Boolean(out *bool, defaultValue bool) bool {
+	var present bool
+	var child String
+	if !s.ReadOptionalASN1(&child, &present, asn1.BOOLEAN) {
+		return false
+	}
+
+	if !present {
+		*out = defaultValue
+		return true
+	}
+
+	return s.ReadASN1Boolean(out)
+}
+
+func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool {
 	if len(*s) < 2 {
 		return false
 	}
@@ -547,7 +747,7 @@ func (s *String) readASN1(out *String, outTag *Tag, skipHeader bool) bool {
 	}
 
 	if outTag != nil {
-		*outTag = Tag(tag)
+		*outTag = asn1.Tag(tag)
 	}
 
 	// ITU-T X.690 section 8.1.3
@@ -593,7 +793,7 @@ func (s *String) readASN1(out *String, outTag *Tag, skipHeader bool) bool {
 		length = headerLen + len32
 	}
 
-	if uint32(int(length)) != length || !s.ReadBytes((*[]byte)(out), int(length)) {
+	if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) {
 		return false
 	}
 	if skipHeader && !out.Skip(int(headerLen)) {
diff --git a/cryptobyte/asn1/asn1.go b/cryptobyte/asn1/asn1.go
new file mode 100644
index 000000000..cda8e3edf
--- /dev/null
+++ b/cryptobyte/asn1/asn1.go
@@ -0,0 +1,46 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package asn1 contains supporting types for parsing and building ASN.1
+// messages with the cryptobyte package.
+package asn1 // import "golang.org/x/crypto/cryptobyte/asn1"
+
+// Tag represents an ASN.1 identifier octet, consisting of a tag number
+// (indicating a type) and class (such as context-specific or constructed).
+//
+// Methods in the cryptobyte package only support the low-tag-number form, i.e.
+// a single identifier octet with bits 7-8 encoding the class and bits 1-6
+// encoding the tag number.
+type Tag uint8
+
+const (
+	classConstructed     = 0x20
+	classContextSpecific = 0x80
+)
+
+// Constructed returns t with the constructed class bit set.
+func (t Tag) Constructed() Tag { return t | classConstructed }
+
+// ContextSpecific returns t with the context-specific class bit set.
+func (t Tag) ContextSpecific() Tag { return t | classContextSpecific }
+
+// The following is a list of standard tag and class combinations.
+const (
+	BOOLEAN           = Tag(1)
+	INTEGER           = Tag(2)
+	BIT_STRING        = Tag(3)
+	OCTET_STRING      = Tag(4)
+	NULL              = Tag(5)
+	OBJECT_IDENTIFIER = Tag(6)
+	ENUM              = Tag(10)
+	UTF8String        = Tag(12)
+	SEQUENCE          = Tag(16 | classConstructed)
+	SET               = Tag(17 | classConstructed)
+	PrintableString   = Tag(19)
+	T61String         = Tag(20)
+	IA5String         = Tag(22)
+	UTCTime           = Tag(23)
+	GeneralizedTime   = Tag(24)
+	GeneralString     = Tag(27)
+)
diff --git a/cryptobyte/asn1_test.go b/cryptobyte/asn1_test.go
index c8c187032..8b0dbdb03 100644
--- a/cryptobyte/asn1_test.go
+++ b/cryptobyte/asn1_test.go
@@ -6,17 +6,19 @@ package cryptobyte
 
 import (
 	"bytes"
-	"encoding/asn1"
+	encoding_asn1 "encoding/asn1"
 	"math/big"
 	"reflect"
 	"testing"
 	"time"
+
+	"golang.org/x/crypto/cryptobyte/asn1"
 )
 
 type readASN1Test struct {
 	name string
 	in   []byte
-	tag  Tag
+	tag  asn1.Tag
 	ok   bool
 	out  interface{}
 }
@@ -29,6 +31,10 @@ var readASN1TestData = []readASN1Test{
 	{"non-minimal length", append([]byte{0x30, 0x82, 0, 0x80}, make([]byte, 0x80)...), 0x30, false, nil},
 	{"invalid tag", []byte{0xa1, 3, 0x4, 1, 1}, 31, false, nil},
 	{"high tag", []byte{0x1f, 0x81, 0x80, 0x01, 2, 1, 2}, 0xff /* actually 0x4001, but tag is uint8 */, false, nil},
+	{"2**31 - 1 length", []byte{0x30, 0x84, 0x7f, 0xff, 0xff, 0xff}, 0x30, false, nil},
+	{"2**32 - 1 length", []byte{0x30, 0x84, 0xff, 0xff, 0xff, 0xff}, 0x30, false, nil},
+	{"2**63 - 1 length", []byte{0x30, 0x88, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 0x30, false, nil},
+	{"2**64 - 1 length", []byte{0x30, 0x88, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 0x30, false, nil},
 }
 
 func TestReadASN1(t *testing.T) {
@@ -147,6 +153,39 @@ func TestReadASN1IntegerSigned(t *testing.T) {
 			}
 		}
 	})
+
+	// Repeat with the implicit-tagging functions
+	t.Run("WithTag", func(t *testing.T) {
+		for i, test := range testData64 {
+			tag := asn1.Tag((i * 3) % 32).ContextSpecific()
+
+			testData := make([]byte, len(test.in))
+			copy(testData, test.in)
+
+			// Alter the tag of the test case.
+			testData[0] = uint8(tag)
+
+			in := String(testData)
+			var out int64
+			ok := in.ReadASN1Int64WithTag(&out, tag)
+			if !ok || out != test.out {
+				t.Errorf("#%d: in.ReadASN1Int64WithTag() = %v, want true; out = %d, want %d", i, ok, out, test.out)
+			}
+
+			var b Builder
+			b.AddASN1Int64WithTag(test.out, tag)
+			result, err := b.Bytes()
+
+			if err != nil {
+				t.Errorf("#%d: AddASN1Int64WithTag failed: %s", i, err)
+				continue
+			}
+
+			if !bytes.Equal(result, testData) {
+				t.Errorf("#%d: AddASN1Int64WithTag: got %x, want %x", i, result, testData)
+			}
+		}
+	})
 }
 
 func TestReadASN1IntegerUnsigned(t *testing.T) {
@@ -194,7 +233,7 @@ func TestReadASN1IntegerInvalid(t *testing.T) {
 	}
 }
 
-func TestReadASN1ObjectIdentifier(t *testing.T) {
+func TestASN1ObjectIdentifier(t *testing.T) {
 	testData := []struct {
 		in  []byte
 		ok  bool
@@ -212,10 +251,23 @@ func TestReadASN1ObjectIdentifier(t *testing.T) {
 
 	for i, test := range testData {
 		in := String(test.in)
-		var out asn1.ObjectIdentifier
+		var out encoding_asn1.ObjectIdentifier
 		ok := in.ReadASN1ObjectIdentifier(&out)
 		if ok != test.ok || ok && !out.Equal(test.out) {
 			t.Errorf("#%d: in.ReadASN1ObjectIdentifier() = %v, want %v; out = %v, want %v", i, ok, test.ok, out, test.out)
+			continue
+		}
+
+		var b Builder
+		b.AddASN1ObjectIdentifier(out)
+		result, err := b.Bytes()
+		if builderOk := err == nil; test.ok != builderOk {
+			t.Errorf("#%d: error from Builder.Bytes: %s", i, err)
+			continue
+		}
+		if test.ok && !bytes.Equal(result, test.in) {
+			t.Errorf("#%d: reserialisation didn't match, got %x, want %x", i, result, test.in)
+			continue
 		}
 	}
 }
@@ -250,7 +302,7 @@ func TestReadASN1GeneralizedTime(t *testing.T) {
 		{"201001020304-10Z", false, time.Time{}},
 	}
 	for i, test := range testData {
-		in := String(append([]byte{asn1.TagGeneralizedTime, byte(len(test.in))}, test.in...))
+		in := String(append([]byte{byte(asn1.GeneralizedTime), byte(len(test.in))}, test.in...))
 		var out time.Time
 		ok := in.ReadASN1GeneralizedTime(&out)
 		if ok != test.ok || ok && !reflect.DeepEqual(out, test.out) {
@@ -259,27 +311,95 @@ func TestReadASN1GeneralizedTime(t *testing.T) {
 	}
 }
 
+func TestReadASN1UTCTime(t *testing.T) {
+	testData := []struct {
+		in  string
+		ok  bool
+		out time.Time
+	}{
+		{"000102030405Z", true, time.Date(2000, 01, 02, 03, 04, 05, 0, time.UTC)},
+		{"500102030405Z", true, time.Date(1950, 01, 02, 03, 04, 05, 0, time.UTC)},
+		{"490102030405Z", true, time.Date(2049, 01, 02, 03, 04, 05, 0, time.UTC)},
+		{"990102030405Z", true, time.Date(1999, 01, 02, 03, 04, 05, 0, time.UTC)},
+		{"250102030405Z", true, time.Date(2025, 01, 02, 03, 04, 05, 0, time.UTC)},
+		{"750102030405Z", true, time.Date(1975, 01, 02, 03, 04, 05, 0, time.UTC)},
+		{"000102030405+0905", true, time.Date(2000, 01, 02, 03, 04, 05, 0, time.FixedZone("", 9*60*60+5*60))},
+		{"000102030405-0905", true, time.Date(2000, 01, 02, 03, 04, 05, 0, time.FixedZone("", -9*60*60-5*60))},
+		{"0001020304Z", true, time.Date(2000, 01, 02, 03, 04, 0, 0, time.UTC)},
+		{"5001020304Z", true, time.Date(1950, 01, 02, 03, 04, 00, 0, time.UTC)},
+		{"0001020304+0905", true, time.Date(2000, 01, 02, 03, 04, 0, 0, time.FixedZone("", 9*60*60+5*60))},
+		{"0001020304-0905", true, time.Date(2000, 01, 02, 03, 04, 0, 0, time.FixedZone("", -9*60*60-5*60))},
+		{"000102030405Z0700", false, time.Time{}},
+		{"000102030405", false, time.Time{}},
+	}
+	for i, test := range testData {
+		in := String(append([]byte{byte(asn1.UTCTime), byte(len(test.in))}, test.in...))
+		var out time.Time
+		ok := in.ReadASN1UTCTime(&out)
+		if ok != test.ok || ok && !reflect.DeepEqual(out, test.out) {
+			t.Errorf("#%d: in.ReadASN1UTCTime() = %v, want %v; out = %q, want %q", i, ok, test.ok, out, test.out)
+		}
+	}
+}
+
 func TestReadASN1BitString(t *testing.T) {
 	testData := []struct {
 		in  []byte
 		ok  bool
-		out asn1.BitString
+		out encoding_asn1.BitString
 	}{
-		{[]byte{}, false, asn1.BitString{}},
-		{[]byte{0x00}, true, asn1.BitString{}},
-		{[]byte{0x07, 0x00}, true, asn1.BitString{Bytes: []byte{0}, BitLength: 1}},
-		{[]byte{0x07, 0x01}, false, asn1.BitString{}},
-		{[]byte{0x07, 0x40}, false, asn1.BitString{}},
-		{[]byte{0x08, 0x00}, false, asn1.BitString{}},
-		{[]byte{0xff}, false, asn1.BitString{}},
-		{[]byte{0xfe, 0x00}, false, asn1.BitString{}},
+		{[]byte{}, false, encoding_asn1.BitString{}},
+		{[]byte{0x00}, true, encoding_asn1.BitString{}},
+		{[]byte{0x07, 0x00}, true, encoding_asn1.BitString{Bytes: []byte{0}, BitLength: 1}},
+		{[]byte{0x07, 0x01}, false, encoding_asn1.BitString{}},
+		{[]byte{0x07, 0x40}, false, encoding_asn1.BitString{}},
+		{[]byte{0x08, 0x00}, false, encoding_asn1.BitString{}},
+		{[]byte{0xff}, false, encoding_asn1.BitString{}},
+		{[]byte{0xfe, 0x00}, false, encoding_asn1.BitString{}},
 	}
 	for i, test := range testData {
 		in := String(append([]byte{3, byte(len(test.in))}, test.in...))
-		var out asn1.BitString
+		var out encoding_asn1.BitString
 		ok := in.ReadASN1BitString(&out)
 		if ok != test.ok || ok && (!bytes.Equal(out.Bytes, test.out.Bytes) || out.BitLength != test.out.BitLength) {
 			t.Errorf("#%d: in.ReadASN1BitString() = %v, want %v; out = %v, want %v", i, ok, test.ok, out, test.out)
 		}
 	}
 }
+
+func TestAddASN1BigInt(t *testing.T) {
+	x := big.NewInt(-1)
+	var b Builder
+	b.AddASN1BigInt(x)
+	got, err := b.Bytes()
+	if err != nil {
+		t.Fatalf("unexpected error adding -1: %v", err)
+	}
+	s := String(got)
+	var y big.Int
+	ok := s.ReadASN1Integer(&y)
+	if !ok || x.Cmp(&y) != 0 {
+		t.Errorf("unexpected bytes %v, want %v", &y, x)
+	}
+}
+
+func TestReadASN1Boolean(t *testing.T) {
+	testData := []struct {
+		in  []byte
+		ok  bool
+		out bool
+	}{
+		{[]byte{}, false, false},
+		{[]byte{0x01, 0x01, 0x00}, true, false},
+		{[]byte{0x01, 0x01, 0xff}, true, true},
+		{[]byte{0x01, 0x01, 0x01}, false, false},
+	}
+	for i, test := range testData {
+		in := String(test.in)
+		var out bool
+		ok := in.ReadASN1Boolean(&out)
+		if ok != test.ok || ok && (out != test.out) {
+			t.Errorf("#%d: in.ReadASN1Boolean() = %v, want %v; out = %v, want %v", i, ok, test.ok, out, test.out)
+		}
+	}
+}
diff --git a/cryptobyte/builder.go b/cryptobyte/builder.go
index 9883fb3c3..ca7b1db5c 100644
--- a/cryptobyte/builder.go
+++ b/cryptobyte/builder.go
@@ -10,15 +10,25 @@ import (
 )
 
 // A Builder builds byte strings from fixed-length and length-prefixed values.
+// Builders either allocate space as needed, or are ‘fixed’, which means that
+// they write into a given buffer and produce an error if it's exhausted.
+//
 // The zero value is a usable Builder that allocates space as needed.
+//
+// Simple values are marshaled and appended to a Builder using methods on the
+// Builder. Length-prefixed values are marshaled by providing a
+// BuilderContinuation, which is a function that writes the inner contents of
+// the value to a given Builder. See the documentation for BuilderContinuation
+// for details.
 type Builder struct {
-	err           error
-	result        []byte
-	fixedSize     bool
-	child         *Builder
-	offset        int
-	pendingLenLen int
-	pendingIsASN1 bool
+	err            error
+	result         []byte
+	fixedSize      bool
+	child          *Builder
+	offset         int
+	pendingLenLen  int
+	pendingIsASN1  bool
+	inContinuation *bool
 }
 
 // NewBuilder creates a Builder that appends its output to the given buffer.
@@ -40,8 +50,14 @@ func NewFixedBuilder(buffer []byte) *Builder {
 	}
 }
 
+// SetError sets the value to be returned as the error from Bytes. Writes
+// performed after calling SetError are ignored.
+func (b *Builder) SetError(err error) {
+	b.err = err
+}
+
 // Bytes returns the bytes written by the builder or an error if one has
-// occurred during during building.
+// occurred during building.
 func (b *Builder) Bytes() ([]byte, error) {
 	if b.err != nil {
 		return nil, b.err
@@ -84,11 +100,11 @@ func (b *Builder) AddBytes(v []byte) {
 	b.add(v...)
 }
 
-// BuilderContinuation is continuation-passing interface for building
+// BuilderContinuation is a continuation-passing interface for building
 // length-prefixed byte sequences. Builder methods for length-prefixed
-// sequences (AddUint8LengthPrefixed etc.) will invoke the BuilderContinuation
+// sequences (AddUint8LengthPrefixed etc) will invoke the BuilderContinuation
 // supplied to them. The child builder passed to the continuation can be used
-// to build the content of the length-prefixed sequence. Example:
+// to build the content of the length-prefixed sequence. For example:
 //
 //   parent := cryptobyte.NewBuilder()
 //   parent.AddUint8LengthPrefixed(func (child *Builder) {
@@ -102,8 +118,19 @@ func (b *Builder) AddBytes(v []byte) {
 // length prefix. After the continuation returns, the child must be considered
 // invalid, i.e. users must not store any copies or references of the child
 // that outlive the continuation.
+//
+// If the continuation panics with a value of type BuildError then the inner
+// error will be returned as the error from Bytes. If the child panics
+// otherwise then Bytes will repanic with the same value.
 type BuilderContinuation func(child *Builder)
 
+// BuildError wraps an error. If a BuilderContinuation panics with this value,
+// the panic will be recovered and the inner error will be returned from
+// Builder.Bytes.
+type BuildError struct {
+	Err error
+}
+
 // AddUint8LengthPrefixed adds a 8-bit length-prefixed byte sequence.
 func (b *Builder) AddUint8LengthPrefixed(f BuilderContinuation) {
 	b.addLengthPrefixed(1, false, f)
@@ -119,6 +146,34 @@ func (b *Builder) AddUint24LengthPrefixed(f BuilderContinuation) {
 	b.addLengthPrefixed(3, false, f)
 }
 
+// AddUint32LengthPrefixed adds a big-endian, 32-bit length-prefixed byte sequence.
+func (b *Builder) AddUint32LengthPrefixed(f BuilderContinuation) {
+	b.addLengthPrefixed(4, false, f)
+}
+
+func (b *Builder) callContinuation(f BuilderContinuation, arg *Builder) {
+	if !*b.inContinuation {
+		*b.inContinuation = true
+
+		defer func() {
+			*b.inContinuation = false
+
+			r := recover()
+			if r == nil {
+				return
+			}
+
+			if buildError, ok := r.(BuildError); ok {
+				b.err = buildError.Err
+			} else {
+				panic(r)
+			}
+		}()
+	}
+
+	f(arg)
+}
+
 func (b *Builder) addLengthPrefixed(lenLen int, isASN1 bool, f BuilderContinuation) {
 	// Subsequent writes can be ignored if the builder has encountered an error.
 	if b.err != nil {
@@ -128,15 +183,20 @@ func (b *Builder) addLengthPrefixed(lenLen int, isASN1 bool, f BuilderContinuati
 	offset := len(b.result)
 	b.add(make([]byte, lenLen)...)
 
+	if b.inContinuation == nil {
+		b.inContinuation = new(bool)
+	}
+
 	b.child = &Builder{
-		result:        b.result,
-		fixedSize:     b.fixedSize,
-		offset:        offset,
-		pendingLenLen: lenLen,
-		pendingIsASN1: isASN1,
+		result:         b.result,
+		fixedSize:      b.fixedSize,
+		offset:         offset,
+		pendingLenLen:  lenLen,
+		pendingIsASN1:  isASN1,
+		inContinuation: b.inContinuation,
 	}
 
-	f(b.child)
+	b.callContinuation(f, b.child)
 	b.flushChild()
 	if b.child != nil {
 		panic("cryptobyte: internal error")
@@ -214,9 +274,11 @@ func (b *Builder) flushChild() {
 		return
 	}
 
-	if !b.fixedSize {
-		b.result = child.result // In case child reallocated result.
+	if b.fixedSize && &b.result[0] != &child.result[0] {
+		panic("cryptobyte: BuilderContinuation reallocated a fixed-size buffer")
 	}
+
+	b.result = child.result
 }
 
 func (b *Builder) add(bytes ...byte) {
@@ -224,7 +286,7 @@ func (b *Builder) add(bytes ...byte) {
 		return
 	}
 	if b.child != nil {
-		panic("attempted write while child is pending")
+		panic("cryptobyte: attempted write while child is pending")
 	}
 	if len(b.result)+len(bytes) < len(bytes) {
 		b.err = errors.New("cryptobyte: length overflow")
@@ -236,6 +298,26 @@ func (b *Builder) add(bytes ...byte) {
 	b.result = append(b.result, bytes...)
 }
 
+// Unwrite rolls back n bytes written directly to the Builder. An attempt by a
+// child builder passed to a continuation to unwrite bytes from its parent will
+// panic.
+func (b *Builder) Unwrite(n int) {
+	if b.err != nil {
+		return
+	}
+	if b.child != nil {
+		panic("cryptobyte: attempted unwrite while child is pending")
+	}
+	length := len(b.result) - b.pendingLenLen - b.offset
+	if length < 0 {
+		panic("cryptobyte: internal error")
+	}
+	if n > length {
+		panic("cryptobyte: attempted to unwrite more than was written")
+	}
+	b.result = b.result[:len(b.result)-n]
+}
+
 // A MarshalingValue marshals itself into a Builder.
 type MarshalingValue interface {
 	// Marshal is called by Builder.AddValue. It receives a pointer to a builder
diff --git a/cryptobyte/cryptobyte_test.go b/cryptobyte/cryptobyte_test.go
index 49c61dca4..fb6370914 100644
--- a/cryptobyte/cryptobyte_test.go
+++ b/cryptobyte/cryptobyte_test.go
@@ -6,6 +6,7 @@ package cryptobyte
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"testing"
 )
@@ -18,6 +19,54 @@ func builderBytesEq(b *Builder, want ...byte) error {
 	return nil
 }
 
+func TestContinuationError(t *testing.T) {
+	const errorStr = "TestContinuationError"
+	var b Builder
+	b.AddUint8LengthPrefixed(func(b *Builder) {
+		b.AddUint8(1)
+		panic(BuildError{Err: errors.New(errorStr)})
+	})
+
+	ret, err := b.Bytes()
+	if ret != nil {
+		t.Error("expected nil result")
+	}
+	if err == nil {
+		t.Fatal("unexpected nil error")
+	}
+	if s := err.Error(); s != errorStr {
+		t.Errorf("expected error %q, got %v", errorStr, s)
+	}
+}
+
+func TestContinuationNonError(t *testing.T) {
+	defer func() {
+		recover()
+	}()
+
+	var b Builder
+	b.AddUint8LengthPrefixed(func(b *Builder) {
+		b.AddUint8(1)
+		panic(1)
+	})
+
+	t.Error("Builder did not panic")
+}
+
+func TestGeneratedPanic(t *testing.T) {
+	defer func() {
+		recover()
+	}()
+
+	var b Builder
+	b.AddUint8LengthPrefixed(func(b *Builder) {
+		var p *byte
+		*p = 0
+	})
+
+	t.Error("Builder did not panic")
+}
+
 func TestBytes(t *testing.T) {
 	var b Builder
 	v := []byte("foobarbaz")
@@ -278,12 +327,14 @@ func TestWriteWithPendingChild(t *testing.T) {
 	var b Builder
 	b.AddUint8LengthPrefixed(func(c *Builder) {
 		c.AddUint8LengthPrefixed(func(d *Builder) {
-			defer func() {
-				if recover() == nil {
-					t.Errorf("recover() = nil, want error; c.AddUint8() did not panic")
-				}
+			func() {
+				defer func() {
+					if recover() == nil {
+						t.Errorf("recover() = nil, want error; c.AddUint8() did not panic")
+					}
+				}()
+				c.AddUint8(2) // panics
 			}()
-			c.AddUint8(2) // panics
 
 			defer func() {
 				if recover() == nil {
@@ -302,6 +353,92 @@ func TestWriteWithPendingChild(t *testing.T) {
 	})
 }
 
+func TestSetError(t *testing.T) {
+	const errorStr = "TestSetError"
+	var b Builder
+	b.SetError(errors.New(errorStr))
+
+	ret, err := b.Bytes()
+	if ret != nil {
+		t.Error("expected nil result")
+	}
+	if err == nil {
+		t.Fatal("unexpected nil error")
+	}
+	if s := err.Error(); s != errorStr {
+		t.Errorf("expected error %q, got %v", errorStr, s)
+	}
+}
+
+func TestUnwrite(t *testing.T) {
+	var b Builder
+	b.AddBytes([]byte{1, 2, 3, 4, 5})
+	b.Unwrite(2)
+	if err := builderBytesEq(&b, 1, 2, 3); err != nil {
+		t.Error(err)
+	}
+
+	func() {
+		defer func() {
+			if recover() == nil {
+				t.Errorf("recover() = nil, want error; b.Unwrite() did not panic")
+			}
+		}()
+		b.Unwrite(4) // panics
+	}()
+
+	b = Builder{}
+	b.AddBytes([]byte{1, 2, 3, 4, 5})
+	b.AddUint8LengthPrefixed(func(b *Builder) {
+		b.AddBytes([]byte{1, 2, 3, 4, 5})
+
+		defer func() {
+			if recover() == nil {
+				t.Errorf("recover() = nil, want error; b.Unwrite() did not panic")
+			}
+		}()
+		b.Unwrite(6) // panics
+	})
+
+	b = Builder{}
+	b.AddBytes([]byte{1, 2, 3, 4, 5})
+	b.AddUint8LengthPrefixed(func(c *Builder) {
+		defer func() {
+			if recover() == nil {
+				t.Errorf("recover() = nil, want error; b.Unwrite() did not panic")
+			}
+		}()
+		b.Unwrite(2) // panics (attempted unwrite while child is pending)
+	})
+}
+
+func TestFixedBuilderLengthPrefixed(t *testing.T) {
+	bufCap := 10
+	inner := bytes.Repeat([]byte{0xff}, bufCap-2)
+	buf := make([]byte, 0, bufCap)
+	b := NewFixedBuilder(buf)
+	b.AddUint16LengthPrefixed(func(b *Builder) {
+		b.AddBytes(inner)
+	})
+	if got := b.BytesOrPanic(); len(got) != bufCap {
+		t.Errorf("Expected output length to be %d, got %d", bufCap, len(got))
+	}
+}
+
+func TestFixedBuilderPanicReallocate(t *testing.T) {
+	defer func() {
+		recover()
+	}()
+
+	b := NewFixedBuilder(make([]byte, 0, 10))
+	b1 := NewFixedBuilder(make([]byte, 0, 10))
+	b.AddUint16LengthPrefixed(func(b *Builder) {
+		*b = *b1
+	})
+
+	t.Error("Builder did not panic")
+}
+
 // ASN.1
 
 func TestASN1Int64(t *testing.T) {
diff --git a/cryptobyte/example_test.go b/cryptobyte/example_test.go
index 7d3c06e12..86c098adf 100644
--- a/cryptobyte/example_test.go
+++ b/cryptobyte/example_test.go
@@ -5,9 +5,11 @@
 package cryptobyte_test
 
 import (
-	"encoding/asn1"
+	"errors"
 	"fmt"
+
 	"golang.org/x/crypto/cryptobyte"
+	"golang.org/x/crypto/cryptobyte/asn1"
 )
 
 func ExampleString_lengthPrefixed() {
@@ -37,7 +39,7 @@ func ExampleString_lengthPrefixed() {
 	fmt.Printf("%#v\n", result)
 }
 
-func ExampleString_asn1() {
+func ExampleString_aSN1() {
 	// This is an example of parsing ASN.1 data that looks like:
 	//    Foo ::= SEQUENCE {
 	//      version [6] INTEGER DEFAULT 0
@@ -51,12 +53,12 @@ func ExampleString_asn1() {
 		data, inner, versionBytes cryptobyte.String
 		haveVersion               bool
 	)
-	if !input.ReadASN1(&inner, cryptobyte.Tag(asn1.TagSequence).Constructed()) ||
+	if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
 		!input.Empty() ||
-		!inner.ReadOptionalASN1(&versionBytes, &haveVersion, cryptobyte.Tag(6).Constructed().ContextSpecific()) ||
+		!inner.ReadOptionalASN1(&versionBytes, &haveVersion, asn1.Tag(6).Constructed().ContextSpecific()) ||
 		(haveVersion && !versionBytes.ReadASN1Integer(&version)) ||
 		(haveVersion && !versionBytes.Empty()) ||
-		!inner.ReadASN1(&data, asn1.TagOctetString) ||
+		!inner.ReadASN1(&data, asn1.OCTET_STRING) ||
 		!inner.Empty() {
 		panic("bad format")
 	}
@@ -65,7 +67,7 @@ func ExampleString_asn1() {
 	fmt.Printf("haveVersion: %t, version: %d, data: %s\n", haveVersion, version, string(data))
 }
 
-func ExampleBuilder_asn1() {
+func ExampleBuilder_aSN1() {
 	// This is an example of building ASN.1 data that looks like:
 	//    Foo ::= SEQUENCE {
 	//      version [6] INTEGER DEFAULT 0
@@ -77,9 +79,9 @@ func ExampleBuilder_asn1() {
 	const defaultVersion = 0
 
 	var b cryptobyte.Builder
-	b.AddASN1(cryptobyte.Tag(asn1.TagSequence).Constructed(), func(b *cryptobyte.Builder) {
+	b.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) {
 		if version != defaultVersion {
-			b.AddASN1(cryptobyte.Tag(6).Constructed().ContextSpecific(), func(b *cryptobyte.Builder) {
+			b.AddASN1(asn1.Tag(6).Constructed().ContextSpecific(), func(b *cryptobyte.Builder) {
 				b.AddASN1Int64(version)
 			})
 		}
@@ -118,3 +120,35 @@ func ExampleBuilder_lengthPrefixed() {
 	// Output: 000c0568656c6c6f05776f726c64
 	fmt.Printf("%x\n", result)
 }
+
+func ExampleBuilder_lengthPrefixOverflow() {
+	// Writing more data that can be expressed by the length prefix results
+	// in an error from Bytes().
+
+	tooLarge := make([]byte, 256)
+
+	var b cryptobyte.Builder
+	b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
+		b.AddBytes(tooLarge)
+	})
+
+	result, err := b.Bytes()
+	fmt.Printf("len=%d err=%s\n", len(result), err)
+
+	// Output: len=0 err=cryptobyte: pending child length 256 exceeds 1-byte length prefix
+}
+
+func ExampleBuilderContinuation_errorHandling() {
+	var b cryptobyte.Builder
+	// Continuations that panic with a BuildError will cause Bytes to
+	// return the inner error.
+	b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
+		b.AddUint32(0)
+		panic(cryptobyte.BuildError{Err: errors.New("example error")})
+	})
+
+	result, err := b.Bytes()
+	fmt.Printf("len=%d err=%s\n", len(result), err)
+
+	// Output: len=0 err=example error
+}
diff --git a/cryptobyte/string.go b/cryptobyte/string.go
index 678033611..589d297e6 100644
--- a/cryptobyte/string.go
+++ b/cryptobyte/string.go
@@ -2,9 +2,19 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package cryptobyte implements building and parsing of byte strings for
-// DER-encoded ASN.1 and TLS messages. See the examples for the Builder and
-// String types to get started.
+// Package cryptobyte contains types that help with parsing and constructing
+// length-prefixed, binary messages, including ASN.1 DER. (The asn1 subpackage
+// contains useful ASN.1 constants.)
+//
+// The String type is for parsing. It wraps a []byte slice and provides helper
+// functions for consuming structures, value by value.
+//
+// The Builder type is for constructing messages. It providers helper functions
+// for appending values and also for appending length-prefixed submessages –
+// without having to worry about calculating the length prefix ahead of time.
+//
+// See the documentation and examples for the Builder and String types to get
+// started.
 package cryptobyte // import "golang.org/x/crypto/cryptobyte"
 
 // String represents a string of bytes. It provides methods for parsing
@@ -14,7 +24,7 @@ type String []byte
 // read advances a String by n bytes and returns them. If less than n bytes
 // remain, it returns nil.
 func (s *String) read(n int) []byte {
-	if len(*s) < n {
+	if len(*s) < n || n < 0 {
 		return nil
 	}
 	v := (*s)[:n]
@@ -27,8 +37,8 @@ func (s *String) Skip(n int) bool {
 	return s.read(n) != nil
 }
 
-// ReadUint8 decodes an 8-bit value into out and advances over it. It
-// returns true on success and false on error.
+// ReadUint8 decodes an 8-bit value into out and advances over it.
+// It reports whether the read was successful.
 func (s *String) ReadUint8(out *uint8) bool {
 	v := s.read(1)
 	if v == nil {
@@ -39,7 +49,7 @@ func (s *String) ReadUint8(out *uint8) bool {
 }
 
 // ReadUint16 decodes a big-endian, 16-bit value into out and advances over it.
-// It returns true on success and false on error.
+// It reports whether the read was successful.
 func (s *String) ReadUint16(out *uint16) bool {
 	v := s.read(2)
 	if v == nil {
@@ -50,7 +60,7 @@ func (s *String) ReadUint16(out *uint16) bool {
 }
 
 // ReadUint24 decodes a big-endian, 24-bit value into out and advances over it.
-// It returns true on success and false on error.
+// It reports whether the read was successful.
 func (s *String) ReadUint24(out *uint32) bool {
 	v := s.read(3)
 	if v == nil {
@@ -61,7 +71,7 @@ func (s *String) ReadUint24(out *uint32) bool {
 }
 
 // ReadUint32 decodes a big-endian, 32-bit value into out and advances over it.
-// It returns true on success and false on error.
+// It reports whether the read was successful.
 func (s *String) ReadUint32(out *uint32) bool {
 	v := s.read(4)
 	if v == nil {
@@ -95,11 +105,6 @@ func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool {
 		length = length << 8
 		length = length | uint32(b)
 	}
-	if int(length) < 0 {
-		// This currently cannot overflow because we read uint24 at most, but check
-		// anyway in case that changes in the future.
-		return false
-	}
 	v := s.read(int(length))
 	if v == nil {
 		return false
@@ -109,28 +114,27 @@ func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool {
 }
 
 // ReadUint8LengthPrefixed reads the content of an 8-bit length-prefixed value
-// into out and advances over it. It returns true on success and false on
-// error.
+// into out and advances over it. It reports whether the read was successful.
 func (s *String) ReadUint8LengthPrefixed(out *String) bool {
 	return s.readLengthPrefixed(1, out)
 }
 
 // ReadUint16LengthPrefixed reads the content of a big-endian, 16-bit
-// length-prefixed value into out and advances over it. It returns true on
-// success and false on error.
+// length-prefixed value into out and advances over it. It reports whether the
+// read was successful.
 func (s *String) ReadUint16LengthPrefixed(out *String) bool {
 	return s.readLengthPrefixed(2, out)
 }
 
 // ReadUint24LengthPrefixed reads the content of a big-endian, 24-bit
-// length-prefixed value into out and advances over it. It returns true on
-// success and false on error.
+// length-prefixed value into out and advances over it. It reports whether
+// the read was successful.
 func (s *String) ReadUint24LengthPrefixed(out *String) bool {
 	return s.readLengthPrefixed(3, out)
 }
 
-// ReadBytes reads n bytes into out and advances over them. It returns true on
-// success and false and error.
+// ReadBytes reads n bytes into out and advances over them. It reports
+// whether the read was successful.
 func (s *String) ReadBytes(out *[]byte, n int) bool {
 	v := s.read(n)
 	if v == nil {
@@ -140,8 +144,8 @@ func (s *String) ReadBytes(out *[]byte, n int) bool {
 	return true
 }
 
-// CopyBytes copies len(out) bytes into out and advances over them. It returns
-// true on success and false on error.
+// CopyBytes copies len(out) bytes into out and advances over them. It reports
+// whether the copy operation was successful
 func (s *String) CopyBytes(out []byte) bool {
 	n := len(out)
 	v := s.read(n)
diff --git a/curve25519/const_amd64.h b/curve25519/const_amd64.h
deleted file mode 100644
index b3f74162f..000000000
--- a/curve25519/const_amd64.h
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-#define REDMASK51     0x0007FFFFFFFFFFFF
diff --git a/curve25519/const_amd64.s b/curve25519/const_amd64.s
deleted file mode 100644
index ee7b4bd5f..000000000
--- a/curve25519/const_amd64.s
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-// These constants cannot be encoded in non-MOVQ immediates.
-// We access them directly from memory instead.
-
-DATA ·_121666_213(SB)/8, $996687872
-GLOBL ·_121666_213(SB), 8, $8
-
-DATA ·_2P0(SB)/8, $0xFFFFFFFFFFFDA
-GLOBL ·_2P0(SB), 8, $8
-
-DATA ·_2P1234(SB)/8, $0xFFFFFFFFFFFFE
-GLOBL ·_2P1234(SB), 8, $8
diff --git a/curve25519/cswap_amd64.s b/curve25519/cswap_amd64.s
deleted file mode 100644
index cd793a5b5..000000000
--- a/curve25519/cswap_amd64.s
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build amd64,!gccgo,!appengine
-
-// func cswap(inout *[4][5]uint64, v uint64)
-TEXT ·cswap(SB),7,$0
-	MOVQ inout+0(FP),DI
-	MOVQ v+8(FP),SI
-
-	SUBQ $1, SI
-	NOTQ SI
-	MOVQ SI, X15
-	PSHUFD $0x44, X15, X15
-
-	MOVOU 0(DI), X0
-	MOVOU 16(DI), X2
-	MOVOU 32(DI), X4
-	MOVOU 48(DI), X6
-	MOVOU 64(DI), X8
-	MOVOU 80(DI), X1
-	MOVOU 96(DI), X3
-	MOVOU 112(DI), X5
-	MOVOU 128(DI), X7
-	MOVOU 144(DI), X9
-
-	MOVO X1, X10
-	MOVO X3, X11
-	MOVO X5, X12
-	MOVO X7, X13
-	MOVO X9, X14
-
-	PXOR X0, X10
-	PXOR X2, X11
-	PXOR X4, X12
-	PXOR X6, X13
-	PXOR X8, X14
-	PAND X15, X10
-	PAND X15, X11
-	PAND X15, X12
-	PAND X15, X13
-	PAND X15, X14
-	PXOR X10, X0
-	PXOR X10, X1
-	PXOR X11, X2
-	PXOR X11, X3
-	PXOR X12, X4
-	PXOR X12, X5
-	PXOR X13, X6
-	PXOR X13, X7
-	PXOR X14, X8
-	PXOR X14, X9
-
-	MOVOU X0, 0(DI)
-	MOVOU X2, 16(DI)
-	MOVOU X4, 32(DI)
-	MOVOU X6, 48(DI)
-	MOVOU X8, 64(DI)
-	MOVOU X1, 80(DI)
-	MOVOU X3, 96(DI)
-	MOVOU X5, 112(DI)
-	MOVOU X7, 128(DI)
-	MOVOU X9, 144(DI)
-	RET
diff --git a/curve25519/curve25519.go b/curve25519/curve25519.go
index 2d14c2a78..cda3fdd35 100644
--- a/curve25519/curve25519.go
+++ b/curve25519/curve25519.go
@@ -1,834 +1,145 @@
-// Copyright 2013 The Go Authors. All rights reserved.
+// Copyright 2019 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// We have a implementation in amd64 assembly so this code is only run on
-// non-amd64 platforms. The amd64 assembly does not support gccgo.
-// +build !amd64 gccgo appengine
-
-package curve25519
+// Package curve25519 provides an implementation of the X25519 function, which
+// performs scalar multiplication on the elliptic curve known as Curve25519.
+// See RFC 7748.
+package curve25519 // import "golang.org/x/crypto/curve25519"
 
 import (
-	"encoding/binary"
-)
-
-// This code is a port of the public domain, "ref10" implementation of
-// curve25519 from SUPERCOP 20130419 by D. J. Bernstein.
-
-// fieldElement represents an element of the field GF(2^255 - 19). An element
-// t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
-// t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
-// context.
-type fieldElement [10]int32
-
-func feZero(fe *fieldElement) {
-	for i := range fe {
-		fe[i] = 0
-	}
-}
-
-func feOne(fe *fieldElement) {
-	feZero(fe)
-	fe[0] = 1
-}
-
-func feAdd(dst, a, b *fieldElement) {
-	for i := range dst {
-		dst[i] = a[i] + b[i]
-	}
-}
-
-func feSub(dst, a, b *fieldElement) {
-	for i := range dst {
-		dst[i] = a[i] - b[i]
-	}
-}
-
-func feCopy(dst, src *fieldElement) {
-	for i := range dst {
-		dst[i] = src[i]
-	}
-}
-
-// feCSwap replaces (f,g) with (g,f) if b == 1; replaces (f,g) with (f,g) if b == 0.
-//
-// Preconditions: b in {0,1}.
-func feCSwap(f, g *fieldElement, b int32) {
-	b = -b
-	for i := range f {
-		t := b & (f[i] ^ g[i])
-		f[i] ^= t
-		g[i] ^= t
-	}
-}
-
-// load3 reads a 24-bit, little-endian value from in.
-func load3(in []byte) int64 {
-	var r int64
-	r = int64(in[0])
-	r |= int64(in[1]) << 8
-	r |= int64(in[2]) << 16
-	return r
-}
-
-// load4 reads a 32-bit, little-endian value from in.
-func load4(in []byte) int64 {
-	return int64(binary.LittleEndian.Uint32(in))
-}
-
-func feFromBytes(dst *fieldElement, src *[32]byte) {
-	h0 := load4(src[:])
-	h1 := load3(src[4:]) << 6
-	h2 := load3(src[7:]) << 5
-	h3 := load3(src[10:]) << 3
-	h4 := load3(src[13:]) << 2
-	h5 := load4(src[16:])
-	h6 := load3(src[20:]) << 7
-	h7 := load3(src[23:]) << 5
-	h8 := load3(src[26:]) << 4
-	h9 := load3(src[29:]) << 2
-
-	var carry [10]int64
-	carry[9] = (h9 + 1<<24) >> 25
-	h0 += carry[9] * 19
-	h9 -= carry[9] << 25
-	carry[1] = (h1 + 1<<24) >> 25
-	h2 += carry[1]
-	h1 -= carry[1] << 25
-	carry[3] = (h3 + 1<<24) >> 25
-	h4 += carry[3]
-	h3 -= carry[3] << 25
-	carry[5] = (h5 + 1<<24) >> 25
-	h6 += carry[5]
-	h5 -= carry[5] << 25
-	carry[7] = (h7 + 1<<24) >> 25
-	h8 += carry[7]
-	h7 -= carry[7] << 25
-
-	carry[0] = (h0 + 1<<25) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	carry[2] = (h2 + 1<<25) >> 26
-	h3 += carry[2]
-	h2 -= carry[2] << 26
-	carry[4] = (h4 + 1<<25) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	carry[6] = (h6 + 1<<25) >> 26
-	h7 += carry[6]
-	h6 -= carry[6] << 26
-	carry[8] = (h8 + 1<<25) >> 26
-	h9 += carry[8]
-	h8 -= carry[8] << 26
+	"crypto/subtle"
+	"fmt"
 
-	dst[0] = int32(h0)
-	dst[1] = int32(h1)
-	dst[2] = int32(h2)
-	dst[3] = int32(h3)
-	dst[4] = int32(h4)
-	dst[5] = int32(h5)
-	dst[6] = int32(h6)
-	dst[7] = int32(h7)
-	dst[8] = int32(h8)
-	dst[9] = int32(h9)
-}
+	"golang.org/x/crypto/curve25519/internal/field"
+)
 
-// feToBytes marshals h to s.
-// Preconditions:
-//   |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-//
-// Write p=2^255-19; q=floor(h/p).
-// Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
+// ScalarMult sets dst to the product scalar * point.
 //
-// Proof:
-//   Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
-//   Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4.
-//
-//   Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
-//   Then 0<y<1.
-//
-//   Write r=h-pq.
-//   Have 0<=r<=p-1=2^255-20.
-//   Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
-//
-//   Write x=r+19(2^-255)r+y.
-//   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
-//
-//   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
-//   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
-func feToBytes(s *[32]byte, h *fieldElement) {
-	var carry [10]int32
-
-	q := (19*h[9] + (1 << 24)) >> 25
-	q = (h[0] + q) >> 26
-	q = (h[1] + q) >> 25
-	q = (h[2] + q) >> 26
-	q = (h[3] + q) >> 25
-	q = (h[4] + q) >> 26
-	q = (h[5] + q) >> 25
-	q = (h[6] + q) >> 26
-	q = (h[7] + q) >> 25
-	q = (h[8] + q) >> 26
-	q = (h[9] + q) >> 25
-
-	// Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20.
-	h[0] += 19 * q
-	// Goal: Output h-2^255 q, which is between 0 and 2^255-20.
+// Deprecated: when provided a low-order point, ScalarMult will set dst to all
+// zeroes, irrespective of the scalar. Instead, use the X25519 function, which
+// will return an error.
+func ScalarMult(dst, scalar, point *[32]byte) {
+	var e [32]byte
 
-	carry[0] = h[0] >> 26
-	h[1] += carry[0]
-	h[0] -= carry[0] << 26
-	carry[1] = h[1] >> 25
-	h[2] += carry[1]
-	h[1] -= carry[1] << 25
-	carry[2] = h[2] >> 26
-	h[3] += carry[2]
-	h[2] -= carry[2] << 26
-	carry[3] = h[3] >> 25
-	h[4] += carry[3]
-	h[3] -= carry[3] << 25
-	carry[4] = h[4] >> 26
-	h[5] += carry[4]
-	h[4] -= carry[4] << 26
-	carry[5] = h[5] >> 25
-	h[6] += carry[5]
-	h[5] -= carry[5] << 25
-	carry[6] = h[6] >> 26
-	h[7] += carry[6]
-	h[6] -= carry[6] << 26
-	carry[7] = h[7] >> 25
-	h[8] += carry[7]
-	h[7] -= carry[7] << 25
-	carry[8] = h[8] >> 26
-	h[9] += carry[8]
-	h[8] -= carry[8] << 26
-	carry[9] = h[9] >> 25
-	h[9] -= carry[9] << 25
-	// h10 = carry9
+	copy(e[:], scalar[:])
+	e[0] &= 248
+	e[31] &= 127
+	e[31] |= 64
 
-	// Goal: Output h[0]+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
-	// Have h[0]+...+2^230 h[9] between 0 and 2^255-1;
-	// evidently 2^255 h10-2^255 q = 0.
-	// Goal: Output h[0]+...+2^230 h[9].
+	var x1, x2, z2, x3, z3, tmp0, tmp1 field.Element
+	x1.SetBytes(point[:])
+	x2.One()
+	x3.Set(&x1)
+	z3.One()
 
-	s[0] = byte(h[0] >> 0)
-	s[1] = byte(h[0] >> 8)
-	s[2] = byte(h[0] >> 16)
-	s[3] = byte((h[0] >> 24) | (h[1] << 2))
-	s[4] = byte(h[1] >> 6)
-	s[5] = byte(h[1] >> 14)
-	s[6] = byte((h[1] >> 22) | (h[2] << 3))
-	s[7] = byte(h[2] >> 5)
-	s[8] = byte(h[2] >> 13)
-	s[9] = byte((h[2] >> 21) | (h[3] << 5))
-	s[10] = byte(h[3] >> 3)
-	s[11] = byte(h[3] >> 11)
-	s[12] = byte((h[3] >> 19) | (h[4] << 6))
-	s[13] = byte(h[4] >> 2)
-	s[14] = byte(h[4] >> 10)
-	s[15] = byte(h[4] >> 18)
-	s[16] = byte(h[5] >> 0)
-	s[17] = byte(h[5] >> 8)
-	s[18] = byte(h[5] >> 16)
-	s[19] = byte((h[5] >> 24) | (h[6] << 1))
-	s[20] = byte(h[6] >> 7)
-	s[21] = byte(h[6] >> 15)
-	s[22] = byte((h[6] >> 23) | (h[7] << 3))
-	s[23] = byte(h[7] >> 5)
-	s[24] = byte(h[7] >> 13)
-	s[25] = byte((h[7] >> 21) | (h[8] << 4))
-	s[26] = byte(h[8] >> 4)
-	s[27] = byte(h[8] >> 12)
-	s[28] = byte((h[8] >> 20) | (h[9] << 6))
-	s[29] = byte(h[9] >> 2)
-	s[30] = byte(h[9] >> 10)
-	s[31] = byte(h[9] >> 18)
+	swap := 0
+	for pos := 254; pos >= 0; pos-- {
+		b := e[pos/8] >> uint(pos&7)
+		b &= 1
+		swap ^= int(b)
+		x2.Swap(&x3, swap)
+		z2.Swap(&z3, swap)
+		swap = int(b)
+
+		tmp0.Subtract(&x3, &z3)
+		tmp1.Subtract(&x2, &z2)
+		x2.Add(&x2, &z2)
+		z2.Add(&x3, &z3)
+		z3.Multiply(&tmp0, &x2)
+		z2.Multiply(&z2, &tmp1)
+		tmp0.Square(&tmp1)
+		tmp1.Square(&x2)
+		x3.Add(&z3, &z2)
+		z2.Subtract(&z3, &z2)
+		x2.Multiply(&tmp1, &tmp0)
+		tmp1.Subtract(&tmp1, &tmp0)
+		z2.Square(&z2)
+
+		z3.Mult32(&tmp1, 121666)
+		x3.Square(&x3)
+		tmp0.Add(&tmp0, &z3)
+		z3.Multiply(&x1, &z2)
+		z2.Multiply(&tmp1, &tmp0)
+	}
+
+	x2.Swap(&x3, swap)
+	z2.Swap(&z3, swap)
+
+	z2.Invert(&z2)
+	x2.Multiply(&x2, &z2)
+	copy(dst[:], x2.Bytes())
 }
 
-// feMul calculates h = f * g
-// Can overlap h with f or g.
-//
-// Preconditions:
-//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//    |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//
-// Postconditions:
-//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-//
-// Notes on implementation strategy:
-//
-// Using schoolbook multiplication.
-// Karatsuba would save a little in some cost models.
-//
-// Most multiplications by 2 and 19 are 32-bit precomputations;
-// cheaper than 64-bit postcomputations.
+// ScalarBaseMult sets dst to the product scalar * base where base is the
+// standard generator.
 //
-// There is one remaining multiplication by 19 in the carry chain;
-// one *19 precomputation can be merged into this,
-// but the resulting data flow is considerably less clean.
-//
-// There are 12 carries below.
-// 10 of them are 2-way parallelizable and vectorizable.
-// Can get away with 11 carries, but then data flow is much deeper.
-//
-// With tighter constraints on inputs can squeeze carries into int32.
-func feMul(h, f, g *fieldElement) {
-	f0 := f[0]
-	f1 := f[1]
-	f2 := f[2]
-	f3 := f[3]
-	f4 := f[4]
-	f5 := f[5]
-	f6 := f[6]
-	f7 := f[7]
-	f8 := f[8]
-	f9 := f[9]
-	g0 := g[0]
-	g1 := g[1]
-	g2 := g[2]
-	g3 := g[3]
-	g4 := g[4]
-	g5 := g[5]
-	g6 := g[6]
-	g7 := g[7]
-	g8 := g[8]
-	g9 := g[9]
-	g1_19 := 19 * g1 // 1.4*2^29
-	g2_19 := 19 * g2 // 1.4*2^30; still ok
-	g3_19 := 19 * g3
-	g4_19 := 19 * g4
-	g5_19 := 19 * g5
-	g6_19 := 19 * g6
-	g7_19 := 19 * g7
-	g8_19 := 19 * g8
-	g9_19 := 19 * g9
-	f1_2 := 2 * f1
-	f3_2 := 2 * f3
-	f5_2 := 2 * f5
-	f7_2 := 2 * f7
-	f9_2 := 2 * f9
-	f0g0 := int64(f0) * int64(g0)
-	f0g1 := int64(f0) * int64(g1)
-	f0g2 := int64(f0) * int64(g2)
-	f0g3 := int64(f0) * int64(g3)
-	f0g4 := int64(f0) * int64(g4)
-	f0g5 := int64(f0) * int64(g5)
-	f0g6 := int64(f0) * int64(g6)
-	f0g7 := int64(f0) * int64(g7)
-	f0g8 := int64(f0) * int64(g8)
-	f0g9 := int64(f0) * int64(g9)
-	f1g0 := int64(f1) * int64(g0)
-	f1g1_2 := int64(f1_2) * int64(g1)
-	f1g2 := int64(f1) * int64(g2)
-	f1g3_2 := int64(f1_2) * int64(g3)
-	f1g4 := int64(f1) * int64(g4)
-	f1g5_2 := int64(f1_2) * int64(g5)
-	f1g6 := int64(f1) * int64(g6)
-	f1g7_2 := int64(f1_2) * int64(g7)
-	f1g8 := int64(f1) * int64(g8)
-	f1g9_38 := int64(f1_2) * int64(g9_19)
-	f2g0 := int64(f2) * int64(g0)
-	f2g1 := int64(f2) * int64(g1)
-	f2g2 := int64(f2) * int64(g2)
-	f2g3 := int64(f2) * int64(g3)
-	f2g4 := int64(f2) * int64(g4)
-	f2g5 := int64(f2) * int64(g5)
-	f2g6 := int64(f2) * int64(g6)
-	f2g7 := int64(f2) * int64(g7)
-	f2g8_19 := int64(f2) * int64(g8_19)
-	f2g9_19 := int64(f2) * int64(g9_19)
-	f3g0 := int64(f3) * int64(g0)
-	f3g1_2 := int64(f3_2) * int64(g1)
-	f3g2 := int64(f3) * int64(g2)
-	f3g3_2 := int64(f3_2) * int64(g3)
-	f3g4 := int64(f3) * int64(g4)
-	f3g5_2 := int64(f3_2) * int64(g5)
-	f3g6 := int64(f3) * int64(g6)
-	f3g7_38 := int64(f3_2) * int64(g7_19)
-	f3g8_19 := int64(f3) * int64(g8_19)
-	f3g9_38 := int64(f3_2) * int64(g9_19)
-	f4g0 := int64(f4) * int64(g0)
-	f4g1 := int64(f4) * int64(g1)
-	f4g2 := int64(f4) * int64(g2)
-	f4g3 := int64(f4) * int64(g3)
-	f4g4 := int64(f4) * int64(g4)
-	f4g5 := int64(f4) * int64(g5)
-	f4g6_19 := int64(f4) * int64(g6_19)
-	f4g7_19 := int64(f4) * int64(g7_19)
-	f4g8_19 := int64(f4) * int64(g8_19)
-	f4g9_19 := int64(f4) * int64(g9_19)
-	f5g0 := int64(f5) * int64(g0)
-	f5g1_2 := int64(f5_2) * int64(g1)
-	f5g2 := int64(f5) * int64(g2)
-	f5g3_2 := int64(f5_2) * int64(g3)
-	f5g4 := int64(f5) * int64(g4)
-	f5g5_38 := int64(f5_2) * int64(g5_19)
-	f5g6_19 := int64(f5) * int64(g6_19)
-	f5g7_38 := int64(f5_2) * int64(g7_19)
-	f5g8_19 := int64(f5) * int64(g8_19)
-	f5g9_38 := int64(f5_2) * int64(g9_19)
-	f6g0 := int64(f6) * int64(g0)
-	f6g1 := int64(f6) * int64(g1)
-	f6g2 := int64(f6) * int64(g2)
-	f6g3 := int64(f6) * int64(g3)
-	f6g4_19 := int64(f6) * int64(g4_19)
-	f6g5_19 := int64(f6) * int64(g5_19)
-	f6g6_19 := int64(f6) * int64(g6_19)
-	f6g7_19 := int64(f6) * int64(g7_19)
-	f6g8_19 := int64(f6) * int64(g8_19)
-	f6g9_19 := int64(f6) * int64(g9_19)
-	f7g0 := int64(f7) * int64(g0)
-	f7g1_2 := int64(f7_2) * int64(g1)
-	f7g2 := int64(f7) * int64(g2)
-	f7g3_38 := int64(f7_2) * int64(g3_19)
-	f7g4_19 := int64(f7) * int64(g4_19)
-	f7g5_38 := int64(f7_2) * int64(g5_19)
-	f7g6_19 := int64(f7) * int64(g6_19)
-	f7g7_38 := int64(f7_2) * int64(g7_19)
-	f7g8_19 := int64(f7) * int64(g8_19)
-	f7g9_38 := int64(f7_2) * int64(g9_19)
-	f8g0 := int64(f8) * int64(g0)
-	f8g1 := int64(f8) * int64(g1)
-	f8g2_19 := int64(f8) * int64(g2_19)
-	f8g3_19 := int64(f8) * int64(g3_19)
-	f8g4_19 := int64(f8) * int64(g4_19)
-	f8g5_19 := int64(f8) * int64(g5_19)
-	f8g6_19 := int64(f8) * int64(g6_19)
-	f8g7_19 := int64(f8) * int64(g7_19)
-	f8g8_19 := int64(f8) * int64(g8_19)
-	f8g9_19 := int64(f8) * int64(g9_19)
-	f9g0 := int64(f9) * int64(g0)
-	f9g1_38 := int64(f9_2) * int64(g1_19)
-	f9g2_19 := int64(f9) * int64(g2_19)
-	f9g3_38 := int64(f9_2) * int64(g3_19)
-	f9g4_19 := int64(f9) * int64(g4_19)
-	f9g5_38 := int64(f9_2) * int64(g5_19)
-	f9g6_19 := int64(f9) * int64(g6_19)
-	f9g7_38 := int64(f9_2) * int64(g7_19)
-	f9g8_19 := int64(f9) * int64(g8_19)
-	f9g9_38 := int64(f9_2) * int64(g9_19)
-	h0 := f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38
-	h1 := f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19
-	h2 := f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38
-	h3 := f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19
-	h4 := f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38
-	h5 := f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19
-	h6 := f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38
-	h7 := f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19
-	h8 := f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38
-	h9 := f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0
-	var carry [10]int64
-
-	// |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38))
-	//   i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8
-	// |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19))
-	//   i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	// |h0| <= 2^25
-	// |h4| <= 2^25
-	// |h1| <= 1.51*2^58
-	// |h5| <= 1.51*2^58
-
-	carry[1] = (h1 + (1 << 24)) >> 25
-	h2 += carry[1]
-	h1 -= carry[1] << 25
-	carry[5] = (h5 + (1 << 24)) >> 25
-	h6 += carry[5]
-	h5 -= carry[5] << 25
-	// |h1| <= 2^24; from now on fits into int32
-	// |h5| <= 2^24; from now on fits into int32
-	// |h2| <= 1.21*2^59
-	// |h6| <= 1.21*2^59
-
-	carry[2] = (h2 + (1 << 25)) >> 26
-	h3 += carry[2]
-	h2 -= carry[2] << 26
-	carry[6] = (h6 + (1 << 25)) >> 26
-	h7 += carry[6]
-	h6 -= carry[6] << 26
-	// |h2| <= 2^25; from now on fits into int32 unchanged
-	// |h6| <= 2^25; from now on fits into int32 unchanged
-	// |h3| <= 1.51*2^58
-	// |h7| <= 1.51*2^58
-
-	carry[3] = (h3 + (1 << 24)) >> 25
-	h4 += carry[3]
-	h3 -= carry[3] << 25
-	carry[7] = (h7 + (1 << 24)) >> 25
-	h8 += carry[7]
-	h7 -= carry[7] << 25
-	// |h3| <= 2^24; from now on fits into int32 unchanged
-	// |h7| <= 2^24; from now on fits into int32 unchanged
-	// |h4| <= 1.52*2^33
-	// |h8| <= 1.52*2^33
-
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	carry[8] = (h8 + (1 << 25)) >> 26
-	h9 += carry[8]
-	h8 -= carry[8] << 26
-	// |h4| <= 2^25; from now on fits into int32 unchanged
-	// |h8| <= 2^25; from now on fits into int32 unchanged
-	// |h5| <= 1.01*2^24
-	// |h9| <= 1.51*2^58
-
-	carry[9] = (h9 + (1 << 24)) >> 25
-	h0 += carry[9] * 19
-	h9 -= carry[9] << 25
-	// |h9| <= 2^24; from now on fits into int32 unchanged
-	// |h0| <= 1.8*2^37
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	// |h0| <= 2^25; from now on fits into int32 unchanged
-	// |h1| <= 1.01*2^24
-
-	h[0] = int32(h0)
-	h[1] = int32(h1)
-	h[2] = int32(h2)
-	h[3] = int32(h3)
-	h[4] = int32(h4)
-	h[5] = int32(h5)
-	h[6] = int32(h6)
-	h[7] = int32(h7)
-	h[8] = int32(h8)
-	h[9] = int32(h9)
+// It is recommended to use the X25519 function with Basepoint instead, as
+// copying into fixed size arrays can lead to unexpected bugs.
+func ScalarBaseMult(dst, scalar *[32]byte) {
+	ScalarMult(dst, scalar, &basePoint)
 }
 
-// feSquare calculates h = f*f. Can overlap h with f.
-//
-// Preconditions:
-//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//
-// Postconditions:
-//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-func feSquare(h, f *fieldElement) {
-	f0 := f[0]
-	f1 := f[1]
-	f2 := f[2]
-	f3 := f[3]
-	f4 := f[4]
-	f5 := f[5]
-	f6 := f[6]
-	f7 := f[7]
-	f8 := f[8]
-	f9 := f[9]
-	f0_2 := 2 * f0
-	f1_2 := 2 * f1
-	f2_2 := 2 * f2
-	f3_2 := 2 * f3
-	f4_2 := 2 * f4
-	f5_2 := 2 * f5
-	f6_2 := 2 * f6
-	f7_2 := 2 * f7
-	f5_38 := 38 * f5 // 1.31*2^30
-	f6_19 := 19 * f6 // 1.31*2^30
-	f7_38 := 38 * f7 // 1.31*2^30
-	f8_19 := 19 * f8 // 1.31*2^30
-	f9_38 := 38 * f9 // 1.31*2^30
-	f0f0 := int64(f0) * int64(f0)
-	f0f1_2 := int64(f0_2) * int64(f1)
-	f0f2_2 := int64(f0_2) * int64(f2)
-	f0f3_2 := int64(f0_2) * int64(f3)
-	f0f4_2 := int64(f0_2) * int64(f4)
-	f0f5_2 := int64(f0_2) * int64(f5)
-	f0f6_2 := int64(f0_2) * int64(f6)
-	f0f7_2 := int64(f0_2) * int64(f7)
-	f0f8_2 := int64(f0_2) * int64(f8)
-	f0f9_2 := int64(f0_2) * int64(f9)
-	f1f1_2 := int64(f1_2) * int64(f1)
-	f1f2_2 := int64(f1_2) * int64(f2)
-	f1f3_4 := int64(f1_2) * int64(f3_2)
-	f1f4_2 := int64(f1_2) * int64(f4)
-	f1f5_4 := int64(f1_2) * int64(f5_2)
-	f1f6_2 := int64(f1_2) * int64(f6)
-	f1f7_4 := int64(f1_2) * int64(f7_2)
-	f1f8_2 := int64(f1_2) * int64(f8)
-	f1f9_76 := int64(f1_2) * int64(f9_38)
-	f2f2 := int64(f2) * int64(f2)
-	f2f3_2 := int64(f2_2) * int64(f3)
-	f2f4_2 := int64(f2_2) * int64(f4)
-	f2f5_2 := int64(f2_2) * int64(f5)
-	f2f6_2 := int64(f2_2) * int64(f6)
-	f2f7_2 := int64(f2_2) * int64(f7)
-	f2f8_38 := int64(f2_2) * int64(f8_19)
-	f2f9_38 := int64(f2) * int64(f9_38)
-	f3f3_2 := int64(f3_2) * int64(f3)
-	f3f4_2 := int64(f3_2) * int64(f4)
-	f3f5_4 := int64(f3_2) * int64(f5_2)
-	f3f6_2 := int64(f3_2) * int64(f6)
-	f3f7_76 := int64(f3_2) * int64(f7_38)
-	f3f8_38 := int64(f3_2) * int64(f8_19)
-	f3f9_76 := int64(f3_2) * int64(f9_38)
-	f4f4 := int64(f4) * int64(f4)
-	f4f5_2 := int64(f4_2) * int64(f5)
-	f4f6_38 := int64(f4_2) * int64(f6_19)
-	f4f7_38 := int64(f4) * int64(f7_38)
-	f4f8_38 := int64(f4_2) * int64(f8_19)
-	f4f9_38 := int64(f4) * int64(f9_38)
-	f5f5_38 := int64(f5) * int64(f5_38)
-	f5f6_38 := int64(f5_2) * int64(f6_19)
-	f5f7_76 := int64(f5_2) * int64(f7_38)
-	f5f8_38 := int64(f5_2) * int64(f8_19)
-	f5f9_76 := int64(f5_2) * int64(f9_38)
-	f6f6_19 := int64(f6) * int64(f6_19)
-	f6f7_38 := int64(f6) * int64(f7_38)
-	f6f8_38 := int64(f6_2) * int64(f8_19)
-	f6f9_38 := int64(f6) * int64(f9_38)
-	f7f7_38 := int64(f7) * int64(f7_38)
-	f7f8_38 := int64(f7_2) * int64(f8_19)
-	f7f9_76 := int64(f7_2) * int64(f9_38)
-	f8f8_19 := int64(f8) * int64(f8_19)
-	f8f9_38 := int64(f8) * int64(f9_38)
-	f9f9_38 := int64(f9) * int64(f9_38)
-	h0 := f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38
-	h1 := f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38
-	h2 := f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19
-	h3 := f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38
-	h4 := f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38
-	h5 := f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38
-	h6 := f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19
-	h7 := f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38
-	h8 := f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38
-	h9 := f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2
-	var carry [10]int64
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-
-	carry[1] = (h1 + (1 << 24)) >> 25
-	h2 += carry[1]
-	h1 -= carry[1] << 25
-	carry[5] = (h5 + (1 << 24)) >> 25
-	h6 += carry[5]
-	h5 -= carry[5] << 25
-
-	carry[2] = (h2 + (1 << 25)) >> 26
-	h3 += carry[2]
-	h2 -= carry[2] << 26
-	carry[6] = (h6 + (1 << 25)) >> 26
-	h7 += carry[6]
-	h6 -= carry[6] << 26
-
-	carry[3] = (h3 + (1 << 24)) >> 25
-	h4 += carry[3]
-	h3 -= carry[3] << 25
-	carry[7] = (h7 + (1 << 24)) >> 25
-	h8 += carry[7]
-	h7 -= carry[7] << 25
+const (
+	// ScalarSize is the size of the scalar input to X25519.
+	ScalarSize = 32
+	// PointSize is the size of the point input to X25519.
+	PointSize = 32
+)
 
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	carry[8] = (h8 + (1 << 25)) >> 26
-	h9 += carry[8]
-	h8 -= carry[8] << 26
+// Basepoint is the canonical Curve25519 generator.
+var Basepoint []byte
 
-	carry[9] = (h9 + (1 << 24)) >> 25
-	h0 += carry[9] * 19
-	h9 -= carry[9] << 25
+var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
 
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
+func init() { Basepoint = basePoint[:] }
 
-	h[0] = int32(h0)
-	h[1] = int32(h1)
-	h[2] = int32(h2)
-	h[3] = int32(h3)
-	h[4] = int32(h4)
-	h[5] = int32(h5)
-	h[6] = int32(h6)
-	h[7] = int32(h7)
-	h[8] = int32(h8)
-	h[9] = int32(h9)
+func checkBasepoint() {
+	if subtle.ConstantTimeCompare(Basepoint, []byte{
+		0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	}) != 1 {
+		panic("curve25519: global Basepoint value was modified")
+	}
 }
 
-// feMul121666 calculates h = f * 121666. Can overlap h with f.
+// X25519 returns the result of the scalar multiplication (scalar * point),
+// according to RFC 7748, Section 5. scalar, point and the return value are
+// slices of 32 bytes.
 //
-// Preconditions:
-//    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+// scalar can be generated at random, for example with crypto/rand. point should
+// be either Basepoint or the output of another X25519 call.
 //
-// Postconditions:
-//    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-func feMul121666(h, f *fieldElement) {
-	h0 := int64(f[0]) * 121666
-	h1 := int64(f[1]) * 121666
-	h2 := int64(f[2]) * 121666
-	h3 := int64(f[3]) * 121666
-	h4 := int64(f[4]) * 121666
-	h5 := int64(f[5]) * 121666
-	h6 := int64(f[6]) * 121666
-	h7 := int64(f[7]) * 121666
-	h8 := int64(f[8]) * 121666
-	h9 := int64(f[9]) * 121666
-	var carry [10]int64
-
-	carry[9] = (h9 + (1 << 24)) >> 25
-	h0 += carry[9] * 19
-	h9 -= carry[9] << 25
-	carry[1] = (h1 + (1 << 24)) >> 25
-	h2 += carry[1]
-	h1 -= carry[1] << 25
-	carry[3] = (h3 + (1 << 24)) >> 25
-	h4 += carry[3]
-	h3 -= carry[3] << 25
-	carry[5] = (h5 + (1 << 24)) >> 25
-	h6 += carry[5]
-	h5 -= carry[5] << 25
-	carry[7] = (h7 + (1 << 24)) >> 25
-	h8 += carry[7]
-	h7 -= carry[7] << 25
-
-	carry[0] = (h0 + (1 << 25)) >> 26
-	h1 += carry[0]
-	h0 -= carry[0] << 26
-	carry[2] = (h2 + (1 << 25)) >> 26
-	h3 += carry[2]
-	h2 -= carry[2] << 26
-	carry[4] = (h4 + (1 << 25)) >> 26
-	h5 += carry[4]
-	h4 -= carry[4] << 26
-	carry[6] = (h6 + (1 << 25)) >> 26
-	h7 += carry[6]
-	h6 -= carry[6] << 26
-	carry[8] = (h8 + (1 << 25)) >> 26
-	h9 += carry[8]
-	h8 -= carry[8] << 26
-
-	h[0] = int32(h0)
-	h[1] = int32(h1)
-	h[2] = int32(h2)
-	h[3] = int32(h3)
-	h[4] = int32(h4)
-	h[5] = int32(h5)
-	h[6] = int32(h6)
-	h[7] = int32(h7)
-	h[8] = int32(h8)
-	h[9] = int32(h9)
-}
-
-// feInvert sets out = z^-1.
-func feInvert(out, z *fieldElement) {
-	var t0, t1, t2, t3 fieldElement
-	var i int
-
-	feSquare(&t0, z)
-	for i = 1; i < 1; i++ {
-		feSquare(&t0, &t0)
-	}
-	feSquare(&t1, &t0)
-	for i = 1; i < 2; i++ {
-		feSquare(&t1, &t1)
-	}
-	feMul(&t1, z, &t1)
-	feMul(&t0, &t0, &t1)
-	feSquare(&t2, &t0)
-	for i = 1; i < 1; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t1, &t1, &t2)
-	feSquare(&t2, &t1)
-	for i = 1; i < 5; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t1, &t2, &t1)
-	feSquare(&t2, &t1)
-	for i = 1; i < 10; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t2, &t2, &t1)
-	feSquare(&t3, &t2)
-	for i = 1; i < 20; i++ {
-		feSquare(&t3, &t3)
-	}
-	feMul(&t2, &t3, &t2)
-	feSquare(&t2, &t2)
-	for i = 1; i < 10; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t1, &t2, &t1)
-	feSquare(&t2, &t1)
-	for i = 1; i < 50; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t2, &t2, &t1)
-	feSquare(&t3, &t2)
-	for i = 1; i < 100; i++ {
-		feSquare(&t3, &t3)
-	}
-	feMul(&t2, &t3, &t2)
-	feSquare(&t2, &t2)
-	for i = 1; i < 50; i++ {
-		feSquare(&t2, &t2)
-	}
-	feMul(&t1, &t2, &t1)
-	feSquare(&t1, &t1)
-	for i = 1; i < 5; i++ {
-		feSquare(&t1, &t1)
-	}
-	feMul(out, &t1, &t0)
+// If point is Basepoint (but not if it's a different slice with the same
+// contents) a precomputed implementation might be used for performance.
+func X25519(scalar, point []byte) ([]byte, error) {
+	// Outline the body of function, to let the allocation be inlined in the
+	// caller, and possibly avoid escaping to the heap.
+	var dst [32]byte
+	return x25519(&dst, scalar, point)
 }
 
-func scalarMult(out, in, base *[32]byte) {
-	var e [32]byte
-
-	copy(e[:], in[:])
-	e[0] &= 248
-	e[31] &= 127
-	e[31] |= 64
-
-	var x1, x2, z2, x3, z3, tmp0, tmp1 fieldElement
-	feFromBytes(&x1, base)
-	feOne(&x2)
-	feCopy(&x3, &x1)
-	feOne(&z3)
-
-	swap := int32(0)
-	for pos := 254; pos >= 0; pos-- {
-		b := e[pos/8] >> uint(pos&7)
-		b &= 1
-		swap ^= int32(b)
-		feCSwap(&x2, &x3, swap)
-		feCSwap(&z2, &z3, swap)
-		swap = int32(b)
-
-		feSub(&tmp0, &x3, &z3)
-		feSub(&tmp1, &x2, &z2)
-		feAdd(&x2, &x2, &z2)
-		feAdd(&z2, &x3, &z3)
-		feMul(&z3, &tmp0, &x2)
-		feMul(&z2, &z2, &tmp1)
-		feSquare(&tmp0, &tmp1)
-		feSquare(&tmp1, &x2)
-		feAdd(&x3, &z3, &z2)
-		feSub(&z2, &z3, &z2)
-		feMul(&x2, &tmp1, &tmp0)
-		feSub(&tmp1, &tmp1, &tmp0)
-		feSquare(&z2, &z2)
-		feMul121666(&z3, &tmp1)
-		feSquare(&x3, &x3)
-		feAdd(&tmp0, &tmp0, &z3)
-		feMul(&z3, &x1, &z2)
-		feMul(&z2, &tmp1, &tmp0)
-	}
-
-	feCSwap(&x2, &x3, swap)
-	feCSwap(&z2, &z3, swap)
-
-	feInvert(&z2, &z2)
-	feMul(&x2, &x2, &z2)
-	feToBytes(out, &x2)
+func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
+	var in [32]byte
+	if l := len(scalar); l != 32 {
+		return nil, fmt.Errorf("bad scalar length: %d, expected %d", l, 32)
+	}
+	if l := len(point); l != 32 {
+		return nil, fmt.Errorf("bad point length: %d, expected %d", l, 32)
+	}
+	copy(in[:], scalar)
+	if &point[0] == &Basepoint[0] {
+		checkBasepoint()
+		ScalarBaseMult(dst, &in)
+	} else {
+		var base, zero [32]byte
+		copy(base[:], point)
+		ScalarMult(dst, &in, &base)
+		if subtle.ConstantTimeCompare(dst[:], zero[:]) == 1 {
+			return nil, fmt.Errorf("bad input point: low order point")
+		}
+	}
+	return dst[:], nil
 }
diff --git a/curve25519/curve25519_test.go b/curve25519/curve25519_test.go
index 051a8301f..4246ddd35 100644
--- a/curve25519/curve25519_test.go
+++ b/curve25519/curve25519_test.go
@@ -5,35 +5,136 @@
 package curve25519
 
 import (
+	"bytes"
+	"crypto/rand"
 	"fmt"
 	"testing"
 )
 
 const expectedHex = "89161fde887b2b53de549af483940106ecc114d6982daa98256de23bdf77661a"
 
-func TestBaseScalarMult(t *testing.T) {
-	var a, b [32]byte
-	in := &a
-	out := &b
-	a[0] = 1
+func TestX25519Basepoint(t *testing.T) {
+	x := make([]byte, 32)
+	x[0] = 1
 
 	for i := 0; i < 200; i++ {
-		ScalarBaseMult(out, in)
-		in, out = out, in
+		var err error
+		x, err = X25519(x, Basepoint)
+		if err != nil {
+			t.Fatal(err)
+		}
 	}
 
-	result := fmt.Sprintf("%x", in[:])
+	result := fmt.Sprintf("%x", x)
 	if result != expectedHex {
 		t.Errorf("incorrect result: got %s, want %s", result, expectedHex)
 	}
 }
 
-func BenchmarkScalarBaseMult(b *testing.B) {
-	var in, out [32]byte
-	in[0] = 1
+func TestLowOrderPoints(t *testing.T) {
+	scalar := make([]byte, ScalarSize)
+	if _, err := rand.Read(scalar); err != nil {
+		t.Fatal(err)
+	}
+	for i, p := range lowOrderPoints {
+		out, err := X25519(scalar, p)
+		if err == nil {
+			t.Errorf("%d: expected error, got nil", i)
+		}
+		if out != nil {
+			t.Errorf("%d: expected nil output, got %x", i, out)
+		}
+	}
+}
+
+func TestTestVectors(t *testing.T) {
+	t.Run("Legacy", func(t *testing.T) { testTestVectors(t, ScalarMult) })
+	t.Run("X25519", func(t *testing.T) {
+		testTestVectors(t, func(dst, scalar, point *[32]byte) {
+			out, err := X25519(scalar[:], point[:])
+			if err != nil {
+				t.Fatal(err)
+			}
+			copy(dst[:], out)
+		})
+	})
+}
+
+func testTestVectors(t *testing.T, scalarMult func(dst, scalar, point *[32]byte)) {
+	for _, tv := range testVectors {
+		var got [32]byte
+		scalarMult(&got, &tv.In, &tv.Base)
+		if !bytes.Equal(got[:], tv.Expect[:]) {
+			t.Logf("    in = %x", tv.In)
+			t.Logf("  base = %x", tv.Base)
+			t.Logf("   got = %x", got)
+			t.Logf("expect = %x", tv.Expect)
+			t.Fail()
+		}
+	}
+}
+
+// TestHighBitIgnored tests the following requirement in RFC 7748:
+//
+//	When receiving such an array, implementations of X25519 (but not X448) MUST
+//	mask the most significant bit in the final byte.
+//
+// Regression test for issue #30095.
+func TestHighBitIgnored(t *testing.T) {
+	var s, u [32]byte
+	rand.Read(s[:])
+	rand.Read(u[:])
+
+	var hi0, hi1 [32]byte
+
+	u[31] &= 0x7f
+	ScalarMult(&hi0, &s, &u)
+
+	u[31] |= 0x80
+	ScalarMult(&hi1, &s, &u)
+
+	if !bytes.Equal(hi0[:], hi1[:]) {
+		t.Errorf("high bit of group point should not affect result")
+	}
+}
+
+var benchmarkSink byte
+
+func BenchmarkX25519Basepoint(b *testing.B) {
+	scalar := make([]byte, ScalarSize)
+	if _, err := rand.Read(scalar); err != nil {
+		b.Fatal(err)
+	}
+
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		out, err := X25519(scalar, Basepoint)
+		if err != nil {
+			b.Fatal(err)
+		}
+		benchmarkSink ^= out[0]
+	}
+}
+
+func BenchmarkX25519(b *testing.B) {
+	scalar := make([]byte, ScalarSize)
+	if _, err := rand.Read(scalar); err != nil {
+		b.Fatal(err)
+	}
+	point, err := X25519(scalar, Basepoint)
+	if err != nil {
+		b.Fatal(err)
+	}
+	if _, err := rand.Read(scalar); err != nil {
+		b.Fatal(err)
+	}
 
-	b.SetBytes(32)
+	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		ScalarBaseMult(&out, &in)
+		out, err := X25519(scalar, point)
+		if err != nil {
+			b.Fatal(err)
+		}
+		benchmarkSink ^= out[0]
 	}
 }
diff --git a/curve25519/doc.go b/curve25519/doc.go
deleted file mode 100644
index da9b10d9c..000000000
--- a/curve25519/doc.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package curve25519 provides an implementation of scalar multiplication on
-// the elliptic curve known as curve25519. See https://cr.yp.to/ecdh.html
-package curve25519 // import "golang.org/x/crypto/curve25519"
-
-// basePoint is the x coordinate of the generator of the curve.
-var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
-
-// ScalarMult sets dst to the product in*base where dst and base are the x
-// coordinates of group points and all values are in little-endian form.
-func ScalarMult(dst, in, base *[32]byte) {
-	scalarMult(dst, in, base)
-}
-
-// ScalarBaseMult sets dst to the product in*base where dst and base are the x
-// coordinates of group points, base is the standard generator and all values
-// are in little-endian form.
-func ScalarBaseMult(dst, in *[32]byte) {
-	ScalarMult(dst, in, &basePoint)
-}
diff --git a/curve25519/freeze_amd64.s b/curve25519/freeze_amd64.s
deleted file mode 100644
index 390816106..000000000
--- a/curve25519/freeze_amd64.s
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func freeze(inout *[5]uint64)
-TEXT ·freeze(SB),7,$0-8
-	MOVQ inout+0(FP), DI
-
-	MOVQ 0(DI),SI
-	MOVQ 8(DI),DX
-	MOVQ 16(DI),CX
-	MOVQ 24(DI),R8
-	MOVQ 32(DI),R9
-	MOVQ $REDMASK51,AX
-	MOVQ AX,R10
-	SUBQ $18,R10
-	MOVQ $3,R11
-REDUCELOOP:
-	MOVQ SI,R12
-	SHRQ $51,R12
-	ANDQ AX,SI
-	ADDQ R12,DX
-	MOVQ DX,R12
-	SHRQ $51,R12
-	ANDQ AX,DX
-	ADDQ R12,CX
-	MOVQ CX,R12
-	SHRQ $51,R12
-	ANDQ AX,CX
-	ADDQ R12,R8
-	MOVQ R8,R12
-	SHRQ $51,R12
-	ANDQ AX,R8
-	ADDQ R12,R9
-	MOVQ R9,R12
-	SHRQ $51,R12
-	ANDQ AX,R9
-	IMUL3Q $19,R12,R12
-	ADDQ R12,SI
-	SUBQ $1,R11
-	JA REDUCELOOP
-	MOVQ $1,R12
-	CMPQ R10,SI
-	CMOVQLT R11,R12
-	CMPQ AX,DX
-	CMOVQNE R11,R12
-	CMPQ AX,CX
-	CMOVQNE R11,R12
-	CMPQ AX,R8
-	CMOVQNE R11,R12
-	CMPQ AX,R9
-	CMOVQNE R11,R12
-	NEGQ R12
-	ANDQ R12,AX
-	ANDQ R12,R10
-	SUBQ R10,SI
-	SUBQ AX,DX
-	SUBQ AX,CX
-	SUBQ AX,R8
-	SUBQ AX,R9
-	MOVQ SI,0(DI)
-	MOVQ DX,8(DI)
-	MOVQ CX,16(DI)
-	MOVQ R8,24(DI)
-	MOVQ R9,32(DI)
-	RET
diff --git a/curve25519/internal/field/README b/curve25519/internal/field/README
new file mode 100644
index 000000000..e25bca7dc
--- /dev/null
+++ b/curve25519/internal/field/README
@@ -0,0 +1,7 @@
+This package is kept in sync with crypto/ed25519/internal/edwards25519/field in
+the standard library.
+
+If there are any changes in the standard library that need to be synced to this
+package, run sync.sh. It will not overwrite any local changes made since the
+previous sync, so it's ok to land changes in this package first, and then sync
+to the standard library later.
diff --git a/curve25519/internal/field/_asm/fe_amd64_asm.go b/curve25519/internal/field/_asm/fe_amd64_asm.go
new file mode 100644
index 000000000..1f3652987
--- /dev/null
+++ b/curve25519/internal/field/_asm/fe_amd64_asm.go
@@ -0,0 +1,298 @@
+// Copyright (c) 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+import (
+	"fmt"
+
+	. "github.com/mmcloughlin/avo/build"
+	. "github.com/mmcloughlin/avo/gotypes"
+	. "github.com/mmcloughlin/avo/operand"
+	. "github.com/mmcloughlin/avo/reg"
+
+	// Ensure "go mod tidy" doesn't remove the golang.org/x/crypto module
+	// dependency, which is necessary to access the field.Element type.
+	_ "golang.org/x/crypto/curve25519"
+)
+
+//go:generate go run . -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field
+
+func main() {
+	Package("golang.org/x/crypto/curve25519/internal/field")
+	ConstraintExpr("amd64,gc,!purego")
+	feMul()
+	feSquare()
+	Generate()
+}
+
+type namedComponent struct {
+	Component
+	name string
+}
+
+func (c namedComponent) String() string { return c.name }
+
+type uint128 struct {
+	name   string
+	hi, lo GPVirtual
+}
+
+func (c uint128) String() string { return c.name }
+
+func feSquare() {
+	TEXT("feSquare", NOSPLIT, "func(out, a *Element)")
+	Doc("feSquare sets out = a * a. It works like feSquareGeneric.")
+	Pragma("noescape")
+
+	a := Dereference(Param("a"))
+	l0 := namedComponent{a.Field("l0"), "l0"}
+	l1 := namedComponent{a.Field("l1"), "l1"}
+	l2 := namedComponent{a.Field("l2"), "l2"}
+	l3 := namedComponent{a.Field("l3"), "l3"}
+	l4 := namedComponent{a.Field("l4"), "l4"}
+
+	// r0 = l0×l0 + 19×2×(l1×l4 + l2×l3)
+	r0 := uint128{"r0", GP64(), GP64()}
+	mul64(r0, 1, l0, l0)
+	addMul64(r0, 38, l1, l4)
+	addMul64(r0, 38, l2, l3)
+
+	// r1 = 2×l0×l1 + 19×2×l2×l4 + 19×l3×l3
+	r1 := uint128{"r1", GP64(), GP64()}
+	mul64(r1, 2, l0, l1)
+	addMul64(r1, 38, l2, l4)
+	addMul64(r1, 19, l3, l3)
+
+	// r2 = = 2×l0×l2 + l1×l1 + 19×2×l3×l4
+	r2 := uint128{"r2", GP64(), GP64()}
+	mul64(r2, 2, l0, l2)
+	addMul64(r2, 1, l1, l1)
+	addMul64(r2, 38, l3, l4)
+
+	// r3 = = 2×l0×l3 + 2×l1×l2 + 19×l4×l4
+	r3 := uint128{"r3", GP64(), GP64()}
+	mul64(r3, 2, l0, l3)
+	addMul64(r3, 2, l1, l2)
+	addMul64(r3, 19, l4, l4)
+
+	// r4 = = 2×l0×l4 + 2×l1×l3 + l2×l2
+	r4 := uint128{"r4", GP64(), GP64()}
+	mul64(r4, 2, l0, l4)
+	addMul64(r4, 2, l1, l3)
+	addMul64(r4, 1, l2, l2)
+
+	Comment("First reduction chain")
+	maskLow51Bits := GP64()
+	MOVQ(Imm((1<<51)-1), maskLow51Bits)
+	c0, r0lo := shiftRightBy51(&r0)
+	c1, r1lo := shiftRightBy51(&r1)
+	c2, r2lo := shiftRightBy51(&r2)
+	c3, r3lo := shiftRightBy51(&r3)
+	c4, r4lo := shiftRightBy51(&r4)
+	maskAndAdd(r0lo, maskLow51Bits, c4, 19)
+	maskAndAdd(r1lo, maskLow51Bits, c0, 1)
+	maskAndAdd(r2lo, maskLow51Bits, c1, 1)
+	maskAndAdd(r3lo, maskLow51Bits, c2, 1)
+	maskAndAdd(r4lo, maskLow51Bits, c3, 1)
+
+	Comment("Second reduction chain (carryPropagate)")
+	// c0 = r0 >> 51
+	MOVQ(r0lo, c0)
+	SHRQ(Imm(51), c0)
+	// c1 = r1 >> 51
+	MOVQ(r1lo, c1)
+	SHRQ(Imm(51), c1)
+	// c2 = r2 >> 51
+	MOVQ(r2lo, c2)
+	SHRQ(Imm(51), c2)
+	// c3 = r3 >> 51
+	MOVQ(r3lo, c3)
+	SHRQ(Imm(51), c3)
+	// c4 = r4 >> 51
+	MOVQ(r4lo, c4)
+	SHRQ(Imm(51), c4)
+	maskAndAdd(r0lo, maskLow51Bits, c4, 19)
+	maskAndAdd(r1lo, maskLow51Bits, c0, 1)
+	maskAndAdd(r2lo, maskLow51Bits, c1, 1)
+	maskAndAdd(r3lo, maskLow51Bits, c2, 1)
+	maskAndAdd(r4lo, maskLow51Bits, c3, 1)
+
+	Comment("Store output")
+	out := Dereference(Param("out"))
+	Store(r0lo, out.Field("l0"))
+	Store(r1lo, out.Field("l1"))
+	Store(r2lo, out.Field("l2"))
+	Store(r3lo, out.Field("l3"))
+	Store(r4lo, out.Field("l4"))
+
+	RET()
+}
+
+func feMul() {
+	TEXT("feMul", NOSPLIT, "func(out, a, b *Element)")
+	Doc("feMul sets out = a * b. It works like feMulGeneric.")
+	Pragma("noescape")
+
+	a := Dereference(Param("a"))
+	a0 := namedComponent{a.Field("l0"), "a0"}
+	a1 := namedComponent{a.Field("l1"), "a1"}
+	a2 := namedComponent{a.Field("l2"), "a2"}
+	a3 := namedComponent{a.Field("l3"), "a3"}
+	a4 := namedComponent{a.Field("l4"), "a4"}
+
+	b := Dereference(Param("b"))
+	b0 := namedComponent{b.Field("l0"), "b0"}
+	b1 := namedComponent{b.Field("l1"), "b1"}
+	b2 := namedComponent{b.Field("l2"), "b2"}
+	b3 := namedComponent{b.Field("l3"), "b3"}
+	b4 := namedComponent{b.Field("l4"), "b4"}
+
+	// r0 = a0×b0 + 19×(a1×b4 + a2×b3 + a3×b2 + a4×b1)
+	r0 := uint128{"r0", GP64(), GP64()}
+	mul64(r0, 1, a0, b0)
+	addMul64(r0, 19, a1, b4)
+	addMul64(r0, 19, a2, b3)
+	addMul64(r0, 19, a3, b2)
+	addMul64(r0, 19, a4, b1)
+
+	// r1 = a0×b1 + a1×b0 + 19×(a2×b4 + a3×b3 + a4×b2)
+	r1 := uint128{"r1", GP64(), GP64()}
+	mul64(r1, 1, a0, b1)
+	addMul64(r1, 1, a1, b0)
+	addMul64(r1, 19, a2, b4)
+	addMul64(r1, 19, a3, b3)
+	addMul64(r1, 19, a4, b2)
+
+	// r2 = a0×b2 + a1×b1 + a2×b0 + 19×(a3×b4 + a4×b3)
+	r2 := uint128{"r2", GP64(), GP64()}
+	mul64(r2, 1, a0, b2)
+	addMul64(r2, 1, a1, b1)
+	addMul64(r2, 1, a2, b0)
+	addMul64(r2, 19, a3, b4)
+	addMul64(r2, 19, a4, b3)
+
+	// r3 = a0×b3 + a1×b2 + a2×b1 + a3×b0 + 19×a4×b4
+	r3 := uint128{"r3", GP64(), GP64()}
+	mul64(r3, 1, a0, b3)
+	addMul64(r3, 1, a1, b2)
+	addMul64(r3, 1, a2, b1)
+	addMul64(r3, 1, a3, b0)
+	addMul64(r3, 19, a4, b4)
+
+	// r4 = a0×b4 + a1×b3 + a2×b2 + a3×b1 + a4×b0
+	r4 := uint128{"r4", GP64(), GP64()}
+	mul64(r4, 1, a0, b4)
+	addMul64(r4, 1, a1, b3)
+	addMul64(r4, 1, a2, b2)
+	addMul64(r4, 1, a3, b1)
+	addMul64(r4, 1, a4, b0)
+
+	Comment("First reduction chain")
+	maskLow51Bits := GP64()
+	MOVQ(Imm((1<<51)-1), maskLow51Bits)
+	c0, r0lo := shiftRightBy51(&r0)
+	c1, r1lo := shiftRightBy51(&r1)
+	c2, r2lo := shiftRightBy51(&r2)
+	c3, r3lo := shiftRightBy51(&r3)
+	c4, r4lo := shiftRightBy51(&r4)
+	maskAndAdd(r0lo, maskLow51Bits, c4, 19)
+	maskAndAdd(r1lo, maskLow51Bits, c0, 1)
+	maskAndAdd(r2lo, maskLow51Bits, c1, 1)
+	maskAndAdd(r3lo, maskLow51Bits, c2, 1)
+	maskAndAdd(r4lo, maskLow51Bits, c3, 1)
+
+	Comment("Second reduction chain (carryPropagate)")
+	// c0 = r0 >> 51
+	MOVQ(r0lo, c0)
+	SHRQ(Imm(51), c0)
+	// c1 = r1 >> 51
+	MOVQ(r1lo, c1)
+	SHRQ(Imm(51), c1)
+	// c2 = r2 >> 51
+	MOVQ(r2lo, c2)
+	SHRQ(Imm(51), c2)
+	// c3 = r3 >> 51
+	MOVQ(r3lo, c3)
+	SHRQ(Imm(51), c3)
+	// c4 = r4 >> 51
+	MOVQ(r4lo, c4)
+	SHRQ(Imm(51), c4)
+	maskAndAdd(r0lo, maskLow51Bits, c4, 19)
+	maskAndAdd(r1lo, maskLow51Bits, c0, 1)
+	maskAndAdd(r2lo, maskLow51Bits, c1, 1)
+	maskAndAdd(r3lo, maskLow51Bits, c2, 1)
+	maskAndAdd(r4lo, maskLow51Bits, c3, 1)
+
+	Comment("Store output")
+	out := Dereference(Param("out"))
+	Store(r0lo, out.Field("l0"))
+	Store(r1lo, out.Field("l1"))
+	Store(r2lo, out.Field("l2"))
+	Store(r3lo, out.Field("l3"))
+	Store(r4lo, out.Field("l4"))
+
+	RET()
+}
+
+// mul64 sets r to i * aX * bX.
+func mul64(r uint128, i int, aX, bX namedComponent) {
+	switch i {
+	case 1:
+		Comment(fmt.Sprintf("%s = %s×%s", r, aX, bX))
+		Load(aX, RAX)
+	case 2:
+		Comment(fmt.Sprintf("%s = 2×%s×%s", r, aX, bX))
+		Load(aX, RAX)
+		SHLQ(Imm(1), RAX)
+	default:
+		panic("unsupported i value")
+	}
+	MULQ(mustAddr(bX)) // RDX, RAX = RAX * bX
+	MOVQ(RAX, r.lo)
+	MOVQ(RDX, r.hi)
+}
+
+// addMul64 sets r to r + i * aX * bX.
+func addMul64(r uint128, i uint64, aX, bX namedComponent) {
+	switch i {
+	case 1:
+		Comment(fmt.Sprintf("%s += %s×%s", r, aX, bX))
+		Load(aX, RAX)
+	default:
+		Comment(fmt.Sprintf("%s += %d×%s×%s", r, i, aX, bX))
+		IMUL3Q(Imm(i), Load(aX, GP64()), RAX)
+	}
+	MULQ(mustAddr(bX)) // RDX, RAX = RAX * bX
+	ADDQ(RAX, r.lo)
+	ADCQ(RDX, r.hi)
+}
+
+// shiftRightBy51 returns r >> 51 and r.lo.
+//
+// After this function is called, the uint128 may not be used anymore.
+func shiftRightBy51(r *uint128) (out, lo GPVirtual) {
+	out = r.hi
+	lo = r.lo
+	SHLQ(Imm(64-51), r.lo, r.hi)
+	r.lo, r.hi = nil, nil // make sure the uint128 is unusable
+	return
+}
+
+// maskAndAdd sets r = r&mask + c*i.
+func maskAndAdd(r, mask, c GPVirtual, i uint64) {
+	ANDQ(mask, r)
+	if i != 1 {
+		IMUL3Q(Imm(i), c, c)
+	}
+	ADDQ(c, r)
+}
+
+func mustAddr(c Component) Op {
+	b, err := c.Resolve()
+	if err != nil {
+		panic(err)
+	}
+	return b.Addr
+}
diff --git a/curve25519/internal/field/_asm/go.mod b/curve25519/internal/field/_asm/go.mod
new file mode 100644
index 000000000..fbc78be88
--- /dev/null
+++ b/curve25519/internal/field/_asm/go.mod
@@ -0,0 +1,10 @@
+module asm
+
+go 1.16
+
+require (
+	github.com/mmcloughlin/avo v0.2.0
+	golang.org/x/crypto v0.0.0
+)
+
+replace golang.org/x/crypto v0.0.0 => ../../../..
diff --git a/curve25519/internal/field/_asm/go.sum b/curve25519/internal/field/_asm/go.sum
new file mode 100644
index 000000000..e2361f6ab
--- /dev/null
+++ b/curve25519/internal/field/_asm/go.sum
@@ -0,0 +1,34 @@
+github.com/mmcloughlin/avo v0.2.0 h1:6vhoSaKtxb6f4RiH+LK2qL6GSMpFzhEwJYTTSZNy09w=
+github.com/mmcloughlin/avo v0.2.0/go.mod h1:5tidO2Z9Z7N6X7UMcGg+1KTj51O8OxYDCMHxCZTVpEA=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+golang.org/x/arch v0.0.0-20210405154355-08b684f594a5/go.mod h1:flIaEI6LNU6xOCD5PaJvn9wGP0agmIOqjrtsKGRguv4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57 h1:F5Gozwx4I1xtr/sr/8CFbb57iKi3297KFs0QDbGN60A=
+golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
diff --git a/curve25519/internal/field/fe.go b/curve25519/internal/field/fe.go
new file mode 100644
index 000000000..ca841ad99
--- /dev/null
+++ b/curve25519/internal/field/fe.go
@@ -0,0 +1,416 @@
+// Copyright (c) 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package field implements fast arithmetic modulo 2^255-19.
+package field
+
+import (
+	"crypto/subtle"
+	"encoding/binary"
+	"math/bits"
+)
+
+// Element represents an element of the field GF(2^255-19). Note that this
+// is not a cryptographically secure group, and should only be used to interact
+// with edwards25519.Point coordinates.
+//
+// This type works similarly to math/big.Int, and all arguments and receivers
+// are allowed to alias.
+//
+// The zero value is a valid zero element.
+type Element struct {
+	// An element t represents the integer
+	//     t.l0 + t.l1*2^51 + t.l2*2^102 + t.l3*2^153 + t.l4*2^204
+	//
+	// Between operations, all limbs are expected to be lower than 2^52.
+	l0 uint64
+	l1 uint64
+	l2 uint64
+	l3 uint64
+	l4 uint64
+}
+
+const maskLow51Bits uint64 = (1 << 51) - 1
+
+var feZero = &Element{0, 0, 0, 0, 0}
+
+// Zero sets v = 0, and returns v.
+func (v *Element) Zero() *Element {
+	*v = *feZero
+	return v
+}
+
+var feOne = &Element{1, 0, 0, 0, 0}
+
+// One sets v = 1, and returns v.
+func (v *Element) One() *Element {
+	*v = *feOne
+	return v
+}
+
+// reduce reduces v modulo 2^255 - 19 and returns it.
+func (v *Element) reduce() *Element {
+	v.carryPropagate()
+
+	// After the light reduction we now have a field element representation
+	// v < 2^255 + 2^13 * 19, but need v < 2^255 - 19.
+
+	// If v >= 2^255 - 19, then v + 19 >= 2^255, which would overflow 2^255 - 1,
+	// generating a carry. That is, c will be 0 if v < 2^255 - 19, and 1 otherwise.
+	c := (v.l0 + 19) >> 51
+	c = (v.l1 + c) >> 51
+	c = (v.l2 + c) >> 51
+	c = (v.l3 + c) >> 51
+	c = (v.l4 + c) >> 51
+
+	// If v < 2^255 - 19 and c = 0, this will be a no-op. Otherwise, it's
+	// effectively applying the reduction identity to the carry.
+	v.l0 += 19 * c
+
+	v.l1 += v.l0 >> 51
+	v.l0 = v.l0 & maskLow51Bits
+	v.l2 += v.l1 >> 51
+	v.l1 = v.l1 & maskLow51Bits
+	v.l3 += v.l2 >> 51
+	v.l2 = v.l2 & maskLow51Bits
+	v.l4 += v.l3 >> 51
+	v.l3 = v.l3 & maskLow51Bits
+	// no additional carry
+	v.l4 = v.l4 & maskLow51Bits
+
+	return v
+}
+
+// Add sets v = a + b, and returns v.
+func (v *Element) Add(a, b *Element) *Element {
+	v.l0 = a.l0 + b.l0
+	v.l1 = a.l1 + b.l1
+	v.l2 = a.l2 + b.l2
+	v.l3 = a.l3 + b.l3
+	v.l4 = a.l4 + b.l4
+	// Using the generic implementation here is actually faster than the
+	// assembly. Probably because the body of this function is so simple that
+	// the compiler can figure out better optimizations by inlining the carry
+	// propagation. TODO
+	return v.carryPropagateGeneric()
+}
+
+// Subtract sets v = a - b, and returns v.
+func (v *Element) Subtract(a, b *Element) *Element {
+	// We first add 2 * p, to guarantee the subtraction won't underflow, and
+	// then subtract b (which can be up to 2^255 + 2^13 * 19).
+	v.l0 = (a.l0 + 0xFFFFFFFFFFFDA) - b.l0
+	v.l1 = (a.l1 + 0xFFFFFFFFFFFFE) - b.l1
+	v.l2 = (a.l2 + 0xFFFFFFFFFFFFE) - b.l2
+	v.l3 = (a.l3 + 0xFFFFFFFFFFFFE) - b.l3
+	v.l4 = (a.l4 + 0xFFFFFFFFFFFFE) - b.l4
+	return v.carryPropagate()
+}
+
+// Negate sets v = -a, and returns v.
+func (v *Element) Negate(a *Element) *Element {
+	return v.Subtract(feZero, a)
+}
+
+// Invert sets v = 1/z mod p, and returns v.
+//
+// If z == 0, Invert returns v = 0.
+func (v *Element) Invert(z *Element) *Element {
+	// Inversion is implemented as exponentiation with exponent p − 2. It uses the
+	// same sequence of 255 squarings and 11 multiplications as [Curve25519].
+	var z2, z9, z11, z2_5_0, z2_10_0, z2_20_0, z2_50_0, z2_100_0, t Element
+
+	z2.Square(z)             // 2
+	t.Square(&z2)            // 4
+	t.Square(&t)             // 8
+	z9.Multiply(&t, z)       // 9
+	z11.Multiply(&z9, &z2)   // 11
+	t.Square(&z11)           // 22
+	z2_5_0.Multiply(&t, &z9) // 31 = 2^5 - 2^0
+
+	t.Square(&z2_5_0) // 2^6 - 2^1
+	for i := 0; i < 4; i++ {
+		t.Square(&t) // 2^10 - 2^5
+	}
+	z2_10_0.Multiply(&t, &z2_5_0) // 2^10 - 2^0
+
+	t.Square(&z2_10_0) // 2^11 - 2^1
+	for i := 0; i < 9; i++ {
+		t.Square(&t) // 2^20 - 2^10
+	}
+	z2_20_0.Multiply(&t, &z2_10_0) // 2^20 - 2^0
+
+	t.Square(&z2_20_0) // 2^21 - 2^1
+	for i := 0; i < 19; i++ {
+		t.Square(&t) // 2^40 - 2^20
+	}
+	t.Multiply(&t, &z2_20_0) // 2^40 - 2^0
+
+	t.Square(&t) // 2^41 - 2^1
+	for i := 0; i < 9; i++ {
+		t.Square(&t) // 2^50 - 2^10
+	}
+	z2_50_0.Multiply(&t, &z2_10_0) // 2^50 - 2^0
+
+	t.Square(&z2_50_0) // 2^51 - 2^1
+	for i := 0; i < 49; i++ {
+		t.Square(&t) // 2^100 - 2^50
+	}
+	z2_100_0.Multiply(&t, &z2_50_0) // 2^100 - 2^0
+
+	t.Square(&z2_100_0) // 2^101 - 2^1
+	for i := 0; i < 99; i++ {
+		t.Square(&t) // 2^200 - 2^100
+	}
+	t.Multiply(&t, &z2_100_0) // 2^200 - 2^0
+
+	t.Square(&t) // 2^201 - 2^1
+	for i := 0; i < 49; i++ {
+		t.Square(&t) // 2^250 - 2^50
+	}
+	t.Multiply(&t, &z2_50_0) // 2^250 - 2^0
+
+	t.Square(&t) // 2^251 - 2^1
+	t.Square(&t) // 2^252 - 2^2
+	t.Square(&t) // 2^253 - 2^3
+	t.Square(&t) // 2^254 - 2^4
+	t.Square(&t) // 2^255 - 2^5
+
+	return v.Multiply(&t, &z11) // 2^255 - 21
+}
+
+// Set sets v = a, and returns v.
+func (v *Element) Set(a *Element) *Element {
+	*v = *a
+	return v
+}
+
+// SetBytes sets v to x, which must be a 32-byte little-endian encoding.
+//
+// Consistent with RFC 7748, the most significant bit (the high bit of the
+// last byte) is ignored, and non-canonical values (2^255-19 through 2^255-1)
+// are accepted. Note that this is laxer than specified by RFC 8032.
+func (v *Element) SetBytes(x []byte) *Element {
+	if len(x) != 32 {
+		panic("edwards25519: invalid field element input size")
+	}
+
+	// Bits 0:51 (bytes 0:8, bits 0:64, shift 0, mask 51).
+	v.l0 = binary.LittleEndian.Uint64(x[0:8])
+	v.l0 &= maskLow51Bits
+	// Bits 51:102 (bytes 6:14, bits 48:112, shift 3, mask 51).
+	v.l1 = binary.LittleEndian.Uint64(x[6:14]) >> 3
+	v.l1 &= maskLow51Bits
+	// Bits 102:153 (bytes 12:20, bits 96:160, shift 6, mask 51).
+	v.l2 = binary.LittleEndian.Uint64(x[12:20]) >> 6
+	v.l2 &= maskLow51Bits
+	// Bits 153:204 (bytes 19:27, bits 152:216, shift 1, mask 51).
+	v.l3 = binary.LittleEndian.Uint64(x[19:27]) >> 1
+	v.l3 &= maskLow51Bits
+	// Bits 204:251 (bytes 24:32, bits 192:256, shift 12, mask 51).
+	// Note: not bytes 25:33, shift 4, to avoid overread.
+	v.l4 = binary.LittleEndian.Uint64(x[24:32]) >> 12
+	v.l4 &= maskLow51Bits
+
+	return v
+}
+
+// Bytes returns the canonical 32-byte little-endian encoding of v.
+func (v *Element) Bytes() []byte {
+	// This function is outlined to make the allocations inline in the caller
+	// rather than happen on the heap.
+	var out [32]byte
+	return v.bytes(&out)
+}
+
+func (v *Element) bytes(out *[32]byte) []byte {
+	t := *v
+	t.reduce()
+
+	var buf [8]byte
+	for i, l := range [5]uint64{t.l0, t.l1, t.l2, t.l3, t.l4} {
+		bitsOffset := i * 51
+		binary.LittleEndian.PutUint64(buf[:], l<<uint(bitsOffset%8))
+		for i, bb := range buf {
+			off := bitsOffset/8 + i
+			if off >= len(out) {
+				break
+			}
+			out[off] |= bb
+		}
+	}
+
+	return out[:]
+}
+
+// Equal returns 1 if v and u are equal, and 0 otherwise.
+func (v *Element) Equal(u *Element) int {
+	sa, sv := u.Bytes(), v.Bytes()
+	return subtle.ConstantTimeCompare(sa, sv)
+}
+
+// mask64Bits returns 0xffffffff if cond is 1, and 0 otherwise.
+func mask64Bits(cond int) uint64 { return ^(uint64(cond) - 1) }
+
+// Select sets v to a if cond == 1, and to b if cond == 0.
+func (v *Element) Select(a, b *Element, cond int) *Element {
+	m := mask64Bits(cond)
+	v.l0 = (m & a.l0) | (^m & b.l0)
+	v.l1 = (m & a.l1) | (^m & b.l1)
+	v.l2 = (m & a.l2) | (^m & b.l2)
+	v.l3 = (m & a.l3) | (^m & b.l3)
+	v.l4 = (m & a.l4) | (^m & b.l4)
+	return v
+}
+
+// Swap swaps v and u if cond == 1 or leaves them unchanged if cond == 0, and returns v.
+func (v *Element) Swap(u *Element, cond int) {
+	m := mask64Bits(cond)
+	t := m & (v.l0 ^ u.l0)
+	v.l0 ^= t
+	u.l0 ^= t
+	t = m & (v.l1 ^ u.l1)
+	v.l1 ^= t
+	u.l1 ^= t
+	t = m & (v.l2 ^ u.l2)
+	v.l2 ^= t
+	u.l2 ^= t
+	t = m & (v.l3 ^ u.l3)
+	v.l3 ^= t
+	u.l3 ^= t
+	t = m & (v.l4 ^ u.l4)
+	v.l4 ^= t
+	u.l4 ^= t
+}
+
+// IsNegative returns 1 if v is negative, and 0 otherwise.
+func (v *Element) IsNegative() int {
+	return int(v.Bytes()[0] & 1)
+}
+
+// Absolute sets v to |u|, and returns v.
+func (v *Element) Absolute(u *Element) *Element {
+	return v.Select(new(Element).Negate(u), u, u.IsNegative())
+}
+
+// Multiply sets v = x * y, and returns v.
+func (v *Element) Multiply(x, y *Element) *Element {
+	feMul(v, x, y)
+	return v
+}
+
+// Square sets v = x * x, and returns v.
+func (v *Element) Square(x *Element) *Element {
+	feSquare(v, x)
+	return v
+}
+
+// Mult32 sets v = x * y, and returns v.
+func (v *Element) Mult32(x *Element, y uint32) *Element {
+	x0lo, x0hi := mul51(x.l0, y)
+	x1lo, x1hi := mul51(x.l1, y)
+	x2lo, x2hi := mul51(x.l2, y)
+	x3lo, x3hi := mul51(x.l3, y)
+	x4lo, x4hi := mul51(x.l4, y)
+	v.l0 = x0lo + 19*x4hi // carried over per the reduction identity
+	v.l1 = x1lo + x0hi
+	v.l2 = x2lo + x1hi
+	v.l3 = x3lo + x2hi
+	v.l4 = x4lo + x3hi
+	// The hi portions are going to be only 32 bits, plus any previous excess,
+	// so we can skip the carry propagation.
+	return v
+}
+
+// mul51 returns lo + hi * 2⁵¹ = a * b.
+func mul51(a uint64, b uint32) (lo uint64, hi uint64) {
+	mh, ml := bits.Mul64(a, uint64(b))
+	lo = ml & maskLow51Bits
+	hi = (mh << 13) | (ml >> 51)
+	return
+}
+
+// Pow22523 set v = x^((p-5)/8), and returns v. (p-5)/8 is 2^252-3.
+func (v *Element) Pow22523(x *Element) *Element {
+	var t0, t1, t2 Element
+
+	t0.Square(x)             // x^2
+	t1.Square(&t0)           // x^4
+	t1.Square(&t1)           // x^8
+	t1.Multiply(x, &t1)      // x^9
+	t0.Multiply(&t0, &t1)    // x^11
+	t0.Square(&t0)           // x^22
+	t0.Multiply(&t1, &t0)    // x^31
+	t1.Square(&t0)           // x^62
+	for i := 1; i < 5; i++ { // x^992
+		t1.Square(&t1)
+	}
+	t0.Multiply(&t1, &t0)     // x^1023 -> 1023 = 2^10 - 1
+	t1.Square(&t0)            // 2^11 - 2
+	for i := 1; i < 10; i++ { // 2^20 - 2^10
+		t1.Square(&t1)
+	}
+	t1.Multiply(&t1, &t0)     // 2^20 - 1
+	t2.Square(&t1)            // 2^21 - 2
+	for i := 1; i < 20; i++ { // 2^40 - 2^20
+		t2.Square(&t2)
+	}
+	t1.Multiply(&t2, &t1)     // 2^40 - 1
+	t1.Square(&t1)            // 2^41 - 2
+	for i := 1; i < 10; i++ { // 2^50 - 2^10
+		t1.Square(&t1)
+	}
+	t0.Multiply(&t1, &t0)     // 2^50 - 1
+	t1.Square(&t0)            // 2^51 - 2
+	for i := 1; i < 50; i++ { // 2^100 - 2^50
+		t1.Square(&t1)
+	}
+	t1.Multiply(&t1, &t0)      // 2^100 - 1
+	t2.Square(&t1)             // 2^101 - 2
+	for i := 1; i < 100; i++ { // 2^200 - 2^100
+		t2.Square(&t2)
+	}
+	t1.Multiply(&t2, &t1)     // 2^200 - 1
+	t1.Square(&t1)            // 2^201 - 2
+	for i := 1; i < 50; i++ { // 2^250 - 2^50
+		t1.Square(&t1)
+	}
+	t0.Multiply(&t1, &t0)     // 2^250 - 1
+	t0.Square(&t0)            // 2^251 - 2
+	t0.Square(&t0)            // 2^252 - 4
+	return v.Multiply(&t0, x) // 2^252 - 3 -> x^(2^252-3)
+}
+
+// sqrtM1 is 2^((p-1)/4), which squared is equal to -1 by Euler's Criterion.
+var sqrtM1 = &Element{1718705420411056, 234908883556509,
+	2233514472574048, 2117202627021982, 765476049583133}
+
+// SqrtRatio sets r to the non-negative square root of the ratio of u and v.
+//
+// If u/v is square, SqrtRatio returns r and 1. If u/v is not square, SqrtRatio
+// sets r according to Section 4.3 of draft-irtf-cfrg-ristretto255-decaf448-00,
+// and returns r and 0.
+func (r *Element) SqrtRatio(u, v *Element) (rr *Element, wasSquare int) {
+	var a, b Element
+
+	// r = (u * v3) * (u * v7)^((p-5)/8)
+	v2 := a.Square(v)
+	uv3 := b.Multiply(u, b.Multiply(v2, v))
+	uv7 := a.Multiply(uv3, a.Square(v2))
+	r.Multiply(uv3, r.Pow22523(uv7))
+
+	check := a.Multiply(v, a.Square(r)) // check = v * r^2
+
+	uNeg := b.Negate(u)
+	correctSignSqrt := check.Equal(u)
+	flippedSignSqrt := check.Equal(uNeg)
+	flippedSignSqrtI := check.Equal(uNeg.Multiply(uNeg, sqrtM1))
+
+	rPrime := b.Multiply(r, sqrtM1) // r_prime = SQRT_M1 * r
+	// r = CT_SELECT(r_prime IF flipped_sign_sqrt | flipped_sign_sqrt_i ELSE r)
+	r.Select(rPrime, r, flippedSignSqrt|flippedSignSqrtI)
+
+	r.Absolute(r) // Choose the nonnegative square root.
+	return r, correctSignSqrt | flippedSignSqrt
+}
diff --git a/curve25519/internal/field/fe_alias_test.go b/curve25519/internal/field/fe_alias_test.go
new file mode 100644
index 000000000..5ad81df01
--- /dev/null
+++ b/curve25519/internal/field/fe_alias_test.go
@@ -0,0 +1,126 @@
+// Copyright (c) 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package field
+
+import (
+	"testing"
+	"testing/quick"
+)
+
+func checkAliasingOneArg(f func(v, x *Element) *Element) func(v, x Element) bool {
+	return func(v, x Element) bool {
+		x1, v1 := x, x
+
+		// Calculate a reference f(x) without aliasing.
+		if out := f(&v, &x); out != &v && isInBounds(out) {
+			return false
+		}
+
+		// Test aliasing the argument and the receiver.
+		if out := f(&v1, &v1); out != &v1 || v1 != v {
+			return false
+		}
+
+		// Ensure the arguments was not modified.
+		return x == x1
+	}
+}
+
+func checkAliasingTwoArgs(f func(v, x, y *Element) *Element) func(v, x, y Element) bool {
+	return func(v, x, y Element) bool {
+		x1, y1, v1 := x, y, Element{}
+
+		// Calculate a reference f(x, y) without aliasing.
+		if out := f(&v, &x, &y); out != &v && isInBounds(out) {
+			return false
+		}
+
+		// Test aliasing the first argument and the receiver.
+		v1 = x
+		if out := f(&v1, &v1, &y); out != &v1 || v1 != v {
+			return false
+		}
+		// Test aliasing the second argument and the receiver.
+		v1 = y
+		if out := f(&v1, &x, &v1); out != &v1 || v1 != v {
+			return false
+		}
+
+		// Calculate a reference f(x, x) without aliasing.
+		if out := f(&v, &x, &x); out != &v {
+			return false
+		}
+
+		// Test aliasing the first argument and the receiver.
+		v1 = x
+		if out := f(&v1, &v1, &x); out != &v1 || v1 != v {
+			return false
+		}
+		// Test aliasing the second argument and the receiver.
+		v1 = x
+		if out := f(&v1, &x, &v1); out != &v1 || v1 != v {
+			return false
+		}
+		// Test aliasing both arguments and the receiver.
+		v1 = x
+		if out := f(&v1, &v1, &v1); out != &v1 || v1 != v {
+			return false
+		}
+
+		// Ensure the arguments were not modified.
+		return x == x1 && y == y1
+	}
+}
+
+// TestAliasing checks that receivers and arguments can alias each other without
+// leading to incorrect results. That is, it ensures that it's safe to write
+//
+//     v.Invert(v)
+//
+// or
+//
+//     v.Add(v, v)
+//
+// without any of the inputs getting clobbered by the output being written.
+func TestAliasing(t *testing.T) {
+	type target struct {
+		name     string
+		oneArgF  func(v, x *Element) *Element
+		twoArgsF func(v, x, y *Element) *Element
+	}
+	for _, tt := range []target{
+		{name: "Absolute", oneArgF: (*Element).Absolute},
+		{name: "Invert", oneArgF: (*Element).Invert},
+		{name: "Negate", oneArgF: (*Element).Negate},
+		{name: "Set", oneArgF: (*Element).Set},
+		{name: "Square", oneArgF: (*Element).Square},
+		{name: "Multiply", twoArgsF: (*Element).Multiply},
+		{name: "Add", twoArgsF: (*Element).Add},
+		{name: "Subtract", twoArgsF: (*Element).Subtract},
+		{
+			name: "Select0",
+			twoArgsF: func(v, x, y *Element) *Element {
+				return (*Element).Select(v, x, y, 0)
+			},
+		},
+		{
+			name: "Select1",
+			twoArgsF: func(v, x, y *Element) *Element {
+				return (*Element).Select(v, x, y, 1)
+			},
+		},
+	} {
+		var err error
+		switch {
+		case tt.oneArgF != nil:
+			err = quick.Check(checkAliasingOneArg(tt.oneArgF), &quick.Config{MaxCountScale: 1 << 8})
+		case tt.twoArgsF != nil:
+			err = quick.Check(checkAliasingTwoArgs(tt.twoArgsF), &quick.Config{MaxCountScale: 1 << 8})
+		}
+		if err != nil {
+			t.Errorf("%v: %v", tt.name, err)
+		}
+	}
+}
diff --git a/curve25519/internal/field/fe_amd64.go b/curve25519/internal/field/fe_amd64.go
new file mode 100644
index 000000000..44dc8e8ca
--- /dev/null
+++ b/curve25519/internal/field/fe_amd64.go
@@ -0,0 +1,13 @@
+// Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.
+
+// +build amd64,gc,!purego
+
+package field
+
+// feMul sets out = a * b. It works like feMulGeneric.
+//go:noescape
+func feMul(out *Element, a *Element, b *Element)
+
+// feSquare sets out = a * a. It works like feSquareGeneric.
+//go:noescape
+func feSquare(out *Element, a *Element)
diff --git a/curve25519/internal/field/fe_amd64.s b/curve25519/internal/field/fe_amd64.s
new file mode 100644
index 000000000..293f013c9
--- /dev/null
+++ b/curve25519/internal/field/fe_amd64.s
@@ -0,0 +1,379 @@
+// Code generated by command: go run fe_amd64_asm.go -out ../fe_amd64.s -stubs ../fe_amd64.go -pkg field. DO NOT EDIT.
+
+//go:build amd64 && gc && !purego
+// +build amd64,gc,!purego
+
+#include "textflag.h"
+
+// func feMul(out *Element, a *Element, b *Element)
+TEXT ·feMul(SB), NOSPLIT, $0-24
+	MOVQ a+8(FP), CX
+	MOVQ b+16(FP), BX
+
+	// r0 = a0×b0
+	MOVQ (CX), AX
+	MULQ (BX)
+	MOVQ AX, DI
+	MOVQ DX, SI
+
+	// r0 += 19×a1×b4
+	MOVQ   8(CX), AX
+	IMUL3Q $0x13, AX, AX
+	MULQ   32(BX)
+	ADDQ   AX, DI
+	ADCQ   DX, SI
+
+	// r0 += 19×a2×b3
+	MOVQ   16(CX), AX
+	IMUL3Q $0x13, AX, AX
+	MULQ   24(BX)
+	ADDQ   AX, DI
+	ADCQ   DX, SI
+
+	// r0 += 19×a3×b2
+	MOVQ   24(CX), AX
+	IMUL3Q $0x13, AX, AX
+	MULQ   16(BX)
+	ADDQ   AX, DI
+	ADCQ   DX, SI
+
+	// r0 += 19×a4×b1
+	MOVQ   32(CX), AX
+	IMUL3Q $0x13, AX, AX
+	MULQ   8(BX)
+	ADDQ   AX, DI
+	ADCQ   DX, SI
+
+	// r1 = a0×b1
+	MOVQ (CX), AX
+	MULQ 8(BX)
+	MOVQ AX, R9
+	MOVQ DX, R8
+
+	// r1 += a1×b0
+	MOVQ 8(CX), AX
+	MULQ (BX)
+	ADDQ AX, R9
+	ADCQ DX, R8
+
+	// r1 += 19×a2×b4
+	MOVQ   16(CX), AX
+	IMUL3Q $0x13, AX, AX
+	MULQ   32(BX)
+	ADDQ   AX, R9
+	ADCQ   DX, R8
+
+	// r1 += 19×a3×b3
+	MOVQ   24(CX), AX
+	IMUL3Q $0x13, AX, AX
+	MULQ   24(BX)
+	ADDQ   AX, R9
+	ADCQ   DX, R8
+
+	// r1 += 19×a4×b2
+	MOVQ   32(CX), AX
+	IMUL3Q $0x13, AX, AX
+	MULQ   16(BX)
+	ADDQ   AX, R9
+	ADCQ   DX, R8
+
+	// r2 = a0×b2
+	MOVQ (CX), AX
+	MULQ 16(BX)
+	MOVQ AX, R11
+	MOVQ DX, R10
+
+	// r2 += a1×b1
+	MOVQ 8(CX), AX
+	MULQ 8(BX)
+	ADDQ AX, R11
+	ADCQ DX, R10
+
+	// r2 += a2×b0
+	MOVQ 16(CX), AX
+	MULQ (BX)
+	ADDQ AX, R11
+	ADCQ DX, R10
+
+	// r2 += 19×a3×b4
+	MOVQ   24(CX), AX
+	IMUL3Q $0x13, AX, AX
+	MULQ   32(BX)
+	ADDQ   AX, R11
+	ADCQ   DX, R10
+
+	// r2 += 19×a4×b3
+	MOVQ   32(CX), AX
+	IMUL3Q $0x13, AX, AX
+	MULQ   24(BX)
+	ADDQ   AX, R11
+	ADCQ   DX, R10
+
+	// r3 = a0×b3
+	MOVQ (CX), AX
+	MULQ 24(BX)
+	MOVQ AX, R13
+	MOVQ DX, R12
+
+	// r3 += a1×b2
+	MOVQ 8(CX), AX
+	MULQ 16(BX)
+	ADDQ AX, R13
+	ADCQ DX, R12
+
+	// r3 += a2×b1
+	MOVQ 16(CX), AX
+	MULQ 8(BX)
+	ADDQ AX, R13
+	ADCQ DX, R12
+
+	// r3 += a3×b0
+	MOVQ 24(CX), AX
+	MULQ (BX)
+	ADDQ AX, R13
+	ADCQ DX, R12
+
+	// r3 += 19×a4×b4
+	MOVQ   32(CX), AX
+	IMUL3Q $0x13, AX, AX
+	MULQ   32(BX)
+	ADDQ   AX, R13
+	ADCQ   DX, R12
+
+	// r4 = a0×b4
+	MOVQ (CX), AX
+	MULQ 32(BX)
+	MOVQ AX, R15
+	MOVQ DX, R14
+
+	// r4 += a1×b3
+	MOVQ 8(CX), AX
+	MULQ 24(BX)
+	ADDQ AX, R15
+	ADCQ DX, R14
+
+	// r4 += a2×b2
+	MOVQ 16(CX), AX
+	MULQ 16(BX)
+	ADDQ AX, R15
+	ADCQ DX, R14
+
+	// r4 += a3×b1
+	MOVQ 24(CX), AX
+	MULQ 8(BX)
+	ADDQ AX, R15
+	ADCQ DX, R14
+
+	// r4 += a4×b0
+	MOVQ 32(CX), AX
+	MULQ (BX)
+	ADDQ AX, R15
+	ADCQ DX, R14
+
+	// First reduction chain
+	MOVQ   $0x0007ffffffffffff, AX
+	SHLQ   $0x0d, DI, SI
+	SHLQ   $0x0d, R9, R8
+	SHLQ   $0x0d, R11, R10
+	SHLQ   $0x0d, R13, R12
+	SHLQ   $0x0d, R15, R14
+	ANDQ   AX, DI
+	IMUL3Q $0x13, R14, R14
+	ADDQ   R14, DI
+	ANDQ   AX, R9
+	ADDQ   SI, R9
+	ANDQ   AX, R11
+	ADDQ   R8, R11
+	ANDQ   AX, R13
+	ADDQ   R10, R13
+	ANDQ   AX, R15
+	ADDQ   R12, R15
+
+	// Second reduction chain (carryPropagate)
+	MOVQ   DI, SI
+	SHRQ   $0x33, SI
+	MOVQ   R9, R8
+	SHRQ   $0x33, R8
+	MOVQ   R11, R10
+	SHRQ   $0x33, R10
+	MOVQ   R13, R12
+	SHRQ   $0x33, R12
+	MOVQ   R15, R14
+	SHRQ   $0x33, R14
+	ANDQ   AX, DI
+	IMUL3Q $0x13, R14, R14
+	ADDQ   R14, DI
+	ANDQ   AX, R9
+	ADDQ   SI, R9
+	ANDQ   AX, R11
+	ADDQ   R8, R11
+	ANDQ   AX, R13
+	ADDQ   R10, R13
+	ANDQ   AX, R15
+	ADDQ   R12, R15
+
+	// Store output
+	MOVQ out+0(FP), AX
+	MOVQ DI, (AX)
+	MOVQ R9, 8(AX)
+	MOVQ R11, 16(AX)
+	MOVQ R13, 24(AX)
+	MOVQ R15, 32(AX)
+	RET
+
+// func feSquare(out *Element, a *Element)
+TEXT ·feSquare(SB), NOSPLIT, $0-16
+	MOVQ a+8(FP), CX
+
+	// r0 = l0×l0
+	MOVQ (CX), AX
+	MULQ (CX)
+	MOVQ AX, SI
+	MOVQ DX, BX
+
+	// r0 += 38×l1×l4
+	MOVQ   8(CX), AX
+	IMUL3Q $0x26, AX, AX
+	MULQ   32(CX)
+	ADDQ   AX, SI
+	ADCQ   DX, BX
+
+	// r0 += 38×l2×l3
+	MOVQ   16(CX), AX
+	IMUL3Q $0x26, AX, AX
+	MULQ   24(CX)
+	ADDQ   AX, SI
+	ADCQ   DX, BX
+
+	// r1 = 2×l0×l1
+	MOVQ (CX), AX
+	SHLQ $0x01, AX
+	MULQ 8(CX)
+	MOVQ AX, R8
+	MOVQ DX, DI
+
+	// r1 += 38×l2×l4
+	MOVQ   16(CX), AX
+	IMUL3Q $0x26, AX, AX
+	MULQ   32(CX)
+	ADDQ   AX, R8
+	ADCQ   DX, DI
+
+	// r1 += 19×l3×l3
+	MOVQ   24(CX), AX
+	IMUL3Q $0x13, AX, AX
+	MULQ   24(CX)
+	ADDQ   AX, R8
+	ADCQ   DX, DI
+
+	// r2 = 2×l0×l2
+	MOVQ (CX), AX
+	SHLQ $0x01, AX
+	MULQ 16(CX)
+	MOVQ AX, R10
+	MOVQ DX, R9
+
+	// r2 += l1×l1
+	MOVQ 8(CX), AX
+	MULQ 8(CX)
+	ADDQ AX, R10
+	ADCQ DX, R9
+
+	// r2 += 38×l3×l4
+	MOVQ   24(CX), AX
+	IMUL3Q $0x26, AX, AX
+	MULQ   32(CX)
+	ADDQ   AX, R10
+	ADCQ   DX, R9
+
+	// r3 = 2×l0×l3
+	MOVQ (CX), AX
+	SHLQ $0x01, AX
+	MULQ 24(CX)
+	MOVQ AX, R12
+	MOVQ DX, R11
+
+	// r3 += 2×l1×l2
+	MOVQ   8(CX), AX
+	IMUL3Q $0x02, AX, AX
+	MULQ   16(CX)
+	ADDQ   AX, R12
+	ADCQ   DX, R11
+
+	// r3 += 19×l4×l4
+	MOVQ   32(CX), AX
+	IMUL3Q $0x13, AX, AX
+	MULQ   32(CX)
+	ADDQ   AX, R12
+	ADCQ   DX, R11
+
+	// r4 = 2×l0×l4
+	MOVQ (CX), AX
+	SHLQ $0x01, AX
+	MULQ 32(CX)
+	MOVQ AX, R14
+	MOVQ DX, R13
+
+	// r4 += 2×l1×l3
+	MOVQ   8(CX), AX
+	IMUL3Q $0x02, AX, AX
+	MULQ   24(CX)
+	ADDQ   AX, R14
+	ADCQ   DX, R13
+
+	// r4 += l2×l2
+	MOVQ 16(CX), AX
+	MULQ 16(CX)
+	ADDQ AX, R14
+	ADCQ DX, R13
+
+	// First reduction chain
+	MOVQ   $0x0007ffffffffffff, AX
+	SHLQ   $0x0d, SI, BX
+	SHLQ   $0x0d, R8, DI
+	SHLQ   $0x0d, R10, R9
+	SHLQ   $0x0d, R12, R11
+	SHLQ   $0x0d, R14, R13
+	ANDQ   AX, SI
+	IMUL3Q $0x13, R13, R13
+	ADDQ   R13, SI
+	ANDQ   AX, R8
+	ADDQ   BX, R8
+	ANDQ   AX, R10
+	ADDQ   DI, R10
+	ANDQ   AX, R12
+	ADDQ   R9, R12
+	ANDQ   AX, R14
+	ADDQ   R11, R14
+
+	// Second reduction chain (carryPropagate)
+	MOVQ   SI, BX
+	SHRQ   $0x33, BX
+	MOVQ   R8, DI
+	SHRQ   $0x33, DI
+	MOVQ   R10, R9
+	SHRQ   $0x33, R9
+	MOVQ   R12, R11
+	SHRQ   $0x33, R11
+	MOVQ   R14, R13
+	SHRQ   $0x33, R13
+	ANDQ   AX, SI
+	IMUL3Q $0x13, R13, R13
+	ADDQ   R13, SI
+	ANDQ   AX, R8
+	ADDQ   BX, R8
+	ANDQ   AX, R10
+	ADDQ   DI, R10
+	ANDQ   AX, R12
+	ADDQ   R9, R12
+	ANDQ   AX, R14
+	ADDQ   R11, R14
+
+	// Store output
+	MOVQ out+0(FP), AX
+	MOVQ SI, (AX)
+	MOVQ R8, 8(AX)
+	MOVQ R10, 16(AX)
+	MOVQ R12, 24(AX)
+	MOVQ R14, 32(AX)
+	RET
diff --git a/curve25519/internal/field/fe_amd64_noasm.go b/curve25519/internal/field/fe_amd64_noasm.go
new file mode 100644
index 000000000..ddb6c9b8f
--- /dev/null
+++ b/curve25519/internal/field/fe_amd64_noasm.go
@@ -0,0 +1,12 @@
+// Copyright (c) 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !amd64 || !gc || purego
+// +build !amd64 !gc purego
+
+package field
+
+func feMul(v, x, y *Element) { feMulGeneric(v, x, y) }
+
+func feSquare(v, x *Element) { feSquareGeneric(v, x) }
diff --git a/curve25519/internal/field/fe_arm64.go b/curve25519/internal/field/fe_arm64.go
new file mode 100644
index 000000000..af459ef51
--- /dev/null
+++ b/curve25519/internal/field/fe_arm64.go
@@ -0,0 +1,16 @@
+// Copyright (c) 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build arm64 && gc && !purego
+// +build arm64,gc,!purego
+
+package field
+
+//go:noescape
+func carryPropagate(v *Element)
+
+func (v *Element) carryPropagate() *Element {
+	carryPropagate(v)
+	return v
+}
diff --git a/curve25519/internal/field/fe_arm64.s b/curve25519/internal/field/fe_arm64.s
new file mode 100644
index 000000000..5c91e4589
--- /dev/null
+++ b/curve25519/internal/field/fe_arm64.s
@@ -0,0 +1,43 @@
+// Copyright (c) 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build arm64 && gc && !purego
+// +build arm64,gc,!purego
+
+#include "textflag.h"
+
+// carryPropagate works exactly like carryPropagateGeneric and uses the
+// same AND, ADD, and LSR+MADD instructions emitted by the compiler, but
+// avoids loading R0-R4 twice and uses LDP and STP.
+//
+// See https://golang.org/issues/43145 for the main compiler issue.
+//
+// func carryPropagate(v *Element)
+TEXT ·carryPropagate(SB),NOFRAME|NOSPLIT,$0-8
+	MOVD v+0(FP), R20
+
+	LDP 0(R20), (R0, R1)
+	LDP 16(R20), (R2, R3)
+	MOVD 32(R20), R4
+
+	AND $0x7ffffffffffff, R0, R10
+	AND $0x7ffffffffffff, R1, R11
+	AND $0x7ffffffffffff, R2, R12
+	AND $0x7ffffffffffff, R3, R13
+	AND $0x7ffffffffffff, R4, R14
+
+	ADD R0>>51, R11, R11
+	ADD R1>>51, R12, R12
+	ADD R2>>51, R13, R13
+	ADD R3>>51, R14, R14
+	// R4>>51 * 19 + R10 -> R10
+	LSR $51, R4, R21
+	MOVD $19, R22
+	MADD R22, R10, R21, R10
+
+	STP (R10, R11), 0(R20)
+	STP (R12, R13), 16(R20)
+	MOVD R14, 32(R20)
+
+	RET
diff --git a/curve25519/internal/field/fe_arm64_noasm.go b/curve25519/internal/field/fe_arm64_noasm.go
new file mode 100644
index 000000000..234a5b2e5
--- /dev/null
+++ b/curve25519/internal/field/fe_arm64_noasm.go
@@ -0,0 +1,12 @@
+// Copyright (c) 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !arm64 || !gc || purego
+// +build !arm64 !gc purego
+
+package field
+
+func (v *Element) carryPropagate() *Element {
+	return v.carryPropagateGeneric()
+}
diff --git a/curve25519/internal/field/fe_bench_test.go b/curve25519/internal/field/fe_bench_test.go
new file mode 100644
index 000000000..77dc06cf9
--- /dev/null
+++ b/curve25519/internal/field/fe_bench_test.go
@@ -0,0 +1,36 @@
+// Copyright (c) 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package field
+
+import "testing"
+
+func BenchmarkAdd(b *testing.B) {
+	var x, y Element
+	x.One()
+	y.Add(feOne, feOne)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		x.Add(&x, &y)
+	}
+}
+
+func BenchmarkMultiply(b *testing.B) {
+	var x, y Element
+	x.One()
+	y.Add(feOne, feOne)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		x.Multiply(&x, &y)
+	}
+}
+
+func BenchmarkMult32(b *testing.B) {
+	var x Element
+	x.One()
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		x.Mult32(&x, 0xaa42aa42)
+	}
+}
diff --git a/curve25519/internal/field/fe_generic.go b/curve25519/internal/field/fe_generic.go
new file mode 100644
index 000000000..7b5b78cbd
--- /dev/null
+++ b/curve25519/internal/field/fe_generic.go
@@ -0,0 +1,264 @@
+// Copyright (c) 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package field
+
+import "math/bits"
+
+// uint128 holds a 128-bit number as two 64-bit limbs, for use with the
+// bits.Mul64 and bits.Add64 intrinsics.
+type uint128 struct {
+	lo, hi uint64
+}
+
+// mul64 returns a * b.
+func mul64(a, b uint64) uint128 {
+	hi, lo := bits.Mul64(a, b)
+	return uint128{lo, hi}
+}
+
+// addMul64 returns v + a * b.
+func addMul64(v uint128, a, b uint64) uint128 {
+	hi, lo := bits.Mul64(a, b)
+	lo, c := bits.Add64(lo, v.lo, 0)
+	hi, _ = bits.Add64(hi, v.hi, c)
+	return uint128{lo, hi}
+}
+
+// shiftRightBy51 returns a >> 51. a is assumed to be at most 115 bits.
+func shiftRightBy51(a uint128) uint64 {
+	return (a.hi << (64 - 51)) | (a.lo >> 51)
+}
+
+func feMulGeneric(v, a, b *Element) {
+	a0 := a.l0
+	a1 := a.l1
+	a2 := a.l2
+	a3 := a.l3
+	a4 := a.l4
+
+	b0 := b.l0
+	b1 := b.l1
+	b2 := b.l2
+	b3 := b.l3
+	b4 := b.l4
+
+	// Limb multiplication works like pen-and-paper columnar multiplication, but
+	// with 51-bit limbs instead of digits.
+	//
+	//                          a4   a3   a2   a1   a0  x
+	//                          b4   b3   b2   b1   b0  =
+	//                         ------------------------
+	//                        a4b0 a3b0 a2b0 a1b0 a0b0  +
+	//                   a4b1 a3b1 a2b1 a1b1 a0b1       +
+	//              a4b2 a3b2 a2b2 a1b2 a0b2            +
+	//         a4b3 a3b3 a2b3 a1b3 a0b3                 +
+	//    a4b4 a3b4 a2b4 a1b4 a0b4                      =
+	//   ----------------------------------------------
+	//      r8   r7   r6   r5   r4   r3   r2   r1   r0
+	//
+	// We can then use the reduction identity (a * 2²⁵⁵ + b = a * 19 + b) to
+	// reduce the limbs that would overflow 255 bits. r5 * 2²⁵⁵ becomes 19 * r5,
+	// r6 * 2³⁰⁶ becomes 19 * r6 * 2⁵¹, etc.
+	//
+	// Reduction can be carried out simultaneously to multiplication. For
+	// example, we do not compute r5: whenever the result of a multiplication
+	// belongs to r5, like a1b4, we multiply it by 19 and add the result to r0.
+	//
+	//            a4b0    a3b0    a2b0    a1b0    a0b0  +
+	//            a3b1    a2b1    a1b1    a0b1 19×a4b1  +
+	//            a2b2    a1b2    a0b2 19×a4b2 19×a3b2  +
+	//            a1b3    a0b3 19×a4b3 19×a3b3 19×a2b3  +
+	//            a0b4 19×a4b4 19×a3b4 19×a2b4 19×a1b4  =
+	//           --------------------------------------
+	//              r4      r3      r2      r1      r0
+	//
+	// Finally we add up the columns into wide, overlapping limbs.
+
+	a1_19 := a1 * 19
+	a2_19 := a2 * 19
+	a3_19 := a3 * 19
+	a4_19 := a4 * 19
+
+	// r0 = a0×b0 + 19×(a1×b4 + a2×b3 + a3×b2 + a4×b1)
+	r0 := mul64(a0, b0)
+	r0 = addMul64(r0, a1_19, b4)
+	r0 = addMul64(r0, a2_19, b3)
+	r0 = addMul64(r0, a3_19, b2)
+	r0 = addMul64(r0, a4_19, b1)
+
+	// r1 = a0×b1 + a1×b0 + 19×(a2×b4 + a3×b3 + a4×b2)
+	r1 := mul64(a0, b1)
+	r1 = addMul64(r1, a1, b0)
+	r1 = addMul64(r1, a2_19, b4)
+	r1 = addMul64(r1, a3_19, b3)
+	r1 = addMul64(r1, a4_19, b2)
+
+	// r2 = a0×b2 + a1×b1 + a2×b0 + 19×(a3×b4 + a4×b3)
+	r2 := mul64(a0, b2)
+	r2 = addMul64(r2, a1, b1)
+	r2 = addMul64(r2, a2, b0)
+	r2 = addMul64(r2, a3_19, b4)
+	r2 = addMul64(r2, a4_19, b3)
+
+	// r3 = a0×b3 + a1×b2 + a2×b1 + a3×b0 + 19×a4×b4
+	r3 := mul64(a0, b3)
+	r3 = addMul64(r3, a1, b2)
+	r3 = addMul64(r3, a2, b1)
+	r3 = addMul64(r3, a3, b0)
+	r3 = addMul64(r3, a4_19, b4)
+
+	// r4 = a0×b4 + a1×b3 + a2×b2 + a3×b1 + a4×b0
+	r4 := mul64(a0, b4)
+	r4 = addMul64(r4, a1, b3)
+	r4 = addMul64(r4, a2, b2)
+	r4 = addMul64(r4, a3, b1)
+	r4 = addMul64(r4, a4, b0)
+
+	// After the multiplication, we need to reduce (carry) the five coefficients
+	// to obtain a result with limbs that are at most slightly larger than 2⁵¹,
+	// to respect the Element invariant.
+	//
+	// Overall, the reduction works the same as carryPropagate, except with
+	// wider inputs: we take the carry for each coefficient by shifting it right
+	// by 51, and add it to the limb above it. The top carry is multiplied by 19
+	// according to the reduction identity and added to the lowest limb.
+	//
+	// The largest coefficient (r0) will be at most 111 bits, which guarantees
+	// that all carries are at most 111 - 51 = 60 bits, which fits in a uint64.
+	//
+	//     r0 = a0×b0 + 19×(a1×b4 + a2×b3 + a3×b2 + a4×b1)
+	//     r0 < 2⁵²×2⁵² + 19×(2⁵²×2⁵² + 2⁵²×2⁵² + 2⁵²×2⁵² + 2⁵²×2⁵²)
+	//     r0 < (1 + 19 × 4) × 2⁵² × 2⁵²
+	//     r0 < 2⁷ × 2⁵² × 2⁵²
+	//     r0 < 2¹¹¹
+	//
+	// Moreover, the top coefficient (r4) is at most 107 bits, so c4 is at most
+	// 56 bits, and c4 * 19 is at most 61 bits, which again fits in a uint64 and
+	// allows us to easily apply the reduction identity.
+	//
+	//     r4 = a0×b4 + a1×b3 + a2×b2 + a3×b1 + a4×b0
+	//     r4 < 5 × 2⁵² × 2⁵²
+	//     r4 < 2¹⁰⁷
+	//
+
+	c0 := shiftRightBy51(r0)
+	c1 := shiftRightBy51(r1)
+	c2 := shiftRightBy51(r2)
+	c3 := shiftRightBy51(r3)
+	c4 := shiftRightBy51(r4)
+
+	rr0 := r0.lo&maskLow51Bits + c4*19
+	rr1 := r1.lo&maskLow51Bits + c0
+	rr2 := r2.lo&maskLow51Bits + c1
+	rr3 := r3.lo&maskLow51Bits + c2
+	rr4 := r4.lo&maskLow51Bits + c3
+
+	// Now all coefficients fit into 64-bit registers but are still too large to
+	// be passed around as a Element. We therefore do one last carry chain,
+	// where the carries will be small enough to fit in the wiggle room above 2⁵¹.
+	*v = Element{rr0, rr1, rr2, rr3, rr4}
+	v.carryPropagate()
+}
+
+func feSquareGeneric(v, a *Element) {
+	l0 := a.l0
+	l1 := a.l1
+	l2 := a.l2
+	l3 := a.l3
+	l4 := a.l4
+
+	// Squaring works precisely like multiplication above, but thanks to its
+	// symmetry we get to group a few terms together.
+	//
+	//                          l4   l3   l2   l1   l0  x
+	//                          l4   l3   l2   l1   l0  =
+	//                         ------------------------
+	//                        l4l0 l3l0 l2l0 l1l0 l0l0  +
+	//                   l4l1 l3l1 l2l1 l1l1 l0l1       +
+	//              l4l2 l3l2 l2l2 l1l2 l0l2            +
+	//         l4l3 l3l3 l2l3 l1l3 l0l3                 +
+	//    l4l4 l3l4 l2l4 l1l4 l0l4                      =
+	//   ----------------------------------------------
+	//      r8   r7   r6   r5   r4   r3   r2   r1   r0
+	//
+	//            l4l0    l3l0    l2l0    l1l0    l0l0  +
+	//            l3l1    l2l1    l1l1    l0l1 19×l4l1  +
+	//            l2l2    l1l2    l0l2 19×l4l2 19×l3l2  +
+	//            l1l3    l0l3 19×l4l3 19×l3l3 19×l2l3  +
+	//            l0l4 19×l4l4 19×l3l4 19×l2l4 19×l1l4  =
+	//           --------------------------------------
+	//              r4      r3      r2      r1      r0
+	//
+	// With precomputed 2×, 19×, and 2×19× terms, we can compute each limb with
+	// only three Mul64 and four Add64, instead of five and eight.
+
+	l0_2 := l0 * 2
+	l1_2 := l1 * 2
+
+	l1_38 := l1 * 38
+	l2_38 := l2 * 38
+	l3_38 := l3 * 38
+
+	l3_19 := l3 * 19
+	l4_19 := l4 * 19
+
+	// r0 = l0×l0 + 19×(l1×l4 + l2×l3 + l3×l2 + l4×l1) = l0×l0 + 19×2×(l1×l4 + l2×l3)
+	r0 := mul64(l0, l0)
+	r0 = addMul64(r0, l1_38, l4)
+	r0 = addMul64(r0, l2_38, l3)
+
+	// r1 = l0×l1 + l1×l0 + 19×(l2×l4 + l3×l3 + l4×l2) = 2×l0×l1 + 19×2×l2×l4 + 19×l3×l3
+	r1 := mul64(l0_2, l1)
+	r1 = addMul64(r1, l2_38, l4)
+	r1 = addMul64(r1, l3_19, l3)
+
+	// r2 = l0×l2 + l1×l1 + l2×l0 + 19×(l3×l4 + l4×l3) = 2×l0×l2 + l1×l1 + 19×2×l3×l4
+	r2 := mul64(l0_2, l2)
+	r2 = addMul64(r2, l1, l1)
+	r2 = addMul64(r2, l3_38, l4)
+
+	// r3 = l0×l3 + l1×l2 + l2×l1 + l3×l0 + 19×l4×l4 = 2×l0×l3 + 2×l1×l2 + 19×l4×l4
+	r3 := mul64(l0_2, l3)
+	r3 = addMul64(r3, l1_2, l2)
+	r3 = addMul64(r3, l4_19, l4)
+
+	// r4 = l0×l4 + l1×l3 + l2×l2 + l3×l1 + l4×l0 = 2×l0×l4 + 2×l1×l3 + l2×l2
+	r4 := mul64(l0_2, l4)
+	r4 = addMul64(r4, l1_2, l3)
+	r4 = addMul64(r4, l2, l2)
+
+	c0 := shiftRightBy51(r0)
+	c1 := shiftRightBy51(r1)
+	c2 := shiftRightBy51(r2)
+	c3 := shiftRightBy51(r3)
+	c4 := shiftRightBy51(r4)
+
+	rr0 := r0.lo&maskLow51Bits + c4*19
+	rr1 := r1.lo&maskLow51Bits + c0
+	rr2 := r2.lo&maskLow51Bits + c1
+	rr3 := r3.lo&maskLow51Bits + c2
+	rr4 := r4.lo&maskLow51Bits + c3
+
+	*v = Element{rr0, rr1, rr2, rr3, rr4}
+	v.carryPropagate()
+}
+
+// carryPropagate brings the limbs below 52 bits by applying the reduction
+// identity (a * 2²⁵⁵ + b = a * 19 + b) to the l4 carry. TODO inline
+func (v *Element) carryPropagateGeneric() *Element {
+	c0 := v.l0 >> 51
+	c1 := v.l1 >> 51
+	c2 := v.l2 >> 51
+	c3 := v.l3 >> 51
+	c4 := v.l4 >> 51
+
+	v.l0 = v.l0&maskLow51Bits + c4*19
+	v.l1 = v.l1&maskLow51Bits + c0
+	v.l2 = v.l2&maskLow51Bits + c1
+	v.l3 = v.l3&maskLow51Bits + c2
+	v.l4 = v.l4&maskLow51Bits + c3
+
+	return v
+}
diff --git a/curve25519/internal/field/fe_test.go b/curve25519/internal/field/fe_test.go
new file mode 100644
index 000000000..b484459ff
--- /dev/null
+++ b/curve25519/internal/field/fe_test.go
@@ -0,0 +1,558 @@
+// Copyright (c) 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package field
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"io"
+	"math/big"
+	"math/bits"
+	mathrand "math/rand"
+	"reflect"
+	"testing"
+	"testing/quick"
+)
+
+func (v Element) String() string {
+	return hex.EncodeToString(v.Bytes())
+}
+
+// quickCheckConfig1024 will make each quickcheck test run (1024 * -quickchecks)
+// times. The default value of -quickchecks is 100.
+var quickCheckConfig1024 = &quick.Config{MaxCountScale: 1 << 10}
+
+func generateFieldElement(rand *mathrand.Rand) Element {
+	const maskLow52Bits = (1 << 52) - 1
+	return Element{
+		rand.Uint64() & maskLow52Bits,
+		rand.Uint64() & maskLow52Bits,
+		rand.Uint64() & maskLow52Bits,
+		rand.Uint64() & maskLow52Bits,
+		rand.Uint64() & maskLow52Bits,
+	}
+}
+
+// weirdLimbs can be combined to generate a range of edge-case field elements.
+// 0 and -1 are intentionally more weighted, as they combine well.
+var (
+	weirdLimbs51 = []uint64{
+		0, 0, 0, 0,
+		1,
+		19 - 1,
+		19,
+		0x2aaaaaaaaaaaa,
+		0x5555555555555,
+		(1 << 51) - 20,
+		(1 << 51) - 19,
+		(1 << 51) - 1, (1 << 51) - 1,
+		(1 << 51) - 1, (1 << 51) - 1,
+	}
+	weirdLimbs52 = []uint64{
+		0, 0, 0, 0, 0, 0,
+		1,
+		19 - 1,
+		19,
+		0x2aaaaaaaaaaaa,
+		0x5555555555555,
+		(1 << 51) - 20,
+		(1 << 51) - 19,
+		(1 << 51) - 1, (1 << 51) - 1,
+		(1 << 51) - 1, (1 << 51) - 1,
+		(1 << 51) - 1, (1 << 51) - 1,
+		1 << 51,
+		(1 << 51) + 1,
+		(1 << 52) - 19,
+		(1 << 52) - 1,
+	}
+)
+
+func generateWeirdFieldElement(rand *mathrand.Rand) Element {
+	return Element{
+		weirdLimbs52[rand.Intn(len(weirdLimbs52))],
+		weirdLimbs51[rand.Intn(len(weirdLimbs51))],
+		weirdLimbs51[rand.Intn(len(weirdLimbs51))],
+		weirdLimbs51[rand.Intn(len(weirdLimbs51))],
+		weirdLimbs51[rand.Intn(len(weirdLimbs51))],
+	}
+}
+
+func (Element) Generate(rand *mathrand.Rand, size int) reflect.Value {
+	if rand.Intn(2) == 0 {
+		return reflect.ValueOf(generateWeirdFieldElement(rand))
+	}
+	return reflect.ValueOf(generateFieldElement(rand))
+}
+
+// isInBounds returns whether the element is within the expected bit size bounds
+// after a light reduction.
+func isInBounds(x *Element) bool {
+	return bits.Len64(x.l0) <= 52 &&
+		bits.Len64(x.l1) <= 52 &&
+		bits.Len64(x.l2) <= 52 &&
+		bits.Len64(x.l3) <= 52 &&
+		bits.Len64(x.l4) <= 52
+}
+
+func TestMultiplyDistributesOverAdd(t *testing.T) {
+	multiplyDistributesOverAdd := func(x, y, z Element) bool {
+		// Compute t1 = (x+y)*z
+		t1 := new(Element)
+		t1.Add(&x, &y)
+		t1.Multiply(t1, &z)
+
+		// Compute t2 = x*z + y*z
+		t2 := new(Element)
+		t3 := new(Element)
+		t2.Multiply(&x, &z)
+		t3.Multiply(&y, &z)
+		t2.Add(t2, t3)
+
+		return t1.Equal(t2) == 1 && isInBounds(t1) && isInBounds(t2)
+	}
+
+	if err := quick.Check(multiplyDistributesOverAdd, quickCheckConfig1024); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestMul64to128(t *testing.T) {
+	a := uint64(5)
+	b := uint64(5)
+	r := mul64(a, b)
+	if r.lo != 0x19 || r.hi != 0 {
+		t.Errorf("lo-range wide mult failed, got %d + %d*(2**64)", r.lo, r.hi)
+	}
+
+	a = uint64(18014398509481983) // 2^54 - 1
+	b = uint64(18014398509481983) // 2^54 - 1
+	r = mul64(a, b)
+	if r.lo != 0xff80000000000001 || r.hi != 0xfffffffffff {
+		t.Errorf("hi-range wide mult failed, got %d + %d*(2**64)", r.lo, r.hi)
+	}
+
+	a = uint64(1125899906842661)
+	b = uint64(2097155)
+	r = mul64(a, b)
+	r = addMul64(r, a, b)
+	r = addMul64(r, a, b)
+	r = addMul64(r, a, b)
+	r = addMul64(r, a, b)
+	if r.lo != 16888498990613035 || r.hi != 640 {
+		t.Errorf("wrong answer: %d + %d*(2**64)", r.lo, r.hi)
+	}
+}
+
+func TestSetBytesRoundTrip(t *testing.T) {
+	f1 := func(in [32]byte, fe Element) bool {
+		fe.SetBytes(in[:])
+
+		// Mask the most significant bit as it's ignored by SetBytes. (Now
+		// instead of earlier so we check the masking in SetBytes is working.)
+		in[len(in)-1] &= (1 << 7) - 1
+
+		return bytes.Equal(in[:], fe.Bytes()) && isInBounds(&fe)
+	}
+	if err := quick.Check(f1, nil); err != nil {
+		t.Errorf("failed bytes->FE->bytes round-trip: %v", err)
+	}
+
+	f2 := func(fe, r Element) bool {
+		r.SetBytes(fe.Bytes())
+
+		// Intentionally not using Equal not to go through Bytes again.
+		// Calling reduce because both Generate and SetBytes can produce
+		// non-canonical representations.
+		fe.reduce()
+		r.reduce()
+		return fe == r
+	}
+	if err := quick.Check(f2, nil); err != nil {
+		t.Errorf("failed FE->bytes->FE round-trip: %v", err)
+	}
+
+	// Check some fixed vectors from dalek
+	type feRTTest struct {
+		fe Element
+		b  []byte
+	}
+	var tests = []feRTTest{
+		{
+			fe: Element{358744748052810, 1691584618240980, 977650209285361, 1429865912637724, 560044844278676},
+			b:  []byte{74, 209, 69, 197, 70, 70, 161, 222, 56, 226, 229, 19, 112, 60, 25, 92, 187, 74, 222, 56, 50, 153, 51, 233, 40, 74, 57, 6, 160, 185, 213, 31},
+		},
+		{
+			fe: Element{84926274344903, 473620666599931, 365590438845504, 1028470286882429, 2146499180330972},
+			b:  []byte{199, 23, 106, 112, 61, 77, 216, 79, 186, 60, 11, 118, 13, 16, 103, 15, 42, 32, 83, 250, 44, 57, 204, 198, 78, 199, 253, 119, 146, 172, 3, 122},
+		},
+	}
+
+	for _, tt := range tests {
+		b := tt.fe.Bytes()
+		if !bytes.Equal(b, tt.b) || new(Element).SetBytes(tt.b).Equal(&tt.fe) != 1 {
+			t.Errorf("Failed fixed roundtrip: %v", tt)
+		}
+	}
+}
+
+func swapEndianness(buf []byte) []byte {
+	for i := 0; i < len(buf)/2; i++ {
+		buf[i], buf[len(buf)-i-1] = buf[len(buf)-i-1], buf[i]
+	}
+	return buf
+}
+
+func TestBytesBigEquivalence(t *testing.T) {
+	f1 := func(in [32]byte, fe, fe1 Element) bool {
+		fe.SetBytes(in[:])
+
+		in[len(in)-1] &= (1 << 7) - 1 // mask the most significant bit
+		b := new(big.Int).SetBytes(swapEndianness(in[:]))
+		fe1.fromBig(b)
+
+		if fe != fe1 {
+			return false
+		}
+
+		buf := make([]byte, 32) // pad with zeroes
+		copy(buf, swapEndianness(fe1.toBig().Bytes()))
+
+		return bytes.Equal(fe.Bytes(), buf) && isInBounds(&fe) && isInBounds(&fe1)
+	}
+	if err := quick.Check(f1, nil); err != nil {
+		t.Error(err)
+	}
+}
+
+// fromBig sets v = n, and returns v. The bit length of n must not exceed 256.
+func (v *Element) fromBig(n *big.Int) *Element {
+	if n.BitLen() > 32*8 {
+		panic("edwards25519: invalid field element input size")
+	}
+
+	buf := make([]byte, 0, 32)
+	for _, word := range n.Bits() {
+		for i := 0; i < bits.UintSize; i += 8 {
+			if len(buf) >= cap(buf) {
+				break
+			}
+			buf = append(buf, byte(word))
+			word >>= 8
+		}
+	}
+
+	return v.SetBytes(buf[:32])
+}
+
+func (v *Element) fromDecimal(s string) *Element {
+	n, ok := new(big.Int).SetString(s, 10)
+	if !ok {
+		panic("not a valid decimal: " + s)
+	}
+	return v.fromBig(n)
+}
+
+// toBig returns v as a big.Int.
+func (v *Element) toBig() *big.Int {
+	buf := v.Bytes()
+
+	words := make([]big.Word, 32*8/bits.UintSize)
+	for n := range words {
+		for i := 0; i < bits.UintSize; i += 8 {
+			if len(buf) == 0 {
+				break
+			}
+			words[n] |= big.Word(buf[0]) << big.Word(i)
+			buf = buf[1:]
+		}
+	}
+
+	return new(big.Int).SetBits(words)
+}
+
+func TestDecimalConstants(t *testing.T) {
+	sqrtM1String := "19681161376707505956807079304988542015446066515923890162744021073123829784752"
+	if exp := new(Element).fromDecimal(sqrtM1String); sqrtM1.Equal(exp) != 1 {
+		t.Errorf("sqrtM1 is %v, expected %v", sqrtM1, exp)
+	}
+	// d is in the parent package, and we don't want to expose d or fromDecimal.
+	// dString := "37095705934669439343138083508754565189542113879843219016388785533085940283555"
+	// if exp := new(Element).fromDecimal(dString); d.Equal(exp) != 1 {
+	// 	t.Errorf("d is %v, expected %v", d, exp)
+	// }
+}
+
+func TestSetBytesRoundTripEdgeCases(t *testing.T) {
+	// TODO: values close to 0, close to 2^255-19, between 2^255-19 and 2^255-1,
+	// and between 2^255 and 2^256-1. Test both the documented SetBytes
+	// behavior, and that Bytes reduces them.
+}
+
+// Tests self-consistency between Multiply and Square.
+func TestConsistency(t *testing.T) {
+	var x Element
+	var x2, x2sq Element
+
+	x = Element{1, 1, 1, 1, 1}
+	x2.Multiply(&x, &x)
+	x2sq.Square(&x)
+
+	if x2 != x2sq {
+		t.Fatalf("all ones failed\nmul: %x\nsqr: %x\n", x2, x2sq)
+	}
+
+	var bytes [32]byte
+
+	_, err := io.ReadFull(rand.Reader, bytes[:])
+	if err != nil {
+		t.Fatal(err)
+	}
+	x.SetBytes(bytes[:])
+
+	x2.Multiply(&x, &x)
+	x2sq.Square(&x)
+
+	if x2 != x2sq {
+		t.Fatalf("all ones failed\nmul: %x\nsqr: %x\n", x2, x2sq)
+	}
+}
+
+func TestEqual(t *testing.T) {
+	x := Element{1, 1, 1, 1, 1}
+	y := Element{5, 4, 3, 2, 1}
+
+	eq := x.Equal(&x)
+	if eq != 1 {
+		t.Errorf("wrong about equality")
+	}
+
+	eq = x.Equal(&y)
+	if eq != 0 {
+		t.Errorf("wrong about inequality")
+	}
+}
+
+func TestInvert(t *testing.T) {
+	x := Element{1, 1, 1, 1, 1}
+	one := Element{1, 0, 0, 0, 0}
+	var xinv, r Element
+
+	xinv.Invert(&x)
+	r.Multiply(&x, &xinv)
+	r.reduce()
+
+	if one != r {
+		t.Errorf("inversion identity failed, got: %x", r)
+	}
+
+	var bytes [32]byte
+
+	_, err := io.ReadFull(rand.Reader, bytes[:])
+	if err != nil {
+		t.Fatal(err)
+	}
+	x.SetBytes(bytes[:])
+
+	xinv.Invert(&x)
+	r.Multiply(&x, &xinv)
+	r.reduce()
+
+	if one != r {
+		t.Errorf("random inversion identity failed, got: %x for field element %x", r, x)
+	}
+
+	zero := Element{}
+	x.Set(&zero)
+	if xx := xinv.Invert(&x); xx != &xinv {
+		t.Errorf("inverting zero did not return the receiver")
+	} else if xinv.Equal(&zero) != 1 {
+		t.Errorf("inverting zero did not return zero")
+	}
+}
+
+func TestSelectSwap(t *testing.T) {
+	a := Element{358744748052810, 1691584618240980, 977650209285361, 1429865912637724, 560044844278676}
+	b := Element{84926274344903, 473620666599931, 365590438845504, 1028470286882429, 2146499180330972}
+
+	var c, d Element
+
+	c.Select(&a, &b, 1)
+	d.Select(&a, &b, 0)
+
+	if c.Equal(&a) != 1 || d.Equal(&b) != 1 {
+		t.Errorf("Select failed")
+	}
+
+	c.Swap(&d, 0)
+
+	if c.Equal(&a) != 1 || d.Equal(&b) != 1 {
+		t.Errorf("Swap failed")
+	}
+
+	c.Swap(&d, 1)
+
+	if c.Equal(&b) != 1 || d.Equal(&a) != 1 {
+		t.Errorf("Swap failed")
+	}
+}
+
+func TestMult32(t *testing.T) {
+	mult32EquivalentToMul := func(x Element, y uint32) bool {
+		t1 := new(Element)
+		for i := 0; i < 100; i++ {
+			t1.Mult32(&x, y)
+		}
+
+		ty := new(Element)
+		ty.l0 = uint64(y)
+
+		t2 := new(Element)
+		for i := 0; i < 100; i++ {
+			t2.Multiply(&x, ty)
+		}
+
+		return t1.Equal(t2) == 1 && isInBounds(t1) && isInBounds(t2)
+	}
+
+	if err := quick.Check(mult32EquivalentToMul, quickCheckConfig1024); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestSqrtRatio(t *testing.T) {
+	// From draft-irtf-cfrg-ristretto255-decaf448-00, Appendix A.4.
+	type test struct {
+		u, v      string
+		wasSquare int
+		r         string
+	}
+	var tests = []test{
+		// If u is 0, the function is defined to return (0, TRUE), even if v
+		// is zero. Note that where used in this package, the denominator v
+		// is never zero.
+		{
+			"0000000000000000000000000000000000000000000000000000000000000000",
+			"0000000000000000000000000000000000000000000000000000000000000000",
+			1, "0000000000000000000000000000000000000000000000000000000000000000",
+		},
+		// 0/1 == 0²
+		{
+			"0000000000000000000000000000000000000000000000000000000000000000",
+			"0100000000000000000000000000000000000000000000000000000000000000",
+			1, "0000000000000000000000000000000000000000000000000000000000000000",
+		},
+		// If u is non-zero and v is zero, defined to return (0, FALSE).
+		{
+			"0100000000000000000000000000000000000000000000000000000000000000",
+			"0000000000000000000000000000000000000000000000000000000000000000",
+			0, "0000000000000000000000000000000000000000000000000000000000000000",
+		},
+		// 2/1 is not square in this field.
+		{
+			"0200000000000000000000000000000000000000000000000000000000000000",
+			"0100000000000000000000000000000000000000000000000000000000000000",
+			0, "3c5ff1b5d8e4113b871bd052f9e7bcd0582804c266ffb2d4f4203eb07fdb7c54",
+		},
+		// 4/1 == 2²
+		{
+			"0400000000000000000000000000000000000000000000000000000000000000",
+			"0100000000000000000000000000000000000000000000000000000000000000",
+			1, "0200000000000000000000000000000000000000000000000000000000000000",
+		},
+		// 1/4 == (2⁻¹)² == (2^(p-2))² per Euler's theorem
+		{
+			"0100000000000000000000000000000000000000000000000000000000000000",
+			"0400000000000000000000000000000000000000000000000000000000000000",
+			1, "f6ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f",
+		},
+	}
+
+	for i, tt := range tests {
+		u := new(Element).SetBytes(decodeHex(tt.u))
+		v := new(Element).SetBytes(decodeHex(tt.v))
+		want := new(Element).SetBytes(decodeHex(tt.r))
+		got, wasSquare := new(Element).SqrtRatio(u, v)
+		if got.Equal(want) == 0 || wasSquare != tt.wasSquare {
+			t.Errorf("%d: got (%v, %v), want (%v, %v)", i, got, wasSquare, want, tt.wasSquare)
+		}
+	}
+}
+
+func TestCarryPropagate(t *testing.T) {
+	asmLikeGeneric := func(a [5]uint64) bool {
+		t1 := &Element{a[0], a[1], a[2], a[3], a[4]}
+		t2 := &Element{a[0], a[1], a[2], a[3], a[4]}
+
+		t1.carryPropagate()
+		t2.carryPropagateGeneric()
+
+		if *t1 != *t2 {
+			t.Logf("got: %#v,\nexpected: %#v", t1, t2)
+		}
+
+		return *t1 == *t2 && isInBounds(t2)
+	}
+
+	if err := quick.Check(asmLikeGeneric, quickCheckConfig1024); err != nil {
+		t.Error(err)
+	}
+
+	if !asmLikeGeneric([5]uint64{0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}) {
+		t.Errorf("failed for {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff}")
+	}
+}
+
+func TestFeSquare(t *testing.T) {
+	asmLikeGeneric := func(a Element) bool {
+		t1 := a
+		t2 := a
+
+		feSquareGeneric(&t1, &t1)
+		feSquare(&t2, &t2)
+
+		if t1 != t2 {
+			t.Logf("got: %#v,\nexpected: %#v", t1, t2)
+		}
+
+		return t1 == t2 && isInBounds(&t2)
+	}
+
+	if err := quick.Check(asmLikeGeneric, quickCheckConfig1024); err != nil {
+		t.Error(err)
+	}
+}
+
+func TestFeMul(t *testing.T) {
+	asmLikeGeneric := func(a, b Element) bool {
+		a1 := a
+		a2 := a
+		b1 := b
+		b2 := b
+
+		feMulGeneric(&a1, &a1, &b1)
+		feMul(&a2, &a2, &b2)
+
+		if a1 != a2 || b1 != b2 {
+			t.Logf("got: %#v,\nexpected: %#v", a1, a2)
+			t.Logf("got: %#v,\nexpected: %#v", b1, b2)
+		}
+
+		return a1 == a2 && isInBounds(&a2) &&
+			b1 == b2 && isInBounds(&b2)
+	}
+
+	if err := quick.Check(asmLikeGeneric, quickCheckConfig1024); err != nil {
+		t.Error(err)
+	}
+}
+
+func decodeHex(s string) []byte {
+	b, err := hex.DecodeString(s)
+	if err != nil {
+		panic(err)
+	}
+	return b
+}
diff --git a/curve25519/internal/field/sync.checkpoint b/curve25519/internal/field/sync.checkpoint
new file mode 100644
index 000000000..e3685f95c
--- /dev/null
+++ b/curve25519/internal/field/sync.checkpoint
@@ -0,0 +1 @@
+b0c49ae9f59d233526f8934262c5bbbe14d4358d
diff --git a/curve25519/internal/field/sync.sh b/curve25519/internal/field/sync.sh
new file mode 100755
index 000000000..1ba22a8b4
--- /dev/null
+++ b/curve25519/internal/field/sync.sh
@@ -0,0 +1,19 @@
+#! /bin/bash
+set -euo pipefail
+
+cd "$(git rev-parse --show-toplevel)"
+
+STD_PATH=src/crypto/ed25519/internal/edwards25519/field
+LOCAL_PATH=curve25519/internal/field
+LAST_SYNC_REF=$(cat $LOCAL_PATH/sync.checkpoint)
+
+git fetch https://go.googlesource.com/go master
+
+if git diff --quiet $LAST_SYNC_REF:$STD_PATH FETCH_HEAD:$STD_PATH; then
+    echo "No changes."
+else
+    NEW_REF=$(git rev-parse FETCH_HEAD | tee $LOCAL_PATH/sync.checkpoint)
+    echo "Applying changes from $LAST_SYNC_REF to $NEW_REF..."
+    git diff $LAST_SYNC_REF:$STD_PATH FETCH_HEAD:$STD_PATH | \
+        git apply -3 --directory=$LOCAL_PATH
+fi
diff --git a/curve25519/ladderstep_amd64.s b/curve25519/ladderstep_amd64.s
deleted file mode 100644
index 9e9040b25..000000000
--- a/curve25519/ladderstep_amd64.s
+++ /dev/null
@@ -1,1377 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func ladderstep(inout *[5][5]uint64)
-TEXT ·ladderstep(SB),0,$296-8
-	MOVQ inout+0(FP),DI
-
-	MOVQ 40(DI),SI
-	MOVQ 48(DI),DX
-	MOVQ 56(DI),CX
-	MOVQ 64(DI),R8
-	MOVQ 72(DI),R9
-	MOVQ SI,AX
-	MOVQ DX,R10
-	MOVQ CX,R11
-	MOVQ R8,R12
-	MOVQ R9,R13
-	ADDQ ·_2P0(SB),AX
-	ADDQ ·_2P1234(SB),R10
-	ADDQ ·_2P1234(SB),R11
-	ADDQ ·_2P1234(SB),R12
-	ADDQ ·_2P1234(SB),R13
-	ADDQ 80(DI),SI
-	ADDQ 88(DI),DX
-	ADDQ 96(DI),CX
-	ADDQ 104(DI),R8
-	ADDQ 112(DI),R9
-	SUBQ 80(DI),AX
-	SUBQ 88(DI),R10
-	SUBQ 96(DI),R11
-	SUBQ 104(DI),R12
-	SUBQ 112(DI),R13
-	MOVQ SI,0(SP)
-	MOVQ DX,8(SP)
-	MOVQ CX,16(SP)
-	MOVQ R8,24(SP)
-	MOVQ R9,32(SP)
-	MOVQ AX,40(SP)
-	MOVQ R10,48(SP)
-	MOVQ R11,56(SP)
-	MOVQ R12,64(SP)
-	MOVQ R13,72(SP)
-	MOVQ 40(SP),AX
-	MULQ 40(SP)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 40(SP),AX
-	SHLQ $1,AX
-	MULQ 48(SP)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 40(SP),AX
-	SHLQ $1,AX
-	MULQ 56(SP)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 40(SP),AX
-	SHLQ $1,AX
-	MULQ 64(SP)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 40(SP),AX
-	SHLQ $1,AX
-	MULQ 72(SP)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 48(SP),AX
-	MULQ 48(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 48(SP),AX
-	SHLQ $1,AX
-	MULQ 56(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 48(SP),AX
-	SHLQ $1,AX
-	MULQ 64(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 48(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 72(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 56(SP),AX
-	MULQ 56(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 56(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 64(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 56(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 72(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 64(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 64(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 64(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 72(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 72(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 72(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	ANDQ DX,SI
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ADDQ R10,CX
-	ANDQ DX,R8
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ADDQ R12,CX
-	ANDQ DX,R9
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ADDQ R14,CX
-	ANDQ DX,AX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,80(SP)
-	MOVQ R8,88(SP)
-	MOVQ R9,96(SP)
-	MOVQ AX,104(SP)
-	MOVQ R10,112(SP)
-	MOVQ 0(SP),AX
-	MULQ 0(SP)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 0(SP),AX
-	SHLQ $1,AX
-	MULQ 8(SP)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 0(SP),AX
-	SHLQ $1,AX
-	MULQ 16(SP)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 0(SP),AX
-	SHLQ $1,AX
-	MULQ 24(SP)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 0(SP),AX
-	SHLQ $1,AX
-	MULQ 32(SP)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 8(SP),AX
-	MULQ 8(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SP),AX
-	SHLQ $1,AX
-	MULQ 16(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 8(SP),AX
-	SHLQ $1,AX
-	MULQ 24(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 8(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 16(SP),AX
-	MULQ 16(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 16(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 24(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 16(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 24(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 24(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 24(SP),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 32(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	ANDQ DX,SI
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ADDQ R10,CX
-	ANDQ DX,R8
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ADDQ R12,CX
-	ANDQ DX,R9
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ADDQ R14,CX
-	ANDQ DX,AX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,120(SP)
-	MOVQ R8,128(SP)
-	MOVQ R9,136(SP)
-	MOVQ AX,144(SP)
-	MOVQ R10,152(SP)
-	MOVQ SI,SI
-	MOVQ R8,DX
-	MOVQ R9,CX
-	MOVQ AX,R8
-	MOVQ R10,R9
-	ADDQ ·_2P0(SB),SI
-	ADDQ ·_2P1234(SB),DX
-	ADDQ ·_2P1234(SB),CX
-	ADDQ ·_2P1234(SB),R8
-	ADDQ ·_2P1234(SB),R9
-	SUBQ 80(SP),SI
-	SUBQ 88(SP),DX
-	SUBQ 96(SP),CX
-	SUBQ 104(SP),R8
-	SUBQ 112(SP),R9
-	MOVQ SI,160(SP)
-	MOVQ DX,168(SP)
-	MOVQ CX,176(SP)
-	MOVQ R8,184(SP)
-	MOVQ R9,192(SP)
-	MOVQ 120(DI),SI
-	MOVQ 128(DI),DX
-	MOVQ 136(DI),CX
-	MOVQ 144(DI),R8
-	MOVQ 152(DI),R9
-	MOVQ SI,AX
-	MOVQ DX,R10
-	MOVQ CX,R11
-	MOVQ R8,R12
-	MOVQ R9,R13
-	ADDQ ·_2P0(SB),AX
-	ADDQ ·_2P1234(SB),R10
-	ADDQ ·_2P1234(SB),R11
-	ADDQ ·_2P1234(SB),R12
-	ADDQ ·_2P1234(SB),R13
-	ADDQ 160(DI),SI
-	ADDQ 168(DI),DX
-	ADDQ 176(DI),CX
-	ADDQ 184(DI),R8
-	ADDQ 192(DI),R9
-	SUBQ 160(DI),AX
-	SUBQ 168(DI),R10
-	SUBQ 176(DI),R11
-	SUBQ 184(DI),R12
-	SUBQ 192(DI),R13
-	MOVQ SI,200(SP)
-	MOVQ DX,208(SP)
-	MOVQ CX,216(SP)
-	MOVQ R8,224(SP)
-	MOVQ R9,232(SP)
-	MOVQ AX,240(SP)
-	MOVQ R10,248(SP)
-	MOVQ R11,256(SP)
-	MOVQ R12,264(SP)
-	MOVQ R13,272(SP)
-	MOVQ 224(SP),SI
-	IMUL3Q $19,SI,AX
-	MOVQ AX,280(SP)
-	MULQ 56(SP)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 232(SP),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,288(SP)
-	MULQ 48(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 200(SP),AX
-	MULQ 40(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 200(SP),AX
-	MULQ 48(SP)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 200(SP),AX
-	MULQ 56(SP)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 200(SP),AX
-	MULQ 64(SP)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 200(SP),AX
-	MULQ 72(SP)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 208(SP),AX
-	MULQ 40(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 208(SP),AX
-	MULQ 48(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 208(SP),AX
-	MULQ 56(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 208(SP),AX
-	MULQ 64(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 208(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 72(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 216(SP),AX
-	MULQ 40(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 216(SP),AX
-	MULQ 48(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 216(SP),AX
-	MULQ 56(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 216(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 64(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 216(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 72(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 224(SP),AX
-	MULQ 40(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 224(SP),AX
-	MULQ 48(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 280(SP),AX
-	MULQ 64(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 280(SP),AX
-	MULQ 72(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 232(SP),AX
-	MULQ 40(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 288(SP),AX
-	MULQ 56(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 288(SP),AX
-	MULQ 64(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 288(SP),AX
-	MULQ 72(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ANDQ DX,SI
-	ADDQ R10,CX
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ANDQ DX,R8
-	ADDQ R12,CX
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ANDQ DX,R9
-	ADDQ R14,CX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	ANDQ DX,AX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,40(SP)
-	MOVQ R8,48(SP)
-	MOVQ R9,56(SP)
-	MOVQ AX,64(SP)
-	MOVQ R10,72(SP)
-	MOVQ 264(SP),SI
-	IMUL3Q $19,SI,AX
-	MOVQ AX,200(SP)
-	MULQ 16(SP)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 272(SP),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,208(SP)
-	MULQ 8(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 240(SP),AX
-	MULQ 0(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 240(SP),AX
-	MULQ 8(SP)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 240(SP),AX
-	MULQ 16(SP)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 240(SP),AX
-	MULQ 24(SP)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 240(SP),AX
-	MULQ 32(SP)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 248(SP),AX
-	MULQ 0(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 248(SP),AX
-	MULQ 8(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 248(SP),AX
-	MULQ 16(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 248(SP),AX
-	MULQ 24(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 248(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 256(SP),AX
-	MULQ 0(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 256(SP),AX
-	MULQ 8(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 256(SP),AX
-	MULQ 16(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 256(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 24(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 256(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 264(SP),AX
-	MULQ 0(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 264(SP),AX
-	MULQ 8(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 200(SP),AX
-	MULQ 24(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 200(SP),AX
-	MULQ 32(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 272(SP),AX
-	MULQ 0(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 208(SP),AX
-	MULQ 16(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 208(SP),AX
-	MULQ 24(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 208(SP),AX
-	MULQ 32(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ANDQ DX,SI
-	ADDQ R10,CX
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ANDQ DX,R8
-	ADDQ R12,CX
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ANDQ DX,R9
-	ADDQ R14,CX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	ANDQ DX,AX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,DX
-	MOVQ R8,CX
-	MOVQ R9,R11
-	MOVQ AX,R12
-	MOVQ R10,R13
-	ADDQ ·_2P0(SB),DX
-	ADDQ ·_2P1234(SB),CX
-	ADDQ ·_2P1234(SB),R11
-	ADDQ ·_2P1234(SB),R12
-	ADDQ ·_2P1234(SB),R13
-	ADDQ 40(SP),SI
-	ADDQ 48(SP),R8
-	ADDQ 56(SP),R9
-	ADDQ 64(SP),AX
-	ADDQ 72(SP),R10
-	SUBQ 40(SP),DX
-	SUBQ 48(SP),CX
-	SUBQ 56(SP),R11
-	SUBQ 64(SP),R12
-	SUBQ 72(SP),R13
-	MOVQ SI,120(DI)
-	MOVQ R8,128(DI)
-	MOVQ R9,136(DI)
-	MOVQ AX,144(DI)
-	MOVQ R10,152(DI)
-	MOVQ DX,160(DI)
-	MOVQ CX,168(DI)
-	MOVQ R11,176(DI)
-	MOVQ R12,184(DI)
-	MOVQ R13,192(DI)
-	MOVQ 120(DI),AX
-	MULQ 120(DI)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 120(DI),AX
-	SHLQ $1,AX
-	MULQ 128(DI)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 120(DI),AX
-	SHLQ $1,AX
-	MULQ 136(DI)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 120(DI),AX
-	SHLQ $1,AX
-	MULQ 144(DI)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 120(DI),AX
-	SHLQ $1,AX
-	MULQ 152(DI)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 128(DI),AX
-	MULQ 128(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 128(DI),AX
-	SHLQ $1,AX
-	MULQ 136(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 128(DI),AX
-	SHLQ $1,AX
-	MULQ 144(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 128(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 152(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 136(DI),AX
-	MULQ 136(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 136(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 144(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 136(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 152(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 144(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 144(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 144(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 152(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 152(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 152(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	ANDQ DX,SI
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ADDQ R10,CX
-	ANDQ DX,R8
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ADDQ R12,CX
-	ANDQ DX,R9
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ADDQ R14,CX
-	ANDQ DX,AX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,120(DI)
-	MOVQ R8,128(DI)
-	MOVQ R9,136(DI)
-	MOVQ AX,144(DI)
-	MOVQ R10,152(DI)
-	MOVQ 160(DI),AX
-	MULQ 160(DI)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 160(DI),AX
-	SHLQ $1,AX
-	MULQ 168(DI)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 160(DI),AX
-	SHLQ $1,AX
-	MULQ 176(DI)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 160(DI),AX
-	SHLQ $1,AX
-	MULQ 184(DI)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 160(DI),AX
-	SHLQ $1,AX
-	MULQ 192(DI)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 168(DI),AX
-	MULQ 168(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 168(DI),AX
-	SHLQ $1,AX
-	MULQ 176(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 168(DI),AX
-	SHLQ $1,AX
-	MULQ 184(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 168(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 192(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 176(DI),AX
-	MULQ 176(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 176(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 184(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 176(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 192(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 184(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 184(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 184(DI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 192(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 192(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 192(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	ANDQ DX,SI
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ADDQ R10,CX
-	ANDQ DX,R8
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ADDQ R12,CX
-	ANDQ DX,R9
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ADDQ R14,CX
-	ANDQ DX,AX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,160(DI)
-	MOVQ R8,168(DI)
-	MOVQ R9,176(DI)
-	MOVQ AX,184(DI)
-	MOVQ R10,192(DI)
-	MOVQ 184(DI),SI
-	IMUL3Q $19,SI,AX
-	MOVQ AX,0(SP)
-	MULQ 16(DI)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 192(DI),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,8(SP)
-	MULQ 8(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 160(DI),AX
-	MULQ 0(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 160(DI),AX
-	MULQ 8(DI)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 160(DI),AX
-	MULQ 16(DI)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 160(DI),AX
-	MULQ 24(DI)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 160(DI),AX
-	MULQ 32(DI)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 168(DI),AX
-	MULQ 0(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 168(DI),AX
-	MULQ 8(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 168(DI),AX
-	MULQ 16(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 168(DI),AX
-	MULQ 24(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 168(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 176(DI),AX
-	MULQ 0(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 176(DI),AX
-	MULQ 8(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 176(DI),AX
-	MULQ 16(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 176(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 24(DI)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 176(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 184(DI),AX
-	MULQ 0(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 184(DI),AX
-	MULQ 8(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 0(SP),AX
-	MULQ 24(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 0(SP),AX
-	MULQ 32(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 192(DI),AX
-	MULQ 0(DI)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 8(SP),AX
-	MULQ 16(DI)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 8(SP),AX
-	MULQ 24(DI)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SP),AX
-	MULQ 32(DI)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ANDQ DX,SI
-	ADDQ R10,CX
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ANDQ DX,R8
-	ADDQ R12,CX
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ANDQ DX,R9
-	ADDQ R14,CX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	ANDQ DX,AX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,160(DI)
-	MOVQ R8,168(DI)
-	MOVQ R9,176(DI)
-	MOVQ AX,184(DI)
-	MOVQ R10,192(DI)
-	MOVQ 144(SP),SI
-	IMUL3Q $19,SI,AX
-	MOVQ AX,0(SP)
-	MULQ 96(SP)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 152(SP),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,8(SP)
-	MULQ 88(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 120(SP),AX
-	MULQ 80(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 120(SP),AX
-	MULQ 88(SP)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 120(SP),AX
-	MULQ 96(SP)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 120(SP),AX
-	MULQ 104(SP)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 120(SP),AX
-	MULQ 112(SP)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 128(SP),AX
-	MULQ 80(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 128(SP),AX
-	MULQ 88(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 128(SP),AX
-	MULQ 96(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 128(SP),AX
-	MULQ 104(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 128(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 112(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 136(SP),AX
-	MULQ 80(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 136(SP),AX
-	MULQ 88(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 136(SP),AX
-	MULQ 96(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 136(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 104(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 136(SP),DX
-	IMUL3Q $19,DX,AX
-	MULQ 112(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 144(SP),AX
-	MULQ 80(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 144(SP),AX
-	MULQ 88(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 0(SP),AX
-	MULQ 104(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 0(SP),AX
-	MULQ 112(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 152(SP),AX
-	MULQ 80(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 8(SP),AX
-	MULQ 96(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 8(SP),AX
-	MULQ 104(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SP),AX
-	MULQ 112(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ANDQ DX,SI
-	ADDQ R10,CX
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ANDQ DX,R8
-	ADDQ R12,CX
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ANDQ DX,R9
-	ADDQ R14,CX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	ANDQ DX,AX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,40(DI)
-	MOVQ R8,48(DI)
-	MOVQ R9,56(DI)
-	MOVQ AX,64(DI)
-	MOVQ R10,72(DI)
-	MOVQ 160(SP),AX
-	MULQ ·_121666_213(SB)
-	SHRQ $13,AX
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 168(SP),AX
-	MULQ ·_121666_213(SB)
-	SHRQ $13,AX
-	ADDQ AX,CX
-	MOVQ DX,R8
-	MOVQ 176(SP),AX
-	MULQ ·_121666_213(SB)
-	SHRQ $13,AX
-	ADDQ AX,R8
-	MOVQ DX,R9
-	MOVQ 184(SP),AX
-	MULQ ·_121666_213(SB)
-	SHRQ $13,AX
-	ADDQ AX,R9
-	MOVQ DX,R10
-	MOVQ 192(SP),AX
-	MULQ ·_121666_213(SB)
-	SHRQ $13,AX
-	ADDQ AX,R10
-	IMUL3Q $19,DX,DX
-	ADDQ DX,SI
-	ADDQ 80(SP),SI
-	ADDQ 88(SP),CX
-	ADDQ 96(SP),R8
-	ADDQ 104(SP),R9
-	ADDQ 112(SP),R10
-	MOVQ SI,80(DI)
-	MOVQ CX,88(DI)
-	MOVQ R8,96(DI)
-	MOVQ R9,104(DI)
-	MOVQ R10,112(DI)
-	MOVQ 104(DI),SI
-	IMUL3Q $19,SI,AX
-	MOVQ AX,0(SP)
-	MULQ 176(SP)
-	MOVQ AX,SI
-	MOVQ DX,CX
-	MOVQ 112(DI),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,8(SP)
-	MULQ 168(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 80(DI),AX
-	MULQ 160(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 80(DI),AX
-	MULQ 168(SP)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 80(DI),AX
-	MULQ 176(SP)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 80(DI),AX
-	MULQ 184(SP)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 80(DI),AX
-	MULQ 192(SP)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 88(DI),AX
-	MULQ 160(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 88(DI),AX
-	MULQ 168(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 88(DI),AX
-	MULQ 176(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 88(DI),AX
-	MULQ 184(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 88(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 192(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 96(DI),AX
-	MULQ 160(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 96(DI),AX
-	MULQ 168(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 96(DI),AX
-	MULQ 176(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 96(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 184(SP)
-	ADDQ AX,SI
-	ADCQ DX,CX
-	MOVQ 96(DI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 192(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 104(DI),AX
-	MULQ 160(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 104(DI),AX
-	MULQ 168(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 0(SP),AX
-	MULQ 184(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 0(SP),AX
-	MULQ 192(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 112(DI),AX
-	MULQ 160(SP)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 8(SP),AX
-	MULQ 176(SP)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 8(SP),AX
-	MULQ 184(SP)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SP),AX
-	MULQ 192(SP)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ $REDMASK51,DX
-	SHLQ $13,CX:SI
-	ANDQ DX,SI
-	SHLQ $13,R9:R8
-	ANDQ DX,R8
-	ADDQ CX,R8
-	SHLQ $13,R11:R10
-	ANDQ DX,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ DX,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ DX,R14
-	ADDQ R13,R14
-	IMUL3Q $19,R15,CX
-	ADDQ CX,SI
-	MOVQ SI,CX
-	SHRQ $51,CX
-	ADDQ R8,CX
-	MOVQ CX,R8
-	SHRQ $51,CX
-	ANDQ DX,SI
-	ADDQ R10,CX
-	MOVQ CX,R9
-	SHRQ $51,CX
-	ANDQ DX,R8
-	ADDQ R12,CX
-	MOVQ CX,AX
-	SHRQ $51,CX
-	ANDQ DX,R9
-	ADDQ R14,CX
-	MOVQ CX,R10
-	SHRQ $51,CX
-	ANDQ DX,AX
-	IMUL3Q $19,CX,CX
-	ADDQ CX,SI
-	ANDQ DX,R10
-	MOVQ SI,80(DI)
-	MOVQ R8,88(DI)
-	MOVQ R9,96(DI)
-	MOVQ AX,104(DI)
-	MOVQ R10,112(DI)
-	RET
diff --git a/curve25519/mont25519_amd64.go b/curve25519/mont25519_amd64.go
deleted file mode 100644
index 5822bd533..000000000
--- a/curve25519/mont25519_amd64.go
+++ /dev/null
@@ -1,240 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build amd64,!gccgo,!appengine
-
-package curve25519
-
-// These functions are implemented in the .s files. The names of the functions
-// in the rest of the file are also taken from the SUPERCOP sources to help
-// people following along.
-
-//go:noescape
-
-func cswap(inout *[5]uint64, v uint64)
-
-//go:noescape
-
-func ladderstep(inout *[5][5]uint64)
-
-//go:noescape
-
-func freeze(inout *[5]uint64)
-
-//go:noescape
-
-func mul(dest, a, b *[5]uint64)
-
-//go:noescape
-
-func square(out, in *[5]uint64)
-
-// mladder uses a Montgomery ladder to calculate (xr/zr) *= s.
-func mladder(xr, zr *[5]uint64, s *[32]byte) {
-	var work [5][5]uint64
-
-	work[0] = *xr
-	setint(&work[1], 1)
-	setint(&work[2], 0)
-	work[3] = *xr
-	setint(&work[4], 1)
-
-	j := uint(6)
-	var prevbit byte
-
-	for i := 31; i >= 0; i-- {
-		for j < 8 {
-			bit := ((*s)[i] >> j) & 1
-			swap := bit ^ prevbit
-			prevbit = bit
-			cswap(&work[1], uint64(swap))
-			ladderstep(&work)
-			j--
-		}
-		j = 7
-	}
-
-	*xr = work[1]
-	*zr = work[2]
-}
-
-func scalarMult(out, in, base *[32]byte) {
-	var e [32]byte
-	copy(e[:], (*in)[:])
-	e[0] &= 248
-	e[31] &= 127
-	e[31] |= 64
-
-	var t, z [5]uint64
-	unpack(&t, base)
-	mladder(&t, &z, &e)
-	invert(&z, &z)
-	mul(&t, &t, &z)
-	pack(out, &t)
-}
-
-func setint(r *[5]uint64, v uint64) {
-	r[0] = v
-	r[1] = 0
-	r[2] = 0
-	r[3] = 0
-	r[4] = 0
-}
-
-// unpack sets r = x where r consists of 5, 51-bit limbs in little-endian
-// order.
-func unpack(r *[5]uint64, x *[32]byte) {
-	r[0] = uint64(x[0]) |
-		uint64(x[1])<<8 |
-		uint64(x[2])<<16 |
-		uint64(x[3])<<24 |
-		uint64(x[4])<<32 |
-		uint64(x[5])<<40 |
-		uint64(x[6]&7)<<48
-
-	r[1] = uint64(x[6])>>3 |
-		uint64(x[7])<<5 |
-		uint64(x[8])<<13 |
-		uint64(x[9])<<21 |
-		uint64(x[10])<<29 |
-		uint64(x[11])<<37 |
-		uint64(x[12]&63)<<45
-
-	r[2] = uint64(x[12])>>6 |
-		uint64(x[13])<<2 |
-		uint64(x[14])<<10 |
-		uint64(x[15])<<18 |
-		uint64(x[16])<<26 |
-		uint64(x[17])<<34 |
-		uint64(x[18])<<42 |
-		uint64(x[19]&1)<<50
-
-	r[3] = uint64(x[19])>>1 |
-		uint64(x[20])<<7 |
-		uint64(x[21])<<15 |
-		uint64(x[22])<<23 |
-		uint64(x[23])<<31 |
-		uint64(x[24])<<39 |
-		uint64(x[25]&15)<<47
-
-	r[4] = uint64(x[25])>>4 |
-		uint64(x[26])<<4 |
-		uint64(x[27])<<12 |
-		uint64(x[28])<<20 |
-		uint64(x[29])<<28 |
-		uint64(x[30])<<36 |
-		uint64(x[31]&127)<<44
-}
-
-// pack sets out = x where out is the usual, little-endian form of the 5,
-// 51-bit limbs in x.
-func pack(out *[32]byte, x *[5]uint64) {
-	t := *x
-	freeze(&t)
-
-	out[0] = byte(t[0])
-	out[1] = byte(t[0] >> 8)
-	out[2] = byte(t[0] >> 16)
-	out[3] = byte(t[0] >> 24)
-	out[4] = byte(t[0] >> 32)
-	out[5] = byte(t[0] >> 40)
-	out[6] = byte(t[0] >> 48)
-
-	out[6] ^= byte(t[1]<<3) & 0xf8
-	out[7] = byte(t[1] >> 5)
-	out[8] = byte(t[1] >> 13)
-	out[9] = byte(t[1] >> 21)
-	out[10] = byte(t[1] >> 29)
-	out[11] = byte(t[1] >> 37)
-	out[12] = byte(t[1] >> 45)
-
-	out[12] ^= byte(t[2]<<6) & 0xc0
-	out[13] = byte(t[2] >> 2)
-	out[14] = byte(t[2] >> 10)
-	out[15] = byte(t[2] >> 18)
-	out[16] = byte(t[2] >> 26)
-	out[17] = byte(t[2] >> 34)
-	out[18] = byte(t[2] >> 42)
-	out[19] = byte(t[2] >> 50)
-
-	out[19] ^= byte(t[3]<<1) & 0xfe
-	out[20] = byte(t[3] >> 7)
-	out[21] = byte(t[3] >> 15)
-	out[22] = byte(t[3] >> 23)
-	out[23] = byte(t[3] >> 31)
-	out[24] = byte(t[3] >> 39)
-	out[25] = byte(t[3] >> 47)
-
-	out[25] ^= byte(t[4]<<4) & 0xf0
-	out[26] = byte(t[4] >> 4)
-	out[27] = byte(t[4] >> 12)
-	out[28] = byte(t[4] >> 20)
-	out[29] = byte(t[4] >> 28)
-	out[30] = byte(t[4] >> 36)
-	out[31] = byte(t[4] >> 44)
-}
-
-// invert calculates r = x^-1 mod p using Fermat's little theorem.
-func invert(r *[5]uint64, x *[5]uint64) {
-	var z2, z9, z11, z2_5_0, z2_10_0, z2_20_0, z2_50_0, z2_100_0, t [5]uint64
-
-	square(&z2, x)        /* 2 */
-	square(&t, &z2)       /* 4 */
-	square(&t, &t)        /* 8 */
-	mul(&z9, &t, x)       /* 9 */
-	mul(&z11, &z9, &z2)   /* 11 */
-	square(&t, &z11)      /* 22 */
-	mul(&z2_5_0, &t, &z9) /* 2^5 - 2^0 = 31 */
-
-	square(&t, &z2_5_0)      /* 2^6 - 2^1 */
-	for i := 1; i < 5; i++ { /* 2^20 - 2^10 */
-		square(&t, &t)
-	}
-	mul(&z2_10_0, &t, &z2_5_0) /* 2^10 - 2^0 */
-
-	square(&t, &z2_10_0)      /* 2^11 - 2^1 */
-	for i := 1; i < 10; i++ { /* 2^20 - 2^10 */
-		square(&t, &t)
-	}
-	mul(&z2_20_0, &t, &z2_10_0) /* 2^20 - 2^0 */
-
-	square(&t, &z2_20_0)      /* 2^21 - 2^1 */
-	for i := 1; i < 20; i++ { /* 2^40 - 2^20 */
-		square(&t, &t)
-	}
-	mul(&t, &t, &z2_20_0) /* 2^40 - 2^0 */
-
-	square(&t, &t)            /* 2^41 - 2^1 */
-	for i := 1; i < 10; i++ { /* 2^50 - 2^10 */
-		square(&t, &t)
-	}
-	mul(&z2_50_0, &t, &z2_10_0) /* 2^50 - 2^0 */
-
-	square(&t, &z2_50_0)      /* 2^51 - 2^1 */
-	for i := 1; i < 50; i++ { /* 2^100 - 2^50 */
-		square(&t, &t)
-	}
-	mul(&z2_100_0, &t, &z2_50_0) /* 2^100 - 2^0 */
-
-	square(&t, &z2_100_0)      /* 2^101 - 2^1 */
-	for i := 1; i < 100; i++ { /* 2^200 - 2^100 */
-		square(&t, &t)
-	}
-	mul(&t, &t, &z2_100_0) /* 2^200 - 2^0 */
-
-	square(&t, &t)            /* 2^201 - 2^1 */
-	for i := 1; i < 50; i++ { /* 2^250 - 2^50 */
-		square(&t, &t)
-	}
-	mul(&t, &t, &z2_50_0) /* 2^250 - 2^0 */
-
-	square(&t, &t) /* 2^251 - 2^1 */
-	square(&t, &t) /* 2^252 - 2^2 */
-	square(&t, &t) /* 2^253 - 2^3 */
-
-	square(&t, &t) /* 2^254 - 2^4 */
-
-	square(&t, &t)   /* 2^255 - 2^5 */
-	mul(r, &t, &z11) /* 2^255 - 21 */
-}
diff --git a/curve25519/mul_amd64.s b/curve25519/mul_amd64.s
deleted file mode 100644
index 5ce80a2e5..000000000
--- a/curve25519/mul_amd64.s
+++ /dev/null
@@ -1,169 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func mul(dest, a, b *[5]uint64)
-TEXT ·mul(SB),0,$16-24
-	MOVQ dest+0(FP), DI
-	MOVQ a+8(FP), SI
-	MOVQ b+16(FP), DX
-
-	MOVQ DX,CX
-	MOVQ 24(SI),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,0(SP)
-	MULQ 16(CX)
-	MOVQ AX,R8
-	MOVQ DX,R9
-	MOVQ 32(SI),DX
-	IMUL3Q $19,DX,AX
-	MOVQ AX,8(SP)
-	MULQ 8(CX)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 0(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 0(SI),AX
-	MULQ 8(CX)
-	MOVQ AX,R10
-	MOVQ DX,R11
-	MOVQ 0(SI),AX
-	MULQ 16(CX)
-	MOVQ AX,R12
-	MOVQ DX,R13
-	MOVQ 0(SI),AX
-	MULQ 24(CX)
-	MOVQ AX,R14
-	MOVQ DX,R15
-	MOVQ 0(SI),AX
-	MULQ 32(CX)
-	MOVQ AX,BX
-	MOVQ DX,BP
-	MOVQ 8(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SI),AX
-	MULQ 8(CX)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 8(SI),AX
-	MULQ 16(CX)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 8(SI),AX
-	MULQ 24(CX)
-	ADDQ AX,BX
-	ADCQ DX,BP
-	MOVQ 8(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(CX)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 16(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 16(SI),AX
-	MULQ 8(CX)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 16(SI),AX
-	MULQ 16(CX)
-	ADDQ AX,BX
-	ADCQ DX,BP
-	MOVQ 16(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 24(CX)
-	ADDQ AX,R8
-	ADCQ DX,R9
-	MOVQ 16(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(CX)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 24(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ 24(SI),AX
-	MULQ 8(CX)
-	ADDQ AX,BX
-	ADCQ DX,BP
-	MOVQ 0(SP),AX
-	MULQ 24(CX)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 0(SP),AX
-	MULQ 32(CX)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 32(SI),AX
-	MULQ 0(CX)
-	ADDQ AX,BX
-	ADCQ DX,BP
-	MOVQ 8(SP),AX
-	MULQ 16(CX)
-	ADDQ AX,R10
-	ADCQ DX,R11
-	MOVQ 8(SP),AX
-	MULQ 24(CX)
-	ADDQ AX,R12
-	ADCQ DX,R13
-	MOVQ 8(SP),AX
-	MULQ 32(CX)
-	ADDQ AX,R14
-	ADCQ DX,R15
-	MOVQ $REDMASK51,SI
-	SHLQ $13,R9:R8
-	ANDQ SI,R8
-	SHLQ $13,R11:R10
-	ANDQ SI,R10
-	ADDQ R9,R10
-	SHLQ $13,R13:R12
-	ANDQ SI,R12
-	ADDQ R11,R12
-	SHLQ $13,R15:R14
-	ANDQ SI,R14
-	ADDQ R13,R14
-	SHLQ $13,BP:BX
-	ANDQ SI,BX
-	ADDQ R15,BX
-	IMUL3Q $19,BP,DX
-	ADDQ DX,R8
-	MOVQ R8,DX
-	SHRQ $51,DX
-	ADDQ R10,DX
-	MOVQ DX,CX
-	SHRQ $51,DX
-	ANDQ SI,R8
-	ADDQ R12,DX
-	MOVQ DX,R9
-	SHRQ $51,DX
-	ANDQ SI,CX
-	ADDQ R14,DX
-	MOVQ DX,AX
-	SHRQ $51,DX
-	ANDQ SI,R9
-	ADDQ BX,DX
-	MOVQ DX,R10
-	SHRQ $51,DX
-	ANDQ SI,AX
-	IMUL3Q $19,DX,DX
-	ADDQ DX,R8
-	ANDQ SI,R10
-	MOVQ R8,0(DI)
-	MOVQ CX,8(DI)
-	MOVQ R9,16(DI)
-	MOVQ AX,24(DI)
-	MOVQ R10,32(DI)
-	RET
diff --git a/curve25519/square_amd64.s b/curve25519/square_amd64.s
deleted file mode 100644
index 12f73734f..000000000
--- a/curve25519/square_amd64.s
+++ /dev/null
@@ -1,132 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func square(out, in *[5]uint64)
-TEXT ·square(SB),7,$0-16
-	MOVQ out+0(FP), DI
-	MOVQ in+8(FP), SI
-
-	MOVQ 0(SI),AX
-	MULQ 0(SI)
-	MOVQ AX,CX
-	MOVQ DX,R8
-	MOVQ 0(SI),AX
-	SHLQ $1,AX
-	MULQ 8(SI)
-	MOVQ AX,R9
-	MOVQ DX,R10
-	MOVQ 0(SI),AX
-	SHLQ $1,AX
-	MULQ 16(SI)
-	MOVQ AX,R11
-	MOVQ DX,R12
-	MOVQ 0(SI),AX
-	SHLQ $1,AX
-	MULQ 24(SI)
-	MOVQ AX,R13
-	MOVQ DX,R14
-	MOVQ 0(SI),AX
-	SHLQ $1,AX
-	MULQ 32(SI)
-	MOVQ AX,R15
-	MOVQ DX,BX
-	MOVQ 8(SI),AX
-	MULQ 8(SI)
-	ADDQ AX,R11
-	ADCQ DX,R12
-	MOVQ 8(SI),AX
-	SHLQ $1,AX
-	MULQ 16(SI)
-	ADDQ AX,R13
-	ADCQ DX,R14
-	MOVQ 8(SI),AX
-	SHLQ $1,AX
-	MULQ 24(SI)
-	ADDQ AX,R15
-	ADCQ DX,BX
-	MOVQ 8(SI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SI)
-	ADDQ AX,CX
-	ADCQ DX,R8
-	MOVQ 16(SI),AX
-	MULQ 16(SI)
-	ADDQ AX,R15
-	ADCQ DX,BX
-	MOVQ 16(SI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 24(SI)
-	ADDQ AX,CX
-	ADCQ DX,R8
-	MOVQ 16(SI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SI)
-	ADDQ AX,R9
-	ADCQ DX,R10
-	MOVQ 24(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 24(SI)
-	ADDQ AX,R9
-	ADCQ DX,R10
-	MOVQ 24(SI),DX
-	IMUL3Q $38,DX,AX
-	MULQ 32(SI)
-	ADDQ AX,R11
-	ADCQ DX,R12
-	MOVQ 32(SI),DX
-	IMUL3Q $19,DX,AX
-	MULQ 32(SI)
-	ADDQ AX,R13
-	ADCQ DX,R14
-	MOVQ $REDMASK51,SI
-	SHLQ $13,R8:CX
-	ANDQ SI,CX
-	SHLQ $13,R10:R9
-	ANDQ SI,R9
-	ADDQ R8,R9
-	SHLQ $13,R12:R11
-	ANDQ SI,R11
-	ADDQ R10,R11
-	SHLQ $13,R14:R13
-	ANDQ SI,R13
-	ADDQ R12,R13
-	SHLQ $13,BX:R15
-	ANDQ SI,R15
-	ADDQ R14,R15
-	IMUL3Q $19,BX,DX
-	ADDQ DX,CX
-	MOVQ CX,DX
-	SHRQ $51,DX
-	ADDQ R9,DX
-	ANDQ SI,CX
-	MOVQ DX,R8
-	SHRQ $51,DX
-	ADDQ R11,DX
-	ANDQ SI,R8
-	MOVQ DX,R9
-	SHRQ $51,DX
-	ADDQ R13,DX
-	ANDQ SI,R9
-	MOVQ DX,AX
-	SHRQ $51,DX
-	ADDQ R15,DX
-	ANDQ SI,AX
-	MOVQ DX,R10
-	SHRQ $51,DX
-	IMUL3Q $19,DX,DX
-	ADDQ DX,CX
-	ANDQ SI,R10
-	MOVQ CX,0(DI)
-	MOVQ R8,8(DI)
-	MOVQ R9,16(DI)
-	MOVQ AX,24(DI)
-	MOVQ R10,32(DI)
-	RET
diff --git a/curve25519/vectors_test.go b/curve25519/vectors_test.go
new file mode 100644
index 000000000..946e9a8a3
--- /dev/null
+++ b/curve25519/vectors_test.go
@@ -0,0 +1,105 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package curve25519
+
+// lowOrderPoints from libsodium.
+// https://github.com/jedisct1/libsodium/blob/65621a1059a37d/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c#L11-L70
+var lowOrderPoints = [][]byte{
+	{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+	{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+	{0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00},
+	{0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57},
+	{0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+	{0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+	{0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f},
+}
+
+// testVectors generated with BoringSSL.
+var testVectors = []struct {
+	In     [32]byte
+	Base   [32]byte
+	Expect [32]byte
+}{
+	{
+		In:     [32]byte{0x66, 0x8f, 0xb9, 0xf7, 0x6a, 0xd9, 0x71, 0xc8, 0x1a, 0xc9, 0x0, 0x7, 0x1a, 0x15, 0x60, 0xbc, 0xe2, 0xca, 0x0, 0xca, 0xc7, 0xe6, 0x7a, 0xf9, 0x93, 0x48, 0x91, 0x37, 0x61, 0x43, 0x40, 0x14},
+		Base:   [32]byte{0xdb, 0x5f, 0x32, 0xb7, 0xf8, 0x41, 0xe7, 0xa1, 0xa0, 0x9, 0x68, 0xef, 0xfd, 0xed, 0x12, 0x73, 0x5f, 0xc4, 0x7a, 0x3e, 0xb1, 0x3b, 0x57, 0x9a, 0xac, 0xad, 0xea, 0xe8, 0x9, 0x39, 0xa7, 0xdd},
+		Expect: [32]byte{0x9, 0xd, 0x85, 0xe5, 0x99, 0xea, 0x8e, 0x2b, 0xee, 0xb6, 0x13, 0x4, 0xd3, 0x7b, 0xe1, 0xe, 0xc5, 0xc9, 0x5, 0xf9, 0x92, 0x7d, 0x32, 0xf4, 0x2a, 0x9a, 0xa, 0xfb, 0x3e, 0xb, 0x40, 0x74},
+	},
+	{
+		In:     [32]byte{0x63, 0x66, 0x95, 0xe3, 0x4f, 0x75, 0xb9, 0xa2, 0x79, 0xc8, 0x70, 0x6f, 0xad, 0x12, 0x89, 0xf2, 0xc0, 0xb1, 0xe2, 0x2e, 0x16, 0xf8, 0xb8, 0x86, 0x17, 0x29, 0xc1, 0xa, 0x58, 0x29, 0x58, 0xaf},
+		Base:   [32]byte{0x9, 0xd, 0x7, 0x1, 0xf8, 0xfd, 0xe2, 0x8f, 0x70, 0x4, 0x3b, 0x83, 0xf2, 0x34, 0x62, 0x25, 0x41, 0x9b, 0x18, 0xa7, 0xf2, 0x7e, 0x9e, 0x3d, 0x2b, 0xfd, 0x4, 0xe1, 0xf, 0x3d, 0x21, 0x3e},
+		Expect: [32]byte{0xbf, 0x26, 0xec, 0x7e, 0xc4, 0x13, 0x6, 0x17, 0x33, 0xd4, 0x40, 0x70, 0xea, 0x67, 0xca, 0xb0, 0x2a, 0x85, 0xdc, 0x1b, 0xe8, 0xcf, 0xe1, 0xff, 0x73, 0xd5, 0x41, 0xcc, 0x8, 0x32, 0x55, 0x6},
+	},
+	{
+		In:     [32]byte{0x73, 0x41, 0x81, 0xcd, 0x1a, 0x94, 0x6, 0x52, 0x2a, 0x56, 0xfe, 0x25, 0xe4, 0x3e, 0xcb, 0xf0, 0x29, 0x5d, 0xb5, 0xdd, 0xd0, 0x60, 0x9b, 0x3c, 0x2b, 0x4e, 0x79, 0xc0, 0x6f, 0x8b, 0xd4, 0x6d},
+		Base:   [32]byte{0xf8, 0xa8, 0x42, 0x1c, 0x7d, 0x21, 0xa9, 0x2d, 0xb3, 0xed, 0xe9, 0x79, 0xe1, 0xfa, 0x6a, 0xcb, 0x6, 0x2b, 0x56, 0xb1, 0x88, 0x5c, 0x71, 0xc5, 0x11, 0x53, 0xcc, 0xb8, 0x80, 0xac, 0x73, 0x15},
+		Expect: [32]byte{0x11, 0x76, 0xd0, 0x16, 0x81, 0xf2, 0xcf, 0x92, 0x9d, 0xa2, 0xc7, 0xa3, 0xdf, 0x66, 0xb5, 0xd7, 0x72, 0x9f, 0xd4, 0x22, 0x22, 0x6f, 0xd6, 0x37, 0x42, 0x16, 0xbf, 0x7e, 0x2, 0xfd, 0xf, 0x62},
+	},
+	{
+		In:     [32]byte{0x1f, 0x70, 0x39, 0x1f, 0x6b, 0xa8, 0x58, 0x12, 0x94, 0x13, 0xbd, 0x80, 0x1b, 0x12, 0xac, 0xbf, 0x66, 0x23, 0x62, 0x82, 0x5c, 0xa2, 0x50, 0x9c, 0x81, 0x87, 0x59, 0xa, 0x2b, 0xe, 0x61, 0x72},
+		Base:   [32]byte{0xd3, 0xea, 0xd0, 0x7a, 0x0, 0x8, 0xf4, 0x45, 0x2, 0xd5, 0x80, 0x8b, 0xff, 0xc8, 0x97, 0x9f, 0x25, 0xa8, 0x59, 0xd5, 0xad, 0xf4, 0x31, 0x2e, 0xa4, 0x87, 0x48, 0x9c, 0x30, 0xe0, 0x1b, 0x3b},
+		Expect: [32]byte{0xf8, 0x48, 0x2f, 0x2e, 0x9e, 0x58, 0xbb, 0x6, 0x7e, 0x86, 0xb2, 0x87, 0x24, 0xb3, 0xc0, 0xa3, 0xbb, 0xb5, 0x7, 0x3e, 0x4c, 0x6a, 0xcd, 0x93, 0xdf, 0x54, 0x5e, 0xff, 0xdb, 0xba, 0x50, 0x5f},
+	},
+	{
+		In:     [32]byte{0x3a, 0x7a, 0xe6, 0xcf, 0x8b, 0x88, 0x9d, 0x2b, 0x7a, 0x60, 0xa4, 0x70, 0xad, 0x6a, 0xd9, 0x99, 0x20, 0x6b, 0xf5, 0x7d, 0x90, 0x30, 0xdd, 0xf7, 0xf8, 0x68, 0xc, 0x8b, 0x1a, 0x64, 0x5d, 0xaa},
+		Base:   [32]byte{0x4d, 0x25, 0x4c, 0x80, 0x83, 0xd8, 0x7f, 0x1a, 0x9b, 0x3e, 0xa7, 0x31, 0xef, 0xcf, 0xf8, 0xa6, 0xf2, 0x31, 0x2d, 0x6f, 0xed, 0x68, 0xe, 0xf8, 0x29, 0x18, 0x51, 0x61, 0xc8, 0xfc, 0x50, 0x60},
+		Expect: [32]byte{0x47, 0xb3, 0x56, 0xd5, 0x81, 0x8d, 0xe8, 0xef, 0xac, 0x77, 0x4b, 0x71, 0x4c, 0x42, 0xc4, 0x4b, 0xe6, 0x85, 0x23, 0xdd, 0x57, 0xdb, 0xd7, 0x39, 0x62, 0xd5, 0xa5, 0x26, 0x31, 0x87, 0x62, 0x37},
+	},
+	{
+		In:     [32]byte{0x20, 0x31, 0x61, 0xc3, 0x15, 0x9a, 0x87, 0x6a, 0x2b, 0xea, 0xec, 0x29, 0xd2, 0x42, 0x7f, 0xb0, 0xc7, 0xc3, 0xd, 0x38, 0x2c, 0xd0, 0x13, 0xd2, 0x7c, 0xc3, 0xd3, 0x93, 0xdb, 0xd, 0xaf, 0x6f},
+		Base:   [32]byte{0x6a, 0xb9, 0x5d, 0x1a, 0xbe, 0x68, 0xc0, 0x9b, 0x0, 0x5c, 0x3d, 0xb9, 0x4, 0x2c, 0xc9, 0x1a, 0xc8, 0x49, 0xf7, 0xe9, 0x4a, 0x2a, 0x4a, 0x9b, 0x89, 0x36, 0x78, 0x97, 0xb, 0x7b, 0x95, 0xbf},
+		Expect: [32]byte{0x11, 0xed, 0xae, 0xdc, 0x95, 0xff, 0x78, 0xf5, 0x63, 0xa1, 0xc8, 0xf1, 0x55, 0x91, 0xc0, 0x71, 0xde, 0xa0, 0x92, 0xb4, 0xd7, 0xec, 0xaa, 0xc8, 0xe0, 0x38, 0x7b, 0x5a, 0x16, 0xc, 0x4e, 0x5d},
+	},
+	{
+		In:     [32]byte{0x13, 0xd6, 0x54, 0x91, 0xfe, 0x75, 0xf2, 0x3, 0xa0, 0x8, 0xb4, 0x41, 0x5a, 0xbc, 0x60, 0xd5, 0x32, 0xe6, 0x95, 0xdb, 0xd2, 0xf1, 0xe8, 0x3, 0xac, 0xcb, 0x34, 0xb2, 0xb7, 0x2c, 0x3d, 0x70},
+		Base:   [32]byte{0x2e, 0x78, 0x4e, 0x4, 0xca, 0x0, 0x73, 0x33, 0x62, 0x56, 0xa8, 0x39, 0x25, 0x5e, 0xd2, 0xf7, 0xd4, 0x79, 0x6a, 0x64, 0xcd, 0xc3, 0x7f, 0x1e, 0xb0, 0xe5, 0xc4, 0xc8, 0xd1, 0xd1, 0xe0, 0xf5},
+		Expect: [32]byte{0x56, 0x3e, 0x8c, 0x9a, 0xda, 0xa7, 0xd7, 0x31, 0x1, 0xb0, 0xf2, 0xea, 0xd3, 0xca, 0xe1, 0xea, 0x5d, 0x8f, 0xcd, 0x5c, 0xd3, 0x60, 0x80, 0xbb, 0x8e, 0x6e, 0xc0, 0x3d, 0x61, 0x45, 0x9, 0x17},
+	},
+	{
+		In:     [32]byte{0x68, 0x6f, 0x7d, 0xa9, 0x3b, 0xf2, 0x68, 0xe5, 0x88, 0x6, 0x98, 0x31, 0xf0, 0x47, 0x16, 0x3f, 0x33, 0x58, 0x99, 0x89, 0xd0, 0x82, 0x6e, 0x98, 0x8, 0xfb, 0x67, 0x8e, 0xd5, 0x7e, 0x67, 0x49},
+		Base:   [32]byte{0x8b, 0x54, 0x9b, 0x2d, 0xf6, 0x42, 0xd3, 0xb2, 0x5f, 0xe8, 0x38, 0xf, 0x8c, 0xc4, 0x37, 0x5f, 0x99, 0xb7, 0xbb, 0x4d, 0x27, 0x5f, 0x77, 0x9f, 0x3b, 0x7c, 0x81, 0xb8, 0xa2, 0xbb, 0xc1, 0x29},
+		Expect: [32]byte{0x1, 0x47, 0x69, 0x65, 0x42, 0x6b, 0x61, 0x71, 0x74, 0x9a, 0x8a, 0xdd, 0x92, 0x35, 0x2, 0x5c, 0xe5, 0xf5, 0x57, 0xfe, 0x40, 0x9, 0xf7, 0x39, 0x30, 0x44, 0xeb, 0xbb, 0x8a, 0xe9, 0x52, 0x79},
+	},
+	{
+		In:     [32]byte{0x82, 0xd6, 0x1c, 0xce, 0xdc, 0x80, 0x6a, 0x60, 0x60, 0xa3, 0x34, 0x9a, 0x5e, 0x87, 0xcb, 0xc7, 0xac, 0x11, 0x5e, 0x4f, 0x87, 0x77, 0x62, 0x50, 0xae, 0x25, 0x60, 0x98, 0xa7, 0xc4, 0x49, 0x59},
+		Base:   [32]byte{0x8b, 0x6b, 0x9d, 0x8, 0xf6, 0x1f, 0xc9, 0x1f, 0xe8, 0xb3, 0x29, 0x53, 0xc4, 0x23, 0x40, 0xf0, 0x7, 0xb5, 0x71, 0xdc, 0xb0, 0xa5, 0x6d, 0x10, 0x72, 0x4e, 0xce, 0xf9, 0x95, 0xc, 0xfb, 0x25},
+		Expect: [32]byte{0x9c, 0x49, 0x94, 0x1f, 0x9c, 0x4f, 0x18, 0x71, 0xfa, 0x40, 0x91, 0xfe, 0xd7, 0x16, 0xd3, 0x49, 0x99, 0xc9, 0x52, 0x34, 0xed, 0xf2, 0xfd, 0xfb, 0xa6, 0xd1, 0x4a, 0x5a, 0xfe, 0x9e, 0x5, 0x58},
+	},
+	{
+		In:     [32]byte{0x7d, 0xc7, 0x64, 0x4, 0x83, 0x13, 0x97, 0xd5, 0x88, 0x4f, 0xdf, 0x6f, 0x97, 0xe1, 0x74, 0x4c, 0x9e, 0xb1, 0x18, 0xa3, 0x1a, 0x7b, 0x23, 0xf8, 0xd7, 0x9f, 0x48, 0xce, 0x9c, 0xad, 0x15, 0x4b},
+		Base:   [32]byte{0x1a, 0xcd, 0x29, 0x27, 0x84, 0xf4, 0x79, 0x19, 0xd4, 0x55, 0xf8, 0x87, 0x44, 0x83, 0x58, 0x61, 0xb, 0xb9, 0x45, 0x96, 0x70, 0xeb, 0x99, 0xde, 0xe4, 0x60, 0x5, 0xf6, 0x89, 0xca, 0x5f, 0xb6},
+		Expect: [32]byte{0x0, 0xf4, 0x3c, 0x2, 0x2e, 0x94, 0xea, 0x38, 0x19, 0xb0, 0x36, 0xae, 0x2b, 0x36, 0xb2, 0xa7, 0x61, 0x36, 0xaf, 0x62, 0x8a, 0x75, 0x1f, 0xe5, 0xd0, 0x1e, 0x3, 0xd, 0x44, 0x25, 0x88, 0x59},
+	},
+	{
+		In:     [32]byte{0xfb, 0xc4, 0x51, 0x1d, 0x23, 0xa6, 0x82, 0xae, 0x4e, 0xfd, 0x8, 0xc8, 0x17, 0x9c, 0x1c, 0x6, 0x7f, 0x9c, 0x8b, 0xe7, 0x9b, 0xbc, 0x4e, 0xff, 0x5c, 0xe2, 0x96, 0xc6, 0xbc, 0x1f, 0xf4, 0x45},
+		Base:   [32]byte{0x55, 0xca, 0xff, 0x21, 0x81, 0xf2, 0x13, 0x6b, 0xe, 0xd0, 0xe1, 0xe2, 0x99, 0x44, 0x48, 0xe1, 0x6c, 0xc9, 0x70, 0x64, 0x6a, 0x98, 0x3d, 0x14, 0xd, 0xc4, 0xea, 0xb3, 0xd9, 0x4c, 0x28, 0x4e},
+		Expect: [32]byte{0xae, 0x39, 0xd8, 0x16, 0x53, 0x23, 0x45, 0x79, 0x4d, 0x26, 0x91, 0xe0, 0x80, 0x1c, 0xaa, 0x52, 0x5f, 0xc3, 0x63, 0x4d, 0x40, 0x2c, 0xe9, 0x58, 0xb, 0x33, 0x38, 0xb4, 0x6f, 0x8b, 0xb9, 0x72},
+	},
+	{
+		In:     [32]byte{0x4e, 0x6, 0xc, 0xe1, 0xc, 0xeb, 0xf0, 0x95, 0x9, 0x87, 0x16, 0xc8, 0x66, 0x19, 0xeb, 0x9f, 0x7d, 0xf6, 0x65, 0x24, 0x69, 0x8b, 0xa7, 0x98, 0x8c, 0x3b, 0x90, 0x95, 0xd9, 0xf5, 0x1, 0x34},
+		Base:   [32]byte{0x57, 0x73, 0x3f, 0x2d, 0x86, 0x96, 0x90, 0xd0, 0xd2, 0xed, 0xae, 0xc9, 0x52, 0x3d, 0xaa, 0x2d, 0xa9, 0x54, 0x45, 0xf4, 0x4f, 0x57, 0x83, 0xc1, 0xfa, 0xec, 0x6c, 0x3a, 0x98, 0x28, 0x18, 0xf3},
+		Expect: [32]byte{0xa6, 0x1e, 0x74, 0x55, 0x2c, 0xce, 0x75, 0xf5, 0xe9, 0x72, 0xe4, 0x24, 0xf2, 0xcc, 0xb0, 0x9c, 0x83, 0xbc, 0x1b, 0x67, 0x1, 0x47, 0x48, 0xf0, 0x2c, 0x37, 0x1a, 0x20, 0x9e, 0xf2, 0xfb, 0x2c},
+	},
+	{
+		In:     [32]byte{0x5c, 0x49, 0x2c, 0xba, 0x2c, 0xc8, 0x92, 0x48, 0x8a, 0x9c, 0xeb, 0x91, 0x86, 0xc2, 0xaa, 0xc2, 0x2f, 0x1, 0x5b, 0xf3, 0xef, 0x8d, 0x3e, 0xcc, 0x9c, 0x41, 0x76, 0x97, 0x62, 0x61, 0xaa, 0xb1},
+		Base:   [32]byte{0x67, 0x97, 0xc2, 0xe7, 0xdc, 0x92, 0xcc, 0xbe, 0x7c, 0x5, 0x6b, 0xec, 0x35, 0xa, 0xb6, 0xd3, 0xbd, 0x2a, 0x2c, 0x6b, 0xc5, 0xa8, 0x7, 0xbb, 0xca, 0xe1, 0xf6, 0xc2, 0xaf, 0x80, 0x36, 0x44},
+		Expect: [32]byte{0xfc, 0xf3, 0x7, 0xdf, 0xbc, 0x19, 0x2, 0xb, 0x28, 0xa6, 0x61, 0x8c, 0x6c, 0x62, 0x2f, 0x31, 0x7e, 0x45, 0x96, 0x7d, 0xac, 0xf4, 0xae, 0x4a, 0xa, 0x69, 0x9a, 0x10, 0x76, 0x9f, 0xde, 0x14},
+	},
+	{
+		In:     [32]byte{0xea, 0x33, 0x34, 0x92, 0x96, 0x5, 0x5a, 0x4e, 0x8b, 0x19, 0x2e, 0x3c, 0x23, 0xc5, 0xf4, 0xc8, 0x44, 0x28, 0x2a, 0x3b, 0xfc, 0x19, 0xec, 0xc9, 0xdc, 0x64, 0x6a, 0x42, 0xc3, 0x8d, 0xc2, 0x48},
+		Base:   [32]byte{0x2c, 0x75, 0xd8, 0x51, 0x42, 0xec, 0xad, 0x3e, 0x69, 0x44, 0x70, 0x4, 0x54, 0xc, 0x1c, 0x23, 0x54, 0x8f, 0xc8, 0xf4, 0x86, 0x25, 0x1b, 0x8a, 0x19, 0x46, 0x3f, 0x3d, 0xf6, 0xf8, 0xac, 0x61},
+		Expect: [32]byte{0x5d, 0xca, 0xb6, 0x89, 0x73, 0xf9, 0x5b, 0xd3, 0xae, 0x4b, 0x34, 0xfa, 0xb9, 0x49, 0xfb, 0x7f, 0xb1, 0x5a, 0xf1, 0xd8, 0xca, 0xe2, 0x8c, 0xd6, 0x99, 0xf9, 0xc1, 0xaa, 0x33, 0x37, 0x34, 0x2f},
+	},
+	{
+		In:     [32]byte{0x4f, 0x29, 0x79, 0xb1, 0xec, 0x86, 0x19, 0xe4, 0x5c, 0xa, 0xb, 0x2b, 0x52, 0x9, 0x34, 0x54, 0x1a, 0xb9, 0x44, 0x7, 0xb6, 0x4d, 0x19, 0xa, 0x76, 0xf3, 0x23, 0x14, 0xef, 0xe1, 0x84, 0xe7},
+		Base:   [32]byte{0xf7, 0xca, 0xe1, 0x8d, 0x8d, 0x36, 0xa7, 0xf5, 0x61, 0x17, 0xb8, 0xb7, 0xe, 0x25, 0x52, 0x27, 0x7f, 0xfc, 0x99, 0xdf, 0x87, 0x56, 0xb5, 0xe1, 0x38, 0xbf, 0x63, 0x68, 0xbc, 0x87, 0xf7, 0x4c},
+		Expect: [32]byte{0xe4, 0xe6, 0x34, 0xeb, 0xb4, 0xfb, 0x66, 0x4f, 0xe8, 0xb2, 0xcf, 0xa1, 0x61, 0x5f, 0x0, 0xe6, 0x46, 0x6f, 0xff, 0x73, 0x2c, 0xe1, 0xf8, 0xa0, 0xc8, 0xd2, 0x72, 0x74, 0x31, 0xd1, 0x6f, 0x14},
+	},
+	{
+		In:     [32]byte{0xf5, 0xd8, 0xa9, 0x27, 0x90, 0x1d, 0x4f, 0xa4, 0x24, 0x90, 0x86, 0xb7, 0xff, 0xec, 0x24, 0xf5, 0x29, 0x7d, 0x80, 0x11, 0x8e, 0x4a, 0xc9, 0xd3, 0xfc, 0x9a, 0x82, 0x37, 0x95, 0x1e, 0x3b, 0x7f},
+		Base:   [32]byte{0x3c, 0x23, 0x5e, 0xdc, 0x2, 0xf9, 0x11, 0x56, 0x41, 0xdb, 0xf5, 0x16, 0xd5, 0xde, 0x8a, 0x73, 0x5d, 0x6e, 0x53, 0xe2, 0x2a, 0xa2, 0xac, 0x14, 0x36, 0x56, 0x4, 0x5f, 0xf2, 0xe9, 0x52, 0x49},
+		Expect: [32]byte{0xab, 0x95, 0x15, 0xab, 0x14, 0xaf, 0x9d, 0x27, 0xe, 0x1d, 0xae, 0xc, 0x56, 0x80, 0xcb, 0xc8, 0x88, 0xb, 0xd8, 0xa8, 0xe7, 0xeb, 0x67, 0xb4, 0xda, 0x42, 0xa6, 0x61, 0x96, 0x1e, 0xfc, 0xb},
+	},
+}
diff --git a/ed25519/ed25519.go b/ed25519/ed25519.go
index 9b07accb6..71ad917da 100644
--- a/ed25519/ed25519.go
+++ b/ed25519/ed25519.go
@@ -2,21 +2,30 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+// In Go 1.13, the ed25519 package was promoted to the standard library as
+// crypto/ed25519, and this package became a wrapper for the standard library one.
+//
+//go:build !go1.13
+// +build !go1.13
+
 // Package ed25519 implements the Ed25519 signature algorithm. See
 // https://ed25519.cr.yp.to/.
 //
 // These functions are also compatible with the “Ed25519” function defined in
-// https://tools.ietf.org/html/draft-irtf-cfrg-eddsa-05.
+// RFC 8032. However, unlike RFC 8032's formulation, this package's private key
+// representation includes a public key suffix to make multiple signing
+// operations with the same key more efficient. This package refers to the RFC
+// 8032 private key as the “seed”.
 package ed25519
 
 // This code is a port of the public domain, “ref10” implementation of ed25519
 // from SUPERCOP.
 
 import (
+	"bytes"
 	"crypto"
 	cryptorand "crypto/rand"
 	"crypto/sha512"
-	"crypto/subtle"
 	"errors"
 	"io"
 	"strconv"
@@ -31,6 +40,8 @@ const (
 	PrivateKeySize = 64
 	// SignatureSize is the size, in bytes, of signatures generated and verified by this package.
 	SignatureSize = 64
+	// SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
+	SeedSize = 32
 )
 
 // PublicKey is the type of Ed25519 public keys.
@@ -46,6 +57,15 @@ func (priv PrivateKey) Public() crypto.PublicKey {
 	return PublicKey(publicKey)
 }
 
+// Seed returns the private key seed corresponding to priv. It is provided for
+// interoperability with RFC 8032. RFC 8032's private keys correspond to seeds
+// in this package.
+func (priv PrivateKey) Seed() []byte {
+	seed := make([]byte, SeedSize)
+	copy(seed, priv[:32])
+	return seed
+}
+
 // Sign signs the given message with priv.
 // Ed25519 performs two passes over messages to be signed and therefore cannot
 // handle pre-hashed messages. Thus opts.HashFunc() must return zero to
@@ -61,19 +81,33 @@ func (priv PrivateKey) Sign(rand io.Reader, message []byte, opts crypto.SignerOp
 
 // GenerateKey generates a public/private key pair using entropy from rand.
 // If rand is nil, crypto/rand.Reader will be used.
-func GenerateKey(rand io.Reader) (publicKey PublicKey, privateKey PrivateKey, err error) {
+func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) {
 	if rand == nil {
 		rand = cryptorand.Reader
 	}
 
-	privateKey = make([]byte, PrivateKeySize)
-	publicKey = make([]byte, PublicKeySize)
-	_, err = io.ReadFull(rand, privateKey[:32])
-	if err != nil {
+	seed := make([]byte, SeedSize)
+	if _, err := io.ReadFull(rand, seed); err != nil {
 		return nil, nil, err
 	}
 
-	digest := sha512.Sum512(privateKey[:32])
+	privateKey := NewKeyFromSeed(seed)
+	publicKey := make([]byte, PublicKeySize)
+	copy(publicKey, privateKey[32:])
+
+	return publicKey, privateKey, nil
+}
+
+// NewKeyFromSeed calculates a private key from a seed. It will panic if
+// len(seed) is not SeedSize. This function is provided for interoperability
+// with RFC 8032. RFC 8032's private keys correspond to seeds in this
+// package.
+func NewKeyFromSeed(seed []byte) PrivateKey {
+	if l := len(seed); l != SeedSize {
+		panic("ed25519: bad seed length: " + strconv.Itoa(l))
+	}
+
+	digest := sha512.Sum512(seed)
 	digest[0] &= 248
 	digest[31] &= 127
 	digest[31] |= 64
@@ -85,10 +119,11 @@ func GenerateKey(rand io.Reader) (publicKey PublicKey, privateKey PrivateKey, er
 	var publicKeyBytes [32]byte
 	A.ToBytes(&publicKeyBytes)
 
+	privateKey := make([]byte, PrivateKeySize)
+	copy(privateKey, seed)
 	copy(privateKey[32:], publicKeyBytes[:])
-	copy(publicKey, publicKeyBytes[:])
 
-	return publicKey, privateKey, nil
+	return privateKey
 }
 
 // Sign signs the message with privateKey and returns a signature. It will
@@ -171,11 +206,18 @@ func Verify(publicKey PublicKey, message, sig []byte) bool {
 	edwards25519.ScReduce(&hReduced, &digest)
 
 	var R edwards25519.ProjectiveGroupElement
-	var b [32]byte
-	copy(b[:], sig[32:])
-	edwards25519.GeDoubleScalarMultVartime(&R, &hReduced, &A, &b)
+	var s [32]byte
+	copy(s[:], sig[32:])
+
+	// https://tools.ietf.org/html/rfc8032#section-5.1.7 requires that s be in
+	// the range [0, order) in order to prevent signature malleability.
+	if !edwards25519.ScMinimal(&s) {
+		return false
+	}
+
+	edwards25519.GeDoubleScalarMultVartime(&R, &hReduced, &A, &s)
 
 	var checkR [32]byte
 	R.ToBytes(&checkR)
-	return subtle.ConstantTimeCompare(sig[:32], checkR[:]) == 1
+	return bytes.Equal(sig[:32], checkR[:])
 }
diff --git a/ed25519/ed25519_go113.go b/ed25519/ed25519_go113.go
new file mode 100644
index 000000000..b5974dc8b
--- /dev/null
+++ b/ed25519/ed25519_go113.go
@@ -0,0 +1,74 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.13
+// +build go1.13
+
+// Package ed25519 implements the Ed25519 signature algorithm. See
+// https://ed25519.cr.yp.to/.
+//
+// These functions are also compatible with the “Ed25519” function defined in
+// RFC 8032. However, unlike RFC 8032's formulation, this package's private key
+// representation includes a public key suffix to make multiple signing
+// operations with the same key more efficient. This package refers to the RFC
+// 8032 private key as the “seed”.
+//
+// Beginning with Go 1.13, the functionality of this package was moved to the
+// standard library as crypto/ed25519. This package only acts as a compatibility
+// wrapper.
+package ed25519
+
+import (
+	"crypto/ed25519"
+	"io"
+)
+
+const (
+	// PublicKeySize is the size, in bytes, of public keys as used in this package.
+	PublicKeySize = 32
+	// PrivateKeySize is the size, in bytes, of private keys as used in this package.
+	PrivateKeySize = 64
+	// SignatureSize is the size, in bytes, of signatures generated and verified by this package.
+	SignatureSize = 64
+	// SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
+	SeedSize = 32
+)
+
+// PublicKey is the type of Ed25519 public keys.
+//
+// This type is an alias for crypto/ed25519's PublicKey type.
+// See the crypto/ed25519 package for the methods on this type.
+type PublicKey = ed25519.PublicKey
+
+// PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer.
+//
+// This type is an alias for crypto/ed25519's PrivateKey type.
+// See the crypto/ed25519 package for the methods on this type.
+type PrivateKey = ed25519.PrivateKey
+
+// GenerateKey generates a public/private key pair using entropy from rand.
+// If rand is nil, crypto/rand.Reader will be used.
+func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) {
+	return ed25519.GenerateKey(rand)
+}
+
+// NewKeyFromSeed calculates a private key from a seed. It will panic if
+// len(seed) is not SeedSize. This function is provided for interoperability
+// with RFC 8032. RFC 8032's private keys correspond to seeds in this
+// package.
+func NewKeyFromSeed(seed []byte) PrivateKey {
+	return ed25519.NewKeyFromSeed(seed)
+}
+
+// Sign signs the message with privateKey and returns a signature. It will
+// panic if len(privateKey) is not PrivateKeySize.
+func Sign(privateKey PrivateKey, message []byte) []byte {
+	return ed25519.Sign(privateKey, message)
+}
+
+// Verify reports whether sig is a valid signature of message by publicKey. It
+// will panic if len(publicKey) is not PublicKeySize.
+func Verify(publicKey PublicKey, message, sig []byte) bool {
+	return ed25519.Verify(publicKey, message, sig)
+}
diff --git a/ed25519/ed25519_test.go b/ed25519/ed25519_test.go
index e272f8a55..13187cd94 100644
--- a/ed25519/ed25519_test.go
+++ b/ed25519/ed25519_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ed25519
+package ed25519_test
 
 import (
 	"bufio"
@@ -15,6 +15,7 @@ import (
 	"strings"
 	"testing"
 
+	"golang.org/x/crypto/ed25519"
 	"golang.org/x/crypto/ed25519/internal/edwards25519"
 )
 
@@ -28,7 +29,7 @@ func (zeroReader) Read(buf []byte) (int, error) {
 }
 
 func TestUnmarshalMarshal(t *testing.T) {
-	pub, _, _ := GenerateKey(rand.Reader)
+	pub, _, _ := ed25519.GenerateKey(rand.Reader)
 
 	var A edwards25519.ExtendedGroupElement
 	var pubBytes [32]byte
@@ -47,28 +48,28 @@ func TestUnmarshalMarshal(t *testing.T) {
 
 func TestSignVerify(t *testing.T) {
 	var zero zeroReader
-	public, private, _ := GenerateKey(zero)
+	public, private, _ := ed25519.GenerateKey(zero)
 
 	message := []byte("test message")
-	sig := Sign(private, message)
-	if !Verify(public, message, sig) {
+	sig := ed25519.Sign(private, message)
+	if !ed25519.Verify(public, message, sig) {
 		t.Errorf("valid signature rejected")
 	}
 
 	wrongMessage := []byte("wrong message")
-	if Verify(public, wrongMessage, sig) {
+	if ed25519.Verify(public, wrongMessage, sig) {
 		t.Errorf("signature of different message accepted")
 	}
 }
 
 func TestCryptoSigner(t *testing.T) {
 	var zero zeroReader
-	public, private, _ := GenerateKey(zero)
+	public, private, _ := ed25519.GenerateKey(zero)
 
 	signer := crypto.Signer(private)
 
 	publicInterface := signer.Public()
-	public2, ok := publicInterface.(PublicKey)
+	public2, ok := publicInterface.(ed25519.PublicKey)
 	if !ok {
 		t.Fatalf("expected PublicKey from Public() but got %T", publicInterface)
 	}
@@ -84,7 +85,7 @@ func TestCryptoSigner(t *testing.T) {
 		t.Fatalf("error from Sign(): %s", err)
 	}
 
-	if !Verify(public, message, signature) {
+	if !ed25519.Verify(public, message, signature) {
 		t.Errorf("Verify failed on signature from Sign()")
 	}
 }
@@ -121,24 +122,37 @@ func TestGolden(t *testing.T) {
 		sig, _ := hex.DecodeString(parts[3])
 		// The signatures in the test vectors also include the message
 		// at the end, but we just want R and S.
-		sig = sig[:SignatureSize]
+		sig = sig[:ed25519.SignatureSize]
 
-		if l := len(pubKey); l != PublicKeySize {
+		if l := len(pubKey); l != ed25519.PublicKeySize {
 			t.Fatalf("bad public key length on line %d: got %d bytes", lineNo, l)
 		}
 
-		var priv [PrivateKeySize]byte
+		var priv [ed25519.PrivateKeySize]byte
 		copy(priv[:], privBytes)
 		copy(priv[32:], pubKey)
 
-		sig2 := Sign(priv[:], msg)
+		sig2 := ed25519.Sign(priv[:], msg)
 		if !bytes.Equal(sig, sig2[:]) {
 			t.Errorf("different signature result on line %d: %x vs %x", lineNo, sig, sig2)
 		}
 
-		if !Verify(pubKey, msg, sig2) {
+		if !ed25519.Verify(pubKey, msg, sig2) {
 			t.Errorf("signature failed to verify on line %d", lineNo)
 		}
+
+		priv2 := ed25519.NewKeyFromSeed(priv[:32])
+		if !bytes.Equal(priv[:], priv2) {
+			t.Errorf("recreating key pair gave different private key on line %d: %x vs %x", lineNo, priv[:], priv2)
+		}
+
+		if pubKey2 := priv2.Public().(ed25519.PublicKey); !bytes.Equal(pubKey, pubKey2) {
+			t.Errorf("recreating key pair gave different public key on line %d: %x vs %x", lineNo, pubKey, pubKey2)
+		}
+
+		if seed := priv2.Seed(); !bytes.Equal(priv[:32], seed) {
+			t.Errorf("recreating key pair gave different seed on line %d: %x vs %x", lineNo, priv[:32], seed)
+		}
 	}
 
 	if err := scanner.Err(); err != nil {
@@ -146,10 +160,34 @@ func TestGolden(t *testing.T) {
 	}
 }
 
+func TestMalleability(t *testing.T) {
+	// https://tools.ietf.org/html/rfc8032#section-5.1.7 adds an additional test
+	// that s be in [0, order). This prevents someone from adding a multiple of
+	// order to s and obtaining a second valid signature for the same message.
+	msg := []byte{0x54, 0x65, 0x73, 0x74}
+	sig := []byte{
+		0x7c, 0x38, 0xe0, 0x26, 0xf2, 0x9e, 0x14, 0xaa, 0xbd, 0x05, 0x9a,
+		0x0f, 0x2d, 0xb8, 0xb0, 0xcd, 0x78, 0x30, 0x40, 0x60, 0x9a, 0x8b,
+		0xe6, 0x84, 0xdb, 0x12, 0xf8, 0x2a, 0x27, 0x77, 0x4a, 0xb0, 0x67,
+		0x65, 0x4b, 0xce, 0x38, 0x32, 0xc2, 0xd7, 0x6f, 0x8f, 0x6f, 0x5d,
+		0xaf, 0xc0, 0x8d, 0x93, 0x39, 0xd4, 0xee, 0xf6, 0x76, 0x57, 0x33,
+		0x36, 0xa5, 0xc5, 0x1e, 0xb6, 0xf9, 0x46, 0xb3, 0x1d,
+	}
+	publicKey := []byte{
+		0x7d, 0x4d, 0x0e, 0x7f, 0x61, 0x53, 0xa6, 0x9b, 0x62, 0x42, 0xb5,
+		0x22, 0xab, 0xbe, 0xe6, 0x85, 0xfd, 0xa4, 0x42, 0x0f, 0x88, 0x34,
+		0xb1, 0x08, 0xc3, 0xbd, 0xae, 0x36, 0x9e, 0xf5, 0x49, 0xfa,
+	}
+
+	if ed25519.Verify(publicKey, msg, sig) {
+		t.Fatal("non-canonical signature accepted")
+	}
+}
+
 func BenchmarkKeyGeneration(b *testing.B) {
 	var zero zeroReader
 	for i := 0; i < b.N; i++ {
-		if _, _, err := GenerateKey(zero); err != nil {
+		if _, _, err := ed25519.GenerateKey(zero); err != nil {
 			b.Fatal(err)
 		}
 	}
@@ -157,27 +195,27 @@ func BenchmarkKeyGeneration(b *testing.B) {
 
 func BenchmarkSigning(b *testing.B) {
 	var zero zeroReader
-	_, priv, err := GenerateKey(zero)
+	_, priv, err := ed25519.GenerateKey(zero)
 	if err != nil {
 		b.Fatal(err)
 	}
 	message := []byte("Hello, world!")
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		Sign(priv, message)
+		ed25519.Sign(priv, message)
 	}
 }
 
 func BenchmarkVerification(b *testing.B) {
 	var zero zeroReader
-	pub, priv, err := GenerateKey(zero)
+	pub, priv, err := ed25519.GenerateKey(zero)
 	if err != nil {
 		b.Fatal(err)
 	}
 	message := []byte("Hello, world!")
-	signature := Sign(priv, message)
+	signature := ed25519.Sign(priv, message)
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
-		Verify(pub, message, signature)
+		ed25519.Verify(pub, message, signature)
 	}
 }
diff --git a/ed25519/go113_test.go b/ed25519/go113_test.go
new file mode 100644
index 000000000..7a3912f63
--- /dev/null
+++ b/ed25519/go113_test.go
@@ -0,0 +1,25 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.13
+// +build go1.13
+
+package ed25519_test
+
+import (
+	ed25519std "crypto/ed25519"
+	"golang.org/x/crypto/ed25519"
+	"testing"
+)
+
+func TestTypeAlias(t *testing.T) {
+	var zero zeroReader
+	public, private, _ := ed25519std.GenerateKey(zero)
+
+	message := []byte("test message")
+	sig := ed25519.Sign(private, message)
+	if !ed25519.Verify(public, message, sig) {
+		t.Errorf("valid signature rejected")
+	}
+}
diff --git a/ed25519/internal/edwards25519/edwards25519.go b/ed25519/internal/edwards25519/edwards25519.go
index 5f8b99478..fd03c252a 100644
--- a/ed25519/internal/edwards25519/edwards25519.go
+++ b/ed25519/internal/edwards25519/edwards25519.go
@@ -4,6 +4,8 @@
 
 package edwards25519
 
+import "encoding/binary"
+
 // This code is a port of the public domain, “ref10” implementation of ed25519
 // from SUPERCOP.
 
@@ -1769,3 +1771,23 @@ func ScReduce(out *[32]byte, s *[64]byte) {
 	out[30] = byte(s11 >> 9)
 	out[31] = byte(s11 >> 17)
 }
+
+// order is the order of Curve25519 in little-endian form.
+var order = [4]uint64{0x5812631a5cf5d3ed, 0x14def9dea2f79cd6, 0, 0x1000000000000000}
+
+// ScMinimal returns true if the given scalar is less than the order of the
+// curve.
+func ScMinimal(scalar *[32]byte) bool {
+	for i := 3; ; i-- {
+		v := binary.LittleEndian.Uint64(scalar[i*8:])
+		if v > order[i] {
+			return false
+		} else if v < order[i] {
+			break
+		} else if i == 0 {
+			return false
+		}
+	}
+
+	return true
+}
diff --git a/go.mod b/go.mod
new file mode 100644
index 000000000..6a856d3e7
--- /dev/null
+++ b/go.mod
@@ -0,0 +1,10 @@
+module golang.org/x/crypto
+
+go 1.17
+
+require (
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
+	golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1
+	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
+	golang.org/x/text v0.3.3 // indirect
+)
diff --git a/go.sum b/go.sum
new file mode 100644
index 000000000..0926c06d0
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,10 @@
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/hkdf/example_test.go b/hkdf/example_test.go
index df8439512..e89c260e9 100644
--- a/hkdf/example_test.go
+++ b/hkdf/example_test.go
@@ -9,49 +9,44 @@ import (
 	"crypto/rand"
 	"crypto/sha256"
 	"fmt"
-	"golang.org/x/crypto/hkdf"
 	"io"
+
+	"golang.org/x/crypto/hkdf"
 )
 
-// Usage example that expands one master key into three other cryptographically
-// secure keys.
+// Usage example that expands one master secret into three other
+// cryptographically secure keys.
 func Example_usage() {
-	// Underlying hash function to use
+	// Underlying hash function for HMAC.
 	hash := sha256.New
 
-	// Cryptographically secure master key.
-	master := []byte{0x00, 0x01, 0x02, 0x03} // i.e. NOT this.
+	// Cryptographically secure master secret.
+	secret := []byte{0x00, 0x01, 0x02, 0x03} // i.e. NOT this.
 
-	// Non secret salt, optional (can be nil)
-	// Recommended: hash-length sized random
+	// Non-secret salt, optional (can be nil).
+	// Recommended: hash-length random value.
 	salt := make([]byte, hash().Size())
-	n, err := io.ReadFull(rand.Reader, salt)
-	if n != len(salt) || err != nil {
-		fmt.Println("error:", err)
-		return
+	if _, err := rand.Read(salt); err != nil {
+		panic(err)
 	}
 
-	// Non secret context specific info, optional (can be nil).
-	// Note, independent from the master key.
-	info := []byte{0x03, 0x14, 0x15, 0x92, 0x65}
-
-	// Create the key derivation function
-	hkdf := hkdf.New(hash, master, salt, info)
-
-	// Generate the required keys
-	keys := make([][]byte, 3)
-	for i := 0; i < len(keys); i++ {
-		keys[i] = make([]byte, 24)
-		n, err := io.ReadFull(hkdf, keys[i])
-		if n != len(keys[i]) || err != nil {
-			fmt.Println("error:", err)
-			return
+	// Non-secret context info, optional (can be nil).
+	info := []byte("hkdf example")
+
+	// Generate three 128-bit derived keys.
+	hkdf := hkdf.New(hash, secret, salt, info)
+
+	var keys [][]byte
+	for i := 0; i < 3; i++ {
+		key := make([]byte, 16)
+		if _, err := io.ReadFull(hkdf, key); err != nil {
+			panic(err)
 		}
+		keys = append(keys, key)
 	}
 
-	// Keys should contain 192 bit random keys
-	for i := 1; i <= len(keys); i++ {
-		fmt.Printf("Key #%d: %v\n", i, !bytes.Equal(keys[i-1], make([]byte, 24)))
+	for i := range keys {
+		fmt.Printf("Key #%d: %v\n", i+1, !bytes.Equal(keys[i], make([]byte, 16)))
 	}
 
 	// Output:
diff --git a/hkdf/hkdf.go b/hkdf/hkdf.go
index 5bc246355..dda3f143b 100644
--- a/hkdf/hkdf.go
+++ b/hkdf/hkdf.go
@@ -8,8 +8,6 @@
 // HKDF is a cryptographic key derivation function (KDF) with the goal of
 // expanding limited input keying material into one or more cryptographically
 // strong secret keys.
-//
-// RFC 5869: https://tools.ietf.org/html/rfc5869
 package hkdf // import "golang.org/x/crypto/hkdf"
 
 import (
@@ -19,6 +17,21 @@ import (
 	"io"
 )
 
+// Extract generates a pseudorandom key for use with Expand from an input secret
+// and an optional independent salt.
+//
+// Only use this function if you need to reuse the extracted key with multiple
+// Expand invocations and different context values. Most common scenarios,
+// including the generation of multiple keys, should use New instead.
+func Extract(hash func() hash.Hash, secret, salt []byte) []byte {
+	if salt == nil {
+		salt = make([]byte, hash().Size())
+	}
+	extractor := hmac.New(hash, salt)
+	extractor.Write(secret)
+	return extractor.Sum(nil)
+}
+
 type hkdf struct {
 	expander hash.Hash
 	size     int
@@ -26,22 +39,22 @@ type hkdf struct {
 	info    []byte
 	counter byte
 
-	prev  []byte
-	cache []byte
+	prev []byte
+	buf  []byte
 }
 
 func (f *hkdf) Read(p []byte) (int, error) {
 	// Check whether enough data can be generated
 	need := len(p)
-	remains := len(f.cache) + int(255-f.counter+1)*f.size
+	remains := len(f.buf) + int(255-f.counter+1)*f.size
 	if remains < need {
 		return 0, errors.New("hkdf: entropy limit reached")
 	}
-	// Read from the cache, if enough data is present
-	n := copy(p, f.cache)
+	// Read any leftover from the buffer
+	n := copy(p, f.buf)
 	p = p[n:]
 
-	// Fill the buffer
+	// Fill the rest of the buffer
 	for len(p) > 0 {
 		f.expander.Reset()
 		f.expander.Write(f.prev)
@@ -51,25 +64,30 @@ func (f *hkdf) Read(p []byte) (int, error) {
 		f.counter++
 
 		// Copy the new batch into p
-		f.cache = f.prev
-		n = copy(p, f.cache)
+		f.buf = f.prev
+		n = copy(p, f.buf)
 		p = p[n:]
 	}
 	// Save leftovers for next run
-	f.cache = f.cache[n:]
+	f.buf = f.buf[n:]
 
 	return need, nil
 }
 
-// New returns a new HKDF using the given hash, the secret keying material to expand
-// and optional salt and info fields.
-func New(hash func() hash.Hash, secret, salt, info []byte) io.Reader {
-	if salt == nil {
-		salt = make([]byte, hash().Size())
-	}
-	extractor := hmac.New(hash, salt)
-	extractor.Write(secret)
-	prk := extractor.Sum(nil)
+// Expand returns a Reader, from which keys can be read, using the given
+// pseudorandom key and optional context info, skipping the extraction step.
+//
+// The pseudorandomKey should have been generated by Extract, or be a uniformly
+// random or pseudorandom cryptographically strong key. See RFC 5869, Section
+// 3.3. Most common scenarios will want to use New instead.
+func Expand(hash func() hash.Hash, pseudorandomKey, info []byte) io.Reader {
+	expander := hmac.New(hash, pseudorandomKey)
+	return &hkdf{expander, expander.Size(), info, 1, nil, nil}
+}
 
-	return &hkdf{hmac.New(hash, prk), extractor.Size(), info, 1, nil, nil}
+// New returns a Reader, from which keys can be read, using the given hash,
+// secret, salt and context info. Salt and info can be nil.
+func New(hash func() hash.Hash, secret, salt, info []byte) io.Reader {
+	prk := Extract(hash, secret, salt)
+	return Expand(hash, prk, info)
 }
diff --git a/hkdf/hkdf_test.go b/hkdf/hkdf_test.go
index cee659bcd..ea575772e 100644
--- a/hkdf/hkdf_test.go
+++ b/hkdf/hkdf_test.go
@@ -18,6 +18,7 @@ type hkdfTest struct {
 	hash   func() hash.Hash
 	master []byte
 	salt   []byte
+	prk    []byte
 	info   []byte
 	out    []byte
 }
@@ -35,6 +36,12 @@ var hkdfTests = []hkdfTest{
 			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 			0x08, 0x09, 0x0a, 0x0b, 0x0c,
 		},
+		[]byte{
+			0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf,
+			0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63,
+			0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31,
+			0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5,
+		},
 		[]byte{
 			0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
 			0xf8, 0xf9,
@@ -74,6 +81,12 @@ var hkdfTests = []hkdfTest{
 			0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
 			0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
 		},
+		[]byte{
+			0x06, 0xa6, 0xb8, 0x8c, 0x58, 0x53, 0x36, 0x1a,
+			0x06, 0x10, 0x4c, 0x9c, 0xeb, 0x35, 0xb4, 0x5c,
+			0xef, 0x76, 0x00, 0x14, 0x90, 0x46, 0x71, 0x01,
+			0x4a, 0x19, 0x3f, 0x40, 0xc1, 0x5f, 0xc2, 0x44,
+		},
 		[]byte{
 			0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
 			0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
@@ -108,6 +121,12 @@ var hkdfTests = []hkdfTest{
 			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
 		},
 		[]byte{},
+		[]byte{
+			0x19, 0xef, 0x24, 0xa3, 0x2c, 0x71, 0x7b, 0x16,
+			0x7f, 0x33, 0xa9, 0x1d, 0x6f, 0x64, 0x8b, 0xdf,
+			0x96, 0x59, 0x67, 0x76, 0xaf, 0xdb, 0x63, 0x77,
+			0xac, 0x43, 0x4c, 0x1c, 0x29, 0x3c, 0xcb, 0x04,
+		},
 		[]byte{},
 		[]byte{
 			0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
@@ -118,6 +137,30 @@ var hkdfTests = []hkdfTest{
 			0x96, 0xc8,
 		},
 	},
+	{
+		sha256.New,
+		[]byte{
+			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+		},
+		nil,
+		[]byte{
+			0x19, 0xef, 0x24, 0xa3, 0x2c, 0x71, 0x7b, 0x16,
+			0x7f, 0x33, 0xa9, 0x1d, 0x6f, 0x64, 0x8b, 0xdf,
+			0x96, 0x59, 0x67, 0x76, 0xaf, 0xdb, 0x63, 0x77,
+			0xac, 0x43, 0x4c, 0x1c, 0x29, 0x3c, 0xcb, 0x04,
+		},
+		nil,
+		[]byte{
+			0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
+			0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
+			0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
+			0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
+			0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
+			0x96, 0xc8,
+		},
+	},
 	{
 		sha1.New,
 		[]byte{
@@ -128,6 +171,11 @@ var hkdfTests = []hkdfTest{
 			0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
 			0x08, 0x09, 0x0a, 0x0b, 0x0c,
 		},
+		[]byte{
+			0x9b, 0x6c, 0x18, 0xc4, 0x32, 0xa7, 0xbf, 0x8f,
+			0x0e, 0x71, 0xc8, 0xeb, 0x88, 0xf4, 0xb3, 0x0b,
+			0xaa, 0x2b, 0xa2, 0x43,
+		},
 		[]byte{
 			0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
 			0xf8, 0xf9,
@@ -167,6 +215,11 @@ var hkdfTests = []hkdfTest{
 			0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
 			0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
 		},
+		[]byte{
+			0x8a, 0xda, 0xe0, 0x9a, 0x2a, 0x30, 0x70, 0x59,
+			0x47, 0x8d, 0x30, 0x9b, 0x26, 0xc4, 0x11, 0x5a,
+			0x22, 0x4c, 0xfa, 0xf6,
+		},
 		[]byte{
 			0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
 			0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
@@ -201,6 +254,11 @@ var hkdfTests = []hkdfTest{
 			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
 		},
 		[]byte{},
+		[]byte{
+			0xda, 0x8c, 0x8a, 0x73, 0xc7, 0xfa, 0x77, 0x28,
+			0x8e, 0xc6, 0xf5, 0xe7, 0xc2, 0x97, 0x78, 0x6a,
+			0xa0, 0xd3, 0x2d, 0x01,
+		},
 		[]byte{},
 		[]byte{
 			0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
@@ -219,7 +277,12 @@ var hkdfTests = []hkdfTest{
 			0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
 		},
 		nil,
-		[]byte{},
+		[]byte{
+			0x2a, 0xdc, 0xca, 0xda, 0x18, 0x77, 0x9e, 0x7c,
+			0x20, 0x77, 0xad, 0x2e, 0xb1, 0x9d, 0x3f, 0x3e,
+			0x73, 0x13, 0x85, 0xdd,
+		},
+		nil,
 		[]byte{
 			0x2c, 0x91, 0x11, 0x72, 0x04, 0xd7, 0x45, 0xf3,
 			0x50, 0x0d, 0x63, 0x6a, 0x62, 0xf6, 0x4f, 0x0a,
@@ -233,6 +296,11 @@ var hkdfTests = []hkdfTest{
 
 func TestHKDF(t *testing.T) {
 	for i, tt := range hkdfTests {
+		prk := Extract(tt.hash, tt.master, tt.salt)
+		if !bytes.Equal(prk, tt.prk) {
+			t.Errorf("test %d: incorrect PRK: have %v, need %v.", i, prk, tt.prk)
+		}
+
 		hkdf := New(tt.hash, tt.master, tt.salt, tt.info)
 		out := make([]byte, len(tt.out))
 
@@ -244,6 +312,17 @@ func TestHKDF(t *testing.T) {
 		if !bytes.Equal(out, tt.out) {
 			t.Errorf("test %d: incorrect output: have %v, need %v.", i, out, tt.out)
 		}
+
+		hkdf = Expand(tt.hash, prk, tt.info)
+
+		n, err = io.ReadFull(hkdf, out)
+		if n != len(tt.out) || err != nil {
+			t.Errorf("test %d: not enough output bytes from Expand: %d.", i, n)
+		}
+
+		if !bytes.Equal(out, tt.out) {
+			t.Errorf("test %d: incorrect output from Expand: have %v, need %v.", i, out, tt.out)
+		}
 	}
 }
 
diff --git a/internal/poly1305/bits_compat.go b/internal/poly1305/bits_compat.go
new file mode 100644
index 000000000..45b5c966b
--- /dev/null
+++ b/internal/poly1305/bits_compat.go
@@ -0,0 +1,40 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.13
+// +build !go1.13
+
+package poly1305
+
+// Generic fallbacks for the math/bits intrinsics, copied from
+// src/math/bits/bits.go. They were added in Go 1.12, but Add64 and Sum64 had
+// variable time fallbacks until Go 1.13.
+
+func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
+	sum = x + y + carry
+	carryOut = ((x & y) | ((x | y) &^ sum)) >> 63
+	return
+}
+
+func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
+	diff = x - y - borrow
+	borrowOut = ((^x & y) | (^(x ^ y) & diff)) >> 63
+	return
+}
+
+func bitsMul64(x, y uint64) (hi, lo uint64) {
+	const mask32 = 1<<32 - 1
+	x0 := x & mask32
+	x1 := x >> 32
+	y0 := y & mask32
+	y1 := y >> 32
+	w0 := x0 * y0
+	t := x1*y0 + w0>>32
+	w1 := t & mask32
+	w2 := t >> 32
+	w1 += x0 * y1
+	hi = x1*y1 + w2 + w1>>32
+	lo = x * y
+	return
+}
diff --git a/internal/poly1305/bits_go1.13.go b/internal/poly1305/bits_go1.13.go
new file mode 100644
index 000000000..ed52b3418
--- /dev/null
+++ b/internal/poly1305/bits_go1.13.go
@@ -0,0 +1,22 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.13
+// +build go1.13
+
+package poly1305
+
+import "math/bits"
+
+func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
+	return bits.Add64(x, y, carry)
+}
+
+func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
+	return bits.Sub64(x, y, borrow)
+}
+
+func bitsMul64(x, y uint64) (hi, lo uint64) {
+	return bits.Mul64(x, y)
+}
diff --git a/internal/poly1305/mac_noasm.go b/internal/poly1305/mac_noasm.go
new file mode 100644
index 000000000..f184b67d9
--- /dev/null
+++ b/internal/poly1305/mac_noasm.go
@@ -0,0 +1,10 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (!amd64 && !ppc64le && !s390x) || !gc || purego
+// +build !amd64,!ppc64le,!s390x !gc purego
+
+package poly1305
+
+type mac struct{ macGeneric }
diff --git a/internal/poly1305/poly1305.go b/internal/poly1305/poly1305.go
new file mode 100644
index 000000000..4aaea810a
--- /dev/null
+++ b/internal/poly1305/poly1305.go
@@ -0,0 +1,99 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package poly1305 implements Poly1305 one-time message authentication code as
+// specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
+//
+// Poly1305 is a fast, one-time authentication function. It is infeasible for an
+// attacker to generate an authenticator for a message without the key. However, a
+// key must only be used for a single message. Authenticating two different
+// messages with the same key allows an attacker to forge authenticators for other
+// messages with the same key.
+//
+// Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was
+// used with a fixed key in order to generate one-time keys from an nonce.
+// However, in this package AES isn't used and the one-time key is specified
+// directly.
+package poly1305
+
+import "crypto/subtle"
+
+// TagSize is the size, in bytes, of a poly1305 authenticator.
+const TagSize = 16
+
+// Sum generates an authenticator for msg using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+	h := New(key)
+	h.Write(m)
+	h.Sum(out[:0])
+}
+
+// Verify returns true if mac is a valid authenticator for m with the given key.
+func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
+	var tmp [16]byte
+	Sum(&tmp, m, key)
+	return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1
+}
+
+// New returns a new MAC computing an authentication
+// tag of all data written to it with the given key.
+// This allows writing the message progressively instead
+// of passing it as a single slice. Common users should use
+// the Sum function instead.
+//
+// The key must be unique for each message, as authenticating
+// two different messages with the same key allows an attacker
+// to forge messages at will.
+func New(key *[32]byte) *MAC {
+	m := &MAC{}
+	initialize(key, &m.macState)
+	return m
+}
+
+// MAC is an io.Writer computing an authentication tag
+// of the data written to it.
+//
+// MAC cannot be used like common hash.Hash implementations,
+// because using a poly1305 key twice breaks its security.
+// Therefore writing data to a running MAC after calling
+// Sum or Verify causes it to panic.
+type MAC struct {
+	mac // platform-dependent implementation
+
+	finalized bool
+}
+
+// Size returns the number of bytes Sum will return.
+func (h *MAC) Size() int { return TagSize }
+
+// Write adds more data to the running message authentication code.
+// It never returns an error.
+//
+// It must not be called after the first call of Sum or Verify.
+func (h *MAC) Write(p []byte) (n int, err error) {
+	if h.finalized {
+		panic("poly1305: write to MAC after Sum or Verify")
+	}
+	return h.mac.Write(p)
+}
+
+// Sum computes the authenticator of all data written to the
+// message authentication code.
+func (h *MAC) Sum(b []byte) []byte {
+	var mac [TagSize]byte
+	h.mac.Sum(&mac)
+	h.finalized = true
+	return append(b, mac[:]...)
+}
+
+// Verify returns whether the authenticator of all data written to
+// the message authentication code matches the expected value.
+func (h *MAC) Verify(expected []byte) bool {
+	var mac [TagSize]byte
+	h.mac.Sum(&mac)
+	h.finalized = true
+	return subtle.ConstantTimeCompare(expected, mac[:]) == 1
+}
diff --git a/internal/poly1305/poly1305_test.go b/internal/poly1305/poly1305_test.go
new file mode 100644
index 000000000..e7ec6d19d
--- /dev/null
+++ b/internal/poly1305/poly1305_test.go
@@ -0,0 +1,276 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package poly1305
+
+import (
+	"crypto/rand"
+	"encoding/binary"
+	"encoding/hex"
+	"flag"
+	"testing"
+	"unsafe"
+)
+
+var stressFlag = flag.Bool("stress", false, "run slow stress tests")
+
+type test struct {
+	in    string
+	key   string
+	tag   string
+	state string
+}
+
+func (t *test) Input() []byte {
+	in, err := hex.DecodeString(t.in)
+	if err != nil {
+		panic(err)
+	}
+	return in
+}
+
+func (t *test) Key() [32]byte {
+	buf, err := hex.DecodeString(t.key)
+	if err != nil {
+		panic(err)
+	}
+	var key [32]byte
+	copy(key[:], buf[:32])
+	return key
+}
+
+func (t *test) Tag() [16]byte {
+	buf, err := hex.DecodeString(t.tag)
+	if err != nil {
+		panic(err)
+	}
+	var tag [16]byte
+	copy(tag[:], buf[:16])
+	return tag
+}
+
+func (t *test) InitialState() [3]uint64 {
+	// state is hex encoded in big-endian byte order
+	if t.state == "" {
+		return [3]uint64{0, 0, 0}
+	}
+	buf, err := hex.DecodeString(t.state)
+	if err != nil {
+		panic(err)
+	}
+	if len(buf) != 3*8 {
+		panic("incorrect state length")
+	}
+	return [3]uint64{
+		binary.BigEndian.Uint64(buf[16:24]),
+		binary.BigEndian.Uint64(buf[8:16]),
+		binary.BigEndian.Uint64(buf[0:8]),
+	}
+}
+
+func testSum(t *testing.T, unaligned bool, sumImpl func(tag *[TagSize]byte, msg []byte, key *[32]byte)) {
+	var tag [16]byte
+	for i, v := range testData {
+		// cannot set initial state before calling sum, so skip those tests
+		if v.InitialState() != [3]uint64{0, 0, 0} {
+			continue
+		}
+
+		in := v.Input()
+		if unaligned {
+			in = unalignBytes(in)
+		}
+		key := v.Key()
+		sumImpl(&tag, in, &key)
+		if tag != v.Tag() {
+			t.Errorf("%d: expected %x, got %x", i, v.Tag(), tag[:])
+		}
+		if !Verify(&tag, in, &key) {
+			t.Errorf("%d: tag didn't verify", i)
+		}
+		// If the key is zero, the tag will always be zero, independent of the input.
+		if len(in) > 0 && key != [32]byte{} {
+			in[0] ^= 0xff
+			if Verify(&tag, in, &key) {
+				t.Errorf("%d: tag verified after altering the input", i)
+			}
+			in[0] ^= 0xff
+		}
+		// If the input is empty, the tag only depends on the second half of the key.
+		if len(in) > 0 {
+			key[0] ^= 0xff
+			if Verify(&tag, in, &key) {
+				t.Errorf("%d: tag verified after altering the key", i)
+			}
+			key[0] ^= 0xff
+		}
+		tag[0] ^= 0xff
+		if Verify(&tag, in, &key) {
+			t.Errorf("%d: tag verified after altering the tag", i)
+		}
+		tag[0] ^= 0xff
+	}
+}
+
+func TestBurnin(t *testing.T) {
+	// This test can be used to sanity-check significant changes. It can
+	// take about many minutes to run, even on fast machines. It's disabled
+	// by default.
+	if !*stressFlag {
+		t.Skip("skipping without -stress")
+	}
+
+	var key [32]byte
+	var input [25]byte
+	var output [16]byte
+
+	for i := range key {
+		key[i] = 1
+	}
+	for i := range input {
+		input[i] = 2
+	}
+
+	for i := uint64(0); i < 1e10; i++ {
+		Sum(&output, input[:], &key)
+		copy(key[0:], output[:])
+		copy(key[16:], output[:])
+		copy(input[:], output[:])
+		copy(input[16:], output[:])
+	}
+
+	const expected = "5e3b866aea0b636d240c83c428f84bfa"
+	if got := hex.EncodeToString(output[:]); got != expected {
+		t.Errorf("expected %s, got %s", expected, got)
+	}
+}
+
+func TestSum(t *testing.T)                 { testSum(t, false, Sum) }
+func TestSumUnaligned(t *testing.T)        { testSum(t, true, Sum) }
+func TestSumGeneric(t *testing.T)          { testSum(t, false, sumGeneric) }
+func TestSumGenericUnaligned(t *testing.T) { testSum(t, true, sumGeneric) }
+
+func TestWriteGeneric(t *testing.T)          { testWriteGeneric(t, false) }
+func TestWriteGenericUnaligned(t *testing.T) { testWriteGeneric(t, true) }
+func TestWrite(t *testing.T)                 { testWrite(t, false) }
+func TestWriteUnaligned(t *testing.T)        { testWrite(t, true) }
+
+func testWriteGeneric(t *testing.T, unaligned bool) {
+	for i, v := range testData {
+		key := v.Key()
+		input := v.Input()
+		var out [16]byte
+
+		if unaligned {
+			input = unalignBytes(input)
+		}
+		h := newMACGeneric(&key)
+		if s := v.InitialState(); s != [3]uint64{0, 0, 0} {
+			h.macState.h = s
+		}
+		n, err := h.Write(input[:len(input)/3])
+		if err != nil || n != len(input[:len(input)/3]) {
+			t.Errorf("#%d: unexpected Write results: n = %d, err = %v", i, n, err)
+		}
+		n, err = h.Write(input[len(input)/3:])
+		if err != nil || n != len(input[len(input)/3:]) {
+			t.Errorf("#%d: unexpected Write results: n = %d, err = %v", i, n, err)
+		}
+		h.Sum(&out)
+		if tag := v.Tag(); out != tag {
+			t.Errorf("%d: expected %x, got %x", i, tag[:], out[:])
+		}
+	}
+}
+
+func testWrite(t *testing.T, unaligned bool) {
+	for i, v := range testData {
+		key := v.Key()
+		input := v.Input()
+		var out [16]byte
+
+		if unaligned {
+			input = unalignBytes(input)
+		}
+		h := New(&key)
+		if s := v.InitialState(); s != [3]uint64{0, 0, 0} {
+			h.macState.h = s
+		}
+		n, err := h.Write(input[:len(input)/3])
+		if err != nil || n != len(input[:len(input)/3]) {
+			t.Errorf("#%d: unexpected Write results: n = %d, err = %v", i, n, err)
+		}
+		n, err = h.Write(input[len(input)/3:])
+		if err != nil || n != len(input[len(input)/3:]) {
+			t.Errorf("#%d: unexpected Write results: n = %d, err = %v", i, n, err)
+		}
+		h.Sum(out[:0])
+		tag := v.Tag()
+		if out != tag {
+			t.Errorf("%d: expected %x, got %x", i, tag[:], out[:])
+		}
+		if !h.Verify(tag[:]) {
+			t.Errorf("%d: Verify failed", i)
+		}
+		tag[0] ^= 0xff
+		if h.Verify(tag[:]) {
+			t.Errorf("%d: Verify succeeded after modifying the tag", i)
+		}
+	}
+}
+
+func benchmarkSum(b *testing.B, size int, unaligned bool) {
+	var out [16]byte
+	var key [32]byte
+	in := make([]byte, size)
+	if unaligned {
+		in = unalignBytes(in)
+	}
+	rand.Read(in)
+	b.SetBytes(int64(len(in)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		Sum(&out, in, &key)
+	}
+}
+
+func benchmarkWrite(b *testing.B, size int, unaligned bool) {
+	var key [32]byte
+	h := New(&key)
+	in := make([]byte, size)
+	if unaligned {
+		in = unalignBytes(in)
+	}
+	rand.Read(in)
+	b.SetBytes(int64(len(in)))
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		h.Write(in)
+	}
+}
+
+func Benchmark64(b *testing.B)          { benchmarkSum(b, 64, false) }
+func Benchmark1K(b *testing.B)          { benchmarkSum(b, 1024, false) }
+func Benchmark2M(b *testing.B)          { benchmarkSum(b, 2*1024*1024, false) }
+func Benchmark64Unaligned(b *testing.B) { benchmarkSum(b, 64, true) }
+func Benchmark1KUnaligned(b *testing.B) { benchmarkSum(b, 1024, true) }
+func Benchmark2MUnaligned(b *testing.B) { benchmarkSum(b, 2*1024*1024, true) }
+
+func BenchmarkWrite64(b *testing.B)          { benchmarkWrite(b, 64, false) }
+func BenchmarkWrite1K(b *testing.B)          { benchmarkWrite(b, 1024, false) }
+func BenchmarkWrite2M(b *testing.B)          { benchmarkWrite(b, 2*1024*1024, false) }
+func BenchmarkWrite64Unaligned(b *testing.B) { benchmarkWrite(b, 64, true) }
+func BenchmarkWrite1KUnaligned(b *testing.B) { benchmarkWrite(b, 1024, true) }
+func BenchmarkWrite2MUnaligned(b *testing.B) { benchmarkWrite(b, 2*1024*1024, true) }
+
+func unalignBytes(in []byte) []byte {
+	out := make([]byte, len(in)+1)
+	if uintptr(unsafe.Pointer(&out[0]))&(unsafe.Alignof(uint32(0))-1) == 0 {
+		out = out[1:]
+	} else {
+		out = out[:len(in)]
+	}
+	copy(out, in)
+	return out
+}
diff --git a/internal/poly1305/sum_amd64.go b/internal/poly1305/sum_amd64.go
new file mode 100644
index 000000000..6d522333f
--- /dev/null
+++ b/internal/poly1305/sum_amd64.go
@@ -0,0 +1,48 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package poly1305
+
+//go:noescape
+func update(state *macState, msg []byte)
+
+// mac is a wrapper for macGeneric that redirects calls that would have gone to
+// updateGeneric to update.
+//
+// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
+// using function pointers would carry a major performance cost.
+type mac struct{ macGeneric }
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		update(&h.macState, h.buffer[:])
+	}
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		update(&h.macState, p[:n])
+		p = p[n:]
+	}
+	if len(p) > 0 {
+		h.offset += copy(h.buffer[h.offset:], p)
+	}
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[16]byte) {
+	state := h.macState
+	if h.offset > 0 {
+		update(&state, h.buffer[:h.offset])
+	}
+	finalize(out, &state.h, &state.s)
+}
diff --git a/poly1305/sum_amd64.s b/internal/poly1305/sum_amd64.s
similarity index 72%
rename from poly1305/sum_amd64.s
rename to internal/poly1305/sum_amd64.s
index 2edae6382..1d74f0f88 100644
--- a/poly1305/sum_amd64.s
+++ b/internal/poly1305/sum_amd64.s
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!gccgo,!appengine
+//go:build gc && !purego
+// +build gc,!purego
 
 #include "textflag.h"
 
@@ -54,24 +55,17 @@
 	ADCQ  t3, h1;                  \
 	ADCQ  $0, h2
 
-DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
-DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
-GLOBL ·poly1305Mask<>(SB), RODATA, $16
+// func update(state *[7]uint64, msg []byte)
+TEXT ·update(SB), $0-32
+	MOVQ state+0(FP), DI
+	MOVQ msg_base+8(FP), SI
+	MOVQ msg_len+16(FP), R15
 
-// func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]key)
-TEXT ·poly1305(SB), $0-32
-	MOVQ out+0(FP), DI
-	MOVQ m+8(FP), SI
-	MOVQ mlen+16(FP), R15
-	MOVQ key+24(FP), AX
-
-	MOVQ 0(AX), R11
-	MOVQ 8(AX), R12
-	ANDQ ·poly1305Mask<>(SB), R11   // r0
-	ANDQ ·poly1305Mask<>+8(SB), R12 // r1
-	XORQ R8, R8                    // h0
-	XORQ R9, R9                    // h1
-	XORQ R10, R10                  // h2
+	MOVQ 0(DI), R8   // h0
+	MOVQ 8(DI), R9   // h1
+	MOVQ 16(DI), R10 // h2
+	MOVQ 24(DI), R11 // r0
+	MOVQ 32(DI), R12 // r1
 
 	CMPQ R15, $16
 	JB   bytes_between_0_and_15
@@ -109,17 +103,7 @@ flush_buffer:
 	JMP  multiply
 
 done:
-	MOVQ    R8, AX
-	MOVQ    R9, BX
-	SUBQ    $0xFFFFFFFFFFFFFFFB, AX
-	SBBQ    $0xFFFFFFFFFFFFFFFF, BX
-	SBBQ    $3, R10
-	CMOVQCS R8, AX
-	CMOVQCS R9, BX
-	MOVQ    key+24(FP), R8
-	ADDQ    16(R8), AX
-	ADCQ    24(R8), BX
-
-	MOVQ AX, 0(DI)
-	MOVQ BX, 8(DI)
+	MOVQ R8, 0(DI)
+	MOVQ R9, 8(DI)
+	MOVQ R10, 16(DI)
 	RET
diff --git a/internal/poly1305/sum_generic.go b/internal/poly1305/sum_generic.go
new file mode 100644
index 000000000..c942a6590
--- /dev/null
+++ b/internal/poly1305/sum_generic.go
@@ -0,0 +1,310 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file provides the generic implementation of Sum and MAC. Other files
+// might provide optimized assembly implementations of some of this code.
+
+package poly1305
+
+import "encoding/binary"
+
+// Poly1305 [RFC 7539] is a relatively simple algorithm: the authentication tag
+// for a 64 bytes message is approximately
+//
+//     s + m[0:16] * r⁴ + m[16:32] * r³ + m[32:48] * r² + m[48:64] * r  mod  2¹³⁰ - 5
+//
+// for some secret r and s. It can be computed sequentially like
+//
+//     for len(msg) > 0:
+//         h += read(msg, 16)
+//         h *= r
+//         h %= 2¹³⁰ - 5
+//     return h + s
+//
+// All the complexity is about doing performant constant-time math on numbers
+// larger than any available numeric type.
+
+func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
+	h := newMACGeneric(key)
+	h.Write(msg)
+	h.Sum(out)
+}
+
+func newMACGeneric(key *[32]byte) macGeneric {
+	m := macGeneric{}
+	initialize(key, &m.macState)
+	return m
+}
+
+// macState holds numbers in saturated 64-bit little-endian limbs. That is,
+// the value of [x0, x1, x2] is x[0] + x[1] * 2⁶⁴ + x[2] * 2¹²⁸.
+type macState struct {
+	// h is the main accumulator. It is to be interpreted modulo 2¹³⁰ - 5, but
+	// can grow larger during and after rounds. It must, however, remain below
+	// 2 * (2¹³⁰ - 5).
+	h [3]uint64
+	// r and s are the private key components.
+	r [2]uint64
+	s [2]uint64
+}
+
+type macGeneric struct {
+	macState
+
+	buffer [TagSize]byte
+	offset int
+}
+
+// Write splits the incoming message into TagSize chunks, and passes them to
+// update. It buffers incomplete chunks.
+func (h *macGeneric) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		updateGeneric(&h.macState, h.buffer[:])
+	}
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		updateGeneric(&h.macState, p[:n])
+		p = p[n:]
+	}
+	if len(p) > 0 {
+		h.offset += copy(h.buffer[h.offset:], p)
+	}
+	return nn, nil
+}
+
+// Sum flushes the last incomplete chunk from the buffer, if any, and generates
+// the MAC output. It does not modify its state, in order to allow for multiple
+// calls to Sum, even if no Write is allowed after Sum.
+func (h *macGeneric) Sum(out *[TagSize]byte) {
+	state := h.macState
+	if h.offset > 0 {
+		updateGeneric(&state, h.buffer[:h.offset])
+	}
+	finalize(out, &state.h, &state.s)
+}
+
+// [rMask0, rMask1] is the specified Poly1305 clamping mask in little-endian. It
+// clears some bits of the secret coefficient to make it possible to implement
+// multiplication more efficiently.
+const (
+	rMask0 = 0x0FFFFFFC0FFFFFFF
+	rMask1 = 0x0FFFFFFC0FFFFFFC
+)
+
+// initialize loads the 256-bit key into the two 128-bit secret values r and s.
+func initialize(key *[32]byte, m *macState) {
+	m.r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0
+	m.r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1
+	m.s[0] = binary.LittleEndian.Uint64(key[16:24])
+	m.s[1] = binary.LittleEndian.Uint64(key[24:32])
+}
+
+// uint128 holds a 128-bit number as two 64-bit limbs, for use with the
+// bits.Mul64 and bits.Add64 intrinsics.
+type uint128 struct {
+	lo, hi uint64
+}
+
+func mul64(a, b uint64) uint128 {
+	hi, lo := bitsMul64(a, b)
+	return uint128{lo, hi}
+}
+
+func add128(a, b uint128) uint128 {
+	lo, c := bitsAdd64(a.lo, b.lo, 0)
+	hi, c := bitsAdd64(a.hi, b.hi, c)
+	if c != 0 {
+		panic("poly1305: unexpected overflow")
+	}
+	return uint128{lo, hi}
+}
+
+func shiftRightBy2(a uint128) uint128 {
+	a.lo = a.lo>>2 | (a.hi&3)<<62
+	a.hi = a.hi >> 2
+	return a
+}
+
+// updateGeneric absorbs msg into the state.h accumulator. For each chunk m of
+// 128 bits of message, it computes
+//
+//     h₊ = (h + m) * r  mod  2¹³⁰ - 5
+//
+// If the msg length is not a multiple of TagSize, it assumes the last
+// incomplete chunk is the final one.
+func updateGeneric(state *macState, msg []byte) {
+	h0, h1, h2 := state.h[0], state.h[1], state.h[2]
+	r0, r1 := state.r[0], state.r[1]
+
+	for len(msg) > 0 {
+		var c uint64
+
+		// For the first step, h + m, we use a chain of bits.Add64 intrinsics.
+		// The resulting value of h might exceed 2¹³⁰ - 5, but will be partially
+		// reduced at the end of the multiplication below.
+		//
+		// The spec requires us to set a bit just above the message size, not to
+		// hide leading zeroes. For full chunks, that's 1 << 128, so we can just
+		// add 1 to the most significant (2¹²⁸) limb, h2.
+		if len(msg) >= TagSize {
+			h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(msg[0:8]), 0)
+			h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(msg[8:16]), c)
+			h2 += c + 1
+
+			msg = msg[TagSize:]
+		} else {
+			var buf [TagSize]byte
+			copy(buf[:], msg)
+			buf[len(msg)] = 1
+
+			h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(buf[0:8]), 0)
+			h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(buf[8:16]), c)
+			h2 += c
+
+			msg = nil
+		}
+
+		// Multiplication of big number limbs is similar to elementary school
+		// columnar multiplication. Instead of digits, there are 64-bit limbs.
+		//
+		// We are multiplying a 3 limbs number, h, by a 2 limbs number, r.
+		//
+		//                        h2    h1    h0  x
+		//                              r1    r0  =
+		//                       ----------------
+		//                      h2r0  h1r0  h0r0     <-- individual 128-bit products
+		//            +   h2r1  h1r1  h0r1
+		//               ------------------------
+		//                 m3    m2    m1    m0      <-- result in 128-bit overlapping limbs
+		//               ------------------------
+		//         m3.hi m2.hi m1.hi m0.hi           <-- carry propagation
+		//     +         m3.lo m2.lo m1.lo m0.lo
+		//        -------------------------------
+		//           t4    t3    t2    t1    t0      <-- final result in 64-bit limbs
+		//
+		// The main difference from pen-and-paper multiplication is that we do
+		// carry propagation in a separate step, as if we wrote two digit sums
+		// at first (the 128-bit limbs), and then carried the tens all at once.
+
+		h0r0 := mul64(h0, r0)
+		h1r0 := mul64(h1, r0)
+		h2r0 := mul64(h2, r0)
+		h0r1 := mul64(h0, r1)
+		h1r1 := mul64(h1, r1)
+		h2r1 := mul64(h2, r1)
+
+		// Since h2 is known to be at most 7 (5 + 1 + 1), and r0 and r1 have their
+		// top 4 bits cleared by rMask{0,1}, we know that their product is not going
+		// to overflow 64 bits, so we can ignore the high part of the products.
+		//
+		// This also means that the product doesn't have a fifth limb (t4).
+		if h2r0.hi != 0 {
+			panic("poly1305: unexpected overflow")
+		}
+		if h2r1.hi != 0 {
+			panic("poly1305: unexpected overflow")
+		}
+
+		m0 := h0r0
+		m1 := add128(h1r0, h0r1) // These two additions don't overflow thanks again
+		m2 := add128(h2r0, h1r1) // to the 4 masked bits at the top of r0 and r1.
+		m3 := h2r1
+
+		t0 := m0.lo
+		t1, c := bitsAdd64(m1.lo, m0.hi, 0)
+		t2, c := bitsAdd64(m2.lo, m1.hi, c)
+		t3, _ := bitsAdd64(m3.lo, m2.hi, c)
+
+		// Now we have the result as 4 64-bit limbs, and we need to reduce it
+		// modulo 2¹³⁰ - 5. The special shape of this Crandall prime lets us do
+		// a cheap partial reduction according to the reduction identity
+		//
+		//     c * 2¹³⁰ + n  =  c * 5 + n  mod  2¹³⁰ - 5
+		//
+		// because 2¹³⁰ = 5 mod 2¹³⁰ - 5. Partial reduction since the result is
+		// likely to be larger than 2¹³⁰ - 5, but still small enough to fit the
+		// assumptions we make about h in the rest of the code.
+		//
+		// See also https://speakerdeck.com/gtank/engineering-prime-numbers?slide=23
+
+		// We split the final result at the 2¹³⁰ mark into h and cc, the carry.
+		// Note that the carry bits are effectively shifted left by 2, in other
+		// words, cc = c * 4 for the c in the reduction identity.
+		h0, h1, h2 = t0, t1, t2&maskLow2Bits
+		cc := uint128{t2 & maskNotLow2Bits, t3}
+
+		// To add c * 5 to h, we first add cc = c * 4, and then add (cc >> 2) = c.
+
+		h0, c = bitsAdd64(h0, cc.lo, 0)
+		h1, c = bitsAdd64(h1, cc.hi, c)
+		h2 += c
+
+		cc = shiftRightBy2(cc)
+
+		h0, c = bitsAdd64(h0, cc.lo, 0)
+		h1, c = bitsAdd64(h1, cc.hi, c)
+		h2 += c
+
+		// h2 is at most 3 + 1 + 1 = 5, making the whole of h at most
+		//
+		//     5 * 2¹²⁸ + (2¹²⁸ - 1) = 6 * 2¹²⁸ - 1
+	}
+
+	state.h[0], state.h[1], state.h[2] = h0, h1, h2
+}
+
+const (
+	maskLow2Bits    uint64 = 0x0000000000000003
+	maskNotLow2Bits uint64 = ^maskLow2Bits
+)
+
+// select64 returns x if v == 1 and y if v == 0, in constant time.
+func select64(v, x, y uint64) uint64 { return ^(v-1)&x | (v-1)&y }
+
+// [p0, p1, p2] is 2¹³⁰ - 5 in little endian order.
+const (
+	p0 = 0xFFFFFFFFFFFFFFFB
+	p1 = 0xFFFFFFFFFFFFFFFF
+	p2 = 0x0000000000000003
+)
+
+// finalize completes the modular reduction of h and computes
+//
+//     out = h + s  mod  2¹²⁸
+//
+func finalize(out *[TagSize]byte, h *[3]uint64, s *[2]uint64) {
+	h0, h1, h2 := h[0], h[1], h[2]
+
+	// After the partial reduction in updateGeneric, h might be more than
+	// 2¹³⁰ - 5, but will be less than 2 * (2¹³⁰ - 5). To complete the reduction
+	// in constant time, we compute t = h - (2¹³⁰ - 5), and select h as the
+	// result if the subtraction underflows, and t otherwise.
+
+	hMinusP0, b := bitsSub64(h0, p0, 0)
+	hMinusP1, b := bitsSub64(h1, p1, b)
+	_, b = bitsSub64(h2, p2, b)
+
+	// h = h if h < p else h - p
+	h0 = select64(b, h0, hMinusP0)
+	h1 = select64(b, h1, hMinusP1)
+
+	// Finally, we compute the last Poly1305 step
+	//
+	//     tag = h + s  mod  2¹²⁸
+	//
+	// by just doing a wide addition with the 128 low bits of h and discarding
+	// the overflow.
+	h0, c := bitsAdd64(h0, s[0], 0)
+	h1, _ = bitsAdd64(h1, s[1], c)
+
+	binary.LittleEndian.PutUint64(out[0:8], h0)
+	binary.LittleEndian.PutUint64(out[8:16], h1)
+}
diff --git a/internal/poly1305/sum_ppc64le.go b/internal/poly1305/sum_ppc64le.go
new file mode 100644
index 000000000..4a069941a
--- /dev/null
+++ b/internal/poly1305/sum_ppc64le.go
@@ -0,0 +1,48 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package poly1305
+
+//go:noescape
+func update(state *macState, msg []byte)
+
+// mac is a wrapper for macGeneric that redirects calls that would have gone to
+// updateGeneric to update.
+//
+// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
+// using function pointers would carry a major performance cost.
+type mac struct{ macGeneric }
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < TagSize {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		update(&h.macState, h.buffer[:])
+	}
+	if n := len(p) - (len(p) % TagSize); n > 0 {
+		update(&h.macState, p[:n])
+		p = p[n:]
+	}
+	if len(p) > 0 {
+		h.offset += copy(h.buffer[h.offset:], p)
+	}
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[16]byte) {
+	state := h.macState
+	if h.offset > 0 {
+		update(&state, h.buffer[:h.offset])
+	}
+	finalize(out, &state.h, &state.s)
+}
diff --git a/internal/poly1305/sum_ppc64le.s b/internal/poly1305/sum_ppc64le.s
new file mode 100644
index 000000000..58422aad2
--- /dev/null
+++ b/internal/poly1305/sum_ppc64le.s
@@ -0,0 +1,182 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+// This was ported from the amd64 implementation.
+
+#define POLY1305_ADD(msg, h0, h1, h2, t0, t1, t2) \
+	MOVD (msg), t0;  \
+	MOVD 8(msg), t1; \
+	MOVD $1, t2;     \
+	ADDC t0, h0, h0; \
+	ADDE t1, h1, h1; \
+	ADDE t2, h2;     \
+	ADD  $16, msg
+
+#define POLY1305_MUL(h0, h1, h2, r0, r1, t0, t1, t2, t3, t4, t5) \
+	MULLD  r0, h0, t0;  \
+	MULLD  r0, h1, t4;  \
+	MULHDU r0, h0, t1;  \
+	MULHDU r0, h1, t5;  \
+	ADDC   t4, t1, t1;  \
+	MULLD  r0, h2, t2;  \
+	ADDZE  t5;          \
+	MULHDU r1, h0, t4;  \
+	MULLD  r1, h0, h0;  \
+	ADD    t5, t2, t2;  \
+	ADDC   h0, t1, t1;  \
+	MULLD  h2, r1, t3;  \
+	ADDZE  t4, h0;      \
+	MULHDU r1, h1, t5;  \
+	MULLD  r1, h1, t4;  \
+	ADDC   t4, t2, t2;  \
+	ADDE   t5, t3, t3;  \
+	ADDC   h0, t2, t2;  \
+	MOVD   $-4, t4;     \
+	MOVD   t0, h0;      \
+	MOVD   t1, h1;      \
+	ADDZE  t3;          \
+	ANDCC  $3, t2, h2;  \
+	AND    t2, t4, t0;  \
+	ADDC   t0, h0, h0;  \
+	ADDE   t3, h1, h1;  \
+	SLD    $62, t3, t4; \
+	SRD    $2, t2;      \
+	ADDZE  h2;          \
+	OR     t4, t2, t2;  \
+	SRD    $2, t3;      \
+	ADDC   t2, h0, h0;  \
+	ADDE   t3, h1, h1;  \
+	ADDZE  h2
+
+DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
+DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
+GLOBL ·poly1305Mask<>(SB), RODATA, $16
+
+// func update(state *[7]uint64, msg []byte)
+TEXT ·update(SB), $0-32
+	MOVD state+0(FP), R3
+	MOVD msg_base+8(FP), R4
+	MOVD msg_len+16(FP), R5
+
+	MOVD 0(R3), R8   // h0
+	MOVD 8(R3), R9   // h1
+	MOVD 16(R3), R10 // h2
+	MOVD 24(R3), R11 // r0
+	MOVD 32(R3), R12 // r1
+
+	CMP R5, $16
+	BLT bytes_between_0_and_15
+
+loop:
+	POLY1305_ADD(R4, R8, R9, R10, R20, R21, R22)
+
+multiply:
+	POLY1305_MUL(R8, R9, R10, R11, R12, R16, R17, R18, R14, R20, R21)
+	ADD $-16, R5
+	CMP R5, $16
+	BGE loop
+
+bytes_between_0_and_15:
+	CMP  R5, $0
+	BEQ  done
+	MOVD $0, R16 // h0
+	MOVD $0, R17 // h1
+
+flush_buffer:
+	CMP R5, $8
+	BLE just1
+
+	MOVD $8, R21
+	SUB  R21, R5, R21
+
+	// Greater than 8 -- load the rightmost remaining bytes in msg
+	// and put into R17 (h1)
+	MOVD (R4)(R21), R17
+	MOVD $16, R22
+
+	// Find the offset to those bytes
+	SUB R5, R22, R22
+	SLD $3, R22
+
+	// Shift to get only the bytes in msg
+	SRD R22, R17, R17
+
+	// Put 1 at high end
+	MOVD $1, R23
+	SLD  $3, R21
+	SLD  R21, R23, R23
+	OR   R23, R17, R17
+
+	// Remainder is 8
+	MOVD $8, R5
+
+just1:
+	CMP R5, $8
+	BLT less8
+
+	// Exactly 8
+	MOVD (R4), R16
+
+	CMP R17, $0
+
+	// Check if we've already set R17; if not
+	// set 1 to indicate end of msg.
+	BNE  carry
+	MOVD $1, R17
+	BR   carry
+
+less8:
+	MOVD  $0, R16   // h0
+	MOVD  $0, R22   // shift count
+	CMP   R5, $4
+	BLT   less4
+	MOVWZ (R4), R16
+	ADD   $4, R4
+	ADD   $-4, R5
+	MOVD  $32, R22
+
+less4:
+	CMP   R5, $2
+	BLT   less2
+	MOVHZ (R4), R21
+	SLD   R22, R21, R21
+	OR    R16, R21, R16
+	ADD   $16, R22
+	ADD   $-2, R5
+	ADD   $2, R4
+
+less2:
+	CMP   R5, $0
+	BEQ   insert1
+	MOVBZ (R4), R21
+	SLD   R22, R21, R21
+	OR    R16, R21, R16
+	ADD   $8, R22
+
+insert1:
+	// Insert 1 at end of msg
+	MOVD $1, R21
+	SLD  R22, R21, R21
+	OR   R16, R21, R16
+
+carry:
+	// Add new values to h0, h1, h2
+	ADDC  R16, R8
+	ADDE  R17, R9
+	ADDZE R10, R10
+	MOVD  $16, R5
+	ADD   R5, R4
+	BR    multiply
+
+done:
+	// Save h0, h1, h2 in state
+	MOVD R8, 0(R3)
+	MOVD R9, 8(R3)
+	MOVD R10, 16(R3)
+	RET
diff --git a/internal/poly1305/sum_s390x.go b/internal/poly1305/sum_s390x.go
new file mode 100644
index 000000000..62cc9f847
--- /dev/null
+++ b/internal/poly1305/sum_s390x.go
@@ -0,0 +1,76 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package poly1305
+
+import (
+	"golang.org/x/sys/cpu"
+)
+
+// updateVX is an assembly implementation of Poly1305 that uses vector
+// instructions. It must only be called if the vector facility (vx) is
+// available.
+//go:noescape
+func updateVX(state *macState, msg []byte)
+
+// mac is a replacement for macGeneric that uses a larger buffer and redirects
+// calls that would have gone to updateGeneric to updateVX if the vector
+// facility is installed.
+//
+// A larger buffer is required for good performance because the vector
+// implementation has a higher fixed cost per call than the generic
+// implementation.
+type mac struct {
+	macState
+
+	buffer [16 * TagSize]byte // size must be a multiple of block size (16)
+	offset int
+}
+
+func (h *mac) Write(p []byte) (int, error) {
+	nn := len(p)
+	if h.offset > 0 {
+		n := copy(h.buffer[h.offset:], p)
+		if h.offset+n < len(h.buffer) {
+			h.offset += n
+			return nn, nil
+		}
+		p = p[n:]
+		h.offset = 0
+		if cpu.S390X.HasVX {
+			updateVX(&h.macState, h.buffer[:])
+		} else {
+			updateGeneric(&h.macState, h.buffer[:])
+		}
+	}
+
+	tail := len(p) % len(h.buffer) // number of bytes to copy into buffer
+	body := len(p) - tail          // number of bytes to process now
+	if body > 0 {
+		if cpu.S390X.HasVX {
+			updateVX(&h.macState, p[:body])
+		} else {
+			updateGeneric(&h.macState, p[:body])
+		}
+	}
+	h.offset = copy(h.buffer[:], p[body:]) // copy tail bytes - can be 0
+	return nn, nil
+}
+
+func (h *mac) Sum(out *[TagSize]byte) {
+	state := h.macState
+	remainder := h.buffer[:h.offset]
+
+	// Use the generic implementation if we have 2 or fewer blocks left
+	// to sum. The vector implementation has a higher startup time.
+	if cpu.S390X.HasVX && len(remainder) > 2*TagSize {
+		updateVX(&state, remainder)
+	} else if len(remainder) > 0 {
+		updateGeneric(&state, remainder)
+	}
+	finalize(out, &state.h, &state.s)
+}
diff --git a/internal/poly1305/sum_s390x.s b/internal/poly1305/sum_s390x.s
new file mode 100644
index 000000000..aa9e0494c
--- /dev/null
+++ b/internal/poly1305/sum_s390x.s
@@ -0,0 +1,504 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+// This implementation of Poly1305 uses the vector facility (vx)
+// to process up to 2 blocks (32 bytes) per iteration using an
+// algorithm based on the one described in:
+//
+// NEON crypto, Daniel J. Bernstein & Peter Schwabe
+// https://cryptojedi.org/papers/neoncrypto-20120320.pdf
+//
+// This algorithm uses 5 26-bit limbs to represent a 130-bit
+// value. These limbs are, for the most part, zero extended and
+// placed into 64-bit vector register elements. Each vector
+// register is 128-bits wide and so holds 2 of these elements.
+// Using 26-bit limbs allows us plenty of headroom to accommodate
+// accumulations before and after multiplication without
+// overflowing either 32-bits (before multiplication) or 64-bits
+// (after multiplication).
+//
+// In order to parallelise the operations required to calculate
+// the sum we use two separate accumulators and then sum those
+// in an extra final step. For compatibility with the generic
+// implementation we perform this summation at the end of every
+// updateVX call.
+//
+// To use two accumulators we must multiply the message blocks
+// by r² rather than r. Only the final message block should be
+// multiplied by r.
+//
+// Example:
+//
+// We want to calculate the sum (h) for a 64 byte message (m):
+//
+//   h = m[0:16]r⁴ + m[16:32]r³ + m[32:48]r² + m[48:64]r
+//
+// To do this we split the calculation into the even indices
+// and odd indices of the message. These form our SIMD 'lanes':
+//
+//   h = m[ 0:16]r⁴ + m[32:48]r² +   <- lane 0
+//       m[16:32]r³ + m[48:64]r      <- lane 1
+//
+// To calculate this iteratively we refactor so that both lanes
+// are written in terms of r² and r:
+//
+//   h = (m[ 0:16]r² + m[32:48])r² + <- lane 0
+//       (m[16:32]r² + m[48:64])r    <- lane 1
+//                ^             ^
+//                |             coefficients for second iteration
+//                coefficients for first iteration
+//
+// So in this case we would have two iterations. In the first
+// both lanes are multiplied by r². In the second only the
+// first lane is multiplied by r² and the second lane is
+// instead multiplied by r. This gives use the odd and even
+// powers of r that we need from the original equation.
+//
+// Notation:
+//
+//   h - accumulator
+//   r - key
+//   m - message
+//
+//   [a, b]       - SIMD register holding two 64-bit values
+//   [a, b, c, d] - SIMD register holding four 32-bit values
+//   xᵢ[n]        - limb n of variable x with bit width i
+//
+// Limbs are expressed in little endian order, so for 26-bit
+// limbs x₂₆[4] will be the most significant limb and x₂₆[0]
+// will be the least significant limb.
+
+// masking constants
+#define MOD24 V0 // [0x0000000000ffffff, 0x0000000000ffffff] - mask low 24-bits
+#define MOD26 V1 // [0x0000000003ffffff, 0x0000000003ffffff] - mask low 26-bits
+
+// expansion constants (see EXPAND macro)
+#define EX0 V2
+#define EX1 V3
+#define EX2 V4
+
+// key (r², r or 1 depending on context)
+#define R_0 V5
+#define R_1 V6
+#define R_2 V7
+#define R_3 V8
+#define R_4 V9
+
+// precalculated coefficients (5r², 5r or 0 depending on context)
+#define R5_1 V10
+#define R5_2 V11
+#define R5_3 V12
+#define R5_4 V13
+
+// message block (m)
+#define M_0 V14
+#define M_1 V15
+#define M_2 V16
+#define M_3 V17
+#define M_4 V18
+
+// accumulator (h)
+#define H_0 V19
+#define H_1 V20
+#define H_2 V21
+#define H_3 V22
+#define H_4 V23
+
+// temporary registers (for short-lived values)
+#define T_0 V24
+#define T_1 V25
+#define T_2 V26
+#define T_3 V27
+#define T_4 V28
+
+GLOBL ·constants<>(SB), RODATA, $0x30
+// EX0
+DATA ·constants<>+0x00(SB)/8, $0x0006050403020100
+DATA ·constants<>+0x08(SB)/8, $0x1016151413121110
+// EX1
+DATA ·constants<>+0x10(SB)/8, $0x060c0b0a09080706
+DATA ·constants<>+0x18(SB)/8, $0x161c1b1a19181716
+// EX2
+DATA ·constants<>+0x20(SB)/8, $0x0d0d0d0d0d0f0e0d
+DATA ·constants<>+0x28(SB)/8, $0x1d1d1d1d1d1f1e1d
+
+// MULTIPLY multiplies each lane of f and g, partially reduced
+// modulo 2¹³⁰ - 5. The result, h, consists of partial products
+// in each lane that need to be reduced further to produce the
+// final result.
+//
+//   h₁₃₀ = (f₁₃₀g₁₃₀) % 2¹³⁰ + (5f₁₃₀g₁₃₀) / 2¹³⁰
+//
+// Note that the multiplication by 5 of the high bits is
+// achieved by precalculating the multiplication of four of the
+// g coefficients by 5. These are g51-g54.
+#define MULTIPLY(f0, f1, f2, f3, f4, g0, g1, g2, g3, g4, g51, g52, g53, g54, h0, h1, h2, h3, h4) \
+	VMLOF  f0, g0, h0        \
+	VMLOF  f0, g3, h3        \
+	VMLOF  f0, g1, h1        \
+	VMLOF  f0, g4, h4        \
+	VMLOF  f0, g2, h2        \
+	VMLOF  f1, g54, T_0      \
+	VMLOF  f1, g2, T_3       \
+	VMLOF  f1, g0, T_1       \
+	VMLOF  f1, g3, T_4       \
+	VMLOF  f1, g1, T_2       \
+	VMALOF f2, g53, h0, h0   \
+	VMALOF f2, g1, h3, h3    \
+	VMALOF f2, g54, h1, h1   \
+	VMALOF f2, g2, h4, h4    \
+	VMALOF f2, g0, h2, h2    \
+	VMALOF f3, g52, T_0, T_0 \
+	VMALOF f3, g0, T_3, T_3  \
+	VMALOF f3, g53, T_1, T_1 \
+	VMALOF f3, g1, T_4, T_4  \
+	VMALOF f3, g54, T_2, T_2 \
+	VMALOF f4, g51, h0, h0   \
+	VMALOF f4, g54, h3, h3   \
+	VMALOF f4, g52, h1, h1   \
+	VMALOF f4, g0, h4, h4    \
+	VMALOF f4, g53, h2, h2   \
+	VAG    T_0, h0, h0       \
+	VAG    T_3, h3, h3       \
+	VAG    T_1, h1, h1       \
+	VAG    T_4, h4, h4       \
+	VAG    T_2, h2, h2
+
+// REDUCE performs the following carry operations in four
+// stages, as specified in Bernstein & Schwabe:
+//
+//   1: h₂₆[0]->h₂₆[1] h₂₆[3]->h₂₆[4]
+//   2: h₂₆[1]->h₂₆[2] h₂₆[4]->h₂₆[0]
+//   3: h₂₆[0]->h₂₆[1] h₂₆[2]->h₂₆[3]
+//   4: h₂₆[3]->h₂₆[4]
+//
+// The result is that all of the limbs are limited to 26-bits
+// except for h₂₆[1] and h₂₆[4] which are limited to 27-bits.
+//
+// Note that although each limb is aligned at 26-bit intervals
+// they may contain values that exceed 2²⁶ - 1, hence the need
+// to carry the excess bits in each limb.
+#define REDUCE(h0, h1, h2, h3, h4) \
+	VESRLG $26, h0, T_0  \
+	VESRLG $26, h3, T_1  \
+	VN     MOD26, h0, h0 \
+	VN     MOD26, h3, h3 \
+	VAG    T_0, h1, h1   \
+	VAG    T_1, h4, h4   \
+	VESRLG $26, h1, T_2  \
+	VESRLG $26, h4, T_3  \
+	VN     MOD26, h1, h1 \
+	VN     MOD26, h4, h4 \
+	VESLG  $2, T_3, T_4  \
+	VAG    T_3, T_4, T_4 \
+	VAG    T_2, h2, h2   \
+	VAG    T_4, h0, h0   \
+	VESRLG $26, h2, T_0  \
+	VESRLG $26, h0, T_1  \
+	VN     MOD26, h2, h2 \
+	VN     MOD26, h0, h0 \
+	VAG    T_0, h3, h3   \
+	VAG    T_1, h1, h1   \
+	VESRLG $26, h3, T_2  \
+	VN     MOD26, h3, h3 \
+	VAG    T_2, h4, h4
+
+// EXPAND splits the 128-bit little-endian values in0 and in1
+// into 26-bit big-endian limbs and places the results into
+// the first and second lane of d₂₆[0:4] respectively.
+//
+// The EX0, EX1 and EX2 constants are arrays of byte indices
+// for permutation. The permutation both reverses the bytes
+// in the input and ensures the bytes are copied into the
+// destination limb ready to be shifted into their final
+// position.
+#define EXPAND(in0, in1, d0, d1, d2, d3, d4) \
+	VPERM  in0, in1, EX0, d0 \
+	VPERM  in0, in1, EX1, d2 \
+	VPERM  in0, in1, EX2, d4 \
+	VESRLG $26, d0, d1       \
+	VESRLG $30, d2, d3       \
+	VESRLG $4, d2, d2        \
+	VN     MOD26, d0, d0     \ // [in0₂₆[0], in1₂₆[0]]
+	VN     MOD26, d3, d3     \ // [in0₂₆[3], in1₂₆[3]]
+	VN     MOD26, d1, d1     \ // [in0₂₆[1], in1₂₆[1]]
+	VN     MOD24, d4, d4     \ // [in0₂₆[4], in1₂₆[4]]
+	VN     MOD26, d2, d2     // [in0₂₆[2], in1₂₆[2]]
+
+// func updateVX(state *macState, msg []byte)
+TEXT ·updateVX(SB), NOSPLIT, $0
+	MOVD state+0(FP), R1
+	LMG  msg+8(FP), R2, R3 // R2=msg_base, R3=msg_len
+
+	// load EX0, EX1 and EX2
+	MOVD $·constants<>(SB), R5
+	VLM  (R5), EX0, EX2
+
+	// generate masks
+	VGMG $(64-24), $63, MOD24 // [0x00ffffff, 0x00ffffff]
+	VGMG $(64-26), $63, MOD26 // [0x03ffffff, 0x03ffffff]
+
+	// load h (accumulator) and r (key) from state
+	VZERO T_1               // [0, 0]
+	VL    0(R1), T_0        // [h₆₄[0], h₆₄[1]]
+	VLEG  $0, 16(R1), T_1   // [h₆₄[2], 0]
+	VL    24(R1), T_2       // [r₆₄[0], r₆₄[1]]
+	VPDI  $0, T_0, T_2, T_3 // [h₆₄[0], r₆₄[0]]
+	VPDI  $5, T_0, T_2, T_4 // [h₆₄[1], r₆₄[1]]
+
+	// unpack h and r into 26-bit limbs
+	// note: h₆₄[2] may have the low 3 bits set, so h₂₆[4] is a 27-bit value
+	VN     MOD26, T_3, H_0            // [h₂₆[0], r₂₆[0]]
+	VZERO  H_1                        // [0, 0]
+	VZERO  H_3                        // [0, 0]
+	VGMG   $(64-12-14), $(63-12), T_0 // [0x03fff000, 0x03fff000] - 26-bit mask with low 12 bits masked out
+	VESLG  $24, T_1, T_1              // [h₆₄[2]<<24, 0]
+	VERIMG $-26&63, T_3, MOD26, H_1   // [h₂₆[1], r₂₆[1]]
+	VESRLG $+52&63, T_3, H_2          // [h₂₆[2], r₂₆[2]] - low 12 bits only
+	VERIMG $-14&63, T_4, MOD26, H_3   // [h₂₆[1], r₂₆[1]]
+	VESRLG $40, T_4, H_4              // [h₂₆[4], r₂₆[4]] - low 24 bits only
+	VERIMG $+12&63, T_4, T_0, H_2     // [h₂₆[2], r₂₆[2]] - complete
+	VO     T_1, H_4, H_4              // [h₂₆[4], r₂₆[4]] - complete
+
+	// replicate r across all 4 vector elements
+	VREPF $3, H_0, R_0 // [r₂₆[0], r₂₆[0], r₂₆[0], r₂₆[0]]
+	VREPF $3, H_1, R_1 // [r₂₆[1], r₂₆[1], r₂₆[1], r₂₆[1]]
+	VREPF $3, H_2, R_2 // [r₂₆[2], r₂₆[2], r₂₆[2], r₂₆[2]]
+	VREPF $3, H_3, R_3 // [r₂₆[3], r₂₆[3], r₂₆[3], r₂₆[3]]
+	VREPF $3, H_4, R_4 // [r₂₆[4], r₂₆[4], r₂₆[4], r₂₆[4]]
+
+	// zero out lane 1 of h
+	VLEIG $1, $0, H_0 // [h₂₆[0], 0]
+	VLEIG $1, $0, H_1 // [h₂₆[1], 0]
+	VLEIG $1, $0, H_2 // [h₂₆[2], 0]
+	VLEIG $1, $0, H_3 // [h₂₆[3], 0]
+	VLEIG $1, $0, H_4 // [h₂₆[4], 0]
+
+	// calculate 5r (ignore least significant limb)
+	VREPIF $5, T_0
+	VMLF   T_0, R_1, R5_1 // [5r₂₆[1], 5r₂₆[1], 5r₂₆[1], 5r₂₆[1]]
+	VMLF   T_0, R_2, R5_2 // [5r₂₆[2], 5r₂₆[2], 5r₂₆[2], 5r₂₆[2]]
+	VMLF   T_0, R_3, R5_3 // [5r₂₆[3], 5r₂₆[3], 5r₂₆[3], 5r₂₆[3]]
+	VMLF   T_0, R_4, R5_4 // [5r₂₆[4], 5r₂₆[4], 5r₂₆[4], 5r₂₆[4]]
+
+	// skip r² calculation if we are only calculating one block
+	CMPBLE R3, $16, skip
+
+	// calculate r²
+	MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, M_0, M_1, M_2, M_3, M_4)
+	REDUCE(M_0, M_1, M_2, M_3, M_4)
+	VGBM   $0x0f0f, T_0
+	VERIMG $0, M_0, T_0, R_0 // [r₂₆[0], r²₂₆[0], r₂₆[0], r²₂₆[0]]
+	VERIMG $0, M_1, T_0, R_1 // [r₂₆[1], r²₂₆[1], r₂₆[1], r²₂₆[1]]
+	VERIMG $0, M_2, T_0, R_2 // [r₂₆[2], r²₂₆[2], r₂₆[2], r²₂₆[2]]
+	VERIMG $0, M_3, T_0, R_3 // [r₂₆[3], r²₂₆[3], r₂₆[3], r²₂₆[3]]
+	VERIMG $0, M_4, T_0, R_4 // [r₂₆[4], r²₂₆[4], r₂₆[4], r²₂₆[4]]
+
+	// calculate 5r² (ignore least significant limb)
+	VREPIF $5, T_0
+	VMLF   T_0, R_1, R5_1 // [5r₂₆[1], 5r²₂₆[1], 5r₂₆[1], 5r²₂₆[1]]
+	VMLF   T_0, R_2, R5_2 // [5r₂₆[2], 5r²₂₆[2], 5r₂₆[2], 5r²₂₆[2]]
+	VMLF   T_0, R_3, R5_3 // [5r₂₆[3], 5r²₂₆[3], 5r₂₆[3], 5r²₂₆[3]]
+	VMLF   T_0, R_4, R5_4 // [5r₂₆[4], 5r²₂₆[4], 5r₂₆[4], 5r²₂₆[4]]
+
+loop:
+	CMPBLE R3, $32, b2 // 2 or fewer blocks remaining, need to change key coefficients
+
+	// load next 2 blocks from message
+	VLM (R2), T_0, T_1
+
+	// update message slice
+	SUB  $32, R3
+	MOVD $32(R2), R2
+
+	// unpack message blocks into 26-bit big-endian limbs
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// add 2¹²⁸ to each message block value
+	VLEIB $4, $1, M_4
+	VLEIB $12, $1, M_4
+
+multiply:
+	// accumulate the incoming message
+	VAG H_0, M_0, M_0
+	VAG H_3, M_3, M_3
+	VAG H_1, M_1, M_1
+	VAG H_4, M_4, M_4
+	VAG H_2, M_2, M_2
+
+	// multiply the accumulator by the key coefficient
+	MULTIPLY(M_0, M_1, M_2, M_3, M_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4)
+
+	// carry and partially reduce the partial products
+	REDUCE(H_0, H_1, H_2, H_3, H_4)
+
+	CMPBNE R3, $0, loop
+
+finish:
+	// sum lane 0 and lane 1 and put the result in lane 1
+	VZERO  T_0
+	VSUMQG H_0, T_0, H_0
+	VSUMQG H_3, T_0, H_3
+	VSUMQG H_1, T_0, H_1
+	VSUMQG H_4, T_0, H_4
+	VSUMQG H_2, T_0, H_2
+
+	// reduce again after summation
+	// TODO(mundaym): there might be a more efficient way to do this
+	// now that we only have 1 active lane. For example, we could
+	// simultaneously pack the values as we reduce them.
+	REDUCE(H_0, H_1, H_2, H_3, H_4)
+
+	// carry h[1] through to h[4] so that only h[4] can exceed 2²⁶ - 1
+	// TODO(mundaym): in testing this final carry was unnecessary.
+	// Needs a proof before it can be removed though.
+	VESRLG $26, H_1, T_1
+	VN     MOD26, H_1, H_1
+	VAQ    T_1, H_2, H_2
+	VESRLG $26, H_2, T_2
+	VN     MOD26, H_2, H_2
+	VAQ    T_2, H_3, H_3
+	VESRLG $26, H_3, T_3
+	VN     MOD26, H_3, H_3
+	VAQ    T_3, H_4, H_4
+
+	// h is now < 2(2¹³⁰ - 5)
+	// Pack each lane in h₂₆[0:4] into h₁₂₈[0:1].
+	VESLG $26, H_1, H_1
+	VESLG $26, H_3, H_3
+	VO    H_0, H_1, H_0
+	VO    H_2, H_3, H_2
+	VESLG $4, H_2, H_2
+	VLEIB $7, $48, H_1
+	VSLB  H_1, H_2, H_2
+	VO    H_0, H_2, H_0
+	VLEIB $7, $104, H_1
+	VSLB  H_1, H_4, H_3
+	VO    H_3, H_0, H_0
+	VLEIB $7, $24, H_1
+	VSRLB H_1, H_4, H_1
+
+	// update state
+	VSTEG $1, H_0, 0(R1)
+	VSTEG $0, H_0, 8(R1)
+	VSTEG $1, H_1, 16(R1)
+	RET
+
+b2:  // 2 or fewer blocks remaining
+	CMPBLE R3, $16, b1
+
+	// Load the 2 remaining blocks (17-32 bytes remaining).
+	MOVD $-17(R3), R0    // index of final byte to load modulo 16
+	VL   (R2), T_0       // load full 16 byte block
+	VLL  R0, 16(R2), T_1 // load final (possibly partial) block and pad with zeros to 16 bytes
+
+	// The Poly1305 algorithm requires that a 1 bit be appended to
+	// each message block. If the final block is less than 16 bytes
+	// long then it is easiest to insert the 1 before the message
+	// block is split into 26-bit limbs. If, on the other hand, the
+	// final message block is 16 bytes long then we append the 1 bit
+	// after expansion as normal.
+	MOVBZ  $1, R0
+	MOVD   $-16(R3), R3   // index of byte in last block to insert 1 at (could be 16)
+	CMPBEQ R3, $16, 2(PC) // skip the insertion if the final block is 16 bytes long
+	VLVGB  R3, R0, T_1    // insert 1 into the byte at index R3
+
+	// Split both blocks into 26-bit limbs in the appropriate lanes.
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// Append a 1 byte to the end of the second to last block.
+	VLEIB $4, $1, M_4
+
+	// Append a 1 byte to the end of the last block only if it is a
+	// full 16 byte block.
+	CMPBNE R3, $16, 2(PC)
+	VLEIB  $12, $1, M_4
+
+	// Finally, set up the coefficients for the final multiplication.
+	// We have previously saved r and 5r in the 32-bit even indexes
+	// of the R_[0-4] and R5_[1-4] coefficient registers.
+	//
+	// We want lane 0 to be multiplied by r² so that can be kept the
+	// same. We want lane 1 to be multiplied by r so we need to move
+	// the saved r value into the 32-bit odd index in lane 1 by
+	// rotating the 64-bit lane by 32.
+	VGBM   $0x00ff, T_0         // [0, 0xffffffffffffffff] - mask lane 1 only
+	VERIMG $32, R_0, T_0, R_0   // [_,  r²₂₆[0], _,  r₂₆[0]]
+	VERIMG $32, R_1, T_0, R_1   // [_,  r²₂₆[1], _,  r₂₆[1]]
+	VERIMG $32, R_2, T_0, R_2   // [_,  r²₂₆[2], _,  r₂₆[2]]
+	VERIMG $32, R_3, T_0, R_3   // [_,  r²₂₆[3], _,  r₂₆[3]]
+	VERIMG $32, R_4, T_0, R_4   // [_,  r²₂₆[4], _,  r₂₆[4]]
+	VERIMG $32, R5_1, T_0, R5_1 // [_, 5r²₂₆[1], _, 5r₂₆[1]]
+	VERIMG $32, R5_2, T_0, R5_2 // [_, 5r²₂₆[2], _, 5r₂₆[2]]
+	VERIMG $32, R5_3, T_0, R5_3 // [_, 5r²₂₆[3], _, 5r₂₆[3]]
+	VERIMG $32, R5_4, T_0, R5_4 // [_, 5r²₂₆[4], _, 5r₂₆[4]]
+
+	MOVD $0, R3
+	BR   multiply
+
+skip:
+	CMPBEQ R3, $0, finish
+
+b1:  // 1 block remaining
+
+	// Load the final block (1-16 bytes). This will be placed into
+	// lane 0.
+	MOVD $-1(R3), R0
+	VLL  R0, (R2), T_0 // pad to 16 bytes with zeros
+
+	// The Poly1305 algorithm requires that a 1 bit be appended to
+	// each message block. If the final block is less than 16 bytes
+	// long then it is easiest to insert the 1 before the message
+	// block is split into 26-bit limbs. If, on the other hand, the
+	// final message block is 16 bytes long then we append the 1 bit
+	// after expansion as normal.
+	MOVBZ  $1, R0
+	CMPBEQ R3, $16, 2(PC)
+	VLVGB  R3, R0, T_0
+
+	// Set the message block in lane 1 to the value 0 so that it
+	// can be accumulated without affecting the final result.
+	VZERO T_1
+
+	// Split the final message block into 26-bit limbs in lane 0.
+	// Lane 1 will be contain 0.
+	EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4)
+
+	// Append a 1 byte to the end of the last block only if it is a
+	// full 16 byte block.
+	CMPBNE R3, $16, 2(PC)
+	VLEIB  $4, $1, M_4
+
+	// We have previously saved r and 5r in the 32-bit even indexes
+	// of the R_[0-4] and R5_[1-4] coefficient registers.
+	//
+	// We want lane 0 to be multiplied by r so we need to move the
+	// saved r value into the 32-bit odd index in lane 0. We want
+	// lane 1 to be set to the value 1. This makes multiplication
+	// a no-op. We do this by setting lane 1 in every register to 0
+	// and then just setting the 32-bit index 3 in R_0 to 1.
+	VZERO T_0
+	MOVD  $0, R0
+	MOVD  $0x10111213, R12
+	VLVGP R12, R0, T_1         // [_, 0x10111213, _, 0x00000000]
+	VPERM T_0, R_0, T_1, R_0   // [_,  r₂₆[0], _, 0]
+	VPERM T_0, R_1, T_1, R_1   // [_,  r₂₆[1], _, 0]
+	VPERM T_0, R_2, T_1, R_2   // [_,  r₂₆[2], _, 0]
+	VPERM T_0, R_3, T_1, R_3   // [_,  r₂₆[3], _, 0]
+	VPERM T_0, R_4, T_1, R_4   // [_,  r₂₆[4], _, 0]
+	VPERM T_0, R5_1, T_1, R5_1 // [_, 5r₂₆[1], _, 0]
+	VPERM T_0, R5_2, T_1, R5_2 // [_, 5r₂₆[2], _, 0]
+	VPERM T_0, R5_3, T_1, R5_3 // [_, 5r₂₆[3], _, 0]
+	VPERM T_0, R5_4, T_1, R5_4 // [_, 5r₂₆[4], _, 0]
+
+	// Set the value of lane 1 to be 1.
+	VLEIF $3, $1, R_0 // [_,  r₂₆[0], _, 1]
+
+	MOVD $0, R3
+	BR   multiply
diff --git a/internal/poly1305/vectors_test.go b/internal/poly1305/vectors_test.go
new file mode 100644
index 000000000..4788950f1
--- /dev/null
+++ b/internal/poly1305/vectors_test.go
@@ -0,0 +1,3000 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package poly1305
+
+var testData = [...]test{
+	// edge cases
+	{
+		// see https://go-review.googlesource.com/#/c/30101/
+		key: "3b3a29e93b213a5c5c3b3b053a3a8c0d00000000000000000000000000000000",
+		tag: "6dc18b8c344cd79927118bbe84b7f314",
+		in:  "81d8b2e46a25213b58fee4213a2a28e921c12a9632516d3b73272727becf2129",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "04000000000000000000000000000000", // (2¹³⁰-1) % (2¹³⁰-5)
+		in: "ffffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "faffffffffffffffffffffffffffffff", // (2¹³⁰-6) % (2¹³⁰-5)
+		in: "faffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "00000000000000000000000000000000", // (2¹³⁰-5) % (2¹³⁰-5)
+		in: "fbffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "f9ffffffffffffffffffffffffffffff", // (2*(2¹³⁰-6)) % (2¹³⁰-5)
+		in: "faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "00000000000000000000000000000000", // (2*(2¹³⁰-5)) % (2¹³⁰-5)
+		in: "fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "f8ffffffffffffffffffffffffffffff", // (3*(2¹³⁰-6)) % (2¹³⁰-5)
+		in: "faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "00000000000000000000000000000000", // (3*(2¹³⁰-5)) % (2¹³⁰-5)
+		in: "fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "f7ffffffffffffffffffffffffffffff", // (4*(2¹³⁰-6)) % (2¹³⁰-5)
+		in: "faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "00000000000000000000000000000000", // (4*(2¹³⁰-5)) % (2¹³⁰-5)
+		in: "fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "f3ffffffffffffffffffffffffffffff", // (8*(2¹³⁰-6)) % (2¹³⁰-5)
+		in: "faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "00000000000000000000000000000000", // (8*(2¹³⁰-5)) % (2¹³⁰-5)
+		in: "fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "ebffffffffffffffffffffffffffffff", // (16*(2¹³⁰-6)) % (2¹³⁰-5)
+		in: "faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"faffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	{
+		key: "0100000000000000000000000000000000000000000000000000000000000000",
+		tag: "00000000000000000000000000000000", // (16*(2¹³⁰-5)) % (2¹³⁰-5)
+		in: "fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"fbffffffffffffffffffffffffffffff" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000" +
+			"00000000000000000000000000000000",
+	},
+	// original smoke tests
+	{
+		key: "746869732069732033322d62797465206b657920666f7220506f6c7931333035",
+		tag: "a6f745008f81c916a20dcc74eef2b2f0",
+		in:  "48656c6c6f20776f726c6421",
+	},
+	{
+		key: "746869732069732033322d62797465206b657920666f7220506f6c7931333035",
+		tag: "49ec78090e481ec6c26b33b91ccc0307",
+		in:  "0000000000000000000000000000000000000000000000000000000000000000",
+	},
+	{
+		key: "746869732069732033322d62797465206b657920666f7220506f6c7931333035",
+		tag: "da84bcab02676c38cdb015604274c2aa",
+		in: "000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000",
+	},
+	{
+		key: "0000000000000000000000000000000000000000000000000000000000000000",
+		tag: "00000000000000000000000000000000",
+		in: "000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000000000" +
+			"000000000000000000000000000000000000000000000000000000",
+	},
+	// randomly generated
+	{
+		key: "52fdfc072182654f163f5f0f9a621d729566c74d10037c4d7bbb0407d1e2c649",
+		tag: "9566c74d10037c4d7bbb0407d1e2c649",
+		in:  "",
+	},
+	{
+		key: "81855ad8681d0d86d1e91e00167939cb6694d2c422acd208a0072939487f6999",
+		tag: "eaa270caaa12faa39b797374a4b8a420",
+		in:  "eb",
+	},
+	{
+		key: "9d18a44784045d87f3c67cf22746e995af5a25367951baa2ff6cd471c483f15f",
+		tag: "dbea66e1da48a8f822887c6162c2acf1",
+		in:  "b90b",
+	},
+	{
+		key: "adb37c5821b6d95526a41a9504680b4e7c8b763a1b1d49d4955c848621632525",
+		tag: "6ac09aaa88c32ee95a7198376f16abdb",
+		in:  "3fec73",
+	},
+	{
+		key: "8dd7a9e28bf921119c160f0702448615bbda08313f6a8eb668d20bf505987592",
+		tag: "b1443487f97fe340b04a74719ed4de68",
+		in:  "1e668a5b",
+	},
+	{
+		key: "df2c7fc4844592d2572bcd0668d2d6c52f5054e2d0836bf84c7174cb7476364c",
+		tag: "7463be0f9d99a5348039e4afcbf4019c",
+		in:  "c3dbd968b0",
+	},
+	{
+		key: "f7172ed85794bb358b0c3b525da1786f9fff094279db1944ebd7a19d0f7bbacb",
+		tag: "2edaee3bcf303fd05609e131716f8157",
+		in:  "e0255aa5b7d4",
+	},
+	{
+		key: "4bec40f84c892b9bffd43629b0223beea5f4f74391f445d15afd4294040374f6",
+		tag: "965f18767420c1d94a4ef657e8d15e1e",
+		in:  "924b98cbf8713f",
+	},
+	{
+		key: "8d962d7c8d019192c24224e2cafccae3a61fb586b14323a6bc8f9e7df1d92933",
+		tag: "2bf4a33287dd6d87e1ed4282f7342b6a",
+		in:  "3ff993933bea6f5b",
+	},
+	{
+		key: "3af6de0374366c4719e43a1b067d89bc7f01f1f573981659a44ff17a4c7215a3",
+		tag: "c5e987b60373a48893c5af30acf2471f",
+		in:  "b539eb1e5849c6077d",
+	},
+	{
+		key: "bb5722f5717a289a266f97647981998ebea89c0b4b373970115e82ed6f4125c8",
+		tag: "19f0f640b309d168ea1b480e6a4faee5",
+		in:  "fa7311e4d7defa922daa",
+	},
+	{
+		key: "e7786667f7e936cd4f24abf7df866baa56038367ad6145de1ee8f4a8b0993ebd",
+		tag: "de75e5565d97834b9fa84ad568d31359",
+		in:  "f8883a0ad8be9c3978b048",
+	},
+	{
+		key: "83e56a156a8de563afa467d49dec6a40e9a1d007f033c2823061bdd0eaa59f8e",
+		tag: "de184a5a9b826aa203c5c017986d6690",
+		in:  "4da6430105220d0b29688b73",
+	},
+	{
+		key: "4b8ea0f3ca9936e8461f10d77c96ea80a7a665f606f6a63b7f3dfd2567c18979",
+		tag: "7478f18d9684905aa5d1a34ee67e4c84",
+		in:  "e4d60f26686d9bf2fb26c901ff",
+	},
+	{
+		key: "354cde1607ee294b39f32b7c7822ba64f84ab43ca0c6e6b91c1fd3be89904341",
+		tag: "3b2008a9c52b5308f5538b789ab5506f",
+		in:  "79d3af4491a369012db92d184fc3",
+	},
+	{
+		key: "9d1734ff5716428953bb6865fcf92b0c3a17c9028be9914eb7649c6c93478009",
+		tag: "71c8e76a67a505b7370b562ba15ba032",
+		in:  "79d1830356f2a54c3deab2a4b4475d",
+	},
+	{
+		key: "63afbe8fb56987c77f5818526f1814be823350eab13935f31d84484517e924ae",
+		tag: "1dc895f74f866bdb3edf6c4430829c1c",
+		in:  "f78ae151c00755925836b7075885650c",
+	},
+	{
+		key: "30ec29a3703934bf50a28da102975deda77e758579ea3dfe4136abf752b3b827",
+		tag: "afca2b3ba7b0e1a928001966883e9b16",
+		in: "1d03e944b3c9db366b75045f8efd69d22ae5411947cb553d7694267aef4e" +
+			"bcea406b32d6108bd68584f57e37caac6e33feaa3263a399437024ba9c9b" +
+			"14678a274f01a910ae295f6efbfe5f5abf44ccde263b5606633e2bf0006f" +
+			"28295d7d39069f01a239c4365854c3af7f6b41d631f92b9a8d12f4125732" +
+			"5fff332f7576b0620556304a3e3eae14c28d0cea39d2901a52720da85ca1" +
+			"e4b38eaf3f",
+	},
+	{
+		key: "44c6c6ef8362f2f54fc00e09d6fc25640854c15dfcacaa8a2cecce5a3aba53ab",
+		tag: "6f2a09aa76c9b76774e31ec02dcf7991",
+		in: "705b18db94b4d338a5143e63408d8724b0cf3fae17a3f79be1072fb63c35" +
+			"d6042c4160f38ee9e2a9f3fb4ffb0019b454d522b5ffa17604193fb89667" +
+			"10a7960732ca52cf53c3f520c889b79bf504cfb57c7601232d589baccea9" +
+			"d6e263e25c27741d3f6c62cbbb15d9afbcbf7f7da41ab0408e3969c2e2cd" +
+			"cf233438bf1774ace7709a4f091e9a83fdeae0ec55eb233a9b5394cb3c78" +
+			"56b546d313c8a3b4c1c0e05447f4ba370eb36dbcfdec90b302dcdc3b9ef5" +
+			"22e2a6f1ed0afec1f8e20faabedf6b162e717d3a748a58677a0c56348f89" +
+			"21a266b11d0f334c62fe52ba53af19779cb2948b6570ffa0b773963c130a" +
+			"d797ddea",
+	},
+	{
+		key: "fe4e3ad29b5125210f0ef1c314090f07c79a6f571c246f3e9ac0b7413ef110bd",
+		tag: "27381e3fc2a356103fb796f107d826e7",
+		in: "58b00ce73bff706f7ff4b6f44090a32711f3208e4e4b89cb5165ce64002c" +
+			"bd9c2887aa113df2468928d5a23b9ca740f80c9382d9c6034ad2960c7965" +
+			"03e1ce221725f50caf1fbfe831b10b7bf5b15c47a53dbf8e7dcafc9e1386" +
+			"47a4b44ed4bce964ed47f74aa594468ced323cb76f0d3fac476c9fb03fc9" +
+			"228fbae88fd580663a0454b68312207f0a3b584c62316492b49753b5d502" +
+			"7ce15a4f0a58250d8fb50e77f2bf4f0152e5d49435807f9d4b97be6fb779" +
+			"70466a5626fe33408cf9e88e2c797408a32d29416baf206a329cfffd4a75" +
+			"e498320982c85aad70384859c05a4b13a1d5b2f5bfef5a6ed92da482caa9" +
+			"568e5b6fe9d8a9ddd9eb09277b92cef9046efa18500944cbe800a0b1527e" +
+			"a6",
+	},
+	{
+		key: "4729a861d2f6497a3235c37f4192779ec1d96b3b1c5424fce0b727b03072e641",
+		tag: "0173965669fb9de88d38a827a0271271",
+		in: "5a761f03abaa40abc9448fddeb2191d945c04767af847afd0edb5d8857b7" +
+			"99acb18e4affabe3037ffe7fa68aa8af5e39cc416e734d373c5ebebc9cdc" +
+			"c595bcce3c7bd3d8df93fab7e125ddebafe65a31bd5d41e2d2ce9c2b1789" +
+			"2f0fea1931a290220777a93143dfdcbfa68406e877073ff08834e197a403" +
+			"4aa48afa3f85b8a62708caebbac880b5b89b93da53810164402104e648b6" +
+			"226a1b78021851f5d9ac0f313a89ddfc454c5f8f72ac89b38b19f53784c1" +
+			"9e9beac03c875a27db029de37ae37a42318813487685929359ca8c5eb94e" +
+			"152dc1af42ea3d1676c1bdd19ab8e2925c6daee4de5ef9f9dcf08dfcbd02" +
+			"b80809398585928a0f7de50be1a6dc1d5768e8537988fddce562e9b948c9" +
+			"18bba3e933e5c400cde5e60c5ead6fc7ae77ba1d259b188a4b21c86fbc23" +
+			"d728b45347eada650af24c56d0800a8691332088a805bd55c446e25eb075" +
+			"90bafcccbec6177536401d9a2b7f512b54bfc9d00532adf5aaa7c3a96bc5" +
+			"9b489f77d9042c5bce26b163defde5ee6a0fbb3e9346cef81f0ae9515ef3" +
+			"0fa47a364e75aea9e111d596e685a591121966e031650d510354aa845580" +
+			"ff560760fd36514ca197c875f1d02d9216eba7627e2398322eb5cf43d72b" +
+			"d2e5b887d4630fb8d4747ead6eb82acd1c5b078143ee26a586ad23139d50" +
+			"41723470bf24a865837c",
+	},
+	{
+		key: "9123461c41f5ff99aa99ce24eb4d788576e3336e65491622558fdf297b9fa007",
+		tag: "1eb0cdad9237905250d30a24fe172a34",
+		in: "864bafd7cd4ca1b2fb5766ab431a032b72b9a7e937ed648d0801f29055d3" +
+			"090d2463718254f9442483c7b98b938045da519843854b0ed3f7ba951a49" +
+			"3f321f0966603022c1dfc579b99ed9d20d573ad53171c8fef7f1f4e4613b" +
+			"b365b2ebb44f0ffb6907136385cdc838f0bdd4c812f042577410aca008c2" +
+			"afbc4c79c62572e20f8ed94ee62b4de7aa1cc84c887e1f7c31e927dfe52a" +
+			"5f8f46627eb5d3a4fe16fafce23623e196c9dfff7fbaff4ffe94f4589733" +
+			"e563e19d3045aad3e226488ac02cca4291aed169dce5039d6ab00e40f67a" +
+			"ab29332de1448b35507c7c8a09c4db07105dc31003620405da3b2169f5a9" +
+			"10c9d0096e5e3ef1b570680746acd0cc7760331b663138d6d342b051b5df" +
+			"410637cf7aee9b0c8c10a8f9980630f34ce001c0ab7ac65e502d39b216cb" +
+			"c50e73a32eaf936401e2506bd8b82c30d346bc4b2fa319f245a8657ec122" +
+			"eaf4ad5425c249ee160e17b95541c2aee5df820ac85de3f8e784870fd87a" +
+			"36cc0d163833df636613a9cc947437b6592835b9f6f4f8c0e70dbeebae7b" +
+			"14cdb9bc41033aa5baf40d45e24d72eac4a28e3ca030c9937ab8409a7cbf" +
+			"05ae21f97425254543d94d115900b90ae703b97d9856d2441d14ba49a677" +
+			"de8b18cb454b99ddd9daa7ccbb7500dae4e2e5df8cf3859ebddada6745fb" +
+			"a6a04c5c37c7ca35036f11732ce8bc27b48868611fc73c82a491bfabd7a1" +
+			"9df50fdc78a55dbbc2fd37f9296566557fab885b039f30e706f0cd5961e1" +
+			"9b642221db44a69497b8ad99408fe1e037c68bf7c5e5de1d2c68192348ec" +
+			"1189fb2e36973cef09ff14be23922801f6eaee41409158b45f2dec82d17c" +
+			"aaba160cd6",
+	},
+	{
+		key: "40ff73495fe4a05ce1202ca7287ed3235b95e69f571fa5e656aaa51fae1ebdd7",
+		tag: "2e619d8ea81b77484e4fddeb29844e4b",
+		in: "aa6269c2ec7f4057b33593bc84888c970fd528d4a99a1eab9d2420134537" +
+			"cd6d02282e0981e140232a4a87383a21d1845c408ad757043813032a0bd5" +
+			"a30dcca6e3aa2df04715d879279a96879a4f3690ac2025a60c7db15e0501" +
+			"ebc34b734355fe4a059bd3899d920e95f1c46d432f9b08e64d7f9b38965d" +
+			"5a77a7ac183c3833e1a3425ead69d4f975012fd1a49ed832f69e6e9c63b4" +
+			"53ec049c9e7a5cf944232d10353f64434abae060f6506ad3fdb1f4415b0a" +
+			"f9ce8c208bc20ee526741539fa3203c77ecba410fd6718f227e0b430f9bc" +
+			"b049a3d38540dc222969120ce80f2007cd42a708a721aa29987b45d4e428" +
+			"811984ecad349cc35dd93515cefe0b002cee5e71c47935e281ebfc4b8b65" +
+			"2b69ccb092e55a20f1b9f97d046296124621928739a86671cc180152b953" +
+			"e3bf9d19f825c3dd54ae1688e49efb5efe65dcdad34bc860010e7c8c997c" +
+			"d5f9e320ca7d39d4ba801a175b1c76f057832f3f36d7d893e216e4c7bbdb" +
+			"548d0ba48449330027368b34f9c69776b4591532da1c5be68ef4eebe8cb8" +
+			"fa7dc5483fb70c2c896334cb1f9cb5dfe044fa086197ff5dfd02f2ba3884" +
+			"c53dd718c8560da743a8e9d4aeae20ccef002d82ca352592b8d8f2a8df3b" +
+			"0c35f15b9b370dca80d4ca8e9a133eb52094f2dd5c08731f52315d828846" +
+			"e37df68fd10658b480f2ac84233633957e688e924ffe3713b52c76fd8a56" +
+			"da8bb07daa8eb4eb8f7334f99256e2766a4109150eed424f0f743543cdea" +
+			"66e5baaa03edc918e8305bb19fc0c6b4ddb4aa3886cb5090940fc6d4cabe" +
+			"2153809e4ed60a0e2af07f1b2a6bb5a6017a578a27cbdc20a1759f76b088" +
+			"9a83ce25ce3ca91a4eb5c2f8580819da04d02c41770c01746de44f3db6e3" +
+			"402e7873db7635516e87b33e4b412ba3df68544920f5ea27ec097710954f" +
+			"42158bdba66d4814c064b4112538676095467c89ba98e6a543758d7093a4" +
+			"94df",
+	},
+	{
+		key: "5cc36d09c7a6472a41f29c380a987b1ecdcf84765f4e5d3ceefc1c02181f570f",
+		tag: "0d57b8cbea8090df0541354673dcb4e0",
+		in: "44fcd629f08dc1ef53c9ae0d8869fe67fdc7a2c67b425f13c5be8d9f630c" +
+			"1d063c02fd75cf64c1aec9d2e2ef6e6431d5f5ad0489078dc61f46494dcc" +
+			"f403dad7f094170d2c3e29c198b0f341e284c4be8fa60c1a478d6bd55dd2" +
+			"c04dad86d2053d5d25b014e3d8b64322cdcb5004faa46cfa2d6ad2ff933b" +
+			"c3bd9a5a74660af3d048a9a43634c0250427d9a6219197a3f3633f841753" +
+			"ba7c27f3619f387b6b1a6cb9c1dc227674aa020724d137da2cb87b1615d5" +
+			"12974fa4747dd1e17d02c9462a44fec150ca3a8f99cc1e4953365e429956" +
+			"5e108535b1f62e1d4ba18e17a52164418bfd1a933f7fb3a126c860830a87" +
+			"293d9271da736e4398c1e37fb75c4bf02786e1faf4b610cd1377fbb9ae18" +
+			"0655a0abefbad700c09473469f1eca5a66d53fa3dc7cd3e7c3b0411d7e14" +
+			"5f96eb9654ab94913dda503a50f9e773842f4d2a5faa60869bf365830511" +
+			"f2ededd03e0a73000edb60c9a29a5f5e194cf3b5667a694690384599d116" +
+			"f8d2fd93b2aed55b7d44b5b054f3f38e788e4fdf36e591568c41d1052cad" +
+			"0fcb68ca4c4bf5090d57df9db6f0d91dd8b11b804f331adb7efb087a5604" +
+			"e9e22b4d54db40bcbc6e272ff5eaddfc1471459e59f0554c58251342134a" +
+			"8daaef1498069ba581ef1da2510be92843487a4eb8111c79a6f0195fc38a" +
+			"d6aee93c1df2b5897eaa38ad8f47ab2fe0e3aa3e6accbfd4c16d46843318" +
+			"5fc61c861b96ca65e34d31f24d6f56ee85092314a4d7656205c15322f1c9" +
+			"7613c079eae292ba966e10d1e700164e518b243f424c46f9ea63db1c2c34" +
+			"b512c403c128ee19030a6226517b805a072512a5e4cd274b7fd1fa23f830" +
+			"058208ff1a063b41039c74036b5b3da8b1a0b93135a710352da0f6c31203" +
+			"a09d1f2329651bb3ab3984ab591f2247e71cd44835e7a1a1b66d8595f7ae" +
+			"f9bf39d1417d2d31ea3599d405ff4b5999a86f52f3259b452909b57937d8" +
+			"5364d6c23deb4f14e0d9fcee9184df5994fdc11f045c025c8d561adb0e7d" +
+			"fd4748fd4b20f84e53322471a410cdb3fd88e48b2e7eb7ae5dae994cb5ea" +
+			"e3eaf21cf9005db560d6d22e4d9b97d7e9e488751afcd72aa176c0fcde93" +
+			"16f676fd527d9c42105b851639f09ea70533d26fc60cbeb4b76ed554fc99" +
+			"177620b28ca6f56a716f8cb384",
+	},
+	{
+		key: "811c3e356e7c793acf114c624dc86ace38e67bff2a60e5b2a6c20723c1b9f003",
+		tag: "c6e59044cefc43ee681c3eed872d02b3",
+		in: "e115b304c023792448794546a2474f04294d7a616215e5dd6c40a65bb6ed" +
+			"b508c3680b14c176c327fdfb1ee21962c0006b7deb4e5de87db21989d13c" +
+			"3ab0462d5d2a52ef4ca0d366ae06a314f50e3a21d9247f814037798cc5e1" +
+			"0a63de027477decdeb8a8e0c279299272490106ddf8683126f60d35772c6" +
+			"dfc744b0adbfd5dcf118c4f2b06cfaf077881d733a5e643b7c46976647d1" +
+			"c1d3f8f6237c6218fa86fb47080b1f7966137667bd6661660c43b75b6339" +
+			"0b514bbe491aa46b524bde1c5b7456255fb214c3f74907b7ce1cba94210b" +
+			"78b5e68f049fcb002b96a5d38d59df6e977d587abb42d0972d5f3ffc898b" +
+			"3cbec26f104255761aee1b8a232d703585dd276ee1f43c8cd7e92a993eb1" +
+			"5107d02f59ba75f8dd1442ee37786ddb902deb88dd0ebdbf229fb25a9dca" +
+			"86d0ce46a278a45f5517bff2c049cc959a227dcdd3aca677e96ce84390e9" +
+			"b9a28e0988777331847a59f1225b027a66c1421422683dd6081af95e16f2" +
+			"48ab03da494112449ce7bdace6c988292f95699bb5e4d9c8d250aa28a6df" +
+			"44c0c265156deb27e9476a0a4af44f34bdf631b4af1146afe34ea988fc95" +
+			"3e71fc21ce60b3962313000fe46d757109281f6e55bc950200d0834ceb5c" +
+			"41553afd12576f3fbb9a8e05883ccc51c9a1269b6d8e9d27123dce5d0bd6" +
+			"db649c6fea06b4e4e9dea8d2d17709dc50ae8aa38231fd409e9580e255fe" +
+			"2bf59e6e1b6e310610ea4881206262be76120d6c97db969e003947f08bad" +
+			"8fa731f149397c47d2c964e84f090e77e19046277e18cd8917c48a776c9d" +
+			"e627b6656203b522c60e97cc61914621c564243913ae643f1c9c9e0ad00a" +
+			"14f66eaa45844229ecc35abb2637317ae5d5e338c68691bea8fa1fd469b7" +
+			"b54d0fccd730c1284ec7e6fccdec800b8fa67e6e55ac574f1e53a65ab976" +
+			"4c218a404184793cc9892308e296b334c85f7097edc16927c2451c4cd7e5" +
+			"3f239aa4f4c83241bde178f692898b1ece2dbcb19a97e64c4710326528f2" +
+			"4b099d0b674bd614fad307d9b9440adab32117f0f15b1450277b00eb366e" +
+			"0260fca84c1d27e50a1116d2ce16c8f5eb212c77c1a84425744ea3195edb" +
+			"b54c970b77e090b644942d43fe8c4546a158bad7620217a40e34b9bb84d1" +
+			"89eff32b20ef3f015714dbb1f150015d6eeb84cbccbd3fffa63bde89",
+	},
+	{
+		key: "f33691f5db2dea41e1e608af3ff39f3a6988dba204ce1b09214475ae0ea864b8",
+		tag: "6e50e70411201378c8d67857d7b631d2",
+		in: "439bc9ea10db4d2b08c7fcf2e8bd89fa9844f8061d462e28f174489e7514" +
+			"0f84e842040141cc59ce38f9551850cfbdfac2d75337d155090d70d0d930" +
+			"04340bdfe60062f17c53f3c9005b9995a0feb49f6bef8eaff80f4feb7ef3" +
+			"f2181733a4b43b6ac43a5130a73a9b3c2cbc93bd296cd5f48c9df022b6c8" +
+			"2bb752bc21e3d8379be31328aa32edc11efc8a4b4b3f370ee8c870cd281d" +
+			"614e6bc2c0a5ca303bc48696a3bd574ee34738de4c4c29910f8feb7557bf" +
+			"ffcfe7428b4703144bd6d7fe5b3f5de748918553df5453b3c6001696f3de" +
+			"0137e454aadf30cedfb6be36b0b908a38409f1a2dc202fc285610765e4c8" +
+			"6414692bf4bde20ed899e97727b7ea1d95d7c621717c560f1d260ab3624e" +
+			"d6168d77c483dd5ce0d234049017795f2e5a7569d7ad323c50a5b1170337" +
+			"4174a9977026c20cd52c10b72f14e0569a684a3dcf2ccbc148fd3db506e2" +
+			"8d24f6c55544cb3980a36e86747adc89ebad78d1630618d113fa445f8625" +
+			"b583cd7be33913c30c419d047cf3baf40fd05219a1fcec717b87a65fa022" +
+			"1a3aa8143062d77588168019454240ae3d37640996f2967810459bc658df" +
+			"e556de4d07263dc3d9158ec242008226d1c6aea7f0846e12ce2d316e80da" +
+			"522343264ec9451ec23aaaa367d640faad4af3d44d6d86544ade34c93518" +
+			"2843f6b4d1c934996778affa9ee962e7dfef5e70d933d4309f0f343e9606" +
+			"1b91b11ac380a9675e17a96099fe411bedc28a298cd78d5496e28fbbd4f5" +
+			"b0a27735d1144348e22be5b75724d8f125e99c4cb4e9c3a1f0b4e9da5146" +
+			"e6afaa33d02fda74bf58a8badee2b634b989c01755afa6ab20ee494c6ae4" +
+			"c2c6f17af6b53b61d2947d83a18eb3b8a1612aad5d3ea7e8e35f325c9168" +
+			"ac490f22cb713ddb61fbd96011c5849ac8e2fcd42db820349bdf9157dcc0" +
+			"0d9f9ed9c099b10c7194d48b623b0df43759734b2a2e5f8a35e7192bf9a0" +
+			"03dcb9d16a54bd84d922f85b6021b28aacc5264fe9e83deb48f18f864cbd" +
+			"367eb163d39c45b0eb907311a2a4b09fb26109088df782ce031b02f3caff" +
+			"d2dbe25b1cbde9f35ba7c47292a4fd49e7def7a28824f3dfda259a86c3de" +
+			"59257c255c712686ee47d128a55c7b9e8c546035eab7e2da420f32ed5c94" +
+			"bc12a34dc68eb99257a7ea03b69d6c760b0681fa24e4ca97b7c377182ab5" +
+			"fee30a278b08c44c988a8f925af2997883111c750d176b432735868208f4" +
+			"0de7137331b544f2d28040a3581d195e82811c945c3f9fde68fc21b36a44" +
+			"e1cfa2d8eb625f3102461539b3f13c660936a5ddb29a0ae791fbf52c2f69" +
+			"7bd334653f3605b362d91cd78569b41dbd09b2a5892440b5097fa08d0b4b" +
+			"291fc5b934585dd8d5adc80d573fdd194b2eae26dfc49f5e51c1f1607d7e" +
+			"87740702f244bf39ca1d52423e0ae84891dfdf4f43ef984c7a5f293a2007" +
+			"a1e00e39c757f064518953f55621f955986f63",
+	},
+	{
+		key: "d115b6ac998a65b48b3dae5977abaf985258d3d1cfe1616cec3d6a77f7a75785",
+		tag: "b431c9318ec2769fc8ee8f5fc3c079c3",
+		in: "7e7eb43839a6d7616b8a7b1fb7144817904342a9bd34167051162941a6b1" +
+			"b85db5e587f76e4a53211755d5ab29c11822d7711a97b3f1ff5b21f2485d" +
+			"9c86241fb56cdd6796245d3112df11ad9a7344db44d09934c4efb280ed65" +
+			"80cfcafb5c97a32993cbbf4917183e0b7bb38f2ce2479c28e1d39f673962" +
+			"17a7010448dfd39a4e7f406c8bd2d804f993bb410fffa4eb57518a531ecf" +
+			"259a8af068230acb826d9ffc20ee0fc43885221a321e3928971bb28615f0" +
+			"d9f099f5b68a80503a910fdba0bc643c60b64837900be38770b6b30c362c" +
+			"4580722b5dbb1b9c8cd02a18fd7b5661d2c4d28aa941c50af6655c826690" +
+			"37312fbf9f1cf4adb0b9400532755011b40e8252bd0e3c7a22efb0ef9122" +
+			"1e04b4aa8316d4a4ffeaa11909d38cc264650e7ca416835ded0953f39e29" +
+			"b01d3a33bba454760fb0a96d9fe50b3e42c95271e57840380d1fd39a375b" +
+			"3e5513a31a4b80a2dad8731d4fd1ced5ff61e1fbe8ff3ff90a277e6b5631" +
+			"f99f046c4c3c66158554f61af2ede73aede97e94b1d1f129aaadf9b53548" +
+			"553cc2304103e245b77701f134d94d2a3658f2b41108c5a519c2c8f450db" +
+			"027824f1c0ab94010589a4139ff521938b4f0c7bf0986585f535b6e292e5" +
+			"b3ded23bf81cec17c8420fe67a449e508864e4cbb7eaf335975668f013e9" +
+			"da70b33bd52a72094a8f03762ea7440ce9fcd10e251837cfc9ccc1a8cc47" +
+			"0c67379f6a32f16cf70ea8c19d1a67779a9b2d2b379665e0e908a88b26e7" +
+			"8c9f94f17acefa6d5feb70a7095e0297c53e091cf98df132a23a5ce5aa72" +
+			"59f1154b92e079f0b6f95d2a38aa5d62a2fd97c12ee7b085e57cc4652863" +
+			"8defacc1e70c3aceab82a9fa04e6aa70f5fbfd19de075bee4e3aac4a87d0" +
+			"ad0226a463a554816f1ebac08f30f4c3a93fa85d79b92f0da06348b4f008" +
+			"880fac2df0f768d8f9d082f5a747afb0f62eb29c89d926de9fc491921474" +
+			"1d8647c67d57ac55f94751389ee466bbd44dbe186f2f38abbc61a0425613" +
+			"e9b6a64e6bcb45a2e2bb783b9103483643d5610a7e2dcdb10b5d78423285" +
+			"506b42a99b00a4fb7b619b4526bb4ec78299dd01ad894fde2f053e18c55b" +
+			"6047f86333f2690c2cb8e87d9834ab8a5e339aa346e4d9952ed62dc083e3" +
+			"b11a823a67f23fec099a033f127ebe8626a89fa1a5a6b3520aa0d215a8e7" +
+			"dea3af37907686c16521739a95d6c532cc259c497bf397fceaea49cd46b9" +
+			"ad5c1b39a36fdd2f0d2225fef1b6ca2bb73fe604646c10ba4c572ab13a26" +
+			"559ededc98f5a34c874cc25621e65ba4852529b5a4e9c1b2bf8e1a8f8ff0" +
+			"5a31095b84696c6381eb9ad37ac0db184fe5fccf3554e514946a33cabe6f" +
+			"4d617b549d28ad1cc4642dac96e0215ee1596481600d3619e8f45e2c9ae1" +
+			"da834d44aca216bba0efef6254503ca90339f2d7ca508b2722d50c08def8" +
+			"a736590fa44855cd9eb9979c743783aa26e633696739f2ae25ff7b72ceb2" +
+			"4dff4455b85bbd675c8cb71ad18386dc58c371bdf37b4b3875b98a9423ff" +
+			"3becfc0d0ba2aacab3ee7683cb3b345095fefcaca5751ca793da63c89428",
+	},
+	{
+		key: "f3717306b9729be998cdb2c9d856306c5ae3d89da2cdcef12f86f6110c98d873",
+		tag: "907dba0f4849c7cf4570b5128b5f31d5",
+		in: "079572187d4559f24d8e48dc366441acf226a4db79e214ec3ee288acc349" +
+			"887e2e377419bcafa377d0151497b52e4d9cf2a02b0fc91ad9516482bdf6" +
+			"eccd1497954b53241bfb0bc5c04cc45045c6251f23a510060fee32721872" +
+			"bbc95cd8d400dff00bcac2ecce6229c7d73d8f85ed5a87afdccf6dedd299" +
+			"2d5c7b5b8090c47c737ded036ff0e9aedf02a2242fd9820be618b9601e73" +
+			"d3ba5d8f1ae9805cfd2306251704bc74e3546997f109f1dfae20c03ff31f" +
+			"17564769aa49f01233c9c4b79f90fa3d1433d18cdc497914046ad77d2792" +
+			"2588a7d0e61d4258d7d80cdab8503e3111ddca22cf7f39c1f80f1e16a68d" +
+			"9e21db8b53dd316dfa4233cb453a39a90101c60efc08514a3057db007e96" +
+			"507745bd4a0764ed8717a250bffb5fd1ea58474bdfb5b869681939693926" +
+			"40d832a3387ed4ac9cdab0d2af8fcb51b86e4d927097f1e79b5af96574ec" +
+			"d59d0dd150a0208978c41de28ad6cadf72a49279cffd6dc281c640f2e294" +
+			"4cde49a13ed390da1dd92e3011ce0f4a0863375a9db3f67fca1e3b8288a0" +
+			"78611161d7cb668ecdb932e1ff3733982c8c460eeeff2bca46c96e8a02cf" +
+			"b55d770940de556373a4dd676e3a0dd66f1280c8cb77a85136b3f003fab4" +
+			"887dad548de7bfe6488ae55e7a71da4097db03900d4b94e776a939530328" +
+			"83492da900b2a6c3e73d7a6f12ee30c9dd06cc34e5a3893976eb1de5864d" +
+			"32e792ac02e68d052d9d0cfc7cfb40b77728422f6c26cf68987c6b40fcfe" +
+			"9d660abc657360eb129de11bd70af5eb8fe350af2c27a6ece2cdf81b94c8" +
+			"0e68e8c51106497cfa5171236efe2d71d76b5dff3352af9b407dc5aab60f" +
+			"46b5683646f5b28732b7c750d351a08a507243d8e437cc4bef13a3edaa20" +
+			"5fc4e9968b4e563fa0dc965ba20b8e48bc188a321b16d3213bed69647512" +
+			"7a20afc1a3680ef261df6d37b017dee05cfc3a42e4130216e5540cf715c4" +
+			"e638d7d615c50bef576eeb19b3b15b2c2b454dfcef2b18161a143ddf52fc" +
+			"8e88fa71cbe34c92cd4b5a0adc81e5c33e11d2721bc1b95a9e693ac3cabc" +
+			"490889a8a42bf7e22375b679e8598c8faef22a006ed2da8ab1c08aaed2f5" +
+			"6d6f26649036335c0881bfec1e3a5346335c3b3707ee92173f1a7a3305c2" +
+			"933f78e995da8f1df64daf12b81ce23c8813c27fd4551103dc33561c2e80" +
+			"45b6b6770fa03498fd359a104884699d628020173edbcc4398b977e456e4" +
+			"885964840466176a490e7c513ba5d66090277c1ab1632a995a54f555a452" +
+			"1170a000507865b6650730aa6d6050a55959102836fff3d37e4773340e59" +
+			"2e56951ff9652519de4421d9c5b63edbeb30a3852a1ea110a9a29721aee3" +
+			"23d5a306de1624cecc87badc47aa87f489635d2fb60bff62ba67f5257999" +
+			"6af0a1f1a6fbcd8704e119196fcc289a6db6a4170a2cae31a1d30744b702" +
+			"2536d1526d41659c2dcc8b39c26aecfc0f8a707136d81b2827a158fd7386" +
+			"a537514471c213a8c859016748e0264cf3fbde10f40c620840ec4df99432" +
+			"e2b9e1e368e33f126ec40c572e841c2618d49d4eb098b9533b1f4ae00b46" +
+			"8d15de8c8ab6d0b650e599576f2bd90a124c9c6a0f911fd1bd8253bac272" +
+			"942cbdf8864f3747ff7f09d8a5a9d8599be7ee1744e5f1faf3e526cd2a06" +
+			"b157527272af9d38565957c9ce663c295766c0e0e464971c6282b70d4c0c" +
+			"1fb3b69856b34c089ad2b2c745f5a033cee1429c5b855581ee285278893c" +
+			"43a5968d9c28384b7abe8d072ba69089c938685cb1eab461f05314ad6d06" +
+			"eaa58512f8738bde35b7b15ef359dd2e8753cb1ed6",
+	},
+	{
+		key: "9772c1a4b74cbf53586e5df04369b35f1fdca390565872251bc6844bc81bda88",
+		tag: "68eb7fc459ecc3be819485001ab438dc",
+		in: "e115cc2f33e367cb85c01a914b3a512404ad6a98b5b0c3a211d4bffd5802" +
+			"ee43b3fb07451c74524ec8b4eddbb41ca33dd6e49791875d716a44bec97b" +
+			"7c2d4546616939ffa3b1ab9b8ba1d1a637e7c985cc922606caa0453085e3" +
+			"5f2fe0bd2de129d1d1856ade975a3281a62965927d8bb695e54514e69558" +
+			"89361a2a00a1b24e62bda78d0b71a0d40147016fcdaf1a702331dda8e678" +
+			"d8f476dcc91698da1688c610ec0cb1d9b8fbcd45dfde6d1503ba60a01337" +
+			"ae5b2f5c854a82c3087779babd2e522dd92f4718cd9f8c649ac226745ca2" +
+			"fa1696442764758f67cd926369578ae87612790dc56ed9cda935281a490e" +
+			"5c984950ec7a4e930520d273a69da4ed3a330e532508e26f942961fed0e3" +
+			"efeed52a7b96250d723155aa39a8ae85131c255c32bf406b647de1a37fba" +
+			"dc61e302bb5b70adec4505ee66b3a1d1b7bfe9c58b11e53ad556d56e5807" +
+			"017bb30b71be94e8f86aaf1496e8b8d6db75ec0afbe1cd336c23963c745d" +
+			"7b4ba1787ceb30728f1762b46f6eaad5064c8029d29b86266b87f93142a2" +
+			"74f519f3281d8c1cb43c23eb184ae41f3f625cf624b05a48d73cd7783fdf" +
+			"14954a03ec1a930e9a954424eff030e3f15357de4c19983f484619a0e9e2" +
+			"b67221cf965e9aa8d8926595c793adfe0181050df8b845ce648a66df532f" +
+			"78b10c83ecc86374a4f8abf8edcc303654bafd3dcc7de9c77a0a9d1d98fb" +
+			"121534b47d16f75b55fdc2a5e2e6799f8a2f8000d4292282e56863ae422a" +
+			"5779900ad6881b78946e750d7777f33f2f013a75c19615632c0e40b98338" +
+			"1e9b8d35a26abe30242c45662eebb157e6d7a8a5519de60268ac289b8295" +
+			"5d4feb47b9eef6da65031c6f52c2c4f5baa36fce3618b6a331f1e8bdd621" +
+			"48954fcf0846afeeb0a6cadb495c909a7fe671b021d5b0b4669961052187" +
+			"d01b67d44218471bfb04c1a3d82bf7b776208013fc8adabaefb11719f7a7" +
+			"e6cb0b92d4cc39b403ceb56bd806cbdcc9ee75362ab4aaeb760e170fdc6a" +
+			"23c038d45f465d8ec8519af8b0aad2eb5fae2972c603ed35ff8e46644803" +
+			"fc042ff8044540280766e35d8aaddcaa81e7c0c7eba28674f710492924c6" +
+			"1743da4d241e12b0c519910d4e31de332c2672ea77c9a3d5c60cd78a35d7" +
+			"924fda105b6f0a7cc11523157982418405be0bacf554b6398aeb9a1a3b12" +
+			"fe411c09e9bfb66416a47dd51cbd29abf8fbbd264dd57ba21a388c7e19e8" +
+			"12e66768b2584ad8471bef36245881fc04a22d9900a246668592ca35cfc3" +
+			"a8faf77da494df65f7d5c3daa129b7c98cef57e0826dee394eb927b3d6b3" +
+			"a3c42fa2576dcc6efd1259b6819da9544c82728276b324a36121a519aee5" +
+			"ae850738a44349cdec1220a6a933808aee44ba48ce46ec8fb7d897bd9e6b" +
+			"c4c325a27d1b457eb6be5c1806cd301c5d874d2e863fb0a01cbd3e1f5b0f" +
+			"8e0c771fca0c0b14042a7b0f3ae6264294a82212119b73821dcfbbfd85bb" +
+			"625b6f75e4dc0ee0292ab4f17daf1d507e6c97364260480d406bd43b7d8e" +
+			"8c2f26672a916321b482d5fa7166e282bfeed9b3598c8f8c19d2f8c8b98d" +
+			"f24c2500c8ad41cd6ed3f2835737916d846f1a6406cda1125ed7740fe301" +
+			"d1144559b7c95fa407599ae40a795226513153f86c9b8abe7d8aa6963c99" +
+			"5646ec586cbf20a03a698cc0681b7bd333402d00fa8e15cb32300b5a24ea" +
+			"316c5e1df67de78891846cb9183a4b112c3bcc17bcaa5fecd6c1dbbf6ef8" +
+			"272d9269e7f0ba9f17050a6aa5f11cb28874360396ab647941f2c9a85cb0" +
+			"6a969919b16997b0827af8f909c614545f1ad638ebb23109f6bab6b49b22" +
+			"b2285cabbb998b3e1bf42771b4d4e52330b224e5a1d63169ec85fe1c7dd2" +
+			"46dbafa6138448420f463d547a41c2b26026d4621b854bc7786ab3a0a93a" +
+			"e5390dd840f2454028b7c3bb87680f04f084089bbc8786ee42cf06904d01" +
+			"7e405144d2fae141599e2babe71abfbe7644fb25ec8a8a44a8928ff77a59" +
+			"a3e235de6bd7c7b803cf3cf60435e473e3315f02d7292b1c3f5a19c93646" +
+			"3cc4ccd6b24961083756f86ffa107322c5c7dd8d2e4ca0466f6725e8a35b" +
+			"574f0439f34ca52a393b2f017d2503ba2018fb4a0991fddc1949832d370a" +
+			"27c42e",
+	},
+	{
+		key: "d18a328b63a1d0f34e987682fe6ca3d48b4834b4312a17e99b3d88827b8d2238",
+		tag: "938b43b80cb3935e39b21dd8ba133cf8",
+		in: "bc2b0baf92580ee6c5efe640f2a029a791a3c77bec459be74cbc30931508" +
+			"d9f312c3a0944212831cbe4fc92e8f107f2f750c91bcc09f7624fa9a09b4" +
+			"9b7712cf5d619ea9da100fc23068ae2f4e353047e3956b215884bdb12235" +
+			"3f06b8ee98f36c3212493d61ae9ce151cd0453f3075b18a12d7d73da3de7" +
+			"dc2d98376cfb420069ca8148c511ca6bbae57572394a3c615a6fefb30c5f" +
+			"d727f964b4065ac9ee252bdd2bcae3e70162fe0e8069974e073f0a093d45" +
+			"be52d7de16a8f5f65c548aa6525822ffb00dc642530fedf355f7188ef017" +
+			"56384760c80afb61ad903d10119a7d615ec4fbdc79c490160bdeaf200915" +
+			"e405f2a921a2380c0ab9d2ac1e4fdc8ec4b907368c004458598efac13dc7" +
+			"2751e7faded538e3dc8b16590cac9b7ec294da0ad53e22cb9c05d8ef494f" +
+			"a04f6ab7c843c867fbe3cf1b4eb146d65339b0b03392259f12627a8e98e8" +
+			"0f4896c30b8ecd210acb2365539a872541921dcd8e1e54caf4936dfc7e1f" +
+			"68f3bbce61d325b447a8cce7f0fcad28494f2e47dae46b136594b5dfca7a" +
+			"bdafd6856f91496c05b21079aa55aa8c41628220a2cf0cdd755893375b7b" +
+			"b13d914c9a1d1db4a18f8fa36c55e52d0342352052032fb62d32fcd51cb1" +
+			"ac46f44b06e682db5d96d583cda03b966c650c03ae53542e8da1066b6884" +
+			"4a7e2280c664415e413f270b1fdcfbb40b9daa6131d071ee7eb1553dc5b1" +
+			"a50677971223dc316d2d326d57cbd529c88698facdca425e2d5c6b10d7ae" +
+			"cae28b8890aa44ede9b9193dbe8d1d8aa1fa580ca384b57eadcbefc96dd8" +
+			"bfccbe3b855a96f1fd4913035f817b75954ef1827c7718aab24d353e41cb" +
+			"a73748e14e0c2750d5b6a9752125708cc7ee7a498c7fbadf4186e7f8fa93" +
+			"bfdf281a49400f877621651b8ba87edda5231e80b758564e75139b61b1a9" +
+			"9fb9ec694f928ab1f47c6c4287bd4182d1b2be053380616e98da06f3ef57" +
+			"b570ade17c51da1d602b6ebc5a638ebde30d99bf4f91d0e01557c7dcd8f7" +
+			"9e5120143c935fc699eb5616ccd3cac56b5f8a53ed9e6c47ba896bfefe71" +
+			"2004ad908c12cf6d954b83bec8fb0e641cc261ff8f542b86e62d90e227f2" +
+			"a5bd59c9d390c0dd857f6da2b7624787a0bb31908bae84896890b283da61" +
+			"d8ec4f56eea38b22b438d6374b42243f9c1d94288874e53ab90c554cc1f1" +
+			"d736acde67aff55007fd4b3becc4d0f3ddd96f10dc75255cb0327aa47076" +
+			"2b3a3a656e33c87b02a682658b6cd2a75d9c0462803c9bbffa51441501a0" +
+			"3a2fbb2344aa13d27ffb9e98704ea6720b6a9992e53449688cd74d0648fa" +
+			"e8e776b0ea6bf048b2ec05341e5948cab0af015328b284ae7bd89a5f763c" +
+			"eaf5ca3e647a9f5bff7197e4d357e4359fa5fe30709545453149be510e3b" +
+			"ff86beeba5110c79c0215fbe9ac9339a8ac7d41f7488588ab14ac657aaf7" +
+			"d5c03a353932bbb2b261f0e83f3526c5e8e0c2348a10ab4eed6ecdcf9014" +
+			"7550abcb0a722f257e01d38bad47cdd5a64eef43ef4e741bf50da275720a" +
+			"0aee47adfc5cd2534b911dc269197c3c396820b303f6941e3fd85b5ed21d" +
+			"6d8136745c3eeb9f36b1f226434e334dc94be8a5606079cb7643136aacd2" +
+			"da9c38b2eb7e2b898bd8632003767bf0c87d00a3c2fcee48bbbcdd949af3" +
+			"3455128216709df25879b0ce894ac4f121dfca6b8c7865002b828696641d" +
+			"14ffc59924fbda50866fded0afaea545c8008c564a3a0b023f519a9980ea" +
+			"d541d91d1c07a739fd02286ea5660e473f80494236a68e84ea31aad71348" +
+			"e45055ded69c39941e31d51df257a4d0b0d8f025dbedee093f2b91795bc1" +
+			"533dc472020769a157a187abd6d8d52e1693e2ef56b2212759d0c0120e54" +
+			"c425d0084fdb3925e296dd6cdd8e677043a90674904057d88ebdea5998aa" +
+			"03562a790adecc4399352df43e5179cf8c584d95ef8e4b37295946b1d37f" +
+			"faf4b3b7b98869184e42ea8b304fe1059f180ff83d14a0861ca7c0682c34" +
+			"b48a70df8653bd8d9a26f9489e1271fa44e41b392e648d0e619ecdad2c53" +
+			"952094802eeb70ade4ffe096e3049867de93a824217e31364b18204e9681" +
+			"dd8e84ae2678aad155b238f59dd9bf9ce07e97183a690b2a46a8f3624843" +
+			"5b2f713e7d8dcda4dea1e3c4cf9692dda082322c51f7bb1f63d92aa987ec" +
+			"cf1355a043e21a7b8d60a2b97f18487f6fff4c77df92dbfdc9837540c518" +
+			"9fd9585731bc6e726a34ca21154b0499522c9d1016953dd0fa2eb6a92b6d" +
+			"14d6e3da5c12fabe92bd639e253983fc91041091791643",
+	},
+	{
+		key: "46e8eb27acfdc8f4be622d8741c7bc414464c149e21da97ab4afbf3e07b98b0e",
+		tag: "56b5f49be824c7a19b19faabf0787a87",
+		in: "ced52b76c057872a60107194b432cf04b7be05e65209045d2952ea0284d8" +
+			"3e2ed5a15cfdc58071204573c18ab03765b4d5e63a601419e039c42075b2" +
+			"7ebb2827de9c6233d6632e6d3db9140bdb4a9291d53f33734c2dc8e24df9" +
+			"0764dc10e0d321d20fdf659bfa2a81bc9e04fd0f83448143276647c08bfa" +
+			"dcfe3bc23898eda655c9353693ed7b022f43eefa23c21db7660c5029ca64" +
+			"a6085d93029ea6c43197356f56b7624d4819f5008d053357d981ffbe7f40" +
+			"96d6c55d8417002d36189b04bbb2c637339d90f4910a400833a8d422d88d" +
+			"c816c1636e8d9f7f926c244a28d9e0a956cec11e81d0fd81d4b2b5d4904a" +
+			"d1a5f55b5ec078dcb5c2bc1112bbfd5efc8c2577fe6d9872a985ee129e5b" +
+			"953e9cebf28cf23c6f9c6a5e09cb09ab586c6a50e4389cd3110777591d7f" +
+			"0608a3fd95b99f6ba03984fb0e13c6bbbde3668c59f2f2b69d7caadffa94" +
+			"6f67e725d56280e59e66dca025a18d4616e81abd9801835bd94485bb2025" +
+			"dee81fba440005b181ee81dc1d7796cbec92e4ec1c9016c8e8073cf281ce" +
+			"f749993f09a618a4671d58b476feffa454600f82955c591882715148a826" +
+			"586f68bb50059914dce1c1c85e5e3951647c9964ec9316005209a58baeb5" +
+			"2c6d01e6b4c275c0050a7e2bdc52133e433b050a700b556d4314e5c041d1" +
+			"93ee47f47adc971aed1b63259dd5cd4f95854a71a947eae3d3d12d0d7b52" +
+			"c6cd2fef2d2e892607a9681d73ac3236fad21ee30a4f857010bc95c00d5f" +
+			"6f0c6b3fe50cd6452be6eec4f5f01542dc2cb5e2db1f52224f11348fe2a0" +
+			"5d1e5885f1317f2d06ce2813dc4c723008e836a2ee95d0aac66855fe4c3b" +
+			"1b2e02ba0700be759b1ef1c2a3123ee4ccf9200d8d4de5e0d503f04c2053" +
+			"66393d1e91b648392ca28389d976aa618b4796acbfe8aa356ecdce1f7786" +
+			"bf09af226bb9402317b6fa319bbb9248d8ce00b1f49f066c69d4df93266b" +
+			"938342cd7fd4b07c320c2409ef72d8a57c21d0c6d6d493f7ca94d01b9852" +
+			"e4fca6a9291e9060154bc38af6c86932645f53914709fc90e11db56ec471" +
+			"6d600ee6452041248ea8244f79534f793bfc1f2020855d817cb4ca3c48ea" +
+			"7f6441ce9af9bda61936c226d810086c04a35e8654fdc30d4b35701adccc" +
+			"016d5895b2121ba4066e44d694f6371d97911786edb73dc3020ba186a01f" +
+			"ee3dd6036c0e205a8d05979bad228fd12c0fd2fded6c7f1e4c11354d266e" +
+			"d9c2f706269c43cd90504997d93a17b39b10dab0ff083ab3bd06540ce612" +
+			"d08f46ce75a16ef330525737410a0d98fb3d484968f9c12edcaf50103fdc" +
+			"c14128ea4ad6c30b56247eab28197fe617e5f88afa5cbe003c63d423647a" +
+			"d3042626fafd2084a0582ff1b1efdb5baa162662048019546234e2f6b6a1" +
+			"d8bb971114aae41df7795b4f3598f2af9e8921a9aadc7fab6c780aaa32a3" +
+			"84865a4ccb02351dbc55ec92a3152d1e66ec9d478be5dca17b4a131b4a0d" +
+			"3d4420fc6123fef80fd56ca266407d58a7880d6b7e5ce2b6bdc9a3721071" +
+			"7feec573d83c83a2e3f7d4023f2f68e785cde728fdbf5054060e4c89faa6" +
+			"1c9dd10524a08811d15c627b3b4ada549a3fa1d8dd77c005daaf2addeb10" +
+			"0abf694da8dd692f113965cd6366a5a7b0c17e1f2a320243e2c90b01418e" +
+			"22426d0401a2c8fd02cb3129a14fdfa6cbcaa1f1c2f17706e9ac374a3458" +
+			"777761e986ee4c358d26f8e420d33230d198fd86704e77298dd4c40c5205" +
+			"7566ac0cd92993b21937c3a3b4a8b89110a97cf38c781ad758bdc28f3565" +
+			"60cf3acbedfa8e05b396d226ef619746e8e4fa84c8e00a7f0e6d652808c8" +
+			"9c9b123d9bd802624cfa949eb68af85ca459b9aa85b81dbc0b630856cb9d" +
+			"7e18cdc96b3c069a006dd5b716e218a5ed1f580be3e3ccf0083017607902" +
+			"a7967a02d0a439e7c54b3b7ca4cc9d94a7754efba0bb5e192e8d1a6e7c79" +
+			"4aa59e410869b21009d9443204213f7bceb880ccf1f61edb6a67c395a361" +
+			"ff14144262b4d90c0e715dbefce92339ff704cc4065d56118624a7e429e4" +
+			"cadf0b9d2e7ffc4eb31c6078474a5265beba0774209c79bf81a930b302bd" +
+			"0f142534a6ae402da6d355a010d8c82dc379ea16d49b9d859a7de4db6e62" +
+			"40f6976ae0f47bc583b327df7ec88f5bd68f713b5d53796e72e28c29e843" +
+			"6c64cd411d335623ff4f5d167f3c7b8cba411e82f03714662425c8e1bc1e" +
+			"fbf435d28df541a914a55317de0ded8c744a1c3a6e047590244b207bcdcb" +
+			"f4bd1f9f81210deddd629192c58e6fd73e83812f084ef52f21c67bea98ee" +
+			"17554437d9642e2e",
+	},
+	{
+		key: "b41210e5ef845bd5a8128455c4e67b533e3e2b19dffc1fb754caa528c234d6a0",
+		tag: "72c9534aec8c1d883eef899f04e1c65e",
+		in: "7eeca180bb20d99635e36b9208221b2b8ef073fbf5a57f5190e19cb86c49" +
+			"89b0e8150d22ec3aaf56f6ed9cb6720284d13a4b0a34cd3d7f7fc7089326" +
+			"6d1893fa4185269fb806677ff490aec8f889896fca50d6c80d295875b1d5" +
+			"4a779b6d49305360b31011b48537157d0f323ff4e865d46fba6bd23a06c1" +
+			"46878cf9404360d325432312ff08ce495edca63a3c93c44d79c050e3f1de" +
+			"4b6ca5fedbbd43dbdef9ceb26d440a59c7e0be3a8e461c4f15b6b1e1dc36" +
+			"a71fc723ad593fb903e83d0804ce497fc49bfc6b6a602b9dc6e9891010b1" +
+			"4ca066cb1c68044c1ad837c638076dd3708078509cba49fdc54922cdf5d7" +
+			"715fb43e9b5a5942cb8950eade143577bc9dcedde58d51deddc70075e452" +
+			"bbceab1e95b5d003eb96bea69687faa6d50d9c605769cb4287b5d9924dd6" +
+			"8881c699abaa6f93e41dac7639cdbbbd0259099a3ed096f482a1fa322b15" +
+			"ffc379812c74e09e95f1bd3706347eac421fe56895e738a47fcd3e118773" +
+			"c3a7e7e264cc7ff5a53a80e436df058265dab9756fdf6913786a47e98bbc" +
+			"411052d58ffec9ee948e28cbaadaae471c5d828eaf3b3c87d3bfd495477b" +
+			"403da54f1418a15ace0d4d0df68f6a8f2b0457b127d5eae1f45ae055afa1" +
+			"8f058d5dd7eea559de3ae9378ca53f7d6dc9a9465ea1f945295f16ee0404" +
+			"7fc9dd3deda8ee32631d7af70c20edc1e12c5f8abd2e78f43dbd4cd6407f" +
+			"038efab144a24ea8a090a7ba3e6499345a60106220c2959a388e1a73d070" +
+			"1d854bfaaa86165a5aee934b615ac7f45da7c43a1e8f74613917ed10dcd2" +
+			"27e4b070414412e77851db5bc053e5f502bb4e2b2645bca074c18643e814" +
+			"4caeccb58be49ea9a552913c0616382c899635eea79a166988c206b9aaa0" +
+			"977c7ced89c4c7aaeaa8fb89b38030c44530a97187fda592b088198b63a5" +
+			"2dfad59a0a4c1aadf812bdf1881924e8b51b8fd4dbca8e73b2986b3ab484" +
+			"171e9d0cbb08be40ae60de8818bd7f400191b42c7b3200c27643f06720a7" +
+			"e0a17441f34131629388ac43955b78c31ea6602a70dd665f872e7669e865" +
+			"f6f40e634e8772d747608cd3a570e1726eb1ddca64f08582b022bb026eda" +
+			"6a913dc83f174ce3c18b9fc0503d3ac74e2fe45691d6dfb4af8c86d752a1" +
+			"6d6664fab4de08afe8858392fcc35cb9ea82fc42c42d48c0c0556267ea0d" +
+			"cc19b10f05e0318c4488ffe704b5036908f5cb938eebd3163503acaa874f" +
+			"592d945448fbeb93a877a26a72306a36e181745ba300afdc30cb7986919f" +
+			"3dbdc5c47ef1fa052a9e4aeeda3955f61ce2f30a0593a81dbaffebac5a49" +
+			"e5a8d1308352701d1ca9e620a67a89abdf5f0f8b1a0acfde5819981d4b77" +
+			"58799c0fe41030b86754837712af821c315301aa8dd50d1387b9fb92ee63" +
+			"10777e08229edd54e5e86b086ac281bd321082ef46ce298a6211aaa3aa4f" +
+			"6e55b5a4641220ec94cca73087760da1b1ac3e0da3f438214e691aa184b0" +
+			"535950b715a64d11485940dcaa3f72e0aa521002b1443f5e7880e2a85b83" +
+			"40d32db0fc4c4702e10f0fa24a35da9307850e945f608ad34d6cfdf6f2b9" +
+			"ff4f6b8e9eb5a883546578e2ff3cc5787322e4384640f42dc5bd05f432d9" +
+			"610dcf7c06cdf34762dd2a5e805e24aee8cebb3b4db9e4d1471da995bba9" +
+			"a72cf59ea8a040671b1d8ce24a3dce4fc86d2df85c8ab5e1eb2b0567c186" +
+			"4fb464f48c3ca72c7df2749542ed4d4be51b63769012ce3d06356856b2a4" +
+			"24995a2429a156ad93bc79c705e7b163149ce53a42c34a19680dfe4fd0f7" +
+			"fce38c30dffe9da9bc941d131f435c1398f8284a230e9d6e3992710074c3" +
+			"881d03aa309a9edd0fde7a39c33f6455dfcc5ae3fa20ea0e0d6549a43536" +
+			"b4cd8a2991a135b7d7a4265fb840318813091274414108f13fe191db7774" +
+			"6a5f4270f6d51a29ff523954f84cb76131d4abee79161dcbd97dc1ef24cf" +
+			"db1fade057dddee00a1e0de0db1afaeed1b535f7bb402afa3b297551fd14" +
+			"8c8f3e05f1351d3a8ee2948daaf14e7fc448c4670c906ae076eac5a7c656" +
+			"fd5f9cd937b91e26c9e5adb43c138f8d65e447b0022a524e059f879c6e27" +
+			"4ff7e671f75717233aae70853d5bd7bbb41b43c47bb08d6dc2f54f9ec606" +
+			"9487d1267add72403d01552a3d138abab9ca8a0d2dc32439759aa5695f70" +
+			"1a17d28dfb85850fdb55fddadcdde4d220e4b05821e5736d346e7dc9c945" +
+			"72743366488b1de8975184771361894b6520e3407c5c2e38473430969e35" +
+			"b106024da8618665d58c9d084824a28991a33658d6ec702139e01b65b7d0" +
+			"cc537a644caeee880657803d95f5f67816948d5ab362922f8ffbd531473e" +
+			"b0ff8fde2afc37a4abfa28dbed0be1b3d4ed48a1d02358e8403905d33b12" +
+			"3066e7a9fe2491ee9eb24fc9de7dbd322c8ddbc5ebcd0d92cd102ebac96b" +
+			"90e2fd784fd6d4b699304df23b17d963080a013794322690456be525c071" +
+			"b78fcd2d1148026e44ff14c4d0f942cd44d2b3263f4a93b79ec7a618b4b0" +
+			"d77ae7a1f6e6c7c7e2f498b825bf1954df348bae45ae1d7c87b6787f1212" +
+			"60c9a724429a4a2491ef989f65acfdc72fa717486dcf1984905218e11cc3" +
+			"970a09d71061e6df751f100abfbf",
+	},
+	{
+		key: "d9b0dc303188756312c12d08488c29f43a72e78714560fe476703c1d9d3e20c1",
+		tag: "6b9782f2a09b59653aa448348a49291b",
+		in: "dbde1820035997dc8a8ff3015b4e0674e7ce7bf0c2d994b7977f2d91b49b" +
+			"f200995040daeb1218a0f4307b6b8211913992b070d321bdb947b4ba5017" +
+			"a0885e7e5502710a75cbbcb56d49e1bdc2bc2afa5a0e83851162dec41340" +
+			"bafc41c5e11fcbf4ea2ac45bc57def4742281bbf734777f83c9ae1ea3d5e" +
+			"d42380230570f59c40d5dd9a2d89b75fa3c92664f12a274d965ed8de79a8" +
+			"b37f3763939ad21d1703ad794f617c8b32b20cc4dd7c1b7f969a65e1bafa" +
+			"f6c43f30c9eba256f10201910e2cc31a9b13a46ad29257024ef8f2ee29b2" +
+			"ee63cc5b6230ab9f87cd5cb534f4b0bb08a790466e0d57b849fffa1ed21b" +
+			"fb0b27804e3ff9df7bebf14e100cf91691a493e53870abfad6321f6711c5" +
+			"0fbcf1f0b2c1e5231d6c0a08e710525176355f6f82bedc1f787f0d3cb41f" +
+			"a11e91ebf9f4cbae46035a371232d63ef0d8bda0355af8cd0a2f7d1327d8" +
+			"0ab769ea0f1da0f76ec99cc737b5ce84675fa8a9ac0c98342bb82b5848bf" +
+			"656d35327ea01a1b09d84ab974c307511af68a30cd6978b529a8f58c68a5" +
+			"9d476062ace8897ec0d1a90d5d167e29ebaa6f46d93d697760c8771417ce" +
+			"94c0f3698985a98702833d1b68641b811840ca3d935386dbd4600fbc81c8" +
+			"728c4fd0e4588be739a048f03bd4ac651ceecd7e2fb120fe7190011f957f" +
+			"cbbfdc025f1ca0b356208db8cad87fcd53c5d3a30a7c2a48140ccd4cdb49" +
+			"f3961cef742caedd1e848bf3cacafb0da030416bf3177877aa0bc5f9d1cc" +
+			"41fafcb829d5e3ace9394028683d712552579e024084a6b855830ad9f567" +
+			"ff58f05d3ec263eddd6f56adec378f167e8dabbeaf7d0a9e65c71660314d" +
+			"6c8d54beeca2711113fbc32a2ff8c0daa8373278d10085d2a0660ad53f4e" +
+			"1ade74a483be180180acf9e9ad3ea5bdd9162ccd69599163a451c6837d5e" +
+			"a5e115bd9a560f395128ea002ee739009a44fa46078b18959933fb6e866f" +
+			"eb4612a56ce93b1affcb95fccaa18d71a148582ba1412a5daa07404fcb39" +
+			"c3cb4a2519cc506c1172c6c326016ae2e5410f6a438569f35a50d45cbf3c" +
+			"c46188651aa22c257858f60649cee8c05c75953ce49358dfe5980445fce9" +
+			"614ccd16d333ad236e29d204691ca0bf46f29da954bcaae52e41016556d2" +
+			"f4cae1d37565bcbe84de1b49f344d0200478a38187da29c155cc98184d9d" +
+			"33dca088d70054e0fce321f7a90c48a14963d0ace2b4e7a24b21c14a5e67" +
+			"1994fe1f7d22d1135d4df9268dd18d323fde3603288735626a5449582d35" +
+			"30e2c2225414e05a8c7b987c873a82e272a5d83e59b90f3d7264631d6ad0" +
+			"4a0cf3b5e96596a66ed5bfbc24ab6e4870aeec0acbad2cc5affaee06de32" +
+			"dca06f175bf763cf8e7fdf95941a177e934f0078be7dbaa4c9b6f5c16b4a" +
+			"5607bab5d56144a6ba3c7d9a084b8d1f4b24b6f9754ed207b230d3a2cc26" +
+			"259ccc725e1f8a44c4df8143e13edb5ebf073e2c9d2da5f1562df4feece2" +
+			"f6480987f093f642eb7afa3aa92dce2a8b60bb925cd2d11cf6c2ae7d2153" +
+			"1a9c8f068d71d0e682023932fe64e956a49347aed22b21084c4a84480491" +
+			"244ac6b337b6d12d5551ad5684766c68bacca62bdcafab6603c81bdbd8e6" +
+			"80d9d8b3825eaea4df023142e840f98ee251466a0422d810a54726a9f03a" +
+			"7e0afeb0043e60e2ba4908f951d2e87fcbc372096f2a9f4f2a95ad5faede" +
+			"3796b11ecf4401c3ee3d268bd8c46476c61e0ffc5c43c0f3c58c79e20f75" +
+			"520c102aa3c260972a870fc50f8841fa0553a9e30bf37ad282fb51b34adc" +
+			"7a933ca1691a8a706605ce0b906fdccbe954f8e5f2f63c42599a483c4be7" +
+			"3a041ef90ad930fe60e7e6d44bab29eebde5abb111e433447825c8a46ef7" +
+			"070d1f65862b30418efd93bfea9c2b601a994354a2ff1fc11c383e7bc555" +
+			"9e7546b8bf8d44358b1ce8cb63978dd194260e00a88a8fd17df06373aa80" +
+			"04a89172a6051bd5b8cea41bdaf3f23fc0612197f5573f3f72bce39c9f89" +
+			"faf3fb48d8ca918586d4feaea7e0f2a0d7a6afca096a081af462ea5318cc" +
+			"898a9cc09e8258a837559570cbd5eb901e8c0e04ee88ba31c81a76b000b8" +
+			"0e544feba576b3eb5272b53e46e96a0b35b9c759caadcec61444f8ec47c3" +
+			"45a1d2304e2708eeddfbfa75a98eab3493889047d690e84431d445407fdd" +
+			"99560c0bdd287e0944116f8ac62ab992ed3f1e2b415aea784b03c6904795" +
+			"f4326ff60bc839615f2894570dc9c27cf928ef192047528a1a19ec990978" +
+			"3b0d1a13dd4baf4a19e49bf798975abe2ad167dd574b32b3d0c22aa4d9b5" +
+			"2761e8f56cf2100fe5a39fceae3d865f3724d4f299d07ff899fed6baf7fc" +
+			"eb7189357bf56cf94a6493e61301b43e3ed158cb9c7a0e615fd9888c2db0" +
+			"7f7689762f62ef6b3ad4125e06b07a422f5040c3aa8b8f205d68356c9225" +
+			"56fc4c976165fed9599daeb297498ecf744bf6c7dc5e30604c461ad99402" +
+			"2eea0fb6fe33f82a97b5c272fd24162a94b761ec7e52173e7bb42e88b343" +
+			"64f5fa2c141ed04a86b8d00fd9c25bf77a8dc3e63f5543331405be6bf421" +
+			"6a891089b316aa4f887cb4aff0dfb4e80c2ccd65ddd9daa74b17b4411c0f" +
+			"c849dc748d9b138279dcd9ebfc6e6759a53f5c28a41bb82107d71cc161fa" +
+			"81291a8290",
+	},
+	{
+		key: "fb70ae7ec12264ff9f51124da188e5b11dbf53cae2671363f6054b575b1ddcc1",
+		tag: "d9ab81fab28b3be96fa3331714e78c9a",
+		in: "c62edf20b1d53962b42386eb570b10378f9764421ecbd7c4802853332747" +
+			"19ff4c89c06005050fa9ba6579a844060eb7ece6c43bab520e683e0f36ba" +
+			"49cba259edc6ae35d41e0d7812a7d5edbe4d90cd5e0504d16f4c3f70d01f" +
+			"5a0313de55934b661ce1ec317968c2c4de60f45c66cded8c10565a1ca6d2" +
+			"3a84bf182df2fcb05956ed4d46b49fc0fe3bd23961d9466fde070341ce41" +
+			"bc6e148449360a31634fe10e91082d82def90d9da2c250ea72c58add2058" +
+			"d046b4392b78bc3af5b3936ed568733e8ad5672dabbfa3130a6a535ec73b" +
+			"da8e7223535f49f96cd35d56ed4792c5cb7076720d5461d96a2692b2ada5" +
+			"2be08fb7bad15d15a0108143790024f0f15f5adc275e783aa56b70844061" +
+			"e30952a040e4cb9650f2a010417812790105d8f58bd25d99b0db3cb16229" +
+			"3f6322e86cd5b0bb1505a7b998fb0f81d1e1915faca3c2c8ddea39115507" +
+			"80339430a7955521839deff5b301f3fad54edd5ebd2ac4ec9b1795cb4dc0" +
+			"e2eb62ebca8e886c3f1e507d10a0228c3027b472a7104b815f5ec8dae55e" +
+			"0783ff7ae9a3e6b99e381ad788206b135520cb870ba0cdbe876feea843b8" +
+			"5a82adc95a6d71c555f798da92b82daf0abfcdbc82ec30b1f12d78490b06" +
+			"7315735017a94ac150b44dfaace151896f873923310ffcd41e91bac04de6" +
+			"d70ea71565948c907ab21c4a23703fbbd2a8de6d3095f3d8f901538968e3" +
+			"60e7bfddb9d22036b1c23f4f5f1b2ee22623426a2d5de68c1e1a38e38e08" +
+			"e2b5670aac1edff69e9c73c2ca56cb69c709009ef1d541aff1fdb2b40c92" +
+			"9b87f162f394b76cdbba1f5605993e4dd9c312321d59b0aa5c6e33be1b10" +
+			"bfd00b92d4c02db064d0e4a98f2913c89051b0f0ead163deb5087b6466d9" +
+			"84f57553b0fa53850eaa142e072fd91802eb9f0d2eb7318dd620555e6ce1" +
+			"86706b866d41cf6ba81f100342faa14d801dc6f3d522db38fab17a879fcb" +
+			"b6acfe922163505bd23a6842f6ef6397ae5fb6e6016421998bd43b0142b0" +
+			"3ca3b16d6ccb7a47891c75c687d791a930b26aaa2e3412e7aa16e2cf1501" +
+			"7bf6df6d2e1c289af0d7ce03954a60c1dfcee5e4b3da51eb43ddd14faf59" +
+			"082005d0c8b104561f66c002ff426be60be769282fc5685cfd1968df1941" +
+			"73667e48e9ad681d35757f1199f1d93377bbad093c8cc3efa2bcb6ecb703" +
+			"694422772d15aaa58cab9e9ab277ed510f684114cc4a44ccadb3eb1c9a76" +
+			"d8619a9b7743106df6fb6f927ac49b22ae5bb9a9a4d231e340a2cd0e3282" +
+			"53f6d75df694826f60e4b3e758398793eaf73ef5d4b56cd1471e16400f40" +
+			"4a947e9737f4f874fe09a29ad799f4525156e3abbf0585c3c3c0a3744c86" +
+			"5d56db3d2ecba6bcbb1adcc8bf5f3b2a2d46d3eba18cda55201598a8112f" +
+			"d8f14e205f0e615f081b8ff6c5aa6669da776bfc7c34d5af4d0b26d0d819" +
+			"f6aacc53cf3c6653138b9a962acee9d6ea01d280c35bb1f05d1509238ccf" +
+			"004c5013167f804d1780d9f4ef9d45742fccac346b0472bde24ff5db9ae0" +
+			"16455a3c02256358fcd8e6a9aae94f8a37a1a3da58a889bbe3d295e16544" +
+			"2e580f59bdd31c92ffcab40c49c1cdbb4db1dd4882b66edc10fcb1704203" +
+			"c518c1d8d4c268588ce13fc38e0210aeb47d11d2603d4b3de5c6ff5e969b" +
+			"9d5904abb282b699bd04a6e9f1cb323679e30400d725aab128a032745dc0" +
+			"be05a46b02b34b93bff02523cd8498c021fc35a488f164a70ef1ceb873d9" +
+			"14a681d3a3a34cc76bfd5a547e2630d7741a284511bae5897d9f7a197fc2" +
+			"456af5c6cd7e1a93d3388c7a990b5feacd7749cf39fdecdc20adfdd540c6" +
+			"9d330195db7cc0d4555ea5f5356a3647e2265399f153c34ed1e217c5dafd" +
+			"c2c5dd3d566c332c7ddacb0d76ecd3a0ad505a4165443aa81b0f43cabfb4" +
+			"62942fe74a77c22b8f68a8b1a6d712d1e9b86e6a750005a3796ba1545396" +
+			"13170906d228dabf572ab969c762f8b296054f23d5d4a37bff64bf9cc46f" +
+			"43b491b41101256018376d487fe8097f1653a7a9e99e1ef2492600598fb0" +
+			"bbb7df8270be8b9106126d6f491f8b342a96ab95df6133e883d3db4c6a99" +
+			"402aeb58d371263a32dcf76d33c8904395b9cf0016fdfc15608eb43e20b0" +
+			"99cbe7455f7a76f69bba058ef96f83ae752587485657f89c7f26fde7fbeb" +
+			"a82ede581ee92821dc13b8202930aa58bd4f1c86f68926baca0d06fee642" +
+			"ea8c652d226af91a9638a0244f1a03c7ce56969b87cd5c1f86110d192e0b" +
+			"98dd979d74acca6c1956b1127d9a1f456053d17974081ed8ced0faa4293a" +
+			"319e5b25ba285c1151214f52c283e39c35af51c4572c8e395b7856697bfe" +
+			"dfc4145ab4ed0bdbe43ba509c06a196ae6bf30d7582550cb546c63b51833" +
+			"cb0dfff7196d83f6a1c6d6d712cce2ec1989fd9ff5a0a22ac5022b49d566" +
+			"58f196703e4809e7624fe7cfa6c13b378f5aac7e66e657ed7eaa942d1a00" +
+			"544a947199f24d736b8976ec2cfb563433c49ba131bd08b63636854219d4" +
+			"c45100c98e3092773ef492dd9210bfd8f54cfe2cddafcf5c05468d90e620" +
+			"0c2ef99d17fa6992cc45eff3072b7cfd51cabb07ea3019582c245b3ff758" +
+			"0302e88edc2c13fc43646ba34de37338568baa66ecff3accfebad88d143a" +
+			"fd1c3b09ae39c501e3f116af33b0b720d6c2baf5acd7f31220788b2f9017" +
+			"3ed7a51f400054e174d3b692273fcab263eb87bc38b1f486e707d399fe8d" +
+			"5a3f0a7ed4f5e443d477d1ab30bc0b312b7d85754cb886e9",
+	},
+	{
+		key: "f7e7affceb80a0127d9ce2f27693f447be80efc695d2e3ee9ca37c3f1b4120f4",
+		tag: "41c32ced08a16bb35ac8c23868f58ac9",
+		in: "5a3607fb98eaea52e4d642e98aa35719bfce5b7d7902950995f4a87c3dc6" +
+			"ad6238aadc71b7884318c2b93cd24139eed13d68773f901307a90189e272" +
+			"6471e4bf9e786b2e4cf144764f33c3ac3e66521f845f6f0688f09eaa227f" +
+			"e71033b0f74295f6ddb91fe741323f2b54f420cb9b774d4291b06219f1fb" +
+			"4410b55900425c5e6fcabec76a5c2424d637a1641db6f0f6cad564a36a91" +
+			"0f49894bfd598e91f38ceea65e8253c1284f210cf7b50a96e664e562f3cc" +
+			"01c4fc490fa6d4679fd63fbb3ed8995a8a05166b573e92d22ef4370c6aac" +
+			"74ae94c94177e5f71143c6f340efceefda679ae76f6ed7f26eaa4848a8de" +
+			"8c40894316efbb06400f9695b18ba279e8947c032a84a40ca647d9ace457" +
+			"6dd0082494d6bd7be4e7928e749c78110af8774a5d43e9c9479964e2fddc" +
+			"ee51146460eac734311225d08c60706e40f298a7cb97f369ef599be097ac" +
+			"3bf1c275497bbd68968a235fdf8a61bc7cfeef0fe451bb04e662ca39f34e" +
+			"a8e3acdd0befe9762f9eeb275c0cdd43c80fc91131d1e0e790020975ab65" +
+			"afbea81f303ebd86760821efb4cad7cc01fd6d6fd194ac5ffe7703d890d0" +
+			"169e21b444cdbaf691fc741a5d99bd47357c37785755fa72582ca4754a03" +
+			"b4def86ded39aa6d9eb3f38801077e6d17e3cee3fb57ae83f30c79c3cf29" +
+			"0e2739c6b7323612cec3a561ebeadb4faa642f150323aaa9d270658c907c" +
+			"4c1610a5e1834730c08be3379cf1abc50c30e2bf01ce903927c27d85e135" +
+			"3db9e216dda8860c45925e2bb791abe5c8281ee6d16607bdca87f60662dc" +
+			"bd6e20224e7f009a86db66fadd8e37e0a59559328385090c6953cd20bb61" +
+			"f28a734fb056714f5159977f18e5c5f11de75f7a00ba807e47a29e4da32d" +
+			"5c67ec76ce4d7b669b5e6ee17e1df7c673dd8a7c87fce665cda8adb9547d" +
+			"1dccbdbe7be44846b4b121b0bfa65e4ed530789510d79bc4477e50178060" +
+			"f2668ac8956f39ef422ecb0e4cf90b8ce508552eedeeefa6c7d1bccc077e" +
+			"8088bd7e0e6aaf0bda9f11c412c270ee2ad6912f9808f9344a4bb137bdac" +
+			"b5b9372b00b0de026a8f5d1fb13972e1290b5005689f7636c43aee2fd443" +
+			"93d390371ae573f0e064b2d7df552b9adf04bf173d71c621795b9fb503dc" +
+			"5e918536c6ad25ce4a76f70e6b752b6d44be321187269a19bcf33ec899ca" +
+			"40e88b4eb23217095a85057bf95d8a54812cae4a7d32e0c2966a21376110" +
+			"74c6c8c3dd45a553c43c675d23308709f91be0b235d0222aa5e1e1ce08f9" +
+			"c6b45ceb5b47bcd7d7b2d4380bcdbd6eced452d93e6d8cbe18123277889c" +
+			"7f86b15fb991364a501fbf5d8244f2e3332ea0ab49e833c6f765017a4006" +
+			"cc7cd1a0365945a8d8873cb21832b210c83e451c01ac949de2fb0f7a420e" +
+			"405bf64eb251c6f022181595d68174b91e503187d3b3f49b60c23e44ea40" +
+			"ca20311305b413047bb22e89672758b74d6bd1a06decf09e9556421087a4" +
+			"0c1d2c44c5fb13d4d9625581ac4ccef1a1b5eeb5689aac5c0291aebda276" +
+			"50daf9d4396a64d02c6d58bcbd609d9a0017880ae0cbaf02ad0f1fc8d1b3" +
+			"ec987ffe13102d77352690c9b761bf13ea0b3a8ebad4a0823817fcaab4d0" +
+			"9b0bf03486620761dc77a6ba007ba07153b17425c4026597473e78863cbf" +
+			"430c0e5e9b04a83ad11506b61b8d9be3aeb06b5114e0d53d4724863eba12" +
+			"4f3b974bdb0d02743520409910621cd730c97ca984fe2921c38055f83ee8" +
+			"c4611db92e52d8ea51d89203e89df7586c574df15f3a96ed5a10bf04cb27" +
+			"f9656b5b11cf35fd21360b029ab26e9a741c6b3e6357aa1a41de2cac6e85" +
+			"f9a49e3441e60a60e74f434e1b8cd4454b11962e5507ebf904e9d6c52a7d" +
+			"9722300517c434758fbd6191f4550108b143eb16c0b60094fdc29327492c" +
+			"18a3f36737e506fda2ae48cd48691533f525acfffb619d356bf8347a8bbb" +
+			"4babdc2ac866e497f192e65a694d620687cfb4f631fbd6ae5d20ac2e3a12" +
+			"4d85f9391a240b616d829ac2adceedf8f3451ee77e4835639b13c622ef8c" +
+			"48a181fc7598eacb419fa438d4046aa971942c86b36eb8e16eab67105783" +
+			"d27fc56f5b66f35451b2a407d4648a87ae70807e45bccf14983b3abcb198" +
+			"d661d562dfcb00ffc569ca967171746e4e36f839946bc7d2ea9a0eda85b5" +
+			"a5594f6a9c1b179f7230eaa7797a6aaf8628d67fd538050cf47aa654778c" +
+			"11dbdc149458c1ec2233c7ca5cb172356424eb79479b6a3eed1deb9f3278" +
+			"5282a1034ba165032b0d30733912e7cd775cdb7e0f2616b05d521dc407a2" +
+			"ae7dfcf46fbae30547b56f14dbb0ead11b3666666c45d345cd5dbfa200ae" +
+			"24d5d0b747cdc29dfe7d9029a3e8c94d205c0b78b56d5e18613b3169bd44" +
+			"1b3c31513528fe102f9bac588c400f29c515d59bbcb0725a62c2e5bfb32b" +
+			"5cf291d737e67f923080f52d8a79f2324e45a3bd051bd51bac2816c501af" +
+			"873b27f253ef9b92ba4d7a422e2fb26a35c1e99eca605acc10d2a60369d0" +
+			"1f52bca5850299a522b3aa126f470675fa2ec84793a31e9ac0d11beab08e" +
+			"2c66d989a1e1b89db8d11439ad0d0e79617eafe0160e88384f936c15eb15" +
+			"ece4ff00e1ba80b0f9fb7a7d6138bdf0bf48d5d2ad494deae0ccf448c4bd" +
+			"60f0788d3f2b76de8ad1456f7572bd0ffd27bc2836d704d95e9c0df34571" +
+			"9dab267dd805577fafda03b834dd225ad9714d2bd182b4103faa5975180f" +
+			"90d5d6cac1825a19b9d4c87cc825512ae9dbeb33d2759c990905050f960c" +
+			"db3eb364c15b593524c882902b2a1d7fe40ea3f54fb0202fd8821463c7e3" +
+			"4b02a1209ba0048a9805f0468a13e03d18009318ecd92042959be263a51a" +
+			"407f1e660632c4247419659a4e073a8e9cd4a226763a7daea464d5427270" +
+			"7efd053cb4efc0504602c4f63e7d247b55db2ce1c07138f585d16cec97a3" +
+			"0731d5aec2166cb4de41695feb76280cbae1af8a2e67c2d5a3ac5487ffe8" +
+			"640f308ace6137e83576b79d586b663122221c20aba7a6bf60f73958f436" +
+			"59f087f850ba6e2d7fd862249c5fa6b20e3e43d4f2aa10d4c9cebfcbdf02" +
+			"6b8d103e4f89b93dd8af172f421001c8b162bd6d0b847a58ac108b6d6cc4" +
+			"9c7a9ba069deee",
+	},
+	{
+		key: "e3d21f9674f72ae65661aebe726a8a6496dd3cc4b3319f797e75ccbc98125caa",
+		tag: "3c95668130de728d24f7bca0c91588bc",
+		in: "baaea2b4b4cbe9dbc4fa193c376271f40a9e216836dc35ac8012476e9abd" +
+			"43dac6b9ce67dc6815904e6c84a5730cea0f9b4c6900a04ae2f7344fd846" +
+			"58a99513ffb268c6899dfe98d605c11e7dc77de77b0d30986f3051754503" +
+			"7c26be7b719aa9ca1140cfdf4c586b7fe726a8bc403249396a11cfee0a6a" +
+			"f6c5e72259785cfd13c2897384fe527100170001ea19106aed38f7d5d9a7" +
+			"ad43f0b41451e19989192a46b4f9734a774b6304cb74feb7d83822044a24" +
+			"2e51d55c0b8318e0439493bd1a57cc13f6079166cabc46877d003dcd39b2" +
+			"c0b90f6b32fc77acf04a6c125e11b35d91e2b18401cd53df4aff804e3c67" +
+			"a8bb3894b27c6e9b0070b53a85aafab0c0a253f9cfd4d3cd3be52428385b" +
+			"24a3f9f71660ca2c38474d14a0309e2f400e2c21af6e379099283ff241d7" +
+			"51da5a96a8dcbfdc43b913b29cc8cf8020eebb4a67f5bed31f2e383f8656" +
+			"8c815ff172382b425e95902e80f5fc219eccb51b656d37b56660f749e5b1" +
+			"4976a23648680a472d02ba71476e0afb29a0e084984f4eac3befbf8dd802" +
+			"2b7dca4dadd18bbe58e49c49ce48a06a71557a9a620c51e2623f818e4d62" +
+			"c2564c7ba04595cc109685869b183faeff2ac7a65049fc57cb10fb01951e" +
+			"a525332782d691f9759ec2ecd68bebb9c7aece5d522a08ce7830be520db4" +
+			"c9d60a2e490eaa0c91e37b256a97f84b39fe3c77953748c3b86fd84e9547" +
+			"a298c049cb28b8c85d59548b8dce635d59487c9de615802d16a8adc4c0e7" +
+			"80f35b9f10588a431b39b499dca929ab9d225f26e5721820627fe62427fe" +
+			"06d5773a50878b6effe840dc55bd3ea0c35168f6b6a972d57e8f88c5993d" +
+			"1ae33e0b7e9459c123753b518c184de7aaf429df078c9a18a29af77c727b" +
+			"796f5c1a501fa8105ee873c4e78c907142eb19690638a182fddb413adb06" +
+			"d66db19c7f6f46dac582bd72a6347b4427a576eb769d233febaf7be8f768" +
+			"337273c12253924f15653f9f3602b783703a81454a1dd7a8772a9ab1eeb8" +
+			"51be33e0c6c0708f3cc2012cabe8e2f0c38e35372abe27bc148fc4e1054d" +
+			"9d151f80aec0232a3a92dd77928a3678ebd7d09ba7b4e1d83227257292c0" +
+			"b8bc4a76de36bff6c9deb383029afaf4f37d5b935dc080a18665545e4acc" +
+			"195da0b9545d8902408886204b64f8548b32d012e0cdc520c17d9fb3be97" +
+			"800c2e2b945cb09a75a0a49e5d4d81c4194d91e839333b2b9b9e34d588e4" +
+			"e20cc1e911ca0a1429fa70ff063f0090fd842f89dfc5cc44affcce4e1e1b" +
+			"8b11c612f66b074c03ac2a055fd8f51ac9ed4f2e624589ff5730721d077a" +
+			"fb4c19e43abf8cf3ffa698362be8be51e92c2c91a4a56be64d9ac6d3fbaf" +
+			"5536a24c7fd0adaf74ca84c508e5e8c8bf7d4254e0c44158bd26acdf3f64" +
+			"e78438b3aaff89ac9986cef1e3a88d5bf2016340367a1cacd01ec167ec6d" +
+			"185d93a2a220d718b43ce1d429d2cb598605660b030e51e8d75fdbdd5b8f" +
+			"8677675e196a40a88285b18b24c5d2d594bab3d457e6f9e503e38cd470a6" +
+			"9ff8037c9a0a0f110a434335d954fa856a3721e0edcfb14287c3dd9639ba" +
+			"4db32b7da0670dd0a872e468e3819741d0d4ecf0a4f7a011bbae1493c01e" +
+			"642757491189f8664be3ec6437c4f3c76abfb0276e44a4d28871d3487c2c" +
+			"ce2f230452cb06184bb8620919659a7ba0a3d5c12ec25678b03403715ee4" +
+			"acb6a53d281036d8f3a085143cf5ecc3a0c6c92129caa7ac1f645c7bb95e" +
+			"4f63da38dc319e2ccff4a9006f9b9b1a38c4c39f6dc686bb82d43fb9fce4" +
+			"0c767d3ff22f52c5f9900130c65bb6a9cc7408a777d49b70946665f4a733" +
+			"5099376b276a43dc9a6382bb2d40425f6481b1846148434c672b84dd7a20" +
+			"33deb5140d43ba39e04ffe83659b6deb48629e1abf51e68748deffb756a3" +
+			"ed9e0807506b248a024cd509f539f4161366547c62c72933584e851599b6" +
+			"82ec16f1d79e9c6a01cff6f51ba7f46b67cdca09f3ab8496322b990a6116" +
+			"8d7574854a1cb1cb8f30a303dbd13a095df56dbb940dd16ce79879cd2d73" +
+			"80a419842fa1b34da668286de4c1ff5917b7aaa64713c349dc8f855d04ae" +
+			"de9a3a4d0739dfc36510b1e7bb1695418164285c44631b4b1a7c5798ecb2" +
+			"d976c1a3679a827bf0e8c662567e402bcc1354222036ad5959a6f0b8508c" +
+			"6a8c7d4a63e7dde154d778fc80a011592771d55801c7e1297b00b77f80d6" +
+			"314ebd1f5b3057398d1943599897cfabb65e7568d8fbdfcbecfd4b8a83ca" +
+			"0a7bed08ab9a656424831e0d7718c15727af7c83b2ef5eb5684aa044eca2" +
+			"ba896811246766248b20a325094a4b4159f9cde1ee349be6dc3c9a190453" +
+			"0349212a9537f65ae333c288753cd2bef6c5beb2f4164168d965a2c0fb9c" +
+			"c8c73d9e776e23d53ddcfb83bb7dfe2a1b8c781280f449d6f310faf8b53e" +
+			"89e6a611d6d3f42f2aaed5259730d149b3e7dabdc9f865bc1555374738c8" +
+			"456abe112e9628fb31efc2ecdc972da05987aafce728ccaed246cfcdf518" +
+			"3fe5dae528bbfb99d33194167e0f84d462d3d0da83e92227cf57922c7956" +
+			"4fe44648d87c69ad708e797972c44c4a5183fd5d1150a1182e3d39c3cd16" +
+			"3920f1d7ed83992bc4116d9351ae1c6c4827d1374242e374310409f32d5f" +
+			"0f38c78b6489c568b791c70394d29ea2516dcb10e51bdad862ce3339d5e6" +
+			"14fe14f150961809c36e0a2c8eb872e9f7a1c0956fbc9194cb63ff9993e5" +
+			"d0dcf62c0f49e81dbe99f3656c4dea57b766ae9a11254f9970618f1b33c8" +
+			"f339f440de240170f7a21f03ff2da42102b323ce2b9b7d0de5aae324d1ba" +
+			"c87b1e4c5279a566bf659778f8b03882aded57377a0f1b063af2897060e4" +
+			"23be7cefd4aa9a28479c16773944d254fc21d3e1acdf508b7972372b5991" +
+			"3b8b088e93471a7d54c6ae4c52ba465ef07f19f269677fc2f64d3fb3d7f1" +
+			"9069d6c7001d4b002ed6683c59bd5651a450503b68a4a00820b8c17e3263" +
+			"18f32c21dfbcb2a02a104edaeff67ec09533aaf3d1a7fb41aa5d506ccdbb" +
+			"e6e35fa0a263c0aad3acc91182addf8c5bdfbd0626702694b8d652a63c65" +
+			"8d6b2b7c75d015630de508195e1fca9573b61bc549ca017c4bd888194d44" +
+			"3e031f36170215a301f922736a819f3ffda69117170d1933300366c5f2ae" +
+			"1052446ef7c3b82c5868be158a881597132f51c91c80c24ebf621393dc45" +
+			"05fe057364a76ae67494a8a5f67acb551cfe89f447df272ed9c1509fc330" +
+			"2c3e16541452d4d68438f26858724012ad3b72c094b9f166c6bedb8336a3" +
+			"41e032988f39cf53535789b320b5424d07b6bf5f8792e3aceb0e868765b8" +
+			"611d7905089949e0c273e2410c72a146cd63981f420405bd883e5390e985" +
+			"8214a8db714e8400a21d0636d7e5d9671a3582ab9ff032170b8dd6b9d5a2" +
+			"144d065228fa54aea9a22654df67f3f62c5fc59d68914d8b219829b536cd" +
+			"2ae937ecccdb6031d94cb3",
+	},
+	{
+		key: "84373472e362a356bd5c9b50f55c588d067b939009944f02564f136c62dac36b",
+		tag: "12dd5297cfcec53deae1dd5f9325d894",
+		in: "860d9b2954c3daf18fd67eb8bd9e6e3de2e4988ad9b04b1987219204dee2" +
+			"388db1c59a935de27bce29e7cd3ebdf038785efb35eabd4c3785a62b1d9c" +
+			"3ffa25e2273cfe5eb10b4ec6152cd8f21dea415421b452efc7cc4ea6bf1a" +
+			"b85fa6614e7f6d650125424865386ff8ab53247a63ff023b2d0753a9e5bd" +
+			"458d6ab0156fd3cf2d5002f902f927a847e8c4a8426b0a5191f5e237d590" +
+			"2659ce9be9024750d1d618a6b8dd57efb6c2bbac2930858f1132639391aa" +
+			"9e8a620a2a7d64bb7e943c77753401b5b619d95ef857df25a52b4eb97372" +
+			"a05416706b2644e2687bf1d42c0cf06e5eef8a1fc7e178440bfebb85c44a" +
+			"4837f69e43a1789728a999c5e04291576e757510f22bca11583a4e93688b" +
+			"442f2b2dab8d5ea9441ff09b8287862ca538ad979297cc75510a3d9ef36a" +
+			"662b4b7c373f184202befa5bf3f315642e6210763d033b7e2c59731cb356" +
+			"045e9470bf2f83cd62f11b3e904b0c0b1be99bcb805150ba7ef12b8df3ca" +
+			"bfc5055640687d710ab88e0fa8034b26112ebfd044a4b290b1c6f6d18c31" +
+			"ba9880b1cf2d81b5d02f00d6d351da5dbf47b6a5cb7b53eaf6de52c8a68d" +
+			"053602ccffa37ccb44a7683ab4f8a58c4bbc9e140e4e6f3cc10a5c07ebd6" +
+			"070818db983f9f415168606011efab6b8d7b4e61e8eadd8bfd8d028b89bf" +
+			"b0a16996252d7b4ee4f9ab50fc9d6e482ecf99beeabc38d70efbb9a0d4b7" +
+			"9a1c5d2835adf8e25111352eabd24d562644efc97637f695e4792f2049c6" +
+			"00f4d889ceb951cfe289adf159865d013046985d7fe2598014bf2dbbc528" +
+			"b4166fc2180e724ded8e7ea1c8d66338ec50d955d5594a0a7b4655338b70" +
+			"e8978485a722df814fdc6fd2436dbc060121fcb575672b2a5e454c1209bc" +
+			"2bb21a99d39dcb3c697306dbc2104d60fd8051c43ea2fce268987d0ec249" +
+			"a5c02f91d3b0dfee181b3cf8ef1ba9665daf7ea1f1d3b216e378943b78b6" +
+			"bb41e5dba095748bc776f8df6383033a1f5504955da3f42153b1c7ea83e2" +
+			"f90b990ea0c5bd3906b5c4060b19f447ec7762916b8766e5a23bc4d39cdf" +
+			"8e27752df8129b60ccee1731e47383b589d4fcad865eed4041a186df206e" +
+			"9fb69ab6ea092e36f186a6fea8d77bd7f3ab0fa0e29404d617317c75c832" +
+			"854427848237cfc18486c95f7213b9d53f324da036e8d298133b5003984a" +
+			"b9d71836f9f1b059db90005a9067c261bd85aaeed4d623df2220eb52b73d" +
+			"d683abcdee5cebd411996f853752f638bd28df6d78bec2ed3e00d7beea06" +
+			"2b81c19682ffb2f6abe3a3623a2e0570650c1384f1818d76fbefe3a7ef3f" +
+			"46138160ef897f9934e00e066e215230e719c23905dc60d7fa4d666fa52f" +
+			"e7737db15126d3262c3a4c385cdb23ff3b56c131e43b241f4a6062a1a248" +
+			"de9f13eb82c11f7b6a22c28904a1eb6513cdb11179067b13c7b5f83a58c1" +
+			"4f2753f19fdb356f124f52923249d6e4a2c8dadc8bb0fc91e360155a14c5" +
+			"c194334b9f0a566d51fad98592b59c1cc4b40eeddb34e64f337f83874884" +
+			"0583f853398c343dabc29b9444be1e316309fb8d81304d654b3d4bc4cff3" +
+			"55fc31278fe22e649324ef10acd247c0b72397edf96a1c16bbbef0640296" +
+			"4d219575fd23c36efc1fb8f8a34b510ba9bdfb3b478e236777ef7c6c47f5" +
+			"5a2bd0383d8eed3759456ffcffb15e61985b08c022658a5ffc875821bdf8" +
+			"83f69f096dcc72a96888c3af76db57a54be701759670bf05cc9015f5bf1a" +
+			"745cf755a25b1403a870875701427f820c4b29eccc260f30113629ba03e2" +
+			"785014bdcbf34d0c67aa6aca20d2dece811788686d5a45820d2980bf7d69" +
+			"d5c820a09bad7bd95166f63dcfbe8652565c285e60e2704955d69b3037d8" +
+			"7f5e6567d95b8891276d5cf7c59047d10a02ae4a28794405e2524ec2d595" +
+			"1b36ad1b9d5265fa098a033b88aa66cd9eaf01eea49c7dc4cc51c486f624" +
+			"507a2be23f152f43709b2cfecee44945ca506950e90e70164b77e12e1c13" +
+			"0b4d1021c2afa20038f190096276cd22e89b6e7dd10fd58fa033c9d42536" +
+			"98de3f4908203be8dbf259112f840c76726d982b4a837cae7139e27182b6" +
+			"1b4dfbcc50e42d5ab8532edfbd30f668879824e9ebc34b63ff1526cda81a" +
+			"e38352a774d79f73219500e57f0159a32326195d8895d965071834876a45" +
+			"c1a3c0bc4b1638535f7d40011cd5b23343fc27fa318c1aa3f9d8c43351c6" +
+			"6148dc2175e0e620813266da3000954dfa22048f305244629d512e852376" +
+			"6248a897a3ec3e2983aaa8a0f025f18feea57a5153a59b02604ebfcc7a9f" +
+			"b03e62443df88ead9dee955e23bcf6528c278a353f254c9484a67a7b263d" +
+			"a301923a4efb6866aeaaafd428e6da48781365bc49e90cd16b2388220d08" +
+			"bb9f79d14012b5a8299a651917b6a829488753b6ca449a14e8dd8c5fd5ef" +
+			"657d627b8e7773475b802655dc033694f24376e3b01e519d1aa8365d0e55" +
+			"92d0a4adbf555639b6d75d7ee59a7d12c6c11317b7927f11bbe75ed90508" +
+			"b0698420e231206704d22dd1f1740edbdcaf19a47d66ace4eecbcefb77b0" +
+			"85cfcfaced4d2d6048ce76434eb79990f0898adb4af2c377b581ebab3f3a" +
+			"150f40dcae002d4caa60050591c0de4ba83bfd59a08670beaa4641aa9829" +
+			"bdbb720d6eb8b2f3e864a98676a67271a82cffdca2b3590a0b5f97efa5d4" +
+			"ba062b4798707159782bedc75e5363d5f5d55ec2bef70db22955adf401fa" +
+			"c3b7af937816eb25d54d9f2a92e5a2a04bd8b8d7568204fd289f5ed2e033" +
+			"a76209d288e11e8a4dbb06b9029e90cb186446746853f02d738e06bba538" +
+			"894e03e2658ab3d7f9ac861d2cffdf12396004d1cd15f18812d3803ab9e0" +
+			"6f41c9b374d6a0678bb82ce06d9e3b9dbc8d2e90b8f64d0d040f3fa8a3fa" +
+			"8be71d2b3183cceae1bcbfa2353689d842f7d7052e5699dcc70ab2b58761" +
+			"7041e5aa1e2f41911d525505f061d3ca45152f5a7a1fab50c674e4597a52" +
+			"b46aafb4ba57413879cad1308321843abb7c39696fc2f2e225878bb1191e" +
+			"e151cc76f1a1b8d491c1672fecbf710db82dcd32554361967fc839c8e5d4" +
+			"e488856e1b9382eb3fc3bdc3b6886a3cd79761b02bafa080a745ef6afa26" +
+			"822f1d10d5e8eefb842837d82c9986e78fc3390caa142b7643de8f613e5a" +
+			"890a57f5883409549537f8139534f4ca1b60f33e42be25433f1d82add530" +
+			"6a4cfce258c0d4f1f3c9148ffb5c4b626d51f78ac20bff0393b7fdb4b9cd" +
+			"70fee7f69892c8a9ee089c6c5c7bee0a1b825e5b9517f2c82d6c149735fe" +
+			"45a8839812c2deb2a355b6230697053092eca450b7b0d3242b2689efe364" +
+			"09e820d91fa4932034d96495d9dd3baa4b385da815a7cb69438ff648b326" +
+			"e7efe8d688e88570ba59df7c439faf72c95317a10c984c5ec0043407e9fc" +
+			"9b46487810eac19d2bb40e0a654935f76e7d8861480c5f48419eb33084d4" +
+			"0e1070e5ad542c94f58b49e67dd05b6637a2c67d41451b7e00ba30eff221" +
+			"755d6d427ec634a2b95980d274a89579feccf1c7df3787a9435e588f2496" +
+			"06a93b7ac41c8aaa84b91c95cad9463d4881de7353d95b13bbde4c9da90b" +
+			"f1fe96257309a416407c64368b5564f022c4a493f2a39df1696f45801e42" +
+			"a5",
+	},
+	{
+		key: "2d0035a30d19b9cbc7a27561f3ab474c01115c4499b4adec660ea06ebaa1a14c",
+		tag: "a2c77b55cb0c076d8ea83cfe0e64f293",
+		in: "4e667580ba4f38f64e5cb5566bffb486dcae10cd17acb3754251e837767f" +
+			"16429bba2b832f29ba538f97f3556548d163be25e69f88fff0743150623b" +
+			"e0a1d82af9384ca335927a0e9cacc3dadbdf1e24fa5c81f2602d109e1400" +
+			"33929e409b9a0fa4f2653944edcb8b3ef963ba7f8806196c73bff0ded670" +
+			"c6def5d240c5f3daa121f8d5bec9b2a0b0f1d62d54b013dc742d6bd46325" +
+			"460f692b76d4991f0796820ddebf150c7d33829795784dd2759b334d2706" +
+			"70a7264941be5d99d460d078a9eedc3660cb3176ad302f9365f0bd698e46" +
+			"9f3e63511abc81109995dba17be1abe8bcd28407c7fc8d02c14794bb033e" +
+			"178a94f6dc73719d5bc235f980a16eccb4121ca83b13c4e165931ae4f192" +
+			"4292f8cfdf1c3ed40feb71e13d919b48fa296dddb4d23114a3d86ec10f16" +
+			"f314de4cef813ed24b49f4c7bc44cb8424df1f70e8d77366161c7cdd709e" +
+			"97610aca3a24fb2202ffe15eaaa25d711cb5179212a2c6497a13e5d7c365" +
+			"7bc502b3d2ebde2e57b714dd9bc21e73795f3d35d620613918c4c9aa0e89" +
+			"031481c97a5a4c15ec6abe42d40498c33d71c823bf1d5bb5fee457e2fff0" +
+			"bf777c80c6e3336ab3ce793440e74b336a8f7034f6ea2e4ff5ea4ea7c350" +
+			"65cf2ccd2da1d6df29bde10f4cc0202b5e4cf7ed097da49b970a6db41e5e" +
+			"98f3845b42f46663b1d1ff01da71389a8737ba8f51eac1ef357ba5ac9a80" +
+			"dd2c7f9476111dcd651fc33f4c86dc8658656f3f02a8878bc38ff0d0a1af" +
+			"2e31fb92eaef08c50195490818661feaf90e8b6f5daa1ebedb2cdbc8d5dc" +
+			"16db3505f9611ac46bc37931e02c1fd6aad6e4b7e187d5e6f990fddc9563" +
+			"2b33f55bf68b0db3890b11113ecc839a4fa4de25160e574289aabe4d8fb7" +
+			"9cecf9d2fa75ac8d0195beefbdfe0815f8d7d9751c1280a29b547149ec7c" +
+			"2295f5afa53cfb516158086bf203357eec2a5db71143f996c81555a47f92" +
+			"209719a71570a5553f1ff9b4b41827dd74657b463f36623565f0c9f4d2ee" +
+			"8735d6af56ceb3b3d0ec516b22f0ddafbc24647481f61ab169e2616c91c0" +
+			"e1f6a35436598ed801670e1dba76226cbd0544959ebe70f836c8a7df575c" +
+			"b907d780ed5aa0d6e4e8e0d2f457efe89a777374aa49d4961db96dbb787f" +
+			"021d99231001360d532a70ee1fb94bd6f26524dd4b7556c6d40e08723d7f" +
+			"9905aca66c4743f2bf8b34493bdabcfca617809a867bfe0a4f94c756a6a3" +
+			"dcd04ffc0a3ac671a0afefe0d5d447efcec48c6368998760db6a572676d4" +
+			"29b6d3d6e0c815650447748c4b27541c5447acfb8f7261b6378f3fc0fdd7" +
+			"375eb9d458648c7fe9cd96344f11aca912cc5098e9ee39e0b6794cc1dc2d" +
+			"f1b10f927102705efa20e667b63a91f935c17764650b287f5289d5790766" +
+			"555f31985c5aad94c652ba41fa9c0195d15405f1fcce9e23054a42c8a252" +
+			"da83bf6268782ba44edec5d8f94a20b1830cd1c5894cc6b9b52ad0b12a5e" +
+			"cf3195a32a0b02483ae3b954ac6f3af1e0f334221279d03a72138f3a2cb2" +
+			"1e706427c4d604674dab88d429f28a67be7a996126e077a1dcf8989d90d0" +
+			"8b08f4abb9a546b3c64ecaa287bf3468c59add86365b885f52afe13ed8d2" +
+			"69ea61832a7ecbb96ff3336f58a1eeaa6dde3611f3ff7c2cc8c9b745b0e8" +
+			"b5919914245a49ac192cd77d10deb9a249623f696065a532c20eef9e9b0f" +
+			"e706579566a9eeb14d4e8251a7750e29eaa60f034c1a7a1d51aa03a45fff" +
+			"89acf41080deec5506128b06f003fa46bc4021a82fad6a8052a49744ed69" +
+			"45bd9331b5ae80d873cd042bff079b2b9d8af8065a22c449c32a56dbbe7a" +
+			"80d0f3e30b9167532506915883dce0aa9cb749e4368c595c5bd33b57e36d" +
+			"98cc9bf91cbfa47331d69b5cbe9c92bc66c0fc9ca8717bfc108e1f710333" +
+			"14dba02a28b9aa05890cb01ae9175806c3c4215bd446f6cc96ec5d08982b" +
+			"4f83cd1646160e1d306b3cdec02d251f0901b03e8c3c35464eaa5082586b" +
+			"b55482db97599d513ed8d7a82e32fae302684b7ede058474c1fac7893444" +
+			"16fec93fb982accd162dd956ba2f31a894e9366eca00e6e997fbbf9a2980" +
+			"8b83a139f6432147a717381bb8baa2205715f735c1e0db273cdda6897c9f" +
+			"39bf0d7eb7caf93f657ef4d3fecea28baf69cf36d3cf347081df3114455e" +
+			"b4fe3e49ad3c3f14435e0b39b6c0d16db0fbcfd7ba8da8760d5952c03667" +
+			"251e7a4c3008cfb0904225e55c23b884bb09d26631650460c4240bd5a165" +
+			"b531ee76ba5749b3bc60adad35de519321c1672b47bc35fb59f7792a3495" +
+			"11b2bb3504ba4a28717823a27a1f99ce6970290b26efcf1e7a0399b10eb1" +
+			"0c1299c09b80f4520d00e7908d004d5b6a72a411759cfa9523f6b2912234" +
+			"481b1d8fe4c2365961c0528bd593d42bebb398b5836ae6ca013fe440adbb" +
+			"0090e8ea274f4d8bcae483e3663051a328f7c12870b40e4973a9797a2336" +
+			"3d3c53e1b0d1a9159bfb26158f44734b3c34b571be641bba2db937d4ae1e" +
+			"edc807b95b1c2a7d44804885536316ad38aedf0d83b1519661f2bb5283cb" +
+			"9c50dd61c3753433e988189f26962d1f4befd444257d0b6d5b819d5fd572" +
+			"22c9fdff032e07a4d8686d451e71de4748965309c0a2d7c422ab7cf3d96a" +
+			"8c0a1b0afb229debd1c9421cb828b9f2be96bb9d6b5be7ef8134bd9ccf81" +
+			"51620937d720d83dbdddbfaba8ecd2eab6f1974090efde0ca963e9fdd691" +
+			"ed0cc5e074c5780779222552fa46ddcd951763a32aa3a044ff4a73cbab41" +
+			"dabb3c2c03fcda68303477f0dc26f35bdb5c9bde721fba1a2db732a89629" +
+			"a8de3cfebc3918df1a9d5053d09da5b7316e3285bf62156ca28cb64d343e" +
+			"72445fd66757bf4ab374fe7932a65f3d7fb6e42cb12e5b67ddf8530383a4" +
+			"6c1ee7ec8883e454a467df1aa7e468a6e7035515f473901efca5d46ff358" +
+			"70e0cc2575bbd7f8866c8e73cb157903a1694ff3051424f28de826984dcd" +
+			"065dc3658df144ae3a6d37b88c367e3cf7c58169dfdedda4a2821ce22188" +
+			"40472ff72f0dd1a6b0100555ff188b80f835259a634405e3dad61fc299f9" +
+			"307e27503b2cb7714bf3b636cc64b61d2e374119c8ef8adb21f1516c7fe2" +
+			"38c807818065bf312003c12e02525d69d9629a99e4ac66ad2e792f302cd2" +
+			"a6f5f702dd28040738a084a7052f2c3ed0924c33b7a5d357b7c9a29cebd8" +
+			"621a4bfb7bb34676ff210d59f7f9d4eafb7c5c490c9ea48402af5bb072c4" +
+			"731bdebcbed4e8e08a67931b6d7342d4ef7bc4a75ca1dfbd32ed6027d8fc" +
+			"b71e3f55565c02e06daa8c579b69774889181291c470576a99e11f2c5acf" +
+			"77e091ef65ed243d4287176f7f6ac7aba6908c9ff1fa43b894a499b642ad" +
+			"c01b2fa1c4b58801411941bb448f1f7a04794d2cfe5db1be61f7b86d6eca" +
+			"c547ee51d4c9050f9e9f318dae958c150acc21c878f0c7df6065294eb1d9" +
+			"a278c920838a0db752b080a32e67ac312fa76b589a385f31847196076ed8" +
+			"1021fcc375bfcc8e1361878e2693860eb21ff0595e4eaaf7897f2b79367f" +
+			"7c4f711279bf0c93a97dcb1cd8d87e444ad5f4cb5c1de44e37868c6743f1" +
+			"cd72cec376726f26c8bd4836f9a9f9c68042f95ca6f9d7cde493e531c553" +
+			"8bf7ace6dd768db69ac7b41ce93e8ca27ff20a83ff2148ec5b89e05d8b8f" +
+			"5d78d0fe16b96f6eb8d3b20126a186085c6825df81aa16b3dbf57eabc360" +
+			"71299ccdda60e250c652408d9cd1da94d73c728440ae08fddb901aec0fac" +
+			"1050a778b10f94f84883bee158bc53b1c001807c43a3151fbf581b18dda2" +
+			"527430872834e5c380575c54b7aa50f817cf3249fb943d46933cad32092e" +
+			"bfc575bd31cc744b7405580a5f2eabe27a02eec31e0d7306750adbbb9f08" +
+			"c78cb2d4c738b2274c7310cbf8dd0e59138b6a91b8253ae9512fe3d7367e" +
+			"a965ac44d54a7ed664e5e5c3c6c2d942eac388cd32beffb38f",
+	},
+	{
+		key: "2f29d71d73f7af98f96b34e939e1a21e2789ec6271b878bbebd14d7942d30080",
+		tag: "ec02f4953a9a63ab6f2bfc3501e4fab8",
+		in: "0e0950987f3508239063e26a13727fefcdfd2cea6a903615c64bf12d9ed3" +
+			"887f9b2cf7ccaa196ccc7756b09471475b9daefd4261e69abd23b9faf9c5" +
+			"1fd5d5788bb39d3c068fa6807d30f6201d3f6dfd31715d08b1733440cde1" +
+			"049608d23c4e45c5ed61f863350232f85827e7c292dc5f1eced1cbc912e3" +
+			"f5c420bd945911d3881ede5153d3b2cc85371fff98d2caf97cad6ef59001" +
+			"4017f9690cab08989851c2647e77e81401714a93ed9f938b79f8f54e3133" +
+			"fc2cdef259df2ba0d48f37bf9e43792e3a777214cf4aab6dde6deeb543a8" +
+			"813b71b5974136c1220d6218a252881f0f5677ff5b6aba127f19a5f3c5aa" +
+			"c988543d7839a90a3f947c4e4d5c6ae1ab48dbd40456d1aa65339a4c15eb" +
+			"520e8ff9f965ac4c37735937cf09942e7958f8a6cddee41707423f715903" +
+			"ffe0d15af8c3140d3a736d23be7485fceb9f07c6509f2c506eda4ec9d30c" +
+			"cc133708f48d8828e332808c84a745d337296d871b9794de1c5d06534aaf" +
+			"65587526a84e2521f8b332645e0e72564bb308ecf99b7bc69608474389d1" +
+			"686ffab8c49b7f04dadc28d2ecdd0f508dad2135843304e378b3bc7a4f25" +
+			"7fa4316be956e0a021edb8045f39fa9f002087f067199bd6001acaadd261" +
+			"4bf6aefd3f098f92a959685f24bb2206c347359d9c6adc6847117bb434ac" +
+			"6c40ec618f6ae8b75a5e2e4d44c332b7b06c8b4d521493b9b0bde8894209" +
+			"717a24b320214297b62dec741cea018ea681c9b56702068528b3726953e8" +
+			"c5e4ccd5029e4183e772d9834a56a88d45bf87603dfda40e03f7e894766a" +
+			"7623ab4dcc0dfc3086d17566945069173935916f772e2a5f8e1547348f28" +
+			"782400fc069ac0e2b94242e9e0f1ba2d0e76898f9b986540e61ea64d7f69" +
+			"1006b86ce61565da75eb16a8b4c5865ca4eebdde2190e354734bda94fe7e" +
+			"12ff47dcb5d5e6ad93cfadcc491cb350b09ffe391a157e14b65e3a211b5d" +
+			"4e447c3ff95571dbab33a83126d68dfddf9383b4359d4103ca64af1e6963" +
+			"d09e17eb944aa71e76711dca33168586bfc44ebe9fdc55497d83f238c66d" +
+			"bcb16063bc85635f0f1a6280563bca49ef971db96a41b6ac5e0642643262" +
+			"61eb4662f3d6ad4cac826db895de22c9b8aa35e6464a7f44e1ae7238e355" +
+			"068d68754ffcca76c50b7ce7ef9bfebac9eeab32c87d059cc7ef2adb5d57" +
+			"c7419adb394eef48441952253e8391e555730e29789d6293c3696f441449" +
+			"0aebe2bbe541e191a6652ffbec1192f0f9395b7ea370aefc1f1cc8438035" +
+			"d7681f12f1e11d6e334da188b10c302fc0f4bcf1de448090510a8f1d5683" +
+			"0c943a3c388b33a038c26741a4cf3487313f755fe7a28e25e44b5383c5f4" +
+			"cd6ef34d7dd73462226281899dc3f2e69809a0150f694673f31addc89888" +
+			"072a7d4ecd63d6b90540f9522ec05829a7f17d48728345ad808fb0203883" +
+			"3cbd018d612992a88df944b8e34a70920b3f26cda2e8bb16c3aa38b12b33" +
+			"b395c9ba5e809f60ff05f087112151af1b5987403cff8bb2dce79093f431" +
+			"2c744f911a6f3091e4f9ef9375c4dce4c241d2f6024a1797321851ca316c" +
+			"4e460fc060e7839deaff8ab5e8bf682c0f21ab6952eb793cffe690db911f" +
+			"50b11f56ea352942c43bfff51d4360882754faeb7cf28b6b32bf7fc9ca71" +
+			"fbfe1d72be05b8bac9ba513d731e2c9d13d6f2f10eb926edaaf0e3996656" +
+			"da8718a8e103c59326529e91ebac6ed52657c9690ccbf81028cd9fb189ec" +
+			"4de94fc0771e53302c8d9082835a68780cccd772660a110a1b40c57bef3a" +
+			"c1d69428aea549ed17663a96895a66a3bb5ff6ff61dc64908df49b760caf" +
+			"a5aff05e2766a418dbaa1e7d189a9edd55a04fee8c9d6e506d299abc36a9" +
+			"d67be035fea5d220f41d081af67615fe627c4dd04bd8659c7fa4f57f35d0" +
+			"db40d9684aa178d7483ed5d86f04eaea412e0ea05a4698377dbff4fc3a39" +
+			"1f6ce0cb833d3118d6c69319b511cce65fdc74928e270da0c537f8201eff" +
+			"77416155d4a39c7ad38c22cdbf7d2b7ff7d85383c178a835ec604c3f9ee3" +
+			"7399f7dd826e34f1a35ab75da44ba56f86097ddc0f3658ef5bd65a24f4de" +
+			"4255d0b03411a9d7f0ddc29e33cb865da23393471aa94e6c9e72e789206d" +
+			"3ba118aecd39727068f528f01b25fae2280d70033e4ee46b41b864bb922e" +
+			"001d8bf46d6fbaa5a594e926f45eb3a4d2f074506d7834b606f43c89699a" +
+			"6db00b374658d9333700894d440a712a1f25f5538f9e7c8ee57ae7e612df" +
+			"13292c8ba9dbede4fb77cc6c8944aaef59ea6ad3b36db398f4bb0f82d40b" +
+			"44879835f224d6e05992b1b8a68dd58c3dbda2fd73786492ee48c7a25f87" +
+			"264b766930fe9427487504fad17f8d230934f044e49ba219f26ead728856" +
+			"cb30eecc33a3946d3b1b781061f2458c7c46f6d96f3e06f369f97be91835" +
+			"f23b38347d1e381ad5be4419275772c2abd549522a0203c1ee9c96faefe1" +
+			"df413c4b7b2624417890e0716854b7092b3b3b368cb674035d3e6bab2357" +
+			"e7c262b606f7141b6dad2f6145ebc1deb7597814719784f3c17848a90ffb" +
+			"cb0289e2f3cc7da12442b837c4e47f468bca3eb4e944a31c48562c2f144e" +
+			"9e920ab5e4cf90a14ccadbae29af13db38cda911e3c8f6f525e6722809b5" +
+			"31a4de1926ab12f643d25af87eb8610df59eded6ec278242247dc69a4213" +
+			"13f7c2b26ae7a917c1bdaf66c56876e9104d40b59e6ca1431ddb77fc89f3" +
+			"14b46a154cf127688564a4f9e120d7b5816cd24a6e095dc8ab8b43bc3639" +
+			"329719f0e0f723e2f5136d82638e2249e648ebca67cf0306741e9e8d45cb" +
+			"903bca85485c4007397c88a1ce07266f4f611b96b7e0ace3074247a7dfb1" +
+			"cdbbdd66e25e172fd2bda74abde7f3b4cb5cc7ee7859f053b2f04f9de03b" +
+			"a8e96264117f502087c3ddbee8d850bf3618b4de90f7b3e562dfa57e4426" +
+			"5357236e35e71d1669226d63bca50b1b944ac07a1f794e73e80985689b25" +
+			"f18fc709367d63b8639d71865cee667536040be827145c08cf3e57a66678" +
+			"4c81115706a146eccadc7aa1a9f074b47e95bcba7db8108a13279077bef2" +
+			"64699fb87e5abf5b05ff3879d7c7c5169c7cae817c13f0859d4e9c05db0f" +
+			"74c045ecc30a51e515feea627da387ff780719395b5b9ad93179b16fad10" +
+			"5856049169dcebd43a7f39c549762405f807378e854b1654a1179d895ef0" +
+			"85aafc72c7fe1e0e1cd3abf8e20935e331145bbcece4f17ad24ebb6c64ea" +
+			"73bd98a7494c134859206c9422f7c4a057db0ae0770c4bcb08c1a6b9ca4b" +
+			"7dd8c1cdb3e4977c7ce6c1e79b9d6ad98e27d2759b53cee73ec037a8b686" +
+			"f1ff78eb8421f41c74ce9c62a90d38b75159ec925f232e0db71362f31e29" +
+			"4336f5580a34b26c5a01ee3454cba227c7f400f6889a319d7121dcea27b9" +
+			"584f33ac796d48a9a24cc5b6799ee12f10725fbc10d7cf83e4b87d9c444b" +
+			"f43e2f5ee49d8f3b531ebb58fed4234cb8bcab1b8b18bf50956506baae8b" +
+			"c1b7492250f3adf64294310387f1d4bcac12652895d4f2dce26f380733ce" +
+			"0b5820e9fcd8512a1585a49940a32fc8875ac3c9542a4270602e5e97e720" +
+			"90ed71b51badb775340429fdbe45b887fb9ee61cf9e091c06092cf0a2129" +
+			"b26572574c46910cb458bca7c63eddd29d89753d57e568323e380065794d" +
+			"3fa1ffb874543f5b0ddc702b087e91e22604d9600d37fa0dd90d7acb2458" +
+			"4cd408a4e66bb781dde5f39efda6a8fc26be0d08ffdf851e422ab1500c28" +
+			"bf6b4c85bdfa94e8aef5cda22870c39ad49c3c6acdbb3b0d58cd05424c65" +
+			"20740b5c2bce4336545eda12716317df58e6fb764fcb3004f5248c5ccd84" +
+			"f63abdc0dd2a64e447c0de4da4a1082a729d8ebe14810d396933085cde18" +
+			"318278481fdb9a748b637cacb491f5234bfe16b53a35da6677336baeedb7" +
+			"4a28c19a412e7812dace251446d40ec07afd63854c3dffbd5c0f6a9a3cac" +
+			"ee3bab07fba94800fd1fa0fe44f5f2ecb2b4a188cd02b8a2df0728347c50" +
+			"7d0cc58fcd5d54dffdbda11dd1bcc59758396ed8db77498fbe13238d3d8a" +
+			"0040194dfe66811542ddaa658094a9580d4e4b4e29",
+	},
+	{
+		key: "1285f117bd90b70ef078ae62f37d2218419e894b7d334759ddb2d88833b287b5",
+		tag: "429b2b39195a10357043c9601590a277",
+		in: "00ef065a1adb4ce7108b497813ccc748933fa8442689a7cb8dc7c1ffdbf6" +
+			"c09adfe05ca2cc5ec3acb7493f3497ee8f9cd9bb8a4b332c18e33f78114a" +
+			"c8f9a72ddb9f13494e934ad711818909831013ba195b53f5e9e5b4689399" +
+			"6d0b669f3860958a32b85a21009d47fddbc8697b7c9b92dc75d5060eb4fb" +
+			"40aed7a1dbe69dbbeb6296f5467ea2426cd17d323671fa408855bc53e5c2" +
+			"d111203ae38cecac7719c0bd7f21f6bd6a1588187b3b513983627b80ac0b" +
+			"300b7fa038af1cc8512403ac2cea6e406595202ec3e74014d94cf8780ed0" +
+			"33c570e887ca7fb35ee4768202aa52427d02c24e63f7f2cede95ca9909e9" +
+			"dfa86246a27db757750667c198c9aff4ce348f7ac51864b36ef5695df713" +
+			"d17b8f561a972d0136bd9ee9aa16079c2ab5d29ac9ab472255ade05dc49c" +
+			"b966e0c1c04258ef9ec59ded01f402d9fdcd9a2020a2038a8c78892ca218" +
+			"30136069485527069132959dab2b81c73ca590fde2a7ecff761d95a54d63" +
+			"a2664aa5a6deec163e46b5225bc98976a4f363063b0f42e29f792d138af8" +
+			"eae68d3854b5c1985d5cd1c9f49f529b0b4d2c936887b5b92cdebacef992" +
+			"c35e0b7bbd52114aff8c6b261852e28e451b02099814f809b0289cba0586" +
+			"04a363e3f969aad3d982f645ec4c549f943fb360fb8fa0d5a597bf89842f" +
+			"8ced6014a5b2590ef71524a7ad50fe0ef0e2f81b6e26b99f9ebbc8036549" +
+			"f7eacbf6ab884710c6406ff59788e03ede35c30d4781ad5af171e0623e8f" +
+			"cf5344d71165f0475e256e9159040f702b359a2963116ed135dd6c1d111d" +
+			"2a1e33e15c178ca4f02c5fb15593c50cf9a8a492f01e04778dbb81d26c99" +
+			"0c58cf50a9bcf4fe38fbfc0fc0685d8bd422a773c7bce649f7a86c59118e" +
+			"f5f857b2c72508cd1ef05e1a0c0b7ab4687fdd57437092eb49bf41a9ae8b" +
+			"bd98272ea2f8ee2515ff267fa6ae892c266a7effe61ed54984924aefc461" +
+			"6cf483dec024ad666bc797beaa429a742d1b8806f67d451b6d3a85b4d474" +
+			"003cfe9e9dd906df47da5559c41f15afabecc3e6af279cca0f2a200eb2e8" +
+			"31437e034d457fc880f60f5ae635690bce82bf6d1ad6b4f5344ec042bf25" +
+			"7d010273c861e3ac516e9ee2bab3a255f570baa32298467bf704bf6d9076" +
+			"a4c0b08a528a05cd1fcbdf51f3885fbaba7891a144fc058919903b269b4a" +
+			"29f43926eda32c38853b814a7d528156c223748d674d8f7f5448350f011b" +
+			"bfab1511001b8014e20fee37ccd4a0456f638c197c86dc116b34f955c0b7" +
+			"dee10bac5ea0c2fec8a780ac05098b51b902ca6afff4db3c6fb4f761df79" +
+			"b2039dc5f16d9402442a6fcf6c4297769e6c36824d908beba8e584ea0b3a" +
+			"91b9017baeefac651d0307bd89f517789236c0693c65a5a20f244d39684c" +
+			"eb810cd2ffd3c78fe9285d2eb9f55d133b86113efb8dffcbc6d258e84c38" +
+			"2dd8f4d7d63b65672516d9bfcc3310a79ce244b60d380128d529487f99b7" +
+			"d532d5f5c28fad8b9a071fd2fab8fd98f6d7ed9dadbd2fc4396476eba6e2" +
+			"1a1b1cc594a31fbd3418d98e4aa736cab285a2786fbbd4650e49f9b080ed" +
+			"3fda34941c28d25545395e1408fc3e60730d0696061f821a4d24123cadf2" +
+			"3af3d37ba7ce1ba3cde1368d468f136df82c02f9be9210022192aa02117a" +
+			"ef5ff70bcfeffd47bc37b920826a4d3db001f956939abc0df520f3ec1613" +
+			"ba1c4b3385cad97e42bfd15a3150711fe86ba4562f17780cee1cdf198615" +
+			"ca06270db84986f33e1d53d552b0da82397c496a23c7a78ca7641a908e71" +
+			"89249cc657c0431f1e09ae0213f28a27e6267e9d17b5bba0ea4f3c21f266" +
+			"fe538e215ec62f85517ae6bd87799ac5ce68453f09cbbc50d6e2a168f0cf" +
+			"7166ad50cb65b6c76406c326573c00e04a3186251c6181933828c58f4198" +
+			"f8208c4484805639b0d428fd05b57e4356239638f458a84000c7a7a8de62" +
+			"ec25b54d1e39d2579ec9c512fec475f243576f35efc02a1cd6b0478e2dc8" +
+			"be5f17aa4e3849cd42e76fbffe6e7d6f912d6edf80f718f94a7e48e1fc10" +
+			"6cac29627d9d4b82f05a30cd7c739f7f3ef7ea368d22612f189da450e274" +
+			"de7b61c6361521e684d639be5af4cb11fefa5fce6f8a5065c90873e504c1" +
+			"2c940571ea7bd7e9221129b83039d2edb069e8b5bb68567d8fcae34c6ee0" +
+			"cb94474d8b056cc3c7403873f2fe6db3b567a44e702e4f4813b2a264231b" +
+			"0a998207b41916715ef94e5eec281589d0a711f8e74be32bc60f43d693de" +
+			"77f21d5f7eef892abe87725f3d2b01d9ddb6dee15f40735a8fb67766dbcd" +
+			"020a93b8eef4361dc3a891d521551f65dbe6e3f68c60819b0a540b0991c6" +
+			"4449d207cf5b1c198c17ad6caf3adc628d09fa0baae7a696d84e1879577c" +
+			"ffe9b3f62669d4ea5ebab6364f08c66d170ee4a94d61fb77d60b33dd6b60" +
+			"650f034c5c9879243d5c16f853dd7a89885a9047a341b076912d47872b3b" +
+			"3de49edf7451b435698ac4e182d16c339be83e18531a34aebad36c5c7c93" +
+			"aaf121cf99ff92d3844d40740fe001eeca9ee71300d826bc3cfc87a29d39" +
+			"ea108a3cf259657ec4b967fbb534e7513ef3a96bffb35abc5ce0e890696e" +
+			"54fab515af3d2c0be6e003747504e486c0ec6e30fa4ca79d6596ae0425f3" +
+			"396e40fd37432e52c74f812250dad603b3502f97ada48a26e39fd4d44584" +
+			"6591bfa5ffb3770d95d3dbd49e9c3a38c6305796b8f7d79bd0845170925d" +
+			"575774445299bdf9d3f8ad3dc2dc5cfd3ef0293b84d6e11370851af05ebf" +
+			"b3510a22edd930797dcb76b759a9b5a77ed8dd5130e79ff5ac44b01901bb" +
+			"79603cecf674202bc5d84076ff41b3c806454ce80cb9e5fa9db77294d20e" +
+			"6d3008ae3017aba712862ecd4b32daafef1b8cc8b19ee8f8bc3835e2372b" +
+			"5cec66222ad5ea9df753c033508ec43c8b5995e88c36c13ea3465c8bc462" +
+			"ae0a659d9767db34499e9d01fb1588410257d6f588b3fdb766a66bce28b5" +
+			"e0880f8cf988a2e5eb5bf80cd7d83192b7392fbb2e3a07d51aea2b6bfac0" +
+			"d74d304f56d5af3598a0712cb09c04c5dc14194eca8e1b9b29f88344c0ea" +
+			"55638c0f8ebb70b6242b797fe2525fa1bde76293dbc0a66ab4715e6f9b11" +
+			"f7ecd8f35a20ee4ff3552caf01bb307e257ec0576023d624d6094d43d25a" +
+			"aadfce939a6808f8baacb2109c3de50a1cfada9e384cdba3e97d2c9025a3" +
+			"2377bb195fce68c5569d2d1267e1bc68fcd925ddb4acf567fb29ea80517a" +
+			"7e4056fb014cdee597333ac2408157ff60cfa1afdc363a11fd4883308cab" +
+			"d9a8fe56c2b41c95eaef854f20bf5941ed23156d86de3bd413465a3bc74d" +
+			"5acffcd15722879849c261c1bbe987f89a1f00b3069453841b7da667d566" +
+			"e41fd894d94de44c23fed08d9bdffb723aa8449bf236261240d865efd7b1" +
+			"74a4460e5004ff77f4196d1d421227dff7c78f1726df7b5eebddb4bb5f57" +
+			"5ade25296dda2e71ab87ea2b44ef2ce8742a7ad5c1e7a40e097eb336561e" +
+			"865515f7ee0efbe01d5a928f208f7c9f2f58974d1c11af0e737c673dc446" +
+			"1795da9757010cefc6e7f2784658717938735ed8cbcbd7981a1bb8f31cab" +
+			"b901c87a3218dd1195c59f64d0bc3ce8b72580fe38e6dbf1181e0090e5c6" +
+			"d162df9f31cc52fa6a8ac61897e9b4b3cb0ca2bfb38a38d9b78e46d775d5" +
+			"7645d2d6da16bda8edd8675e2ba121f7f85400cf7cacb9ffcdfae583fb93" +
+			"753d07985a00afc3a4e26c9939a5116d9b61196502f5d774ab4c7fb6cfa6" +
+			"01bcfddcfabfcd28055e858d7d3c19feb6bd7c02565add3a3af61bfba8b6" +
+			"f4b52c072a8613e878368318383143059a98a85ba521f781a8983c2486ba" +
+			"b83f5b91fce02acee0be8d0dda7489975f0506c8f363b5adc48ba971adeb" +
+			"4e1c830b5f264ed42da36d2b5ce2fdab1e63333b1061ec5a44ec1b6e99da" +
+			"0f25e7f7250e788fe3f1b8e64467d3d709aeb7360720f854afe38e190cc0" +
+			"925c6cbd77fbfccc07d8beeb0ce68e47442fadaf13b53c30a03ce317cf79" +
+			"dc9155ddf96814583695f15c970fd0b6cea0b04b1825eb26e65ea9351bf2" +
+			"f7a841ddaa8c9f8e885b7c30b9985bac23d3ce777b",
+	},
+	{
+		key: "491ebd0dddefc9f0117176772f9bab61b92a1f1de13796176091c56d1e53dfbe",
+		tag: "fbd3f884a3dc2a8be06ce03883282e1e",
+		in: "953b9a40789b206fb507ec2c5e9c88ca1baf25ad24c11a62f664db1da8bf" +
+			"dbe9b54f8e93b0bfb4adb12f8873096b8960fd91eb92a8ddb53232ac9141" +
+			"57caced33424cff943a8db129049af7e7b733afbec6637d8ee4f39d063e2" +
+			"be241cca6a339e48d72372efabceac57220692c40856532d95529adfae87" +
+			"a71c72f30244126d01a875375ad8836ef8db929bc81027935042a05c346f" +
+			"bc94dcc057db015e55c56064d2b11154596b813ee64b73bcac05d2688bf6" +
+			"f1fbb0cf3f8307b3df44c3e2dd1d226a4d0e9dc5f7482bada9611970f887" +
+			"f656dcb19ce1f8c5c86f4cbd1e4f49b18f170ecfd184028e769e79d7424f" +
+			"d01cb315897c21111f53f4d41c3b71402eea695272cb5b4e5f33abb9df50" +
+			"cbdaa55ed629d3ed7d93b43e550295502db1f2ed884afc320518e88be4c6" +
+			"b62a13f8d3636ba091d07dbc6c20c7e7fda016c05b2fadcfc9ea32f4ee2c" +
+			"4893de78ad8a1771aacf6efdbd8fb1f6ee9b0572ced3edc6313185b5d398" +
+			"88ce77950aa4c5201a256e3ae3e74f05b70faada14124b35b105a70e7769" +
+			"7184576b69708eaabd36e0ba885fc6bafd5738a67307a1181792333cddfd" +
+			"a4ef19c88497c82fccff05a8f9f732fc7505f0467a14e135288ee018aef3" +
+			"d0412f6b0760573d8ee4ab455d2789b4d22a42eebdf60616fe403627cfca" +
+			"fea672bd0a49e8e7b80e7b7b8feebce3381f2fc16819a8996a99ea230c3a" +
+			"84b510cf2e0d914610d646a2f45a14268ec1d6fca03d0aea5c9ae1c8d519" +
+			"b0e8b0f6fb8ad176b5d6aa620b253cc492b5e5645353fbd9b6c02bea48f0" +
+			"286e2c669782b5ffefa4d8f3f1037151026d9cca78e7808dfbe61df29e82" +
+			"951d7154f3c97606cd1e99300012578ea6a776dcef0811338b56606b51a6" +
+			"9893fe68f762af6c9c26066b1d503e64877d8cd988b443af66a36af8bdfa" +
+			"41b4dfb3721d1d81895884755b9c52527030afdfaecd66d4638fab1d1786" +
+			"3d5517ef7ee7d081b5555d24991810f1edde30930fd392f817cfe632b4ca" +
+			"6fb0460c36bde4a5620b9c369bf51c7d870c43998b8171a553d2f643fe8a" +
+			"58aabfce8cf7363ea978ff4d53f58284db822ca95b80306ec02a64d26a29" +
+			"c98520f1924c70d161682c54d08a2c48f54bb72980a8cf5babd0aaf0fd72" +
+			"7d5b1b9d9b731dc49bad228fe83f7347750e277a4fbd526983c206e075d6" +
+			"a03d68957b3e925a71bc1ea7304c77660d112a5d19fd21a785d4a8d7f2eb" +
+			"dc4183376d8125341eb28b2df5be0b4e04bbf95c47d2fe2aed939619cb97" +
+			"79548b752f57b723cf8295dfce69c9b7486b75a4e900f91926636f3fc78f" +
+			"7b7720a5151abdf5868fecf1e1a1d830cd6a4c5e3cd739da4432cf1fe2af" +
+			"a1090d6a1eeb32e7236ecfddb9d07b97220ab8e23edcc93d91abc11b0c30" +
+			"460d2027869d1c2487070cf60b85ad0b8bc5df566f6fdb0e58fd044da530" +
+			"6d277e564ca6cbfa820ca73fb6201b240a5a94c4ecd11d466cdc44046a66" +
+			"32478221bfa69b3a2cebd16baa302a573c90895d7f4cab453b11e3a4d8bb" +
+			"b5a9bf264781ce5b9796e3c47d0fa57f46b923889af4d073270a360dae8d" +
+			"51d85ea916f14787c6500d2d906ccaaa92d20d93edd09139f79bfeb5fcd9" +
+			"8c1cdbcbe9f2587e9c9094e3c4a32ab9ba56f400b929e80c0551f953896b" +
+			"e8eda6ecf22e6d4a541957dec21d6a9cf388ff0ba58169ab934902892a58" +
+			"86e1126b16118e965a271495ffa339c49466209ed3875b568a4290b7b949" +
+			"69d0465744a3c2a75c599c3a04ab1a3fd09125fe8f45724b2f48c7822b9f" +
+			"ef95af4b758ae66a8b6646df7a0a1aabe2a24c052fd6d30561cae0389263" +
+			"e3388c4c1effe431a04356c334aac64f36593544885c4b7295b57dc39638" +
+			"b665b22dcbf7dd6da867615de38c6a575cc66391135d47f8e1f0c73c6129" +
+			"17ada4099723933a758d83311b384364263cad5fe14bdd7c825d9601c400" +
+			"3537a5aca7f9da4710c132ce8b0f1464cee625633ef57f507739a0ab1cd2" +
+			"21ae634d4d0b3ff07e9ecb1baaef0a82a97279d46543a0464855cd62c07d" +
+			"5e890265612906a9eac88bec07b1dea5f67054c31ae40f8c673296cc5df7" +
+			"f0dd8cc9e643b44fd90dc2d1e870ad8acdbe165237642fd04c00965837cf" +
+			"bd2344ae830887a5719a3c16dc8ec08bd9131d055bfb959b64ff4cb638a1" +
+			"002a4fe02e369871cc4e3ffda17dd85343e679fab43e11970e60198b424b" +
+			"676ab17fb0dee10cc9c2e92b32b68d5b05b7a559176f822850c0557ed98b" +
+			"7454916e32af549a0027db95f02b88cfc5e7e05f28f53757dd97cc0f0594" +
+			"212f8801e58043cb17b040413c226dfce2104a172d218caa4353890de17d" +
+			"be1f53af6ceda24b8781801516cc51de9ca459e469b3c322be13d8c9541f" +
+			"755c518ca41a0ed42e44b9f87faa2a968b0292216e9f3d3e8987282103e5" +
+			"016fe9f7681496e1e8d663eb2d8bc30b41d735465527f19e336a98d2dc54" +
+			"d7c020bfab30fe6c62cbae7d09f84af69bc2c51a1839ffba15015d381ba0" +
+			"a44a3758771c4f18d13827f518f30bb74f4bff29a87d4b9e949f1063f63f" +
+			"662721cfd64ffe1dab3761852387f78fa83fb48ae2c75fc567475b673da6" +
+			"fa8f53770b6e5a3c9fad951ec099c6bc1e72d1c489e1ae620e7f12ddc29f" +
+			"ed65f29c65cef75014b999d739e2e6e015f928a30f2fee3f2e59bf65b54d" +
+			"89948bf2bfde98b076e5460643952befd02fc1b0f472a8b75195c53ea296" +
+			"6403b9028db529cd04b97231bac3068855fa211f4d976a88bc27a0088f04" +
+			"576e2487ac0467992066ef7667ca8429faee92db38003728e5c219c751f6" +
+			"6f011b5d679fdd957f4575a0cfb6b54693a9624f2c7e66c578f5f0367005" +
+			"c66addd1e3ab7ea1ac404e357cbdab9438b9b4f80b3a6761b864b006f1df" +
+			"689ae4c0434b06b686d5353d3e421b57381ea24fdcf6199195ccdb3d5cf4" +
+			"623a6bb1f9eba9b22fa15395f65f8093b5f90455061c1cbf8128b44a31e3" +
+			"910862a59e187aa7f4d22e0317ae6c177cef24eebc44171f70c25efac73b" +
+			"38ada0cba0b74f72d1c171277a734819c1111ebe46d5db20a6ff20e2c1a9" +
+			"a57edae95a3c1f80ddf2b12c86d3df0078a7bf68695b16ccf92053c727a4" +
+			"80586b8d87d0d1772e456fde0c20a7927f351a641bff5f22f9ee2217b6a2" +
+			"d0983c8102d7d5356dea60a19e105ce366b9d000987c8c33396569f97c56" +
+			"2d0fc0bc5859779aa10efd1f8df0909c307a9110083cc6d9748456c9bddf" +
+			"16dccee52b7974867cec718bb0b76b3353379a621257094277a30148ac38" +
+			"e5cf67ed7cc9c1bae12dbdeb99d7d880ce98e17f0dc93c5330d1824a3c9e" +
+			"ffd86f89e15b59a4bee5a48d4f674766896e187abaa39917b83f8d2f3265" +
+			"bbe7aac44c9f8d92f775fe6493e85ab44e6e28f79f28eff156c21e1abdae" +
+			"d10a291b88c4020b1ae8be001080870847a852d073e82bfc751028ac62d5" +
+			"6aeac1b18f2cff1c0c7d336bf08f8cd5099d9d3b28f9e16077e9caabab49" +
+			"f2d234616a7522a6bde1a3b3c608df4cc74a6c633d4c8068138abda8d26b" +
+			"4ca70f95d152888fb32bdee5dfad8ff4a5b002a0a327c873656db8d6fdd8" +
+			"ed882e47ce8e47c729e1292db9122ce2e9fa275f9bb986eb7e0a1dccb7cf" +
+			"abd0449c92fd35e2aedc4aa89caf53bcd28170cae85e93f93988e723a896" +
+			"10cefb4edb6fa545835fba3107e21dceb272c5a32da26fa77df070f41d7c" +
+			"ad1d68b836199ff0f1221e36b9b976b5e69bed54b5bfec67fe9cbb383484" +
+			"696265204797634594bc335150daea92dbc1004f613b4c27bf5c699debf9" +
+			"4365041b5a894701da68a93bcb61f4e546c553fe61f14ab0322b45915da6" +
+			"ecacaa093b0071f2516ca8c3fef2f1e3c403993d734403c47bfe5f4379e9" +
+			"cb5b613fde3c0d880cecef4101aad8b8b1c60a92ac5185f6c243fdf1711b" +
+			"0b56f0fd8e5ed6cc0f99da888e4f156455a0f0eb365b8964347eedd15d80" +
+			"2f297977af667ed1376dfcc610f5152421b97afaaf16f9db57a435328595" +
+			"b9aa00b5ed9ff106c66970fafef379f4d2f98f2c5984ea05aad64651fbf7" +
+			"7968c8cbc4e959859b85302a88a3c2faed37765f3f6ced59d8feb6c72e71" +
+			"f9d4497d98bccf95fcb650f29131e1df1bf06a5443f8af844aa1a7b5a68e" +
+			"bb250c7de3a65ae9b1086cf83f832050e55030d0f67c6a54ea2a1dbe18e2" +
+			"8a96c9e0dea2966997bfc5c5afd4244e3c8477c4f5e8bee8fc8ca9a5cde4" +
+			"d9c5a2c7f3d2e811b1de7ce4279229319e432674c609b4c8b70dc6172e9e" +
+			"653fe1969bbc2cb3685e64fd81d96d33",
+	},
+	{
+		key: "b41db44465a0f0d70093f0303bbd7776017bca8461c92116595ae89f1da1e95f",
+		tag: "d8a111a09db22b841fa28367ce35438b",
+		in: "b074b0984fb83749586881e8ec2c5ce9e086cfb2aad17b42b2429d4cf43a" +
+			"0400fd15352d182e6c51e9338da892f886f460d40bd178d81c52e9ab9c1c" +
+			"bdd812594e6fe7a9bb7fb729c11328d3288604097600a0c151fa3d9e4268" +
+			"de75866558e9f47d8dd331994bf69f826fd4a6cb475ae5e18365f59a477a" +
+			"dde7fbcf7e40b4e3dee020a115830b86f0faae561751e9b596c07491c42d" +
+			"e02fc979e69071113953729d7b99f1867116d058a90f1b8c0f9ba12c6322" +
+			"4ebd1b563a87734f5d6e2d4e6715d5f0213e33316500cc4b23784f78a9bf" +
+			"13fdf99bfe149cf47aeaaeb9df1cee140c3c1264fe89bcde8acda6bde16c" +
+			"e3d770ba51950b67ad2c5232ae0cff048ddfda8540cf18e673582dc96987" +
+			"4b127f655e7d4e08859f2c6b95403cd5b4e2c21f72bb872e49e592306286" +
+			"48ba1b16fc9637709636b198f9a297aec364d4c3bc869dcad32b1830e434" +
+			"b556b429136f0012a0a0b6fb3797bc8668014b010ea51674ef8865348dcc" +
+			"197672047fcf72e6b6910a0e32a4f110d85e28db0e338d9cfdec715a8800" +
+			"b4f007a7951d09e41620815848c89f8768344c50bd522c46f64ac6c98e53" +
+			"92176651961c7a70b62f3d1819bfda674e2ecd3167415edc4b97419e8ae4" +
+			"9974b56cd8d52e1d05b82610b59606a750b34844ca33bfc9b21fb970738d" +
+			"b66f48928df79cf67730a30b0b612f8c15c22892120548ab460a6b9bb3ac" +
+			"e30554c86c9681c797821a1b1ce91d0e87fe90ad4097c974cfbdfd5c4c24" +
+			"a5f808f388e1b1473e858f48a387614501c8c39d6973ded69b1764663cd5" +
+			"166be02b596a49e392d637e3d8afc91323f7450318b79d5488c040e346cf" +
+			"0cee512044514b570aa66bb98d639a9ee23a7cebe28474592623d082873b" +
+			"73efb3eaa4721fc4761e15a390497cb13cce181107e8b1a0186b9e47a5a4" +
+			"b67a5be3cd88a43d341ef63f10af6970aaf56035db938655020809033a92" +
+			"8d4fe6d2f5424fbde2fe82adfd991d388edf293cb4e3eb68d876f225a5f1" +
+			"58208bcb1aaefcbc28d6763d267406aa8d6ecb413d18cff7a318ba031ba6" +
+			"0ac4560748c248de64eec56dd4540124b38581604f502d94a2004f9eb1d6" +
+			"edb009e16af6c6d3ccbea79b10743da98aee7ace407a90c6cfdde694f36b" +
+			"e0271e722618a457be68619b980754795f4ac95ebf4f1820b85ca8e3fbff" +
+			"a2430f8e01ab422d7140751f7741f2c921400dac404b04e049736738a87b" +
+			"6f49bd54b1b447b922c473831a65f224ab84fc96e4551a0333bc6187e15c" +
+			"c0f0ad628068bcd7c043bd1e3036ec01e7fdc3d157476149917baafaced0" +
+			"15d09fafb92181a0ec65b00c9c13631e65de184377416e04d3d93b847e0e" +
+			"286c1d88245d4d550d30d4fbfcb416ff26a39a94275631c2deafc7cb6780" +
+			"f149e4d0e9c4515b708fcd62be5252485407a6ceeb9247de34e0266ef384" +
+			"976f6d31284c97468b3b03e951d87a5a00836ea303a266147a79ff3431b4" +
+			"b382e86c74d92661e0f65e266b7d569c03994b667a8137f3080eda2ff542" +
+			"0f0b52b427558dc26932a22a615c9e6b1834a251c6b68fdfc0bbe0e8781e" +
+			"36adf669f2d78bd23509ef7e086634e526258e8d11a1e0be0a678ac09c7b" +
+			"b4e3c5758504011e701dc85997fe2a3e40c7af83f032bdbe7adc10ef1e4a" +
+			"666946c2bf31dd8e3a383211c9684d5302f89dafcf77976d5a02c14e2462" +
+			"09d2d99918e82402cb0eacaa12032ad8316315af1b3d3bd5058f7c935d35" +
+			"ef0d4e71373958fd5e4140a9a586d89c53e4144c00148a4706a524896eb0" +
+			"5b1479a0de5d3f57be46b3f5fa4e49bffe027c81a33e37abc01a4cafe08b" +
+			"8e21fa86b42be52d75d6407e6cdf399de7aedb9b61a6917b2677b211c979" +
+			"33536664c637a57ce2234e3319fe8b4a77d7285ae6347464dfd0aab3e6f1" +
+			"178e0029686770d3b0dd541490b097f001e95f27efe8eb16e4747937d643" +
+			"cdefd49e586ecad541270cedc3064bdb7c79f086bf1fa8c666304d977a15" +
+			"54ae268881e17d8bc3fe51fa9969f7e560e3d3e050424febec0998b35f2a" +
+			"7378b2c3e384cbfc80c4987734d76c78224cb81cc5376f88f0ceda28aa50" +
+			"44e956537c3ee209071d84a66173384e0aa466d989759fb1f2f17fe627a0" +
+			"ffeaae7c5a3884b237f5151278a07117c2e833f1815c7e0e0b1611f25058" +
+			"ca338d21deb1a571faf1d0486667cb7c58e2814c3722d24fb77ce1b7e018" +
+			"2ae5746442b5ad00208b17c0a68bab4df8a8f36edead4fbe79b4c9220dd6" +
+			"acea6d23c7caaf6ce7cabeeca677a1c764d610ea6c7e994d6a9c88f57fda" +
+			"ef160b251e7595578ea2cc1441d480c14b8b6945e76a001891b1f214979b" +
+			"c52ec15e9480d706a40cb6e3b259ee99a9e84e63a738f1b52cf71c8ecb04" +
+			"fc833c2c680bfed587aa1541e5ffe8bbd7b21302bbf745011e559f94f952" +
+			"8b7fad8a37f6d855306a5be22725859cc950bcc334179d49564af3b9c78c" +
+			"e1de59a9cb45086a33856ba7195c17cef573950155bea73ed16645768bf0" +
+			"a5cefce78ba3ff98a54a8e8afc5dfcb0d422bd811ba9b7770a663b081dbb" +
+			"40aefffbeabca955a9638830f0c5d70663cbf5b26067cd061c4a3f5cf8fa" +
+			"4b6678d82d9a2aa33f8538b7499a3466f6b0ae2a1daf280ab91a6c220684" +
+			"12705245f353b4b83db50bedd3bf99d42bde6363fd6212cb745467acb007" +
+			"b678128f6580629a06171f7f3af272f8900b801af3bf47439167871e7b0c" +
+			"33f198333992a6c52c32be46071738cfbf245937d48f816ebb88ff0e726a" +
+			"dc41de4c771ff0bd320a4c0b1fcccd9fd6c42ec9c5185943c70e9a4b7c26" +
+			"a980afe104bb1f99576671a254704c7d4233eaf9915e1d56c103ba9f6e8a" +
+			"46aff466933bf58c9842796ae9cd21f7ac6aa96ef42ca54e390203bac354" +
+			"b7c1de7d1887c48255201335f819020e2782a2ee8af92ceb206b651ae92b" +
+			"3f4fdefed05e08974aee0a353d104b1be9a5e75c7f958f1981271b0a6928" +
+			"05a7a2f28a0448d86102b4fadf9ab4ec2f98e31e64fcfdf2b524780b3342" +
+			"7a2a3100c2032fc93199f3ea7a9e8063fe73282dcb1fafaa9496c7da868f" +
+			"dcf33bbb761df0bfc6fef30fadd2b6efef4fd3216a8aee48a2ef28102491" +
+			"cf7278b567c272d1064a277eb193b3f6f01df641ddb729f72454943cbd3b" +
+			"671ec077f9e3548f5f57d063c653ebee4f228a78f8a128d26f7f4b44160a" +
+			"07e942bab87b2d043c77ecdf10c1a419e0a1c4162a99c21d4abae0558b8f" +
+			"4dc0b7f1ca3892a6babf71f2f70aaca26bb813ac884ee5d71abd273ff1c4" +
+			"add230a771b678afbb12a1ca7fbcb2c0f5589c9ce67fe8f78a8db87825b3" +
+			"09ca34f48ac35aa7ac69c2fb2423807650fcf47ee5529e9d79dd2628718e" +
+			"230ffe5b83f9d5bdfd9c5d211282e71cbcacf972995bf1b13d21419f7fa2" +
+			"8829ed1dcc459da35883b9269a474f7fceff01d44ab78caf1ef7d8117f50" +
+			"cc83eb624062b149a6ed06ddd1cd1feafccdee7122353e7b3eb82978ca69" +
+			"247fde52d2d6cfe7324f04af5259e1b5c2460889da4541b431ba342a1c25" +
+			"3a1b1b65fce7120829e5466e7ad2fe4e0f773c7c13954a9c92d906c91aa1" +
+			"de211f40916596bfa8245344e257e5907a2c49ebcc864cfbe28663e700d8" +
+			"472c50355313d5cf088e9e8a19cdd85bcfc483520498c6386050e53a3ff8" +
+			"1e2b77b55b116a853d71f60d621265166cd7e95ff5cb4466226d7cef68ff" +
+			"d0a35b61e76a43cdcfa8da7fff9558e2f89b981ec6be632b126303ca1fe8" +
+			"53d5c628d967d39317b60ac904d6a882beb0746f6925a86693aff4deaac2" +
+			"e5b64b611de86767d55a6e11221605508b1c5cc828251539b1b6f65c2c04" +
+			"8e65be5422c1b11194eb687d906c559068c0a810713b23b30d8b17f10df7" +
+			"0962c5e7e782aff7bb95adfe4cba9d90b0ebc975fa56822025100b5cb8b3" +
+			"8bdc8928c1a2a8034dd66e2a763696d7ce6cef4dd586b83f7d01749d37fc" +
+			"4fe8d7abd324d4ff1efdbdbfeb0a2fbb8b266fc2bce8e5e5b95d0089e7c5" +
+			"d7de4db837d1822ac8db8198889d6bfe778d0b19e842f12b5afd740aaecd" +
+			"e36e2cefc2cf0b082aa0c4f75684d024b8d828d8f2911fe1aae270251f62" +
+			"4f49584e40bb193577c9d8e04eb16c094653cdf9a15fe9210f724c7a7c73" +
+			"74cfd1a74abb5ceae88ea54f7e7569f8eb674529cbec965ed05bb62f1968" +
+			"8fdaa97297268bfeefd06eb21f700cc56f9bf7f6cecbbbe7278ada8399fb" +
+			"960371a2d5cdb852b11c9fa17650e614c5297bf46cb7889d52bcf49d2560" +
+			"720852822b75bb16524d88273cb366b84b88282da91875562e5a1fe73973" +
+			"afe90e5cdd3f5381612d3ba7bfa058d023a9326e403ec474d8938313fb32" +
+			"bdb5bf899b900c3818c43c8a0af6a061bd26e847ed75983402ee8a9cf4ef" +
+			"85bba5545a0d329ba81495157eda0286f1917de512fe448251697dea406d" +
+			"a510adcb05",
+	},
+	{
+		key: "b78d5b3019688e6ef5980c17d28d7f543ca5b8f9f360f805ee459717ca0d85a1",
+		tag: "f01babc4901e957d0c2032a7279321e1",
+		in: "ba7d35b2ef8af1118bce1e78018c9314b0c8c320591e103d23f715acb05e" +
+			"dc98fbc618de06627661df5842dbba9f604c2d20d664e5db06e949b11d49" +
+			"665088dbafdb0d39d20beaca7d723f8dcdc57e9c5583d303b6cdfdbecf95" +
+			"7d8daf2f1c72b2a6fa27e3d18841f4841abafd334c110cd2b74efb6191db" +
+			"ab9b8fc8427ee17664082f31db98d30bf15dda967e20730a9ef525abe9f3" +
+			"f620e559ed22bf74d347c9869f0311f33da7f1a3dc858b3a8aa73a35989d" +
+			"b055a4a2c269c95e352259c57de8b94d8de48984ecde426d3ef60ec1c7b4" +
+			"41cc950f7764f55bd0cf52d069b9ad446d1f765f35d02ec104ffcc00bf1e" +
+			"dc1b951ef953acd19984ff1b41041bea0e9f5326a7c9ed97e6aab42174ee" +
+			"971ea1dbe2fd1c1f67f977ab215962b0195417170f6b7748fd57262424d6" +
+			"cf7c235b34425f4047191232722932213b3eb73904cadd6a2e9c7571d7c6" +
+			"6c2f705b5039ff75e5e71c5aa738bf4177653e6eb0b49303a4bc0e641e91" +
+			"2691f217296a3325431d578d615afddf47784e4618a2ca40ccecb05d621d" +
+			"a52f272b8cf84f7fd8177c83af1580d25a764cc06436d67171cb5d1e3b39" +
+			"367b46d9a59d849d87ab6bfcf3fb9bac2b1ebfcd1cef4459e74b0e1b7080" +
+			"dabd2dea79f75581a55de63c4b23ff67d986ad060102933fc6cce8d614c9" +
+			"c86dc84068828dd9e21ffc5665c809d83b09432fd315dfce5d7a4ebd8143" +
+			"181953e3f8716e47b0b30cc1f753e31a7d509f2dbd4177b6da310cf3cd02" +
+			"5db270adf98e96259a5ae1b81f5be4d5c76f502a612ca73c76b91e0ca695" +
+			"aa921f9489948619482c2956205ae71fffc3aba4476ff754e4878e36c763" +
+			"2c935c076857c5b90cd63ea4764efbcee53e2ddc9bdce54b1cbbcf0e7544" +
+			"d023e7c2b79419ad92221a1f76abe31a8236e370d38e2493cc9ca2aaa811" +
+			"30fc713d11f500fd071d6eba6861e8b0859b372e62fe60b627a96c377f66" +
+			"236aedf307e1d148a61bdad072b93d7d2a73367c595b1e048f7023e72729" +
+			"1ec508326f5424a5bbf4e010d0240b71fa9137e6642ab40c5e4fff79877d" +
+			"b3253c663a221b49b3e77ea307c7b9f3f72a0f3a54d0112c45c64a0c0034" +
+			"baf2b55ae36ea6f811bbb480cee663136474dacac174c73b1e8be817916c" +
+			"fd4eb1876582bb3a36cfbabad91776aa676305ddf568a86e3a5eb687fa81" +
+			"67771fca7b5ca00e974b3cc3e322b4bd9bcee2a87d0ae7976da5e04fa18c" +
+			"219fa988d4f6fce62f194b05c26ed3ae1b066cd9751a2d916d53426a454d" +
+			"58f9c3b2fb49374e5791b412fdee1b6029144f1ca787f56fece4f64f4fac" +
+			"bfe4cfd8ba7c807a83cf44008fe5126a283ab2631a87acd8e2a3bd10979c" +
+			"4b07a84a49b0687a45a4798ded0b5e9b2acce30e714d78395bfa8f33ca91" +
+			"e68b2138bd67d8a694cd87c88dcefcd101a3b408d7a9095cc6a4b38898ec" +
+			"c8b375f5a67deaaf73eb7e99b10314ca6bba824658bee85dd731d9a1475f" +
+			"976b7c0aed4b67b088f0db5ca5091273217f724969dff6cf184181377c45" +
+			"5722beb23fd9d097a82ea2d8d527ba6284acc20cb30f2e52af28800c61fd" +
+			"1faf9f4f619550e0162a1a63758e202533889b27420fe7d0eac9a47a6e11" +
+			"1d80054412340e0426cdddbb3c7b9b823b8db3ef58230fad7a3ac21a7805" +
+			"d30878d4ea78dda95c951b7a5dc552e9434c35e03e1dd88652d3714f8fbe" +
+			"a39936cc0717c2e0335371f2a751204f5d9386baaec853f019325edfd1b0" +
+			"719d1fdac3fbd774a64bf957fc54039501f66df94b5b9b82c2076c597065" +
+			"dfcfe58b2e215a3734066aeb685ef97759c704b5f32dd672ba59b74806cf" +
+			"ad5daeeb98d16f7332ff0ca713d541c84e4aef0750bab7477ea707e2e497" +
+			"e12882dbc0765106070ec6a722d08fe5c84a677817b28fa3a41a6117f2f5" +
+			"465c2a2f0eb2b8be4f36e676b4115008bade3573c86cfb1370c03b6b0dc4" +
+			"bbbb0ada4dedac10a593655068a26febc2bf10d869cac84e046c9c846ce7" +
+			"927431f606f07b92abdfd81260199ae05ed01dfa07088c56a6a8de9c6d51" +
+			"d61d6a6d3f9904c216ea8329467a006a3d2495a768a39ef99a21827d2def" +
+			"909bb743fed7209f7fe59ff1c1e710095b05f166c6173deef5c6ec4105c5" +
+			"fc3b87c8269c786bebd999af4acbf12d20453b125f338aee87e9509ee405" +
+			"9c9e568e336304d7be9ffe81d1700555b0800242d9b7450d7256f2b17f6e" +
+			"d46a39f67bb2980572ce73169e352070dbafd4c7fa5a6be78cf9b72981c0" +
+			"a01f1e1e30ee3736c59828b791d2373799854497a28a44bbe0e074925723" +
+			"4986696fbb06ef9ea83fbd49c45a583ce12ff10258ba06127c67b0f66dd1" +
+			"09f1366d8036853973d8884f93de54fb2a12949eefc020717eff47898cef" +
+			"306b5de068411f1e113ffdfe2556e0faedc3e27d95a45b8afc15ba0eeeff" +
+			"eb86da7b4324e20af80c62bf0ceb4aee1515f5912f71c6bf2febf20123e3" +
+			"dd3a82dc1e58a108f1039942dcdacdeb1f0ad0b2ef34488d98d6a52311ae" +
+			"acbd03c12f6e775e375d5979c7c295bb049f2cfd3580e3da3841ddd8e6af" +
+			"4de5e6512ca79cebcab9280554524881da37984d340e8f0163fe10a02ed0" +
+			"88682560bc6d3c4dbcf1a542ffb3dcc2ed16a2eb96896e8269697ffeb50b" +
+			"73f2cc354092e782a0072fc12e1eaff117c2cc8a5a1ad8b47802ac9e23fb" +
+			"91a0cef9e4027595e0885464e61563093ee2b1dc5f22dfd04af7de6a70d5" +
+			"977d3751a4b3cc0c71a71c59c0534cb1f8c0eeddcf1c0e1b3e5ad0d083b6" +
+			"6e8b998ddf9ae9d3b365c851d42e995b9afdf8d66b2ac40bf514ce32e456" +
+			"0880afd38c42c08926067eb243c4b1184e667ba756c14ace5f525eb48df7" +
+			"ebb429d0a23d159664f8021d27dc7167081de331c7114c9c6456e1ffdb42" +
+			"2172a81c06d8deca995e158c48df27261a83f83e0127f5e056a139be9b76" +
+			"e25dadf534d3d1ed6ebc0b5d77d51e5b90ff86f30d4023066115bc11b33c" +
+			"c827b1103098826d0bf8777176b2da6f1e5b580e407ccf7e614fdf4f5b53" +
+			"3ef6d30b20c1bee61eab90e983b1a97173a62720ffd27abb8976a948d532" +
+			"d06596c23b0ef31c79831bead8f8e99ad209af3658cac0cb3c3f9c88379b" +
+			"9bc871d8e84171d53400902da1243f664afeaff60bd96ba2639a7644676c" +
+			"a79f43130af12ba2c877d67f7ec030a4217a72f5368af7c9f24e643db6ac" +
+			"97a04adaf57dbc53762d8dfa1afd49667c4041adcb5ec303e191b786273b" +
+			"bb065cd9f16a3a4a399c6a7aab9c1a6604998264e8b3dbd13d8f2228b13b" +
+			"2c2b9fec5055d8e9f2df1d9a25e4bfe2029776389877bbef7e2c7621f06b" +
+			"c0b7fc0786e2b2d042483ccd4a59d2872a6c5ac73e217123e5c8401580a8" +
+			"d967e0895aaa28f4d25ce68c90b4394d8113bc423e9fae46ac47bc2ac191" +
+			"fb97b80b5a85feb2bb54f84c493235c1408662fe253c6786fcf6fdb8be87" +
+			"dc66a72cc847f94dfb5214af5905b7039a7363a1b23a07853daa26862783" +
+			"ba08a80846fbb93ce98700a4f9961115128dd67bd7d19e0c588fdf6196c1" +
+			"1cb0154002ae862f11421f5dc3a57b6c0870b452272be556a1d14eab1af0" +
+			"a91ff5b89de6bbeed6e03bc64f5efddf9e54da71c594bc5ef78e0192cfde" +
+			"da36e4ad1a6b0b51110c1b24d20dea1f19e18cb1184d80189f842d4f07ac" +
+			"834744dd009aa3771b1e5502fe4b65a403a4bb319e1880ff6ba852e90a8f" +
+			"4fcb52cf374c88408428cdb1255291b04ed58c992310955198d61fa1fd9d" +
+			"762d48f2f65a287773efc67d549981c291b427889d3e3dfc0cc6cd68415c" +
+			"dbed81b516786dacf431472a7dfc99688d15bb6c1b85b1a2015a106e5de8" +
+			"cb9eec4c80b17d00fdcf4a9c64de4643a95dade8fa9f1bc5c839037d86c1" +
+			"3800a244188e3b18561a74912ed72f99f2365f0126732d037dd54a3ab77f" +
+			"9a9f6a1c1469ea92eb707482066bd4990dec4d7614ccb4ea6dd4deb8bee2" +
+			"2c4dc0b9b4d4cc70a500d2c8a5ac3ef88a38439b7dc254a6d920cfd317a8" +
+			"4d7747148c65b6730709e43369d4c995b03c58b9df444f77f216944e70f6" +
+			"6446554d8d513b8f7f28ef0a2d7ad5ca2f6110304196953247a7ac184f68" +
+			"61fba896c2d5a59007ec2b2c8e263957e54cdc1f3b4a145228823fdf0960" +
+			"c33a28f59b03ee4be21001d2f56fd49ed14db33b2c4eec2c3f41b250a624" +
+			"99a9b6602c1e838526a54cdcd058af1c252d56009d4c7769deace53bdb66" +
+			"543f5a081cdde775e61efa70956fe2a7a6019a164c6e413ded314bc928b4" +
+			"aebccb946ffdf3eb33e187bf421febe26112b3262a526de65678cd1fa03b" +
+			"83513705108fe0bb87aa99aceb28af3641c46a2c4427cc1063de01aedaea" +
+			"fba68155d4de494a27ff6b7fcc8f5c5c3f7d3a115c397a1a295bc55aec8f" +
+			"7f150cbce2a8aa4706d54ec863877bb966ad441c57e612a1b5d438b98d9e" +
+			"fcdfe6d4f66e885f96407e038015cf974ae5a3540692b054d2ddfde59b28" +
+			"ede7e2f581eeb56c5b88e2779aea60c1d8ca6107b0cdda1ac93e6c7520da" +
+			"edc66afeed12f980e20e1e1c327d15ade4bb90de30b011a9cb33855ca3ca" +
+			"e2",
+	},
+	{
+		key: "2b0b0fd3347e73c2fa3a9234e2787e690a11aec97a1c6d555ff7b4047b36f372",
+		tag: "81b1a6633f849ab0aa7baafa58a5d9b8",
+		in: "427f3a7a5f1142ffa68e83df5f917e07b2bc454f3adce068a8ae9e0908e1" +
+			"3e0099aaa9074697593c6d8c2528fedddeca05e3888be1a0a201c389a72d" +
+			"20cb661017544d95a431e70e7c6580d8fb46ea4495bc59db6ae2cd69510a" +
+			"02426c50de1b6110120f759960605aca718d4d0a497e003e1ea2b8ae9a53" +
+			"df3c1eb4f704eb32f8f05eb08cecba0fd4a94f0daa3b0984c30a38f94b7a" +
+			"10cde723182d30588bc40f1f9d38a3bab4800fdd5148e34e396144763696" +
+			"c9b3e9b8adfdb337123d54237c7413f98bb2056152b256e37a27bb947c67" +
+			"240fa3ce8da62ab367db540bcdd9eb873d6c71c75a08fe99b5c11ec8e6af" +
+			"f926d2adfcf073479de394d4aac5fdc6241824d944b8773db604c59afc01" +
+			"495ee755905e5616f256c8a64321d743a1c9368d46418826d99b762e2f6b" +
+			"f998d37a995969cdc1de85f0ce3987c6550459f5e5bfd9173bfcb9e0112a" +
+			"d91f092de446beba14fb3b8ce3fb2f9c941815b2cb5a3b406e2d887b7912" +
+			"bba07c8dc7caab9836827da93ca71fa5ada810da1e5e9b09738524564d8c" +
+			"923746d19c78dc9107b9f20f653e05d7f2eb6bd90cf5eb30fdd7b587eb46" +
+			"74a1064c70ef0af2e75373044d32b78d96eb1db3112342d38dca0e47b96e" +
+			"9307fcdd711b1c66355186369a28481cb47ef6bf6651c2ff7ee4665247cb" +
+			"12b573933d3b626d1c6264c88bd77873c2e73e73ee649216bf0b6d6615ab" +
+			"245c43569d0b8096596f25ceca8667661de1cd60dd575697370ebd63f7e9" +
+			"5333e8a2cdb829b75ea83d72cd246d50358f7c094c8a515805fda03165d5" +
+			"21391617c9f9a2ea562b419632df611a67912d2b369e5e505dbd5c719253" +
+			"16d66cd608cc4a9583a8eaa4661b7279870345fac3031631c1a220551527" +
+			"5be7d8d89b71960e687aace3a0e8f206e475053d6fbf97717b154c75406f" +
+			"2caa97d1ab66048f1c99281c188a2f37b8bfc736c25840a9130ef2031c05" +
+			"6acd9dc10592eddf94f5bac85319b10ae46cc136a0738aa803837287ed7e" +
+			"dafe08d1fcf31d5e63763e39a5e1f4d7d0edab368d44e63fdb33c28905ff" +
+			"d6be406a024c017081b4f2d70860776e9d2556cd008fa5017b58733da13c" +
+			"634938407a118827a80baa28d4e605db59430f65862b90cd8356baa287b8" +
+			"4e6d9199fd80abb9fa697e2c2c4c760128e4ec0438388cf407e2a2fe0f57" +
+			"908187ed8efd4c5cb83cc91dbe6a11444eede85099149ca82921bc28bdd6" +
+			"b9999594a41d97307f8854b1bf77b697e8cdd4daead2aa49fbc571aa44c0" +
+			"bc84a57cb5fd85f06847ad897ceaf449eec45bddd4e4eb1e1e119d15d5e7" +
+			"90957e686acbdda1bbe47ea935ebc4b8c2e3cf9b7157cc6dc03bcb19508d" +
+			"a9e19cb76d166da55559ec7e0995d9b50c6c45932d5b46eee400c56d9dee" +
+			"618977dcf6f76e3e86bc5207493afbc2aae9f569ec9277f33d9f61c03d59" +
+			"dd6d8250ee8cb3e54e5e941afb74f0735c41d52ef967610c9f55b2b52868" +
+			"4b549a99ae3392a7237bb52ff5f8d97327e2837268e767bed0bea51f76bf" +
+			"88bf0286bf22b881f93f1d54fab5cd4e3c148c96c39e7aeef375de249df0" +
+			"4d89d1bd97a7afb2be0cbfd3380cb861d31e4ad1ea8627721e4518b9db3c" +
+			"cda20273ec23549c4adc3c027e3ac9558de2010a0263c1225a77dac8be60" +
+			"d498b913f91391d8b2656ffddb06e748cb454dc2b7226745f11030a6b9ae" +
+			"09ac8ac428d9c6500801fb540650c94610ab70465b1210c6db2064dc84dd" +
+			"7f52573f8f40c281470e85176c85ec6de3c718663d30ad6b3dfc1a3a9606" +
+			"1936744357ca62fb8bb066aa1fcac6d7a2adf0a635cd546bef39fbd3ee0a" +
+			"8802ab0466ec9b049b5892a9befa4377cd199a887c34569b6f90852139a7" +
+			"86babc0049ee2b527aa96b988237a52eae8b4b49d2ee15ee5294118cee62" +
+			"3c3e11cecb836b21af88555f10be2eff8379beb615b7b3d6c01d545cacf6" +
+			"61be8ebbf7a3c58ac5e0e7b17997659a2bf15f2b2e3d680d142fd29d23a7" +
+			"aea9890f3ff7c337fce49ecedaf38573edfae07810ba9806723e576d687e" +
+			"a11700b8ccb96a6559259c367cef4e3999a05a373ab00a5672ce8b3d1dec" +
+			"a414187f383e449d10021b73c1f7e39ce01516b7af96193f9993036049fc" +
+			"72ac059ef36b2bcfbe13acf140d41592880fb8294ebffb98eb428ce9e65e" +
+			"1094521bcf8ecd71b84c7064539a7a1aac1ad2a8a22558fb3febe8a44b87" +
+			"72fc00c735773d4ce2868a0b478ee574b4f2e2ceb189221d36780b66212c" +
+			"dd8fd3627cf2faaa23a3d0b3cd7779b4d2b7f5b01eb8f1d78f5b6549c32a" +
+			"cc27945b5209f2dc82979324aebb5a80ab8a3b02129d358a7a98003e701c" +
+			"788a64de89726da470010eda8fdcf3da58b020fadc8970fafb08a29bef20" +
+			"2bd0707e994015258b08958fc2af4c86c3a570443fe6e1d786d7617b0c66" +
+			"29a6d9a97740c487622b5b8186c529d7f8af04d9f0a9f883043f08103ca4" +
+			"d70057ee76639f3b1046d86928d54cd79fb5bb7b46defdf15d2f8578568f" +
+			"1d7b73e475e798ec6812586700e038ed4791b23ac9439d679a1a4bc04cea" +
+			"e328330c24b065c9cdcdcedfbaf58e5299779e6f48783d29ec3b1643bc8f" +
+			"1095c724dea75770583b15797fc666f787510d91e65a8e2090cc1ed2013f" +
+			"e63ab17bc7640ee817487f4eac8326e9c4698cb4df05d01bae8c0d00fc00" +
+			"08919484d5e386c8f60b8ac097c93c025d74faa56e8cb688d1f0c554fc95" +
+			"aae30873e09aae39b2b53b1fd330b8546e82d9e09bbb80132d794c46263f" +
+			"4fd7b45fda61f86576dec52c49f2373e4dca31f276d033e155bbcdda82af" +
+			"8f823948498f4949bf23a08f4c8ca5fcc8598b89c7691a13e5aba3299ee0" +
+			"0b479b031463a11b97a9d0ed3189d60a6b6c2390fa5c27ce27e28384e4fb" +
+			"04291b476f01689292ace4db14abcb22a1a37556675c3497ac08098dfd94" +
+			"d682401cabec239377dff592c91aca7eb86634e9d5a2848161dc9f8c0c3a" +
+			"f7b6a728371fac9be057107b32634478476a34cbc8b95f83e5b7c08d28f6" +
+			"fb793e557513ca4c5342b124ad7808c7de9ecd2ac22d35d6d3c9ce2f8418" +
+			"7f16103879ed1f4827d1537f7a92b5bbd7cd12d1ecc13b91b2257ad073b7" +
+			"a9b1ea8f56b781bea1bddf19b3d7b5973f1065fb72105bb4aeecca5b7513" +
+			"ffd44d62bf41751e58490f171eb9e9eb6d57ffebedd4f77dd32f4016b769" +
+			"fed08dd96929e8efb39774d3c694b0d30c58610541dcfab3c1cd34970195" +
+			"7bf50204acd498da7e83947815e40f42338204392563a7b9039c8583a4dc" +
+			"faba5eaf2d0c27ada3b357b4fccd1595b9de09c607ebf20c537eb5b214b8" +
+			"e358cd97992fa5487bc1572c8459c583116a71e87c45c0ba2ca801931a47" +
+			"a18ef0785ebbe420790a30278d2d0d42a0225d211900618438d1a0b2d5be" +
+			"d14f8b4be850dc8cb08d775a011683a69ee1970bb114d8d5017de492f672" +
+			"09062d9ba3616e256d24078536f30489e4dacd6429ed37aab9b73c53fdd8" +
+			"a8a7aff1b914b9d82d75a46d0ccf85f48d3ce9a8d3f959b596ae9994ac3e" +
+			"3b4af137d0c8e07ece1b21fd8aa05522ba98f85a7ab24ed8c1e265fadf4e" +
+			"9a18c5ab5684d8ba8d3382ad53b415c73ebfaba35abeebaf973b6f18e0d8" +
+			"7f019420eb34e09bbb12afc5b149f1e9e9b6ae36ebde429d437ada1a2d52" +
+			"b998f7c75ef731132aafc3bb106a2ad3ae11223a355804d4869ebaa47166" +
+			"2df261d95d48ac6eb17c1781e81c0027ccf8f05c39e1eda7793cb16622be" +
+			"ce7a1ad5d2f72f8bf4bdb2f4f4dcadac3db3bf727f0d447adddad4500360" +
+			"09ee011bf4155e5e46c74b00d72e8e6a88de9a81a5a4685651b90e874dfe" +
+			"eba41698c98370fd9e99619ce59ebb8342417d03fc724f9c910ae36ac5e5" +
+			"b46c424141073199aaac34232a8e17ebbfdd80eb75e82290de92968f3893" +
+			"0ab53dc83ac433833576e86fbabfb9d7cd792c7e062811f4cb017710f841" +
+			"1e0fb65ea4b3cd68b0af132cb08330aa13579196ec632091476f268b44ba" +
+			"8f2e64b482427dfc535d40d3f58b4dee99053b35a3fed1cb245c711fa16f" +
+			"c141974c8db04f4c525205dad6ca23ccaebde585cd3bc91f5874452ed473" +
+			"08de95cb6164102744f90b3007e511e091653c97d364fe0cbd7f4cd3249c" +
+			"1f5c452becd722ccc8c6b4e371e2631337dff78efd903a8fc195a90ca5a2" +
+			"aa4513bc63cd43794ff06c5337329055c43d4fb547e63d6e4d14fbe37b52" +
+			"1411caf2f1b0df51a68f677db59aa227c725cf494ccb7f8cacc5a06ac5bd" +
+			"f135a2603175a5fd5e5af615fd2e7cea61934e6d938b9e672290aaccd99a" +
+			"7e26dc55efe928e56ae6354168264e61668a61f842a581cd0c4b39e0e429" +
+			"04631c01320857b4d7e260a39c7fbed0593875b495a76aa782b51fee4f88" +
+			"84ca8ddb8dda560b695323cdde78f82dd85757cadea12ef7cf205138c7ba" +
+			"db6a7361a8d7868c7aefa7aaf15f212f5f5ab090fd40113e5e3ad1ab04f9" +
+			"b7f68a12ad0c6db642d4efb3d9f54070cc80d05842272991bcdae54cd484" +
+			"9a017d2879fd2f6d6ebce27469dda28ad5c345c7f3c9738038667cc9a5bf" +
+			"97f8f3bc",
+	},
+	{
+		key: "aa3a83a6843cec16ab9a02db3725654cb177e55ec9c0c4abd03ada0fbafca99a",
+		tag: "719dbe5a028d634398ce98e6702a164b",
+		in: "643883153c215352a4ff2bb2d6c857bafa6444f910653cacd2bbdb50ffdb" +
+			"cae23cc297a66e3afefbd85ab885e8ccf8d8f4930e403662fb4db5121aca" +
+			"82dfcc3069bd5f90be4f5bfd3c10f8038272021f155e5de0a381d1716abe" +
+			"0b64b6d0f73c30baf6ddfe0e6a700483cad0fa14f637afb2f72361e84915" +
+			"78ba117e1c03f01fd61aa8f31da6464f3d0c529524d12dc53b68f4d4b326" +
+			"db7fc45c63f75244002b8f9a185556f8aab85948647818f1486d32c73614" +
+			"b8c4763e2645bdb457721ff3901327588da01622a37ccbbd0374fec6fd1b" +
+			"cce62157e64c4cde22c3a5f14c54cd6db63db0bd77e14579989f1dd46461" +
+			"4c8691ef26406984b3f794bb7b612e8b160374be11586ec91e3dbb3d2ccc" +
+			"dbfd9c4b52f0069df27f04853e7cc8b2e382323345b82ce19473c30296cc" +
+			"453f479af9a09ec759597337221e37e395b5ef958d91767eeb2df37069a4" +
+			"f3a530399961b6bf01a88ce9dfcc21c573e899b7951723d76d3993666b7e" +
+			"24dc2570afe738cbe215272ccedb9d752e1a2da00d76adb4bc0bd05b52c3" +
+			"fa08445671c7c99981a1b535582e9b3228ce61662a1d90a9c79afbdcfcd4" +
+			"74def2b7880cac6533ba0a73fa0ba595e81fd9a72ec26965acc0f4159ba5" +
+			"08cd42553c23540bc582e6e9ac996a95a63309f3fa012eac14128818a377" +
+			"4d39936338827bbaafad7316e500a89ed0df7af81be99e2f6aae6bb62568" +
+			"1dfa7e100ebca5c8d70f67be3c1e534f25446738d990ee821c195c98d19c" +
+			"fd901e7722b4e388da90b95ac0b5b5dc5d052ad6b54f6ea34a824bcf0cd8" +
+			"7f1fc9a07e8f5b8aa0793e3c9c1022109a7c7ae97ee2a2867fd0cf0f8971" +
+			"34b3d150d3b24fcf8323de929b73cca01244df02510393f0b3905caa0268" +
+			"7fe35f64391e7d4b30be1cc98319716528ca4f35bb75d7e55cf7749968c5" +
+			"37136eddb149a9f91c456fde51937c0f35e7e524647311077e6fbe7f3c12" +
+			"37b9584fcf3b0f78744c7b2d3b452823aca06d144e4463eb5b01014201cc" +
+			"bfed1adf3414427072135d48e705b1b36ab602cae69428e7c19d39cbb4e0" +
+			"ca26a871d607ed4daa158b5c58a0a9f4aa935c18a66bdeff42f3dc44166b" +
+			"a299d71a2141877f23213b11c52d068b5afadc1fad76387cf1e76571e334" +
+			"0b066ade8da02fe3b0bdc575b1d9ec5d5f5a5f78599f14b62db0bef7ccc6" +
+			"1711482dfa4787957d42a58fdc2f99525c32962b06492229399980601bd2" +
+			"ee252306b1464914424de9aa414a0a6e5dadf8ffbf789e6d18a761035d3e" +
+			"f2ff0753becbd2dd19fc1c28f9acebec86f934f20b608a9ef735ac91f6b7" +
+			"83d9327cce7f4870d39bbbfb0100838dee83e6baf2b40cfc98415dd174ed" +
+			"72e393ad0459e8035dce7eb18eb3af2f39d2712846b9e1852cd61d06dfc3" +
+			"5e34fb761b67e2a711ceb4a82557371ed32ca8db2e4cd7fea0b6bd026177" +
+			"4057b9abc45dae6869cab1097459473a389a80a4523e5de696554f8b0bec" +
+			"0ca605e6acfaa00386fb5a48e0f5893860a29f35e680be979cf3bf81ee7e" +
+			"ed88262dc80af042b8cfe6359cf8b475560bb704728034e2bd67e590bd76" +
+			"1632e516e3292b564c7265d7a6dc15c75ba6f6a447b1c98c25315ac7de59" +
+			"9edc4993e4dc7d1dbfcea7e50ebd0b226e096500216c42de3abe352e5b09" +
+			"a3c9754aa35d00883906599c90a80284d172a90abbeaf7e156fe2166ada1" +
+			"794420fe55b1a166d752d0eb7f04e822d021c615e84777101e7c9f9dd12e" +
+			"565b7d093fe978f85e6142c1ca26798b45f4b8d23ecff6be836e810e314f" +
+			"ebd2ea66f2ac95bad84b39b7a6bac41448f237b45e9ec579235ba2bf5fa1" +
+			"f00286379ec107c743f06ae0d11b57a2f5b32e3bc5f1697aae812d7ca303" +
+			"b196a8a43259257f7697bae67adc7f121be561b2d0725982532ffc06cb22" +
+			"839d9066dce0e4d683d9348899089f6732de62751ca77f1c439e43054468" +
+			"2c531b9c61977bc221b66030f7571dfb3ddfb91d9838529dbc99612f650a" +
+			"d72bb78de061192068941a81d6ac341101aeb745b61bd7a87a35a2714d50" +
+			"c3eb2c3ea148fb9ebed948307f8b491aec277ac01903ba36e6ad54f89fe4" +
+			"280a17f8e7ae639e75aec16d56576f03c2a1efe4af995eb825ccaa6efe0f" +
+			"d6d878299a351591d791c286cac5cb049834580d47a9bb7720d0603e3141" +
+			"ad7c1ec2dd23d3002e15d73c1828a7f08062848b1b6fcf816bd954743547" +
+			"6f0d6f882125bd03095eb1b1a846d535730e258fc279f7095de7c2d3fcca" +
+			"a4640a2e2d5ce0974c1e073c60bb78171c1c88ae62c7213a95d36ea9ab17" +
+			"59093813b85d17ff106e69100bd739ede9656388bf47cc52730766a8a186" +
+			"9dcc623e09e43cfba1f83ae1d9f16789064ec73504c29686760ea02c6634" +
+			"a929ca10c6d334b1751494c6d143671ce8e1e7dcc9bcda25af895a193032" +
+			"ce27c1016ccc4d85507fd2265ebf280d3419f54f66ba2a161c068491578f" +
+			"be056f02f97be745db443e25ed2647c5348f278f4ad8bf5b2a2c2d56e795" +
+			"532e25585984a3a94f435ef2742a0413abed7230ff2e9724187c91f73a7a" +
+			"726ebf36bc8d0d959418dd586452664990889358c56720c1001c004ff768" +
+			"54b9850890ce1b31735fd9f4a3640622ef0b25c659e8a937daa0df7a21f1" +
+			"77be13dfdb8f729da1f48e39a05f592d8c98da416b022fd8edab8e6132eb" +
+			"a80c00501f5cc1e0243b6b096c8dbe7f8c6ffa2f8bcc7f309fb80b489b92" +
+			"c4878fabad42d91876e10ee64ccd415124461cdc7d86c7bb6bcd9133f3c0" +
+			"dfa8f629ddb43ab914c0ac5ecddf4398052229876fd838b9ae72523946cb" +
+			"bba0906a6b3ef26672c78cb24cbf691a5ec869d9fc912009d840772b7da0" +
+			"c7f47856037c7608705cd533918c207a744f75fdfac618a6981778e09332" +
+			"5c7d22170da85bdc61044b4c397919d601a30746cefefa798c58f02cb827" +
+			"0d130c813cbeb67b77fe67da37a1b04bf3f1e9ee95b104939220fb8a0394" +
+			"86ab8954b2a1468016f546406d1946d531966eadce8af3e02a1f59043ff6" +
+			"e1efc237dbf4dfd482c876531d131c9b120af8b8fd9662cef1a47a32da40" +
+			"da96c57dc4efad707a4e86d0b84262d850b451bda48e630c482ef7ede5bd" +
+			"c55147f69e2ff8d49262d9fe66368d1e38ecdb5c1d4e4042effff0670e69" +
+			"04e47d7d3047a971d65372126ff5d0426d82b12b253bb4b55005e7a22de5" +
+			"6fa54f1dfcce30b1e4b4f12b1e3c0de27cea30ce79b08c8c1aceb1ffa285" +
+			"c317d203a9f2e01d542874fc8035b7670f3648eec79561d6ff2fc20d114f" +
+			"ba4fbed462f1cd975ee78763c41663849b44cb2827ee875e500b445193e1" +
+			"4556bcccfaba833bb4ea331d24a6a3bd8ec09906c7b75598b44ce1820a49" +
+			"fca4a0c1501e6c67515d4fa7f88f6aa3cd7fbc6802131a7b14b219e154db" +
+			"9ed241133e10ace40e4d963f904dd9f3bdaaade99f19de1ddfe8af2b3cc4" +
+			"0a48374dd8eb559782bea5410f8f9a1cd128523c0157b6baad9ea331c273" +
+			"311492fa65c032d0d3b513d23b13b86201840d51759021e4133f873f2781" +
+			"8f54f34ba73b4f33107d49c8de1533856ec37bb440f3c67d42148765610c" +
+			"3296bce932c839fd866bec3762a38406ac2b39d0d93730d0c88cb8f765dc" +
+			"d8ee71263fc96068b538da06fc49e25dbeaa10a5111a9af8e8f8d78e6ed1" +
+			"3752ad021d9f2c6b5ff18a859fee9651d23a7237bd5a5c29029db3882c47" +
+			"0470de59fd19fb3bfbd25d116f2f13ef5c534bf3a84284ae03e3cf9cf01d" +
+			"9e984af9a2e63de54e030857b1a071267cc33d22843b28b64b66e4e02803" +
+			"c6ab5635291aefa69cfeb3958c09d0b37176842b902da26caae3f0d305e7" +
+			"c6ab550414e862e1d13d9bb9dc6122cb90ddb1a7bc6d31c55f146659baa9" +
+			"6cca4ea283e5e1639967889543ecb6849e355b6c0227572097221dd46c1d" +
+			"f8600b230e9644ba611ba45cd83fa4ac7df647b3be57387b6db12682018a" +
+			"de9be50a8ea7d5f7c743bf0c6382964bb385b3c207c0cdd63279c16130b3" +
+			"73ba974125291673344b35c8ef9a33be5a8a394e28dc1448f54d46af675a" +
+			"edc88ce85a11ad7e50058df4f3f2364abd243683d58a2b13fcb0dc0eed21" +
+			"380b666eb87f4be75e7f2842bae916c15af3e9658c55408537b2301faa6e" +
+			"42af4d94e3eda6a41d6d302be281e2a9299e9d0fb1f20cf4ca978e66bdd7" +
+			"4c8bea0f15c84d6513cdea787dacbd4bb529ed03528284cb12f6ecd841d3" +
+			"c58c3a57c6bc19b65d6d10692f4e1ad63b091137c8acacc6bc1496953f81" +
+			"2972bf6362cf883bb75a2d10614029596bf9f35e92addbb50315b30161b7" +
+			"de8867a1393d9583887a292cadceb54078c9c846ec30882e6ff987494060" +
+			"721d3c761940b91a126e8d1e0118617bdae01a7f9c1aa96bdd6c78ca06f2" +
+			"6c8d85664a8705334f4997c724ef98fe265985593d5a9c30798714e6de1e" +
+			"bd04b648be47a6b5d986a3103e738a5cd114b19b7ba99d2e2eec6181bf3d" +
+			"ff0fec8c54ae6118be8702c3e775d493a6fafb509712a43ee66c3f4b75b0" +
+			"194c88937cffa5fa17b284d2556f2b0eebf876e05f92c065515198bd5e83" +
+			"00d0db432cb256a4a0f9963a05694ffce3ecbd182209e0b7bb50120f6be4" +
+			"eeb9d268b17790ee14a2c887dc5753e0086630b3123734053aa37595aa8f" +
+			"31968ddae4991af4ab970c1e3cfa1146a2efd9dc42abd6af14777b8a0455" +
+			"3865691cbac4b4417b3fa13c154d581b498f3b8cb77adf0e42dc2f2fb521" +
+			"732447de97271e542c6cf8cad3ba0148cc3ba1f2983ead836a25a2c022d0" +
+			"43ba18fcd009d518d07b53344a5bc4d626b3b38405a114471f75dc70e015" +
+			"d11e8f6f57d087fa72909785573008b1",
+	},
+	{
+		key: "1793bfda9c8666f0839b4b983776735a927bdaa3da99b13c9f3d1cc57d4d6b03",
+		tag: "bc89cfec34ab2f4f2d5308b8c1a5e70a",
+		in: "a09f661aa125471417d88912f0a4a14115df9a3a19c1de184878291acb0e" +
+			"89ee1f9d8213f62df442f8969a9a5a7c402fea09bdbe236fb832544e1f93" +
+			"9cdd4873802b2bb8fc35ba06b7ff96da6dc7efddfeeda84116bc525a7fc5" +
+			"2d84d2e63cbac00b122dc64f2d15b36595259d81a1d2a09f204c54072751" +
+			"dd812259df1104bb2d2ee58baee917c5d0aa2649c8a1503114501e6ed6fe" +
+			"239847d3d88dccd63d5f842426b600079c6bf06e80a2813b2208181163b8" +
+			"61dca07fa4d88254e84dac1c78c38397a016b5ad55a6b58878f99036db56" +
+			"89871ab3c321f6ed5895f218f8fd976c348b3f1269fcdf4d38c9492b4721" +
+			"6c45f499f5705830b33114d721f9731acf6c69fca681b74c2d82c92e145b" +
+			"7bab77110821d3a12cc818d7595a5c60c4b5e5219376c38a4dd52d435d41" +
+			"562802ff65ba2bba5c331c333d5adf194d29b2cd9ebb55927bb4ec17681a" +
+			"3f5574ad34fb4e964f2c756f6dbbb7a6876a21579a515263444de7a30a33" +
+			"15005458bc137ccfdff18a3892fc9f58f1de10d4de20bbcf860f5f036d8e" +
+			"8a188f18e5cf7ea3cd260710e7491befcb131d49a28dfb1ef688fd021a1e" +
+			"e4420d32fbfb03b47f5e85c37d91e49a1b0db85d966eb5434c4197433eb4" +
+			"9d56f2ff999c9a72230447032dc949202468261b48b6ac212e3f651d6c63" +
+			"03a06c90bb2d3a755ed91ba73bcdc28e1c5b0936e51e0a9f69c3ebabd3db" +
+			"add7abab6d8f6a44daeb3126429a01815f57444fb7022a4a510f8b564ae2" +
+			"dd9779b3a273fef15859a33e233724846c30d89fb78a595b6ff6c834812c" +
+			"00a991e405806aafd0c26a788895ad00a5e43c5426197aa8247207077548" +
+			"ee67db4cd6f878431a2e36e952d84b5fb89d681f553198e2c066310ea6ac" +
+			"3a31f5b1792620616f6c41d486fb844eeacc7fd36971abf416e8d6d50985" +
+			"c83cc92ea46ac37da8f0026aba30c945d8bb15080d2d95e4081bad626199" +
+			"3f95f57ed3252822a7caa035ae22a36c35e280cbbc82d729346cacdb1794" +
+			"ae9a9bb2793fd1d5c47121b135c2836063367339c5151b4e35278e97f62a" +
+			"fdd2f231d4b47812d083a829ebb9c374ff2ae8479cc4b76d55f9cef3ec6c" +
+			"4894f53e8caaeb0d8cd072960cedaf758e48e3640590d4f728626e0a08ee" +
+			"ebf719c96bf8ed4d0c283be09c0ae67b609e22d3b9aa6b03642854909de0" +
+			"5ed52b39673867bf586a632ab8072de15c637cc212cba8387515c9c9c433" +
+			"abd7ba6b02abd09da06a34694ad34f88515b65c0c9c247fdf9819fb05a1a" +
+			"ea4728c1182f8a08a64b7581cd0fb2131265edcb3d4874b009aede0e87ed" +
+			"463a2e4392aefd55e008eb7ba931788262f56e53193122a3555d4c08133b" +
+			"66020154b15643fa7f4f5e9f17621d350ede3dc70be02c59e40fea74dbbd" +
+			"7919d1a8d4e22ef07c916fa65e7d4b89fb11a7c24ddc4ca5f43344c753b6" +
+			"1331c3fa4558738ba7832b5b2a275bc9b7989b6e6888865793329806cd3b" +
+			"f0ba57c941d4428623e062f4ac05e7cd79ad5446f8838f2b247b66bddadf" +
+			"540845a1bb304a04b7edbbff579c8d37e2f6718f8690abd5231822c7e565" +
+			"69365ce532449a41ae963ec23a2a75e88307dc6b59cbb3fab913e43ed74d" +
+			"841ca9f6e4ef96dfd9f04e29e89361aece439c0b2e1943b30410a63d495c" +
+			"522ac3ec1b04ec4cb345f7f86969957ad750e5bd7dbf1d6a22eed02f70b8" +
+			"1cb5b2b020c0694d7f63044f9de0c3de1ede52009c858992d01ebb92ff19" +
+			"a9e0fbea18942fbafb77746c8e9e687dd58ccc569e767528bde43b62c7c1" +
+			"270a5721f1212de2b29a7aae2d6ba6cd173d7fbc78aec4356ce2e8ba9164" +
+			"d97dec061dd0c3a0e3c520a7611ac99739049dd5825537c70b7ef660046c" +
+			"1785546cd99aa400da848eb7c3c91247415c8e245d0f14c30d482c5849ae" +
+			"aaeab2568288229b08267818dae8f76fc674c684c99eb5faf88a0783813d" +
+			"f7298e0b50cb233f78471e5ca9cc3b04927c26a3871cf253798cc49aa717" +
+			"d8f18a1ddcbdc26497d188f15f86ec494dcf8f942c3e07e572385c6fa0ef" +
+			"40c0b625f1737543074a747a369482a0b342a08b3eccac9f9209be31aefe" +
+			"5a7794974f71ac0bc9a58026397ea3dd4f5e40511d58d2a3b45925c194ef" +
+			"13987037d736dd48b509d003a86471d5f161e0e5dd168b4f1ce32f703b89" +
+			"15004d8dfc708a5bb02b2e6fb67424b2cbcb31ddaa0114c4016b0917382d" +
+			"aad11815ff5b6e37d5af48daa5ef67cee3439283712bc51b5adf2356cb2a" +
+			"5181b8941fd78945c7c9d61497683e44fee456ad345e12b4258f15945d45" +
+			"b6ca4369ee792d849112d583fdb39cd4d333ee057355f0abc8d1eea4640c" +
+			"128cc1617982db0394233dbd416102eec1874081247d2982bbf9fed1b1b3" +
+			"8f4da923d68c8975c698f189a4d7840fd7aca9dceb7d91c076f85e1c546f" +
+			"4d5de4f60c91348455aaea30cac134c844dad93d583c139dd52b3be6346c" +
+			"4d2e6864125c5a2d0aed8f67930e1ebf8700ca88aacc914ea76ff17148f0" +
+			"777738cc126e75a2c81110faf02fefc47c91edbab7814599000ce55fe20e" +
+			"f313566e9b62457acf2f22e1141e220bd9d4747417d03e703d4e39282803" +
+			"386327fc65dd597f723ee28185c78d9195fc70a75706c36287ab9c6e00e8" +
+			"5cecbbd6043c6af8d30df6cdd8777be0686853b7c8a55a5b1e03e4431d39" +
+			"1725ff99875a85cae6926998723b36d13ad458220712209bfc5e8d2ca5d4" +
+			"4ea044d5ba846b4035e7ac7e9885f55d3f85c0c1b3d09fe929a74450f5d2" +
+			"9c9672e42d3f59be4ca9d864a4322cc454c2578493bd498a51bbe960e657" +
+			"3e5dd02c4a3a386d4f29e4578a39e9184024cd28d0e86ecac893b8e271bf" +
+			"ce3f944d130817378c74d471bd20a4086f2429ed66c5c99969fd8da358ff" +
+			"5c3be72bf356ae49a385aa0a631b588ddb63628fd162673e915cfc4de56e" +
+			"ae6ff7101df3b33125c9bab95928f6e61c60039b6cc07a66f9c733251447" +
+			"ef9c1ffefa2158a8ddf89dc08686a4cf9b86ea09914e79842d72a3236afc" +
+			"98a3afa0a1cac5590ab6a923e35a2ab8db6410a9d33cb84d1c48a054377e" +
+			"549774b25f50fbb343ecd5db095155cce9fb0c77d09752f62d4bbf16a770" +
+			"30452a75f6bdf73f7807d8f3a6bae16ad06b22175fee60549c22548de9c1" +
+			"3df35ef4e7bf7b66491a62b93c2c3fb0c5edc51f60f5704b56af30f1079d" +
+			"7c385b99f958ef8209e030e381d1ee8d67d3cb84f32e030e8ea2c1d0c77f" +
+			"d6b242a9f48707557c8682a08e1127f51221a55c733ab1edd00a9c2912cb" +
+			"36dde85f73b524e1a4f4da6414c5e4c18d9537722b2becc8a91bcc63f2b0" +
+			"9f32409c53c2beee0de6726dabcd6bf33118a5c23fb9c5c1810476efe658" +
+			"4bb6109c516b45e16b2f79f96755680374d82b91f2c519639a1815fd485b" +
+			"a3c00b46fbefeafcf25554ec5a6a5ae2da07c85b8a0f9fcde50263d9ed85" +
+			"038b2f7aadb9de765655bd201235218bfc74bcad6a9ddf4506167a649afa" +
+			"df400b85752d68a92b7a97f26b334dd77fce824862046b286a7c8e0adc36" +
+			"f713a252a673d4d995b268badf4bec8b8eefe85c25b823b6728582d35c4a" +
+			"60041114dab72b0623b99e2758f6a1e97365279bfba0eb1fc8952ca4f2c6" +
+			"fbffd9f5fd7dcad1125b18a796981b5ead0b6431141315898ace96f0d38f" +
+			"865698df8822ca7b65644b6b1f0a0f0d2e5850d4c93ec48ca3eba1b919e2" +
+			"4413a46d595ffa427715e499db3b7b9ab53c64abec7302bc737a5bd124bc" +
+			"da756abbca132f7f67e6989e09bfb23b497da31bf156bb9c69ae54588df1" +
+			"7420e8fe989f0472c8893b2bfe57cdae265a8cc7aeb39624167a567a6fbe" +
+			"bb1aa30c3dcfd14f2808a070994085e6e1fa79021e77c399f90ab1f995a7" +
+			"baff672cb693bd39b798b4c890b7d0a57978d6b9bcdc5bf3f4d205f8f24b" +
+			"2b43d3ae300a96971c9182be297618b9adceebedba1ab0f324b01d23d7e6" +
+			"35f009db3dbbc643c2d787567594bc639bfd78c4f3e6d948caf06f013423" +
+			"eb3c764666b58f886d5d28137c053c2a28535efcea400147e92ac6753574" +
+			"3b47f9cb48852abed1d057647d5b1c6f334eab1a813401fccd3dae332738" +
+			"776bb223e359f3c459b5c573ba64fa945bdd66c5ac0fcbd53b67032a7b80" +
+			"25f551e8d1fd2a4291bdb7941cbabe3a09765dc263e2bbb6db7077cc8fe6" +
+			"790d4bed5e36bd976d1e37dfdba36aafcdaa10c5f3ed51ba973379bcb8fd" +
+			"203d8b7282abbd271ecf947e54486e8653b7712c9df996a8ad035f41f29c" +
+			"ab81509f922c67dacb03f25f8f120cb1365ab3c1c286849c2722448ba9bc" +
+			"ff42a6b8a7a52f2c79b2bfcbdd22ef8a5651c18879a9575dac35f57d8107" +
+			"d6bece37b15d7dfff480c01f4461ef11f22228792accda4f7936d29d4c56" +
+			"cbba103b6d3e6db86e39e5f1bb9e9fd955df65b8a6e44a148620f02b5b90" +
+			"b2be9e5bb526d0ec75b1e723e94da933a356d7ca42d0ce8349699f730b8e" +
+			"59bac24a6b633759c88041d29399ce60a2ca2261c7eec1acb9a56e0e65bd" +
+			"e37653ce2cf7eb83a4d019c755bdc5d685b6394ecddb9006823182dd8138" +
+			"a1bf79a32d07a8e5e8ab221995c714e571b40bb255b79e328ab883542c16" +
+			"4899fffa16eb3296f310e302512352a864fd809beaab4169113027c6ccca" +
+			"99a92c6ce35c30f9449a3add70f10db1ed08078e8e6cbaafef630aab7e9f" +
+			"c8adb09c18e33fe1af3620d1e4d069ac11325e23cc18e5519a1ed249caf8" +
+			"ddba871c701f1287cc160019766988f63e089bd9bf1af7e6f5b9002e3b6c" +
+			"264d69a8bac16914ab55c418d3a8e974677cdcbea36c912e90386a839a37" +
+			"77b878e680c07c7cc99f42a7dd71924babf7fb0627d1f2cc60d9d390d1e1" +
+			"50d47386be6eefec9ddbb83b28fa7e2fd28cc3867cbe42d13b00545af8a0" +
+			"48cc07016ec79808b180e0b258c564739185da754f2e",
+	},
+	{
+		key: "0d41cb4ac25217feb20e86fc2490e8d2ea2e8225c051252a9395cc4f56e1ae5a",
+		tag: "42df9f9a59d6dc05c98fd9e9577f7176",
+		in: "01caba7a19cdb09dc0ec6c522c61c628eacf17ef15485aa5710fed723875" +
+			"2e4e8e93dd4bbc414e4c5620bab596876dfbea33987e568ddabf7814b318" +
+			"8210a5f8d70041351e4d8410840642a29cc8d901c25fa67cc8f9664ea5e1" +
+			"9e433eaff7c722d0258ae112b7aca47120aa8af4420d4412a10732551db2" +
+			"cd3e0af6e5855d5eea61035af15a4d0d898d04033809e995706eba750a7c" +
+			"ac07aaa0dc71477d3020f778d0347f1a8e37c18540deb9ae967e734c0264" +
+			"df0e1f52b0b5334805579ea744c8784c3ae0c3ff8217cd3f53cb747f6996" +
+			"f3d2147699799e649061b205f97f7992e147fb20f21ff862c6c512e95534" +
+			"f03075e8e52f162e0d70d7a259e3618474427f400f44f75198edebae6e40" +
+			"a2173257d114e1bb5a13cf419c821eb124d90e89a938d91f4d2e70dfd1ab" +
+			"60446f1b602614930a329e98a0c30f107d342281db25b8f8259933e14d20" +
+			"8bbd991e42969e8b0600272f9bd408483cddfc4cb8dfe7bc19be1989c7fa" +
+			"129d38e1078d094b82e0a845040ddd69f220dc4aa2b236c44101d7da7779" +
+			"9827a7b037561b51e50fa033a045571c7267af93b96192df3bf6180c9a30" +
+			"7e8c8f2b1d6b9391767369625015da02730ad6070df4595eb8099bd8e484" +
+			"59214310cb62c3a91a4fa8ac3b3d7b2017d4254fb465f0a248e1bf45819b" +
+			"4f0360f37c9a79d405e2bb72e5c25a1b4df192cfd524d61e1e8b274f2fe0" +
+			"634c73f0653c7c9e9062c9d081f22a8b0327897eed7c6e870f2815bbac8f" +
+			"585c1bd868759a98dcb5c3db2f6c53244b9cc494a56f28a9ba673167cea8" +
+			"b799f37049ee7b0772972b3a6603f0b80eddb58ef03f916106814d72f000" +
+			"250b3573c97c5c105910d79b2f85ad9d56002a76a1f43d9d1c244ef56d3e" +
+			"032a9bab95fe3bd5dd830ad7d7e341f28b58c0440658f7fc2ca98f157708" +
+			"1c647e91432cb0739d9acdbf973ceb9b0047634d695279e8837b04dc5357" +
+			"f013fde3c55c9c53bf1d817ec59a1b18ed0ac0081ed9bbb3bcd1a5d3634f" +
+			"50f7506f79dc6a4ebfa640bf65682fe9aeca68088e276937669250064de1" +
+			"c19ad6d5c697f862114d0f81d2cc52be831ed20d3aab1e41fe6f476b5392" +
+			"af4799392464c51394c2d1a8325ee2e84f1635d295ee663490e538eb338c" +
+			"7126a8e731ad5c0becf144c7a9cae5c6493350b589385de29e1a0ad6716c" +
+			"346ec4f0a31ca5ea35c59ab6b099f65d7f0b3d00925a1da1b5777c029aea" +
+			"9679e895d7100645dc83f81d82a6174beab2357f7888ea640900cf3ee67a" +
+			"e0724a123919d78e70e05288f67e5e69ffa6f345be8a96e58bbe260184b5" +
+			"ec5c0c1354cfd516ebdb8d420029137d41b029641959cc07fa7b4e16b39d" +
+			"17f36b2367057410a42e0550e9ec1dcd2df4604d52d4f9dd1140d57af08d" +
+			"50e1527dad793b6d649324de799754f755818bf10e6d1ab614958dbb24ac" +
+			"8e2c01270a90ec3df4379c3f509b5ef721b0fd4f91a1bdb8127ae4dc74d0" +
+			"75f6cd8bb28319d6f8e8d8ff64fb4a42d646e9365156c6bc72cc46e9cd1c" +
+			"f9e735549e3df9a8e6b5fe541948b126190117db71fd1d61ad84be0f725f" +
+			"20b99eb141b240326d399976c4f2ce5823d94649a9580e1e8820bf49184d" +
+			"fc34378a60bea89b12aca69cb996c17847b7fb517cf2d51f16d78e3875ce" +
+			"aa33be15f6a154004f0e1134c6652c815c705efc34bcf35bd7743d28f0a2" +
+			"77d82dea4709dab41fbfb4e0cbc118c17aa00808872f0edc6437c357cd31" +
+			"74a02aee61890464e03e9458853189431bf5df6a0ad5d69951e24be7f266" +
+			"5bb3c904aa03f799fe7edc7bc6779d621cab7e520b5994f81505d0f01e55" +
+			"96e14b4c1efdf3e8aadee866c5337c1e50066b3acc039c84567b29b7d957" +
+			"683cadfb04fb35402acaba631e46ca83dbdd8adf28e377ec147e4d555a21" +
+			"e6d779d7c5a3078ab72702234d36ca65f68bd01221c9411f68f32e16ef04" +
+			"99a20c2d945fa31b79d9965853d38ada9d48eead9084d868c6bad974b0f4" +
+			"0956aa0fcbce6dac905858e46c4b62c0ee576b8db7d484a524e951f4c179" +
+			"decfc7d6f619e86dee808f246dd71c7e0b51d28bc958110d122fa2717148" +
+			"77823242711632f6e1c7c15248655ced8e451a107707cec8c84929beece4" +
+			"efe5503d3c1763d0ab7f139f043e26027d5e52a00d5414dd98a324a8fc2a" +
+			"06a1345cbde747f41099c3377b86bbdc5a17c8f6e5b773a761f78573832e" +
+			"4359b143810361dedc79142fffc49ddc0b32f225d50d360ceec3920fb0ba" +
+			"0693b644ee07fbd1ce829e223a02794b197614061c4bfa46112d105c2b7b" +
+			"4efea448501d146dece44f6640d674d5749db498b32969de6e165e705a18" +
+			"2aa1f3d8e16892b0120337640d52c9bee35e5b4b17f03eaeb31205c8ecbe" +
+			"1ae1b110023016e40ee87370a65c5c20bfb00f100d3c6c1de6e4a1c90162" +
+			"f25bddbf300ed637330206788a4ff96903f971c9618493ad074412af625c" +
+			"ff9e0f8f183bbd5e96c1f28307e6cae8b50cc0eb1a3a8154e44e9de947af" +
+			"002e4d1098d6b0ee3f2e71a10d03eb444729c42461283f37be8af2ce81ba" +
+			"bac246a05c2c94efacc43f0cf9ff3df38ab6fc1648c796ae7026ea95752e" +
+			"b70873a6da59da10d8b5316126431c4a17289466e95dc739c061d7a4b13a" +
+			"450809479eef421bddcdade77a6df133410328c754af8999a09b1a5c056b" +
+			"ecbb6fc2c339586ab92100f46d2fa1fa689994b36aa70703d76bf7738adc" +
+			"f0589fdfa6bd215339ad69ed983f62efce0add5a63fe7dfe4bfa006ff16e" +
+			"0cc06d39199ad60adcae12b75ca98d764502a783373da3a41281e03c2037" +
+			"e1b3ca7f7eb60e2b67427e97ec72d36670db7662c6daa505701fd279f116" +
+			"ac0ef569471f204e1531c25a4ac3ce19b6f68a8994b6f89b5abf034a6507" +
+			"32c7fad4206eb4eaa7cd9a710d866bf3c3f13c16faa268ae0cf4f69be909" +
+			"bb9b79aab80dd25101d4cc813a48d3f38d870f10ac0b6768005aa0e69e87" +
+			"dfc0424deef06414c9ba6f498c93c41c692a7a6221fb5595b390a32c70e0" +
+			"2cd64471c797ee8a143725849c1e054ee2043dcfc0b4cb1c00be21a14be9" +
+			"2d9a07f1b4e975d4c86b8a5c1387e6c42bf393e078fe86d24612d497e14b" +
+			"874485a3cc922b5b6d91295d7b79ab8bfa1c7f64b51e761d19bb9da82a5a" +
+			"a34aa469699036b6b2c55e2b84f84942f10585027ab07e2e0e562e0fc3dd" +
+			"36047850ded84be4416e22aa41c7a2f7d4a4d8e3dd420d746a1d8d56d87e" +
+			"5133a1b4380bd9a89500fd6d7e68a1ec02eb9e79e4a13edfdde1273466e4" +
+			"6b0e6a75f59ff6175716629da52463ad21de27f40fa2e25a566eec4b2696" +
+			"4af3a717dfb0170a73144c0bd9b00bed67ad8c0a146eb5a055812d071209" +
+			"c9d530cd4f50a41488c2238898dea8bb36b0f1496d3ea8c4ff8e263b367f" +
+			"64977679e697d88e5295bd97ac16a0420850d1ead9621e25a3f58925c266" +
+			"ef5246488b1c15a8fe0d8ec4291864faa5a67b2388b7786f47b6d27e8fe8" +
+			"46f85f85163e54155ef95cea4901e712a44404a4d3f27f28dd961ce36b84" +
+			"f3856770f07f20a2ebd34d77405beab04ddfc09770167d7d6340f494dc6b" +
+			"7e4c3df896bd974730193b1e862b58d4a5938e6e4ae8897dba8812924379" +
+			"e54f51a71364d39f76e24fdf2c6c704479ce85b456558ca6947b8fd76f03" +
+			"78273f0a7bcd1d860ef1defe4eea8fdb81c73eda028d82fdcb2248582ac4" +
+			"59eb7698a811e6c5823be886410f6b8577ff2e8252343b6ea890016ae846" +
+			"01c5894cfb988121059fd9c8fbc1596da470a149404fc67baa15383d38cb" +
+			"d17ac107b4ff3c1ca4c76b7930de02b240e7547d39f4978e0cc1fa37f8c1" +
+			"012b677f07bb4df4486196e9b0beb823a3827585475b878e3f6f0a2d3836" +
+			"2c7d34f9f3c91ed46c39cec95c2a0b6f0279a03a00ed5035b0725c393849" +
+			"cdb1ed3c0ecbcf3c2ce108017f468e1c3d469c03e8231d4195344ced70cf" +
+			"daa667252cc1554dce8d0c54eb4cf4da62367d77d7dcc02f81e788ce9f8d" +
+			"d306ba1b48192359cfe92bdbea9980f87ea0677d7d2082205a436cf514e6" +
+			"fde5eadd21b13dc836ce33b5dfb6118bcac79ae00fbb16d61f00a923b145" +
+			"f9caa9f3a2c7f0104f8b052e390987e57c8dc80cd5f0358afb0111af1fc4" +
+			"e31f92bd832ad35fd2e0bdf768272de52ce0b152f74d43a8973ad516b3ea" +
+			"f5937ec8a236ebc86adeba610de0cf7168453111f3c983b64df07678cae0" +
+			"a75466ae15adfb127328e716448cdbd2c1b73424cc29d93df11a765441e0" +
+			"0eeed72228e1099bd20569d9d0e9e5a0b3c11d0002e2896631186483db61" +
+			"c1a0cb407951f9b1ea6d3ebc79b37afb5a7037e957985e4955979b91fb85" +
+			"61ca7d5e8b9cdd5b7ce0130a880d9241027b011fea7696b0c695d4949ca2" +
+			"d0cf22d44b9fee073ecaef66d4981e172e03ea71a6edc7144393bfea5071" +
+			"2afac137f091bae2f5700bfb073a6d57fddcba674a899d7349044a10aadb" +
+			"2e7f547887dd2f765f394de5dc9ef5dbf1eab4d869be8cb68aad8e2614ac" +
+			"37bbf21ccd5a832ee09fdd07ce50a580a2af36256b1046e646fe3dff6d20" +
+			"0c5110f1ad1311bc39b8114cd11ecdb87f94df43d4f6468932fc0ed892d0" +
+			"3d8f3db3f8323ebb29776ab7d260493a36700bcda668abd62126a8189e91" +
+			"df2d2970ef688d4e8172fc942e69ba63941a36b79ac546fff38f5f7d1176" +
+			"57612a662ea38134e1090c3e903c9adacdeefd3ac2a0467e9f5125058c19" +
+			"7b2260d2afad2b0e627a9ae52cd579ee27168065658089e1b83a2d8cdb47" +
+			"e08966e4ec0018e78c4d267f9575b8fea2a42de5c2d25356fe4b8c9cb1ac" +
+			"daf0d1af4bf58b9704cd4bc08471e3b9a0e45a5693433ede2eb1374bce44" +
+			"1f1811cdc7612d7bb61f4f34aea0a44757bbcc12a55c1ba41a7901eb004e" +
+			"689587a38e5b4df4574ddcc7b2eda97f6e480d7d39f45247ea3b03c90a93" +
+			"0dd168b65d52a59ce9c2cb4e860cc6aaa0ee02a58d0c8ba990194bce80fe" +
+			"8c34ba5693fb0943ec2cbfc919e534cc47c04f502b6c217c2f860d1d482a" +
+			"a016aa02adfc2bea3171fc4e27e2a262fd37b824099aa227fccca508f778" +
+			"b8c6ec7aaff1d15f6497753f439daa9e52060fd6e9e056e6843d770fb057" +
+			"6d9e2e782db4843c0c2c7f408a17376719a3c5cf9fa08f04f8a779885a16" +
+			"5cf93ce404be",
+	},
+	{
+		key: "ddbd5d6c5ebd61fa72b453dd849dc302c98a0f3e300f4768bf1dc698a3827dd2",
+		tag: "af608b71a353e63c64911558baa122f3",
+		in: "c67e2524b0de16483158a0232078fadcf611e4fbdb9e642e397b21222423" +
+			"cc2ed42ed34ffcb178448919ee337eff9d7d691f622e70fd3317cfd271df" +
+			"fe6a9d9b7e07db0d20813e2331164a654386db2ab06ae2983bf2460eaaa6" +
+			"3aa0171fb87afb82e85b40d95c8993b2039d32e9d38473dd13f41fb1ff1e" +
+			"261752ab004b221a4472b9b1a0e139f0c999f826a26a7e7df362b0611aac" +
+			"fa83c55cca2f7c0138d2c30313c2f6eb357278328ea6ebd6a5077947e18a" +
+			"a97c34b9dde3b6f2de4b83778ffcebc8c9cb58756691d5e2a3d15a759a2e" +
+			"5050b6da937a6f5551aec069a08027d60dd870d175d2a5b5f0b4f3143904" +
+			"7445c368a5c866370e9426abbc1a1c5a272b96731c4128aedeee93e8e00b" +
+			"b450601a6d31ea279b9450e738b4a47c0dc22d2d8ed5d44257f6318e0c59" +
+			"b951fb6b57746062ab95cd73c23ef0a5c000a7d14c18bfff172e59b6f6de" +
+			"aa61b81009e803eb05e24fb0b706870e18889a9180ac16a042d12dfff9d9" +
+			"1b88130f045d2342fd5ddc5f443681c31090459f262d1a65654c55251fc7" +
+			"d5a67bd2e62940ccd606f3e50700e4d1e992a3fdf0388b9ce3df9de6dda1" +
+			"5c1cd6b70622ac062dcb7ed7058872c00ff3df94032853927126cf6fa4cd" +
+			"c468d91c9b52dcbc272fd7ba920dcd3ea1e048af9c3286dba74d988ce9ce" +
+			"77174e25a87935352721dc23b60a9549322fadbe6a00dd1197dfa25b33fd" +
+			"9e5713afcfd0fae6dbcf27147fa58d995580d7e0a903c895752fe9819f5b" +
+			"b002ed752719552d0f3575312f2e618173a8ae7c147ca64a709053e5d2e1" +
+			"2f4d1ea337afa9ac4f9ba62760046ec1e48f4ed8f6df66786c9fd9f5bc7f" +
+			"9ca2526e1327b042f4657c405757690e190c91f260dee2dd3d2e6616b721" +
+			"e489c7c3cb828478a3d953b88f09904e7927cdf6dbd6a5419eeeb83c0be2" +
+			"51934a80dfe61e09442f0761aa2d013e10aeec3a32df204571ce8984a430" +
+			"9bbe30ccc91977790bf0305d2651ee450b749c3e7761534e45970e70a0a8" +
+			"473cadbc88f096970c275f188c9d2644e237fd50c2e24c1eabbf7578e80e" +
+			"6500762ac513fcd68cf6f8bb7a9d9eedadca059d9ecec07fe6fe7792b468" +
+			"9311861728dd482f087c28374cf9c5ea20b2c8630029e8485fa6fe518c74" +
+			"ef77d44eb7526ca764e50b5f34ed0f253a91fb2af6e59338e2af6e041e01" +
+			"084e1efade1aebb7d1b698ccdb8b4248ac89cd40d9517d840960c08f5e86" +
+			"88d8ba2b54889c1870d315498b70e0e9720f2c8c53a3377a8c0bd2d6a1c6" +
+			"f17c6ff847eb14def6855dc3886b99039e528b421ccbf6064e39263f8f3d" +
+			"340d5d20b1b14c264ac2310b5f3a0c6f0c1006d0d4f1a69af68d28ab447f" +
+			"cd17387e1fc98f164982a6d05dd32d6b4f0f1b04e40c6c6e0fb4467dd6b1" +
+			"0c5a9c92cc8c2bc97ef669b6d55cdd0aa8a15c46af954359165949012713" +
+			"4ea9f74181d54a300d3172c9f01db73288ef6a709c763a4891666d0baf88" +
+			"8531dcc77f0911412d096aef9033fa36b5c1ed283b8b5c109e45b5cde911" +
+			"6f3da2533fa0ab81929bd5783271d5501a9e4fce2aff9eb5a70a4215b253" +
+			"46885d7e4225fe34bb55b309a114a312693d60ccc61267359a8c2dd28141" +
+			"226e7cfd99f0f12c69df57d75dd790dbabfe3145f7fd1a24fa58e03bc2e2" +
+			"6ea19288af4929e5acc517d8f52a074745ff4644d94179eae6ba7d267292" +
+			"bbd2053167a0da9be5e4b6cd0a4200fcac5182d9957dffbefa857e662b82" +
+			"fc3a7cc32506e78030ed5c5d448d7f1b4fd854a735a0c50016bb85e6e716" +
+			"0f87527bca0de235f4b7dacb75be84919c15a5b8cf6bec035795cb67061b" +
+			"7855c2134c1b1bfa6affe04b7db239f73af6ea9c02bc9f7972b7f6400b6b" +
+			"838f4653aefc42179c21765e3ca7a5e96b4402ff544d4bc2332756a23500" +
+			"11241dc42ec6848afe127c00b9c333e69bb5a54ea5c7193e59ea22bd6d32" +
+			"af4f56b1bd2d5982ef7d9c1b02d7668525e4e81b68a400f7afc2653f0f41" +
+			"a03e11c7a02bd094830093481afbab96397245b9f37a568ea1c4ae248cdf" +
+			"afc87f88b1fb5dc300d8e9039af4e6e701b458ed3f32d693f2e869b76bb5" +
+			"1358cbbe5b5089013bf452734388a176cccfc1ae9b7cff603631ca48e129" +
+			"b5c9573d4e379547272cce8aeeeb407d3fc57f782a0eb5fcbd41e6fb13be" +
+			"7e4f1067cd407b42a6121b2969c384916ba2b32563e659f52aae09c8ce2e" +
+			"3c500fbb7e58be74cc1592dcfacd9f0d4cea1a90a18658147c81cccf6fb3" +
+			"078ed27f369e7646f551386a74e1b07074d93e0c1f298c761af46cdaae9f" +
+			"f4be86808b66d0e228016d27a3a77c843365cb847fddccb0bbcfb3b9008a" +
+			"1bacac59ffb0aa759a0568c72c556caf0ac1091431b574687c5fc7bd486e" +
+			"963e0fc3bdc828d988734a21070747c955cf8dba2df1c3a0ba8146cd58b5" +
+			"91b6d54712db67a9851b1607c8445bc97406eeb7488f5f85e547850d619c" +
+			"407f97632ca1801f52c09c2b314b4ab0f8e7fb5851fd60852f4666913ca6" +
+			"bc840c1ec8f8f06caefdbfbf02ce00f20b87b14ba9e651c80f40a31d0306" +
+			"403f541776075fbf23733a6b19e3b44d04b455b29ef8effa70cce0c59331" +
+			"7119abc07aa8c8d0246a760b0b36a3d87b244e83bae8a745b8277a531298" +
+			"f5d0283498a509c89898ddf0f7a7455be1f8a6889c46d323f1dd18c3babe" +
+			"1751a05f871f0639f50967afa46c19cb93d9c2a79c81e2436a7a62f225bc" +
+			"37c90698640f5b43673e1dc276de05ff1e29acdb4ace5121659db5f23c49" +
+			"57aae22f53e6f2cc935824fbd07c2ac87672eeeab895c3f06e09e178560e" +
+			"2fcfa7097f10201dfb8b1ebac08ca806c1b3ba3aff9284846a1a3beada53" +
+			"e9f7ade12eb89b5591f462b2543bb4090e081fee9fb53bbf821dc92d6b16" +
+			"fe820ab2ee4b1f6c0b6a6f19edb0bf6479e257fc73bcd60dc2261d0a4752" +
+			"e23a0be18abf355f3065177d8c3c14e21edc178d0abd1b39f703e6335131" +
+			"ec90cba3d9846cee7354a06c320a3f61b8a269abc7138831614f57ca6c19" +
+			"a4a621142889cd924bf4ffb82b57f871b854f3157e8874c22d43a5726900" +
+			"bafbb8f2260a1eba3a462e23d4def2ccf68ebaae8e52739a1ce67c039eaf" +
+			"9a6c3232fbb5a91d1e59a8dcd3798ba71345fbf83d09b83b41cc49d5ff5f" +
+			"2e809d2b1d5fbc1e7001ea76b9b2d8f896eb6609e2e1c5c562d2a6e74960" +
+			"2d67a0f6b43a201d5087509b8dc7b0440144e308c18ff8b96b607de2f20c" +
+			"6ee99bb05367a8b25947011889f724965a2b5c52c9db1e0622df9343c548" +
+			"d054699badeb15fc41055af0d79a2bfc1a5b4574634fa0dd9dd10a6213ed" +
+			"b6991187dc560facdc27440456a0a209fd7f5ee4fb350ae71f869723e5eb" +
+			"5338e3d1448bc993afca6957f4cc7b047a2c7c9593b7234725e66cc0eb23" +
+			"3824eb4cb905701cc522ec210950b871397c6c0bb3d0b839f2eb1a120f70" +
+			"36107246df4dfb2c24891bef0bd1dc131f2c9d7c295ee967e3184d963037" +
+			"fcc9e0b8c7011c8e04b4e70038150d34caab4f8c0230418cd2d8a91146e4" +
+			"4e11cf6707452ddc03d9b4e6380658135dfb48f62c0690ebad75167f4dd1" +
+			"c0df3ed555b5081a7b82616d9e501757c83c2193d0f640236d59f9c97a4a" +
+			"5c8bf532aea2cf5964ed2dbd8a70c01ca5c7677224cf2a37f3b24d8fe4ba" +
+			"91cd3b5033715de227de51deed15afb8eda9d2b9615d197b8f98322d7096" +
+			"79c5131eed48050fbe0145a9284e236605c25a4876e2adba42f4e35a8949" +
+			"3d59bbf44b3338d9d2e65a7d7ec6c863cd47cae9e23181b07298078a5e9b" +
+			"06a5c7e1059f474eb1a4247e8f02cdd4efdca67d22035b12abecf9b15982" +
+			"de4932a28e797bc4de38442cff2cba263eeddba0ab14fc706dbca04eaca1" +
+			"b4cc13000a10e35b32461424809b299798e4d8e66c92aa3181c5df16ab65" +
+			"9611cb625e895a8021af8c60960227d6f2ebeacb17b13536a5ff139734ef" +
+			"37cb67018ef9a410b856e6f6eddbe3f59b088d538c50a8f3f0912d06e47b" +
+			"88d773069aa759cc614e1f53cf6e572c127123d1ab56b79ee753a921cb22" +
+			"a60e4e6cae768c9966de4e2625484f2e990154da7fca84b6e6c0b59201e7" +
+			"fb8a729cb20b4c774381e84f1bd6e304543d952dc76ef741b72f3a4ca7a6" +
+			"ea7958b8b6337994ed82dcf988eb70f509610b9a279ab4d0f28cc2b2dd99" +
+			"3b8637a6be0cb4b5f67c79654c6b15e1b61120374ba9b974a628c547f11e" +
+			"52d72d39f8f9c5dbfc23a89f22d38984dd8d5c3ca72cd54e6adfe2b3d163" +
+			"86afdb50967846a4c311351a51e5fd322757bdb061d44c8796a61fa4db36" +
+			"793bc11984eac83bbcefb40d0bc7bab0ca81e7df3a7f58c6fe800396716d" +
+			"832acaddff6d72c8e19dc9ea838294ead800deadb6bc18d3e399fa76c46c" +
+			"5d88ee72a86a87399423b0578eb6e27d78156ea2abf6f08b5cbf747f2f74" +
+			"5301b694bfba84bfe3c5527acd50660eea5105a2644c1aa92f954a604fb6" +
+			"a1b3b2d0331497deafc3aaadc7040b9188a36cf607ee85a0655ae963fd32" +
+			"91dd58f8bb50b4e46dcf7c2957639bffa6b12d895660dc0323b7a092f999" +
+			"813380b820e1873c60d3e3038129c66d507862100a5d5842150869e7873d" +
+			"6bb6ad022350ffa3813aca26c80ccae72692bed9c77c9d4da23178c57153" +
+			"90b5f4505240a796ec9d10a7f280bd60a570b1b693453807707651fc0464" +
+			"03e4768965a6f42f112152942134f0a38c84137c7a6e086ef1ab9ad20d24" +
+			"3b93356b305c0996ab7d02c02c44cbaf8f7e60b8c0b8c9fece3f189b099d" +
+			"dbd126b7357c1c4ea1c8bc1ad93db91ea9bf043a4320acb60b502bec37b8" +
+			"6b2a5004b8225e549e613c6f83b97b7e4aeda1b013e0a442d7ce2f14e78e" +
+			"a94bab700c9ac0abba945e28f39fdadff223c4498cb204f01ddfcb450a41" +
+			"f32ae47f99a49114c6646a5cb103e9cd75f9d81dba417e48c4053e3b0295" +
+			"2267cd30589b0f5d993a5485a6ead1ffab9f2f4294c5853ba76383a326a6" +
+			"a42fb8b78948aa49f0f1f614bd0a3fbd2a58a3197daf2094605bd838285a" +
+			"1260f1265dca74aadd95652632335fd17cafcb73b202c3f0e5da836c2dcf" +
+			"2934f005935dca80154af43fa34c8ba440d1581b74ff17dfaca369dc9aa6" +
+			"734c03916d78e1b952691cef918fe033d33f7f4323cf724ffb8cd6c219bd" +
+			"046e9f268eb0601098e93daa59dde370e46269dd7c54891f71bee2829a53" +
+			"df86a2c7fb1046cd7c98fa21cd83597be554997a70acebe0b6e60f1f7098" +
+			"6f65adcae24385cb7102bdd3e01300ffd15d00f9764b3a5c51e35e5c9cdd" +
+			"da84f4b656fe514ec4ff8dcd774373f8a9103cf36abefe875f7084b9bbd9" +
+			"42e0c997ec2d860a4b622ff1a39a628582fd81f237d3d8f6843d26ac77cf" +
+			"bd48003e8e8c591ff813a9a897e3149ff0297ff476299d717e54d885cdd4" +
+			"4c3ba6ebf54bc7a1",
+	},
+	{
+		key: "b15578da1020f662ada0ad4f33a180d9f8ad4991b3720bc42a22b52625c7414a",
+		tag: "b0e4ad4a010afd6dd41ed82868cda555",
+		in: "6d2afb7a9154064341bdbb533f11990d4987e7c90fbfc0167c1e58d6efff" +
+			"6010f7ed569dac62ad37183b0d384519ebed0bf9c6e05a070b4858e6b846" +
+			"547ab5e45619c866f83cce83dcdab6a8a6c36b115ac832de1c6d433b94fa" +
+			"35803fa1a36f1ee114f8632402a027a74ac110394f32ec4006beb0057f09" +
+			"a94dada8bd0d1ca9a14b1f2efb8f526d79d6438bbbaac0ca1a43935627e5" +
+			"d129d52c06bf6413af07513bc579447eccc3a9406645c94dae59dab98d6a" +
+			"f92fa90fd4efaaa4bec466806ed401d2083cda587139ad7e9ee2adbb1dfe" +
+			"a88b59dd788b954a0f52c3854a3fffecb4bea83debbb2f5f8883e6415d3b" +
+			"ac1b872df1afe185468adc59364c173082f1dd6da9d348f5f5ba2d216243" +
+			"23de1f623eeec875bf31d12acec40dc0c1b9562826f3105cdad4c43cf45d" +
+			"829aa8b14012c47847aef7a2a6e3935fd972235f5d3a7ce4ad3582785393" +
+			"602e2e27329914021eff38ed2926c88acec1551f17a1b818fc1c3ed4b3b6" +
+			"6825d55bea269d710123b52e12ca9520a069d9c6a21df3a0253b3a4a6a8c" +
+			"dc226d667541548834da6bdbbdc165f39e40047d4b647c507d981be17b3a" +
+			"836063436241a8bb46b11a2867b621413c42d838e4578b72cc1982e34bde" +
+			"c303b5575ef4b8dd9fea8ed5bf69539413909d03461d3853b5fbf714a61c" +
+			"769569f42b38fac4b849104e2f2ac1dad0e388646278789f83e0b0511571" +
+			"019d3bfc5b03ca4cb5564e4e75e103ea1b6000be6588e27105d7cdc2d2f1" +
+			"f680ad34ef823ac4bd4068146e9997834665aec7dcc7a82ff28d85d52dd6" +
+			"9c18dd35f326bcf709f74df5981bb90ca8e765fef9f0698a19e12220b287" +
+			"24a6d9e4f4c7ce93f8ca9a126689ad1df820072557ce3db246cdf41599dd" +
+			"44ca841bece6c7869358005536e1189aa86b764e890ef90970d6e3831def" +
+			"fa890bf8692381123924e7d9df804fd770a0a30ee97d5dcdca302833efe8" +
+			"1d4b2505b17382f0b3429b38c41269ac95e36e9f5a1dbc6e6c8963741917" +
+			"02a23198decb4efe6809fcbeb5d0c9098a4c300155dc841610e55c8a6e27" +
+			"2a38a39de3d8ebf38a750af25836ffb1bb7822bb98886280f0cab6838c01" +
+			"cec57961bdc2e1bf158248309ff9294adcb962252b1c24646d132a3be2c9" +
+			"1ff82e8e101facbdb807826cc9d1840a90874ba08692e808c336c9d280ee" +
+			"f36a43a75c746fb864f85711e802546ab5cc3f8f117904ba1a85d6e4b729" +
+			"85122c5041891e16d55b93d6fc1b7fcfdc80ed3d72d55d64b8895bbf2f8e" +
+			"d188684e7e89afdc1e6a7ab9bd1d3da95d68698df2cdcbb2e1a4ae70e2fd" +
+			"dd4760f9e5cf4255eeb1e9e8009ab507395bacb8b2177e7c5757ad02baa9" +
+			"a96db967d20a150d2dd7f3081d90675fe0c82f94aa3cfdf6ac5585583901" +
+			"7a8e122170cc817f327a3c8ef44acd6e4fa81b73bcd0bcb5792eed470481" +
+			"152e87f7a20c3f7c69d5a8199bf9bb7c7269b450dc37a9b22102acaa8438" +
+			"134d6d733d231cee9522f7d02fbb37b5818ad3ca72df4752230ee11392ef" +
+			"8f8219be55202bc3d476f5a9078b32fb63d42bed4cda5ef90cc62467bf5e" +
+			"418ecd9d5d0cf1a33eb9a930e652ce96057fef40b65588aac67621d651a0" +
+			"9003dbc3925912e385296cd3b2b386a44113308ddf2af52ca390487eb20c" +
+			"716b76d78ad45129e7c285d918de7107ea8c3b0cfd9e73933b87c0b2b505" +
+			"cb4c95794f2ee6d6d43e2e76026923a0bbfbc3bb22df9ad729452283ce62" +
+			"dc9b26684fd45e07650581afd73713a708869a069c58b599ab478974f206" +
+			"dbd3e4e563e346ff1881723c5fd440bdf9f70f761c6f746113397d7c04b6" +
+			"b341d7e44de7de0aae79badaaef5ed372ef629dffd52926110683ab2d4da" +
+			"a4be83eb86c8700703a660edd5a5029f66f1581da96fe1feefc970ab4086" +
+			"a83ae02e959821967bd27b3b629652f5bc3db2b7f1af674f9f3fb3a788f7" +
+			"88e6dc1722382971831a7ed72502f85b25888c1534d81c0a4f7351ecc40f" +
+			"4e0412e05718403fae5746d313a78c80ac297f1391ad389070410e1330a1" +
+			"b07d683d1c795bda74bde947f2cf0dc9638b5d0851cda27df030403816dd" +
+			"3b70f042888c9c192656cc4b9fea10b81b5347900d9199c8f0f47d42f2ee" +
+			"482b68acfa5ff47d9950c950a926a497d94c6a796e0b715416520bd6c59f" +
+			"30217718d5f1d7bf7c24039f6467214ac8783cf011b25c37c67dfddde426" +
+			"40afe97f94879f4586954737b86701b32d560f08caec3fc45184bc719c7c" +
+			"5bf699074fde814acae32c189158c737665a8f94637068322f0c23ff8860" +
+			"f1b1c1bd766440afee290aa6f7150c7adefa6d72a738cd2268da7c94788e" +
+			"bb39002e9a328a51f3a92dc5c7cd9e4faed5702d3592ad16217c4978f84e" +
+			"af0fd2c9e4c6f4dcdd9112c781eb41a9aacb0f7935bb5c92d41e67cfff6b" +
+			"991ccefbd667ffeded1de325da50c33e28e2eef2f636c9726dc5bfe753ee" +
+			"c7bb6e1f080c89451f81bc8c29dc9067ce83deed02769714fa9bb477aca5" +
+			"c09089934674a0cc8e4b2c3136b2e4af8040cc601b90a4dec898dc922ca4" +
+			"976ab5ae4ac5af93fa5b1854a76ac3bcc2090bdeaa49ec4f319cf7c7b674" +
+			"6d8e617abb3361b28b27983dd1b139ec4f5af7e116439d7ecb16534817bf" +
+			"264dbd8f59e80b443be12c17fa013c7f4d029504c9bb62b296c2326f4f49" +
+			"cc3201b70ac3f62abb683c630179594a6d4cf30fd55b163bf8d01986bb6b" +
+			"cb7050fd527f095c45661920268e56f760fee80a29c9d37b7fc23f608710" +
+			"1e723038e64ee1b91c4849d69bd95fc9bc24fc4a234f4855f2a203e3f699" +
+			"c32698585c83781677739f2c48697c93b3388dcc64aa61f01118495ded33" +
+			"21ef9a1c949481f96005f8d5b277a7d6a0d906ec304cf4292df172e72d20" +
+			"29ecdeb65f06267a605f376804bf7bc5b82d5c8facfe7e41dc10806d27e0" +
+			"bcc5a341d80b3c1532407f75088716d732632cd88b0037f0d829bf385fec" +
+			"b52a202956489f61f16b0f4781bf59068b33d7330571d0b4a6ed91830258" +
+			"e1220b308784fa155be9bc821f5c0009a33802fa66dd66d1dde997dddd97" +
+			"873ddf65927dc1be979af2b5f110eee627dc1e210326ac20544a757ac168" +
+			"1823f3dd04b1ddc4bf96677a0a87633994e7af2ec99b7d5dfe44c6192be6" +
+			"a6e69d17b074256da3947808fbf68c7506a7e2c99e6b64d1ffadbd6285d8" +
+			"e7e032e24d42dde0594bf03fd550be05e5d66c91a660cd1ab7cb1f43fa9d" +
+			"69885203a7aee35a28f117427d7ac02b742f53d13b818f8631081b1730d1" +
+			"5b4e1e283cc8e5c4fc3b4652fce05fd8db821f99fcf93e6842816a549791" +
+			"7f6c49cc53d733788b2fe3c687de58bfe6153c70d99380df1fd566a7c758" +
+			"8052c62e73340d6a9eccd2ed26b763d518f3a0c4d6362212fbecebb4ffb7" +
+			"dc94d29944fcc4ab37725b105aa7571f364146782356d8ef056a0be93a55" +
+			"0c890df8fecc178776fe40703ad1bd2443d92c420be4306d99686592c030" +
+			"fd3e2230c0b48d8db79002e8a832ef27edb53a45532955f1171203d38414" +
+			"b4692e901e9f40f918528fc494430f86cf967452f456b01846ac6a383fc0" +
+			"de2243c7d804e8643aabcb78e2653b145f400a999670217c8da43bbb9c11" +
+			"e074176424be0c116c304a420120138e901eca4b12ce68fec460b23bc0c7" +
+			"765a74fc66cbda0e503e7b1baf5883744e468c97c5f1c4b0acc4b87de9f1" +
+			"4b537405dfb28195439d1ff848d9cd28a8d375038ebb540a9075b7b5074b" +
+			"ebc18418a370f1d3ac5d68f5d239513002ad11bfc2b7ff53e2e41ccffc4b" +
+			"0503acc4967c93ae8590a43439b5e7987d10cb8d1957bd9ef717ee3d12df" +
+			"5d6736c1d8bd8da102337a94b7d14f830f6c403cbaf7925a8a2a7af1311c" +
+			"57224967a38f6ca374013a9819c55fd2e2a5fac4f2490be5b059f4cd9c60" +
+			"2d62f80789eb8d9ab893c7f44a4945e41886af218179dfa754bbb59aab68" +
+			"13b71d2202eb8fc8a425625d21176a28a620e21bb0dad820c0b7051ce8d1" +
+			"3a33f3af0958bb6cd89f9d6414ab00ddd1d2f9fdece9183d0c05fcdfd117" +
+			"10d250e4b2029e6992a88293d0457e73e5b1b6a1aae182c69b9cb664992f" +
+			"073595ef68117026ad7ea579a4043cda318931eee7b2946a34cdc7c9755f" +
+			"80cc79a2bfe3ed9c79dc52faa5126b824868c965eeb37e9e4e6a49600f3a" +
+			"cce93c0853b546edb310dcd16a5755f15b1098b2f59dbd2d90e2ea8360ba" +
+			"f12108236e854465456598ae2f7bc380f008f2e3cd7c98c87643cafd7c36" +
+			"d40e2597236428d46aa5b260f84b4212d5e26804086adcf00363ce4becb4" +
+			"9b57eb2847b2f18ec82c99714ad4ddfe4ff3bcac1d0fcaa32660a1dccc68" +
+			"5bed83254c8e2ea0ae3632a70cfbcbeadef922d78a006d43ac7ab1f8a609" +
+			"c6e0ebc3ca6bb8430f1a562f41010db74b9febf931ca794fa08d1bc17780" +
+			"532ae76f25c4ee679d788835dfa4e70ca154c9e2865c3750ffe7b837eed1" +
+			"972be058fdf2bdb3eb301867bb132306c7aa237f6771d60bbc56cf31cb30" +
+			"32a87204d454542de747418470025ab84935d3eaaca01dbbdae9ef6b5d3a" +
+			"ca62ce9f871a3e1272b2b671582c096a349c00f32d742ddb17993994d8ae" +
+			"fc178cbcf9abc03114ff2bf7db8f757c63d6898faccd822f5c2e9a7570fb" +
+			"9cfff148570888be24ae42644c1a5bebb6f6287147a4bcc01c7675be9e4a" +
+			"897519dd3132a7cc2e778f8c90d23dc8073f6fa108d7ef82d561794bd9d5" +
+			"f1faa306334f338ac3ba99c853f79c24f7048fa906fde87d1ed28a7b11c0" +
+			"66a3bb98f8d21055aaafdf7e069b77b60b3d5cbe7c5e4379c7651af955cd" +
+			"82a19a09caf36becb6cd3fe9e12f40379941542709991066df21b7b12dfb" +
+			"2416d83fcdc33bb583e3b42f24f53edf8dc7c579ad3be831c99f72bf9fb7" +
+			"a35b6562e824e039e6bf1adc8f5ca53846de7bae11c4317e696d887df33c" +
+			"525f0a9c01fc29f2c26c90b85fe82ed8bd50954cd4e9ac7c85c7f3efec75" +
+			"da1da4ed173cb695cee295190527edb3cb06c5dbdabe0228cc60b6455153" +
+			"76244f27aa56da2db10f2659090137ffb82c57233c833e0bbf22d6f647fb" +
+			"97b3652d2888b3ab08010b8e8a6967d560b747757806736dc98b78226634" +
+			"f1eecaa4a2e23ba36591acb5737d735c5bc7a2e36f1a46946927e061fdf7" +
+			"7a3b68ef582c26b01f5aa9a438ecc26c6941221d1590c838072f9e471fe7" +
+			"fd59dacb0d092d40d76ea2f7c6e954a132a015bd4cb31147f3ebe4518322" +
+			"916438a62836ac85a4cf4492190a85bcc8edb37e38b99ea552d749c30f74" +
+			"ca20c298165e8ed02d4671e0b41cac3a32a345b9349ad22c2a4bb2c16a4c" +
+			"e0613ca0f0518759f7d2b33cfad2fae764f410d4d9ff8a76ae02a8107e7e" +
+			"01d9cd0552676b85ba002f19c01ad5f416d1d08bb84fec7c3555b098dbce" +
+			"48e1a5d847895e54db9c5b80cc22d5b87cd41a1a94be102bdd45a3cda5d1" +
+			"181e10446d213d6b3fdc350d486d2011d705c5f16ccf7519065c47bad7d6" +
+			"89c71e5fdf9d04bfb91eb1f07fa0f001009c1d4b1f6a116a570823a8580b",
+	},
+	{
+		key: "392468efccff36dade31fc1c62eb38bb61394fe448def9d9d9beec2413ddb418",
+		tag: "e1122e7c8e6965b90addbd46d8a548d6",
+		in: "6a13d37f0ec933194c227351f4a19b507d93465b1f3e88dcb5f1ed1262fa" +
+			"58ea99ff31e6fc85c39c04129fa69195b71b2060122fe618dd9430a63f97" +
+			"54b52a80b3cd099f248f91a468bae211a27bdb47ba005d29881ea5143a82" +
+			"967c4c30c9a4f0dba1a4975e6407fe296d40023a00efa06be763f2d73d46" +
+			"a2901ae28b3d8ce18009a462e223b71476d7b954c138e177d15a390847de" +
+			"96a7f7fd0598748e86b0f08e64d915e67c7e3cf936f3dcd60edebd36e2a1" +
+			"d65b6ac29530c48ab3bd52d45b4f938a19b9b31e2911105a8561600d5377" +
+			"905a67112ec28025aa680350ff85b808c5b4c98b7b9567d03f5ed3911ec9" +
+			"365a8de4b15ca62adaa69e5ba710eb1756a346016c67a297d8624f9f1ab5" +
+			"b3fbce98b141049f0ce26c85d2f8a9cc6ca8ab6c6e148be968931430dcc6" +
+			"2bf58ea9698ef52a5d271cf48e6748ac9e04bc7ae7da205a1a7535478322" +
+			"d820eca146cedf4b2f9aa9fcfd77ab56a7276977401dcc1f96baa1b607e0" +
+			"256bd04ec324ec67a4313e2d5a53d3a3fb5332927929b20c63bde805f637" +
+			"eb1050fee2a152a0405634f55c48a59fe370d54b2ab1671dae2c7fd92243" +
+			"10627808e553127c74f724362b4a6ee49b697daae7df3ddc5d2ed9d6befd" +
+			"77fb9f68fe3041f6ef13f46f34ab682ab8563e8996344f82b2ef006a8d54" +
+			"3dd9c1db4979d7da97bda45e722065f8a238f0873217b783a9a629a12b3a" +
+			"4de437445039997bd243efbf5e3b6059b9459d395290efb9081c632fb694" +
+			"81000dc74c395cb507422df181aba20f776ce3fd8765ac485021992c98b1" +
+			"67c68805662cb4356a0ee7ba6bdae51ac10cd06bb5b2f3a72841c714c8ed" +
+			"bc56998fe2fefb9bf69e172fdf54b2ab138ae59372c52a67e93882a3000f" +
+			"d966992aa2250c6ff93e9cac89645d70625d79332ade5dab7eb1adbe7dce" +
+			"5a013fb65ad32fe22ed16fb9bb35eca1f37a0433c320e8752f8fc4b7618c" +
+			"5e4df2efece832e259ad98b895c474e47d0e3fc488bea8f717a17de0dcf7" +
+			"597fb8fe12e62246296f9a887dcc3a700820c190a55a4931a7d44bd3bb2e" +
+			"ab6c8a8126f1be93790cebabc1d69e01796e6cc80e7c16bbc82fb333fb21" +
+			"c774ab7db843242838e82d8e1cb8ccab385e67a4271fe7031d74b6e8edcc" +
+			"8ed585d1c05a365c7665899c1dbc561151d3b44bceace77c4f53c0e0f6f7" +
+			"74d42f9ad3e56f1c2a8d53879d695f895690afb4698472a3d52d67159313" +
+			"133c87823fe0500eb68fe286f8b9a2f59f12785d026dc97bdbf793c7d1eb" +
+			"155f1f136aae66c256583e987f718afbe733e0a5ce30d021493fb84e2242" +
+			"5b18754d126235ef80335004fa84f88361a584753df409360cd8bd45bace" +
+			"8f48156bec66577bf2c685089f5ac7e7ec76c0df068fbaa47661f8517f92" +
+			"e14723b3b278f151816537a7212c96bd340a00c15c9c9bc9a2a5d163655d" +
+			"84b38073e2be9217cad97d362d89d4baf3ce0a8d8562f19a8c97a9aaf5e7" +
+			"77d60456360ffb77b30f177d2809052020d141697ecf9cb65f42b9190caf" +
+			"6540b2c82f6e5a8482934a6a1a5711a8c24546cd8ba432068404eae5a827" +
+			"2e09efc3c6037af4feaac0a46329229b010ecac6b9f077a9b076bb6d9ce1" +
+			"38401eb38d124baa11507a994185295020bf9b754fcf78430db9253f5929" +
+			"87c46c0f8589c4e463b15a3840b1cea795e24cf6b20f29a630136e0589b3" +
+			"8dd7fbe5ea21da72c88bd8e56473586822aa3765660a45a988df9b8eb8e8" +
+			"141939d3e4cc637c5d788064d40a9f7c734e43fdf8d7189a5d76700d9743" +
+			"fe0122944663afdb88c5201318ca782f6848b742ddebe7463fd4a32280ac" +
+			"1cf8311e9137d319de05ce9cd85abab24c5364041c14d3b4ce650400498e" +
+			"122166eccc12784b7ac3b262ac0b198ffc26eeed9a5da5374f7a2a53c87a" +
+			"78c217ea1fbf8d38f62511657b73109f31691aef14d82ce6e1010eae9e6f" +
+			"a419e5c1c16c0cc70651eb3374c03549a1bc7d3ed42d60f886102c798dbc" +
+			"ba56f0a2b3b9b412530c35f5f7ed06311ee14571f9c26ed9c81ef38ff000" +
+			"2f5ef3aab7351e32049a6ef8f48a43da1d84402d229df513dfaf1b2e4043" +
+			"6ce68c70ebeddd7477c9164f0dce45a6fc5de050f52ec269659d5854bcae" +
+			"f7762ed7400713c27a4d523eaf8c136c4a1ca00b9e9e55902daf6cdf8528" +
+			"c22ca1f2fa7ce87902d75a6850e1a5a4592497be1bb401878f18b189b0e2" +
+			"c59d10705bfabde3cd2da01eb452006b294108d5d42e88e9e15424d8cd0b" +
+			"8ab43a6c546b3dbf52e47b59cde6a3e417b0395220b6d63736d429da3458" +
+			"9a2524f1629320206fa7f1d8a041e17222c4a5814561937e1030e6375c77" +
+			"9dc988bb928bbdbe2c2eb20111639725d82b5d7192cd3e4acc27581f0ba7" +
+			"286cff41f97aa5a52ea0083de5057fd2ba985aa738e4d03fcf11ebab1d97" +
+			"e2ac77d1c2beb8799150a421a07b3777d0b850f24194b8309135b13da6c7" +
+			"e38653a711e407a1811290fbb7bc15d8b12efc6916e97ead41e042a44721" +
+			"e9cde3388073d921595bcddcac758dc675173f38242e65e4a284aaa7e8fa" +
+			"6adddaf00bc46428ab2d8601205b8895bcedfc80ca0aa4619ed6bb082ddf" +
+			"33ec04fa5d417f33fcdd238c6b11320c5a08f800e0f350b75d81e3bcbd15" +
+			"58a1eab87a3c8c2ffd7ba1d7e754e607cf98ba22a3fc766c45bd6f2569b4" +
+			"84639e6611714119d188a24a5e963089a16ed34e20b9f154cad8ac6031dd" +
+			"7a3a885afc2ae5e003ae8d4e4aabdb3e51dfc423b8cf4ed9ae2010072cbb" +
+			"b1108c7da1ff075e54ed827a0963ac5523ecdf3fc5eee7b4d1a6773764ec" +
+			"5c30f41690523fd70d895edb7ca6a1806d54240c4c7b43410da73503a323" +
+			"90d9070ed30da3a2fb5eccd40d083be7cf8bf40b4279f819cf795b6f075b" +
+			"5a67a10a06a6076d0d83c72efea05f244901c4b5fd9eb380432519311baf" +
+			"8c81f6325df4d37ff4d30d318f904ebb837ec76b341dd00a8f247cf0bbe9" +
+			"6f3784dc8f5feb344958fdf1a9ececb105f8770826db1f17a5281e997951" +
+			"d3c60cc28fc3e66ffeb5dbac315f98f6d240208043f28dee963d843e68ab" +
+			"57d847f76ae2f96ce6e37f377ef5dfef2176ecd7440ce4dadcec2231b606" +
+			"e4a80420fb3ed135640e1f05d6bd58b8dce062dd7d36b885d424f6318e5e" +
+			"a0753efbb33bbc7360d2b5dfab3ae0d5e000b8d31f2ba0f5fd8b34f96b55" +
+			"28fff35e769461d0f03cf3bfdf0b801dcbbf2838180cb9b108e06c353e3f" +
+			"0b9ef61678cfed1ea37ae76bccb5ef5957ac2c8e8f4794c8145a15f1cc88" +
+			"bfb0881080326c481b373c3bc9b07a9b60a0c8bd5fa4f6f90145590a5227" +
+			"6fcc0ccc2375d0ccb571d414d1b0c38b4e02c39db4d701c5e25e90785ef4" +
+			"d26f35edd8c4b96455bdca7245cfefd9cfbd2f319615e5fdf07bb9564fa0" +
+			"44bb35a58391d02e3927780b4076bc0893dfcb4b63a32cd7a541a4a8c253" +
+			"0349c6e96e378dbeb66dedf87d813d0b744452c1c4088507dca722193827" +
+			"9e2dfa24e4a409de494acf654f44262db9206a7717fa434ac4fdc6a6eb5b" +
+			"1fd5a193b6043bc4327c8c09fd6822eaa9df37bbcac1077754a295621601" +
+			"267b68733b62dadc2563f1700af180141f29899e2689dbbe9745ba8477f4" +
+			"352921900b403a01c9dd042a8c1b0e0489959fb0b0a8431c97b41e202204" +
+			"212ebfa00c593399dbd14d7aec07b8292d2e40b48f05fcd54a15da4a24d7" +
+			"2759e409f4c7b5b98fce4abac6c30e4872d92efa1f96479ec30f21699825" +
+			"50fa60584f5a09051a00f8e7dbb3853e66ca3f05fbfe43bef9b120a25a01" +
+			"eb436ba8ecda715201eda72e517d628f883386c1503aa8b8e75610f7155e" +
+			"9f916335ab6d6f0f9589b6220cd2b81c2c937dc065d3d14a7df8cc916cd0" +
+			"0ce1bb53fd9c8974298d3bd316f3658aa8cc6904f073a1472149e4b08c64" +
+			"5e11abe0428ccb6174df2103edd735965d6454b543d3f01410f77053f65e" +
+			"c1d1aee56fdd3af23bcd4e1a7fcc4e600c4831007c33fe5f0c8300f686eb" +
+			"9b4d1e4f08fe4ddc8a90be14dc3a5a88ff96716509341d5db24c0d016863" +
+			"998b1859c5021df815a6f1ca9845f1a8e99dbad132b406227c5897a1bdf3" +
+			"e698962f799133ff4429decbef6ce036296facf38e4812fec102b76c6d30" +
+			"beba1b70722254fafbc471096153478c971db7d96263660209265cb10f13" +
+			"b34b5fd55c4abe818a5f9715d8a85094e2946b7a001b47f629e26c636d86" +
+			"4968ad2ab616dfe28840bd60b4b9855c8dbe1cb873fcbc4577b5fefeb8bb" +
+			"4832039867dc35db9c036c83bc204396e3474ddfe806c77c65c936f488b6" +
+			"7c1028739562d7bb055d21441af29ae2921290e548dccf8a56021385422b" +
+			"15da6b232b24151309a75a00296d11aa1952a1513110b0faa93d1d8cd9ae" +
+			"fa9f1c59377ec9165b2c9e07cbde40db7b81bca6d58fc28bae8f473cd0e9" +
+			"a2420e0b943a83d284108626c24ac570b1d6c1ab971e71f43fbd6c00e171" +
+			"238141a6dc987a60385c3a04dd147a2f8e80dfe727b104c0fdd80b326f59" +
+			"0b9f86fd7b2fd1122a390979889eabd803ab57159c8509a1443eb6789382" +
+			"090a770ae4eba03306f96e50e19a7d44c584ccc230d104548946efca4520" +
+			"d61de5f473e2f4eada6c8ce9c7ee975eb4f63c0483cb775ed7d3cf690a61" +
+			"7d6656d683a8512707d81ca5ba176a42bcffcfa692129f292607d2a47536" +
+			"ccaeb464c9272d6f3816074b712af602470088b253deba18771e5f67734b" +
+			"587707cdd06f35264b2262fd253c25b5d38ee7db287610e5398062b7a34e" +
+			"6e4cf7447d00873b930ad148fd96f0ab18771bc468b874bb109924101c84" +
+			"c4e239ecc7687d875e4d94a1a973620ca61e35a872c2e2e61a502169f1bb" +
+			"4e5ff5fa2bff657be6195b3e2c7151a52fc0096d98e7f08f5a98f570aee1" +
+			"7b4275f1356e87e080ce0e1b9bbabe7dea48b5903bc390ce23472ad64a89" +
+			"41c3247bfd23ea90b2dee09085571bad85568040105e098f993bb37e43c3" +
+			"e6d511171c77cfc450570dfb9fc6a3930ef43c03f8213f6203d545d791c7" +
+			"d3fa42d5dde1655038d35c5dfacc12e9dee24fe833977549eda68ae8b508" +
+			"be277e743921b584f9dfa0eefbd8bf3c23f51efdef7f7487001d29e8097b" +
+			"ba63289cfca743023d1668555a46fe6d5b7421377414df1e9ef135480622" +
+			"22e2e9a7baa618d88f407517f6317b6a0ba3384ace16d68631d59ea169d5" +
+			"092d20afc1a481b82be5e734bb092953a0a94702bae1a0f48d2a22b9a05f" +
+			"f64493b7b2e984f27582b1eb937fddf8512c49830435d146dcc291a4118d" +
+			"5dc638b99cdcbcc5860de7a92c5b13cbd1e01e051f01af40afe124346320" +
+			"d3626bf9d8f7850744e032a993c276fd388718237740c6caf260fca60b8d" +
+			"d846102e3262b6e05ceca00c6affe938fac1847350865fc858d3ddd1d130" +
+			"71d1221ce7c5d575587fcba580e544b74d877ed5ca92763ef0ca0d7bfa08" +
+			"d57a0216b2a01a2b9ec74b8430051e0074862b7be25b6766ab520f2eb75d" +
+			"eeb979c28f03795f6f1e4b8410beab19a20febc91985b8a7c298534a6598" +
+			"f2c5b0dc5de9f5e55a97791507bc6373db26",
+	},
+
+	// Override initial state to ensure large h (subject to h < 2(2¹³⁰ - 5)) is
+	// deserialized from the state correctly.
+	{
+		key:   "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+		state: "0000000000000007fffffffffffffffffffffffffffffff5", // 2(2¹³⁰ - 5) - 1
+		in:    "",
+		tag:   "f9ffffffffffffffffffffffffffffff",
+	},
+	{
+		key:   "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+		state: "000000000000000700000000000000000000000000000000", // 2¹³⁰
+		in:    "",
+		tag:   "04000000000000000000000000000000",
+	},
+	{
+		key:   "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+		state: "0000000000000007fffffffffffffffffffffffffffffff5", // 2(2¹³⁰ - 5) - 1
+		in: "ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff",
+		tag: "1b000e5e5dfe8f5c4da11dd17b7654e7",
+	},
+	{
+		key:   "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+		state: "000000000000000700000000000000000000000000000001", // 2¹³⁰
+		in: "ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff" +
+			"ffffffffffffffffffffffffffffffff",
+		tag: "380859a4a5860b0e0967edfd711d37de",
+	},
+}
diff --git a/internal/subtle/aliasing.go b/internal/subtle/aliasing.go
new file mode 100644
index 000000000..4fad24f8d
--- /dev/null
+++ b/internal/subtle/aliasing.go
@@ -0,0 +1,33 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !purego
+// +build !purego
+
+// Package subtle implements functions that are often useful in cryptographic
+// code but require careful thought to use correctly.
+package subtle // import "golang.org/x/crypto/internal/subtle"
+
+import "unsafe"
+
+// AnyOverlap reports whether x and y share memory at any (not necessarily
+// corresponding) index. The memory beyond the slice length is ignored.
+func AnyOverlap(x, y []byte) bool {
+	return len(x) > 0 && len(y) > 0 &&
+		uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) &&
+		uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1]))
+}
+
+// InexactOverlap reports whether x and y share memory at any non-corresponding
+// index. The memory beyond the slice length is ignored. Note that x and y can
+// have different lengths and still not have any inexact overlap.
+//
+// InexactOverlap can be used to implement the requirements of the crypto/cipher
+// AEAD, Block, BlockMode and Stream interfaces.
+func InexactOverlap(x, y []byte) bool {
+	if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] {
+		return false
+	}
+	return AnyOverlap(x, y)
+}
diff --git a/internal/subtle/aliasing_purego.go b/internal/subtle/aliasing_purego.go
new file mode 100644
index 000000000..80ccbed2c
--- /dev/null
+++ b/internal/subtle/aliasing_purego.go
@@ -0,0 +1,36 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build purego
+// +build purego
+
+// Package subtle implements functions that are often useful in cryptographic
+// code but require careful thought to use correctly.
+package subtle // import "golang.org/x/crypto/internal/subtle"
+
+// This is the Google App Engine standard variant based on reflect
+// because the unsafe package and cgo are disallowed.
+
+import "reflect"
+
+// AnyOverlap reports whether x and y share memory at any (not necessarily
+// corresponding) index. The memory beyond the slice length is ignored.
+func AnyOverlap(x, y []byte) bool {
+	return len(x) > 0 && len(y) > 0 &&
+		reflect.ValueOf(&x[0]).Pointer() <= reflect.ValueOf(&y[len(y)-1]).Pointer() &&
+		reflect.ValueOf(&y[0]).Pointer() <= reflect.ValueOf(&x[len(x)-1]).Pointer()
+}
+
+// InexactOverlap reports whether x and y share memory at any non-corresponding
+// index. The memory beyond the slice length is ignored. Note that x and y can
+// have different lengths and still not have any inexact overlap.
+//
+// InexactOverlap can be used to implement the requirements of the crypto/cipher
+// AEAD, Block, BlockMode and Stream interfaces.
+func InexactOverlap(x, y []byte) bool {
+	if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] {
+		return false
+	}
+	return AnyOverlap(x, y)
+}
diff --git a/internal/subtle/aliasing_test.go b/internal/subtle/aliasing_test.go
new file mode 100644
index 000000000..a5b62ff74
--- /dev/null
+++ b/internal/subtle/aliasing_test.go
@@ -0,0 +1,50 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package subtle_test
+
+import (
+	"testing"
+
+	"golang.org/x/crypto/internal/subtle"
+)
+
+var a, b [100]byte
+
+var aliasingTests = []struct {
+	x, y                       []byte
+	anyOverlap, inexactOverlap bool
+}{
+	{a[:], b[:], false, false},
+	{a[:], b[:0], false, false},
+	{a[:], b[:50], false, false},
+	{a[40:50], a[50:60], false, false},
+	{a[40:50], a[60:70], false, false},
+	{a[:51], a[50:], true, true},
+	{a[:], a[:], true, false},
+	{a[:50], a[:60], true, false},
+	{a[:], nil, false, false},
+	{nil, nil, false, false},
+	{a[:], a[:0], false, false},
+	{a[:10], a[:10:20], true, false},
+	{a[:10], a[5:10:20], true, true},
+}
+
+func testAliasing(t *testing.T, i int, x, y []byte, anyOverlap, inexactOverlap bool) {
+	any := subtle.AnyOverlap(x, y)
+	if any != anyOverlap {
+		t.Errorf("%d: wrong AnyOverlap result, expected %v, got %v", i, anyOverlap, any)
+	}
+	inexact := subtle.InexactOverlap(x, y)
+	if inexact != inexactOverlap {
+		t.Errorf("%d: wrong InexactOverlap result, expected %v, got %v", i, inexactOverlap, any)
+	}
+}
+
+func TestAliasing(t *testing.T) {
+	for i, tt := range aliasingTests {
+		testAliasing(t, i, tt.x, tt.y, tt.anyOverlap, tt.inexactOverlap)
+		testAliasing(t, i, tt.y, tt.x, tt.anyOverlap, tt.inexactOverlap)
+	}
+}
diff --git a/internal/wycheproof/README.md b/internal/wycheproof/README.md
new file mode 100644
index 000000000..8ae6c6c3d
--- /dev/null
+++ b/internal/wycheproof/README.md
@@ -0,0 +1,12 @@
+This package runs a set of the Wycheproof tests provided by
+https://github.com/google/wycheproof.
+
+The JSON test files live in
+https://github.com/google/wycheproof/tree/master/testvectors
+and are being fetched and cached at a pinned version every time
+these tests are run. To change the version of the wycheproof
+repository that is being used for testing, update wycheproofModVer.
+
+The structs for these tests are generated from the
+schemas provided in https://github.com/google/wycheproof/tree/master/schemas
+using https://github.com/a-h/generate.
\ No newline at end of file
diff --git a/internal/wycheproof/aead_test.go b/internal/wycheproof/aead_test.go
new file mode 100644
index 000000000..292d85425
--- /dev/null
+++ b/internal/wycheproof/aead_test.go
@@ -0,0 +1,176 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package wycheproof
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"fmt"
+	"testing"
+
+	"golang.org/x/crypto/chacha20poly1305"
+)
+
+func TestAEAD(t *testing.T) {
+	// AeadTestVector
+	type AeadTestVector struct {
+
+		// additional authenticated data
+		Aad string `json:"aad,omitempty"`
+
+		// A brief description of the test case
+		Comment string `json:"comment,omitempty"`
+
+		// the ciphertext (without iv and tag)
+		Ct string `json:"ct,omitempty"`
+
+		// A list of flags
+		Flags []string `json:"flags,omitempty"`
+
+		// the nonce
+		Iv string `json:"iv,omitempty"`
+
+		// the key
+		Key string `json:"key,omitempty"`
+
+		// the plaintext
+		Msg string `json:"msg,omitempty"`
+
+		// Test result
+		Result string `json:"result,omitempty"`
+
+		// the authentication tag
+		Tag string `json:"tag,omitempty"`
+
+		// Identifier of the test case
+		TcId int `json:"tcId,omitempty"`
+	}
+
+	// Notes a description of the labels used in the test vectors
+	type Notes struct {
+	}
+
+	// AeadTestGroup
+	type AeadTestGroup struct {
+
+		// the IV size in bits
+		IvSize int `json:"ivSize,omitempty"`
+
+		// the keySize in bits
+		KeySize int `json:"keySize,omitempty"`
+
+		// the expected size of the tag in bits
+		TagSize int               `json:"tagSize,omitempty"`
+		Tests   []*AeadTestVector `json:"tests,omitempty"`
+		Type    interface{}       `json:"type,omitempty"`
+	}
+
+	// Root
+	type Root struct {
+
+		// the primitive tested in the test file
+		Algorithm string `json:"algorithm,omitempty"`
+
+		// the version of the test vectors.
+		GeneratorVersion string `json:"generatorVersion,omitempty"`
+
+		// additional documentation
+		Header []string `json:"header,omitempty"`
+
+		// a description of the labels used in the test vectors
+		Notes *Notes `json:"notes,omitempty"`
+
+		// the number of test vectors in this test
+		NumberOfTests int              `json:"numberOfTests,omitempty"`
+		Schema        interface{}      `json:"schema,omitempty"`
+		TestGroups    []*AeadTestGroup `json:"testGroups,omitempty"`
+	}
+
+	testSealOpen := func(t *testing.T, aead cipher.AEAD, tv *AeadTestVector, recoverBadNonce func()) {
+		defer recoverBadNonce()
+
+		iv, tag, ct, msg, aad := decodeHex(tv.Iv), decodeHex(tv.Tag), decodeHex(tv.Ct), decodeHex(tv.Msg), decodeHex(tv.Aad)
+
+		genCT := aead.Seal(nil, iv, msg, aad)
+		genMsg, err := aead.Open(nil, iv, genCT, aad)
+		if err != nil {
+			t.Errorf("failed to decrypt generated ciphertext: %s", err)
+		}
+		if !bytes.Equal(genMsg, msg) {
+			t.Errorf("unexpected roundtripped plaintext: got %x, want %x", genMsg, msg)
+		}
+
+		ctWithTag := append(ct, tag...)
+		msg2, err := aead.Open(nil, iv, ctWithTag, aad)
+		wantPass := shouldPass(tv.Result, tv.Flags, nil)
+		if !wantPass && err == nil {
+			t.Error("decryption succeeded when it should've failed")
+		} else if wantPass {
+			if err != nil {
+				t.Fatalf("decryption failed: %s", err)
+			}
+			if !bytes.Equal(genCT, ctWithTag) {
+				t.Errorf("generated ciphertext doesn't match expected: got %x, want %x", genCT, ctWithTag)
+			}
+			if !bytes.Equal(msg, msg2) {
+				t.Errorf("decrypted ciphertext doesn't match expected: got %x, want %x", msg2, msg)
+			}
+		}
+	}
+
+	vectors := map[string]func(*testing.T, []byte) cipher.AEAD{
+		"aes_gcm_test.json": func(t *testing.T, key []byte) cipher.AEAD {
+			aesCipher, err := aes.NewCipher(key)
+			if err != nil {
+				t.Fatalf("failed to construct cipher: %s", err)
+			}
+			aead, err := cipher.NewGCM(aesCipher)
+			if err != nil {
+				t.Fatalf("failed to construct cipher: %s", err)
+			}
+			return aead
+		},
+		"chacha20_poly1305_test.json": func(t *testing.T, key []byte) cipher.AEAD {
+			aead, err := chacha20poly1305.New(key)
+			if err != nil {
+				t.Fatalf("failed to construct cipher: %s", err)
+			}
+			return aead
+		},
+		"xchacha20_poly1305_test.json": func(t *testing.T, key []byte) cipher.AEAD {
+			aead, err := chacha20poly1305.NewX(key)
+			if err != nil {
+				t.Fatalf("failed to construct cipher: %s", err)
+			}
+			return aead
+		},
+	}
+	for file, cipherInit := range vectors {
+		var root Root
+		readTestVector(t, file, &root)
+		for _, tg := range root.TestGroups {
+			for _, tv := range tg.Tests {
+				testName := fmt.Sprintf("%s #%d", file, tv.TcId)
+				if tv.Comment != "" {
+					testName += fmt.Sprintf(" %s", tv.Comment)
+				}
+				t.Run(testName, func(t *testing.T) {
+					aead := cipherInit(t, decodeHex(tv.Key))
+					testSealOpen(t, aead, tv, func() {
+						// A bad nonce causes a panic in AEAD.Seal and AEAD.Open,
+						// so should be recovered. Fail the test if it broke for
+						// some other reason.
+						if r := recover(); r != nil {
+							if tg.IvSize/8 == aead.NonceSize() {
+								t.Error("unexpected panic")
+							}
+						}
+					})
+				})
+			}
+		}
+	}
+}
diff --git a/internal/wycheproof/aes_cbc_test.go b/internal/wycheproof/aes_cbc_test.go
new file mode 100644
index 000000000..0a60fc355
--- /dev/null
+++ b/internal/wycheproof/aes_cbc_test.go
@@ -0,0 +1,127 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package wycheproof
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"encoding/hex"
+	"fmt"
+	"testing"
+)
+
+func TestAesCbc(t *testing.T) {
+	// IndCpaTestVector
+	type IndCpaTestVector struct {
+
+		// A brief description of the test case
+		Comment string `json:"comment,omitempty"`
+
+		// the raw ciphertext (without IV)
+		Ct string `json:"ct,omitempty"`
+
+		// A list of flags
+		Flags []string `json:"flags,omitempty"`
+
+		// the initialization vector
+		Iv string `json:"iv,omitempty"`
+
+		// the key
+		Key string `json:"key,omitempty"`
+
+		// the plaintext
+		Msg string `json:"msg,omitempty"`
+
+		// Test result
+		Result string `json:"result,omitempty"`
+
+		// Identifier of the test case
+		TcId int `json:"tcId,omitempty"`
+	}
+
+	// Notes a description of the labels used in the test vectors
+	type Notes struct {
+	}
+
+	// IndCpaTestGroup
+	type IndCpaTestGroup struct {
+
+		// the IV size in bits
+		IvSize int `json:"ivSize,omitempty"`
+
+		// the keySize in bits
+		KeySize int `json:"keySize,omitempty"`
+
+		// the expected size of the tag in bits
+		TagSize int                 `json:"tagSize,omitempty"`
+		Tests   []*IndCpaTestVector `json:"tests,omitempty"`
+		Type    interface{}         `json:"type,omitempty"`
+	}
+
+	// Root
+	type Root struct {
+
+		// the primitive tested in the test file
+		Algorithm string `json:"algorithm,omitempty"`
+
+		// the version of the test vectors.
+		GeneratorVersion string `json:"generatorVersion,omitempty"`
+
+		// additional documentation
+		Header []string `json:"header,omitempty"`
+
+		// a description of the labels used in the test vectors
+		Notes *Notes `json:"notes,omitempty"`
+
+		// the number of test vectors in this test
+		NumberOfTests int                `json:"numberOfTests,omitempty"`
+		Schema        interface{}        `json:"schema,omitempty"`
+		TestGroups    []*IndCpaTestGroup `json:"testGroups,omitempty"`
+	}
+
+	var root Root
+	readTestVector(t, "aes_cbc_pkcs5_test.json", &root)
+	for _, tg := range root.TestGroups {
+	tests:
+		for _, tv := range tg.Tests {
+			block, err := aes.NewCipher(decodeHex(tv.Key))
+			if err != nil {
+				t.Fatalf("#%d: %v", tv.TcId, err)
+			}
+			mode := cipher.NewCBCDecrypter(block, decodeHex(tv.Iv))
+			ct := decodeHex(tv.Ct)
+			if len(ct)%aes.BlockSize != 0 {
+				panic(fmt.Sprintf("#%d: ciphertext is not a multiple of the block size", tv.TcId))
+			}
+			mode.CryptBlocks(ct, ct) // decrypt the block in place
+
+			// Skip the tests that are broken due to bad padding. Panic if there are any
+			// tests left that are invalid for some other reason in the future, to
+			// evaluate what to do with those tests.
+			for _, flag := range tv.Flags {
+				if flag == "BadPadding" {
+					continue tests
+				}
+			}
+			if !shouldPass(tv.Result, tv.Flags, nil) {
+				panic(fmt.Sprintf("#%d: found an invalid test that is broken for some reason other than bad padding", tv.TcId))
+			}
+
+			// Remove the PKCS#5 padding from the given ciphertext to validate it
+			padding := ct[len(ct)-1]
+			paddingNum := int(padding)
+			for i := paddingNum; i > 0; i-- {
+				if ct[len(ct)-i] != padding { // panic if the padding is unexpectedly bad
+					panic(fmt.Sprintf("#%d: bad padding at index=%d of %v", tv.TcId, i, ct))
+				}
+			}
+			ct = ct[:len(ct)-paddingNum]
+
+			if got, want := hex.EncodeToString(ct), tv.Msg; got != want {
+				t.Errorf("#%d, type: %s, comment: %q, decoded ciphertext not equal: %s, want %s", tv.TcId, tv.Result, tv.Comment, got, want)
+			}
+		}
+	}
+}
diff --git a/internal/wycheproof/dsa_test.go b/internal/wycheproof/dsa_test.go
new file mode 100644
index 000000000..e55470846
--- /dev/null
+++ b/internal/wycheproof/dsa_test.go
@@ -0,0 +1,123 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package wycheproof
+
+import (
+	"crypto/dsa"
+	"testing"
+
+	wdsa "golang.org/x/crypto/internal/wycheproof/internal/dsa"
+)
+
+func TestDsa(t *testing.T) {
+	// AsnSignatureTestVector
+	type AsnSignatureTestVector struct {
+
+		// A brief description of the test case
+		Comment string `json:"comment,omitempty"`
+
+		// A list of flags
+		Flags []string `json:"flags,omitempty"`
+
+		// The message to sign
+		Msg string `json:"msg,omitempty"`
+
+		// Test result
+		Result string `json:"result,omitempty"`
+
+		// An ASN encoded signature for msg
+		Sig string `json:"sig,omitempty"`
+
+		// Identifier of the test case
+		TcId int `json:"tcId,omitempty"`
+	}
+
+	// DsaPublicKey
+	type DsaPublicKey struct {
+
+		// the generator of the multiplicative subgroup
+		G string `json:"g,omitempty"`
+
+		// the key size in bits
+		KeySize int `json:"keySize,omitempty"`
+
+		// the modulus p
+		P string `json:"p,omitempty"`
+
+		// the order of the generator g
+		Q string `json:"q,omitempty"`
+
+		// the key type
+		Type string `json:"type,omitempty"`
+
+		// the public key value
+		Y string `json:"y,omitempty"`
+	}
+
+	// DsaTestGroup
+	type DsaTestGroup struct {
+
+		// unenocded DSA public key
+		Key *DsaPublicKey `json:"key,omitempty"`
+
+		// DER encoded public key
+		KeyDer string `json:"keyDer,omitempty"`
+
+		// Pem encoded public key
+		KeyPem string `json:"keyPem,omitempty"`
+
+		// the hash function used for DSA
+		Sha   string                    `json:"sha,omitempty"`
+		Tests []*AsnSignatureTestVector `json:"tests,omitempty"`
+		Type  interface{}               `json:"type,omitempty"`
+	}
+
+	// Notes a description of the labels used in the test vectors
+	type Notes struct {
+	}
+
+	// Root
+	type Root struct {
+
+		// the primitive tested in the test file
+		Algorithm string `json:"algorithm,omitempty"`
+
+		// the version of the test vectors.
+		GeneratorVersion string `json:"generatorVersion,omitempty"`
+
+		// additional documentation
+		Header []string `json:"header,omitempty"`
+
+		// a description of the labels used in the test vectors
+		Notes *Notes `json:"notes,omitempty"`
+
+		// the number of test vectors in this test
+		NumberOfTests int             `json:"numberOfTests,omitempty"`
+		Schema        interface{}     `json:"schema,omitempty"`
+		TestGroups    []*DsaTestGroup `json:"testGroups,omitempty"`
+	}
+
+	flagsShouldPass := map[string]bool{
+		// An encoded ASN.1 integer missing a leading zero is invalid, but accepted by some implementations.
+		"NoLeadingZero": false,
+	}
+
+	var root Root
+	readTestVector(t, "dsa_test.json", &root)
+	for _, tg := range root.TestGroups {
+		pub := decodePublicKey(tg.KeyDer).(*dsa.PublicKey)
+		h := parseHash(tg.Sha).New()
+		for _, sig := range tg.Tests {
+			h.Reset()
+			h.Write(decodeHex(sig.Msg))
+			hashed := h.Sum(nil)
+			hashed = hashed[:pub.Q.BitLen()/8] // Truncate to the byte-length of the subgroup (Q)
+			got := wdsa.VerifyASN1(pub, hashed, decodeHex(sig.Sig))
+			if want := shouldPass(sig.Result, sig.Flags, flagsShouldPass); got != want {
+				t.Errorf("tcid: %d, type: %s, comment: %q, wanted success: %t", sig.TcId, sig.Result, sig.Comment, want)
+			}
+		}
+	}
+}
diff --git a/internal/wycheproof/ecdsa_compat_test.go b/internal/wycheproof/ecdsa_compat_test.go
new file mode 100644
index 000000000..5880fb367
--- /dev/null
+++ b/internal/wycheproof/ecdsa_compat_test.go
@@ -0,0 +1,34 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.15
+// +build !go1.15
+
+// ecdsa.VerifyASN1 was added in Go 1.15.
+
+package wycheproof
+
+import (
+	"crypto/ecdsa"
+	"math/big"
+
+	"golang.org/x/crypto/cryptobyte"
+	"golang.org/x/crypto/cryptobyte/asn1"
+)
+
+func verifyASN1(pub *ecdsa.PublicKey, hash, sig []byte) bool {
+	var (
+		r, s  = &big.Int{}, &big.Int{}
+		inner cryptobyte.String
+	)
+	input := cryptobyte.String(sig)
+	if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
+		!input.Empty() ||
+		!inner.ReadASN1Integer(r) ||
+		!inner.ReadASN1Integer(s) ||
+		!inner.Empty() {
+		return false
+	}
+	return ecdsa.Verify(pub, hash, r, s)
+}
diff --git a/internal/wycheproof/ecdsa_go115_test.go b/internal/wycheproof/ecdsa_go115_test.go
new file mode 100644
index 000000000..e13e70908
--- /dev/null
+++ b/internal/wycheproof/ecdsa_go115_test.go
@@ -0,0 +1,16 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.15
+// +build go1.15
+
+package wycheproof
+
+import (
+	"crypto/ecdsa"
+)
+
+func verifyASN1(pub *ecdsa.PublicKey, hash, sig []byte) bool {
+	return ecdsa.VerifyASN1(pub, hash, sig)
+}
diff --git a/internal/wycheproof/ecdsa_test.go b/internal/wycheproof/ecdsa_test.go
new file mode 100644
index 000000000..81731f707
--- /dev/null
+++ b/internal/wycheproof/ecdsa_test.go
@@ -0,0 +1,164 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package wycheproof
+
+import (
+	"crypto/ecdsa"
+	"testing"
+)
+
+func TestEcdsa(t *testing.T) {
+	// AsnSignatureTestVector
+	type AsnSignatureTestVector struct {
+
+		// A brief description of the test case
+		Comment string `json:"comment,omitempty"`
+
+		// A list of flags
+		Flags []string `json:"flags,omitempty"`
+
+		// The message to sign
+		Msg string `json:"msg,omitempty"`
+
+		// Test result
+		Result string `json:"result,omitempty"`
+
+		// An ASN encoded signature for msg
+		Sig string `json:"sig,omitempty"`
+
+		// Identifier of the test case
+		TcId int `json:"tcId,omitempty"`
+	}
+
+	// EcPublicKey
+	type EcPublicKey struct {
+
+		// the EC group used by this public key
+		Curve interface{} `json:"curve,omitempty"`
+
+		// the key size in bits
+		KeySize int `json:"keySize,omitempty"`
+
+		// the key type
+		Type string `json:"type,omitempty"`
+
+		// encoded public key point
+		Uncompressed string `json:"uncompressed,omitempty"`
+
+		// the x-coordinate of the public key point
+		Wx string `json:"wx,omitempty"`
+
+		// the y-coordinate of the public key point
+		Wy string `json:"wy,omitempty"`
+	}
+
+	// EcUnnamedGroup
+	type EcUnnamedGroup struct {
+
+		// coefficient a of the elliptic curve equation
+		A string `json:"a,omitempty"`
+
+		// coefficient b of the elliptic curve equation
+		B string `json:"b,omitempty"`
+
+		// the x-coordinate of the generator
+		Gx string `json:"gx,omitempty"`
+
+		// the y-coordinate of the generator
+		Gy string `json:"gy,omitempty"`
+
+		// the cofactor
+		H int `json:"h,omitempty"`
+
+		// the order of the generator
+		N string `json:"n,omitempty"`
+
+		// the order of the underlying field
+		P string `json:"p,omitempty"`
+
+		// an unnamed EC group over a prime field in Weierstrass form
+		Type string `json:"type,omitempty"`
+	}
+
+	// EcdsaTestGroup
+	type EcdsaTestGroup struct {
+
+		// unenocded EC public key
+		Key *EcPublicKey `json:"key,omitempty"`
+
+		// DER encoded public key
+		KeyDer string `json:"keyDer,omitempty"`
+
+		// Pem encoded public key
+		KeyPem string `json:"keyPem,omitempty"`
+
+		// the hash function used for ECDSA
+		Sha   string                    `json:"sha,omitempty"`
+		Tests []*AsnSignatureTestVector `json:"tests,omitempty"`
+		Type  interface{}               `json:"type,omitempty"`
+	}
+
+	// Notes a description of the labels used in the test vectors
+	type Notes struct {
+	}
+
+	// Root
+	type Root struct {
+
+		// the primitive tested in the test file
+		Algorithm string `json:"algorithm,omitempty"`
+
+		// the version of the test vectors.
+		GeneratorVersion string `json:"generatorVersion,omitempty"`
+
+		// additional documentation
+		Header []string `json:"header,omitempty"`
+
+		// a description of the labels used in the test vectors
+		Notes *Notes `json:"notes,omitempty"`
+
+		// the number of test vectors in this test
+		NumberOfTests int               `json:"numberOfTests,omitempty"`
+		Schema        interface{}       `json:"schema,omitempty"`
+		TestGroups    []*EcdsaTestGroup `json:"testGroups,omitempty"`
+	}
+
+	flagsShouldPass := map[string]bool{
+		// An encoded ASN.1 integer missing a leading zero is invalid, but accepted by some implementations.
+		"MissingZero": false,
+		// A signature using a weaker hash than the EC params is not a security risk, as long as the hash is secure.
+		// https://www.imperialviolet.org/2014/05/25/strengthmatching.html
+		"WeakHash": true,
+	}
+
+	// supportedCurves is a map of all elliptic curves supported
+	// by crypto/elliptic, which can subsequently be parsed and tested.
+	supportedCurves := map[string]bool{
+		"secp224r1": true,
+		"secp256r1": true,
+		"secp384r1": true,
+		"secp521r1": true,
+	}
+
+	var root Root
+	readTestVector(t, "ecdsa_test.json", &root)
+	for _, tg := range root.TestGroups {
+		curve := tg.Key.Curve.(string)
+		if !supportedCurves[curve] {
+			continue
+		}
+		pub := decodePublicKey(tg.KeyDer).(*ecdsa.PublicKey)
+		h := parseHash(tg.Sha).New()
+		for _, sig := range tg.Tests {
+			h.Reset()
+			h.Write(decodeHex(sig.Msg))
+			hashed := h.Sum(nil)
+			got := verifyASN1(pub, hashed, decodeHex(sig.Sig))
+			if want := shouldPass(sig.Result, sig.Flags, flagsShouldPass); got != want {
+				t.Errorf("tcid: %d, type: %s, comment: %q, wanted success: %t", sig.TcId, sig.Result, sig.Comment, want)
+			}
+		}
+	}
+}
diff --git a/internal/wycheproof/eddsa_test.go b/internal/wycheproof/eddsa_test.go
new file mode 100644
index 000000000..0a7fbb7e0
--- /dev/null
+++ b/internal/wycheproof/eddsa_test.go
@@ -0,0 +1,101 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.13
+// +build go1.13
+
+package wycheproof
+
+import (
+	"testing"
+
+	"golang.org/x/crypto/ed25519"
+)
+
+func TestEddsa(t *testing.T) {
+	// Jwk the private key in webcrypto format
+	type Jwk struct {
+	}
+
+	// Key unencoded key pair
+	type Key struct {
+	}
+
+	// Notes a description of the labels used in the test vectors
+	type Notes struct {
+	}
+
+	// SignatureTestVector
+	type SignatureTestVector struct {
+
+		// A brief description of the test case
+		Comment string `json:"comment,omitempty"`
+
+		// A list of flags
+		Flags []string `json:"flags,omitempty"`
+
+		// The message to sign
+		Msg string `json:"msg,omitempty"`
+
+		// Test result
+		Result string `json:"result,omitempty"`
+
+		// A signature for msg
+		Sig string `json:"sig,omitempty"`
+
+		// Identifier of the test case
+		TcId int `json:"tcId,omitempty"`
+	}
+
+	// EddsaTestGroup
+	type EddsaTestGroup struct {
+
+		// the private key in webcrypto format
+		Jwk *Jwk `json:"jwk,omitempty"`
+
+		// unencoded key pair
+		Key *Key `json:"key,omitempty"`
+
+		// Asn encoded public key
+		KeyDer string `json:"keyDer,omitempty"`
+
+		// Pem encoded public key
+		KeyPem string                 `json:"keyPem,omitempty"`
+		Tests  []*SignatureTestVector `json:"tests,omitempty"`
+		Type   interface{}            `json:"type,omitempty"`
+	}
+
+	// Root
+	type Root struct {
+
+		// the primitive tested in the test file
+		Algorithm string `json:"algorithm,omitempty"`
+
+		// the version of the test vectors.
+		GeneratorVersion string `json:"generatorVersion,omitempty"`
+
+		// additional documentation
+		Header []string `json:"header,omitempty"`
+
+		// a description of the labels used in the test vectors
+		Notes *Notes `json:"notes,omitempty"`
+
+		// the number of test vectors in this test
+		NumberOfTests int               `json:"numberOfTests,omitempty"`
+		Schema        interface{}       `json:"schema,omitempty"`
+		TestGroups    []*EddsaTestGroup `json:"testGroups,omitempty"`
+	}
+
+	var root Root
+	readTestVector(t, "eddsa_test.json", &root)
+	for _, tg := range root.TestGroups {
+		pub := decodePublicKey(tg.KeyDer).(ed25519.PublicKey)
+		for _, sig := range tg.Tests {
+			got := ed25519.Verify(pub, decodeHex(sig.Msg), decodeHex(sig.Sig))
+			if want := shouldPass(sig.Result, sig.Flags, nil); got != want {
+				t.Errorf("tcid: %d, type: %s, comment: %q, wanted success: %t", sig.TcId, sig.Result, sig.Comment, want)
+			}
+		}
+	}
+}
diff --git a/internal/wycheproof/hkdf_test.go b/internal/wycheproof/hkdf_test.go
new file mode 100644
index 000000000..6b72e2c87
--- /dev/null
+++ b/internal/wycheproof/hkdf_test.go
@@ -0,0 +1,111 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package wycheproof
+
+import (
+	"bytes"
+	"io"
+	"testing"
+
+	"golang.org/x/crypto/hkdf"
+)
+
+func TestHkdf(t *testing.T) {
+
+	// HkdfTestVector
+	type HkdfTestVector struct {
+
+		// A brief description of the test case
+		Comment string `json:"comment,omitempty"`
+
+		// A list of flags
+		Flags []string `json:"flags,omitempty"`
+
+		// the key (input key material)
+		Ikm string `json:"ikm,omitempty"`
+
+		// additional information used in the key derivation
+		Info string `json:"info,omitempty"`
+
+		// the generated bytes (output key material)
+		Okm string `json:"okm,omitempty"`
+
+		// Test result
+		Result string `json:"result,omitempty"`
+
+		// the salt for the key derivation
+		Salt string `json:"salt,omitempty"`
+
+		// the size of the output in bytes
+		Size int `json:"size,omitempty"`
+
+		// Identifier of the test case
+		TcId int `json:"tcId,omitempty"`
+	}
+
+	// Notes a description of the labels used in the test vectors
+	type Notes struct {
+	}
+
+	// HkdfTestGroup
+	type HkdfTestGroup struct {
+
+		// the size of the ikm in bits
+		KeySize int               `json:"keySize,omitempty"`
+		Tests   []*HkdfTestVector `json:"tests,omitempty"`
+		Type    interface{}       `json:"type,omitempty"`
+	}
+
+	// Root
+	type Root struct {
+
+		// the primitive tested in the test file
+		Algorithm string `json:"algorithm,omitempty"`
+
+		// the version of the test vectors.
+		GeneratorVersion string `json:"generatorVersion,omitempty"`
+
+		// additional documentation
+		Header []string `json:"header,omitempty"`
+
+		// a description of the labels used in the test vectors
+		Notes *Notes `json:"notes,omitempty"`
+
+		// the number of test vectors in this test
+		NumberOfTests int              `json:"numberOfTests,omitempty"`
+		Schema        interface{}      `json:"schema,omitempty"`
+		TestGroups    []*HkdfTestGroup `json:"testGroups,omitempty"`
+	}
+
+	fileHashAlgorithms := map[string]string{
+		"hkdf_sha1_test.json":   "SHA-1",
+		"hkdf_sha256_test.json": "SHA-256",
+		"hkdf_sha384_test.json": "SHA-384",
+		"hkdf_sha512_test.json": "SHA-512",
+	}
+
+	for f := range fileHashAlgorithms {
+		var root Root
+		readTestVector(t, f, &root)
+		for _, tg := range root.TestGroups {
+			for _, tv := range tg.Tests {
+				h := parseHash(fileHashAlgorithms[f]).New
+				hkdf := hkdf.New(h, decodeHex(tv.Ikm), decodeHex(tv.Salt), decodeHex(tv.Info))
+				key := make([]byte, tv.Size)
+				wantPass := shouldPass(tv.Result, tv.Flags, nil)
+				_, err := io.ReadFull(hkdf, key)
+				if (err == nil) != wantPass {
+					t.Errorf("tcid: %d, type: %s, comment: %q, wanted success: %t, got: %v", tv.TcId, tv.Result, tv.Comment, wantPass, err)
+				}
+				if err != nil {
+					continue // don't validate output text if reading failed
+				}
+				if got, want := key, decodeHex(tv.Okm); !bytes.Equal(got, want) {
+					t.Errorf("tcid: %d, type: %s, comment: %q, output bytes don't match", tv.TcId, tv.Result, tv.Comment)
+				}
+			}
+		}
+	}
+}
diff --git a/internal/wycheproof/hmac_test.go b/internal/wycheproof/hmac_test.go
new file mode 100644
index 000000000..bcc56f28f
--- /dev/null
+++ b/internal/wycheproof/hmac_test.go
@@ -0,0 +1,105 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package wycheproof
+
+import (
+	"crypto/hmac"
+	"testing"
+)
+
+func TestHMAC(t *testing.T) {
+	// MacTestVector
+	type MacTestVector struct {
+
+		// A brief description of the test case
+		Comment string `json:"comment,omitempty"`
+
+		// A list of flags
+		Flags []string `json:"flags,omitempty"`
+
+		// the key
+		Key string `json:"key,omitempty"`
+
+		// the plaintext
+		Msg string `json:"msg,omitempty"`
+
+		// Test result
+		Result string `json:"result,omitempty"`
+
+		// the authentication tag
+		Tag string `json:"tag,omitempty"`
+
+		// Identifier of the test case
+		TcId int `json:"tcId,omitempty"`
+	}
+
+	// MacTestGroup
+	type MacTestGroup struct {
+
+		// the keySize in bits
+		KeySize int `json:"keySize,omitempty"`
+
+		// the expected size of the tag in bits
+		TagSize int              `json:"tagSize,omitempty"`
+		Tests   []*MacTestVector `json:"tests,omitempty"`
+		Type    interface{}      `json:"type,omitempty"`
+	}
+
+	// Notes a description of the labels used in the test vectors
+	type Notes struct {
+	}
+
+	// Root
+	type Root struct {
+
+		// the primitive tested in the test file
+		Algorithm string `json:"algorithm,omitempty"`
+
+		// the version of the test vectors.
+		GeneratorVersion string `json:"generatorVersion,omitempty"`
+
+		// additional documentation
+		Header []string `json:"header,omitempty"`
+
+		// a description of the labels used in the test vectors
+		Notes *Notes `json:"notes,omitempty"`
+
+		// the number of test vectors in this test
+		NumberOfTests int             `json:"numberOfTests,omitempty"`
+		Schema        interface{}     `json:"schema,omitempty"`
+		TestGroups    []*MacTestGroup `json:"testGroups,omitempty"`
+	}
+
+	fileHashAlgs := map[string]string{
+		"hmac_sha1_test.json":   "SHA-1",
+		"hmac_sha224_test.json": "SHA-224",
+		"hmac_sha256_test.json": "SHA-256",
+		"hmac_sha384_test.json": "SHA-384",
+		"hmac_sha512_test.json": "SHA-512",
+	}
+
+	for f := range fileHashAlgs {
+		var root Root
+		readTestVector(t, f, &root)
+		for _, tg := range root.TestGroups {
+			h := parseHash(fileHashAlgs[f])
+			// Skip test vectors where the tag length does not equal the
+			// hash length, since crypto/hmac does not support generating
+			// these truncated tags.
+			if tg.TagSize/8 != h.Size() {
+				continue
+			}
+			for _, tv := range tg.Tests {
+				hm := hmac.New(h.New, decodeHex(tv.Key))
+				hm.Write(decodeHex(tv.Msg))
+				tag := hm.Sum(nil)
+				got := hmac.Equal(decodeHex(tv.Tag), tag)
+				if want := shouldPass(tv.Result, tv.Flags, nil); want != got {
+					t.Errorf("%s, tcid: %d, type: %s, comment: %q, unexpected result", f, tv.TcId, tv.Result, tv.Comment)
+				}
+			}
+		}
+	}
+}
diff --git a/internal/wycheproof/internal/dsa/dsa.go b/internal/wycheproof/internal/dsa/dsa.go
new file mode 100644
index 000000000..3101dfc1c
--- /dev/null
+++ b/internal/wycheproof/internal/dsa/dsa.go
@@ -0,0 +1,33 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package dsa provides an internal version of dsa.Verify
+// that is used for the Wycheproof tests.
+package dsa
+
+import (
+	"crypto/dsa"
+	"math/big"
+
+	"golang.org/x/crypto/cryptobyte"
+	"golang.org/x/crypto/cryptobyte/asn1"
+)
+
+// VerifyASN1 verifies the ASN1 encoded signature, sig, of hash using the
+// public key, pub. Its return value records whether the signature is valid.
+func VerifyASN1(pub *dsa.PublicKey, hash, sig []byte) bool {
+	var (
+		r, s  = &big.Int{}, &big.Int{}
+		inner cryptobyte.String
+	)
+	input := cryptobyte.String(sig)
+	if !input.ReadASN1(&inner, asn1.SEQUENCE) ||
+		!input.Empty() ||
+		!inner.ReadASN1Integer(r) ||
+		!inner.ReadASN1Integer(s) ||
+		!inner.Empty() {
+		return false
+	}
+	return dsa.Verify(pub, hash, r, s)
+}
diff --git a/internal/wycheproof/rsa_oaep_decrypt_test.go b/internal/wycheproof/rsa_oaep_decrypt_test.go
new file mode 100644
index 000000000..19cc4fdcb
--- /dev/null
+++ b/internal/wycheproof/rsa_oaep_decrypt_test.go
@@ -0,0 +1,149 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package wycheproof
+
+import (
+	"bytes"
+	"crypto/rsa"
+	"crypto/x509"
+	"fmt"
+	"testing"
+)
+
+func TestRSAOAEPDecrypt(t *testing.T) {
+	// Notes a description of the labels used in the test vectors
+	type Notes struct {
+	}
+
+	// RsaesOaepTestVector
+	type RsaesOaepTestVector struct {
+
+		// A brief description of the test case
+		Comment string `json:"comment,omitempty"`
+
+		// An encryption of msg
+		Ct string `json:"ct,omitempty"`
+
+		// A list of flags
+		Flags []string `json:"flags,omitempty"`
+
+		// The label used for the encryption
+		Label string `json:"label,omitempty"`
+
+		// The encrypted message
+		Msg string `json:"msg,omitempty"`
+
+		// Test result
+		Result string `json:"result,omitempty"`
+
+		// Identifier of the test case
+		TcId int `json:"tcId,omitempty"`
+	}
+
+	// RsaesOaepTestGroup
+	type RsaesOaepTestGroup struct {
+
+		// The private exponent
+		D string `json:"d,omitempty"`
+
+		// The public exponent
+		E string `json:"e,omitempty"`
+
+		// the message generating function (e.g. MGF1)
+		Mgf string `json:"mgf,omitempty"`
+
+		// The hash function used for the message generating function.
+		MgfSha string `json:"mgfSha,omitempty"`
+
+		// The modulus of the key
+		N string `json:"n,omitempty"`
+
+		// Pem encoded private key
+		PrivateKeyPem string `json:"privateKeyPem,omitempty"`
+
+		// Pkcs 8 encoded private key.
+		PrivateKeyPkcs8 string `json:"privateKeyPkcs8,omitempty"`
+
+		// The hash function for hashing the label.
+		Sha   string                 `json:"sha,omitempty"`
+		Tests []*RsaesOaepTestVector `json:"tests,omitempty"`
+		Type  interface{}            `json:"type,omitempty"`
+	}
+
+	// Root
+	type Root struct {
+
+		// the primitive tested in the test file
+		Algorithm string `json:"algorithm,omitempty"`
+
+		// the version of the test vectors.
+		GeneratorVersion string `json:"generatorVersion,omitempty"`
+
+		// additional documentation
+		Header []string `json:"header,omitempty"`
+
+		// a description of the labels used in the test vectors
+		Notes *Notes `json:"notes,omitempty"`
+
+		// the number of test vectors in this test
+		NumberOfTests int                   `json:"numberOfTests,omitempty"`
+		Schema        interface{}           `json:"schema,omitempty"`
+		TestGroups    []*RsaesOaepTestGroup `json:"testGroups,omitempty"`
+	}
+
+	// rsa.DecryptOAEP doesn't support using a different hash for the
+	// MGF and the label, so skip all of the test vectors that use
+	// these unbalanced constructions. rsa_oaep_misc_test.json contains
+	// both balanced and unbalanced constructions so in that case
+	// we just filter out any test groups where MgfSha != Sha
+	files := []string{
+		"rsa_oaep_2048_sha1_mgf1sha1_test.json",
+		"rsa_oaep_2048_sha224_mgf1sha224_test.json",
+		"rsa_oaep_2048_sha256_mgf1sha256_test.json",
+		"rsa_oaep_2048_sha384_mgf1sha384_test.json",
+		"rsa_oaep_2048_sha512_mgf1sha512_test.json",
+		"rsa_oaep_3072_sha256_mgf1sha256_test.json",
+		"rsa_oaep_3072_sha512_mgf1sha512_test.json",
+		"rsa_oaep_4096_sha256_mgf1sha256_test.json",
+		"rsa_oaep_4096_sha512_mgf1sha512_test.json",
+		"rsa_oaep_misc_test.json",
+	}
+
+	flagsShouldPass := map[string]bool{
+		// rsa.DecryptOAEP happily supports small key sizes
+		"SmallModulus": true,
+	}
+
+	for _, f := range files {
+		var root Root
+		readTestVector(t, f, &root)
+		for _, tg := range root.TestGroups {
+			if tg.MgfSha != tg.Sha {
+				continue
+			}
+			priv, err := x509.ParsePKCS8PrivateKey(decodeHex(tg.PrivateKeyPkcs8))
+			if err != nil {
+				t.Fatalf("%s failed to parse PKCS #8 private key: %s", f, err)
+			}
+			hash := parseHash(tg.Sha)
+			for _, tv := range tg.Tests {
+				t.Run(fmt.Sprintf("%s #%d", f, tv.TcId), func(t *testing.T) {
+					wantPass := shouldPass(tv.Result, tv.Flags, flagsShouldPass)
+					plaintext, err := rsa.DecryptOAEP(hash.New(), nil, priv.(*rsa.PrivateKey), decodeHex(tv.Ct), decodeHex(tv.Label))
+					if wantPass {
+						if err != nil {
+							t.Fatalf("comment: %s, expected success: %s", tv.Comment, err)
+						}
+						if !bytes.Equal(plaintext, decodeHex(tv.Msg)) {
+							t.Errorf("comment: %s, unexpected plaintext: got %x, want %s", tv.Comment, plaintext, tv.Msg)
+						}
+					} else if err == nil {
+						t.Errorf("comment: %s, expected failure", tv.Comment)
+					}
+				})
+			}
+		}
+	}
+}
diff --git a/internal/wycheproof/rsa_pss_test.go b/internal/wycheproof/rsa_pss_test.go
new file mode 100644
index 000000000..365ca9229
--- /dev/null
+++ b/internal/wycheproof/rsa_pss_test.go
@@ -0,0 +1,164 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package wycheproof
+
+import (
+	"crypto/rsa"
+	"testing"
+)
+
+func TestRsaPss(t *testing.T) {
+	// KeyJwk Public key in JWK format
+	type KeyJwk struct {
+	}
+
+	// Notes a description of the labels used in the test vectors
+	type Notes struct {
+	}
+
+	// SignatureTestVector
+	type SignatureTestVector struct {
+
+		// A brief description of the test case
+		Comment string `json:"comment,omitempty"`
+
+		// A list of flags
+		Flags []string `json:"flags,omitempty"`
+
+		// The message to sign
+		Msg string `json:"msg,omitempty"`
+
+		// Test result
+		Result string `json:"result,omitempty"`
+
+		// A signature for msg
+		Sig string `json:"sig,omitempty"`
+
+		// Identifier of the test case
+		TcId int `json:"tcId,omitempty"`
+	}
+
+	// RsassaPkcs1TestGroup
+	type RsassaPkcs1TestGroup struct {
+
+		// The private exponent
+		D string `json:"d,omitempty"`
+
+		// The public exponent
+		E string `json:"e,omitempty"`
+
+		// ASN encoding of the sequence [n, e]
+		KeyAsn string `json:"keyAsn,omitempty"`
+
+		// ASN encoding of the public key
+		KeyDer string `json:"keyDer,omitempty"`
+
+		// Public key in JWK format
+		KeyJwk *KeyJwk `json:"keyJwk,omitempty"`
+
+		// Pem encoded public key
+		KeyPem string `json:"keyPem,omitempty"`
+
+		// the size of the modulus in bits
+		KeySize int `json:"keySize,omitempty"`
+
+		// The modulus of the key
+		N string `json:"n,omitempty"`
+
+		// The salt length
+		SLen int `json:"sLen,omitempty"`
+
+		// the hash function used for the message
+		Sha   string                 `json:"sha,omitempty"`
+		Tests []*SignatureTestVector `json:"tests,omitempty"`
+		Type  interface{}            `json:"type,omitempty"`
+	}
+
+	// Root
+	type Root struct {
+
+		// the primitive tested in the test file
+		Algorithm string `json:"algorithm,omitempty"`
+
+		// the version of the test vectors.
+		GeneratorVersion string `json:"generatorVersion,omitempty"`
+
+		// additional documentation
+		Header []string `json:"header,omitempty"`
+
+		// a description of the labels used in the test vectors
+		Notes *Notes `json:"notes,omitempty"`
+
+		// the number of test vectors in this test
+		NumberOfTests int                     `json:"numberOfTests,omitempty"`
+		Schema        interface{}             `json:"schema,omitempty"`
+		TestGroups    []*RsassaPkcs1TestGroup `json:"testGroups,omitempty"`
+	}
+
+	flagsShouldPass := map[string]bool{
+		// A signature using a weaker hash than the EC params is not a security risk, as long as the hash is secure.
+		// https://www.imperialviolet.org/2014/05/25/strengthmatching.html
+		"WeakHash": true,
+	}
+
+	// filesOverrideToPassZeroSLen is a map of all test files
+	// and which TcIds that should be overridden to pass if the
+	// rsa.PSSOptions.SaltLength is zero.
+	// These tests expect a failure with a PSSOptions.SaltLength: 0
+	// and a signature that uses a different salt length. However,
+	// a salt length of 0 is defined as rsa.PSSSaltLengthAuto which
+	// works deterministically to auto-detect the length when
+	// verifying, so these tests actually pass as they should.
+	filesOverrideToPassZeroSLen := map[string][]int{
+		"rsa_pss_2048_sha1_mgf1_20_test.json":       []int{46, 47},
+		"rsa_pss_2048_sha256_mgf1_0_test.json":      []int{67, 68},
+		"rsa_pss_2048_sha256_mgf1_32_test.json":     []int{67, 68},
+		"rsa_pss_2048_sha512_256_mgf1_28_test.json": []int{13, 14, 15},
+		"rsa_pss_2048_sha512_256_mgf1_32_test.json": []int{13, 14},
+		"rsa_pss_3072_sha256_mgf1_32_test.json":     []int{67, 68},
+		"rsa_pss_4096_sha256_mgf1_32_test.json":     []int{67, 68},
+		"rsa_pss_4096_sha512_mgf1_32_test.json":     []int{136, 137},
+		// "rsa_pss_misc_test.json": nil,  // TODO: This ones seems to be broken right now, but can enable later on.
+	}
+
+	for f := range filesOverrideToPassZeroSLen {
+		var root Root
+		readTestVector(t, f, &root)
+		for _, tg := range root.TestGroups {
+			pub := decodePublicKey(tg.KeyDer).(*rsa.PublicKey)
+			ch := parseHash(tg.Sha)
+			h := ch.New()
+			opts := &rsa.PSSOptions{
+				Hash:       ch,
+				SaltLength: rsa.PSSSaltLengthAuto,
+			}
+			// Run all the tests twice: the first time with the salt length
+			// as PSSSaltLengthAuto, and the second time with the salt length
+			// explictily set to tg.SLen.
+			for i := 0; i < 2; i++ {
+				for _, sig := range tg.Tests {
+					h.Reset()
+					h.Write(decodeHex(sig.Msg))
+					hashed := h.Sum(nil)
+					err := rsa.VerifyPSS(pub, ch, hashed, decodeHex(sig.Sig), opts)
+					want := shouldPass(sig.Result, sig.Flags, flagsShouldPass)
+					if opts.SaltLength == 0 {
+						for _, id := range filesOverrideToPassZeroSLen[f] {
+							if sig.TcId == id {
+								want = true
+								break
+							}
+						}
+					}
+					if (err == nil) != want {
+						t.Errorf("file: %v, tcid: %d, type: %s, opts.SaltLength: %v, comment: %q, wanted success: %t", f, sig.TcId, sig.Result, opts.SaltLength, sig.Comment, want)
+					}
+				}
+				// Update opts.SaltLength for the second run of the tests.
+				opts.SaltLength = tg.SLen
+			}
+		}
+	}
+}
diff --git a/internal/wycheproof/rsa_signature_test.go b/internal/wycheproof/rsa_signature_test.go
new file mode 100644
index 000000000..3c31c2255
--- /dev/null
+++ b/internal/wycheproof/rsa_signature_test.go
@@ -0,0 +1,123 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package wycheproof
+
+import (
+	"crypto/rsa"
+	"testing"
+)
+
+func TestRsa(t *testing.T) {
+	// KeyJwk Public key in JWK format
+	type KeyJwk struct {
+	}
+
+	// Notes a description of the labels used in the test vectors
+	type Notes struct {
+	}
+
+	// SignatureTestVector
+	type SignatureTestVector struct {
+
+		// A brief description of the test case
+		Comment string `json:"comment,omitempty"`
+
+		// A list of flags
+		Flags []string `json:"flags,omitempty"`
+
+		// The message to sign
+		Msg string `json:"msg,omitempty"`
+
+		// Test result
+		Result string `json:"result,omitempty"`
+
+		// A signature for msg
+		Sig string `json:"sig,omitempty"`
+
+		// Identifier of the test case
+		TcId int `json:"tcId,omitempty"`
+	}
+
+	// RsassaPkcs1TestGroup
+	type RsassaPkcs1TestGroup struct {
+
+		// The private exponent
+		D string `json:"d,omitempty"`
+
+		// The public exponent
+		E string `json:"e,omitempty"`
+
+		// ASN encoding of the sequence [n, e]
+		KeyAsn string `json:"keyAsn,omitempty"`
+
+		// ASN encoding of the public key
+		KeyDer string `json:"keyDer,omitempty"`
+
+		// Public key in JWK format
+		KeyJwk *KeyJwk `json:"keyJwk,omitempty"`
+
+		// Pem encoded public key
+		KeyPem string `json:"keyPem,omitempty"`
+
+		// the size of the modulus in bits
+		KeySize int `json:"keySize,omitempty"`
+
+		// The modulus of the key
+		N string `json:"n,omitempty"`
+
+		// the hash function used for the message
+		Sha   string                 `json:"sha,omitempty"`
+		Tests []*SignatureTestVector `json:"tests,omitempty"`
+		Type  interface{}            `json:"type,omitempty"`
+	}
+
+	// Root
+	type Root struct {
+
+		// the primitive tested in the test file
+		Algorithm string `json:"algorithm,omitempty"`
+
+		// the version of the test vectors.
+		GeneratorVersion string `json:"generatorVersion,omitempty"`
+
+		// additional documentation
+		Header []string `json:"header,omitempty"`
+
+		// a description of the labels used in the test vectors
+		Notes *Notes `json:"notes,omitempty"`
+
+		// the number of test vectors in this test
+		NumberOfTests int                     `json:"numberOfTests,omitempty"`
+		Schema        interface{}             `json:"schema,omitempty"`
+		TestGroups    []*RsassaPkcs1TestGroup `json:"testGroups,omitempty"`
+	}
+
+	flagsShouldPass := map[string]bool{
+		// Omitting the parameter field in an ASN encoded integer is a legacy behavior.
+		"MissingNull": false,
+		// Keys with a modulus less than 2048 bits are supported by crypto/rsa.
+		"SmallModulus": true,
+		// Small public keys are supported by crypto/rsa.
+		"SmallPublicKey": true,
+	}
+
+	var root Root
+	readTestVector(t, "rsa_signature_test.json", &root)
+	for _, tg := range root.TestGroups {
+		pub := decodePublicKey(tg.KeyDer).(*rsa.PublicKey)
+		ch := parseHash(tg.Sha)
+		h := ch.New()
+		for _, sig := range tg.Tests {
+			h.Reset()
+			h.Write(decodeHex(sig.Msg))
+			hashed := h.Sum(nil)
+			err := rsa.VerifyPKCS1v15(pub, ch, hashed, decodeHex(sig.Sig))
+			want := shouldPass(sig.Result, sig.Flags, flagsShouldPass)
+			if (err == nil) != want {
+				t.Errorf("tcid: %d, type: %s, comment: %q, wanted success: %t", sig.TcId, sig.Result, sig.Comment, want)
+			}
+		}
+	}
+}
diff --git a/internal/wycheproof/wycheproof_test.go b/internal/wycheproof/wycheproof_test.go
new file mode 100644
index 000000000..983ba5cf6
--- /dev/null
+++ b/internal/wycheproof/wycheproof_test.go
@@ -0,0 +1,134 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package wycheproof runs a set of the Wycheproof tests
+// provided by https://github.com/google/wycheproof.
+package wycheproof
+
+import (
+	"crypto"
+	"crypto/x509"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"testing"
+
+	_ "crypto/sha1"
+	_ "crypto/sha256"
+	_ "crypto/sha512"
+)
+
+const wycheproofModVer = "v0.0.0-20191219022705-2196000605e4"
+
+var wycheproofTestVectorsDir string
+
+func TestMain(m *testing.M) {
+	if _, err := exec.LookPath("go"); err != nil {
+		log.Printf("skipping test because 'go' command is unavailable: %v", err)
+		os.Exit(0)
+	}
+
+	// Download the JSON test files from github.com/google/wycheproof
+	// using `go mod download -json` so the cached source of the testdata
+	// can be used in the following tests.
+	path := "github.com/google/wycheproof@" + wycheproofModVer
+	cmd := exec.Command("go", "mod", "download", "-json", path)
+	// TODO: enable the sumdb once the Trybots proxy supports it.
+	cmd.Env = append(os.Environ(), "GONOSUMDB=*")
+	output, err := cmd.Output()
+	if err != nil {
+		log.Fatalf("failed to run `go mod download -json %s`, output: %s", path, output)
+	}
+	var dm struct {
+		Dir string // absolute path to cached source root directory
+	}
+	if err := json.Unmarshal(output, &dm); err != nil {
+		log.Fatal(err)
+	}
+	// Now that the module has been downloaded, use the absolute path of the
+	// cached source as the root directory for all tests going forward.
+	wycheproofTestVectorsDir = filepath.Join(dm.Dir, "testvectors")
+	os.Exit(m.Run())
+}
+
+func readTestVector(t *testing.T, f string, dest interface{}) {
+	b, err := ioutil.ReadFile(filepath.Join(wycheproofTestVectorsDir, f))
+	if err != nil {
+		t.Fatalf("failed to read json file: %v", err)
+	}
+	if err := json.Unmarshal(b, &dest); err != nil {
+		t.Fatalf("failed to unmarshal json file: %v", err)
+	}
+}
+
+func decodeHex(s string) []byte {
+	b, err := hex.DecodeString(s)
+	if err != nil {
+		panic(err)
+	}
+	return b
+}
+
+func decodePublicKey(der string) interface{} {
+	d := decodeHex(der)
+	pub, err := x509.ParsePKIXPublicKey(d)
+	if err != nil {
+		panic(fmt.Sprintf("failed to parse DER encoded public key: %v", err))
+	}
+	return pub
+}
+
+func parseHash(h string) crypto.Hash {
+	switch h {
+	case "SHA-1":
+		return crypto.SHA1
+	case "SHA-256":
+		return crypto.SHA256
+	case "SHA-224":
+		return crypto.SHA224
+	case "SHA-384":
+		return crypto.SHA384
+	case "SHA-512":
+		return crypto.SHA512
+	case "SHA-512/224":
+		return crypto.SHA512_224
+	case "SHA-512/256":
+		return crypto.SHA512_256
+	default:
+		panic(fmt.Sprintf("could not identify SHA hash algorithm: %q", h))
+	}
+}
+
+// shouldPass returns whether or not the test should pass.
+// flagsShouldPass is a map associated with whether or not
+// a flag for an "acceptable" result should pass.
+// Every possible flag value that's associated with an
+// "acceptable" result should be explicitly specified,
+// otherwise the test will panic.
+func shouldPass(result string, flags []string, flagsShouldPass map[string]bool) bool {
+	switch result {
+	case "valid":
+		return true
+	case "invalid":
+		return false
+	case "acceptable":
+		for _, flag := range flags {
+			pass, ok := flagsShouldPass[flag]
+			if !ok {
+				panic(fmt.Sprintf("unspecified flag: %q", flag))
+			}
+			if !pass {
+				return false
+			}
+		}
+		return true // There are no flags, or all are meant to pass.
+	default:
+		panic(fmt.Sprintf("unexpected result: %v", result))
+	}
+}
diff --git a/md4/md4.go b/md4/md4.go
index 6d9ba9e5f..59d348069 100644
--- a/md4/md4.go
+++ b/md4/md4.go
@@ -3,6 +3,10 @@
 // license that can be found in the LICENSE file.
 
 // Package md4 implements the MD4 hash algorithm as defined in RFC 1320.
+//
+// Deprecated: MD4 is cryptographically broken and should should only be used
+// where compatibility with legacy systems, not security, is the goal. Instead,
+// use a secure hash like SHA-256 (from crypto/sha256).
 package md4 // import "golang.org/x/crypto/md4"
 
 import (
diff --git a/nacl/auth/auth.go b/nacl/auth/auth.go
new file mode 100644
index 000000000..1d588d5c1
--- /dev/null
+++ b/nacl/auth/auth.go
@@ -0,0 +1,58 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package auth authenticates a message using a secret key.
+
+The Sum function, viewed as a function of the message for a uniform random
+key, is designed to meet the standard notion of unforgeability. This means
+that an attacker cannot find authenticators for any messages not authenticated
+by the sender, even if the attacker has adaptively influenced the messages
+authenticated by the sender. For a formal definition see, e.g., Section 2.4
+of Bellare, Kilian, and Rogaway, "The security of the cipher block chaining
+message authentication code," Journal of Computer and System Sciences 61 (2000),
+362–399; http://www-cse.ucsd.edu/~mihir/papers/cbc.html.
+
+auth does not make any promises regarding "strong" unforgeability; perhaps
+one valid authenticator can be converted into another valid authenticator for
+the same message. NaCl also does not make any promises regarding "truncated
+unforgeability."
+
+This package is interoperable with NaCl: https://nacl.cr.yp.to/auth.html.
+*/
+package auth
+
+import (
+	"crypto/hmac"
+	"crypto/sha512"
+)
+
+const (
+	// Size is the size, in bytes, of an authenticated digest.
+	Size = 32
+	// KeySize is the size, in bytes, of an authentication key.
+	KeySize = 32
+)
+
+// Sum generates an authenticator for m using a secret key and returns the
+// 32-byte digest.
+func Sum(m []byte, key *[KeySize]byte) *[Size]byte {
+	mac := hmac.New(sha512.New, key[:])
+	mac.Write(m)
+	out := new([Size]byte)
+	copy(out[:], mac.Sum(nil)[:Size])
+	return out
+}
+
+// Verify checks that digest is a valid authenticator of message m under the
+// given secret key. Verify does not leak timing information.
+func Verify(digest []byte, m []byte, key *[KeySize]byte) bool {
+	if len(digest) != Size {
+		return false
+	}
+	mac := hmac.New(sha512.New, key[:])
+	mac.Write(m)
+	expectedMAC := mac.Sum(nil) // first 256 bits of 512-bit sum
+	return hmac.Equal(digest, expectedMAC[:Size])
+}
diff --git a/nacl/auth/auth_test.go b/nacl/auth/auth_test.go
new file mode 100644
index 000000000..92074b50b
--- /dev/null
+++ b/nacl/auth/auth_test.go
@@ -0,0 +1,172 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package auth
+
+import (
+	"bytes"
+	rand "crypto/rand"
+	mrand "math/rand"
+	"testing"
+)
+
+// Test cases are from RFC 4231, and match those present in the tests directory
+// of the download here: https://nacl.cr.yp.to/install.html
+var testCases = []struct {
+	key [32]byte
+	msg []byte
+	out [32]byte
+}{
+	{
+		key: [32]byte{
+			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+			0x0b, 0x0b, 0x0b, 0x0b,
+		},
+		msg: []byte("Hi There"),
+		out: [32]byte{
+			0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
+			0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
+			0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
+			0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
+		},
+	},
+	{
+		key: [32]byte{'J', 'e', 'f', 'e'},
+		msg: []byte("what do ya want for nothing?"),
+		out: [32]byte{
+			0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2,
+			0xe3, 0x95, 0xfb, 0xe7, 0x3b, 0x56, 0xe0, 0xa3,
+			0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6,
+			0x10, 0x27, 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54,
+		},
+	},
+	{
+		key: [32]byte{
+			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+			0xaa, 0xaa, 0xaa, 0xaa,
+		},
+		msg: []byte{ // 50 bytes of 0xdd
+			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+			0xdd, 0xdd,
+		},
+		out: [32]byte{
+			0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84,
+			0xef, 0xb0, 0xf0, 0x75, 0x6c, 0x89, 0x0b, 0xe9,
+			0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36,
+			0x55, 0xf8, 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39,
+		},
+	},
+	{
+		key: [32]byte{
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
+			0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+			0x19,
+		},
+		msg: []byte{
+			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+			0xcd, 0xcd,
+		},
+		out: [32]byte{
+			0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69,
+			0x90, 0xe5, 0xa8, 0xc5, 0xf6, 0x1d, 0x4a, 0xf7,
+			0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d,
+			0xe7, 0x6f, 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb,
+		},
+	},
+}
+
+func TestSum(t *testing.T) {
+	for i, test := range testCases {
+		tag := Sum(test.msg, &test.key)
+		if !bytes.Equal(tag[:], test.out[:]) {
+			t.Errorf("#%d: Sum: got\n%x\nwant\n%x", i, tag, test.out)
+		}
+	}
+}
+
+func TestVerify(t *testing.T) {
+	wrongMsg := []byte("unknown msg")
+
+	for i, test := range testCases {
+		if !Verify(test.out[:], test.msg, &test.key) {
+			t.Errorf("#%d: Verify(%x, %q, %x) failed", i, test.out, test.msg, test.key)
+		}
+		if Verify(test.out[:], wrongMsg, &test.key) {
+			t.Errorf("#%d: Verify(%x, %q, %x) unexpectedly passed", i, test.out, wrongMsg, test.key)
+		}
+	}
+}
+
+func TestStress(t *testing.T) {
+	if testing.Short() {
+		t.Skip("exhaustiveness test")
+	}
+
+	var key [32]byte
+	msg := make([]byte, 10000)
+	prng := mrand.New(mrand.NewSource(0))
+
+	// copied from tests/auth5.c in nacl
+	for i := 0; i < 10000; i++ {
+		if _, err := rand.Read(key[:]); err != nil {
+			t.Fatal(err)
+		}
+		if _, err := rand.Read(msg[:i]); err != nil {
+			t.Fatal(err)
+		}
+		tag := Sum(msg[:i], &key)
+		if !Verify(tag[:], msg[:i], &key) {
+			t.Errorf("#%d: unexpected failure from Verify", i)
+		}
+		if i > 0 {
+			msgIndex := prng.Intn(i)
+			oldMsgByte := msg[msgIndex]
+			msg[msgIndex] += byte(1 + prng.Intn(255))
+			if Verify(tag[:], msg[:i], &key) {
+				t.Errorf("#%d: unexpected success from Verify after corrupting message", i)
+			}
+			msg[msgIndex] = oldMsgByte
+
+			tag[prng.Intn(len(tag))] += byte(1 + prng.Intn(255))
+			if Verify(tag[:], msg[:i], &key) {
+				t.Errorf("#%d: unexpected success from Verify after corrupting authenticator", i)
+			}
+		}
+	}
+}
+
+func BenchmarkAuth(b *testing.B) {
+	var key [32]byte
+	if _, err := rand.Read(key[:]); err != nil {
+		b.Fatal(err)
+	}
+	buf := make([]byte, 1024)
+	if _, err := rand.Read(buf[:]); err != nil {
+		b.Fatal(err)
+	}
+
+	b.SetBytes(int64(len(buf)))
+	b.ReportAllocs()
+	b.ResetTimer()
+
+	for i := 0; i < b.N; i++ {
+		tag := Sum(buf, &key)
+		if Verify(tag[:], buf, &key) == false {
+			b.Fatal("unexpected failure from Verify")
+		}
+	}
+}
diff --git a/nacl/auth/example_test.go b/nacl/auth/example_test.go
new file mode 100644
index 000000000..02a2cd6c4
--- /dev/null
+++ b/nacl/auth/example_test.go
@@ -0,0 +1,36 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package auth_test
+
+import (
+	"encoding/hex"
+	"fmt"
+
+	"golang.org/x/crypto/nacl/auth"
+)
+
+func Example() {
+	// Load your secret key from a safe place and reuse it across multiple
+	// Sum calls. (Obviously don't use this example key for anything
+	// real.) If you want to convert a passphrase to a key, use a suitable
+	// package like bcrypt or scrypt.
+	secretKeyBytes, err := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
+	if err != nil {
+		panic(err)
+	}
+
+	var secretKey [32]byte
+	copy(secretKey[:], secretKeyBytes)
+
+	mac := auth.Sum([]byte("hello world"), &secretKey)
+	fmt.Printf("%x\n", *mac)
+	result := auth.Verify(mac[:], []byte("hello world"), &secretKey)
+	fmt.Println(result)
+	badResult := auth.Verify(mac[:], []byte("different message"), &secretKey)
+	fmt.Println(badResult)
+	// Output: eca5a521f3d77b63f567fb0cb6f5f2d200641bc8dada42f60c5f881260c30317
+	// true
+	// false
+}
diff --git a/nacl/box/box.go b/nacl/box/box.go
index 7ed1864f7..7f3b830ee 100644
--- a/nacl/box/box.go
+++ b/nacl/box/box.go
@@ -3,7 +3,7 @@
 // license that can be found in the LICENSE file.
 
 /*
-Package box authenticates and encrypts messages using public-key cryptography.
+Package box authenticates and encrypts small messages using public-key cryptography.
 
 Box uses Curve25519, XSalsa20 and Poly1305 to encrypt and authenticate
 messages. The length of messages is not hidden.
@@ -13,20 +13,48 @@ example, by using nonce 1 for the first message, nonce 2 for the second
 message, etc. Nonces are long enough that randomly generated nonces have
 negligible risk of collision.
 
+Messages should be small because:
+
+1. The whole message needs to be held in memory to be processed.
+
+2. Using large messages pressures implementations on small machines to decrypt
+and process plaintext before authenticating it. This is very dangerous, and
+this API does not allow it, but a protocol that uses excessive message sizes
+might present some implementations with no other choice.
+
+3. Fixed overheads will be sufficiently amortised by messages as small as 8KB.
+
+4. Performance may be improved by working with messages that fit into data caches.
+
+Thus large amounts of data should be chunked so that each message is small.
+(Each message still needs a unique nonce.) If in doubt, 16KB is a reasonable
+chunk size.
+
 This package is interoperable with NaCl: https://nacl.cr.yp.to/box.html.
+Anonymous sealing/opening is an extension of NaCl defined by and interoperable
+with libsodium:
+https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes.
 */
 package box // import "golang.org/x/crypto/nacl/box"
 
 import (
+	cryptorand "crypto/rand"
 	"io"
 
+	"golang.org/x/crypto/blake2b"
 	"golang.org/x/crypto/curve25519"
 	"golang.org/x/crypto/nacl/secretbox"
 	"golang.org/x/crypto/salsa20/salsa"
 )
 
-// Overhead is the number of bytes of overhead when boxing a message.
-const Overhead = secretbox.Overhead
+const (
+	// Overhead is the number of bytes of overhead when boxing a message.
+	Overhead = secretbox.Overhead
+
+	// AnonymousOverhead is the number of bytes of overhead when using anonymous
+	// sealed boxes.
+	AnonymousOverhead = Overhead + 32
+)
 
 // GenerateKey generates a new public/private key pair suitable for use with
 // Seal and Open.
@@ -56,7 +84,7 @@ func Precompute(sharedKey, peersPublicKey, privateKey *[32]byte) {
 }
 
 // Seal appends an encrypted and authenticated copy of message to out, which
-// will be Overhead bytes longer than the original and must not overlap. The
+// will be Overhead bytes longer than the original and must not overlap it. The
 // nonce must be unique for each distinct message for a given pair of keys.
 func Seal(out, message []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte) []byte {
 	var sharedKey [32]byte
@@ -84,3 +112,71 @@ func Open(out, box []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte
 func OpenAfterPrecomputation(out, box []byte, nonce *[24]byte, sharedKey *[32]byte) ([]byte, bool) {
 	return secretbox.Open(out, box, nonce, sharedKey)
 }
+
+// SealAnonymous appends an encrypted and authenticated copy of message to out,
+// which will be AnonymousOverhead bytes longer than the original and must not
+// overlap it. This differs from Seal in that the sender is not required to
+// provide a private key.
+func SealAnonymous(out, message []byte, recipient *[32]byte, rand io.Reader) ([]byte, error) {
+	if rand == nil {
+		rand = cryptorand.Reader
+	}
+	ephemeralPub, ephemeralPriv, err := GenerateKey(rand)
+	if err != nil {
+		return nil, err
+	}
+
+	var nonce [24]byte
+	if err := sealNonce(ephemeralPub, recipient, &nonce); err != nil {
+		return nil, err
+	}
+
+	if total := len(out) + AnonymousOverhead + len(message); cap(out) < total {
+		original := out
+		out = make([]byte, 0, total)
+		out = append(out, original...)
+	}
+	out = append(out, ephemeralPub[:]...)
+
+	return Seal(out, message, &nonce, recipient, ephemeralPriv), nil
+}
+
+// OpenAnonymous authenticates and decrypts a box produced by SealAnonymous and
+// appends the message to out, which must not overlap box. The output will be
+// AnonymousOverhead bytes smaller than box.
+func OpenAnonymous(out, box []byte, publicKey, privateKey *[32]byte) (message []byte, ok bool) {
+	if len(box) < AnonymousOverhead {
+		return nil, false
+	}
+
+	var ephemeralPub [32]byte
+	copy(ephemeralPub[:], box[:32])
+
+	var nonce [24]byte
+	if err := sealNonce(&ephemeralPub, publicKey, &nonce); err != nil {
+		return nil, false
+	}
+
+	return Open(out, box[32:], &nonce, &ephemeralPub, privateKey)
+}
+
+// sealNonce generates a 24 byte nonce that is a blake2b digest of the
+// ephemeral public key and the receiver's public key.
+func sealNonce(ephemeralPub, peersPublicKey *[32]byte, nonce *[24]byte) error {
+	h, err := blake2b.New(24, nil)
+	if err != nil {
+		return err
+	}
+
+	if _, err = h.Write(ephemeralPub[:]); err != nil {
+		return err
+	}
+
+	if _, err = h.Write(peersPublicKey[:]); err != nil {
+		return err
+	}
+
+	h.Sum(nonce[:0])
+
+	return nil
+}
diff --git a/nacl/box/box_test.go b/nacl/box/box_test.go
index 481ade28a..cce1f3b4d 100644
--- a/nacl/box/box_test.go
+++ b/nacl/box/box_test.go
@@ -76,3 +76,106 @@ func TestBox(t *testing.T) {
 		t.Fatalf("box didn't match, got\n%x\n, expected\n%x", box, expected)
 	}
 }
+
+func TestSealOpenAnonymous(t *testing.T) {
+	publicKey, privateKey, _ := GenerateKey(rand.Reader)
+	message := []byte("test message")
+
+	box, err := SealAnonymous(nil, message, publicKey, nil)
+	if err != nil {
+		t.Fatalf("Unexpected error sealing %v", err)
+	}
+	opened, ok := OpenAnonymous(nil, box, publicKey, privateKey)
+	if !ok {
+		t.Fatalf("failed to open box")
+	}
+
+	if !bytes.Equal(opened, message) {
+		t.Fatalf("got %x, want %x", opened, message)
+	}
+
+	for i := range box {
+		box[i] ^= 0x40
+		_, ok := OpenAnonymous(nil, box, publicKey, privateKey)
+		if ok {
+			t.Fatalf("opened box with byte %d corrupted", i)
+		}
+		box[i] ^= 0x40
+	}
+
+	// allocates new slice if out isn't long enough
+	out := []byte("hello")
+	orig := append([]byte(nil), out...)
+	box, err = SealAnonymous(out, message, publicKey, nil)
+	if err != nil {
+		t.Fatalf("Unexpected error sealing %v", err)
+	}
+	if !bytes.Equal(out, orig) {
+		t.Fatal("expected out to be unchanged")
+	}
+	if !bytes.HasPrefix(box, orig) {
+		t.Fatal("expected out to be coppied to returned slice")
+	}
+	_, ok = OpenAnonymous(nil, box[len(out):], publicKey, privateKey)
+	if !ok {
+		t.Fatalf("failed to open box")
+	}
+
+	// uses provided slice if it's long enough
+	out = append(make([]byte, 0, 1000), []byte("hello")...)
+	orig = append([]byte(nil), out...)
+	box, err = SealAnonymous(out, message, publicKey, nil)
+	if err != nil {
+		t.Fatalf("Unexpected error sealing %v", err)
+	}
+	if !bytes.Equal(out, orig) {
+		t.Fatal("expected out to be unchanged")
+	}
+	if &out[0] != &box[0] {
+		t.Fatal("expected box to point to out")
+	}
+	_, ok = OpenAnonymous(nil, box[len(out):], publicKey, privateKey)
+	if !ok {
+		t.Fatalf("failed to open box")
+	}
+}
+
+func TestSealedBox(t *testing.T) {
+	var privateKey [32]byte
+	for i := range privateKey[:] {
+		privateKey[i] = 1
+	}
+
+	var publicKey [32]byte
+	curve25519.ScalarBaseMult(&publicKey, &privateKey)
+	var message [64]byte
+	for i := range message[:] {
+		message[i] = 3
+	}
+
+	fakeRand := bytes.NewReader([]byte{5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5})
+	box, err := SealAnonymous(nil, message[:], &publicKey, fakeRand)
+	if err != nil {
+		t.Fatalf("Unexpected error sealing %v", err)
+	}
+
+	// expected was generated using the C implementation of libsodium with a
+	// random implementation that always returns 5.
+	// https://gist.github.com/mastahyeti/942ec3f175448d68fed25018adbce5a7
+	expected, _ := hex.DecodeString("50a61409b1ddd0325e9b16b700e719e9772c07000b1bd7786e907c653d20495d2af1697137a53b1b1dfc9befc49b6eeb38f86be720e155eb2be61976d2efb34d67ecd44a6ad634625eb9c288bfc883431a84ab0f5557dfe673aa6f74c19f033e648a947358cfcc606397fa1747d5219a")
+
+	if !bytes.Equal(box, expected) {
+		t.Fatalf("box didn't match, got\n%x\n, expected\n%x", box, expected)
+	}
+
+	// box was generated using the C implementation of libsodium.
+	// https://gist.github.com/mastahyeti/942ec3f175448d68fed25018adbce5a7
+	box, _ = hex.DecodeString("3462e0640728247a6f581e3812850d6edc3dcad1ea5d8184c072f62fb65cb357e27ffa8b76f41656bc66a0882c4d359568410665746d27462a700f01e314f382edd7aae9064879b0f8ba7b88866f88f5e4fbd7649c850541877f9f33ebd25d46d9cbcce09b69a9ba07f0eb1d105d4264")
+	result, ok := OpenAnonymous(nil, box, &publicKey, &privateKey)
+	if !ok {
+		t.Fatalf("failed to open box")
+	}
+	if !bytes.Equal(result, message[:]) {
+		t.Fatalf("message didn't match, got\n%x\n, expected\n%x", result, message[:])
+	}
+}
diff --git a/nacl/secretbox/secretbox.go b/nacl/secretbox/secretbox.go
index 1e1dff506..a2973e626 100644
--- a/nacl/secretbox/secretbox.go
+++ b/nacl/secretbox/secretbox.go
@@ -13,12 +13,30 @@ example, by using nonce 1 for the first message, nonce 2 for the second
 message, etc. Nonces are long enough that randomly generated nonces have
 negligible risk of collision.
 
+Messages should be small because:
+
+1. The whole message needs to be held in memory to be processed.
+
+2. Using large messages pressures implementations on small machines to decrypt
+and process plaintext before authenticating it. This is very dangerous, and
+this API does not allow it, but a protocol that uses excessive message sizes
+might present some implementations with no other choice.
+
+3. Fixed overheads will be sufficiently amortised by messages as small as 8KB.
+
+4. Performance may be improved by working with messages that fit into data caches.
+
+Thus large amounts of data should be chunked so that each message is small.
+(Each message still needs a unique nonce.) If in doubt, 16KB is a reasonable
+chunk size.
+
 This package is interoperable with NaCl: https://nacl.cr.yp.to/secretbox.html.
 */
 package secretbox // import "golang.org/x/crypto/nacl/secretbox"
 
 import (
-	"golang.org/x/crypto/poly1305"
+	"golang.org/x/crypto/internal/poly1305"
+	"golang.org/x/crypto/internal/subtle"
 	"golang.org/x/crypto/salsa20/salsa"
 )
 
@@ -70,6 +88,9 @@ func Seal(out, message []byte, nonce *[24]byte, key *[32]byte) []byte {
 	copy(poly1305Key[:], firstBlock[:])
 
 	ret, out := sliceForAppend(out, len(message)+poly1305.TagSize)
+	if subtle.AnyOverlap(out, message) {
+		panic("nacl: invalid buffer overlap")
+	}
 
 	// We XOR up to 32 bytes of message with the keystream generated from
 	// the first block.
@@ -101,7 +122,7 @@ func Seal(out, message []byte, nonce *[24]byte, key *[32]byte) []byte {
 // Open authenticates and decrypts a box produced by Seal and appends the
 // message to out, which must not overlap box. The output will be Overhead
 // bytes smaller than box.
-func Open(out []byte, box []byte, nonce *[24]byte, key *[32]byte) ([]byte, bool) {
+func Open(out, box []byte, nonce *[24]byte, key *[32]byte) ([]byte, bool) {
 	if len(box) < Overhead {
 		return nil, false
 	}
@@ -126,6 +147,9 @@ func Open(out []byte, box []byte, nonce *[24]byte, key *[32]byte) ([]byte, bool)
 	}
 
 	ret, out := sliceForAppend(out, len(box)-Overhead)
+	if subtle.AnyOverlap(out, box) {
+		panic("nacl: invalid buffer overlap")
+	}
 
 	// We XOR up to 32 bytes of box with the keystream generated from
 	// the first block.
diff --git a/nacl/sign/sign.go b/nacl/sign/sign.go
new file mode 100644
index 000000000..d07627019
--- /dev/null
+++ b/nacl/sign/sign.go
@@ -0,0 +1,90 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package sign signs small messages using public-key cryptography.
+//
+// Sign uses Ed25519 to sign messages. The length of messages is not hidden.
+// Messages should be small because:
+// 1. The whole message needs to be held in memory to be processed.
+// 2. Using large messages pressures implementations on small machines to process
+// plaintext without verifying the signature. This is very dangerous, and this API
+// discourages it, but a protocol that uses excessive message sizes might present
+// some implementations with no other choice.
+// 3. Performance may be improved by working with messages that fit into data caches.
+// Thus large amounts of data should be chunked so that each message is small.
+//
+// This package is not interoperable with the current release of NaCl
+// (https://nacl.cr.yp.to/sign.html), which does not support Ed25519 yet. However,
+// it is compatible with the NaCl fork libsodium (https://www.libsodium.org), as well
+// as TweetNaCl (https://tweetnacl.cr.yp.to/).
+package sign
+
+import (
+	"io"
+
+	"golang.org/x/crypto/ed25519"
+	"golang.org/x/crypto/internal/subtle"
+)
+
+// Overhead is the number of bytes of overhead when signing a message.
+const Overhead = 64
+
+// GenerateKey generates a new public/private key pair suitable for use with
+// Sign and Open.
+func GenerateKey(rand io.Reader) (publicKey *[32]byte, privateKey *[64]byte, err error) {
+	pub, priv, err := ed25519.GenerateKey(rand)
+	if err != nil {
+		return nil, nil, err
+	}
+	publicKey, privateKey = new([32]byte), new([64]byte)
+	copy((*publicKey)[:], pub)
+	copy((*privateKey)[:], priv)
+	return publicKey, privateKey, nil
+}
+
+// Sign appends a signed copy of message to out, which will be Overhead bytes
+// longer than the original and must not overlap it.
+func Sign(out, message []byte, privateKey *[64]byte) []byte {
+	sig := ed25519.Sign(ed25519.PrivateKey((*privateKey)[:]), message)
+	ret, out := sliceForAppend(out, Overhead+len(message))
+	if subtle.AnyOverlap(out, message) {
+		panic("nacl: invalid buffer overlap")
+	}
+	copy(out, sig)
+	copy(out[Overhead:], message)
+	return ret
+}
+
+// Open verifies a signed message produced by Sign and appends the message to
+// out, which must not overlap the signed message. The output will be Overhead
+// bytes smaller than the signed message.
+func Open(out, signedMessage []byte, publicKey *[32]byte) ([]byte, bool) {
+	if len(signedMessage) < Overhead {
+		return nil, false
+	}
+	if !ed25519.Verify(ed25519.PublicKey((*publicKey)[:]), signedMessage[Overhead:], signedMessage[:Overhead]) {
+		return nil, false
+	}
+	ret, out := sliceForAppend(out, len(signedMessage)-Overhead)
+	if subtle.AnyOverlap(out, signedMessage) {
+		panic("nacl: invalid buffer overlap")
+	}
+	copy(out, signedMessage[Overhead:])
+	return ret, true
+}
+
+// sliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func sliceForAppend(in []byte, n int) (head, tail []byte) {
+	if total := len(in) + n; cap(in) >= total {
+		head = in[:total]
+	} else {
+		head = make([]byte, total)
+		copy(head, in)
+	}
+	tail = head[len(in):]
+	return
+}
diff --git a/nacl/sign/sign_test.go b/nacl/sign/sign_test.go
new file mode 100644
index 000000000..db269014c
--- /dev/null
+++ b/nacl/sign/sign_test.go
@@ -0,0 +1,74 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package sign
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"testing"
+)
+
+var testSignedMessage, _ = hex.DecodeString("26a0a47f733d02ddb74589b6cbd6f64a7dab1947db79395a1a9e00e4c902c0f185b119897b89b248d16bab4ea781b5a3798d25c2984aec833dddab57e0891e0d68656c6c6f20776f726c64")
+var testMessage = testSignedMessage[Overhead:]
+var testPublicKey [32]byte
+var testPrivateKey = [64]byte{
+	0x98, 0x3c, 0x6a, 0xa6, 0x21, 0xcc, 0xbb, 0xb2, 0xa7, 0xe8, 0x97, 0x94, 0xde, 0x5f, 0xf8, 0x11,
+	0x8a, 0xf3, 0x33, 0x1a, 0x03, 0x5c, 0x43, 0x99, 0x03, 0x13, 0x2d, 0xd7, 0xb4, 0xc4, 0x8b, 0xb0,
+	0xf6, 0x33, 0x20, 0xa3, 0x34, 0x8b, 0x7b, 0xe2, 0xfe, 0xb4, 0xe7, 0x3a, 0x54, 0x08, 0x2d, 0xd7,
+	0x0c, 0xb7, 0xc0, 0xe3, 0xbf, 0x62, 0x6c, 0x55, 0xf0, 0x33, 0x28, 0x52, 0xf8, 0x48, 0x7d, 0xfd,
+}
+
+func init() {
+	copy(testPublicKey[:], testPrivateKey[32:])
+}
+
+func TestSign(t *testing.T) {
+	signedMessage := Sign(nil, testMessage, &testPrivateKey)
+	if !bytes.Equal(signedMessage, testSignedMessage) {
+		t.Fatalf("signed message did not match, got\n%x\n, expected\n%x", signedMessage, testSignedMessage)
+	}
+}
+
+func TestOpen(t *testing.T) {
+	message, ok := Open(nil, testSignedMessage, &testPublicKey)
+	if !ok {
+		t.Fatalf("valid signed message not successfully verified")
+	}
+	if !bytes.Equal(message, testMessage) {
+		t.Fatalf("message did not match, got\n%x\n, expected\n%x", message, testMessage)
+	}
+	_, ok = Open(nil, testSignedMessage[1:], &testPublicKey)
+	if ok {
+		t.Fatalf("invalid signed message successfully verified")
+	}
+
+	badMessage := make([]byte, len(testSignedMessage))
+	copy(badMessage, testSignedMessage)
+	badMessage[5] ^= 1
+	if _, ok := Open(nil, badMessage, &testPublicKey); ok {
+		t.Fatalf("Open succeeded with a corrupt message")
+	}
+
+	var badPublicKey [32]byte
+	copy(badPublicKey[:], testPublicKey[:])
+	badPublicKey[5] ^= 1
+	if _, ok := Open(nil, testSignedMessage, &badPublicKey); ok {
+		t.Fatalf("Open succeeded with a corrupt public key")
+	}
+}
+
+func TestGenerateSignOpen(t *testing.T) {
+	publicKey, privateKey, _ := GenerateKey(rand.Reader)
+	signedMessage := Sign(nil, testMessage, privateKey)
+	message, ok := Open(nil, signedMessage, publicKey)
+	if !ok {
+		t.Fatalf("failed to verify signed message")
+	}
+
+	if !bytes.Equal(message, testMessage) {
+		t.Fatalf("verified message does not match signed messge, got\n%x\n, expected\n%x", message, testMessage)
+	}
+}
diff --git a/ocsp/ocsp.go b/ocsp/ocsp.go
index ae8d63e73..9d3fffa8f 100644
--- a/ocsp/ocsp.go
+++ b/ocsp/ocsp.go
@@ -63,7 +63,7 @@ func (r ResponseStatus) String() string {
 }
 
 // ResponseError is an error that may be returned by ParseResponse to indicate
-// that the response itself is an error, not just that its indicating that a
+// that the response itself is an error, not just that it's indicating that a
 // certificate is revoked, unknown, etc.
 type ResponseError struct {
 	Status ResponseStatus
@@ -295,17 +295,17 @@ const (
 
 // The enumerated reasons for revoking a certificate.  See RFC 5280.
 const (
-	Unspecified          = iota
-	KeyCompromise        = iota
-	CACompromise         = iota
-	AffiliationChanged   = iota
-	Superseded           = iota
-	CessationOfOperation = iota
-	CertificateHold      = iota
-	_                    = iota
-	RemoveFromCRL        = iota
-	PrivilegeWithdrawn   = iota
-	AACompromise         = iota
+	Unspecified          = 0
+	KeyCompromise        = 1
+	CACompromise         = 2
+	AffiliationChanged   = 3
+	Superseded           = 4
+	CessationOfOperation = 5
+	CertificateHold      = 6
+
+	RemoveFromCRL      = 8
+	PrivilegeWithdrawn = 9
+	AACompromise       = 10
 )
 
 // Request represents an OCSP request. See RFC 6960.
@@ -445,10 +445,18 @@ func ParseRequest(bytes []byte) (*Request, error) {
 	}, nil
 }
 
-// ParseResponse parses an OCSP response in DER form. It only supports
-// responses for a single certificate. If the response contains a certificate
-// then the signature over the response is checked. If issuer is not nil then
-// it will be used to validate the signature or embedded certificate.
+// ParseResponse parses an OCSP response in DER form. The response must contain
+// only one certificate status. To parse the status of a specific certificate
+// from a response which may contain multiple statuses, use ParseResponseForCert
+// instead.
+//
+// If the response contains an embedded certificate, then that certificate will
+// be used to verify the response signature. If the response contains an
+// embedded certificate and issuer is not nil, then issuer will be used to verify
+// the signature on the embedded certificate.
+//
+// If the response does not contain an embedded certificate and issuer is not
+// nil, then issuer will be used to verify the response signature.
 //
 // Invalid responses and parse failures will result in a ParseError.
 // Error responses will result in a ResponseError.
@@ -456,14 +464,11 @@ func ParseResponse(bytes []byte, issuer *x509.Certificate) (*Response, error) {
 	return ParseResponseForCert(bytes, nil, issuer)
 }
 
-// ParseResponseForCert parses an OCSP response in DER form and searches for a
-// Response relating to cert. If such a Response is found and the OCSP response
-// contains a certificate then the signature over the response is checked. If
-// issuer is not nil then it will be used to validate the signature or embedded
-// certificate.
-//
-// Invalid responses and parse failures will result in a ParseError.
-// Error responses will result in a ResponseError.
+// ParseResponseForCert acts identically to ParseResponse, except it supports
+// parsing responses that contain multiple statuses. If the response contains
+// multiple statuses and cert is not nil, then ParseResponseForCert will return
+// the first status which contains a matching serial, otherwise it will return an
+// error. If cert is nil, then the first status in the response will be returned.
 func ParseResponseForCert(bytes []byte, cert, issuer *x509.Certificate) (*Response, error) {
 	var resp responseASN1
 	rest, err := asn1.Unmarshal(bytes, &resp)
@@ -487,9 +492,8 @@ func ParseResponseForCert(bytes []byte, cert, issuer *x509.Certificate) (*Respon
 	if err != nil {
 		return nil, err
 	}
-
-	if len(basicResp.Certificates) > 1 {
-		return nil, ParseError("OCSP response contains bad number of certificates")
+	if len(rest) > 0 {
+		return nil, ParseError("trailing data in OCSP response")
 	}
 
 	if n := len(basicResp.TBSResponseData.Responses); n == 0 || cert == nil && n > 1 {
@@ -544,6 +548,13 @@ func ParseResponseForCert(bytes []byte, cert, issuer *x509.Certificate) (*Respon
 	}
 
 	if len(basicResp.Certificates) > 0 {
+		// Responders should only send a single certificate (if they
+		// send any) that connects the responder's certificate to the
+		// original issuer. We accept responses with multiple
+		// certificates due to a number responders sending them[1], but
+		// ignore all but the first.
+		//
+		// [1] https://github.com/golang/go/issues/21527
 		ret.Certificate, err = x509.ParseCertificate(basicResp.Certificates[0].FullBytes)
 		if err != nil {
 			return nil, err
@@ -659,7 +670,7 @@ func CreateRequest(cert, issuer *x509.Certificate, opts *RequestOptions) ([]byte
 //
 // The issuer cert is used to puplate the IssuerNameHash and IssuerKeyHash fields.
 //
-// The template is used to populate the SerialNumber, RevocationStatus, RevokedAt,
+// The template is used to populate the SerialNumber, Status, RevokedAt,
 // RevocationReason, ThisUpdate, and NextUpdate fields.
 //
 // If template.IssuerHash is not set, SHA1 will be used.
@@ -760,7 +771,7 @@ func CreateResponse(issuer, responderCert *x509.Certificate, template Response,
 	}
 	if template.Certificate != nil {
 		response.Certificates = []asn1.RawValue{
-			asn1.RawValue{FullBytes: template.Certificate.Raw},
+			{FullBytes: template.Certificate.Raw},
 		}
 	}
 	responseDER, err := asn1.Marshal(response)
diff --git a/ocsp/ocsp_test.go b/ocsp/ocsp_test.go
index df674b374..a6f7c48d3 100644
--- a/ocsp/ocsp_test.go
+++ b/ocsp/ocsp_test.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build go1.7
 // +build go1.7
 
 package ocsp
@@ -43,11 +44,11 @@ func TestOCSPDecode(t *testing.T) {
 	}
 
 	if !reflect.DeepEqual(resp.ThisUpdate, expected.ThisUpdate) {
-		t.Errorf("resp.ThisUpdate: got %d, want %d", resp.ThisUpdate, expected.ThisUpdate)
+		t.Errorf("resp.ThisUpdate: got %v, want %v", resp.ThisUpdate, expected.ThisUpdate)
 	}
 
 	if !reflect.DeepEqual(resp.NextUpdate, expected.NextUpdate) {
-		t.Errorf("resp.NextUpdate: got %d, want %d", resp.NextUpdate, expected.NextUpdate)
+		t.Errorf("resp.NextUpdate: got %v, want %v", resp.NextUpdate, expected.NextUpdate)
 	}
 
 	if resp.Status != expected.Status {
@@ -218,7 +219,7 @@ func TestOCSPResponse(t *testing.T) {
 
 	extensionBytes, _ := hex.DecodeString(ocspExtensionValueHex)
 	extensions := []pkix.Extension{
-		pkix.Extension{
+		{
 			Id:       ocspExtensionOID,
 			Critical: false,
 			Value:    extensionBytes,
@@ -268,15 +269,15 @@ func TestOCSPResponse(t *testing.T) {
 			}
 
 			if !reflect.DeepEqual(resp.ThisUpdate, template.ThisUpdate) {
-				t.Errorf("resp.ThisUpdate: got %d, want %d", resp.ThisUpdate, template.ThisUpdate)
+				t.Errorf("resp.ThisUpdate: got %v, want %v", resp.ThisUpdate, template.ThisUpdate)
 			}
 
 			if !reflect.DeepEqual(resp.NextUpdate, template.NextUpdate) {
-				t.Errorf("resp.NextUpdate: got %d, want %d", resp.NextUpdate, template.NextUpdate)
+				t.Errorf("resp.NextUpdate: got %v, want %v", resp.NextUpdate, template.NextUpdate)
 			}
 
 			if !reflect.DeepEqual(resp.RevokedAt, template.RevokedAt) {
-				t.Errorf("resp.RevokedAt: got %d, want %d", resp.RevokedAt, template.RevokedAt)
+				t.Errorf("resp.RevokedAt: got %v, want %v", resp.RevokedAt, template.RevokedAt)
 			}
 
 			if !reflect.DeepEqual(resp.Extensions, template.ExtraExtensions) {
diff --git a/openpgp/armor/armor.go b/openpgp/armor/armor.go
index 592d18643..ebc87876e 100644
--- a/openpgp/armor/armor.go
+++ b/openpgp/armor/armor.go
@@ -4,6 +4,12 @@
 
 // Package armor implements OpenPGP ASCII Armor, see RFC 4880. OpenPGP Armor is
 // very similar to PEM except that it has an additional CRC checksum.
+//
+// Deprecated: this package is unmaintained except for security fixes. New
+// applications should consider a more focused, modern alternative to OpenPGP
+// for their specific task. If you are required to interoperate with OpenPGP
+// systems and need a maintained package, consider a community fork.
+// See https://golang.org/issue/44226.
 package armor // import "golang.org/x/crypto/openpgp/armor"
 
 import (
@@ -62,10 +68,11 @@ var armorEndOfLine = []byte("-----")
 // lineReader wraps a line based reader. It watches for the end of an armor
 // block and records the expected CRC value.
 type lineReader struct {
-	in  *bufio.Reader
-	buf []byte
-	eof bool
-	crc uint32
+	in     *bufio.Reader
+	buf    []byte
+	eof    bool
+	crc    uint32
+	crcSet bool
 }
 
 func (l *lineReader) Read(p []byte) (n int, err error) {
@@ -87,6 +94,11 @@ func (l *lineReader) Read(p []byte) (n int, err error) {
 		return 0, ArmorCorrupt
 	}
 
+	if bytes.HasPrefix(line, armorEnd) {
+		l.eof = true
+		return 0, io.EOF
+	}
+
 	if len(line) == 5 && line[0] == '=' {
 		// This is the checksum line
 		var expectedBytes [3]byte
@@ -108,6 +120,7 @@ func (l *lineReader) Read(p []byte) (n int, err error) {
 		}
 
 		l.eof = true
+		l.crcSet = true
 		return 0, io.EOF
 	}
 
@@ -141,10 +154,8 @@ func (r *openpgpReader) Read(p []byte) (n int, err error) {
 	n, err = r.b64Reader.Read(p)
 	r.currentCRC = crc24(r.currentCRC, p[:n])
 
-	if err == io.EOF {
-		if r.lReader.crc != uint32(r.currentCRC&crc24Mask) {
-			return 0, ArmorCorrupt
-		}
+	if err == io.EOF && r.lReader.crcSet && r.lReader.crc != uint32(r.currentCRC&crc24Mask) {
+		return 0, ArmorCorrupt
 	}
 
 	return
diff --git a/openpgp/clearsign/clearsign.go b/openpgp/clearsign/clearsign.go
index def4cabaf..644b2e078 100644
--- a/openpgp/clearsign/clearsign.go
+++ b/openpgp/clearsign/clearsign.go
@@ -7,16 +7,24 @@
 //
 // Clearsigned messages are cryptographically signed, but the contents of the
 // message are kept in plaintext so that it can be read without special tools.
+//
+// Deprecated: this package is unmaintained except for security fixes. New
+// applications should consider a more focused, modern alternative to OpenPGP
+// for their specific task. If you are required to interoperate with OpenPGP
+// systems and need a maintained package, consider a community fork.
+// See https://golang.org/issue/44226.
 package clearsign // import "golang.org/x/crypto/openpgp/clearsign"
 
 import (
 	"bufio"
 	"bytes"
 	"crypto"
+	"fmt"
 	"hash"
 	"io"
 	"net/textproto"
 	"strconv"
+	"strings"
 
 	"golang.org/x/crypto/openpgp/armor"
 	"golang.org/x/crypto/openpgp/errors"
@@ -26,7 +34,7 @@ import (
 // A Block represents a clearsigned message. A signature on a Block can
 // be checked by passing Bytes into openpgp.CheckDetachedSignature.
 type Block struct {
-	Headers          textproto.MIMEHeader // Optional message headers
+	Headers          textproto.MIMEHeader // Optional unverified Hash headers
 	Plaintext        []byte               // The original message text
 	Bytes            []byte               // The signed message
 	ArmoredSignature *armor.Block         // The signature block
@@ -68,8 +76,13 @@ func getLine(data []byte) (line, rest []byte) {
 	return data[0:i], data[j:]
 }
 
-// Decode finds the first clearsigned message in data and returns it, as well
-// as the suffix of data which remains after the message.
+// Decode finds the first clearsigned message in data and returns it, as well as
+// the suffix of data which remains after the message. Any prefix data is
+// discarded.
+//
+// If no message is found, or if the message is invalid, Decode returns nil and
+// the whole data slice. The only allowed header type is Hash, and it is not
+// verified against the signature hash.
 func Decode(data []byte) (b *Block, rest []byte) {
 	// start begins with a newline. However, at the very beginning of
 	// the byte array, we'll accept the start string without it.
@@ -82,8 +95,11 @@ func Decode(data []byte) (b *Block, rest []byte) {
 		return nil, data
 	}
 
-	// Consume the start line.
-	_, rest = getLine(rest)
+	// Consume the start line and check it does not have a suffix.
+	suffix, rest := getLine(rest)
+	if len(suffix) != 0 {
+		return nil, data
+	}
 
 	var line []byte
 	b = &Block{
@@ -102,15 +118,25 @@ func Decode(data []byte) (b *Block, rest []byte) {
 			break
 		}
 
+		// Reject headers with control or Unicode characters.
+		if i := bytes.IndexFunc(line, func(r rune) bool {
+			return r < 0x20 || r > 0x7e
+		}); i != -1 {
+			return nil, data
+		}
+
 		i := bytes.Index(line, []byte{':'})
 		if i == -1 {
 			return nil, data
 		}
 
-		key, val := line[0:i], line[i+1:]
-		key = bytes.TrimSpace(key)
-		val = bytes.TrimSpace(val)
-		b.Headers.Add(string(key), string(val))
+		key, val := string(line[0:i]), string(line[i+1:])
+		key = strings.TrimSpace(key)
+		if key != "Hash" {
+			return nil, data
+		}
+		val = strings.TrimSpace(val)
+		b.Headers.Add(key, val)
 	}
 
 	firstLine := true
@@ -177,8 +203,9 @@ func Decode(data []byte) (b *Block, rest []byte) {
 // message.
 type dashEscaper struct {
 	buffered *bufio.Writer
-	h        hash.Hash
+	hashers  []hash.Hash // one per key in privateKeys
 	hashType crypto.Hash
+	toHash   io.Writer // writes to all the hashes in hashers
 
 	atBeginningOfLine bool
 	isFirstLine       bool
@@ -186,8 +213,8 @@ type dashEscaper struct {
 	whitespace []byte
 	byteBuf    []byte // a one byte buffer to save allocations
 
-	privateKey *packet.PrivateKey
-	config     *packet.Config
+	privateKeys []*packet.PrivateKey
+	config      *packet.Config
 }
 
 func (d *dashEscaper) Write(data []byte) (n int, err error) {
@@ -198,7 +225,7 @@ func (d *dashEscaper) Write(data []byte) (n int, err error) {
 			// The final CRLF isn't included in the hash so we have to wait
 			// until this point (the start of the next line) before writing it.
 			if !d.isFirstLine {
-				d.h.Write(crlf)
+				d.toHash.Write(crlf)
 			}
 			d.isFirstLine = false
 		}
@@ -219,12 +246,12 @@ func (d *dashEscaper) Write(data []byte) (n int, err error) {
 				if _, err = d.buffered.Write(dashEscape); err != nil {
 					return
 				}
-				d.h.Write(d.byteBuf)
+				d.toHash.Write(d.byteBuf)
 				d.atBeginningOfLine = false
 			} else if b == '\n' {
 				// Nothing to do because we delay writing CRLF to the hash.
 			} else {
-				d.h.Write(d.byteBuf)
+				d.toHash.Write(d.byteBuf)
 				d.atBeginningOfLine = false
 			}
 			if err = d.buffered.WriteByte(b); err != nil {
@@ -245,13 +272,13 @@ func (d *dashEscaper) Write(data []byte) (n int, err error) {
 				// Any buffered whitespace wasn't at the end of the line so
 				// we need to write it out.
 				if len(d.whitespace) > 0 {
-					d.h.Write(d.whitespace)
+					d.toHash.Write(d.whitespace)
 					if _, err = d.buffered.Write(d.whitespace); err != nil {
 						return
 					}
 					d.whitespace = d.whitespace[:0]
 				}
-				d.h.Write(d.byteBuf)
+				d.toHash.Write(d.byteBuf)
 				if err = d.buffered.WriteByte(b); err != nil {
 					return
 				}
@@ -269,25 +296,29 @@ func (d *dashEscaper) Close() (err error) {
 			return
 		}
 	}
-	sig := new(packet.Signature)
-	sig.SigType = packet.SigTypeText
-	sig.PubKeyAlgo = d.privateKey.PubKeyAlgo
-	sig.Hash = d.hashType
-	sig.CreationTime = d.config.Now()
-	sig.IssuerKeyId = &d.privateKey.KeyId
-
-	if err = sig.Sign(d.h, d.privateKey, d.config); err != nil {
-		return
-	}
 
 	out, err := armor.Encode(d.buffered, "PGP SIGNATURE", nil)
 	if err != nil {
 		return
 	}
 
-	if err = sig.Serialize(out); err != nil {
-		return
+	t := d.config.Now()
+	for i, k := range d.privateKeys {
+		sig := new(packet.Signature)
+		sig.SigType = packet.SigTypeText
+		sig.PubKeyAlgo = k.PubKeyAlgo
+		sig.Hash = d.hashType
+		sig.CreationTime = t
+		sig.IssuerKeyId = &k.KeyId
+
+		if err = sig.Sign(d.hashers[i], k, d.config); err != nil {
+			return
+		}
+		if err = sig.Serialize(out); err != nil {
+			return
+		}
 	}
+
 	if err = out.Close(); err != nil {
 		return
 	}
@@ -300,8 +331,17 @@ func (d *dashEscaper) Close() (err error) {
 // Encode returns a WriteCloser which will clear-sign a message with privateKey
 // and write it to w. If config is nil, sensible defaults are used.
 func Encode(w io.Writer, privateKey *packet.PrivateKey, config *packet.Config) (plaintext io.WriteCloser, err error) {
-	if privateKey.Encrypted {
-		return nil, errors.InvalidArgumentError("signing key is encrypted")
+	return EncodeMulti(w, []*packet.PrivateKey{privateKey}, config)
+}
+
+// EncodeMulti returns a WriteCloser which will clear-sign a message with all the
+// private keys indicated and write it to w. If config is nil, sensible defaults
+// are used.
+func EncodeMulti(w io.Writer, privateKeys []*packet.PrivateKey, config *packet.Config) (plaintext io.WriteCloser, err error) {
+	for _, k := range privateKeys {
+		if k.Encrypted {
+			return nil, errors.InvalidArgumentError(fmt.Sprintf("signing key %s is encrypted", k.KeyIdString()))
+		}
 	}
 
 	hashType := config.Hash()
@@ -313,7 +353,14 @@ func Encode(w io.Writer, privateKey *packet.PrivateKey, config *packet.Config) (
 	if !hashType.Available() {
 		return nil, errors.UnsupportedError("unsupported hash type: " + strconv.Itoa(int(hashType)))
 	}
-	h := hashType.New()
+	var hashers []hash.Hash
+	var ws []io.Writer
+	for range privateKeys {
+		h := hashType.New()
+		hashers = append(hashers, h)
+		ws = append(ws, h)
+	}
+	toHash := io.MultiWriter(ws...)
 
 	buffered := bufio.NewWriter(w)
 	// start has a \n at the beginning that we don't want here.
@@ -338,16 +385,17 @@ func Encode(w io.Writer, privateKey *packet.PrivateKey, config *packet.Config) (
 
 	plaintext = &dashEscaper{
 		buffered: buffered,
-		h:        h,
+		hashers:  hashers,
 		hashType: hashType,
+		toHash:   toHash,
 
 		atBeginningOfLine: true,
 		isFirstLine:       true,
 
 		byteBuf: make([]byte, 1),
 
-		privateKey: privateKey,
-		config:     config,
+		privateKeys: privateKeys,
+		config:      config,
 	}
 
 	return
diff --git a/openpgp/clearsign/clearsign_test.go b/openpgp/clearsign/clearsign_test.go
index 2c0948078..051b8f16f 100644
--- a/openpgp/clearsign/clearsign_test.go
+++ b/openpgp/clearsign/clearsign_test.go
@@ -6,8 +6,12 @@ package clearsign
 
 import (
 	"bytes"
-	"golang.org/x/crypto/openpgp"
+	"fmt"
+	"io"
 	"testing"
+
+	"golang.org/x/crypto/openpgp"
+	"golang.org/x/crypto/openpgp/packet"
 )
 
 func testParse(t *testing.T, input []byte, expected, expectedPlaintext string) {
@@ -44,12 +48,6 @@ func TestParse(t *testing.T) {
 	testParse(t, clearsignInput2, "\r\n\r\n(This message has a couple of blank lines at the start and end.)\r\n\r\n", "\n\n(This message has a couple of blank lines at the start and end.)\n\n\n")
 }
 
-func TestParseInvalid(t *testing.T) {
-	if b, _ := Decode(clearsignInput3); b != nil {
-		t.Fatal("decoded a bad clearsigned message without any error")
-	}
-}
-
 func TestParseWithNoNewlineAtEnd(t *testing.T) {
 	input := clearsignInput
 	input = input[:len(input)-len("trailing")-1]
@@ -125,6 +123,144 @@ func TestSigning(t *testing.T) {
 	}
 }
 
+// We use this to make test keys, so that they aren't all the same.
+type quickRand byte
+
+func (qr *quickRand) Read(p []byte) (int, error) {
+	for i := range p {
+		p[i] = byte(*qr)
+	}
+	*qr++
+	return len(p), nil
+}
+
+func TestMultiSign(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping long test in -short mode")
+	}
+
+	zero := quickRand(0)
+	config := packet.Config{Rand: &zero}
+
+	for nKeys := 0; nKeys < 4; nKeys++ {
+	nextTest:
+		for nExtra := 0; nExtra < 4; nExtra++ {
+			var signKeys []*packet.PrivateKey
+			var verifyKeys openpgp.EntityList
+
+			desc := fmt.Sprintf("%d keys; %d of which will be used to verify", nKeys+nExtra, nKeys)
+			for i := 0; i < nKeys+nExtra; i++ {
+				e, err := openpgp.NewEntity("name", "comment", "email", &config)
+				if err != nil {
+					t.Errorf("cannot create key: %v", err)
+					continue nextTest
+				}
+				if i < nKeys {
+					verifyKeys = append(verifyKeys, e)
+				}
+				signKeys = append(signKeys, e.PrivateKey)
+			}
+
+			input := []byte("this is random text\r\n4 17")
+			var output bytes.Buffer
+			w, err := EncodeMulti(&output, signKeys, nil)
+			if err != nil {
+				t.Errorf("EncodeMulti (%s) failed: %v", desc, err)
+			}
+			if _, err := w.Write(input); err != nil {
+				t.Errorf("Write(%q) to signer (%s) failed: %v", string(input), desc, err)
+			}
+			if err := w.Close(); err != nil {
+				t.Errorf("Close() of signer (%s) failed: %v", desc, err)
+			}
+
+			block, _ := Decode(output.Bytes())
+			if string(block.Bytes) != string(input) {
+				t.Errorf("Inline data didn't match original; got %q want %q", string(block.Bytes), string(input))
+			}
+			_, err = openpgp.CheckDetachedSignature(verifyKeys, bytes.NewReader(block.Bytes), block.ArmoredSignature.Body)
+			if nKeys == 0 {
+				if err == nil {
+					t.Errorf("verifying inline (%s) succeeded; want failure", desc)
+				}
+			} else {
+				if err != nil {
+					t.Errorf("verifying inline (%s) failed (%v); want success", desc, err)
+				}
+			}
+		}
+	}
+}
+
+func TestDecodeMissingCRC(t *testing.T) {
+	block, rest := Decode(clearsignInput3)
+	if block == nil {
+		t.Fatal("failed to decode PGP signature missing a CRC")
+	}
+	if len(rest) > 0 {
+		t.Fatalf("Decode should not have any remaining data left: %s", rest)
+	}
+	if _, err := packet.Read(block.ArmoredSignature.Body); err != nil {
+		t.Error(err)
+	}
+	if _, err := packet.Read(block.ArmoredSignature.Body); err != io.EOF {
+		t.Error(err)
+	}
+}
+
+const signatureBlock = `
+-----BEGIN PGP SIGNATURE-----
+Version: OpenPrivacy 0.99
+
+yDgBO22WxBHv7O8X7O/jygAEzol56iUKiXmV+XmpCtmpqQUKiQrFqclFqUDBovzS
+vBSFjNSiVHsuAA==
+=njUN
+-----END PGP SIGNATURE-----
+`
+
+var invalidInputs = []string{
+	`
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+(This message was truncated.)
+`,
+	`
+-----BEGIN PGP SIGNED MESSAGE-----garbage
+Hash: SHA256
+
+_o/
+` + signatureBlock,
+	`
+garbage-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+_o/
+` + signatureBlock,
+	`
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA` + "\x0b\x0b" + `256
+
+_o/
+` + signatureBlock,
+	`
+-----BEGIN PGP SIGNED MESSAGE-----
+NotHash: SHA256
+
+_o/
+` + signatureBlock,
+}
+
+func TestParseInvalid(t *testing.T) {
+	for i, input := range invalidInputs {
+		if b, rest := Decode([]byte(input)); b != nil {
+			t.Errorf("#%d: decoded a bad clearsigned message without any error", i)
+		} else if string(rest) != input {
+			t.Errorf("#%d: did not return all data with a bad message", i)
+		}
+	}
+}
+
 var clearsignInput = []byte(`
 ;lasjlkfdsa
 
@@ -167,12 +303,64 @@ qZg6BaTvOxepqOxnhVU=
 
 trailing`)
 
-var clearsignInput3 = []byte(`
------BEGIN PGP SIGNED MESSAGE-----
+var clearsignInput3 = []byte(`-----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
-(This message was truncated.)
-`)
+Origin: vscode stable
+Label: vscode stable
+Suite: stable
+Codename: stable
+Date: Mon, 13 Jan 2020 08:41:45 UTC
+Architectures: amd64
+Components: main
+Description: Generated by aptly
+MD5Sum:
+ 66437152b3082616d8053e52c4bafafb  5821166 Contents-amd64
+ 8024662ed51109946a517754bbafdd33   286298 Contents-amd64.gz
+ 66437152b3082616d8053e52c4bafafb  5821166 main/Contents-amd64
+ 8024662ed51109946a517754bbafdd33   286298 main/Contents-amd64.gz
+ 3062a08b3eca94a65d6d17ba1dafcf3e  1088265 main/binary-amd64/Packages
+ b8ee22200fba8fa3be56c1ff946cdd24   159344 main/binary-amd64/Packages.bz2
+ f89c47c81ebd25caf287c8e6dda16c1a   169456 main/binary-amd64/Packages.gz
+ 4c9ca25b556f111a5536c78df885ad82       95 main/binary-amd64/Release
+SHA1:
+ 2b62d0e322746b7d094878278f49993ca4314bf7  5821166 Contents-amd64
+ aafe35cce12e03d8b1939e403ddf5c0958c6e9bd   286298 Contents-amd64.gz
+ 2b62d0e322746b7d094878278f49993ca4314bf7  5821166 main/Contents-amd64
+ aafe35cce12e03d8b1939e403ddf5c0958c6e9bd   286298 main/Contents-amd64.gz
+ 30316ac5d4ce3b472a96a797eeb0a2a82d43ed3e  1088265 main/binary-amd64/Packages
+ 6507e0b4da8194fd1048fcbb74c6e7433edaf3d6   159344 main/binary-amd64/Packages.bz2
+ ec9d39c39567c74001221e4900fb5d11ec11b833   169456 main/binary-amd64/Packages.gz
+ 58bf20987a91d35936f18efce75ea233d43dbf8b       95 main/binary-amd64/Release
+SHA256:
+ deff9ebfc44bf482e10a6ea10f608c6bb0fdc8373bf86b88cad9d99879ae3c39  5821166 Contents-amd64
+ f163bc65c7666ef58e0be3336e8c846ae2b7b388fbb2d7db0bcdc3fd1abae462   286298 Contents-amd64.gz
+ deff9ebfc44bf482e10a6ea10f608c6bb0fdc8373bf86b88cad9d99879ae3c39  5821166 main/Contents-amd64
+ f163bc65c7666ef58e0be3336e8c846ae2b7b388fbb2d7db0bcdc3fd1abae462   286298 main/Contents-amd64.gz
+ 0fba50799ef72d0c2b354d0bcbbc8c623f6dae5a7fd7c218a54ea44dd8a49d5e  1088265 main/binary-amd64/Packages
+ 69382470a88b67acde80fe45ab223016adebc445713ff0aa3272902581d21f13   159344 main/binary-amd64/Packages.bz2
+ 1724b8ace5bd8882943e9463d8525006f33ca704480da0186fd47937451dc216   169456 main/binary-amd64/Packages.gz
+ 0f509a0cb07e0ab433176fa47a21dccccc6b519f25f640cc58561104c11de6c2       95 main/binary-amd64/Release
+SHA512:
+ f69f09c6180ceb6625a84b5f7123ad27972983146979dcfd9c38b2990459b52b4975716f85374511486bb5ad5852ebb1ef8265176df7134fc15b17ada3ba596c  5821166 Contents-amd64
+ 46031bf89166188989368957d20cdcaac6eec72bab3f9839c9704bb08cbee3174ca6da11e290b0eab0e6b5754c1e7feb06d18ec9c5a0c955029cef53235e0a3a   286298 Contents-amd64.gz
+ f69f09c6180ceb6625a84b5f7123ad27972983146979dcfd9c38b2990459b52b4975716f85374511486bb5ad5852ebb1ef8265176df7134fc15b17ada3ba596c  5821166 main/Contents-amd64
+ 46031bf89166188989368957d20cdcaac6eec72bab3f9839c9704bb08cbee3174ca6da11e290b0eab0e6b5754c1e7feb06d18ec9c5a0c955029cef53235e0a3a   286298 main/Contents-amd64.gz
+ 3f78baf5adbaf0100996555b154807c794622fd0b5879b568ae0b6560e988fbfabed8d97db5a703d1a58514b9690fc6b60f9ad2eeece473d86ab257becd0ae41  1088265 main/binary-amd64/Packages
+ 18f26df90beff29192662ca40525367c3c04f4581d59d2e9ab1cd0700a145b6a292a1609ca33ebe1c211f13718a8eee751f41fd8189cf93d52aa3e0851542dfc   159344 main/binary-amd64/Packages.bz2
+ 6a6d917229e0cf06c493e174a87d76e815717676f2c70bcbd3bc689a80bd3c5489ea97db83b8f74cba8e70f374f9d9974f22b1ed2687a4ba1dacd22fdef7e14d   169456 main/binary-amd64/Packages.gz
+ e1a4378ad266c13c2edf8a0e590fa4d11973ab99ce79f15af005cb838f1600f66f3dc6da8976fa8b474da9073c118039c27623ab3360c6df115071497fe4f50c       95 main/binary-amd64/Release
+
+-----BEGIN PGP SIGNATURE-----
+Version: BSN Pgp v1.0.0.0
+
+iQEcBAEBCAAGBQJeHC1bAAoJEOs+lK2+EinPAg8H/1rrhcgfm1HYL+Vmr9Ns6ton
+LWQ8r13ADN66UTRa3XsO9V+q1fYowTqpXq6EZt2Gmlby/cpDf7mFPM5IteOXWLl7
+QcWxPKHcdPIUi+h5F7BkFW65imP9GyX+V5Pxx5X544op7hYKaI0gAQ1oYtWDb3HE
+4D27fju6icbj8w6E8TePcrDn82UvWAcaI5WSLboyhXCt2DxS3PNGFlyaP58zKJ8F
+9cbBzksuMgMaTPAAMrU0zrFGfGeQz0Yo6nV/gRGiQaL9pSeIJWSKLNCMG/nIGmv2
+xHVNFqTEetREY6UcQmuhwOn4HezyigH6XCBVp/Uez1izXiNdwBOet34SSvnkuJ4=
+-----END PGP SIGNATURE-----`)
 
 var signingKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
 Version: GnuPG v1.4.10 (GNU/Linux)
diff --git a/openpgp/elgamal/elgamal.go b/openpgp/elgamal/elgamal.go
index 73f4fe378..84396a089 100644
--- a/openpgp/elgamal/elgamal.go
+++ b/openpgp/elgamal/elgamal.go
@@ -10,6 +10,12 @@
 // This form of ElGamal embeds PKCS#1 v1.5 padding, which may make it
 // unsuitable for other protocols. RSA should be used in preference in any
 // case.
+//
+// Deprecated: this package was only provided to support ElGamal encryption in
+// OpenPGP. The golang.org/x/crypto/openpgp package is now deprecated (see
+// https://golang.org/issue/44226), and ElGamal in the OpenPGP ecosystem has
+// compatibility and security issues (see https://eprint.iacr.org/2021/923).
+// Moreover, this package doesn't protect against side-channel attacks.
 package elgamal // import "golang.org/x/crypto/openpgp/elgamal"
 
 import (
@@ -76,7 +82,9 @@ func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err
 // Bleichenbacher, Advances in Cryptology (Crypto '98),
 func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) {
 	s := new(big.Int).Exp(c1, priv.X, priv.P)
-	s.ModInverse(s, priv.P)
+	if s.ModInverse(s, priv.P) == nil {
+		return nil, errors.New("elgamal: invalid private key")
+	}
 	s.Mul(s, c2)
 	s.Mod(s, priv.P)
 	em := s.Bytes()
diff --git a/openpgp/elgamal/elgamal_test.go b/openpgp/elgamal/elgamal_test.go
index c4f99f5c4..9f0a8547c 100644
--- a/openpgp/elgamal/elgamal_test.go
+++ b/openpgp/elgamal/elgamal_test.go
@@ -47,3 +47,18 @@ func TestEncryptDecrypt(t *testing.T) {
 		t.Errorf("decryption failed, got: %x, want: %x", message2, message)
 	}
 }
+
+func TestDecryptBadKey(t *testing.T) {
+	priv := &PrivateKey{
+		PublicKey: PublicKey{
+			G: fromHex(generatorHex),
+			P: fromHex("2"),
+		},
+		X: fromHex("42"),
+	}
+	priv.Y = new(big.Int).Exp(priv.G, priv.X, priv.P)
+	c1, c2 := fromHex("8"), fromHex("8")
+	if _, err := Decrypt(priv, c1, c2); err == nil {
+		t.Errorf("unexpected success decrypting")
+	}
+}
diff --git a/openpgp/errors/errors.go b/openpgp/errors/errors.go
index eb0550b2d..1d7a0ea05 100644
--- a/openpgp/errors/errors.go
+++ b/openpgp/errors/errors.go
@@ -3,6 +3,12 @@
 // license that can be found in the LICENSE file.
 
 // Package errors contains common error types for the OpenPGP packages.
+//
+// Deprecated: this package is unmaintained except for security fixes. New
+// applications should consider a more focused, modern alternative to OpenPGP
+// for their specific task. If you are required to interoperate with OpenPGP
+// systems and need a maintained package, consider a community fork.
+// See https://golang.org/issue/44226.
 package errors // import "golang.org/x/crypto/openpgp/errors"
 
 import (
diff --git a/openpgp/keys.go b/openpgp/keys.go
index 68b14c6ae..faa2fb369 100644
--- a/openpgp/keys.go
+++ b/openpgp/keys.go
@@ -325,16 +325,14 @@ func ReadEntity(packets *packet.Reader) (*Entity, error) {
 		if e.PrivateKey, ok = p.(*packet.PrivateKey); !ok {
 			packets.Unread(p)
 			return nil, errors.StructuralError("first packet was not a public/private key")
-		} else {
-			e.PrimaryKey = &e.PrivateKey.PublicKey
 		}
+		e.PrimaryKey = &e.PrivateKey.PublicKey
 	}
 
 	if !e.PrimaryKey.PubKeyAlgo.CanSign() {
 		return nil, errors.StructuralError("primary key cannot be used for signatures")
 	}
 
-	var current *Identity
 	var revocations []*packet.Signature
 EachPacket:
 	for {
@@ -347,32 +345,8 @@ EachPacket:
 
 		switch pkt := p.(type) {
 		case *packet.UserId:
-			current = new(Identity)
-			current.Name = pkt.Id
-			current.UserId = pkt
-			e.Identities[pkt.Id] = current
-
-			for {
-				p, err = packets.Next()
-				if err == io.EOF {
-					return nil, io.ErrUnexpectedEOF
-				} else if err != nil {
-					return nil, err
-				}
-
-				sig, ok := p.(*packet.Signature)
-				if !ok {
-					return nil, errors.StructuralError("user ID packet not followed by self-signature")
-				}
-
-				if (sig.SigType == packet.SigTypePositiveCert || sig.SigType == packet.SigTypeGenericCert) && sig.IssuerKeyId != nil && *sig.IssuerKeyId == e.PrimaryKey.KeyId {
-					if err = e.PrimaryKey.VerifyUserIdSignature(pkt.Id, e.PrimaryKey, sig); err != nil {
-						return nil, errors.StructuralError("user ID self-signature invalid: " + err.Error())
-					}
-					current.SelfSignature = sig
-					break
-				}
-				current.Signatures = append(current.Signatures, sig)
+			if err := addUserID(e, packets, pkt); err != nil {
+				return nil, err
 			}
 		case *packet.Signature:
 			if pkt.SigType == packet.SigTypeKeyRevocation {
@@ -381,11 +355,9 @@ EachPacket:
 				// TODO: RFC4880 5.2.1 permits signatures
 				// directly on keys (eg. to bind additional
 				// revocation keys).
-			} else if current == nil {
-				return nil, errors.StructuralError("signature packet found before user id packet")
-			} else {
-				current.Signatures = append(current.Signatures, pkt)
 			}
+			// Else, ignoring the signature as it does not follow anything
+			// we would know to attach it to.
 		case *packet.PrivateKey:
 			if pkt.IsSubkey == false {
 				packets.Unread(p)
@@ -426,33 +398,105 @@ EachPacket:
 	return e, nil
 }
 
+func addUserID(e *Entity, packets *packet.Reader, pkt *packet.UserId) error {
+	// Make a new Identity object, that we might wind up throwing away.
+	// We'll only add it if we get a valid self-signature over this
+	// userID.
+	identity := new(Identity)
+	identity.Name = pkt.Id
+	identity.UserId = pkt
+
+	for {
+		p, err := packets.Next()
+		if err == io.EOF {
+			break
+		} else if err != nil {
+			return err
+		}
+
+		sig, ok := p.(*packet.Signature)
+		if !ok {
+			packets.Unread(p)
+			break
+		}
+
+		if (sig.SigType == packet.SigTypePositiveCert || sig.SigType == packet.SigTypeGenericCert) && sig.IssuerKeyId != nil && *sig.IssuerKeyId == e.PrimaryKey.KeyId {
+			if err = e.PrimaryKey.VerifyUserIdSignature(pkt.Id, e.PrimaryKey, sig); err != nil {
+				return errors.StructuralError("user ID self-signature invalid: " + err.Error())
+			}
+			identity.SelfSignature = sig
+			e.Identities[pkt.Id] = identity
+		} else {
+			identity.Signatures = append(identity.Signatures, sig)
+		}
+	}
+
+	return nil
+}
+
 func addSubkey(e *Entity, packets *packet.Reader, pub *packet.PublicKey, priv *packet.PrivateKey) error {
 	var subKey Subkey
 	subKey.PublicKey = pub
 	subKey.PrivateKey = priv
-	p, err := packets.Next()
-	if err == io.EOF {
-		return io.ErrUnexpectedEOF
-	}
-	if err != nil {
-		return errors.StructuralError("subkey signature invalid: " + err.Error())
+
+	for {
+		p, err := packets.Next()
+		if err == io.EOF {
+			break
+		} else if err != nil {
+			return errors.StructuralError("subkey signature invalid: " + err.Error())
+		}
+
+		sig, ok := p.(*packet.Signature)
+		if !ok {
+			packets.Unread(p)
+			break
+		}
+
+		if sig.SigType != packet.SigTypeSubkeyBinding && sig.SigType != packet.SigTypeSubkeyRevocation {
+			return errors.StructuralError("subkey signature with wrong type")
+		}
+
+		if err := e.PrimaryKey.VerifyKeySignature(subKey.PublicKey, sig); err != nil {
+			return errors.StructuralError("subkey signature invalid: " + err.Error())
+		}
+
+		switch sig.SigType {
+		case packet.SigTypeSubkeyRevocation:
+			subKey.Sig = sig
+		case packet.SigTypeSubkeyBinding:
+
+			if shouldReplaceSubkeySig(subKey.Sig, sig) {
+				subKey.Sig = sig
+			}
+		}
 	}
-	var ok bool
-	subKey.Sig, ok = p.(*packet.Signature)
-	if !ok {
+
+	if subKey.Sig == nil {
 		return errors.StructuralError("subkey packet not followed by signature")
 	}
-	if subKey.Sig.SigType != packet.SigTypeSubkeyBinding && subKey.Sig.SigType != packet.SigTypeSubkeyRevocation {
-		return errors.StructuralError("subkey signature with wrong type")
-	}
-	err = e.PrimaryKey.VerifyKeySignature(subKey.PublicKey, subKey.Sig)
-	if err != nil {
-		return errors.StructuralError("subkey signature invalid: " + err.Error())
-	}
+
 	e.Subkeys = append(e.Subkeys, subKey)
+
 	return nil
 }
 
+func shouldReplaceSubkeySig(existingSig, potentialNewSig *packet.Signature) bool {
+	if potentialNewSig == nil {
+		return false
+	}
+
+	if existingSig == nil {
+		return true
+	}
+
+	if existingSig.SigType == packet.SigTypeSubkeyRevocation {
+		return false // never override a revocation signature
+	}
+
+	return potentialNewSig.CreationTime.After(existingSig.CreationTime)
+}
+
 const defaultRSAKeyBits = 2048
 
 // NewEntity returns an Entity that contains a fresh RSA/RSA keypair with a
@@ -460,7 +504,7 @@ const defaultRSAKeyBits = 2048
 // which may be empty but must not contain any of "()<>\x00".
 // If config is nil, sensible defaults will be used.
 func NewEntity(name, comment, email string, config *packet.Config) (*Entity, error) {
-	currentTime := config.Now()
+	creationTime := config.Now()
 
 	bits := defaultRSAKeyBits
 	if config != nil && config.RSABits != 0 {
@@ -481,16 +525,16 @@ func NewEntity(name, comment, email string, config *packet.Config) (*Entity, err
 	}
 
 	e := &Entity{
-		PrimaryKey: packet.NewRSAPublicKey(currentTime, &signingPriv.PublicKey),
-		PrivateKey: packet.NewRSAPrivateKey(currentTime, signingPriv),
+		PrimaryKey: packet.NewRSAPublicKey(creationTime, &signingPriv.PublicKey),
+		PrivateKey: packet.NewRSAPrivateKey(creationTime, signingPriv),
 		Identities: make(map[string]*Identity),
 	}
 	isPrimaryId := true
 	e.Identities[uid.Id] = &Identity{
-		Name:   uid.Name,
+		Name:   uid.Id,
 		UserId: uid,
 		SelfSignature: &packet.Signature{
-			CreationTime: currentTime,
+			CreationTime: creationTime,
 			SigType:      packet.SigTypePositiveCert,
 			PubKeyAlgo:   packet.PubKeyAlgoRSA,
 			Hash:         config.Hash(),
@@ -501,6 +545,10 @@ func NewEntity(name, comment, email string, config *packet.Config) (*Entity, err
 			IssuerKeyId:  &e.PrimaryKey.KeyId,
 		},
 	}
+	err = e.Identities[uid.Id].SelfSignature.SignUserId(uid.Id, e.PrimaryKey, e.PrivateKey, config)
+	if err != nil {
+		return nil, err
+	}
 
 	// If the user passes in a DefaultHash via packet.Config,
 	// set the PreferredHash for the SelfSignature.
@@ -508,12 +556,17 @@ func NewEntity(name, comment, email string, config *packet.Config) (*Entity, err
 		e.Identities[uid.Id].SelfSignature.PreferredHash = []uint8{hashToHashId(config.DefaultHash)}
 	}
 
+	// Likewise for DefaultCipher.
+	if config != nil && config.DefaultCipher != 0 {
+		e.Identities[uid.Id].SelfSignature.PreferredSymmetric = []uint8{uint8(config.DefaultCipher)}
+	}
+
 	e.Subkeys = make([]Subkey, 1)
 	e.Subkeys[0] = Subkey{
-		PublicKey:  packet.NewRSAPublicKey(currentTime, &encryptingPriv.PublicKey),
-		PrivateKey: packet.NewRSAPrivateKey(currentTime, encryptingPriv),
+		PublicKey:  packet.NewRSAPublicKey(creationTime, &encryptingPriv.PublicKey),
+		PrivateKey: packet.NewRSAPrivateKey(creationTime, encryptingPriv),
 		Sig: &packet.Signature{
-			CreationTime:              currentTime,
+			CreationTime:              creationTime,
 			SigType:                   packet.SigTypeSubkeyBinding,
 			PubKeyAlgo:                packet.PubKeyAlgoRSA,
 			Hash:                      config.Hash(),
@@ -525,13 +578,16 @@ func NewEntity(name, comment, email string, config *packet.Config) (*Entity, err
 	}
 	e.Subkeys[0].PublicKey.IsSubkey = true
 	e.Subkeys[0].PrivateKey.IsSubkey = true
-
+	err = e.Subkeys[0].Sig.SignKey(e.Subkeys[0].PublicKey, e.PrivateKey, config)
+	if err != nil {
+		return nil, err
+	}
 	return e, nil
 }
 
-// SerializePrivate serializes an Entity, including private key material, to
-// the given Writer. For now, it must only be used on an Entity returned from
-// NewEntity.
+// SerializePrivate serializes an Entity, including private key material, but
+// excluding signatures from other entities, to the given Writer.
+// Identities and subkeys are re-signed in case they changed since NewEntry.
 // If config is nil, sensible defaults will be used.
 func (e *Entity) SerializePrivate(w io.Writer, config *packet.Config) (err error) {
 	err = e.PrivateKey.Serialize(w)
@@ -569,8 +625,8 @@ func (e *Entity) SerializePrivate(w io.Writer, config *packet.Config) (err error
 	return nil
 }
 
-// Serialize writes the public part of the given Entity to w. (No private
-// key material will be output).
+// Serialize writes the public part of the given Entity to w, including
+// signatures from other entities. No private key material will be output.
 func (e *Entity) Serialize(w io.Writer) error {
 	err := e.PrimaryKey.Serialize(w)
 	if err != nil {
diff --git a/openpgp/keys_data_test.go b/openpgp/keys_data_test.go
new file mode 100644
index 000000000..7779bd977
--- /dev/null
+++ b/openpgp/keys_data_test.go
@@ -0,0 +1,200 @@
+package openpgp
+
+const expiringKeyHex = "988d0451d1ec5d010400ba3385721f2dc3f4ab096b2ee867ab77213f0a27a8538441c35d2fa225b08798a1439a66a5150e6bdc3f40f5d28d588c712394c632b6299f77db8c0d48d37903fb72ebd794d61be6aa774688839e5fdecfe06b2684cc115d240c98c66cb1ef22ae84e3aa0c2b0c28665c1e7d4d044e7f270706193f5223c8d44e0d70b7b8da830011010001b40f4578706972792074657374206b657988be041301020028050251d1ec5d021b03050900278d00060b090807030206150802090a0b0416020301021e01021780000a091072589ad75e237d8c033503fd10506d72837834eb7f994117740723adc39227104b0d326a1161871c0b415d25b4aedef946ca77ea4c05af9c22b32cf98be86ab890111fced1ee3f75e87b7cc3c00dc63bbc85dfab91c0dc2ad9de2c4d13a34659333a85c6acc1a669c5e1d6cecb0cf1e56c10e72d855ae177ddc9e766f9b2dda57ccbb75f57156438bbdb4e42b88d0451d1ec5d0104009c64906559866c5cb61578f5846a94fcee142a489c9b41e67b12bb54cfe86eb9bc8566460f9a720cb00d6526fbccfd4f552071a8e3f7744b1882d01036d811ee5a3fb91a1c568055758f43ba5d2c6a9676b012f3a1a89e47bbf624f1ad571b208f3cc6224eb378f1645dd3d47584463f9eadeacfd1ce6f813064fbfdcc4b5a53001101000188a504180102000f021b0c050251d1f06b050900093e89000a091072589ad75e237d8c20e00400ab8310a41461425b37889c4da28129b5fae6084fafbc0a47dd1adc74a264c6e9c9cc125f40462ee1433072a58384daef88c961c390ed06426a81b464a53194c4e291ddd7e2e2ba3efced01537d713bd111f48437bde2363446200995e8e0d4e528dda377fd1e8f8ede9c8e2198b393bd86852ce7457a7e3daf74d510461a5b77b88d0451d1ece8010400b3a519f83ab0010307e83bca895170acce8964a044190a2b368892f7a244758d9fc193482648acb1fb9780d28cc22d171931f38bb40279389fc9bf2110876d4f3db4fcfb13f22f7083877fe56592b3b65251312c36f83ffcb6d313c6a17f197dd471f0712aad15a8537b435a92471ba2e5b0c72a6c72536c3b567c558d7b6051001101000188a504180102000f021b0c050251d1f07b050900279091000a091072589ad75e237d8ce69e03fe286026afacf7c97ee20673864d4459a2240b5655219950643c7dba0ac384b1d4359c67805b21d98211f7b09c2a0ccf6410c8c04d4ff4a51293725d8d6570d9d8bb0e10c07d22357caeb49626df99c180be02d77d1fe8ed25e7a54481237646083a9f89a11566cd20b9e995b1487c5f9e02aeb434f3a1897cd416dd0a87861838da3e9e"
+const subkeyUsageHex = "988d04533a52bc010400d26af43085558f65b9e7dbc90cb9238015259aed5e954637adcfa2181548b2d0b60c65f1f42ec5081cbf1bc0a8aa4900acfb77070837c58f26012fbce297d70afe96e759ad63531f0037538e70dbf8e384569b9720d99d8eb39d8d0a2947233ed242436cb6ac7dfe74123354b3d0119b5c235d3dd9c9d6c004f8ffaf67ad8583001101000188b7041f010200210502533b8552170c8001ce094aa433f7040bb2ddf0be3893cb843d0fe70c020700000a0910a42704b92866382aa98404009d63d916a27543da4221c60087c33f1c44bec9998c5438018ed370cca4962876c748e94b73eb39c58eb698063f3fd6346d58dd2a11c0247934c4a9d71f24754f7468f96fb24c3e791dd2392b62f626148ad724189498cbf993db2df7c0cdc2d677c35da0f16cb16c9ce7c33b4de65a4a91b1d21a130ae9cc26067718910ef8e2b417556d627261203c756d627261407379642e65642e61753e88b80413010200220502533a52bc021b03060b090807030206150802090a0b0416020301021e01021780000a0910a42704b92866382a47840400c0c2bd04f5fca586de408b395b3c280a278259c93eaaa8b79a53b97003f8ed502a8a00446dd9947fb462677e4fcac0dac2f0701847d15130aadb6cd9e0705ea0cf5f92f129136c7be21a718d46c8e641eb7f044f2adae573e11ae423a0a9ca51324f03a8a2f34b91fa40c3cc764bee4dccadedb54c768ba0469b683ea53f1c29b88d04533a52bc01040099c92a5d6f8b744224da27bc2369127c35269b58bec179de6bbc038f749344222f85a31933224f26b70243c4e4b2d242f0c4777eaef7b5502f9dad6d8bf3aaeb471210674b74de2d7078af497d55f5cdad97c7bedfbc1b41e8065a97c9c3d344b21fc81d27723af8e374bc595da26ea242dccb6ae497be26eea57e563ed517e90011010001889f0418010200090502533a52bc021b0c000a0910a42704b92866382afa1403ff70284c2de8a043ff51d8d29772602fa98009b7861c540535f874f2c230af8caf5638151a636b21f8255003997ccd29747fdd06777bb24f9593bd7d98a3e887689bf902f999915fcc94625ae487e5d13e6616f89090ebc4fdc7eb5cad8943e4056995bb61c6af37f8043016876a958ec7ebf39c43d20d53b7f546cfa83e8d2604b88d04533b8283010400c0b529316dbdf58b4c54461e7e669dc11c09eb7f73819f178ccd4177b9182b91d138605fcf1e463262fabefa73f94a52b5e15d1904635541c7ea540f07050ce0fb51b73e6f88644cec86e91107c957a114f69554548a85295d2b70bd0b203992f76eb5d493d86d9eabcaa7ef3fc7db7e458438db3fcdb0ca1cc97c638439a9170011010001889f0418010200090502533b8283021b0c000a0910a42704b92866382adc6d0400cfff6258485a21675adb7a811c3e19ebca18851533f75a7ba317950b9997fda8d1a4c8c76505c08c04b6c2cc31dc704d33da36a21273f2b388a1a706f7c3378b66d887197a525936ed9a69acb57fe7f718133da85ec742001c5d1864e9c6c8ea1b94f1c3759cebfd93b18606066c063a63be86085b7e37bdbc65f9a915bf084bb901a204533b85cd110400aed3d2c52af2b38b5b67904b0ef73d6dd7aef86adb770e2b153cd22489654dcc91730892087bb9856ae2d9f7ed1eb48f214243fe86bfe87b349ebd7c30e630e49c07b21fdabf78b7a95c8b7f969e97e3d33f2e074c63552ba64a2ded7badc05ce0ea2be6d53485f6900c7860c7aa76560376ce963d7271b9b54638a4028b573f00a0d8854bfcdb04986141568046202192263b9b67350400aaa1049dbc7943141ef590a70dcb028d730371d92ea4863de715f7f0f16d168bd3dc266c2450457d46dcbbf0b071547e5fbee7700a820c3750b236335d8d5848adb3c0da010e998908dfd93d961480084f3aea20b247034f8988eccb5546efaa35a92d0451df3aaf1aee5aa36a4c4d462c760ecd9cebcabfbe1412b1f21450f203fd126687cd486496e971a87fd9e1a8a765fe654baa219a6871ab97768596ab05c26c1aeea8f1a2c72395a58dbc12ef9640d2b95784e974a4d2d5a9b17c25fedacfe551bda52602de8f6d2e48443f5dd1a2a2a8e6a5e70ecdb88cd6e766ad9745c7ee91d78cc55c3d06536b49c3fee6c3d0b6ff0fb2bf13a314f57c953b8f4d93bf88e70418010200090502533b85cd021b0200520910a42704b92866382a47200419110200060502533b85cd000a091042ce2c64bc0ba99214b2009e26b26852c8b13b10c35768e40e78fbbb48bd084100a0c79d9ea0844fa5853dd3c85ff3ecae6f2c9dd6c557aa04008bbbc964cd65b9b8299d4ebf31f41cc7264b8cf33a00e82c5af022331fac79efc9563a822497ba012953cefe2629f1242fcdcb911dbb2315985bab060bfd58261ace3c654bdbbe2e8ed27a46e836490145c86dc7bae15c011f7e1ffc33730109b9338cd9f483e7cef3d2f396aab5bd80efb6646d7e778270ee99d934d187dd98"
+const revokedKeyHex = "988d045331ce82010400c4fdf7b40a5477f206e6ee278eaef888ca73bf9128a9eef9f2f1ddb8b7b71a4c07cfa241f028a04edb405e4d916c61d6beabc333813dc7b484d2b3c52ee233c6a79b1eea4e9cc51596ba9cd5ac5aeb9df62d86ea051055b79d03f8a4fa9f38386f5bd17529138f3325d46801514ea9047977e0829ed728e68636802796801be10011010001889f04200102000905025331d0e3021d03000a0910a401d9f09a34f7c042aa040086631196405b7e6af71026b88e98012eab44aa9849f6ef3fa930c7c9f23deaedba9db1538830f8652fb7648ec3fcade8dbcbf9eaf428e83c6cbcc272201bfe2fbb90d41963397a7c0637a1a9d9448ce695d9790db2dc95433ad7be19eb3de72dacf1d6db82c3644c13eae2a3d072b99bb341debba012c5ce4006a7d34a1f4b94b444526567205265766f6b657220283c52656727732022424d204261726973746122204b657920262530305c303e5c29203c72656740626d626172697374612e636f2e61753e88b704130102002205025331ce82021b03060b090807030206150802090a0b0416020301021e01021780000a0910a401d9f09a34f7c0019c03f75edfbeb6a73e7225ad3cc52724e2872e04260d7daf0d693c170d8c4b243b8767bc7785763533febc62ec2600c30603c433c095453ede59ff2fcabeb84ce32e0ed9d5cf15ffcbc816202b64370d4d77c1e9077d74e94a16fb4fa2e5bec23a56d7a73cf275f91691ae1801a976fcde09e981a2f6327ac27ea1fecf3185df0d56889c04100102000605025331cfb5000a0910fe9645554e8266b64b4303fc084075396674fb6f778d302ac07cef6bc0b5d07b66b2004c44aef711cbac79617ef06d836b4957522d8772dd94bf41a2f4ac8b1ee6d70c57503f837445a74765a076d07b829b8111fc2a918423ddb817ead7ca2a613ef0bfb9c6b3562aec6c3cf3c75ef3031d81d95f6563e4cdcc9960bcb386c5d757b104fcca5fe11fc709df884604101102000605025331cfe7000a09107b15a67f0b3ddc0317f6009e360beea58f29c1d963a22b962b80788c3fa6c84e009d148cfde6b351469b8eae91187eff07ad9d08fcaab88d045331ce820104009f25e20a42b904f3fa555530fe5c46737cf7bd076c35a2a0d22b11f7e0b61a69320b768f4a80fe13980ce380d1cfc4a0cd8fbe2d2e2ef85416668b77208baa65bf973fe8e500e78cc310d7c8705cdb34328bf80e24f0385fce5845c33bc7943cf6b11b02348a23da0bf6428e57c05135f2dc6bd7c1ce325d666d5a5fd2fd5e410011010001889f04180102000905025331ce82021b0c000a0910a401d9f09a34f7c0418003fe34feafcbeaef348a800a0d908a7a6809cc7304017d820f70f0474d5e23cb17e38b67dc6dca282c6ca00961f4ec9edf2738d0f087b1d81e4871ef08e1798010863afb4eac4c44a376cb343be929c5be66a78cfd4456ae9ec6a99d97f4e1c3ff3583351db2147a65c0acef5c003fb544ab3a2e2dc4d43646f58b811a6c3a369d1f"
+const revokedSubkeyHex = "988d04533121f6010400aefc803a3e4bb1a61c86e8a86d2726c6a43e0079e9f2713f1fa017e9854c83877f4aced8e331d675c67ea83ddab80aacbfa0b9040bb12d96f5a3d6be09455e2a76546cbd21677537db941cab710216b6d24ec277ee0bd65b910f416737ed120f6b93a9d3b306245c8cfd8394606fdb462e5cf43c551438d2864506c63367fc890011010001b41d416c696365203c616c69636540626d626172697374612e636f2e61753e88bb041301020025021b03060b090807030206150802090a0b0416020301021e01021780050253312798021901000a09104ef7e4beccde97f015a803ff5448437780f63263b0df8442a995e7f76c221351a51edd06f2063d8166cf3157aada4923dfc44aa0f2a6a4da5cf83b7fe722ba8ab416c976e77c6b5682e7f1069026673bd0de56ba06fd5d7a9f177607f277d9b55ff940a638c3e68525c67517e2b3d976899b93ca267f705b3e5efad7d61220e96b618a4497eab8d04403d23f8846041011020006050253312910000a09107b15a67f0b3ddc03d96e009f50b6365d86c4be5d5e9d0ea42d5e56f5794c617700a0ab274e19c2827780016d23417ce89e0a2c0d987d889c04100102000605025331cf7a000a0910a401d9f09a34f7c0ee970400aca292f213041c9f3b3fc49148cbda9d84afee6183c8dd6c5ff2600b29482db5fecd4303797be1ee6d544a20a858080fec43412061c9a71fae4039fd58013b4ae341273e6c66ad4c7cdd9e68245bedb260562e7b166f2461a1032f2b38c0e0e5715fb3d1656979e052b55ca827a76f872b78a9fdae64bc298170bfcebedc1271b41a416c696365203c616c696365407379646973702e6f722e61753e88b804130102002205025331278b021b03060b090807030206150802090a0b0416020301021e01021780000a09104ef7e4beccde97f06a7003fa03c3af68d272ebc1fa08aa72a03b02189c26496a2833d90450801c4e42c5b5f51ad96ce2d2c9cef4b7c02a6a2fcf1412d6a2d486098eb762f5010a201819c17fd2888aec8eda20c65a3b75744de7ee5cc8ac7bfc470cbe3cb982720405a27a3c6a8c229cfe36905f881b02ed5680f6a8f05866efb9d6c5844897e631deb949ca8846041011020006050253312910000a09107b15a67f0b3ddc0347bc009f7fa35db59147469eb6f2c5aaf6428accb138b22800a0caa2f5f0874bacc5909c652a57a31beda65eddd5889c04100102000605025331cf7a000a0910a401d9f09a34f7c0316403ff46f2a5c101256627f16384d34a38fb47a6c88ba60506843e532d91614339fccae5f884a5741e7582ffaf292ba38ee10a270a05f139bde3814b6a077e8cd2db0f105ebea2a83af70d385f13b507fac2ad93ff79d84950328bb86f3074745a8b7f9b64990fb142e2a12976e27e8d09a28dc5621f957ac49091116da410ac3cbde1b88d04533121f6010400cbd785b56905e4192e2fb62a720727d43c4fa487821203cf72138b884b78b701093243e1d8c92a0248a6c0203a5a88693da34af357499abacaf4b3309c640797d03093870a323b4b6f37865f6eaa2838148a67df4735d43a90ca87942554cdf1c4a751b1e75f9fd4ce4e97e278d6c1c7ed59d33441df7d084f3f02beb68896c70011010001889f0418010200090502533121f6021b0c000a09104ef7e4beccde97f0b98b03fc0a5ccf6a372995835a2f5da33b282a7d612c0ab2a97f59cf9fff73e9110981aac2858c41399afa29624a7fd8a0add11654e3d882c0fd199e161bdad65e5e2548f7b68a437ea64293db1246e3011cbb94dc1bcdeaf0f2539bd88ff16d95547144d97cead6a8c5927660a91e6db0d16eb36b7b49a3525b54d1644e65599b032b7eb901a204533127a0110400bd3edaa09eff9809c4edc2c2a0ebe52e53c50a19c1e49ab78e6167bf61473bb08f2050d78a5cbbc6ed66aff7b42cd503f16b4a0b99fa1609681fca9b7ce2bbb1a5b3864d6cdda4d7ef7849d156d534dea30fb0efb9e4cf8959a2b2ce623905882d5430b995a15c3b9fe92906086788b891002924f94abe139b42cbbfaaabe42f00a0b65dc1a1ad27d798adbcb5b5ad02d2688c89477b03ff4eebb6f7b15a73b96a96bed201c0e5e4ea27e4c6e2dd1005b94d4b90137a5b1cf5e01c6226c070c4cc999938101578877ee76d296b9aab8246d57049caacf489e80a3f40589cade790a020b1ac146d6f7a6241184b8c7fcde680eae3188f5dcbe846d7f7bdad34f6fcfca08413e19c1d5df83fc7c7c627d493492e009c2f52a80400a2fe82de87136fd2e8845888c4431b032ba29d9a29a804277e31002a8201fb8591a3e55c7a0d0881496caf8b9fb07544a5a4879291d0dc026a0ea9e5bd88eb4aa4947bbd694b25012e208a250d65ddc6f1eea59d3aed3b4ec15fcab85e2afaa23a40ab1ef9ce3e11e1bc1c34a0e758e7aa64deb8739276df0af7d4121f834a9b88e70418010200090502533127a0021b02005209104ef7e4beccde97f047200419110200060502533127a0000a0910dbce4ee19529437fe045009c0b32f5ead48ee8a7e98fac0dea3d3e6c0e2c552500a0ad71fadc5007cfaf842d9b7db3335a8cdad15d3d1a6404009b08e2c68fe8f3b45c1bb72a4b3278cdf3012aa0f229883ad74aa1f6000bb90b18301b2f85372ca5d6b9bf478d235b733b1b197d19ccca48e9daf8e890cb64546b4ce1b178faccfff07003c172a2d4f5ebaba9f57153955f3f61a9b80a4f5cb959908f8b211b03b7026a8a82fc612bfedd3794969bcf458c4ce92be215a1176ab88d045331d144010400a5063000c5aaf34953c1aa3bfc95045b3aab9882b9a8027fecfe2142dc6b47ba8aca667399990244d513dd0504716908c17d92c65e74219e004f7b83fc125e575dd58efec3ab6dd22e3580106998523dea42ec75bf9aa111734c82df54630bebdff20fe981cfc36c76f865eb1c2fb62c9e85bc3a6e5015a361a2eb1c8431578d0011010001889f04280102000905025331d433021d03000a09104ef7e4beccde97f02e5503ff5e0630d1b65291f4882b6d40a29da4616bb5088717d469fbcc3648b8276de04a04988b1f1b9f3e18f52265c1f8b6c85861691c1a6b8a3a25a1809a0b32ad330aec5667cb4262f4450649184e8113849b05e5ad06a316ea80c001e8e71838190339a6e48bbde30647bcf245134b9a97fa875c1d83a9862cae87ffd7e2c4ce3a1b89013d04180102000905025331d144021b0200a809104ef7e4beccde97f09d2004190102000605025331d144000a0910677815e371c2fd23522203fe22ab62b8e7a151383cea3edd3a12995693911426f8ccf125e1f6426388c0010f88d9ca7da2224aee8d1c12135998640c5e1813d55a93df472faae75bef858457248db41b4505827590aeccf6f9eb646da7f980655dd3050c6897feddddaca90676dee856d66db8923477d251712bb9b3186b4d0114daf7d6b59272b53218dd1da94a03ff64006fcbe71211e5daecd9961fba66cdb6de3f914882c58ba5beddeba7dcb950c1156d7fba18c19ea880dccc800eae335deec34e3b84ac75ffa24864f782f87815cda1c0f634b3dd2fa67cea30811d21723d21d9551fa12ccbcfa62b6d3a15d01307b99925707992556d50065505b090aadb8579083a20fe65bd2a270da9b011"
+
+const missingCrossSignatureKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+Charset: UTF-8
+
+mQENBFMYynYBCACVOZ3/e8Bm2b9KH9QyIlHGo/i1bnkpqsgXj8tpJ2MIUOnXMMAY
+ztW7kKFLCmgVdLIC0vSoLA4yhaLcMojznh/2CcUglZeb6Ao8Gtelr//Rd5DRfPpG
+zqcfUo+m+eO1co2Orabw0tZDfGpg5p3AYl0hmxhUyYSc/xUq93xL1UJzBFgYXY54
+QsM8dgeQgFseSk/YvdP5SMx1ev+eraUyiiUtWzWrWC1TdyRa5p4UZg6Rkoppf+WJ
+QrW6BWrhAtqATHc8ozV7uJjeONjUEq24roRc/OFZdmQQGK6yrzKnnbA6MdHhqpdo
+9kWDcXYb7pSE63Lc+OBa5X2GUVvXJLS/3nrtABEBAAG0F2ludmFsaWQtc2lnbmlu
+Zy1zdWJrZXlziQEoBBMBAgASBQJTnKB5AhsBAgsHAhUIAh4BAAoJEO3UDQUIHpI/
+dN4H/idX4FQ1LIZCnpHS/oxoWQWfpRgdKAEM0qCqjMgiipJeEwSQbqjTCynuh5/R
+JlODDz85ABR06aoF4l5ebGLQWFCYifPnJZ/Yf5OYcMGtb7dIbqxWVFL9iLMO/oDL
+ioI3dotjPui5e+2hI9pVH1UHB/bZ/GvMGo6Zg0XxLPolKQODMVjpjLAQ0YJ3spew
+RAmOGre6tIvbDsMBnm8qREt7a07cBJ6XK7xjxYaZHQBiHVxyEWDa6gyANONx8duW
+/fhQ/zDTnyVM/ik6VO0Ty9BhPpcEYLFwh5c1ilFari1ta3e6qKo6ZGa9YMk/REhu
+yBHd9nTkI+0CiQUmbckUiVjDKKe5AQ0EUxjKdgEIAJcXQeP+NmuciE99YcJoffxv
+2gVLU4ZXBNHEaP0mgaJ1+tmMD089vUQAcyGRvw8jfsNsVZQIOAuRxY94aHQhIRHR
+bUzBN28ofo/AJJtfx62C15xt6fDKRV6HXYqAiygrHIpEoRLyiN69iScUsjIJeyFL
+C8wa72e8pSL6dkHoaV1N9ZH/xmrJ+k0vsgkQaAh9CzYufncDxcwkoP+aOlGtX1gP
+WwWoIbz0JwLEMPHBWvDDXQcQPQTYQyj+LGC9U6f9VZHN25E94subM1MjuT9OhN9Y
+MLfWaaIc5WyhLFyQKW2Upofn9wSFi8ubyBnv640Dfd0rVmaWv7LNTZpoZ/GbJAMA
+EQEAAYkBHwQYAQIACQUCU5ygeQIbAgAKCRDt1A0FCB6SP0zCB/sEzaVR38vpx+OQ
+MMynCBJrakiqDmUZv9xtplY7zsHSQjpd6xGflbU2n+iX99Q+nav0ETQZifNUEd4N
+1ljDGQejcTyKD6Pkg6wBL3x9/RJye7Zszazm4+toJXZ8xJ3800+BtaPoI39akYJm
++ijzbskvN0v/j5GOFJwQO0pPRAFtdHqRs9Kf4YanxhedB4dIUblzlIJuKsxFit6N
+lgGRblagG3Vv2eBszbxzPbJjHCgVLR3RmrVezKOsZjr/2i7X+xLWIR0uD3IN1qOW
+CXQxLBizEEmSNVNxsp7KPGTLnqO3bPtqFirxS9PJLIMPTPLNBY7ZYuPNTMqVIUWF
+4artDmrG
+=7FfJ
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const invalidCrossSignatureKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFMYynYBCACVOZ3/e8Bm2b9KH9QyIlHGo/i1bnkpqsgXj8tpJ2MIUOnXMMAY
+ztW7kKFLCmgVdLIC0vSoLA4yhaLcMojznh/2CcUglZeb6Ao8Gtelr//Rd5DRfPpG
+zqcfUo+m+eO1co2Orabw0tZDfGpg5p3AYl0hmxhUyYSc/xUq93xL1UJzBFgYXY54
+QsM8dgeQgFseSk/YvdP5SMx1ev+eraUyiiUtWzWrWC1TdyRa5p4UZg6Rkoppf+WJ
+QrW6BWrhAtqATHc8ozV7uJjeONjUEq24roRc/OFZdmQQGK6yrzKnnbA6MdHhqpdo
+9kWDcXYb7pSE63Lc+OBa5X2GUVvXJLS/3nrtABEBAAG0F2ludmFsaWQtc2lnbmlu
+Zy1zdWJrZXlziQEoBBMBAgASBQJTnKB5AhsBAgsHAhUIAh4BAAoJEO3UDQUIHpI/
+dN4H/idX4FQ1LIZCnpHS/oxoWQWfpRgdKAEM0qCqjMgiipJeEwSQbqjTCynuh5/R
+JlODDz85ABR06aoF4l5ebGLQWFCYifPnJZ/Yf5OYcMGtb7dIbqxWVFL9iLMO/oDL
+ioI3dotjPui5e+2hI9pVH1UHB/bZ/GvMGo6Zg0XxLPolKQODMVjpjLAQ0YJ3spew
+RAmOGre6tIvbDsMBnm8qREt7a07cBJ6XK7xjxYaZHQBiHVxyEWDa6gyANONx8duW
+/fhQ/zDTnyVM/ik6VO0Ty9BhPpcEYLFwh5c1ilFari1ta3e6qKo6ZGa9YMk/REhu
+yBHd9nTkI+0CiQUmbckUiVjDKKe5AQ0EUxjKdgEIAIINDqlj7X6jYKc6DjwrOkjQ
+UIRWbQQar0LwmNilehmt70g5DCL1SYm9q4LcgJJ2Nhxj0/5qqsYib50OSWMcKeEe
+iRXpXzv1ObpcQtI5ithp0gR53YPXBib80t3bUzomQ5UyZqAAHzMp3BKC54/vUrSK
+FeRaxDzNLrCeyI00+LHNUtwghAqHvdNcsIf8VRumK8oTm3RmDh0TyjASWYbrt9c8
+R1Um3zuoACOVy+mEIgIzsfHq0u7dwYwJB5+KeM7ZLx+HGIYdUYzHuUE1sLwVoELh
++SHIGHI1HDicOjzqgajShuIjj5hZTyQySVprrsLKiXS6NEwHAP20+XjayJ/R3tEA
+EQEAAYkCPgQYAQIBKAUCU5ygeQIbAsBdIAQZAQIABgUCU5ygeQAKCRCpVlnFZmhO
+52RJB/9uD1MSa0wjY6tHOIgquZcP3bHBvHmrHNMw9HR2wRCMO91ZkhrpdS3ZHtgb
+u3/55etj0FdvDo1tb8P8FGSVtO5Vcwf5APM8sbbqoi8L951Q3i7qt847lfhu6sMl
+w0LWFvPTOLHrliZHItPRjOltS1WAWfr2jUYhsU9ytaDAJmvf9DujxEOsN5G1YJep
+54JCKVCkM/y585Zcnn+yxk/XwqoNQ0/iJUT9qRrZWvoeasxhl1PQcwihCwss44A+
+YXaAt3hbk+6LEQuZoYS73yR3WHj+42tfm7YxRGeubXfgCEz/brETEWXMh4pe0vCL
+bfWrmfSPq2rDegYcAybxRQz0lF8PAAoJEO3UDQUIHpI/exkH/0vQfdHA8g/N4T6E
+i6b1CUVBAkvtdJpCATZjWPhXmShOw62gkDw306vHPilL4SCvEEi4KzG72zkp6VsB
+DSRcpxCwT4mHue+duiy53/aRMtSJ+vDfiV1Vhq+3sWAck/yUtfDU9/u4eFaiNok1
+8/Gd7reyuZt5CiJnpdPpjCwelK21l2w7sHAnJF55ITXdOxI8oG3BRKufz0z5lyDY
+s2tXYmhhQIggdgelN8LbcMhWs/PBbtUr6uZlNJG2lW1yscD4aI529VjwJlCeo745
+U7pO4eF05VViUJ2mmfoivL3tkhoTUWhx8xs8xCUcCg8DoEoSIhxtOmoTPR22Z9BL
+6LCg2mg=
+=Dhm4
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const goodCrossSignatureKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mI0EVUqeVwEEAMufHRrMPWK3gyvi0O0tABCs/oON9zV9KDZlr1a1M91ShCSFwCPo
+7r80PxdWVWcj0V5h50/CJYtpN3eE/mUIgW2z1uDYQF1OzrQ8ubrksfsJvpAhENom
+lTQEppv9mV8qhcM278teb7TX0pgrUHLYF5CfPdp1L957JLLXoQR/lwLVABEBAAG0
+E2dvb2Qtc2lnbmluZy1zdWJrZXmIuAQTAQIAIgUCVUqeVwIbAwYLCQgHAwIGFQgC
+CQoLBBYCAwECHgECF4AACgkQNRjL95IRWP69XQQAlH6+eyXJN4DZTLX78KGjHrsw
+6FCvxxClEPtPUjcJy/1KCRQmtLAt9PbbA78dvgzjDeZMZqRAwdjyJhjyg/fkU2OH
+7wq4ktjUu+dLcOBb+BFMEY+YjKZhf6EJuVfxoTVr5f82XNPbYHfTho9/OABKH6kv
+X70PaKZhbwnwij8Nts65AaIEVUqftREEAJ3WxZfqAX0bTDbQPf2CMT2IVMGDfhK7
+GyubOZgDFFjwUJQvHNvsrbeGLZ0xOBumLINyPO1amIfTgJNm1iiWFWfmnHReGcDl
+y5mpYG60Mb79Whdcer7CMm3AqYh/dW4g6IB02NwZMKoUHo3PXmFLxMKXnWyJ0clw
+R0LI/Qn509yXAKDh1SO20rqrBM+EAP2c5bfI98kyNwQAi3buu94qo3RR1ZbvfxgW
+CKXDVm6N99jdZGNK7FbRifXqzJJDLcXZKLnstnC4Sd3uyfyf1uFhmDLIQRryn5m+
+LBYHfDBPN3kdm7bsZDDq9GbTHiFZUfm/tChVKXWxkhpAmHhU/tH6GGzNSMXuIWSO
+aOz3Rqq0ED4NXyNKjdF9MiwD/i83S0ZBc0LmJYt4Z10jtH2B6tYdqnAK29uQaadx
+yZCX2scE09UIm32/w7pV77CKr1Cp/4OzAXS1tmFzQ+bX7DR+Gl8t4wxr57VeEMvl
+BGw4Vjh3X8//m3xynxycQU18Q1zJ6PkiMyPw2owZ/nss3hpSRKFJsxMLhW3fKmKr
+Ey2KiOcEGAECAAkFAlVKn7UCGwIAUgkQNRjL95IRWP5HIAQZEQIABgUCVUqftQAK
+CRD98VjDN10SqkWrAKDTpEY8D8HC02E/KVC5YUI01B30wgCgurpILm20kXEDCeHp
+C5pygfXw1DJrhAP+NyPJ4um/bU1I+rXaHHJYroYJs8YSweiNcwiHDQn0Engh/mVZ
+SqLHvbKh2dL/RXymC3+rjPvQf5cup9bPxNMa6WagdYBNAfzWGtkVISeaQW+cTEp/
+MtgVijRGXR/lGLGETPg2X3Afwn9N9bLMBkBprKgbBqU7lpaoPupxT61bL70=
+=vtbN
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const revokedUserIDKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFsgO5EBCADhREPmcjsPkXe1z7ctvyWL0S7oa9JaoGZ9oPDHFDlQxd0qlX2e
+DZJZDg0qYvVixmaULIulApq1puEsaJCn3lHUbHlb4PYKwLEywYXM28JN91KtLsz/
+uaEX2KC5WqeP40utmzkNLq+oRX/xnRMgwbO7yUNVG2UlEa6eI+xOXO3YtLdmJMBW
+ClQ066ZnOIzEo1JxnIwha1CDBMWLLfOLrg6l8InUqaXbtEBbnaIYO6fXVXELUjkx
+nmk7t/QOk0tXCy8muH9UDqJkwDUESY2l79XwBAcx9riX8vY7vwC34pm22fAUVLCJ
+x1SJx0J8bkeNp38jKM2Zd9SUQqSbfBopQ4pPABEBAAG0I0dvbGFuZyBHb3BoZXIg
+PG5vLXJlcGx5QGdvbGFuZy5jb20+iQFUBBMBCgA+FiEE5Ik5JLcNx6l6rZfw1oFy
+9I6cUoMFAlsgO5ECGwMFCQPCZwAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
+1oFy9I6cUoMIkwf8DNPeD23i4jRwd/pylbvxwZintZl1fSwTJW1xcOa1emXaEtX2
+depuqhP04fjlRQGfsYAQh7X9jOJxAHjTmhqFBi5sD7QvKU00cPFYbJ/JTx0B41bl
+aXnSbGhRPh63QtEZL7ACAs+shwvvojJqysx7kyVRu0EW2wqjXdHwR/SJO6nhNBa2
+DXzSiOU/SUA42mmG+5kjF8Aabq9wPwT9wjraHShEweNerNMmOqJExBOy3yFeyDpa
+XwEZFzBfOKoxFNkIaVf5GSdIUGhFECkGvBMB935khftmgR8APxdU4BE7XrXexFJU
+8RCuPXonm4WQOwTWR0vQg64pb2WKAzZ8HhwTGbQiR29sYW5nIEdvcGhlciA8cmV2
+b2tlZEBnb2xhbmcuY29tPokBNgQwAQoAIBYhBOSJOSS3Dcepeq2X8NaBcvSOnFKD
+BQJbIDv3Ah0AAAoJENaBcvSOnFKDfWMIAKhI/Tvu3h8fSUxp/gSAcduT6bC1JttG
+0lYQ5ilKB/58lBUA5CO3ZrKDKlzW3M8VEcvohVaqeTMKeoQd5rCZq8KxHn/KvN6N
+s85REfXfniCKfAbnGgVXX3kDmZ1g63pkxrFu0fDZjVDXC6vy+I0sGyI/Inro0Pzb
+tvn0QCsxjapKK15BtmSrpgHgzVqVg0cUp8vqZeKFxarYbYB2idtGRci4b9tObOK0
+BSTVFy26+I/mrFGaPrySYiy2Kz5NMEcRhjmTxJ8jSwEr2O2sUR0yjbgUAXbTxDVE
+/jg5fQZ1ACvBRQnB7LvMHcInbzjyeTM3FazkkSYQD6b97+dkWwb1iWG5AQ0EWyA7
+kQEIALkg04REDZo1JgdYV4x8HJKFS4xAYWbIva1ZPqvDNmZRUbQZR2+gpJGEwn7z
+VofGvnOYiGW56AS5j31SFf5kro1+1bZQ5iOONBng08OOo58/l1hRseIIVGB5TGSa
+PCdChKKHreJI6hS3mShxH6hdfFtiZuB45rwoaArMMsYcjaezLwKeLc396cpUwwcZ
+snLUNd1Xu5EWEF2OdFkZ2a1qYdxBvAYdQf4+1Nr+NRIx1u1NS9c8jp3PuMOkrQEi
+bNtc1v6v0Jy52mKLG4y7mC/erIkvkQBYJdxPaP7LZVaPYc3/xskcyijrJ/5ufoD8
+K71/ShtsZUXSQn9jlRaYR0EbojMAEQEAAYkBPAQYAQoAJhYhBOSJOSS3Dcepeq2X
+8NaBcvSOnFKDBQJbIDuRAhsMBQkDwmcAAAoJENaBcvSOnFKDkFMIAIt64bVZ8x7+
+TitH1bR4pgcNkaKmgKoZz6FXu80+SnbuEt2NnDyf1cLOSimSTILpwLIuv9Uft5Pb
+OraQbYt3xi9yrqdKqGLv80bxqK0NuryNkvh9yyx5WoG1iKqMj9/FjGghuPrRaT4l
+QinNAghGVkEy1+aXGFrG2DsOC1FFI51CC2WVTzZ5RwR2GpiNRfESsU1rZAUqf/2V
+yJl9bD5R4SUNy8oQmhOxi+gbhD4Ao34e4W0ilibslI/uawvCiOwlu5NGd8zv5n+U
+heiQvzkApQup5c+BhH5zFDFdKJ2CBByxw9+7QjMFI/wgLixKuE0Ob2kAokXf7RlB
+7qTZOahrETw=
+=IKnw
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const keyWithSubKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mI0EWyKwKQEEALwXhKBnyaaNFeK3ljfc/qn9X/QFw+28EUfgZPHjRmHubuXLE2uR
+s3ZoSXY2z7Dkv+NyHYMt8p+X8q5fR7JvUjK2XbPyKoiJVnHINll83yl67DaWfKNL
+EjNoO0kIfbXfCkZ7EG6DL+iKtuxniGTcnGT47e+HJSqb/STpLMnWwXjBABEBAAG0
+I0dvbGFuZyBHb3BoZXIgPG5vLXJlcGx5QGdvbGFuZy5jb20+iM4EEwEKADgWIQQ/
+lRafP/p9PytHbwxMvYJsOQdOOAUCWyKwKQIbAwULCQgHAwUVCgkICwUWAgMBAAIe
+AQIXgAAKCRBMvYJsOQdOOOsFBAC62mXww8XuqvYLcVOvHkWLT6mhxrQOJXnlfpn7
+2uBV9CMhoG/Ycd43NONsJrB95Apr9TDIqWnVszNbqPCuBhZQSGLdbiDKjxnCWBk0
+69qv4RNtkpOhYB7jK4s8F5oQZqId6JasT/PmJTH92mhBYhhTQr0GYFuPX2UJdkw9
+Sn9C67iNBFsisDUBBAC3A+Yo9lgCnxi/pfskyLrweYif6kIXWLAtLTsM6g/6jt7b
+wTrknuCPyTv0QKGXsAEe/cK/Xq3HvX9WfXPGIHc/X56ZIsHQ+RLowbZV/Lhok1IW
+FAuQm8axr/by80cRwFnzhfPc/ukkAq2Qyj4hLsGblu6mxeAhzcp8aqmWOO2H9QAR
+AQABiLYEKAEKACAWIQQ/lRafP/p9PytHbwxMvYJsOQdOOAUCWyK16gIdAAAKCRBM
+vYJsOQdOOB1vA/4u4uLONsE+2GVOyBsHyy7uTdkuxaR9b54A/cz6jT/tzUbeIzgx
+22neWhgvIEghnUZd0vEyK9k1wy5vbDlEo6nKzHso32N1QExGr5upRERAxweDxGOj
+7luDwNypI7QcifE64lS/JmlnunwRCdRWMKc0Fp+7jtRc5mpwyHN/Suf5RokBagQY
+AQoAIBYhBD+VFp8/+n0/K0dvDEy9gmw5B044BQJbIrA1AhsCAL8JEEy9gmw5B044
+tCAEGQEKAB0WIQSNdnkaWY6t62iX336UXbGvYdhXJwUCWyKwNQAKCRCUXbGvYdhX
+JxJSA/9fCPHP6sUtGF1o3G1a3yvOUDGr1JWcct9U+QpbCt1mZoNopCNDDQAJvDWl
+mvDgHfuogmgNJRjOMznvahbF+wpTXmB7LS0SK412gJzl1fFIpK4bgnhu0TwxNsO1
+8UkCZWqxRMgcNUn9z6XWONK8dgt5JNvHSHrwF4CxxwjL23AAtK+FA/UUoi3U4kbC
+0XnSr1Sl+mrzQi1+H7xyMe7zjqe+gGANtskqexHzwWPUJCPZ5qpIa2l8ghiUim6b
+4ymJ+N8/T8Yva1FaPEqfMzzqJr8McYFm0URioXJPvOAlRxdHPteZ0qUopt/Jawxl
+Xt6B9h1YpeLoJwjwsvbi98UTRs0jXwoY
+=3fWu
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const keyWithSubKeyAndBadSelfSigOrder = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mI0EWyLLDQEEAOqIOpJ/ha1OYAGduu9tS3rBz5vyjbNgJO4sFveEM0mgsHQ0X9/L
+plonW+d0gRoO1dhJ8QICjDAc6+cna1DE3tEb5m6JtQ30teLZuqrR398Cf6w7NNVz
+r3lrlmnH9JaKRuXl7tZciwyovneBfZVCdtsRZjaLI1uMQCz/BToiYe3DABEBAAG0
+I0dvbGFuZyBHb3BoZXIgPG5vLXJlcGx5QGdvbGFuZy5jb20+iM4EEwEKADgWIQRZ
+sixZOfQcZdW0wUqmgmdsv1O9xgUCWyLLDQIbAwULCQgHAwUVCgkICwUWAgMBAAIe
+AQIXgAAKCRCmgmdsv1O9xql2A/4pix98NxjhdsXtazA9agpAKeADf9tG4Za27Gj+
+3DCww/E4iP2X35jZimSm/30QRB6j08uGCqd9vXkkJxtOt63y/IpVOtWX6vMWSTUm
+k8xKkaYMP0/IzKNJ1qC/qYEUYpwERBKg9Z+k99E2Ql4kRHdxXUHq6OzY79H18Y+s
+GdeM/riNBFsiyxsBBAC54Pxg/8ZWaZX1phGdwfe5mek27SOYpC0AxIDCSOdMeQ6G
+HPk38pywl1d+S+KmF/F4Tdi+kWro62O4eG2uc/T8JQuRDUhSjX0Qa51gPzJrUOVT
+CFyUkiZ/3ZDhtXkgfuso8ua2ChBgR9Ngr4v43tSqa9y6AK7v0qjxD1x+xMrjXQAR
+AQABiQFxBBgBCgAmAhsCFiEEWbIsWTn0HGXVtMFKpoJnbL9TvcYFAlsizTIFCQAN
+MRcAv7QgBBkBCgAdFiEEJcoVUVJIk5RWj1c/o62jUpRPICQFAlsiyxsACgkQo62j
+UpRPICQq5gQApoWIigZxXFoM0uw4uJBS5JFZtirTANvirZV5RhndwHeMN6JttaBS
+YnjyA4+n1D+zB2VqliD2QrsX12KJN6rGOehCtEIClQ1Hodo9nC6kMzzAwW1O8bZs
+nRJmXV+bsvD4sidLZLjdwOVa3Cxh6pvq4Uur6a7/UYx121hEY0Qx0s8JEKaCZ2y/
+U73GGi0D/i20VW8AWYAPACm2zMlzExKTOAV01YTQH/3vW0WLrOse53WcIVZga6es
+HuO4So0SOEAvxKMe5HpRIu2dJxTvd99Bo9xk9xJU0AoFrO0vNCRnL+5y68xMlODK
+lEw5/kl0jeaTBp6xX0HDQOEVOpPGUwWV4Ij2EnvfNDXaE1vK1kffiQFrBBgBCgAg
+AhsCFiEEWbIsWTn0HGXVtMFKpoJnbL9TvcYFAlsi0AYAv7QgBBkBCgAdFiEEJcoV
+UVJIk5RWj1c/o62jUpRPICQFAlsiyxsACgkQo62jUpRPICQq5gQApoWIigZxXFoM
+0uw4uJBS5JFZtirTANvirZV5RhndwHeMN6JttaBSYnjyA4+n1D+zB2VqliD2QrsX
+12KJN6rGOehCtEIClQ1Hodo9nC6kMzzAwW1O8bZsnRJmXV+bsvD4sidLZLjdwOVa
+3Cxh6pvq4Uur6a7/UYx121hEY0Qx0s8JEKaCZ2y/U73GRl0EAJokkXmy4zKDHWWi
+wvK9gi2gQgRkVnu2AiONxJb5vjeLhM/07BRmH6K1o+w3fOeEQp4FjXj1eQ5fPSM6
+Hhwx2CTl9SDnPSBMiKXsEFRkmwQ2AAsQZLmQZvKBkLZYeBiwf+IY621eYDhZfo+G
+1dh1WoUCyREZsJQg2YoIpWIcvw+a
+=bNRo
+-----END PGP PUBLIC KEY BLOCK-----
+`
diff --git a/openpgp/keys_test.go b/openpgp/keys_test.go
index f768e68a6..0eb1a9ef2 100644
--- a/openpgp/keys_test.go
+++ b/openpgp/keys_test.go
@@ -12,7 +12,10 @@ import (
 )
 
 func TestKeyExpiry(t *testing.T) {
-	kring, _ := ReadKeyRing(readerFromHex(expiringKeyHex))
+	kring, err := ReadKeyRing(readerFromHex(expiringKeyHex))
+	if err != nil {
+		t.Fatal(err)
+	}
 	entity := kring[0]
 
 	const timeFormat = "2006-01-02"
@@ -26,16 +29,16 @@ func TestKeyExpiry(t *testing.T) {
 	//
 	// So this should select the newest, non-expired encryption key.
 	key, _ := entity.encryptionKey(time1)
-	if id := key.PublicKey.KeyIdShortString(); id != "96A672F5" {
-		t.Errorf("Expected key 1ABB25A0 at time %s, but got key %s", time1.Format(timeFormat), id)
+	if id, expected := key.PublicKey.KeyIdShortString(), "96A672F5"; id != expected {
+		t.Errorf("Expected key %s at time %s, but got key %s", expected, time1.Format(timeFormat), id)
 	}
 
 	// Once the first encryption subkey has expired, the second should be
 	// selected.
 	time2, _ := time.Parse(timeFormat, "2013-07-09")
 	key, _ = entity.encryptionKey(time2)
-	if id := key.PublicKey.KeyIdShortString(); id != "96A672F5" {
-		t.Errorf("Expected key 96A672F5 at time %s, but got key %s", time2.Format(timeFormat), id)
+	if id, expected := key.PublicKey.KeyIdShortString(), "96A672F5"; id != expected {
+		t.Errorf("Expected key %s at time %s, but got key %s", expected, time2.Format(timeFormat), id)
 	}
 
 	// Once all the keys have expired, nothing should be returned.
@@ -102,9 +105,39 @@ func TestGoodCrossSignature(t *testing.T) {
 	}
 }
 
+func TestRevokedUserID(t *testing.T) {
+	// This key contains 2 UIDs, one of which is revoked:
+	// [ultimate] (1)  Golang Gopher <no-reply@golang.com>
+	// [ revoked] (2)  Golang Gopher <revoked@golang.com>
+	keys, err := ReadArmoredKeyRing(bytes.NewBufferString(revokedUserIDKey))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(keys) != 1 {
+		t.Fatal("Failed to read key with a revoked user id")
+	}
+
+	var identities []*Identity
+	for _, identity := range keys[0].Identities {
+		identities = append(identities, identity)
+	}
+
+	if numIdentities, numExpected := len(identities), 1; numIdentities != numExpected {
+		t.Errorf("obtained %d identities, expected %d", numIdentities, numExpected)
+	}
+
+	if identityName, expectedName := identities[0].Name, "Golang Gopher <no-reply@golang.com>"; identityName != expectedName {
+		t.Errorf("obtained identity %s expected %s", identityName, expectedName)
+	}
+}
+
 // TestExternallyRevokableKey attempts to load and parse a key with a third party revocation permission.
 func TestExternallyRevocableKey(t *testing.T) {
-	kring, _ := ReadKeyRing(readerFromHex(subkeyUsageHex))
+	kring, err := ReadKeyRing(readerFromHex(subkeyUsageHex))
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	// The 0xA42704B92866382A key can be revoked by 0xBE3893CB843D0FE70C
 	// according to this signature that appears within the key:
@@ -125,7 +158,10 @@ func TestExternallyRevocableKey(t *testing.T) {
 }
 
 func TestKeyRevocation(t *testing.T) {
-	kring, _ := ReadKeyRing(readerFromHex(revokedKeyHex))
+	kring, err := ReadKeyRing(readerFromHex(revokedKeyHex))
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	// revokedKeyHex contains these keys:
 	// pub   1024R/9A34F7C0 2014-03-25 [revoked: 2014-03-25]
@@ -144,8 +180,49 @@ func TestKeyRevocation(t *testing.T) {
 	}
 }
 
+func TestKeyWithRevokedSubKey(t *testing.T) {
+	// This key contains a revoked sub key:
+	//  pub   rsa1024/0x4CBD826C39074E38 2018-06-14 [SC]
+	//        Key fingerprint = 3F95 169F 3FFA 7D3F 2B47  6F0C 4CBD 826C 3907 4E38
+	//  uid   Golang Gopher <no-reply@golang.com>
+	//  sub   rsa1024/0x945DB1AF61D85727 2018-06-14 [S] [revoked: 2018-06-14]
+
+	keys, err := ReadArmoredKeyRing(bytes.NewBufferString(keyWithSubKey))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(keys) != 1 {
+		t.Fatal("Failed to read key with a sub key")
+	}
+
+	identity := keys[0].Identities["Golang Gopher <no-reply@golang.com>"]
+
+	// Test for an issue where Subkey Binding Signatures (RFC 4880 5.2.1) were added to the identity
+	// preceding the Subkey Packet if the Subkey Packet was followed by more than one signature.
+	// For example, the current key has the following layout:
+	//    PUBKEY UID SELFSIG SUBKEY REV SELFSIG
+	// The last SELFSIG would be added to the UID's signatures. This is wrong.
+	if numIdentitySigs, numExpected := len(identity.Signatures), 0; numIdentitySigs != numExpected {
+		t.Fatalf("got %d identity signatures, expected %d", numIdentitySigs, numExpected)
+	}
+
+	if numSubKeys, numExpected := len(keys[0].Subkeys), 1; numSubKeys != numExpected {
+		t.Fatalf("got %d subkeys, expected %d", numSubKeys, numExpected)
+	}
+
+	subKey := keys[0].Subkeys[0]
+	if subKey.Sig == nil {
+		t.Fatalf("subkey signature is nil")
+	}
+
+}
+
 func TestSubkeyRevocation(t *testing.T) {
-	kring, _ := ReadKeyRing(readerFromHex(revokedSubkeyHex))
+	kring, err := ReadKeyRing(readerFromHex(revokedSubkeyHex))
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	// revokedSubkeyHex contains these keys:
 	// pub   1024R/4EF7E4BECCDE97F0 2014-03-25
@@ -177,8 +254,56 @@ func TestSubkeyRevocation(t *testing.T) {
 	}
 }
 
+func TestKeyWithSubKeyAndBadSelfSigOrder(t *testing.T) {
+	// This key was altered so that the self signatures following the
+	// subkey are in a sub-optimal order.
+	//
+	// Note: Should someone have to create a similar key again, look into
+	//       gpgsplit, gpg --dearmor, and gpg --enarmor.
+	//
+	// The packet ordering is the following:
+	//    PUBKEY UID UIDSELFSIG SUBKEY SELFSIG1 SELFSIG2
+	//
+	// Where:
+	//    SELFSIG1 expires on 2018-06-14 and was created first
+	//    SELFSIG2 does not expire and was created after SELFSIG1
+	//
+	// Test for RFC 4880 5.2.3.3:
+	// > An implementation that encounters multiple self-signatures on the
+	// > same object may resolve the ambiguity in any way it sees fit, but it
+	// > is RECOMMENDED that priority be given to the most recent self-
+	// > signature.
+	//
+	// This means that we should keep SELFSIG2.
+
+	keys, err := ReadArmoredKeyRing(bytes.NewBufferString(keyWithSubKeyAndBadSelfSigOrder))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(keys) != 1 {
+		t.Fatal("Failed to read key with a sub key and a bad selfsig packet order")
+	}
+
+	key := keys[0]
+
+	if numKeys, expected := len(key.Subkeys), 1; numKeys != expected {
+		t.Fatalf("Read %d subkeys, expected %d", numKeys, expected)
+	}
+
+	subKey := key.Subkeys[0]
+
+	if lifetime := subKey.Sig.KeyLifetimeSecs; lifetime != nil {
+		t.Errorf("The signature has a key lifetime (%d), but it should be nil", *lifetime)
+	}
+
+}
+
 func TestKeyUsage(t *testing.T) {
-	kring, _ := ReadKeyRing(readerFromHex(subkeyUsageHex))
+	kring, err := ReadKeyRing(readerFromHex(subkeyUsageHex))
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	// subkeyUsageHex contains these keys:
 	// pub  1024R/2866382A  created: 2014-04-01  expires: never       usage: SC
@@ -305,100 +430,66 @@ func TestNewEntityWithoutPreferredHash(t *testing.T) {
 	}
 }
 
-const expiringKeyHex = "988d0451d1ec5d010400ba3385721f2dc3f4ab096b2ee867ab77213f0a27a8538441c35d2fa225b08798a1439a66a5150e6bdc3f40f5d28d588c712394c632b6299f77db8c0d48d37903fb72ebd794d61be6aa774688839e5fdecfe06b2684cc115d240c98c66cb1ef22ae84e3aa0c2b0c28665c1e7d4d044e7f270706193f5223c8d44e0d70b7b8da830011010001b40f4578706972792074657374206b657988be041301020028050251d1ec5d021b03050900278d00060b090807030206150802090a0b0416020301021e01021780000a091072589ad75e237d8c033503fd10506d72837834eb7f994117740723adc39227104b0d326a1161871c0b415d25b4aedef946ca77ea4c05af9c22b32cf98be86ab890111fced1ee3f75e87b7cc3c00dc63bbc85dfab91c0dc2ad9de2c4d13a34659333a85c6acc1a669c5e1d6cecb0cf1e56c10e72d855ae177ddc9e766f9b2dda57ccbb75f57156438bbdb4e42b88d0451d1ec5d0104009c64906559866c5cb61578f5846a94fcee142a489c9b41e67b12bb54cfe86eb9bc8566460f9a720cb00d6526fbccfd4f552071a8e3f7744b1882d01036d811ee5a3fb91a1c568055758f43ba5d2c6a9676b012f3a1a89e47bbf624f1ad571b208f3cc6224eb378f1645dd3d47584463f9eadeacfd1ce6f813064fbfdcc4b5a53001101000188a504180102000f021b0c050251d1f06b050900093e89000a091072589ad75e237d8c20e00400ab8310a41461425b37889c4da28129b5fae6084fafbc0a47dd1adc74a264c6e9c9cc125f40462ee1433072a58384daef88c961c390ed06426a81b464a53194c4e291ddd7e2e2ba3efced01537d713bd111f48437bde2363446200995e8e0d4e528dda377fd1e8f8ede9c8e2198b393bd86852ce7457a7e3daf74d510461a5b77b88d0451d1ece8010400b3a519f83ab0010307e83bca895170acce8964a044190a2b368892f7a244758d9fc193482648acb1fb9780d28cc22d171931f38bb40279389fc9bf2110876d4f3db4fcfb13f22f7083877fe56592b3b65251312c36f83ffcb6d313c6a17f197dd471f0712aad15a8537b435a92471ba2e5b0c72a6c72536c3b567c558d7b6051001101000188a504180102000f021b0c050251d1f07b050900279091000a091072589ad75e237d8ce69e03fe286026afacf7c97ee20673864d4459a2240b5655219950643c7dba0ac384b1d4359c67805b21d98211f7b09c2a0ccf6410c8c04d4ff4a51293725d8d6570d9d8bb0e10c07d22357caeb49626df99c180be02d77d1fe8ed25e7a54481237646083a9f89a11566cd20b9e995b1487c5f9e02aeb434f3a1897cd416dd0a87861838da3e9e"
-const subkeyUsageHex = "988d04533a52bc010400d26af43085558f65b9e7dbc90cb9238015259aed5e954637adcfa2181548b2d0b60c65f1f42ec5081cbf1bc0a8aa4900acfb77070837c58f26012fbce297d70afe96e759ad63531f0037538e70dbf8e384569b9720d99d8eb39d8d0a2947233ed242436cb6ac7dfe74123354b3d0119b5c235d3dd9c9d6c004f8ffaf67ad8583001101000188b7041f010200210502533b8552170c8001ce094aa433f7040bb2ddf0be3893cb843d0fe70c020700000a0910a42704b92866382aa98404009d63d916a27543da4221c60087c33f1c44bec9998c5438018ed370cca4962876c748e94b73eb39c58eb698063f3fd6346d58dd2a11c0247934c4a9d71f24754f7468f96fb24c3e791dd2392b62f626148ad724189498cbf993db2df7c0cdc2d677c35da0f16cb16c9ce7c33b4de65a4a91b1d21a130ae9cc26067718910ef8e2b417556d627261203c756d627261407379642e65642e61753e88b80413010200220502533a52bc021b03060b090807030206150802090a0b0416020301021e01021780000a0910a42704b92866382a47840400c0c2bd04f5fca586de408b395b3c280a278259c93eaaa8b79a53b97003f8ed502a8a00446dd9947fb462677e4fcac0dac2f0701847d15130aadb6cd9e0705ea0cf5f92f129136c7be21a718d46c8e641eb7f044f2adae573e11ae423a0a9ca51324f03a8a2f34b91fa40c3cc764bee4dccadedb54c768ba0469b683ea53f1c29b88d04533a52bc01040099c92a5d6f8b744224da27bc2369127c35269b58bec179de6bbc038f749344222f85a31933224f26b70243c4e4b2d242f0c4777eaef7b5502f9dad6d8bf3aaeb471210674b74de2d7078af497d55f5cdad97c7bedfbc1b41e8065a97c9c3d344b21fc81d27723af8e374bc595da26ea242dccb6ae497be26eea57e563ed517e90011010001889f0418010200090502533a52bc021b0c000a0910a42704b92866382afa1403ff70284c2de8a043ff51d8d29772602fa98009b7861c540535f874f2c230af8caf5638151a636b21f8255003997ccd29747fdd06777bb24f9593bd7d98a3e887689bf902f999915fcc94625ae487e5d13e6616f89090ebc4fdc7eb5cad8943e4056995bb61c6af37f8043016876a958ec7ebf39c43d20d53b7f546cfa83e8d2604b88d04533b8283010400c0b529316dbdf58b4c54461e7e669dc11c09eb7f73819f178ccd4177b9182b91d138605fcf1e463262fabefa73f94a52b5e15d1904635541c7ea540f07050ce0fb51b73e6f88644cec86e91107c957a114f69554548a85295d2b70bd0b203992f76eb5d493d86d9eabcaa7ef3fc7db7e458438db3fcdb0ca1cc97c638439a9170011010001889f0418010200090502533b8283021b0c000a0910a42704b92866382adc6d0400cfff6258485a21675adb7a811c3e19ebca18851533f75a7ba317950b9997fda8d1a4c8c76505c08c04b6c2cc31dc704d33da36a21273f2b388a1a706f7c3378b66d887197a525936ed9a69acb57fe7f718133da85ec742001c5d1864e9c6c8ea1b94f1c3759cebfd93b18606066c063a63be86085b7e37bdbc65f9a915bf084bb901a204533b85cd110400aed3d2c52af2b38b5b67904b0ef73d6dd7aef86adb770e2b153cd22489654dcc91730892087bb9856ae2d9f7ed1eb48f214243fe86bfe87b349ebd7c30e630e49c07b21fdabf78b7a95c8b7f969e97e3d33f2e074c63552ba64a2ded7badc05ce0ea2be6d53485f6900c7860c7aa76560376ce963d7271b9b54638a4028b573f00a0d8854bfcdb04986141568046202192263b9b67350400aaa1049dbc7943141ef590a70dcb028d730371d92ea4863de715f7f0f16d168bd3dc266c2450457d46dcbbf0b071547e5fbee7700a820c3750b236335d8d5848adb3c0da010e998908dfd93d961480084f3aea20b247034f8988eccb5546efaa35a92d0451df3aaf1aee5aa36a4c4d462c760ecd9cebcabfbe1412b1f21450f203fd126687cd486496e971a87fd9e1a8a765fe654baa219a6871ab97768596ab05c26c1aeea8f1a2c72395a58dbc12ef9640d2b95784e974a4d2d5a9b17c25fedacfe551bda52602de8f6d2e48443f5dd1a2a2a8e6a5e70ecdb88cd6e766ad9745c7ee91d78cc55c3d06536b49c3fee6c3d0b6ff0fb2bf13a314f57c953b8f4d93bf88e70418010200090502533b85cd021b0200520910a42704b92866382a47200419110200060502533b85cd000a091042ce2c64bc0ba99214b2009e26b26852c8b13b10c35768e40e78fbbb48bd084100a0c79d9ea0844fa5853dd3c85ff3ecae6f2c9dd6c557aa04008bbbc964cd65b9b8299d4ebf31f41cc7264b8cf33a00e82c5af022331fac79efc9563a822497ba012953cefe2629f1242fcdcb911dbb2315985bab060bfd58261ace3c654bdbbe2e8ed27a46e836490145c86dc7bae15c011f7e1ffc33730109b9338cd9f483e7cef3d2f396aab5bd80efb6646d7e778270ee99d934d187dd98"
-const revokedKeyHex = "988d045331ce82010400c4fdf7b40a5477f206e6ee278eaef888ca73bf9128a9eef9f2f1ddb8b7b71a4c07cfa241f028a04edb405e4d916c61d6beabc333813dc7b484d2b3c52ee233c6a79b1eea4e9cc51596ba9cd5ac5aeb9df62d86ea051055b79d03f8a4fa9f38386f5bd17529138f3325d46801514ea9047977e0829ed728e68636802796801be10011010001889f04200102000905025331d0e3021d03000a0910a401d9f09a34f7c042aa040086631196405b7e6af71026b88e98012eab44aa9849f6ef3fa930c7c9f23deaedba9db1538830f8652fb7648ec3fcade8dbcbf9eaf428e83c6cbcc272201bfe2fbb90d41963397a7c0637a1a9d9448ce695d9790db2dc95433ad7be19eb3de72dacf1d6db82c3644c13eae2a3d072b99bb341debba012c5ce4006a7d34a1f4b94b444526567205265766f6b657220283c52656727732022424d204261726973746122204b657920262530305c303e5c29203c72656740626d626172697374612e636f2e61753e88b704130102002205025331ce82021b03060b090807030206150802090a0b0416020301021e01021780000a0910a401d9f09a34f7c0019c03f75edfbeb6a73e7225ad3cc52724e2872e04260d7daf0d693c170d8c4b243b8767bc7785763533febc62ec2600c30603c433c095453ede59ff2fcabeb84ce32e0ed9d5cf15ffcbc816202b64370d4d77c1e9077d74e94a16fb4fa2e5bec23a56d7a73cf275f91691ae1801a976fcde09e981a2f6327ac27ea1fecf3185df0d56889c04100102000605025331cfb5000a0910fe9645554e8266b64b4303fc084075396674fb6f778d302ac07cef6bc0b5d07b66b2004c44aef711cbac79617ef06d836b4957522d8772dd94bf41a2f4ac8b1ee6d70c57503f837445a74765a076d07b829b8111fc2a918423ddb817ead7ca2a613ef0bfb9c6b3562aec6c3cf3c75ef3031d81d95f6563e4cdcc9960bcb386c5d757b104fcca5fe11fc709df884604101102000605025331cfe7000a09107b15a67f0b3ddc0317f6009e360beea58f29c1d963a22b962b80788c3fa6c84e009d148cfde6b351469b8eae91187eff07ad9d08fcaab88d045331ce820104009f25e20a42b904f3fa555530fe5c46737cf7bd076c35a2a0d22b11f7e0b61a69320b768f4a80fe13980ce380d1cfc4a0cd8fbe2d2e2ef85416668b77208baa65bf973fe8e500e78cc310d7c8705cdb34328bf80e24f0385fce5845c33bc7943cf6b11b02348a23da0bf6428e57c05135f2dc6bd7c1ce325d666d5a5fd2fd5e410011010001889f04180102000905025331ce82021b0c000a0910a401d9f09a34f7c0418003fe34feafcbeaef348a800a0d908a7a6809cc7304017d820f70f0474d5e23cb17e38b67dc6dca282c6ca00961f4ec9edf2738d0f087b1d81e4871ef08e1798010863afb4eac4c44a376cb343be929c5be66a78cfd4456ae9ec6a99d97f4e1c3ff3583351db2147a65c0acef5c003fb544ab3a2e2dc4d43646f58b811a6c3a369d1f"
-const revokedSubkeyHex = "988d04533121f6010400aefc803a3e4bb1a61c86e8a86d2726c6a43e0079e9f2713f1fa017e9854c83877f4aced8e331d675c67ea83ddab80aacbfa0b9040bb12d96f5a3d6be09455e2a76546cbd21677537db941cab710216b6d24ec277ee0bd65b910f416737ed120f6b93a9d3b306245c8cfd8394606fdb462e5cf43c551438d2864506c63367fc890011010001b41d416c696365203c616c69636540626d626172697374612e636f2e61753e88bb041301020025021b03060b090807030206150802090a0b0416020301021e01021780050253312798021901000a09104ef7e4beccde97f015a803ff5448437780f63263b0df8442a995e7f76c221351a51edd06f2063d8166cf3157aada4923dfc44aa0f2a6a4da5cf83b7fe722ba8ab416c976e77c6b5682e7f1069026673bd0de56ba06fd5d7a9f177607f277d9b55ff940a638c3e68525c67517e2b3d976899b93ca267f705b3e5efad7d61220e96b618a4497eab8d04403d23f8846041011020006050253312910000a09107b15a67f0b3ddc03d96e009f50b6365d86c4be5d5e9d0ea42d5e56f5794c617700a0ab274e19c2827780016d23417ce89e0a2c0d987d889c04100102000605025331cf7a000a0910a401d9f09a34f7c0ee970400aca292f213041c9f3b3fc49148cbda9d84afee6183c8dd6c5ff2600b29482db5fecd4303797be1ee6d544a20a858080fec43412061c9a71fae4039fd58013b4ae341273e6c66ad4c7cdd9e68245bedb260562e7b166f2461a1032f2b38c0e0e5715fb3d1656979e052b55ca827a76f872b78a9fdae64bc298170bfcebedc1271b41a416c696365203c616c696365407379646973702e6f722e61753e88b804130102002205025331278b021b03060b090807030206150802090a0b0416020301021e01021780000a09104ef7e4beccde97f06a7003fa03c3af68d272ebc1fa08aa72a03b02189c26496a2833d90450801c4e42c5b5f51ad96ce2d2c9cef4b7c02a6a2fcf1412d6a2d486098eb762f5010a201819c17fd2888aec8eda20c65a3b75744de7ee5cc8ac7bfc470cbe3cb982720405a27a3c6a8c229cfe36905f881b02ed5680f6a8f05866efb9d6c5844897e631deb949ca8846041011020006050253312910000a09107b15a67f0b3ddc0347bc009f7fa35db59147469eb6f2c5aaf6428accb138b22800a0caa2f5f0874bacc5909c652a57a31beda65eddd5889c04100102000605025331cf7a000a0910a401d9f09a34f7c0316403ff46f2a5c101256627f16384d34a38fb47a6c88ba60506843e532d91614339fccae5f884a5741e7582ffaf292ba38ee10a270a05f139bde3814b6a077e8cd2db0f105ebea2a83af70d385f13b507fac2ad93ff79d84950328bb86f3074745a8b7f9b64990fb142e2a12976e27e8d09a28dc5621f957ac49091116da410ac3cbde1b88d04533121f6010400cbd785b56905e4192e2fb62a720727d43c4fa487821203cf72138b884b78b701093243e1d8c92a0248a6c0203a5a88693da34af357499abacaf4b3309c640797d03093870a323b4b6f37865f6eaa2838148a67df4735d43a90ca87942554cdf1c4a751b1e75f9fd4ce4e97e278d6c1c7ed59d33441df7d084f3f02beb68896c70011010001889f0418010200090502533121f6021b0c000a09104ef7e4beccde97f0b98b03fc0a5ccf6a372995835a2f5da33b282a7d612c0ab2a97f59cf9fff73e9110981aac2858c41399afa29624a7fd8a0add11654e3d882c0fd199e161bdad65e5e2548f7b68a437ea64293db1246e3011cbb94dc1bcdeaf0f2539bd88ff16d95547144d97cead6a8c5927660a91e6db0d16eb36b7b49a3525b54d1644e65599b032b7eb901a204533127a0110400bd3edaa09eff9809c4edc2c2a0ebe52e53c50a19c1e49ab78e6167bf61473bb08f2050d78a5cbbc6ed66aff7b42cd503f16b4a0b99fa1609681fca9b7ce2bbb1a5b3864d6cdda4d7ef7849d156d534dea30fb0efb9e4cf8959a2b2ce623905882d5430b995a15c3b9fe92906086788b891002924f94abe139b42cbbfaaabe42f00a0b65dc1a1ad27d798adbcb5b5ad02d2688c89477b03ff4eebb6f7b15a73b96a96bed201c0e5e4ea27e4c6e2dd1005b94d4b90137a5b1cf5e01c6226c070c4cc999938101578877ee76d296b9aab8246d57049caacf489e80a3f40589cade790a020b1ac146d6f7a6241184b8c7fcde680eae3188f5dcbe846d7f7bdad34f6fcfca08413e19c1d5df83fc7c7c627d493492e009c2f52a80400a2fe82de87136fd2e8845888c4431b032ba29d9a29a804277e31002a8201fb8591a3e55c7a0d0881496caf8b9fb07544a5a4879291d0dc026a0ea9e5bd88eb4aa4947bbd694b25012e208a250d65ddc6f1eea59d3aed3b4ec15fcab85e2afaa23a40ab1ef9ce3e11e1bc1c34a0e758e7aa64deb8739276df0af7d4121f834a9b88e70418010200090502533127a0021b02005209104ef7e4beccde97f047200419110200060502533127a0000a0910dbce4ee19529437fe045009c0b32f5ead48ee8a7e98fac0dea3d3e6c0e2c552500a0ad71fadc5007cfaf842d9b7db3335a8cdad15d3d1a6404009b08e2c68fe8f3b45c1bb72a4b3278cdf3012aa0f229883ad74aa1f6000bb90b18301b2f85372ca5d6b9bf478d235b733b1b197d19ccca48e9daf8e890cb64546b4ce1b178faccfff07003c172a2d4f5ebaba9f57153955f3f61a9b80a4f5cb959908f8b211b03b7026a8a82fc612bfedd3794969bcf458c4ce92be215a1176ab88d045331d144010400a5063000c5aaf34953c1aa3bfc95045b3aab9882b9a8027fecfe2142dc6b47ba8aca667399990244d513dd0504716908c17d92c65e74219e004f7b83fc125e575dd58efec3ab6dd22e3580106998523dea42ec75bf9aa111734c82df54630bebdff20fe981cfc36c76f865eb1c2fb62c9e85bc3a6e5015a361a2eb1c8431578d0011010001889f04280102000905025331d433021d03000a09104ef7e4beccde97f02e5503ff5e0630d1b65291f4882b6d40a29da4616bb5088717d469fbcc3648b8276de04a04988b1f1b9f3e18f52265c1f8b6c85861691c1a6b8a3a25a1809a0b32ad330aec5667cb4262f4450649184e8113849b05e5ad06a316ea80c001e8e71838190339a6e48bbde30647bcf245134b9a97fa875c1d83a9862cae87ffd7e2c4ce3a1b89013d04180102000905025331d144021b0200a809104ef7e4beccde97f09d2004190102000605025331d144000a0910677815e371c2fd23522203fe22ab62b8e7a151383cea3edd3a12995693911426f8ccf125e1f6426388c0010f88d9ca7da2224aee8d1c12135998640c5e1813d55a93df472faae75bef858457248db41b4505827590aeccf6f9eb646da7f980655dd3050c6897feddddaca90676dee856d66db8923477d251712bb9b3186b4d0114daf7d6b59272b53218dd1da94a03ff64006fcbe71211e5daecd9961fba66cdb6de3f914882c58ba5beddeba7dcb950c1156d7fba18c19ea880dccc800eae335deec34e3b84ac75ffa24864f782f87815cda1c0f634b3dd2fa67cea30811d21723d21d9551fa12ccbcfa62b6d3a15d01307b99925707992556d50065505b090aadb8579083a20fe65bd2a270da9b011"
-const missingCrossSignatureKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
-Charset: UTF-8
-
-mQENBFMYynYBCACVOZ3/e8Bm2b9KH9QyIlHGo/i1bnkpqsgXj8tpJ2MIUOnXMMAY
-ztW7kKFLCmgVdLIC0vSoLA4yhaLcMojznh/2CcUglZeb6Ao8Gtelr//Rd5DRfPpG
-zqcfUo+m+eO1co2Orabw0tZDfGpg5p3AYl0hmxhUyYSc/xUq93xL1UJzBFgYXY54
-QsM8dgeQgFseSk/YvdP5SMx1ev+eraUyiiUtWzWrWC1TdyRa5p4UZg6Rkoppf+WJ
-QrW6BWrhAtqATHc8ozV7uJjeONjUEq24roRc/OFZdmQQGK6yrzKnnbA6MdHhqpdo
-9kWDcXYb7pSE63Lc+OBa5X2GUVvXJLS/3nrtABEBAAG0F2ludmFsaWQtc2lnbmlu
-Zy1zdWJrZXlziQEoBBMBAgASBQJTnKB5AhsBAgsHAhUIAh4BAAoJEO3UDQUIHpI/
-dN4H/idX4FQ1LIZCnpHS/oxoWQWfpRgdKAEM0qCqjMgiipJeEwSQbqjTCynuh5/R
-JlODDz85ABR06aoF4l5ebGLQWFCYifPnJZ/Yf5OYcMGtb7dIbqxWVFL9iLMO/oDL
-ioI3dotjPui5e+2hI9pVH1UHB/bZ/GvMGo6Zg0XxLPolKQODMVjpjLAQ0YJ3spew
-RAmOGre6tIvbDsMBnm8qREt7a07cBJ6XK7xjxYaZHQBiHVxyEWDa6gyANONx8duW
-/fhQ/zDTnyVM/ik6VO0Ty9BhPpcEYLFwh5c1ilFari1ta3e6qKo6ZGa9YMk/REhu
-yBHd9nTkI+0CiQUmbckUiVjDKKe5AQ0EUxjKdgEIAJcXQeP+NmuciE99YcJoffxv
-2gVLU4ZXBNHEaP0mgaJ1+tmMD089vUQAcyGRvw8jfsNsVZQIOAuRxY94aHQhIRHR
-bUzBN28ofo/AJJtfx62C15xt6fDKRV6HXYqAiygrHIpEoRLyiN69iScUsjIJeyFL
-C8wa72e8pSL6dkHoaV1N9ZH/xmrJ+k0vsgkQaAh9CzYufncDxcwkoP+aOlGtX1gP
-WwWoIbz0JwLEMPHBWvDDXQcQPQTYQyj+LGC9U6f9VZHN25E94subM1MjuT9OhN9Y
-MLfWaaIc5WyhLFyQKW2Upofn9wSFi8ubyBnv640Dfd0rVmaWv7LNTZpoZ/GbJAMA
-EQEAAYkBHwQYAQIACQUCU5ygeQIbAgAKCRDt1A0FCB6SP0zCB/sEzaVR38vpx+OQ
-MMynCBJrakiqDmUZv9xtplY7zsHSQjpd6xGflbU2n+iX99Q+nav0ETQZifNUEd4N
-1ljDGQejcTyKD6Pkg6wBL3x9/RJye7Zszazm4+toJXZ8xJ3800+BtaPoI39akYJm
-+ijzbskvN0v/j5GOFJwQO0pPRAFtdHqRs9Kf4YanxhedB4dIUblzlIJuKsxFit6N
-lgGRblagG3Vv2eBszbxzPbJjHCgVLR3RmrVezKOsZjr/2i7X+xLWIR0uD3IN1qOW
-CXQxLBizEEmSNVNxsp7KPGTLnqO3bPtqFirxS9PJLIMPTPLNBY7ZYuPNTMqVIUWF
-4artDmrG
-=7FfJ
------END PGP PUBLIC KEY BLOCK-----`
-
-const invalidCrossSignatureKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQENBFMYynYBCACVOZ3/e8Bm2b9KH9QyIlHGo/i1bnkpqsgXj8tpJ2MIUOnXMMAY
-ztW7kKFLCmgVdLIC0vSoLA4yhaLcMojznh/2CcUglZeb6Ao8Gtelr//Rd5DRfPpG
-zqcfUo+m+eO1co2Orabw0tZDfGpg5p3AYl0hmxhUyYSc/xUq93xL1UJzBFgYXY54
-QsM8dgeQgFseSk/YvdP5SMx1ev+eraUyiiUtWzWrWC1TdyRa5p4UZg6Rkoppf+WJ
-QrW6BWrhAtqATHc8ozV7uJjeONjUEq24roRc/OFZdmQQGK6yrzKnnbA6MdHhqpdo
-9kWDcXYb7pSE63Lc+OBa5X2GUVvXJLS/3nrtABEBAAG0F2ludmFsaWQtc2lnbmlu
-Zy1zdWJrZXlziQEoBBMBAgASBQJTnKB5AhsBAgsHAhUIAh4BAAoJEO3UDQUIHpI/
-dN4H/idX4FQ1LIZCnpHS/oxoWQWfpRgdKAEM0qCqjMgiipJeEwSQbqjTCynuh5/R
-JlODDz85ABR06aoF4l5ebGLQWFCYifPnJZ/Yf5OYcMGtb7dIbqxWVFL9iLMO/oDL
-ioI3dotjPui5e+2hI9pVH1UHB/bZ/GvMGo6Zg0XxLPolKQODMVjpjLAQ0YJ3spew
-RAmOGre6tIvbDsMBnm8qREt7a07cBJ6XK7xjxYaZHQBiHVxyEWDa6gyANONx8duW
-/fhQ/zDTnyVM/ik6VO0Ty9BhPpcEYLFwh5c1ilFari1ta3e6qKo6ZGa9YMk/REhu
-yBHd9nTkI+0CiQUmbckUiVjDKKe5AQ0EUxjKdgEIAIINDqlj7X6jYKc6DjwrOkjQ
-UIRWbQQar0LwmNilehmt70g5DCL1SYm9q4LcgJJ2Nhxj0/5qqsYib50OSWMcKeEe
-iRXpXzv1ObpcQtI5ithp0gR53YPXBib80t3bUzomQ5UyZqAAHzMp3BKC54/vUrSK
-FeRaxDzNLrCeyI00+LHNUtwghAqHvdNcsIf8VRumK8oTm3RmDh0TyjASWYbrt9c8
-R1Um3zuoACOVy+mEIgIzsfHq0u7dwYwJB5+KeM7ZLx+HGIYdUYzHuUE1sLwVoELh
-+SHIGHI1HDicOjzqgajShuIjj5hZTyQySVprrsLKiXS6NEwHAP20+XjayJ/R3tEA
-EQEAAYkCPgQYAQIBKAUCU5ygeQIbAsBdIAQZAQIABgUCU5ygeQAKCRCpVlnFZmhO
-52RJB/9uD1MSa0wjY6tHOIgquZcP3bHBvHmrHNMw9HR2wRCMO91ZkhrpdS3ZHtgb
-u3/55etj0FdvDo1tb8P8FGSVtO5Vcwf5APM8sbbqoi8L951Q3i7qt847lfhu6sMl
-w0LWFvPTOLHrliZHItPRjOltS1WAWfr2jUYhsU9ytaDAJmvf9DujxEOsN5G1YJep
-54JCKVCkM/y585Zcnn+yxk/XwqoNQ0/iJUT9qRrZWvoeasxhl1PQcwihCwss44A+
-YXaAt3hbk+6LEQuZoYS73yR3WHj+42tfm7YxRGeubXfgCEz/brETEWXMh4pe0vCL
-bfWrmfSPq2rDegYcAybxRQz0lF8PAAoJEO3UDQUIHpI/exkH/0vQfdHA8g/N4T6E
-i6b1CUVBAkvtdJpCATZjWPhXmShOw62gkDw306vHPilL4SCvEEi4KzG72zkp6VsB
-DSRcpxCwT4mHue+duiy53/aRMtSJ+vDfiV1Vhq+3sWAck/yUtfDU9/u4eFaiNok1
-8/Gd7reyuZt5CiJnpdPpjCwelK21l2w7sHAnJF55ITXdOxI8oG3BRKufz0z5lyDY
-s2tXYmhhQIggdgelN8LbcMhWs/PBbtUr6uZlNJG2lW1yscD4aI529VjwJlCeo745
-U7pO4eF05VViUJ2mmfoivL3tkhoTUWhx8xs8xCUcCg8DoEoSIhxtOmoTPR22Z9BL
-6LCg2mg=
-=Dhm4
------END PGP PUBLIC KEY BLOCK-----`
-
-const goodCrossSignatureKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1
-
-mI0EVUqeVwEEAMufHRrMPWK3gyvi0O0tABCs/oON9zV9KDZlr1a1M91ShCSFwCPo
-7r80PxdWVWcj0V5h50/CJYtpN3eE/mUIgW2z1uDYQF1OzrQ8ubrksfsJvpAhENom
-lTQEppv9mV8qhcM278teb7TX0pgrUHLYF5CfPdp1L957JLLXoQR/lwLVABEBAAG0
-E2dvb2Qtc2lnbmluZy1zdWJrZXmIuAQTAQIAIgUCVUqeVwIbAwYLCQgHAwIGFQgC
-CQoLBBYCAwECHgECF4AACgkQNRjL95IRWP69XQQAlH6+eyXJN4DZTLX78KGjHrsw
-6FCvxxClEPtPUjcJy/1KCRQmtLAt9PbbA78dvgzjDeZMZqRAwdjyJhjyg/fkU2OH
-7wq4ktjUu+dLcOBb+BFMEY+YjKZhf6EJuVfxoTVr5f82XNPbYHfTho9/OABKH6kv
-X70PaKZhbwnwij8Nts65AaIEVUqftREEAJ3WxZfqAX0bTDbQPf2CMT2IVMGDfhK7
-GyubOZgDFFjwUJQvHNvsrbeGLZ0xOBumLINyPO1amIfTgJNm1iiWFWfmnHReGcDl
-y5mpYG60Mb79Whdcer7CMm3AqYh/dW4g6IB02NwZMKoUHo3PXmFLxMKXnWyJ0clw
-R0LI/Qn509yXAKDh1SO20rqrBM+EAP2c5bfI98kyNwQAi3buu94qo3RR1ZbvfxgW
-CKXDVm6N99jdZGNK7FbRifXqzJJDLcXZKLnstnC4Sd3uyfyf1uFhmDLIQRryn5m+
-LBYHfDBPN3kdm7bsZDDq9GbTHiFZUfm/tChVKXWxkhpAmHhU/tH6GGzNSMXuIWSO
-aOz3Rqq0ED4NXyNKjdF9MiwD/i83S0ZBc0LmJYt4Z10jtH2B6tYdqnAK29uQaadx
-yZCX2scE09UIm32/w7pV77CKr1Cp/4OzAXS1tmFzQ+bX7DR+Gl8t4wxr57VeEMvl
-BGw4Vjh3X8//m3xynxycQU18Q1zJ6PkiMyPw2owZ/nss3hpSRKFJsxMLhW3fKmKr
-Ey2KiOcEGAECAAkFAlVKn7UCGwIAUgkQNRjL95IRWP5HIAQZEQIABgUCVUqftQAK
-CRD98VjDN10SqkWrAKDTpEY8D8HC02E/KVC5YUI01B30wgCgurpILm20kXEDCeHp
-C5pygfXw1DJrhAP+NyPJ4um/bU1I+rXaHHJYroYJs8YSweiNcwiHDQn0Engh/mVZ
-SqLHvbKh2dL/RXymC3+rjPvQf5cup9bPxNMa6WagdYBNAfzWGtkVISeaQW+cTEp/
-MtgVijRGXR/lGLGETPg2X3Afwn9N9bLMBkBprKgbBqU7lpaoPupxT61bL70=
-=vtbN
------END PGP PUBLIC KEY BLOCK-----`
+func TestNewEntityCorrectName(t *testing.T) {
+	entity, err := NewEntity("Golang Gopher", "Test Key", "no-reply@golang.com", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(entity.Identities) != 1 {
+		t.Fatalf("len(entity.Identities) = %d, want 1", len(entity.Identities))
+	}
+	var got string
+	for _, i := range entity.Identities {
+		got = i.Name
+	}
+	want := "Golang Gopher (Test Key) <no-reply@golang.com>"
+	if got != want {
+		t.Fatalf("Identity.Name = %q, want %q", got, want)
+	}
+}
+
+func TestNewEntityWithPreferredSymmetric(t *testing.T) {
+	c := &packet.Config{
+		DefaultCipher: packet.CipherAES256,
+	}
+	entity, err := NewEntity("Golang Gopher", "Test Key", "no-reply@golang.com", c)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for _, identity := range entity.Identities {
+		if len(identity.SelfSignature.PreferredSymmetric) == 0 {
+			t.Fatal("didn't find a preferred cipher in self signature")
+		}
+		if identity.SelfSignature.PreferredSymmetric[0] != uint8(c.DefaultCipher) {
+			t.Fatalf("Expected preferred cipher to be %d, got %d", uint8(c.DefaultCipher), identity.SelfSignature.PreferredSymmetric[0])
+		}
+	}
+}
+
+func TestNewEntityWithoutPreferredSymmetric(t *testing.T) {
+	entity, err := NewEntity("Golang Gopher", "Test Key", "no-reply@golang.com", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for _, identity := range entity.Identities {
+		if len(identity.SelfSignature.PreferredSymmetric) != 0 {
+			t.Fatalf("Expected preferred cipher to be empty but got length %d", len(identity.SelfSignature.PreferredSymmetric))
+		}
+	}
+}
+
+func TestNewEntityPublicSerialization(t *testing.T) {
+	entity, err := NewEntity("Golang Gopher", "Test Key", "no-reply@golang.com", nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	serializedEntity := bytes.NewBuffer(nil)
+	entity.Serialize(serializedEntity)
+
+	_, err = ReadEntity(packet.NewReader(bytes.NewBuffer(serializedEntity.Bytes())))
+	if err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/openpgp/packet/encrypted_key.go b/openpgp/packet/encrypted_key.go
index 266840d05..6d7639722 100644
--- a/openpgp/packet/encrypted_key.go
+++ b/openpgp/packet/encrypted_key.go
@@ -5,6 +5,7 @@
 package packet
 
 import (
+	"crypto"
 	"crypto/rsa"
 	"encoding/binary"
 	"io"
@@ -42,12 +43,18 @@ func (e *EncryptedKey) parse(r io.Reader) (err error) {
 	switch e.Algo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
 		e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)
+		if err != nil {
+			return
+		}
 	case PubKeyAlgoElGamal:
 		e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r)
 		if err != nil {
 			return
 		}
 		e.encryptedMPI2.bytes, e.encryptedMPI2.bitLength, err = readMPI(r)
+		if err != nil {
+			return
+		}
 	}
 	_, err = consumeAll(r)
 	return
@@ -72,7 +79,9 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error {
 	// padding oracle attacks.
 	switch priv.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
-		b, err = rsa.DecryptPKCS1v15(config.Random(), priv.PrivateKey.(*rsa.PrivateKey), e.encryptedMPI1.bytes)
+		// Supports both *rsa.PrivateKey and crypto.Decrypter
+		k := priv.PrivateKey.(crypto.Decrypter)
+		b, err = k.Decrypt(config.Random(), padToKeySize(k.Public().(*rsa.PublicKey), e.encryptedMPI1.bytes), nil)
 	case PubKeyAlgoElGamal:
 		c1 := new(big.Int).SetBytes(e.encryptedMPI1.bytes)
 		c2 := new(big.Int).SetBytes(e.encryptedMPI2.bytes)
diff --git a/openpgp/packet/encrypted_key_test.go b/openpgp/packet/encrypted_key_test.go
index fee14cf3c..ecb22bc2b 100644
--- a/openpgp/packet/encrypted_key_test.go
+++ b/openpgp/packet/encrypted_key_test.go
@@ -6,9 +6,11 @@ package packet
 
 import (
 	"bytes"
+	"crypto"
 	"crypto/rsa"
 	"encoding/hex"
 	"fmt"
+	"io"
 	"math/big"
 	"testing"
 )
@@ -39,7 +41,64 @@ var encryptedKeyPriv = &PrivateKey{
 }
 
 func TestDecryptingEncryptedKey(t *testing.T) {
+	for i, encryptedKeyHex := range []string{
+		"c18c032a67d68660df41c70104005789d0de26b6a50c985a02a13131ca829c413a35d0e6fa8d6842599252162808ac7439c72151c8c6183e76923fe3299301414d0c25a2f06a2257db3839e7df0ec964773f6e4c4ac7ff3b48c444237166dd46ba8ff443a5410dc670cb486672fdbe7c9dfafb75b4fea83af3a204fe2a7dfa86bd20122b4f3d2646cbeecb8f7be8",
+		// MPI can be shorter than the length of the key.
+		"c18b032a67d68660df41c70103f8e520c52ae9807183c669ce26e772e482dc5d8cf60e6f59316e145be14d2e5221ee69550db1d5618a8cb002a719f1f0b9345bde21536d410ec90ba86cac37748dec7933eb7f9873873b2d61d3321d1cd44535014f6df58f7bc0c7afb5edc38e1a974428997d2f747f9a173bea9ca53079b409517d332df62d805564cffc9be6",
+	} {
+		const expectedKeyHex = "d930363f7e0308c333b9618617ea728963d8df993665ae7be1092d4926fd864b"
+
+		p, err := Read(readerFromHex(encryptedKeyHex))
+		if err != nil {
+			t.Errorf("#%d: error from Read: %s", i, err)
+			return
+		}
+		ek, ok := p.(*EncryptedKey)
+		if !ok {
+			t.Errorf("#%d: didn't parse an EncryptedKey, got %#v", i, p)
+			return
+		}
+
+		if ek.KeyId != 0x2a67d68660df41c7 || ek.Algo != PubKeyAlgoRSA {
+			t.Errorf("#%d: unexpected EncryptedKey contents: %#v", i, ek)
+			return
+		}
+
+		err = ek.Decrypt(encryptedKeyPriv, nil)
+		if err != nil {
+			t.Errorf("#%d: error from Decrypt: %s", i, err)
+			return
+		}
+
+		if ek.CipherFunc != CipherAES256 {
+			t.Errorf("#%d: unexpected EncryptedKey contents: %#v", i, ek)
+			return
+		}
+
+		keyHex := fmt.Sprintf("%x", ek.Key)
+		if keyHex != expectedKeyHex {
+			t.Errorf("#%d: bad key, got %s want %s", i, keyHex, expectedKeyHex)
+		}
+	}
+}
+
+type rsaDecrypter struct {
+	rsaPrivateKey *rsa.PrivateKey
+	decryptCount  int
+}
+
+func (r *rsaDecrypter) Public() crypto.PublicKey {
+	return &r.rsaPrivateKey.PublicKey
+}
+
+func (r *rsaDecrypter) Decrypt(rand io.Reader, msg []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) {
+	r.decryptCount++
+	return r.rsaPrivateKey.Decrypt(rand, msg, opts)
+}
+
+func TestRSADecrypter(t *testing.T) {
 	const encryptedKeyHex = "c18c032a67d68660df41c70104005789d0de26b6a50c985a02a13131ca829c413a35d0e6fa8d6842599252162808ac7439c72151c8c6183e76923fe3299301414d0c25a2f06a2257db3839e7df0ec964773f6e4c4ac7ff3b48c444237166dd46ba8ff443a5410dc670cb486672fdbe7c9dfafb75b4fea83af3a204fe2a7dfa86bd20122b4f3d2646cbeecb8f7be8"
+
 	const expectedKeyHex = "d930363f7e0308c333b9618617ea728963d8df993665ae7be1092d4926fd864b"
 
 	p, err := Read(readerFromHex(encryptedKeyHex))
@@ -58,7 +117,18 @@ func TestDecryptingEncryptedKey(t *testing.T) {
 		return
 	}
 
-	err = ek.Decrypt(encryptedKeyPriv, nil)
+	customDecrypter := &rsaDecrypter{
+		rsaPrivateKey: encryptedKeyRSAPriv,
+	}
+
+	customKeyPriv := &PrivateKey{
+		PublicKey: PublicKey{
+			PubKeyAlgo: PubKeyAlgoRSA,
+		},
+		PrivateKey: customDecrypter,
+	}
+
+	err = ek.Decrypt(customKeyPriv, nil)
 	if err != nil {
 		t.Errorf("error from Decrypt: %s", err)
 		return
@@ -71,7 +141,11 @@ func TestDecryptingEncryptedKey(t *testing.T) {
 
 	keyHex := fmt.Sprintf("%x", ek.Key)
 	if keyHex != expectedKeyHex {
-		t.Errorf("bad key, got %s want %x", keyHex, expectedKeyHex)
+		t.Errorf("bad key, got %s want %s", keyHex, expectedKeyHex)
+	}
+
+	if customDecrypter.decryptCount != 1 {
+		t.Errorf("Expected customDecrypter.Decrypt() to be called 1 time, but was called %d times", customDecrypter.decryptCount)
 	}
 }
 
@@ -121,7 +195,7 @@ func TestEncryptingEncryptedKey(t *testing.T) {
 
 	keyHex := fmt.Sprintf("%x", ek.Key)
 	if keyHex != expectedKeyHex {
-		t.Errorf("bad key, got %s want %x", keyHex, expectedKeyHex)
+		t.Errorf("bad key, got %s want %s", keyHex, expectedKeyHex)
 	}
 }
 
diff --git a/openpgp/packet/opaque_test.go b/openpgp/packet/opaque_test.go
index f27bbfe09..61159f468 100644
--- a/openpgp/packet/opaque_test.go
+++ b/openpgp/packet/opaque_test.go
@@ -32,7 +32,7 @@ func TestOpaqueParseReason(t *testing.T) {
 			break
 		}
 		// try to parse opaque packet
-		p, err := op.Parse()
+		p, _ := op.Parse()
 		switch pkt := p.(type) {
 		case *UserId:
 			uid = pkt
diff --git a/openpgp/packet/packet.go b/openpgp/packet/packet.go
index 3eded93f0..0a19794a8 100644
--- a/openpgp/packet/packet.go
+++ b/openpgp/packet/packet.go
@@ -4,6 +4,12 @@
 
 // Package packet implements parsing and serialization of OpenPGP packets, as
 // specified in RFC 4880.
+//
+// Deprecated: this package is unmaintained except for security fixes. New
+// applications should consider a more focused, modern alternative to OpenPGP
+// for their specific task. If you are required to interoperate with OpenPGP
+// systems and need a maintained package, consider a community fork.
+// See https://golang.org/issue/44226.
 package packet // import "golang.org/x/crypto/openpgp/packet"
 
 import (
@@ -11,10 +17,13 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/des"
-	"golang.org/x/crypto/cast5"
-	"golang.org/x/crypto/openpgp/errors"
+	"crypto/rsa"
 	"io"
 	"math/big"
+	"math/bits"
+
+	"golang.org/x/crypto/cast5"
+	"golang.org/x/crypto/openpgp/errors"
 )
 
 // readFull is the same as io.ReadFull except that reading zero bytes returns
@@ -98,33 +107,65 @@ func (r *partialLengthReader) Read(p []byte) (n int, err error) {
 type partialLengthWriter struct {
 	w          io.WriteCloser
 	lengthByte [1]byte
+	sentFirst  bool
+	buf        []byte
 }
 
+// RFC 4880 4.2.2.4: the first partial length MUST be at least 512 octets long.
+const minFirstPartialWrite = 512
+
 func (w *partialLengthWriter) Write(p []byte) (n int, err error) {
+	off := 0
+	if !w.sentFirst {
+		if len(w.buf) > 0 || len(p) < minFirstPartialWrite {
+			off = len(w.buf)
+			w.buf = append(w.buf, p...)
+			if len(w.buf) < minFirstPartialWrite {
+				return len(p), nil
+			}
+			p = w.buf
+			w.buf = nil
+		}
+		w.sentFirst = true
+	}
+
+	power := uint8(30)
 	for len(p) > 0 {
-		for power := uint(14); power < 32; power-- {
-			l := 1 << power
-			if len(p) >= l {
-				w.lengthByte[0] = 224 + uint8(power)
-				_, err = w.w.Write(w.lengthByte[:])
-				if err != nil {
-					return
-				}
-				var m int
-				m, err = w.w.Write(p[:l])
-				n += m
-				if err != nil {
-					return
-				}
-				p = p[l:]
-				break
+		l := 1 << power
+		if len(p) < l {
+			power = uint8(bits.Len32(uint32(len(p)))) - 1
+			l = 1 << power
+		}
+		w.lengthByte[0] = 224 + power
+		_, err = w.w.Write(w.lengthByte[:])
+		if err == nil {
+			var m int
+			m, err = w.w.Write(p[:l])
+			n += m
+		}
+		if err != nil {
+			if n < off {
+				return 0, err
 			}
+			return n - off, err
 		}
+		p = p[l:]
 	}
-	return
+	return n - off, nil
 }
 
 func (w *partialLengthWriter) Close() error {
+	if len(w.buf) > 0 {
+		// In this case we can't send a 512 byte packet.
+		// Just send what we have.
+		p := w.buf
+		w.sentFirst = true
+		w.buf = nil
+		if _, err := w.Write(p); err != nil {
+			return err
+		}
+	}
+
 	w.lengthByte[0] = 0
 	_, err := w.w.Write(w.lengthByte[:])
 	if err != nil {
@@ -402,14 +443,16 @@ const (
 type PublicKeyAlgorithm uint8
 
 const (
-	PubKeyAlgoRSA            PublicKeyAlgorithm = 1
-	PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2
-	PubKeyAlgoRSASignOnly    PublicKeyAlgorithm = 3
-	PubKeyAlgoElGamal        PublicKeyAlgorithm = 16
-	PubKeyAlgoDSA            PublicKeyAlgorithm = 17
+	PubKeyAlgoRSA     PublicKeyAlgorithm = 1
+	PubKeyAlgoElGamal PublicKeyAlgorithm = 16
+	PubKeyAlgoDSA     PublicKeyAlgorithm = 17
 	// RFC 6637, Section 5.
 	PubKeyAlgoECDH  PublicKeyAlgorithm = 18
 	PubKeyAlgoECDSA PublicKeyAlgorithm = 19
+
+	// Deprecated in RFC 4880, Section 13.5. Use key flags instead.
+	PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2
+	PubKeyAlgoRSASignOnly    PublicKeyAlgorithm = 3
 )
 
 // CanEncrypt returns true if it's possible to encrypt a message to a public
@@ -500,19 +543,17 @@ func readMPI(r io.Reader) (mpi []byte, bitLength uint16, err error) {
 	numBytes := (int(bitLength) + 7) / 8
 	mpi = make([]byte, numBytes)
 	_, err = readFull(r, mpi)
-	return
-}
-
-// mpiLength returns the length of the given *big.Int when serialized as an
-// MPI.
-func mpiLength(n *big.Int) (mpiLengthInBytes int) {
-	mpiLengthInBytes = 2 /* MPI length */
-	mpiLengthInBytes += (n.BitLen() + 7) / 8
+	// According to RFC 4880 3.2. we should check that the MPI has no leading
+	// zeroes (at least when not an encrypted MPI?), but this implementation
+	// does generate leading zeroes, so we keep accepting them.
 	return
 }
 
 // writeMPI serializes a big integer to w.
 func writeMPI(w io.Writer, bitLength uint16, mpiBytes []byte) (err error) {
+	// Note that we can produce leading zeroes, in violation of RFC 4880 3.2.
+	// Implementations seem to be tolerant of them, and stripping them would
+	// make it complex to guarantee matching re-serialization.
 	_, err = w.Write([]byte{byte(bitLength >> 8), byte(bitLength)})
 	if err == nil {
 		_, err = w.Write(mpiBytes)
@@ -525,6 +566,18 @@ func writeBig(w io.Writer, i *big.Int) error {
 	return writeMPI(w, uint16(i.BitLen()), i.Bytes())
 }
 
+// padToKeySize left-pads a MPI with zeroes to match the length of the
+// specified RSA public.
+func padToKeySize(pub *rsa.PublicKey, b []byte) []byte {
+	k := (pub.N.BitLen() + 7) / 8
+	if len(b) >= k {
+		return b
+	}
+	bb := make([]byte, k)
+	copy(bb[len(bb)-len(b):], b)
+	return bb
+}
+
 // CompressionAlgo Represents the different compression algorithms
 // supported by OpenPGP (except for BZIP2, which is not currently
 // supported). See Section 9.3 of RFC 4880.
diff --git a/openpgp/packet/packet_test.go b/openpgp/packet/packet_test.go
index 1dab5c3d5..63a8387d6 100644
--- a/openpgp/packet/packet_test.go
+++ b/openpgp/packet/packet_test.go
@@ -232,7 +232,21 @@ func TestPartialLengths(t *testing.T) {
 			t.Errorf("error from write: %s", err)
 		}
 	}
-	w.Close()
+	if err := w.Close(); err != nil {
+		t.Fatal(err)
+	}
+
+	// The first packet should be at least 512 bytes.
+	first, err := buf.ReadByte()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if plen := 1 << (first & 0x1f); plen < 512 {
+		t.Errorf("first packet too short: got %d want at least %d", plen, 512)
+	}
+	if err := buf.UnreadByte(); err != nil {
+		t.Fatal(err)
+	}
 
 	want := (maxChunkSize * (maxChunkSize + 1)) / 2
 	copyBuf := bytes.NewBuffer(nil)
@@ -253,3 +267,25 @@ func TestPartialLengths(t *testing.T) {
 		}
 	}
 }
+
+func TestPartialLengthsShortWrite(t *testing.T) {
+	buf := bytes.NewBuffer(nil)
+	w := &partialLengthWriter{
+		w: noOpCloser{buf},
+	}
+	data := bytes.Repeat([]byte("a"), 510)
+	if _, err := w.Write(data); err != nil {
+		t.Fatal(err)
+	}
+	if err := w.Close(); err != nil {
+		t.Fatal(err)
+	}
+	copyBuf := bytes.NewBuffer(nil)
+	r := &partialLengthReader{buf, 0, true}
+	if _, err := io.Copy(copyBuf, r); err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(copyBuf.Bytes(), data) {
+		t.Errorf("got %q want %q", buf.Bytes(), data)
+	}
+}
diff --git a/openpgp/packet/private_key.go b/openpgp/packet/private_key.go
index 34734cc63..81abb7cef 100644
--- a/openpgp/packet/private_key.go
+++ b/openpgp/packet/private_key.go
@@ -31,49 +31,54 @@ type PrivateKey struct {
 	encryptedData []byte
 	cipher        CipherFunction
 	s2k           func(out, in []byte)
-	PrivateKey    interface{} // An *{rsa|dsa|ecdsa}.PrivateKey or a crypto.Signer.
+	PrivateKey    interface{} // An *{rsa|dsa|ecdsa}.PrivateKey or crypto.Signer/crypto.Decrypter (Decryptor RSA only).
 	sha1Checksum  bool
 	iv            []byte
 }
 
-func NewRSAPrivateKey(currentTime time.Time, priv *rsa.PrivateKey) *PrivateKey {
+func NewRSAPrivateKey(creationTime time.Time, priv *rsa.PrivateKey) *PrivateKey {
 	pk := new(PrivateKey)
-	pk.PublicKey = *NewRSAPublicKey(currentTime, &priv.PublicKey)
+	pk.PublicKey = *NewRSAPublicKey(creationTime, &priv.PublicKey)
 	pk.PrivateKey = priv
 	return pk
 }
 
-func NewDSAPrivateKey(currentTime time.Time, priv *dsa.PrivateKey) *PrivateKey {
+func NewDSAPrivateKey(creationTime time.Time, priv *dsa.PrivateKey) *PrivateKey {
 	pk := new(PrivateKey)
-	pk.PublicKey = *NewDSAPublicKey(currentTime, &priv.PublicKey)
+	pk.PublicKey = *NewDSAPublicKey(creationTime, &priv.PublicKey)
 	pk.PrivateKey = priv
 	return pk
 }
 
-func NewElGamalPrivateKey(currentTime time.Time, priv *elgamal.PrivateKey) *PrivateKey {
+func NewElGamalPrivateKey(creationTime time.Time, priv *elgamal.PrivateKey) *PrivateKey {
 	pk := new(PrivateKey)
-	pk.PublicKey = *NewElGamalPublicKey(currentTime, &priv.PublicKey)
+	pk.PublicKey = *NewElGamalPublicKey(creationTime, &priv.PublicKey)
 	pk.PrivateKey = priv
 	return pk
 }
 
-func NewECDSAPrivateKey(currentTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey {
+func NewECDSAPrivateKey(creationTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey {
 	pk := new(PrivateKey)
-	pk.PublicKey = *NewECDSAPublicKey(currentTime, &priv.PublicKey)
+	pk.PublicKey = *NewECDSAPublicKey(creationTime, &priv.PublicKey)
 	pk.PrivateKey = priv
 	return pk
 }
 
-// NewSignerPrivateKey creates a sign-only PrivateKey from a crypto.Signer that
+// NewSignerPrivateKey creates a PrivateKey from a crypto.Signer that
 // implements RSA or ECDSA.
-func NewSignerPrivateKey(currentTime time.Time, signer crypto.Signer) *PrivateKey {
+func NewSignerPrivateKey(creationTime time.Time, signer crypto.Signer) *PrivateKey {
 	pk := new(PrivateKey)
+	// In general, the public Keys should be used as pointers. We still
+	// type-switch on the values, for backwards-compatibility.
 	switch pubkey := signer.Public().(type) {
+	case *rsa.PublicKey:
+		pk.PublicKey = *NewRSAPublicKey(creationTime, pubkey)
 	case rsa.PublicKey:
-		pk.PublicKey = *NewRSAPublicKey(currentTime, &pubkey)
-		pk.PubKeyAlgo = PubKeyAlgoRSASignOnly
+		pk.PublicKey = *NewRSAPublicKey(creationTime, &pubkey)
+	case *ecdsa.PublicKey:
+		pk.PublicKey = *NewECDSAPublicKey(creationTime, pubkey)
 	case ecdsa.PublicKey:
-		pk.PublicKey = *NewECDSAPublicKey(currentTime, &pubkey)
+		pk.PublicKey = *NewECDSAPublicKey(creationTime, &pubkey)
 	default:
 		panic("openpgp: unknown crypto.Signer type in NewSignerPrivateKey")
 	}
diff --git a/openpgp/packet/private_key_test.go b/openpgp/packet/private_key_test.go
index c16ef78ab..cc08b4837 100644
--- a/openpgp/packet/private_key_test.go
+++ b/openpgp/packet/private_key_test.go
@@ -14,7 +14,6 @@ import (
 	"crypto/x509"
 	"encoding/hex"
 	"hash"
-	"io"
 	"testing"
 	"time"
 )
@@ -162,15 +161,7 @@ func TestECDSAPrivateKey(t *testing.T) {
 }
 
 type rsaSigner struct {
-	priv *rsa.PrivateKey
-}
-
-func (s *rsaSigner) Public() crypto.PublicKey {
-	return s.priv.PublicKey
-}
-
-func (s *rsaSigner) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) ([]byte, error) {
-	return s.priv.Sign(rand, msg, opts)
+	*rsa.PrivateKey
 }
 
 func TestRSASignerPrivateKey(t *testing.T) {
@@ -181,12 +172,8 @@ func TestRSASignerPrivateKey(t *testing.T) {
 
 	priv := NewSignerPrivateKey(time.Now(), &rsaSigner{rsaPriv})
 
-	if priv.PubKeyAlgo != PubKeyAlgoRSASignOnly {
-		t.Fatal("NewSignerPrivateKey should have made a sign-only RSA private key")
-	}
-
 	sig := &Signature{
-		PubKeyAlgo: PubKeyAlgoRSASignOnly,
+		PubKeyAlgo: PubKeyAlgoRSA,
 		Hash:       crypto.SHA256,
 	}
 	msg := []byte("Hello World!")
@@ -208,15 +195,7 @@ func TestRSASignerPrivateKey(t *testing.T) {
 }
 
 type ecdsaSigner struct {
-	priv *ecdsa.PrivateKey
-}
-
-func (s *ecdsaSigner) Public() crypto.PublicKey {
-	return s.priv.PublicKey
-}
-
-func (s *ecdsaSigner) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) ([]byte, error) {
-	return s.priv.Sign(rand, msg, opts)
+	*ecdsa.PrivateKey
 }
 
 func TestECDSASignerPrivateKey(t *testing.T) {
@@ -228,7 +207,7 @@ func TestECDSASignerPrivateKey(t *testing.T) {
 	priv := NewSignerPrivateKey(time.Now(), &ecdsaSigner{ecdsaPriv})
 
 	if priv.PubKeyAlgo != PubKeyAlgoECDSA {
-		t.Fatal("NewSignerPrivateKey should have made a ECSDA private key")
+		t.Fatal("NewSignerPrivateKey should have made an ECSDA private key")
 	}
 
 	sig := &Signature{
diff --git a/openpgp/packet/public_key.go b/openpgp/packet/public_key.go
index ead26233d..fcd5f5251 100644
--- a/openpgp/packet/public_key.go
+++ b/openpgp/packet/public_key.go
@@ -244,7 +244,12 @@ func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey
 	}
 
 	pk.ec.p.bytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y)
-	pk.ec.p.bitLength = uint16(8 * len(pk.ec.p.bytes))
+
+	// The bit length is 3 (for the 0x04 specifying an uncompressed key)
+	// plus two field elements (for x and y), which are rounded up to the
+	// nearest byte. See https://tools.ietf.org/html/rfc6637#section-6
+	fieldBytes := (pub.Curve.Params().BitSize + 7) & ^7
+	pk.ec.p.bitLength = uint16(3 + fieldBytes + fieldBytes)
 
 	pk.setFingerPrintAndKeyId()
 	return pk
@@ -515,7 +520,7 @@ func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err erro
 	switch pk.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
 		rsaPublicKey, _ := pk.PublicKey.(*rsa.PublicKey)
-		err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes)
+		err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, padToKeySize(rsaPublicKey, sig.RSASignature.bytes))
 		if err != nil {
 			return errors.SignatureError("RSA verification failure")
 		}
@@ -566,7 +571,7 @@ func (pk *PublicKey) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err
 	switch pk.PubKeyAlgo {
 	case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
 		rsaPublicKey := pk.PublicKey.(*rsa.PublicKey)
-		if err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes); err != nil {
+		if err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, padToKeySize(rsaPublicKey, sig.RSASignature.bytes)); err != nil {
 			return errors.SignatureError("RSA verification failure")
 		}
 		return
diff --git a/openpgp/packet/public_key_test.go b/openpgp/packet/public_key_test.go
index 7ad7d9185..103696ee7 100644
--- a/openpgp/packet/public_key_test.go
+++ b/openpgp/packet/public_key_test.go
@@ -6,7 +6,10 @@ package packet
 
 import (
 	"bytes"
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"encoding/hex"
+	"math/big"
 	"testing"
 	"time"
 )
@@ -186,6 +189,29 @@ func TestEcc384Serialize(t *testing.T) {
 	}
 }
 
+func TestP256KeyID(t *testing.T) {
+	// Confirm that key IDs are correctly calculated for ECC keys.
+	ecdsaPub := &ecdsa.PublicKey{
+		Curve: elliptic.P256(),
+		X:     fromHex("81fbbc20eea9e8d1c3ceabb0a8185925b113d1ac42cd5c78403bd83da19235c6"),
+		Y:     fromHex("5ed6db13d91db34507d0129bf88981878d29adbf8fcd1720afdb767bb3fcaaff"),
+	}
+	pub := NewECDSAPublicKey(time.Unix(1297309478, 0), ecdsaPub)
+
+	const want = uint64(0xd01055fbcadd268e)
+	if pub.KeyId != want {
+		t.Errorf("want key ID: %x, got %x", want, pub.KeyId)
+	}
+}
+
+func fromHex(hex string) *big.Int {
+	n, ok := new(big.Int).SetString(hex, 16)
+	if !ok {
+		panic("bad hex number: " + hex)
+	}
+	return n
+}
+
 const rsaFingerprintHex = "5fb74b1d03b1e3cb31bc2f8aa34d7e18c20c31bb"
 
 const rsaPkDataHex = "988d044d3c5c10010400b1d13382944bd5aba23a4312968b5095d14f947f600eb478e14a6fcb16b0e0cac764884909c020bc495cfcc39a935387c661507bdb236a0612fb582cac3af9b29cc2c8c70090616c41b662f4da4c1201e195472eb7f4ae1ccbcbf9940fe21d985e379a5563dde5b9a23d35f1cfaa5790da3b79db26f23695107bfaca8e7b5bcd0011010001"
diff --git a/openpgp/packet/signature.go b/openpgp/packet/signature.go
index 6ce0cbedb..b2a24a532 100644
--- a/openpgp/packet/signature.go
+++ b/openpgp/packet/signature.go
@@ -542,7 +542,7 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err e
 			r, s, err = ecdsa.Sign(config.Random(), pk, digest)
 		} else {
 			var b []byte
-			b, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, nil)
+			b, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, sig.Hash)
 			if err == nil {
 				r, s, err = unwrapECDSASig(b)
 			}
diff --git a/openpgp/packet/symmetric_key_encrypted.go b/openpgp/packet/symmetric_key_encrypted.go
index 4b1105b6f..744c2d2c4 100644
--- a/openpgp/packet/symmetric_key_encrypted.go
+++ b/openpgp/packet/symmetric_key_encrypted.go
@@ -88,10 +88,10 @@ func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) ([]byte, CipherFunc
 		return nil, ske.CipherFunc, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(cipherFunc)))
 	}
 	plaintextKey = plaintextKey[1:]
-	if l := len(plaintextKey); l == 0 || l%cipherFunc.blockSize() != 0 {
-		return nil, cipherFunc, errors.StructuralError("length of decrypted key not a multiple of block size")
+	if l, cipherKeySize := len(plaintextKey), cipherFunc.KeySize(); l != cipherFunc.KeySize() {
+		return nil, cipherFunc, errors.StructuralError("length of decrypted key (" + strconv.Itoa(l) + ") " +
+			"not equal to cipher keysize (" + strconv.Itoa(cipherKeySize) + ")")
 	}
-
 	return plaintextKey, cipherFunc, nil
 }
 
diff --git a/openpgp/packet/symmetric_key_encrypted_test.go b/openpgp/packet/symmetric_key_encrypted_test.go
index 19538df77..e1d52c122 100644
--- a/openpgp/packet/symmetric_key_encrypted_test.go
+++ b/openpgp/packet/symmetric_key_encrypted_test.go
@@ -61,43 +61,57 @@ func TestSymmetricKeyEncrypted(t *testing.T) {
 const symmetricallyEncryptedHex = "8c0d04030302371a0b38d884f02060c91cf97c9973b8e58e028e9501708ccfe618fb92afef7fa2d80ddadd93cf"
 const symmetricallyEncryptedContentsHex = "cb1062004d14c4df636f6e74656e74732e0a"
 
-func TestSerializeSymmetricKeyEncrypted(t *testing.T) {
-	buf := bytes.NewBuffer(nil)
-	passphrase := []byte("testing")
-	const cipherFunc = CipherAES128
-	config := &Config{
-		DefaultCipher: cipherFunc,
+func TestSerializeSymmetricKeyEncryptedCiphers(t *testing.T) {
+	tests := [...]struct {
+		cipherFunc CipherFunction
+		name       string
+	}{
+		{Cipher3DES, "Cipher3DES"},
+		{CipherCAST5, "CipherCAST5"},
+		{CipherAES128, "CipherAES128"},
+		{CipherAES192, "CipherAES192"},
+		{CipherAES256, "CipherAES256"},
 	}
 
-	key, err := SerializeSymmetricKeyEncrypted(buf, passphrase, config)
-	if err != nil {
-		t.Errorf("failed to serialize: %s", err)
-		return
-	}
+	for _, test := range tests {
+		var buf bytes.Buffer
+		passphrase := []byte("testing")
+		config := &Config{
+			DefaultCipher: test.cipherFunc,
+		}
 
-	p, err := Read(buf)
-	if err != nil {
-		t.Errorf("failed to reparse: %s", err)
-		return
-	}
-	ske, ok := p.(*SymmetricKeyEncrypted)
-	if !ok {
-		t.Errorf("parsed a different packet type: %#v", p)
-		return
-	}
+		key, err := SerializeSymmetricKeyEncrypted(&buf, passphrase, config)
+		if err != nil {
+			t.Errorf("cipher(%s) failed to serialize: %s", test.name, err)
+			continue
+		}
 
-	if ske.CipherFunc != config.DefaultCipher {
-		t.Errorf("SKE cipher function is %d (expected %d)", ske.CipherFunc, config.DefaultCipher)
-	}
-	parsedKey, parsedCipherFunc, err := ske.Decrypt(passphrase)
-	if err != nil {
-		t.Errorf("failed to decrypt reparsed SKE: %s", err)
-		return
-	}
-	if !bytes.Equal(key, parsedKey) {
-		t.Errorf("keys don't match after Decrypt: %x (original) vs %x (parsed)", key, parsedKey)
-	}
-	if parsedCipherFunc != cipherFunc {
-		t.Errorf("cipher function doesn't match after Decrypt: %d (original) vs %d (parsed)", cipherFunc, parsedCipherFunc)
+		p, err := Read(&buf)
+		if err != nil {
+			t.Errorf("cipher(%s) failed to reparse: %s", test.name, err)
+			continue
+		}
+
+		ske, ok := p.(*SymmetricKeyEncrypted)
+		if !ok {
+			t.Errorf("cipher(%s) parsed a different packet type: %#v", test.name, p)
+			continue
+		}
+
+		if ske.CipherFunc != config.DefaultCipher {
+			t.Errorf("cipher(%s) SKE cipher function is %d (expected %d)", test.name, ske.CipherFunc, config.DefaultCipher)
+		}
+		parsedKey, parsedCipherFunc, err := ske.Decrypt(passphrase)
+		if err != nil {
+			t.Errorf("cipher(%s) failed to decrypt reparsed SKE: %s", test.name, err)
+			continue
+		}
+		if !bytes.Equal(key, parsedKey) {
+			t.Errorf("cipher(%s) keys don't match after Decrypt: %x (original) vs %x (parsed)", test.name, key, parsedKey)
+		}
+		if parsedCipherFunc != test.cipherFunc {
+			t.Errorf("cipher(%s) cipher function doesn't match after Decrypt: %d (original) vs %d (parsed)",
+				test.name, test.cipherFunc, parsedCipherFunc)
+		}
 	}
 }
diff --git a/openpgp/packet/userattribute.go b/openpgp/packet/userattribute.go
index 96a2b382a..d19ffbc78 100644
--- a/openpgp/packet/userattribute.go
+++ b/openpgp/packet/userattribute.go
@@ -80,7 +80,7 @@ func (uat *UserAttribute) Serialize(w io.Writer) (err error) {
 
 // ImageData returns zero or more byte slices, each containing
 // JPEG File Interchange Format (JFIF), for each photo in the
-// the user attribute packet.
+// user attribute packet.
 func (uat *UserAttribute) ImageData() (imageData [][]byte) {
 	for _, sp := range uat.Contents {
 		if sp.SubType == UserAttrImageSubpacket && len(sp.Contents) > 16 {
diff --git a/openpgp/read.go b/openpgp/read.go
index 6ec664f44..48a893146 100644
--- a/openpgp/read.go
+++ b/openpgp/read.go
@@ -3,6 +3,12 @@
 // license that can be found in the LICENSE file.
 
 // Package openpgp implements high level operations on OpenPGP messages.
+//
+// Deprecated: this package is unmaintained except for security fixes. New
+// applications should consider a more focused, modern alternative to OpenPGP
+// for their specific task. If you are required to interoperate with OpenPGP
+// systems and need a maintained package, consider a community fork.
+// See https://golang.org/issue/44226.
 package openpgp // import "golang.org/x/crypto/openpgp"
 
 import (
diff --git a/openpgp/read_test.go b/openpgp/read_test.go
index 1fbfbac4c..f5bba3019 100644
--- a/openpgp/read_test.go
+++ b/openpgp/read_test.go
@@ -124,7 +124,7 @@ func checkSignedMessage(t *testing.T, signedHex, expected string) {
 		return
 	}
 
-	if !md.IsSigned || md.SignedByKeyId != 0xa34d7e18c20c31bb || md.SignedBy == nil || md.IsEncrypted || md.IsSymmetricallyEncrypted || len(md.EncryptedToKeyIds) != 0 || md.IsSymmetricallyEncrypted {
+	if !md.IsSigned || md.SignedByKeyId != 0xa34d7e18c20c31bb || md.SignedBy == nil || md.IsEncrypted || md.IsSymmetricallyEncrypted || len(md.EncryptedToKeyIds) != 0 || md.DecryptedWith != (Key{}) {
 		t.Errorf("bad MessageDetails: %#v", md)
 	}
 
diff --git a/openpgp/s2k/s2k.go b/openpgp/s2k/s2k.go
index 4b9a44ca2..9de04958e 100644
--- a/openpgp/s2k/s2k.go
+++ b/openpgp/s2k/s2k.go
@@ -4,6 +4,12 @@
 
 // Package s2k implements the various OpenPGP string-to-key transforms as
 // specified in RFC 4800 section 3.7.1.
+//
+// Deprecated: this package is unmaintained except for security fixes. New
+// applications should consider a more focused, modern alternative to OpenPGP
+// for their specific task. If you are required to interoperate with OpenPGP
+// systems and need a maintained package, consider a community fork.
+// See https://golang.org/issue/44226.
 package s2k // import "golang.org/x/crypto/openpgp/s2k"
 
 import (
diff --git a/openpgp/write.go b/openpgp/write.go
index 65a304cc8..4ee71784e 100644
--- a/openpgp/write.go
+++ b/openpgp/write.go
@@ -164,12 +164,12 @@ func hashToHashId(h crypto.Hash) uint8 {
 	return v
 }
 
-// Encrypt encrypts a message to a number of recipients and, optionally, signs
-// it. hints contains optional information, that is also encrypted, that aids
-// the recipients in processing the message. The resulting WriteCloser must
-// be closed after the contents of the file have been written.
-// If config is nil, sensible defaults will be used.
-func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
+// writeAndSign writes the data as a payload package and, optionally, signs
+// it. hints contains optional information, that is also encrypted,
+// that aids the recipients in processing the message. The resulting
+// WriteCloser must be closed after the contents of the file have been
+// written. If config is nil, sensible defaults will be used.
+func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
 	var signer *packet.PrivateKey
 	if signed != nil {
 		signKey, ok := signed.signingKey(config.Now())
@@ -185,6 +185,83 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint
 		}
 	}
 
+	var hash crypto.Hash
+	for _, hashId := range candidateHashes {
+		if h, ok := s2k.HashIdToHash(hashId); ok && h.Available() {
+			hash = h
+			break
+		}
+	}
+
+	// If the hash specified by config is a candidate, we'll use that.
+	if configuredHash := config.Hash(); configuredHash.Available() {
+		for _, hashId := range candidateHashes {
+			if h, ok := s2k.HashIdToHash(hashId); ok && h == configuredHash {
+				hash = h
+				break
+			}
+		}
+	}
+
+	if hash == 0 {
+		hashId := candidateHashes[0]
+		name, ok := s2k.HashIdToString(hashId)
+		if !ok {
+			name = "#" + strconv.Itoa(int(hashId))
+		}
+		return nil, errors.InvalidArgumentError("cannot encrypt because no candidate hash functions are compiled in. (Wanted " + name + " in this case.)")
+	}
+
+	if signer != nil {
+		ops := &packet.OnePassSignature{
+			SigType:    packet.SigTypeBinary,
+			Hash:       hash,
+			PubKeyAlgo: signer.PubKeyAlgo,
+			KeyId:      signer.KeyId,
+			IsLast:     true,
+		}
+		if err := ops.Serialize(payload); err != nil {
+			return nil, err
+		}
+	}
+
+	if hints == nil {
+		hints = &FileHints{}
+	}
+
+	w := payload
+	if signer != nil {
+		// If we need to write a signature packet after the literal
+		// data then we need to stop literalData from closing
+		// encryptedData.
+		w = noOpCloser{w}
+
+	}
+	var epochSeconds uint32
+	if !hints.ModTime.IsZero() {
+		epochSeconds = uint32(hints.ModTime.Unix())
+	}
+	literalData, err := packet.SerializeLiteral(w, hints.IsBinary, hints.FileName, epochSeconds)
+	if err != nil {
+		return nil, err
+	}
+
+	if signer != nil {
+		return signatureWriter{payload, literalData, hash, hash.New(), signer, config}, nil
+	}
+	return literalData, nil
+}
+
+// Encrypt encrypts a message to a number of recipients and, optionally, signs
+// it. hints contains optional information, that is also encrypted, that aids
+// the recipients in processing the message. The resulting WriteCloser must
+// be closed after the contents of the file have been written.
+// If config is nil, sensible defaults will be used.
+func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
+	if len(to) == 0 {
+		return nil, errors.InvalidArgumentError("no encryption recipient provided")
+	}
+
 	// These are the possible ciphers that we'll use for the message.
 	candidateCiphers := []uint8{
 		uint8(packet.CipherAES128),
@@ -194,6 +271,7 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint
 	// These are the possible hash functions that we'll use for the signature.
 	candidateHashes := []uint8{
 		hashToHashId(crypto.SHA256),
+		hashToHashId(crypto.SHA384),
 		hashToHashId(crypto.SHA512),
 		hashToHashId(crypto.SHA1),
 		hashToHashId(crypto.RIPEMD160),
@@ -241,33 +319,6 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint
 		}
 	}
 
-	var hash crypto.Hash
-	for _, hashId := range candidateHashes {
-		if h, ok := s2k.HashIdToHash(hashId); ok && h.Available() {
-			hash = h
-			break
-		}
-	}
-
-	// If the hash specified by config is a candidate, we'll use that.
-	if configuredHash := config.Hash(); configuredHash.Available() {
-		for _, hashId := range candidateHashes {
-			if h, ok := s2k.HashIdToHash(hashId); ok && h == configuredHash {
-				hash = h
-				break
-			}
-		}
-	}
-
-	if hash == 0 {
-		hashId := candidateHashes[0]
-		name, ok := s2k.HashIdToString(hashId)
-		if !ok {
-			name = "#" + strconv.Itoa(int(hashId))
-		}
-		return nil, errors.InvalidArgumentError("cannot encrypt because no candidate hash functions are compiled in. (Wanted " + name + " in this case.)")
-	}
-
 	symKey := make([]byte, cipher.KeySize())
 	if _, err := io.ReadFull(config.Random(), symKey); err != nil {
 		return nil, err
@@ -279,49 +330,38 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint
 		}
 	}
 
-	encryptedData, err := packet.SerializeSymmetricallyEncrypted(ciphertext, cipher, symKey, config)
+	payload, err := packet.SerializeSymmetricallyEncrypted(ciphertext, cipher, symKey, config)
 	if err != nil {
 		return
 	}
 
-	if signer != nil {
-		ops := &packet.OnePassSignature{
-			SigType:    packet.SigTypeBinary,
-			Hash:       hash,
-			PubKeyAlgo: signer.PubKeyAlgo,
-			KeyId:      signer.KeyId,
-			IsLast:     true,
-		}
-		if err := ops.Serialize(encryptedData); err != nil {
-			return nil, err
-		}
-	}
+	return writeAndSign(payload, candidateHashes, signed, hints, config)
+}
 
-	if hints == nil {
-		hints = &FileHints{}
+// Sign signs a message. The resulting WriteCloser must be closed after the
+// contents of the file have been written.  hints contains optional information
+// that aids the recipients in processing the message.
+// If config is nil, sensible defaults will be used.
+func Sign(output io.Writer, signed *Entity, hints *FileHints, config *packet.Config) (input io.WriteCloser, err error) {
+	if signed == nil {
+		return nil, errors.InvalidArgumentError("no signer provided")
 	}
 
-	w := encryptedData
-	if signer != nil {
-		// If we need to write a signature packet after the literal
-		// data then we need to stop literalData from closing
-		// encryptedData.
-		w = noOpCloser{encryptedData}
-
-	}
-	var epochSeconds uint32
-	if !hints.ModTime.IsZero() {
-		epochSeconds = uint32(hints.ModTime.Unix())
-	}
-	literalData, err := packet.SerializeLiteral(w, hints.IsBinary, hints.FileName, epochSeconds)
-	if err != nil {
-		return nil, err
+	// These are the possible hash functions that we'll use for the signature.
+	candidateHashes := []uint8{
+		hashToHashId(crypto.SHA256),
+		hashToHashId(crypto.SHA384),
+		hashToHashId(crypto.SHA512),
+		hashToHashId(crypto.SHA1),
+		hashToHashId(crypto.RIPEMD160),
 	}
-
-	if signer != nil {
-		return signatureWriter{encryptedData, literalData, hash, hash.New(), signer, config}, nil
+	defaultHashes := candidateHashes[len(candidateHashes)-1:]
+	preferredHashes := signed.primaryIdentity().SelfSignature.PreferredHash
+	if len(preferredHashes) == 0 {
+		preferredHashes = defaultHashes
 	}
-	return literalData, nil
+	candidateHashes = intersectPreferences(candidateHashes, preferredHashes)
+	return writeAndSign(noOpCloser{output}, candidateHashes, signed, hints, config)
 }
 
 // signatureWriter hashes the contents of a message while passing it along to
diff --git a/openpgp/write_test.go b/openpgp/write_test.go
index f2d50a0cf..cbc8f4dac 100644
--- a/openpgp/write_test.go
+++ b/openpgp/write_test.go
@@ -271,3 +271,92 @@ func TestEncryption(t *testing.T) {
 		}
 	}
 }
+
+var testSigningTests = []struct {
+	keyRingHex string
+}{
+	{
+		testKeys1And2PrivateHex,
+	},
+	{
+		dsaElGamalTestKeysHex,
+	},
+}
+
+func TestSigning(t *testing.T) {
+	for i, test := range testSigningTests {
+		kring, _ := ReadKeyRing(readerFromHex(test.keyRingHex))
+
+		passphrase := []byte("passphrase")
+		for _, entity := range kring {
+			if entity.PrivateKey != nil && entity.PrivateKey.Encrypted {
+				err := entity.PrivateKey.Decrypt(passphrase)
+				if err != nil {
+					t.Errorf("#%d: failed to decrypt key", i)
+				}
+			}
+			for _, subkey := range entity.Subkeys {
+				if subkey.PrivateKey != nil && subkey.PrivateKey.Encrypted {
+					err := subkey.PrivateKey.Decrypt(passphrase)
+					if err != nil {
+						t.Errorf("#%d: failed to decrypt subkey", i)
+					}
+				}
+			}
+		}
+
+		signed := kring[0]
+
+		buf := new(bytes.Buffer)
+		w, err := Sign(buf, signed, nil /* no hints */, nil)
+		if err != nil {
+			t.Errorf("#%d: error in Sign: %s", i, err)
+			continue
+		}
+
+		const message = "testing"
+		_, err = w.Write([]byte(message))
+		if err != nil {
+			t.Errorf("#%d: error writing plaintext: %s", i, err)
+			continue
+		}
+		err = w.Close()
+		if err != nil {
+			t.Errorf("#%d: error closing WriteCloser: %s", i, err)
+			continue
+		}
+
+		md, err := ReadMessage(buf, kring, nil /* no prompt */, nil)
+		if err != nil {
+			t.Errorf("#%d: error reading message: %s", i, err)
+			continue
+		}
+
+		testTime, _ := time.Parse("2006-01-02", "2013-07-01")
+		signKey, _ := kring[0].signingKey(testTime)
+		expectedKeyId := signKey.PublicKey.KeyId
+		if md.SignedByKeyId != expectedKeyId {
+			t.Errorf("#%d: message signed by wrong key id, got: %v, want: %v", i, *md.SignedBy, expectedKeyId)
+		}
+		if md.SignedBy == nil {
+			t.Errorf("#%d: failed to find the signing Entity", i)
+		}
+
+		plaintext, err := ioutil.ReadAll(md.UnverifiedBody)
+		if err != nil {
+			t.Errorf("#%d: error reading contents: %v", i, err)
+			continue
+		}
+
+		if string(plaintext) != message {
+			t.Errorf("#%d: got: %q, want: %q", i, plaintext, message)
+		}
+
+		if md.SignatureError != nil {
+			t.Errorf("#%d: signature error: %q", i, md.SignatureError)
+		}
+		if md.Signature == nil {
+			t.Error("signature missing")
+		}
+	}
+}
diff --git a/otr/otr.go b/otr/otr.go
index 173b753db..29121e9bb 100644
--- a/otr/otr.go
+++ b/otr/otr.go
@@ -4,6 +4,10 @@
 
 // Package otr implements the Off The Record protocol as specified in
 // http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html
+//
+// The version of OTR implemented by this package has been deprecated
+// (https://bugs.otr.im/lib/libotr/issues/140). An implementation of OTRv3 is
+// available at https://github.com/coyim/otr3.
 package otr // import "golang.org/x/crypto/otr"
 
 import (
@@ -637,7 +641,7 @@ func (c *Conversation) serializeDHKey() []byte {
 }
 
 func (c *Conversation) processDHKey(in []byte) (isSame bool, err error) {
-	gy, in, ok := getMPI(in)
+	gy, _, ok := getMPI(in)
 	if !ok {
 		err = errors.New("otr: corrupt DH key message")
 		return
diff --git a/pbkdf2/pbkdf2_test.go b/pbkdf2/pbkdf2_test.go
index 137924061..f83cb6922 100644
--- a/pbkdf2/pbkdf2_test.go
+++ b/pbkdf2/pbkdf2_test.go
@@ -155,3 +155,22 @@ func TestWithHMACSHA1(t *testing.T) {
 func TestWithHMACSHA256(t *testing.T) {
 	testHash(t, sha256.New, "SHA256", sha256TestVectors)
 }
+
+var sink uint8
+
+func benchmark(b *testing.B, h func() hash.Hash) {
+	password := make([]byte, h().Size())
+	salt := make([]byte, 8)
+	for i := 0; i < b.N; i++ {
+		password = Key(password, salt, 4096, len(password), h)
+	}
+	sink += password[0]
+}
+
+func BenchmarkHMACSHA1(b *testing.B) {
+	benchmark(b, sha1.New)
+}
+
+func BenchmarkHMACSHA256(b *testing.B) {
+	benchmark(b, sha256.New)
+}
diff --git a/pkcs12/crypto.go b/pkcs12/crypto.go
index 4bd4470ec..484ca51b7 100644
--- a/pkcs12/crypto.go
+++ b/pkcs12/crypto.go
@@ -124,7 +124,7 @@ func pbDecrypt(info decryptable, password []byte) (decrypted []byte, err error)
 	return
 }
 
-// decryptable abstracts a object that contains ciphertext.
+// decryptable abstracts an object that contains ciphertext.
 type decryptable interface {
 	Algorithm() pkix.AlgorithmIdentifier
 	Data() []byte
diff --git a/pkcs12/internal/rc2/rc2.go b/pkcs12/internal/rc2/rc2.go
index 8c7090258..7499e3fb6 100644
--- a/pkcs12/internal/rc2/rc2.go
+++ b/pkcs12/internal/rc2/rc2.go
@@ -122,7 +122,6 @@ func (c *rc2Cipher) Encrypt(dst, src []byte) {
 	r3 = r3 + c.k[r2&63]
 
 	for j <= 40 {
-
 		// mix r0
 		r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
 		r0 = rotl16(r0, 1)
@@ -151,7 +150,6 @@ func (c *rc2Cipher) Encrypt(dst, src []byte) {
 	r3 = r3 + c.k[r2&63]
 
 	for j <= 60 {
-
 		// mix r0
 		r0 = r0 + c.k[j] + (r3 & r2) + ((^r3) & r1)
 		r0 = rotl16(r0, 1)
@@ -244,7 +242,6 @@ func (c *rc2Cipher) Decrypt(dst, src []byte) {
 	r0 = r0 - c.k[r3&63]
 
 	for j >= 0 {
-
 		// unmix r3
 		r3 = rotl16(r3, 16-5)
 		r3 = r3 - c.k[j] - (r2 & r1) - ((^r2) & r0)
diff --git a/pkcs12/internal/rc2/rc2_test.go b/pkcs12/internal/rc2/rc2_test.go
index 8a49dfaf3..51a7efe50 100644
--- a/pkcs12/internal/rc2/rc2_test.go
+++ b/pkcs12/internal/rc2/rc2_test.go
@@ -11,7 +11,6 @@ import (
 )
 
 func TestEncryptDecrypt(t *testing.T) {
-
 	// TODO(dgryski): add the rest of the test vectors from the RFC
 	var tests = []struct {
 		key    string
diff --git a/pkcs12/pkcs12.go b/pkcs12/pkcs12.go
index eff9ad3a9..3a89bdb3e 100644
--- a/pkcs12/pkcs12.go
+++ b/pkcs12/pkcs12.go
@@ -7,6 +7,9 @@
 // This implementation is distilled from https://tools.ietf.org/html/rfc7292
 // and referenced documents. It is intended for decoding P12/PFX-stored
 // certificates and keys for use with the crypto/tls package.
+//
+// This package is frozen. If it's missing functionality you need, consider
+// an alternative like software.sslmate.com/src/go-pkcs12.
 package pkcs12
 
 import (
@@ -27,6 +30,8 @@ var (
 	oidFriendlyName     = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 9, 20})
 	oidLocalKeyID       = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 9, 21})
 	oidMicrosoftCSPName = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 4, 1, 311, 17, 1})
+
+	errUnknownAttributeOID = errors.New("pkcs12: unknown attribute OID")
 )
 
 type pfxPdu struct {
@@ -100,7 +105,12 @@ func unmarshal(in []byte, out interface{}) error {
 	return nil
 }
 
-// ConvertToPEM converts all "safe bags" contained in pfxData to PEM blocks.
+// ToPEM converts all "safe bags" contained in pfxData to PEM blocks.
+// Unknown attributes are discarded.
+//
+// Note that although the returned PEM blocks for private keys have type
+// "PRIVATE KEY", the bytes are not encoded according to PKCS #8, but according
+// to PKCS #1 for RSA keys and SEC 1 for ECDSA keys.
 func ToPEM(pfxData []byte, password string) ([]*pem.Block, error) {
 	encodedPassword, err := bmpString(password)
 	if err != nil {
@@ -132,6 +142,9 @@ func convertBag(bag *safeBag, password []byte) (*pem.Block, error) {
 
 	for _, attribute := range bag.Attributes {
 		k, v, err := convertAttribute(&attribute)
+		if err == errUnknownAttributeOID {
+			continue
+		}
 		if err != nil {
 			return nil, err
 		}
@@ -185,7 +198,7 @@ func convertAttribute(attribute *pkcs12Attribute) (key, value string, err error)
 		key = "Microsoft CSP Name"
 		isString = true
 	default:
-		return "", "", errors.New("pkcs12: unknown attribute with OID " + attribute.Id.String())
+		return "", "", errUnknownAttributeOID
 	}
 
 	if isString {
@@ -208,7 +221,7 @@ func convertAttribute(attribute *pkcs12Attribute) (key, value string, err error)
 
 // Decode extracts a certificate and private key from pfxData. This function
 // assumes that there is only one certificate and only one private key in the
-// pfxData.
+// pfxData; if there are more use ToPEM instead.
 func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error) {
 	encodedPassword, err := bmpString(password)
 	if err != nil {
@@ -249,6 +262,7 @@ func Decode(pfxData []byte, password string) (privateKey interface{}, certificat
 		case bag.Id.Equal(oidPKCS8ShroundedKeyBag):
 			if privateKey != nil {
 				err = errors.New("pkcs12: expected exactly one key bag")
+				return nil, nil, err
 			}
 
 			if privateKey, err = decodePkcs8ShroudedKeyBag(bag.Value.Bytes, encodedPassword); err != nil {
diff --git a/pkcs12/pkcs12_test.go b/pkcs12/pkcs12_test.go
index 14dd2a6c5..68476a822 100644
--- a/pkcs12/pkcs12_test.go
+++ b/pkcs12/pkcs12_test.go
@@ -89,6 +89,9 @@ func ExampleToPEM() {
 var testdata = map[string]string{
 	// 'null' password test case
 	"Windows Azure Tools": `MIIKDAIBAzCCCcwGCSqGSIb3DQEHAaCCCb0Eggm5MIIJtTCCBe4GCSqGSIb3DQEHAaCCBd8EggXbMIIF1zCCBdMGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAhStUNnlTGV+gICB9AEggTIJ81JIossF6boFWpPtkiQRPtI6DW6e9QD4/WvHAVrM2bKdpMzSMsCML5NyuddANTKHBVq00Jc9keqGNAqJPKkjhSUebzQFyhe0E1oI9T4zY5UKr/I8JclOeccH4QQnsySzYUG2SnniXnQ+JrG3juetli7EKth9h6jLc6xbubPadY5HMB3wL/eG/kJymiXwU2KQ9Mgd4X6jbcV+NNCE/8jbZHvSTCPeYTJIjxfeX61Sj5kFKUCzERbsnpyevhY3X0eYtEDezZQarvGmXtMMdzf8HJHkWRdk9VLDLgjk8uiJif/+X4FohZ37ig0CpgC2+dP4DGugaZZ51hb8tN9GeCKIsrmWogMXDIVd0OACBp/EjJVmFB6y0kUCXxUE0TZt0XA1tjAGJcjDUpBvTntZjPsnH/4ZySy+s2d9OOhJ6pzRQBRm360TzkFdSwk9DLiLdGfv4pwMMu/vNGBlqjP/1sQtj+jprJiD1sDbCl4AdQZVoMBQHadF2uSD4/o17XG/Ci0r2h6Htc2yvZMAbEY4zMjjIn2a+vqIxD6onexaek1R3zbkS9j19D6EN9EWn8xgz80YRCyW65znZk8xaIhhvlU/mg7sTxeyuqroBZNcq6uDaQTehDpyH7bY2l4zWRpoj10a6JfH2q5shYz8Y6UZC/kOTfuGqbZDNZWro/9pYquvNNW0M847E5t9bsf9VkAAMHRGBbWoVoU9VpI0UnoXSfvpOo+aXa2DSq5sHHUTVY7A9eov3z5IqT+pligx11xcs+YhDWcU8di3BTJisohKvv5Y8WSkm/rloiZd4ig269k0jTRk1olP/vCksPli4wKG2wdsd5o42nX1yL7mFfXocOANZbB+5qMkiwdyoQSk+Vq+C8nAZx2bbKhUq2MbrORGMzOe0Hh0x2a0PeObycN1Bpyv7Mp3ZI9h5hBnONKCnqMhtyQHUj/nNvbJUnDVYNfoOEqDiEqqEwB7YqWzAKz8KW0OIqdlM8uiQ4JqZZlFllnWJUfaiDrdFM3lYSnFQBkzeVlts6GpDOOBjCYd7dcCNS6kq6pZC6p6HN60Twu0JnurZD6RT7rrPkIGE8vAenFt4iGe/yF52fahCSY8Ws4K0UTwN7bAS+4xRHVCWvE8sMRZsRCHizb5laYsVrPZJhE6+hux6OBb6w8kwPYXc+ud5v6UxawUWgt6uPwl8mlAtU9Z7Miw4Nn/wtBkiLL/ke1UI1gqJtcQXgHxx6mzsjh41+nAgTvdbsSEyU6vfOmxGj3Rwc1eOrIhJUqn5YjOWfzzsz/D5DzWKmwXIwdspt1p+u+kol1N3f2wT9fKPnd/RGCb4g/1hc3Aju4DQYgGY782l89CEEdalpQ/35bQczMFk6Fje12HykakWEXd/bGm9Unh82gH84USiRpeOfQvBDYoqEyrY3zkFZzBjhDqa+jEcAj41tcGx47oSfDq3iVYCdL7HSIjtnyEktVXd7mISZLoMt20JACFcMw+mrbjlug+eU7o2GR7T+LwtOp/p4LZqyLa7oQJDwde1BNZtm3TCK2P1mW94QDL0nDUps5KLtr1DaZXEkRbjSJub2ZE9WqDHyU3KA8G84Tq/rN1IoNu/if45jacyPje1Npj9IftUZSP22nV7HMwZtwQ4P4MYHRMBMGCSqGSIb3DQEJFTEGBAQBAAAAMFsGCSqGSIb3DQEJFDFOHkwAewBCADQAQQA0AEYARQBCADAALQBBADEAOABBAC0ANAA0AEIAQgAtAEIANQBGADIALQA0ADkAMQBFAEYAMQA1ADIAQgBBADEANgB9MF0GCSsGAQQBgjcRATFQHk4ATQBpAGMAcgBvAHMAbwBmAHQAIABTAG8AZgB0AHcAYQByAGUAIABLAGUAeQAgAFMAdABvAHIAYQBnAGUAIABQAHIAbwB2AGkAZABlAHIwggO/BgkqhkiG9w0BBwagggOwMIIDrAIBADCCA6UGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECEBk5ZAYpu0WAgIH0ICCA3hik4mQFGpw9Ha8TQPtk+j2jwWdxfF0+sTk6S8PTsEfIhB7wPltjiCK92Uv2tCBQnodBUmatIfkpnRDEySmgmdglmOCzj204lWAMRs94PoALGn3JVBXbO1vIDCbAPOZ7Z0Hd0/1t2hmk8v3//QJGUg+qr59/4y/MuVfIg4qfkPcC2QSvYWcK3oTf6SFi5rv9B1IOWFgN5D0+C+x/9Lb/myPYX+rbOHrwtJ4W1fWKoz9g7wwmGFA9IJ2DYGuH8ifVFbDFT1Vcgsvs8arSX7oBsJVW0qrP7XkuDRe3EqCmKW7rBEwYrFznhxZcRDEpMwbFoSvgSIZ4XhFY9VKYglT+JpNH5iDceYEBOQL4vBLpxNUk3l5jKaBNxVa14AIBxq18bVHJ+STInhLhad4u10v/Xbx7wIL3f9DX1yLAkPrpBYbNHS2/ew6H/ySDJnoIDxkw2zZ4qJ+qUJZ1S0lbZVG+VT0OP5uF6tyOSpbMlcGkdl3z254n6MlCrTifcwkzscysDsgKXaYQw06rzrPW6RDub+t+hXzGny799fS9jhQMLDmOggaQ7+LA4oEZsfT89HLMWxJYDqjo3gIfjciV2mV54R684qLDS+AO09U49e6yEbwGlq8lpmO/pbXCbpGbB1b3EomcQbxdWxW2WEkkEd/VBn81K4M3obmywwXJkw+tPXDXfBmzzaqqCR+onMQ5ME1nMkY8ybnfoCc1bDIupjVWsEL2Wvq752RgI6KqzVNr1ew1IdqV5AWN2fOfek+0vi3Jd9FHF3hx8JMwjJL9dZsETV5kHtYJtE7wJ23J68BnCt2eI0GEuwXcCf5EdSKN/xXCTlIokc4Qk/gzRdIZsvcEJ6B1lGovKG54X4IohikqTjiepjbsMWj38yxDmK3mtENZ9ci8FPfbbvIEcOCZIinuY3qFUlRSbx7VUerEoV1IP3clUwexVQo4lHFee2jd7ocWsdSqSapW7OWUupBtDzRkqVhE7tGria+i1W2d6YLlJ21QTjyapWJehAMO637OdbJCCzDs1cXbodRRE7bsP492ocJy8OX66rKdhYbg8srSFNKdb3pF3UDNbN9jhI/t8iagRhNBhlQtTr1me2E/c86Q18qcRXl4bcXTt6acgCeffK6Y26LcVlrgjlD33AEYRRUeyC+rpxbT0aMjdFderlndKRIyG23mSp0HaUwNzAfMAcGBSsOAwIaBBRlviCbIyRrhIysg2dc/KbLFTc2vQQUg4rfwHMM4IKYRD/fsd1x6dda+wQ=`,
+	// Windows IAS PEAP & LDAPS certificates test case
+	// Unknown OID 1.3.6.1.4.1.311.17.2 should be dropped
+	"Windows IAS PEAP & LDAPS certificates": `MIIHPQIBAzCCBwMGCSqGSIb3DQEHAaCCBvQEggbwMIIG7DCCAz8GCSqGSIb3DQEHBqCCAzAwggMsAgEAMIIDJQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIrosqK6kNi9sCAggAgIIC+IcOaLAkrLiBCnw06bFGOUMGkVsuiYZlkTBzW55DQS4JUefZ71CPMUofo7U4z7bL1JYGV2aO9REMnb8gm0jQYgVEFNQbsDDICZBA8Xfjki0MULw3kEyFxfk7AV51IMRVjAGImS2asDAWW+dVgLLbBV+Q8L+D917sS8pz0VLT4GzxZHLdGXVXKp2MHkHc3nx4eDeWkBAZoSqansgJXTM3JOWOSxUEFZA2Wb7UerykCLuzK+RmR2pkmV88JIFbneP/NjQg/nZDN4bGXGJf+3gRqq07T4q7QKzmZRrQgLJwSZ1wzhB2HoIfIm/ylOEUly5XzMbf6nzc94BrDXv6q4efXMApztTfAsq9hysMiImQrPGxYBj3CAxfWCfc7K4XlbdRwZTmbCutf5O93aYALVAkzPf4x2NWxcw5sLYfGH8ma9xF3VZk+h1DJw+6Iq0+g/8lZ7uGJPAZav40YIW+RZ3vsDx3uw7OkQNwP0b/lahgnftTa0WcF3OwocTVb1o3zbtAW+pQxTRvdvTX6jENVTJVk10probfq+iDoolGe382c9d5qo4Yh/AhZHWqL2YqU2ypq16rxz1RPGSpceHAtVVZYSTKk9VKg0fevz8P8wjUKboZmpLnSu2P5ABwkoSbrGQIKMtE3CSswxKQVzEreKbcyeNBt0A0vSTOrwSzDQxFE4Ur+lUnqJC8sHW2NpA84S+TCLEAzhPMIFo5MJ90jN8N3tfTYnXVZDk1mt0pJEmWRxRofVJm2/J6Slak6x51s+TKiss/rG3y1XpzCgN9Nzb7uOHs7G6l9pOP0Bd6Z4s4DIeddG5MgpZkdn+vQNuGNbhZretg80Wj0lNZ2Oor/q0TSE0UoGZNEK1bZ3SHWqtY4J87aBkKGDcBCMqyLU1pGXBtpdJ8xoW+Ya6nM+I47jUoAJi8ChKDY8ZSKBoYsi1OuFNWl9xdn382rvpYtXqqBtA+mCAGJXiSFXUNkhSjlIFU/87v/4gsdFcAxMZVYxJVLdx2ldSyBnuAv9AwggOlBgkqhkiG9w0BBwGgggOWBIIDkjCCA44wggOKBgsqhkiG9w0BDAoBAqCCAqYwggKiMBwGCiqGSIb3DQEMAQMwDgQI44fv4XLfEhoCAggABIICgC+Cc/yNrM3ovTargtsTI2Ut8MzmLSIVPOgc7K77xwz7daXkJ5ucDRVfYEOzIlY0NfKsWqiYc+2vfZRqm6fBrpj1/1zhC+A6wzxxNY1BxVXDdLVvigNBvPNxj5Z+K8kFApi3tqUOpz6uzj9B6PMywETQ/lKIQ0PUVa5KRbx3JztFfGIXq+zoGuUSxzzVpLQQE7ON7qtUJbkAA7x/vwq4fKKxC4nxXwPSFaUi+S4m6JDQ4XS02RcK/m2NEzKxPQBFQMSbfkqJd/HrjWbY9msebdTPI8Q+o2rrnQ5K225IZCxqcOwa//108rdx7fDJz28ywSv3rBgPynb9/1iSpeQ25C1gl+skTvgQmz5U/7DzSJkLNSwFIcEZUSyYM4uWjtKHSaTgCkh/D3+7AvloQKNgNSKJ9WM053jzYaYRs11BKCYm7UG9v0cgUbI84GJFomrzxRcOfX0ps2UVnXMTq6kJrGB/X1xM5Quvn7kvuK+S0ZMTn1yHpFaOxdn0Z1On/Y05XWz86Y316WfkSrBeuqbH5HTI74F2yWl4K4PEerIyqX14s3oEGdtlJ24o/kAQTbCrntPFu3ZKxF4z5bkpO3bZwaURRLCmT3sLenlthsLysE2riUbacFl33mkaGTvBeqUOofHfO5LNJcE/J8YBzekewLFBcOY59WZkZBbUasPzkOomdZtkrzlzMjJ1pTCd5RCyretHP6j681Wq3+tDvR/ycrgKO+JY8kwIk8HB3BX+xRn6rFULAcLsUhsGbsZ6ig9yeXTCx2xh97Rh5A0pzSkv9A7UFT155amZ3cVJuPdruWj9yLQ9JEIi83q1olMh7mbaA3qKbYDnou+Aj0OlDySAo+MxgdAwDQYJKwYBBAGCNxECMQAwIwYJKoZIhvcNAQkVMRYEFGclVjS+gkQdguj0myihwM1yC/1bMC8GCSqGSIb3DQEJFDEiHiAAUABFAEEAUAAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZTBpBgkrBgEEAYI3EQExXB5aAE0AaQBjAHIAbwBzAG8AZgB0ACAAUgBTAEEAIABTAEMAaABhAG4AbgBlAGwAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByMDEwITAJBgUrDgMCGgUABBSerVeCcXV8OLmAwfi2hYXAmA5I3gQIHpTh4gRG/3MCAggA`,
 	// empty string password test case
 	"testing@example.com": `MIIJzgIBAzCCCZQGCSqGSIb3DQEHAaCCCYUEggmBMIIJfTCCA/cGCSqGSIb3DQEHBqCCA+gwggPk
 AgEAMIID3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIIszfRGqcmPcCAggAgIIDsOZ9Eg1L
diff --git a/poly1305/poly1305.go b/poly1305/poly1305.go
deleted file mode 100644
index f562fa571..000000000
--- a/poly1305/poly1305.go
+++ /dev/null
@@ -1,33 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-/*
-Package poly1305 implements Poly1305 one-time message authentication code as
-specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
-
-Poly1305 is a fast, one-time authentication function. It is infeasible for an
-attacker to generate an authenticator for a message without the key. However, a
-key must only be used for a single message. Authenticating two different
-messages with the same key allows an attacker to forge authenticators for other
-messages with the same key.
-
-Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was
-used with a fixed key in order to generate one-time keys from an nonce.
-However, in this package AES isn't used and the one-time key is specified
-directly.
-*/
-package poly1305 // import "golang.org/x/crypto/poly1305"
-
-import "crypto/subtle"
-
-// TagSize is the size, in bytes, of a poly1305 authenticator.
-const TagSize = 16
-
-// Verify returns true if mac is a valid authenticator for m with the given
-// key.
-func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
-	var tmp [16]byte
-	Sum(&tmp, m, key)
-	return subtle.ConstantTimeCompare(tmp[:], mac[:]) == 1
-}
diff --git a/poly1305/poly1305_compat.go b/poly1305/poly1305_compat.go
new file mode 100644
index 000000000..dd975a32c
--- /dev/null
+++ b/poly1305/poly1305_compat.go
@@ -0,0 +1,91 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package poly1305 implements Poly1305 one-time message authentication code as
+// specified in https://cr.yp.to/mac/poly1305-20050329.pdf.
+//
+// Poly1305 is a fast, one-time authentication function. It is infeasible for an
+// attacker to generate an authenticator for a message without the key. However, a
+// key must only be used for a single message. Authenticating two different
+// messages with the same key allows an attacker to forge authenticators for other
+// messages with the same key.
+//
+// Poly1305 was originally coupled with AES in order to make Poly1305-AES. AES was
+// used with a fixed key in order to generate one-time keys from an nonce.
+// However, in this package AES isn't used and the one-time key is specified
+// directly.
+//
+// Deprecated: Poly1305 as implemented by this package is a cryptographic
+// building block that is not safe for general purpose use.
+// For encryption, use the full ChaCha20-Poly1305 construction implemented by
+// golang.org/x/crypto/chacha20poly1305. For authentication, use a general
+// purpose MAC such as HMAC implemented by crypto/hmac.
+package poly1305 // import "golang.org/x/crypto/poly1305"
+
+import "golang.org/x/crypto/internal/poly1305"
+
+// TagSize is the size, in bytes, of a poly1305 authenticator.
+//
+// For use with golang.org/x/crypto/chacha20poly1305, chacha20poly1305.Overhead
+// can be used instead.
+const TagSize = 16
+
+// Sum generates an authenticator for msg using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+	poly1305.Sum(out, m, key)
+}
+
+// Verify returns true if mac is a valid authenticator for m with the given key.
+func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
+	return poly1305.Verify(mac, m, key)
+}
+
+// New returns a new MAC computing an authentication
+// tag of all data written to it with the given key.
+// This allows writing the message progressively instead
+// of passing it as a single slice. Common users should use
+// the Sum function instead.
+//
+// The key must be unique for each message, as authenticating
+// two different messages with the same key allows an attacker
+// to forge messages at will.
+func New(key *[32]byte) *MAC {
+	return &MAC{mac: poly1305.New(key)}
+}
+
+// MAC is an io.Writer computing an authentication tag
+// of the data written to it.
+//
+// MAC cannot be used like common hash.Hash implementations,
+// because using a poly1305 key twice breaks its security.
+// Therefore writing data to a running MAC after calling
+// Sum or Verify causes it to panic.
+type MAC struct {
+	mac *poly1305.MAC
+}
+
+// Size returns the number of bytes Sum will return.
+func (h *MAC) Size() int { return TagSize }
+
+// Write adds more data to the running message authentication code.
+// It never returns an error.
+//
+// It must not be called after the first call of Sum or Verify.
+func (h *MAC) Write(p []byte) (n int, err error) {
+	return h.mac.Write(p)
+}
+
+// Sum computes the authenticator of all data written to the
+// message authentication code.
+func (h *MAC) Sum(b []byte) []byte {
+	return h.mac.Sum(b)
+}
+
+// Verify returns whether the authenticator of all data written to
+// the message authentication code matches the expected value.
+func (h *MAC) Verify(expected []byte) bool {
+	return h.mac.Verify(expected)
+}
diff --git a/poly1305/poly1305_test.go b/poly1305/poly1305_test.go
deleted file mode 100644
index 017027fe6..000000000
--- a/poly1305/poly1305_test.go
+++ /dev/null
@@ -1,159 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package poly1305
-
-import (
-	"bytes"
-	"encoding/hex"
-	"flag"
-	"testing"
-	"unsafe"
-)
-
-var stressFlag = flag.Bool("stress", false, "run slow stress tests")
-
-var testData = []struct {
-	in, k, correct []byte
-}{
-	{
-		[]byte("Hello world!"),
-		[]byte("this is 32-byte key for Poly1305"),
-		[]byte{0xa6, 0xf7, 0x45, 0x00, 0x8f, 0x81, 0xc9, 0x16, 0xa2, 0x0d, 0xcc, 0x74, 0xee, 0xf2, 0xb2, 0xf0},
-	},
-	{
-		make([]byte, 32),
-		[]byte("this is 32-byte key for Poly1305"),
-		[]byte{0x49, 0xec, 0x78, 0x09, 0x0e, 0x48, 0x1e, 0xc6, 0xc2, 0x6b, 0x33, 0xb9, 0x1c, 0xcc, 0x03, 0x07},
-	},
-	{
-		make([]byte, 2007),
-		[]byte("this is 32-byte key for Poly1305"),
-		[]byte{0xda, 0x84, 0xbc, 0xab, 0x02, 0x67, 0x6c, 0x38, 0xcd, 0xb0, 0x15, 0x60, 0x42, 0x74, 0xc2, 0xaa},
-	},
-	{
-		make([]byte, 2007),
-		make([]byte, 32),
-		make([]byte, 16),
-	},
-	{
-		// This test triggers an edge-case. See https://go-review.googlesource.com/#/c/30101/.
-		[]byte{0x81, 0xd8, 0xb2, 0xe4, 0x6a, 0x25, 0x21, 0x3b, 0x58, 0xfe, 0xe4, 0x21, 0x3a, 0x2a, 0x28, 0xe9, 0x21, 0xc1, 0x2a, 0x96, 0x32, 0x51, 0x6d, 0x3b, 0x73, 0x27, 0x27, 0x27, 0xbe, 0xcf, 0x21, 0x29},
-		[]byte{0x3b, 0x3a, 0x29, 0xe9, 0x3b, 0x21, 0x3a, 0x5c, 0x5c, 0x3b, 0x3b, 0x05, 0x3a, 0x3a, 0x8c, 0x0d},
-		[]byte{0x6d, 0xc1, 0x8b, 0x8c, 0x34, 0x4c, 0xd7, 0x99, 0x27, 0x11, 0x8b, 0xbe, 0x84, 0xb7, 0xf3, 0x14},
-	},
-	{
-		// This test generates a result of (2^130-1) % (2^130-5).
-		[]byte{
-			0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-		},
-		[]byte{1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-		[]byte{4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-	},
-	{
-		// This test generates a result of (2^130-6) % (2^130-5).
-		[]byte{
-			0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-		},
-		[]byte{1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-		[]byte{0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
-	},
-	{
-		// This test generates a result of (2^130-5) % (2^130-5).
-		[]byte{
-			0xfb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-		},
-		[]byte{1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-		[]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
-	},
-}
-
-func testSum(t *testing.T, unaligned bool) {
-	var out [16]byte
-	var key [32]byte
-
-	for i, v := range testData {
-		in := v.in
-		if unaligned {
-			in = unalignBytes(in)
-		}
-		copy(key[:], v.k)
-		Sum(&out, in, &key)
-		if !bytes.Equal(out[:], v.correct) {
-			t.Errorf("%d: expected %x, got %x", i, v.correct, out[:])
-		}
-	}
-}
-
-func TestBurnin(t *testing.T) {
-	// This test can be used to sanity-check significant changes. It can
-	// take about many minutes to run, even on fast machines. It's disabled
-	// by default.
-	if !*stressFlag {
-		t.Skip("skipping without -stress")
-	}
-
-	var key [32]byte
-	var input [25]byte
-	var output [16]byte
-
-	for i := range key {
-		key[i] = 1
-	}
-	for i := range input {
-		input[i] = 2
-	}
-
-	for i := uint64(0); i < 1e10; i++ {
-		Sum(&output, input[:], &key)
-		copy(key[0:], output[:])
-		copy(key[16:], output[:])
-		copy(input[:], output[:])
-		copy(input[16:], output[:])
-	}
-
-	const expected = "5e3b866aea0b636d240c83c428f84bfa"
-	if got := hex.EncodeToString(output[:]); got != expected {
-		t.Errorf("expected %s, got %s", expected, got)
-	}
-}
-
-func TestSum(t *testing.T)          { testSum(t, false) }
-func TestSumUnaligned(t *testing.T) { testSum(t, true) }
-
-func benchmark(b *testing.B, size int, unaligned bool) {
-	var out [16]byte
-	var key [32]byte
-	in := make([]byte, size)
-	if unaligned {
-		in = unalignBytes(in)
-	}
-	b.SetBytes(int64(len(in)))
-	b.ResetTimer()
-	for i := 0; i < b.N; i++ {
-		Sum(&out, in, &key)
-	}
-}
-
-func Benchmark64(b *testing.B)          { benchmark(b, 64, false) }
-func Benchmark1K(b *testing.B)          { benchmark(b, 1024, false) }
-func Benchmark64Unaligned(b *testing.B) { benchmark(b, 64, true) }
-func Benchmark1KUnaligned(b *testing.B) { benchmark(b, 1024, true) }
-
-func unalignBytes(in []byte) []byte {
-	out := make([]byte, len(in)+1)
-	if uintptr(unsafe.Pointer(&out[0]))&(unsafe.Alignof(uint32(0))-1) == 0 {
-		out = out[1:]
-	} else {
-		out = out[:len(in)]
-	}
-	copy(out, in)
-	return out
-}
diff --git a/poly1305/sum_amd64.go b/poly1305/sum_amd64.go
deleted file mode 100644
index 4dd72fe79..000000000
--- a/poly1305/sum_amd64.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build amd64,!gccgo,!appengine
-
-package poly1305
-
-// This function is implemented in sum_amd64.s
-//go:noescape
-func poly1305(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
-
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
-	var mPtr *byte
-	if len(m) > 0 {
-		mPtr = &m[0]
-	}
-	poly1305(out, mPtr, uint64(len(m)), key)
-}
diff --git a/poly1305/sum_arm.go b/poly1305/sum_arm.go
deleted file mode 100644
index 5dc321c2f..000000000
--- a/poly1305/sum_arm.go
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build arm,!gccgo,!appengine,!nacl
-
-package poly1305
-
-// This function is implemented in sum_arm.s
-//go:noescape
-func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]byte)
-
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
-	var mPtr *byte
-	if len(m) > 0 {
-		mPtr = &m[0]
-	}
-	poly1305_auth_armv6(out, mPtr, uint32(len(m)), key)
-}
diff --git a/poly1305/sum_arm.s b/poly1305/sum_arm.s
deleted file mode 100644
index f70b4ac48..000000000
--- a/poly1305/sum_arm.s
+++ /dev/null
@@ -1,427 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build arm,!gccgo,!appengine,!nacl
-
-#include "textflag.h"
-
-// This code was translated into a form compatible with 5a from the public
-// domain source by Andrew Moon: github.com/floodyberry/poly1305-opt/blob/master/app/extensions/poly1305.
-
-DATA ·poly1305_init_constants_armv6<>+0x00(SB)/4, $0x3ffffff
-DATA ·poly1305_init_constants_armv6<>+0x04(SB)/4, $0x3ffff03
-DATA ·poly1305_init_constants_armv6<>+0x08(SB)/4, $0x3ffc0ff
-DATA ·poly1305_init_constants_armv6<>+0x0c(SB)/4, $0x3f03fff
-DATA ·poly1305_init_constants_armv6<>+0x10(SB)/4, $0x00fffff
-GLOBL ·poly1305_init_constants_armv6<>(SB), 8, $20
-
-// Warning: the linker may use R11 to synthesize certain instructions. Please
-// take care and verify that no synthetic instructions use it.
-
-TEXT poly1305_init_ext_armv6<>(SB), NOSPLIT, $0
-	// Needs 16 bytes of stack and 64 bytes of space pointed to by R0.  (It
-	// might look like it's only 60 bytes of space but the final four bytes
-	// will be written by another function.) We need to skip over four
-	// bytes of stack because that's saving the value of 'g'.
-	ADD       $4, R13, R8
-	MOVM.IB   [R4-R7], (R8)
-	MOVM.IA.W (R1), [R2-R5]
-	MOVW      $·poly1305_init_constants_armv6<>(SB), R7
-	MOVW      R2, R8
-	MOVW      R2>>26, R9
-	MOVW      R3>>20, g
-	MOVW      R4>>14, R11
-	MOVW      R5>>8, R12
-	ORR       R3<<6, R9, R9
-	ORR       R4<<12, g, g
-	ORR       R5<<18, R11, R11
-	MOVM.IA   (R7), [R2-R6]
-	AND       R8, R2, R2
-	AND       R9, R3, R3
-	AND       g, R4, R4
-	AND       R11, R5, R5
-	AND       R12, R6, R6
-	MOVM.IA.W [R2-R6], (R0)
-	EOR       R2, R2, R2
-	EOR       R3, R3, R3
-	EOR       R4, R4, R4
-	EOR       R5, R5, R5
-	EOR       R6, R6, R6
-	MOVM.IA.W [R2-R6], (R0)
-	MOVM.IA.W (R1), [R2-R5]
-	MOVM.IA   [R2-R6], (R0)
-	ADD       $20, R13, R0
-	MOVM.DA   (R0), [R4-R7]
-	RET
-
-#define MOVW_UNALIGNED(Rsrc, Rdst, Rtmp, offset) \
-	MOVBU (offset+0)(Rsrc), Rtmp; \
-	MOVBU Rtmp, (offset+0)(Rdst); \
-	MOVBU (offset+1)(Rsrc), Rtmp; \
-	MOVBU Rtmp, (offset+1)(Rdst); \
-	MOVBU (offset+2)(Rsrc), Rtmp; \
-	MOVBU Rtmp, (offset+2)(Rdst); \
-	MOVBU (offset+3)(Rsrc), Rtmp; \
-	MOVBU Rtmp, (offset+3)(Rdst)
-
-TEXT poly1305_blocks_armv6<>(SB), NOSPLIT, $0
-	// Needs 24 bytes of stack for saved registers and then 88 bytes of
-	// scratch space after that. We assume that 24 bytes at (R13) have
-	// already been used: four bytes for the link register saved in the
-	// prelude of poly1305_auth_armv6, four bytes for saving the value of g
-	// in that function and 16 bytes of scratch space used around
-	// poly1305_finish_ext_armv6_skip1.
-	ADD     $24, R13, R12
-	MOVM.IB [R4-R8, R14], (R12)
-	MOVW    R0, 88(R13)
-	MOVW    R1, 92(R13)
-	MOVW    R2, 96(R13)
-	MOVW    R1, R14
-	MOVW    R2, R12
-	MOVW    56(R0), R8
-	WORD    $0xe1180008                // TST R8, R8 not working see issue 5921
-	EOR     R6, R6, R6
-	MOVW.EQ $(1<<24), R6
-	MOVW    R6, 84(R13)
-	ADD     $116, R13, g
-	MOVM.IA (R0), [R0-R9]
-	MOVM.IA [R0-R4], (g)
-	CMP     $16, R12
-	BLO     poly1305_blocks_armv6_done
-
-poly1305_blocks_armv6_mainloop:
-	WORD    $0xe31e0003                            // TST R14, #3 not working see issue 5921
-	BEQ     poly1305_blocks_armv6_mainloop_aligned
-	ADD     $100, R13, g
-	MOVW_UNALIGNED(R14, g, R0, 0)
-	MOVW_UNALIGNED(R14, g, R0, 4)
-	MOVW_UNALIGNED(R14, g, R0, 8)
-	MOVW_UNALIGNED(R14, g, R0, 12)
-	MOVM.IA (g), [R0-R3]
-	ADD     $16, R14
-	B       poly1305_blocks_armv6_mainloop_loaded
-
-poly1305_blocks_armv6_mainloop_aligned:
-	MOVM.IA.W (R14), [R0-R3]
-
-poly1305_blocks_armv6_mainloop_loaded:
-	MOVW    R0>>26, g
-	MOVW    R1>>20, R11
-	MOVW    R2>>14, R12
-	MOVW    R14, 92(R13)
-	MOVW    R3>>8, R4
-	ORR     R1<<6, g, g
-	ORR     R2<<12, R11, R11
-	ORR     R3<<18, R12, R12
-	BIC     $0xfc000000, R0, R0
-	BIC     $0xfc000000, g, g
-	MOVW    84(R13), R3
-	BIC     $0xfc000000, R11, R11
-	BIC     $0xfc000000, R12, R12
-	ADD     R0, R5, R5
-	ADD     g, R6, R6
-	ORR     R3, R4, R4
-	ADD     R11, R7, R7
-	ADD     $116, R13, R14
-	ADD     R12, R8, R8
-	ADD     R4, R9, R9
-	MOVM.IA (R14), [R0-R4]
-	MULLU   R4, R5, (R11, g)
-	MULLU   R3, R5, (R14, R12)
-	MULALU  R3, R6, (R11, g)
-	MULALU  R2, R6, (R14, R12)
-	MULALU  R2, R7, (R11, g)
-	MULALU  R1, R7, (R14, R12)
-	ADD     R4<<2, R4, R4
-	ADD     R3<<2, R3, R3
-	MULALU  R1, R8, (R11, g)
-	MULALU  R0, R8, (R14, R12)
-	MULALU  R0, R9, (R11, g)
-	MULALU  R4, R9, (R14, R12)
-	MOVW    g, 76(R13)
-	MOVW    R11, 80(R13)
-	MOVW    R12, 68(R13)
-	MOVW    R14, 72(R13)
-	MULLU   R2, R5, (R11, g)
-	MULLU   R1, R5, (R14, R12)
-	MULALU  R1, R6, (R11, g)
-	MULALU  R0, R6, (R14, R12)
-	MULALU  R0, R7, (R11, g)
-	MULALU  R4, R7, (R14, R12)
-	ADD     R2<<2, R2, R2
-	ADD     R1<<2, R1, R1
-	MULALU  R4, R8, (R11, g)
-	MULALU  R3, R8, (R14, R12)
-	MULALU  R3, R9, (R11, g)
-	MULALU  R2, R9, (R14, R12)
-	MOVW    g, 60(R13)
-	MOVW    R11, 64(R13)
-	MOVW    R12, 52(R13)
-	MOVW    R14, 56(R13)
-	MULLU   R0, R5, (R11, g)
-	MULALU  R4, R6, (R11, g)
-	MULALU  R3, R7, (R11, g)
-	MULALU  R2, R8, (R11, g)
-	MULALU  R1, R9, (R11, g)
-	ADD     $52, R13, R0
-	MOVM.IA (R0), [R0-R7]
-	MOVW    g>>26, R12
-	MOVW    R4>>26, R14
-	ORR     R11<<6, R12, R12
-	ORR     R5<<6, R14, R14
-	BIC     $0xfc000000, g, g
-	BIC     $0xfc000000, R4, R4
-	ADD.S   R12, R0, R0
-	ADC     $0, R1, R1
-	ADD.S   R14, R6, R6
-	ADC     $0, R7, R7
-	MOVW    R0>>26, R12
-	MOVW    R6>>26, R14
-	ORR     R1<<6, R12, R12
-	ORR     R7<<6, R14, R14
-	BIC     $0xfc000000, R0, R0
-	BIC     $0xfc000000, R6, R6
-	ADD     R14<<2, R14, R14
-	ADD.S   R12, R2, R2
-	ADC     $0, R3, R3
-	ADD     R14, g, g
-	MOVW    R2>>26, R12
-	MOVW    g>>26, R14
-	ORR     R3<<6, R12, R12
-	BIC     $0xfc000000, g, R5
-	BIC     $0xfc000000, R2, R7
-	ADD     R12, R4, R4
-	ADD     R14, R0, R0
-	MOVW    R4>>26, R12
-	BIC     $0xfc000000, R4, R8
-	ADD     R12, R6, R9
-	MOVW    96(R13), R12
-	MOVW    92(R13), R14
-	MOVW    R0, R6
-	CMP     $32, R12
-	SUB     $16, R12, R12
-	MOVW    R12, 96(R13)
-	BHS     poly1305_blocks_armv6_mainloop
-
-poly1305_blocks_armv6_done:
-	MOVW    88(R13), R12
-	MOVW    R5, 20(R12)
-	MOVW    R6, 24(R12)
-	MOVW    R7, 28(R12)
-	MOVW    R8, 32(R12)
-	MOVW    R9, 36(R12)
-	ADD     $48, R13, R0
-	MOVM.DA (R0), [R4-R8, R14]
-	RET
-
-#define MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp) \
-	MOVBU.P 1(Rsrc), Rtmp; \
-	MOVBU.P Rtmp, 1(Rdst); \
-	MOVBU.P 1(Rsrc), Rtmp; \
-	MOVBU.P Rtmp, 1(Rdst)
-
-#define MOVWP_UNALIGNED(Rsrc, Rdst, Rtmp) \
-	MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp); \
-	MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp)
-
-// func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]key)
-TEXT ·poly1305_auth_armv6(SB), $196-16
-	// The value 196, just above, is the sum of 64 (the size of the context
-	// structure) and 132 (the amount of stack needed).
-	//
-	// At this point, the stack pointer (R13) has been moved down. It
-	// points to the saved link register and there's 196 bytes of free
-	// space above it.
-	//
-	// The stack for this function looks like:
-	//
-	// +---------------------
-	// |
-	// | 64 bytes of context structure
-	// |
-	// +---------------------
-	// |
-	// | 112 bytes for poly1305_blocks_armv6
-	// |
-	// +---------------------
-	// | 16 bytes of final block, constructed at
-	// | poly1305_finish_ext_armv6_skip8
-	// +---------------------
-	// | four bytes of saved 'g'
-	// +---------------------
-	// | lr, saved by prelude    <- R13 points here
-	// +---------------------
-	MOVW g, 4(R13)
-
-	MOVW out+0(FP), R4
-	MOVW m+4(FP), R5
-	MOVW mlen+8(FP), R6
-	MOVW key+12(FP), R7
-
-	ADD  $136, R13, R0 // 136 = 4 + 4 + 16 + 112
-	MOVW R7, R1
-
-	// poly1305_init_ext_armv6 will write to the stack from R13+4, but
-	// that's ok because none of the other values have been written yet.
-	BL    poly1305_init_ext_armv6<>(SB)
-	BIC.S $15, R6, R2
-	BEQ   poly1305_auth_armv6_noblocks
-	ADD   $136, R13, R0
-	MOVW  R5, R1
-	ADD   R2, R5, R5
-	SUB   R2, R6, R6
-	BL    poly1305_blocks_armv6<>(SB)
-
-poly1305_auth_armv6_noblocks:
-	ADD  $136, R13, R0
-	MOVW R5, R1
-	MOVW R6, R2
-	MOVW R4, R3
-
-	MOVW  R0, R5
-	MOVW  R1, R6
-	MOVW  R2, R7
-	MOVW  R3, R8
-	AND.S R2, R2, R2
-	BEQ   poly1305_finish_ext_armv6_noremaining
-	EOR   R0, R0
-	ADD   $8, R13, R9                           // 8 = offset to 16 byte scratch space
-	MOVW  R0, (R9)
-	MOVW  R0, 4(R9)
-	MOVW  R0, 8(R9)
-	MOVW  R0, 12(R9)
-	WORD  $0xe3110003                           // TST R1, #3 not working see issue 5921
-	BEQ   poly1305_finish_ext_armv6_aligned
-	WORD  $0xe3120008                           // TST R2, #8 not working see issue 5921
-	BEQ   poly1305_finish_ext_armv6_skip8
-	MOVWP_UNALIGNED(R1, R9, g)
-	MOVWP_UNALIGNED(R1, R9, g)
-
-poly1305_finish_ext_armv6_skip8:
-	WORD $0xe3120004                     // TST $4, R2 not working see issue 5921
-	BEQ  poly1305_finish_ext_armv6_skip4
-	MOVWP_UNALIGNED(R1, R9, g)
-
-poly1305_finish_ext_armv6_skip4:
-	WORD $0xe3120002                     // TST $2, R2 not working see issue 5921
-	BEQ  poly1305_finish_ext_armv6_skip2
-	MOVHUP_UNALIGNED(R1, R9, g)
-	B    poly1305_finish_ext_armv6_skip2
-
-poly1305_finish_ext_armv6_aligned:
-	WORD      $0xe3120008                             // TST R2, #8 not working see issue 5921
-	BEQ       poly1305_finish_ext_armv6_skip8_aligned
-	MOVM.IA.W (R1), [g-R11]
-	MOVM.IA.W [g-R11], (R9)
-
-poly1305_finish_ext_armv6_skip8_aligned:
-	WORD   $0xe3120004                             // TST $4, R2 not working see issue 5921
-	BEQ    poly1305_finish_ext_armv6_skip4_aligned
-	MOVW.P 4(R1), g
-	MOVW.P g, 4(R9)
-
-poly1305_finish_ext_armv6_skip4_aligned:
-	WORD    $0xe3120002                     // TST $2, R2 not working see issue 5921
-	BEQ     poly1305_finish_ext_armv6_skip2
-	MOVHU.P 2(R1), g
-	MOVH.P  g, 2(R9)
-
-poly1305_finish_ext_armv6_skip2:
-	WORD    $0xe3120001                     // TST $1, R2 not working see issue 5921
-	BEQ     poly1305_finish_ext_armv6_skip1
-	MOVBU.P 1(R1), g
-	MOVBU.P g, 1(R9)
-
-poly1305_finish_ext_armv6_skip1:
-	MOVW  $1, R11
-	MOVBU R11, 0(R9)
-	MOVW  R11, 56(R5)
-	MOVW  R5, R0
-	ADD   $8, R13, R1
-	MOVW  $16, R2
-	BL    poly1305_blocks_armv6<>(SB)
-
-poly1305_finish_ext_armv6_noremaining:
-	MOVW      20(R5), R0
-	MOVW      24(R5), R1
-	MOVW      28(R5), R2
-	MOVW      32(R5), R3
-	MOVW      36(R5), R4
-	MOVW      R4>>26, R12
-	BIC       $0xfc000000, R4, R4
-	ADD       R12<<2, R12, R12
-	ADD       R12, R0, R0
-	MOVW      R0>>26, R12
-	BIC       $0xfc000000, R0, R0
-	ADD       R12, R1, R1
-	MOVW      R1>>26, R12
-	BIC       $0xfc000000, R1, R1
-	ADD       R12, R2, R2
-	MOVW      R2>>26, R12
-	BIC       $0xfc000000, R2, R2
-	ADD       R12, R3, R3
-	MOVW      R3>>26, R12
-	BIC       $0xfc000000, R3, R3
-	ADD       R12, R4, R4
-	ADD       $5, R0, R6
-	MOVW      R6>>26, R12
-	BIC       $0xfc000000, R6, R6
-	ADD       R12, R1, R7
-	MOVW      R7>>26, R12
-	BIC       $0xfc000000, R7, R7
-	ADD       R12, R2, g
-	MOVW      g>>26, R12
-	BIC       $0xfc000000, g, g
-	ADD       R12, R3, R11
-	MOVW      $-(1<<26), R12
-	ADD       R11>>26, R12, R12
-	BIC       $0xfc000000, R11, R11
-	ADD       R12, R4, R9
-	MOVW      R9>>31, R12
-	SUB       $1, R12
-	AND       R12, R6, R6
-	AND       R12, R7, R7
-	AND       R12, g, g
-	AND       R12, R11, R11
-	AND       R12, R9, R9
-	MVN       R12, R12
-	AND       R12, R0, R0
-	AND       R12, R1, R1
-	AND       R12, R2, R2
-	AND       R12, R3, R3
-	AND       R12, R4, R4
-	ORR       R6, R0, R0
-	ORR       R7, R1, R1
-	ORR       g, R2, R2
-	ORR       R11, R3, R3
-	ORR       R9, R4, R4
-	ORR       R1<<26, R0, R0
-	MOVW      R1>>6, R1
-	ORR       R2<<20, R1, R1
-	MOVW      R2>>12, R2
-	ORR       R3<<14, R2, R2
-	MOVW      R3>>18, R3
-	ORR       R4<<8, R3, R3
-	MOVW      40(R5), R6
-	MOVW      44(R5), R7
-	MOVW      48(R5), g
-	MOVW      52(R5), R11
-	ADD.S     R6, R0, R0
-	ADC.S     R7, R1, R1
-	ADC.S     g, R2, R2
-	ADC.S     R11, R3, R3
-	MOVM.IA   [R0-R3], (R8)
-	MOVW      R5, R12
-	EOR       R0, R0, R0
-	EOR       R1, R1, R1
-	EOR       R2, R2, R2
-	EOR       R3, R3, R3
-	EOR       R4, R4, R4
-	EOR       R5, R5, R5
-	EOR       R6, R6, R6
-	EOR       R7, R7, R7
-	MOVM.IA.W [R0-R7], (R12)
-	MOVM.IA   [R0-R7], (R12)
-	MOVW      4(R13), g
-	RET
diff --git a/poly1305/sum_ref.go b/poly1305/sum_ref.go
deleted file mode 100644
index b2805a5ca..000000000
--- a/poly1305/sum_ref.go
+++ /dev/null
@@ -1,141 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !amd64,!arm gccgo appengine nacl
-
-package poly1305
-
-import "encoding/binary"
-
-// Sum generates an authenticator for msg using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[TagSize]byte, msg []byte, key *[32]byte) {
-	var (
-		h0, h1, h2, h3, h4 uint32 // the hash accumulators
-		r0, r1, r2, r3, r4 uint64 // the r part of the key
-	)
-
-	r0 = uint64(binary.LittleEndian.Uint32(key[0:]) & 0x3ffffff)
-	r1 = uint64((binary.LittleEndian.Uint32(key[3:]) >> 2) & 0x3ffff03)
-	r2 = uint64((binary.LittleEndian.Uint32(key[6:]) >> 4) & 0x3ffc0ff)
-	r3 = uint64((binary.LittleEndian.Uint32(key[9:]) >> 6) & 0x3f03fff)
-	r4 = uint64((binary.LittleEndian.Uint32(key[12:]) >> 8) & 0x00fffff)
-
-	R1, R2, R3, R4 := r1*5, r2*5, r3*5, r4*5
-
-	for len(msg) >= TagSize {
-		// h += msg
-		h0 += binary.LittleEndian.Uint32(msg[0:]) & 0x3ffffff
-		h1 += (binary.LittleEndian.Uint32(msg[3:]) >> 2) & 0x3ffffff
-		h2 += (binary.LittleEndian.Uint32(msg[6:]) >> 4) & 0x3ffffff
-		h3 += (binary.LittleEndian.Uint32(msg[9:]) >> 6) & 0x3ffffff
-		h4 += (binary.LittleEndian.Uint32(msg[12:]) >> 8) | (1 << 24)
-
-		// h *= r
-		d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1)
-		d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2)
-		d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3)
-		d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4)
-		d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0)
-
-		// h %= p
-		h0 = uint32(d0) & 0x3ffffff
-		h1 = uint32(d1) & 0x3ffffff
-		h2 = uint32(d2) & 0x3ffffff
-		h3 = uint32(d3) & 0x3ffffff
-		h4 = uint32(d4) & 0x3ffffff
-
-		h0 += uint32(d4>>26) * 5
-		h1 += h0 >> 26
-		h0 = h0 & 0x3ffffff
-
-		msg = msg[TagSize:]
-	}
-
-	if len(msg) > 0 {
-		var block [TagSize]byte
-		off := copy(block[:], msg)
-		block[off] = 0x01
-
-		// h += msg
-		h0 += binary.LittleEndian.Uint32(block[0:]) & 0x3ffffff
-		h1 += (binary.LittleEndian.Uint32(block[3:]) >> 2) & 0x3ffffff
-		h2 += (binary.LittleEndian.Uint32(block[6:]) >> 4) & 0x3ffffff
-		h3 += (binary.LittleEndian.Uint32(block[9:]) >> 6) & 0x3ffffff
-		h4 += (binary.LittleEndian.Uint32(block[12:]) >> 8)
-
-		// h *= r
-		d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1)
-		d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2)
-		d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3)
-		d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4)
-		d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0)
-
-		// h %= p
-		h0 = uint32(d0) & 0x3ffffff
-		h1 = uint32(d1) & 0x3ffffff
-		h2 = uint32(d2) & 0x3ffffff
-		h3 = uint32(d3) & 0x3ffffff
-		h4 = uint32(d4) & 0x3ffffff
-
-		h0 += uint32(d4>>26) * 5
-		h1 += h0 >> 26
-		h0 = h0 & 0x3ffffff
-	}
-
-	// h %= p reduction
-	h2 += h1 >> 26
-	h1 &= 0x3ffffff
-	h3 += h2 >> 26
-	h2 &= 0x3ffffff
-	h4 += h3 >> 26
-	h3 &= 0x3ffffff
-	h0 += 5 * (h4 >> 26)
-	h4 &= 0x3ffffff
-	h1 += h0 >> 26
-	h0 &= 0x3ffffff
-
-	// h - p
-	t0 := h0 + 5
-	t1 := h1 + (t0 >> 26)
-	t2 := h2 + (t1 >> 26)
-	t3 := h3 + (t2 >> 26)
-	t4 := h4 + (t3 >> 26) - (1 << 26)
-	t0 &= 0x3ffffff
-	t1 &= 0x3ffffff
-	t2 &= 0x3ffffff
-	t3 &= 0x3ffffff
-
-	// select h if h < p else h - p
-	t_mask := (t4 >> 31) - 1
-	h_mask := ^t_mask
-	h0 = (h0 & h_mask) | (t0 & t_mask)
-	h1 = (h1 & h_mask) | (t1 & t_mask)
-	h2 = (h2 & h_mask) | (t2 & t_mask)
-	h3 = (h3 & h_mask) | (t3 & t_mask)
-	h4 = (h4 & h_mask) | (t4 & t_mask)
-
-	// h %= 2^128
-	h0 |= h1 << 26
-	h1 = ((h1 >> 6) | (h2 << 20))
-	h2 = ((h2 >> 12) | (h3 << 14))
-	h3 = ((h3 >> 18) | (h4 << 8))
-
-	// s: the s part of the key
-	// tag = (h + s) % (2^128)
-	t := uint64(h0) + uint64(binary.LittleEndian.Uint32(key[16:]))
-	h0 = uint32(t)
-	t = uint64(h1) + uint64(binary.LittleEndian.Uint32(key[20:])) + (t >> 32)
-	h1 = uint32(t)
-	t = uint64(h2) + uint64(binary.LittleEndian.Uint32(key[24:])) + (t >> 32)
-	h2 = uint32(t)
-	t = uint64(h3) + uint64(binary.LittleEndian.Uint32(key[28:])) + (t >> 32)
-	h3 = uint32(t)
-
-	binary.LittleEndian.PutUint32(out[0:], h0)
-	binary.LittleEndian.PutUint32(out[4:], h1)
-	binary.LittleEndian.PutUint32(out[8:], h2)
-	binary.LittleEndian.PutUint32(out[12:], h3)
-}
diff --git a/ripemd160/ripemd160.go b/ripemd160/ripemd160.go
index 6c6e84236..cf3eeb158 100644
--- a/ripemd160/ripemd160.go
+++ b/ripemd160/ripemd160.go
@@ -3,9 +3,13 @@
 // license that can be found in the LICENSE file.
 
 // Package ripemd160 implements the RIPEMD-160 hash algorithm.
+//
+// Deprecated: RIPEMD-160 is a legacy hash and should not be used for new
+// applications. Also, this package does not and will not provide an optimized
+// implementation. Instead, use a modern hash like SHA-256 (from crypto/sha256).
 package ripemd160 // import "golang.org/x/crypto/ripemd160"
 
-// RIPEMD-160 is designed by by Hans Dobbertin, Antoon Bosselaers, and Bart
+// RIPEMD-160 is designed by Hans Dobbertin, Antoon Bosselaers, and Bart
 // Preneel with specifications available at:
 // http://homes.esat.kuleuven.be/~cosicart/pdf/AB-9601/AB-9601.pdf.
 
diff --git a/ripemd160/ripemd160_test.go b/ripemd160/ripemd160_test.go
index 5df1b2593..a1fbffdd5 100644
--- a/ripemd160/ripemd160_test.go
+++ b/ripemd160/ripemd160_test.go
@@ -50,15 +50,23 @@ func TestVectors(t *testing.T) {
 	}
 }
 
-func TestMillionA(t *testing.T) {
+func millionA() string {
 	md := New()
 	for i := 0; i < 100000; i++ {
 		io.WriteString(md, "aaaaaaaaaa")
 	}
-	out := "52783243c1697bdbe16d37f97f68f08325dc1528"
-	s := fmt.Sprintf("%x", md.Sum(nil))
-	if s != out {
+	return fmt.Sprintf("%x", md.Sum(nil))
+}
+
+func TestMillionA(t *testing.T) {
+	const out = "52783243c1697bdbe16d37f97f68f08325dc1528"
+	if s := millionA(); s != out {
 		t.Fatalf("RIPEMD-160 (1 million 'a') = %s, expected %s", s, out)
 	}
-	md.Reset()
+}
+
+func BenchmarkMillionA(b *testing.B) {
+	for i := 0; i < b.N; i++ {
+		millionA()
+	}
 }
diff --git a/ripemd160/ripemd160block.go b/ripemd160/ripemd160block.go
index 7bc8e6c48..e0edc02f0 100644
--- a/ripemd160/ripemd160block.go
+++ b/ripemd160/ripemd160block.go
@@ -8,6 +8,10 @@
 
 package ripemd160
 
+import (
+	"math/bits"
+)
+
 // work buffer indices and roll amounts for one line
 var _n = [80]uint{
 	0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
@@ -59,16 +63,16 @@ func _Block(md *digest, p []byte) int {
 		i := 0
 		for i < 16 {
 			alpha = a + (b ^ c ^ d) + x[_n[i]]
-			s := _r[i]
-			alpha = (alpha<<s | alpha>>(32-s)) + e
-			beta = c<<10 | c>>22
+			s := int(_r[i])
+			alpha = bits.RotateLeft32(alpha, s) + e
+			beta = bits.RotateLeft32(c, 10)
 			a, b, c, d, e = e, alpha, b, beta, d
 
 			// parallel line
 			alpha = aa + (bb ^ (cc | ^dd)) + x[n_[i]] + 0x50a28be6
-			s = r_[i]
-			alpha = (alpha<<s | alpha>>(32-s)) + ee
-			beta = cc<<10 | cc>>22
+			s = int(r_[i])
+			alpha = bits.RotateLeft32(alpha, s) + ee
+			beta = bits.RotateLeft32(cc, 10)
 			aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd
 
 			i++
@@ -77,16 +81,16 @@ func _Block(md *digest, p []byte) int {
 		// round 2
 		for i < 32 {
 			alpha = a + (b&c | ^b&d) + x[_n[i]] + 0x5a827999
-			s := _r[i]
-			alpha = (alpha<<s | alpha>>(32-s)) + e
-			beta = c<<10 | c>>22
+			s := int(_r[i])
+			alpha = bits.RotateLeft32(alpha, s) + e
+			beta = bits.RotateLeft32(c, 10)
 			a, b, c, d, e = e, alpha, b, beta, d
 
 			// parallel line
 			alpha = aa + (bb&dd | cc&^dd) + x[n_[i]] + 0x5c4dd124
-			s = r_[i]
-			alpha = (alpha<<s | alpha>>(32-s)) + ee
-			beta = cc<<10 | cc>>22
+			s = int(r_[i])
+			alpha = bits.RotateLeft32(alpha, s) + ee
+			beta = bits.RotateLeft32(cc, 10)
 			aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd
 
 			i++
@@ -95,16 +99,16 @@ func _Block(md *digest, p []byte) int {
 		// round 3
 		for i < 48 {
 			alpha = a + (b | ^c ^ d) + x[_n[i]] + 0x6ed9eba1
-			s := _r[i]
-			alpha = (alpha<<s | alpha>>(32-s)) + e
-			beta = c<<10 | c>>22
+			s := int(_r[i])
+			alpha = bits.RotateLeft32(alpha, s) + e
+			beta = bits.RotateLeft32(c, 10)
 			a, b, c, d, e = e, alpha, b, beta, d
 
 			// parallel line
 			alpha = aa + (bb | ^cc ^ dd) + x[n_[i]] + 0x6d703ef3
-			s = r_[i]
-			alpha = (alpha<<s | alpha>>(32-s)) + ee
-			beta = cc<<10 | cc>>22
+			s = int(r_[i])
+			alpha = bits.RotateLeft32(alpha, s) + ee
+			beta = bits.RotateLeft32(cc, 10)
 			aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd
 
 			i++
@@ -113,16 +117,16 @@ func _Block(md *digest, p []byte) int {
 		// round 4
 		for i < 64 {
 			alpha = a + (b&d | c&^d) + x[_n[i]] + 0x8f1bbcdc
-			s := _r[i]
-			alpha = (alpha<<s | alpha>>(32-s)) + e
-			beta = c<<10 | c>>22
+			s := int(_r[i])
+			alpha = bits.RotateLeft32(alpha, s) + e
+			beta = bits.RotateLeft32(c, 10)
 			a, b, c, d, e = e, alpha, b, beta, d
 
 			// parallel line
 			alpha = aa + (bb&cc | ^bb&dd) + x[n_[i]] + 0x7a6d76e9
-			s = r_[i]
-			alpha = (alpha<<s | alpha>>(32-s)) + ee
-			beta = cc<<10 | cc>>22
+			s = int(r_[i])
+			alpha = bits.RotateLeft32(alpha, s) + ee
+			beta = bits.RotateLeft32(cc, 10)
 			aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd
 
 			i++
@@ -131,16 +135,16 @@ func _Block(md *digest, p []byte) int {
 		// round 5
 		for i < 80 {
 			alpha = a + (b ^ (c | ^d)) + x[_n[i]] + 0xa953fd4e
-			s := _r[i]
-			alpha = (alpha<<s | alpha>>(32-s)) + e
-			beta = c<<10 | c>>22
+			s := int(_r[i])
+			alpha = bits.RotateLeft32(alpha, s) + e
+			beta = bits.RotateLeft32(c, 10)
 			a, b, c, d, e = e, alpha, b, beta, d
 
 			// parallel line
 			alpha = aa + (bb ^ cc ^ dd) + x[n_[i]]
-			s = r_[i]
-			alpha = (alpha<<s | alpha>>(32-s)) + ee
-			beta = cc<<10 | cc>>22
+			s = int(r_[i])
+			alpha = bits.RotateLeft32(alpha, s) + ee
+			beta = bits.RotateLeft32(cc, 10)
 			aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd
 
 			i++
diff --git a/salsa20/salsa/salsa20_amd64.go b/salsa20/salsa/salsa20_amd64.go
index 903c7858e..c400dfcf7 100644
--- a/salsa20/salsa/salsa20_amd64.go
+++ b/salsa20/salsa/salsa20_amd64.go
@@ -2,22 +2,23 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!appengine,!gccgo
+//go:build amd64 && !purego && gc
+// +build amd64,!purego,gc
 
 package salsa
 
-// This function is implemented in salsa2020_amd64.s.
-
 //go:noescape
 
+// salsa2020XORKeyStream is implemented in salsa20_amd64.s.
 func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte)
 
 // XORKeyStream crypts bytes from in to out using the given key and counters.
-// In and out may be the same slice but otherwise should not overlap. Counter
+// In and out must overlap entirely or not at all. Counter
 // contains the raw salsa20 counter bytes (both nonce and block counter).
 func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
 	if len(in) == 0 {
 		return
 	}
+	_ = out[len(in)-1]
 	salsa2020XORKeyStream(&out[0], &in[0], uint64(len(in)), &counter[0], &key[0])
 }
diff --git a/salsa20/salsa/salsa2020_amd64.s b/salsa20/salsa/salsa20_amd64.s
similarity index 83%
rename from salsa20/salsa/salsa2020_amd64.s
rename to salsa20/salsa/salsa20_amd64.s
index 22afbdcad..c08927720 100644
--- a/salsa20/salsa/salsa2020_amd64.s
+++ b/salsa20/salsa/salsa20_amd64.s
@@ -2,13 +2,14 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!appengine,!gccgo
+//go:build amd64 && !purego && gc
+// +build amd64,!purego,gc
 
 // This code was translated into a form compatible with 6a from the public
 // domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
 
 // func salsa2020XORKeyStream(out, in *byte, n uint64, nonce, key *byte)
-// This needs up to 64 bytes at 360(SP); hence the non-obvious frame size.
+// This needs up to 64 bytes at 360(R12); hence the non-obvious frame size.
 TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	MOVQ out+0(FP),DI
 	MOVQ in+8(FP),SI
@@ -17,10 +18,8 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	MOVQ key+32(FP),R8
 
 	MOVQ SP,R12
-	MOVQ SP,R9
-	ADDQ $31, R9
-	ANDQ $~31, R9
-	MOVQ R9, SP
+	ADDQ $31, R12
+	ANDQ $~31, R12
 
 	MOVQ DX,R9
 	MOVQ CX,DX
@@ -32,122 +31,116 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	MOVL 0(R10),R8
 	MOVL 0(DX),AX
 	MOVL 16(R10),R11
-	MOVL CX,0(SP)
-	MOVL R8, 4 (SP)
-	MOVL AX, 8 (SP)
-	MOVL R11, 12 (SP)
+	MOVL CX,0(R12)
+	MOVL R8, 4 (R12)
+	MOVL AX, 8 (R12)
+	MOVL R11, 12 (R12)
 	MOVL 8(DX),CX
 	MOVL 24(R10),R8
 	MOVL 4(R10),AX
 	MOVL 4(DX),R11
-	MOVL CX,16(SP)
-	MOVL R8, 20 (SP)
-	MOVL AX, 24 (SP)
-	MOVL R11, 28 (SP)
+	MOVL CX,16(R12)
+	MOVL R8, 20 (R12)
+	MOVL AX, 24 (R12)
+	MOVL R11, 28 (R12)
 	MOVL 12(DX),CX
 	MOVL 12(R10),DX
 	MOVL 28(R10),R8
 	MOVL 8(R10),AX
-	MOVL DX,32(SP)
-	MOVL CX, 36 (SP)
-	MOVL R8, 40 (SP)
-	MOVL AX, 44 (SP)
+	MOVL DX,32(R12)
+	MOVL CX, 36 (R12)
+	MOVL R8, 40 (R12)
+	MOVL AX, 44 (R12)
 	MOVQ $1634760805,DX
 	MOVQ $857760878,CX
 	MOVQ $2036477234,R8
 	MOVQ $1797285236,AX
-	MOVL DX,48(SP)
-	MOVL CX, 52 (SP)
-	MOVL R8, 56 (SP)
-	MOVL AX, 60 (SP)
+	MOVL DX,48(R12)
+	MOVL CX, 52 (R12)
+	MOVL R8, 56 (R12)
+	MOVL AX, 60 (R12)
 	CMPQ R9,$256
 	JB BYTESBETWEEN1AND255
-	MOVOA 48(SP),X0
+	MOVOA 48(R12),X0
 	PSHUFL $0X55,X0,X1
 	PSHUFL $0XAA,X0,X2
 	PSHUFL $0XFF,X0,X3
 	PSHUFL $0X00,X0,X0
-	MOVOA X1,64(SP)
-	MOVOA X2,80(SP)
-	MOVOA X3,96(SP)
-	MOVOA X0,112(SP)
-	MOVOA 0(SP),X0
+	MOVOA X1,64(R12)
+	MOVOA X2,80(R12)
+	MOVOA X3,96(R12)
+	MOVOA X0,112(R12)
+	MOVOA 0(R12),X0
 	PSHUFL $0XAA,X0,X1
 	PSHUFL $0XFF,X0,X2
 	PSHUFL $0X00,X0,X3
 	PSHUFL $0X55,X0,X0
-	MOVOA X1,128(SP)
-	MOVOA X2,144(SP)
-	MOVOA X3,160(SP)
-	MOVOA X0,176(SP)
-	MOVOA 16(SP),X0
+	MOVOA X1,128(R12)
+	MOVOA X2,144(R12)
+	MOVOA X3,160(R12)
+	MOVOA X0,176(R12)
+	MOVOA 16(R12),X0
 	PSHUFL $0XFF,X0,X1
 	PSHUFL $0X55,X0,X2
 	PSHUFL $0XAA,X0,X0
-	MOVOA X1,192(SP)
-	MOVOA X2,208(SP)
-	MOVOA X0,224(SP)
-	MOVOA 32(SP),X0
+	MOVOA X1,192(R12)
+	MOVOA X2,208(R12)
+	MOVOA X0,224(R12)
+	MOVOA 32(R12),X0
 	PSHUFL $0X00,X0,X1
 	PSHUFL $0XAA,X0,X2
 	PSHUFL $0XFF,X0,X0
-	MOVOA X1,240(SP)
-	MOVOA X2,256(SP)
-	MOVOA X0,272(SP)
+	MOVOA X1,240(R12)
+	MOVOA X2,256(R12)
+	MOVOA X0,272(R12)
 	BYTESATLEAST256:
-	MOVL 16(SP),DX
-	MOVL  36 (SP),CX
-	MOVL DX,288(SP)
-	MOVL CX,304(SP)
-	ADDQ $1,DX
+	MOVL 16(R12),DX
+	MOVL  36 (R12),CX
+	MOVL DX,288(R12)
+	MOVL CX,304(R12)
 	SHLQ $32,CX
 	ADDQ CX,DX
+	ADDQ $1,DX
 	MOVQ DX,CX
 	SHRQ $32,CX
-	MOVL DX, 292 (SP)
-	MOVL CX, 308 (SP)
+	MOVL DX, 292 (R12)
+	MOVL CX, 308 (R12)
 	ADDQ $1,DX
-	SHLQ $32,CX
-	ADDQ CX,DX
 	MOVQ DX,CX
 	SHRQ $32,CX
-	MOVL DX, 296 (SP)
-	MOVL CX, 312 (SP)
+	MOVL DX, 296 (R12)
+	MOVL CX, 312 (R12)
 	ADDQ $1,DX
-	SHLQ $32,CX
-	ADDQ CX,DX
 	MOVQ DX,CX
 	SHRQ $32,CX
-	MOVL DX, 300 (SP)
-	MOVL CX, 316 (SP)
+	MOVL DX, 300 (R12)
+	MOVL CX, 316 (R12)
 	ADDQ $1,DX
-	SHLQ $32,CX
-	ADDQ CX,DX
 	MOVQ DX,CX
 	SHRQ $32,CX
-	MOVL DX,16(SP)
-	MOVL CX, 36 (SP)
-	MOVQ R9,352(SP)
+	MOVL DX,16(R12)
+	MOVL CX, 36 (R12)
+	MOVQ R9,352(R12)
 	MOVQ $20,DX
-	MOVOA 64(SP),X0
-	MOVOA 80(SP),X1
-	MOVOA 96(SP),X2
-	MOVOA 256(SP),X3
-	MOVOA 272(SP),X4
-	MOVOA 128(SP),X5
-	MOVOA 144(SP),X6
-	MOVOA 176(SP),X7
-	MOVOA 192(SP),X8
-	MOVOA 208(SP),X9
-	MOVOA 224(SP),X10
-	MOVOA 304(SP),X11
-	MOVOA 112(SP),X12
-	MOVOA 160(SP),X13
-	MOVOA 240(SP),X14
-	MOVOA 288(SP),X15
+	MOVOA 64(R12),X0
+	MOVOA 80(R12),X1
+	MOVOA 96(R12),X2
+	MOVOA 256(R12),X3
+	MOVOA 272(R12),X4
+	MOVOA 128(R12),X5
+	MOVOA 144(R12),X6
+	MOVOA 176(R12),X7
+	MOVOA 192(R12),X8
+	MOVOA 208(R12),X9
+	MOVOA 224(R12),X10
+	MOVOA 304(R12),X11
+	MOVOA 112(R12),X12
+	MOVOA 160(R12),X13
+	MOVOA 240(R12),X14
+	MOVOA 288(R12),X15
 	MAINLOOP1:
-	MOVOA X1,320(SP)
-	MOVOA X2,336(SP)
+	MOVOA X1,320(R12)
+	MOVOA X2,336(R12)
 	MOVOA X13,X1
 	PADDL X12,X1
 	MOVOA X1,X2
@@ -197,8 +190,8 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	PXOR X1,X12
 	PSRLL $14,X2
 	PXOR X2,X12
-	MOVOA 320(SP),X1
-	MOVOA X12,320(SP)
+	MOVOA 320(R12),X1
+	MOVOA X12,320(R12)
 	MOVOA X9,X2
 	PADDL X7,X2
 	MOVOA X2,X12
@@ -213,8 +206,8 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	PXOR X2,X3
 	PSRLL $25,X12
 	PXOR X12,X3
-	MOVOA 336(SP),X2
-	MOVOA X0,336(SP)
+	MOVOA 336(R12),X2
+	MOVOA X0,336(R12)
 	MOVOA X6,X0
 	PADDL X2,X0
 	MOVOA X0,X12
@@ -257,8 +250,8 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	PXOR X0,X1
 	PSRLL $14,X12
 	PXOR X12,X1
-	MOVOA 320(SP),X0
-	MOVOA X1,320(SP)
+	MOVOA 320(R12),X0
+	MOVOA X1,320(R12)
 	MOVOA X4,X1
 	PADDL X0,X1
 	MOVOA X1,X12
@@ -273,8 +266,8 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	PXOR X1,X2
 	PSRLL $14,X12
 	PXOR X12,X2
-	MOVOA 336(SP),X12
-	MOVOA X2,336(SP)
+	MOVOA 336(R12),X12
+	MOVOA X2,336(R12)
 	MOVOA X14,X1
 	PADDL X12,X1
 	MOVOA X1,X2
@@ -317,8 +310,8 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	PXOR X1,X0
 	PSRLL $14,X2
 	PXOR X2,X0
-	MOVOA 320(SP),X1
-	MOVOA X0,320(SP)
+	MOVOA 320(R12),X1
+	MOVOA X0,320(R12)
 	MOVOA X8,X0
 	PADDL X14,X0
 	MOVOA X0,X2
@@ -333,8 +326,8 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	PXOR X0,X6
 	PSRLL $25,X2
 	PXOR X2,X6
-	MOVOA 336(SP),X2
-	MOVOA X12,336(SP)
+	MOVOA 336(R12),X2
+	MOVOA X12,336(R12)
 	MOVOA X3,X0
 	PADDL X2,X0
 	MOVOA X0,X12
@@ -384,14 +377,14 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	PXOR X0,X2
 	PSRLL $14,X12
 	PXOR X12,X2
-	MOVOA 320(SP),X12
-	MOVOA 336(SP),X0
+	MOVOA 320(R12),X12
+	MOVOA 336(R12),X0
 	SUBQ $2,DX
 	JA MAINLOOP1
-	PADDL 112(SP),X12
-	PADDL 176(SP),X7
-	PADDL 224(SP),X10
-	PADDL 272(SP),X4
+	PADDL 112(R12),X12
+	PADDL 176(R12),X7
+	PADDL 224(R12),X10
+	PADDL 272(R12),X4
 	MOVD X12,DX
 	MOVD X7,CX
 	MOVD X10,R8
@@ -452,10 +445,10 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	MOVL CX,196(DI)
 	MOVL R8,200(DI)
 	MOVL R9,204(DI)
-	PADDL 240(SP),X14
-	PADDL 64(SP),X0
-	PADDL 128(SP),X5
-	PADDL 192(SP),X8
+	PADDL 240(R12),X14
+	PADDL 64(R12),X0
+	PADDL 128(R12),X5
+	PADDL 192(R12),X8
 	MOVD X14,DX
 	MOVD X0,CX
 	MOVD X5,R8
@@ -516,10 +509,10 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	MOVL CX,212(DI)
 	MOVL R8,216(DI)
 	MOVL R9,220(DI)
-	PADDL 288(SP),X15
-	PADDL 304(SP),X11
-	PADDL 80(SP),X1
-	PADDL 144(SP),X6
+	PADDL 288(R12),X15
+	PADDL 304(R12),X11
+	PADDL 80(R12),X1
+	PADDL 144(R12),X6
 	MOVD X15,DX
 	MOVD X11,CX
 	MOVD X1,R8
@@ -580,10 +573,10 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	MOVL CX,228(DI)
 	MOVL R8,232(DI)
 	MOVL R9,236(DI)
-	PADDL 160(SP),X13
-	PADDL 208(SP),X9
-	PADDL 256(SP),X3
-	PADDL 96(SP),X2
+	PADDL 160(R12),X13
+	PADDL 208(R12),X9
+	PADDL 256(R12),X3
+	PADDL 96(R12),X2
 	MOVD X13,DX
 	MOVD X9,CX
 	MOVD X3,R8
@@ -644,7 +637,7 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	MOVL CX,244(DI)
 	MOVL R8,248(DI)
 	MOVL R9,252(DI)
-	MOVQ 352(SP),R9
+	MOVQ 352(R12),R9
 	SUBQ $256,R9
 	ADDQ $256,SI
 	ADDQ $256,DI
@@ -656,17 +649,17 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	CMPQ R9,$64
 	JAE NOCOPY
 	MOVQ DI,DX
-	LEAQ 360(SP),DI
+	LEAQ 360(R12),DI
 	MOVQ R9,CX
 	REP; MOVSB
-	LEAQ 360(SP),DI
-	LEAQ 360(SP),SI
+	LEAQ 360(R12),DI
+	LEAQ 360(R12),SI
 	NOCOPY:
-	MOVQ R9,352(SP)
-	MOVOA 48(SP),X0
-	MOVOA 0(SP),X1
-	MOVOA 16(SP),X2
-	MOVOA 32(SP),X3
+	MOVQ R9,352(R12)
+	MOVOA 48(R12),X0
+	MOVOA 0(R12),X1
+	MOVOA 16(R12),X2
+	MOVOA 32(R12),X3
 	MOVOA X1,X4
 	MOVQ $20,CX
 	MAINLOOP2:
@@ -797,10 +790,10 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	PSHUFL $0X39,X3,X3
 	PXOR X6,X0
 	JA MAINLOOP2
-	PADDL 48(SP),X0
-	PADDL 0(SP),X1
-	PADDL 16(SP),X2
-	PADDL 32(SP),X3
+	PADDL 48(R12),X0
+	PADDL 0(R12),X1
+	PADDL 16(R12),X2
+	PADDL 32(R12),X3
 	MOVD X0,CX
 	MOVD X1,R8
 	MOVD X2,R9
@@ -861,16 +854,16 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	MOVL R8,44(DI)
 	MOVL R9,28(DI)
 	MOVL AX,12(DI)
-	MOVQ 352(SP),R9
-	MOVL 16(SP),CX
-	MOVL  36 (SP),R8
+	MOVQ 352(R12),R9
+	MOVL 16(R12),CX
+	MOVL  36 (R12),R8
 	ADDQ $1,CX
 	SHLQ $32,R8
 	ADDQ R8,CX
 	MOVQ CX,R8
 	SHRQ $32,R8
-	MOVL CX,16(SP)
-	MOVL R8, 36 (SP)
+	MOVL CX,16(R12)
+	MOVL R8, 36 (R12)
 	CMPQ R9,$64
 	JA BYTESATLEAST65
 	JAE BYTESATLEAST64
@@ -880,7 +873,6 @@ TEXT ·salsa2020XORKeyStream(SB),0,$456-40 // frame = 424 + 32 byte alignment
 	REP; MOVSB
 	BYTESATLEAST64:
 	DONE:
-	MOVQ R12,SP
 	RET
 	BYTESATLEAST65:
 	SUBQ $64,R9
diff --git a/salsa20/salsa/salsa20_amd64_test.go b/salsa20/salsa/salsa20_amd64_test.go
new file mode 100644
index 000000000..fc781f76f
--- /dev/null
+++ b/salsa20/salsa/salsa20_amd64_test.go
@@ -0,0 +1,32 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build amd64 && !purego && gc
+// +build amd64,!purego,gc
+
+package salsa
+
+import (
+	"bytes"
+	"testing"
+)
+
+func TestCounterOverflow(t *testing.T) {
+	in := make([]byte, 4096)
+	key := &[32]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5,
+		6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2}
+	for n, counter := range []*[16]byte{
+		&[16]byte{0, 1, 2, 3, 4, 5, 6, 7, 0, 0, 0, 0, 0, 0, 0, 0},             // zero counter
+		&[16]byte{0, 1, 2, 3, 4, 5, 6, 7, 0, 0, 0, 0, 0xff, 0xff, 0xff, 0xff}, // counter about to overflow 32 bits
+		&[16]byte{0, 1, 2, 3, 4, 5, 6, 7, 1, 2, 3, 4, 0xff, 0xff, 0xff, 0xff}, // counter above 32 bits
+	} {
+		out := make([]byte, 4096)
+		XORKeyStream(out, in, counter, key)
+		outGeneric := make([]byte, 4096)
+		genericXORKeyStream(outGeneric, in, counter, key)
+		if !bytes.Equal(out, outGeneric) {
+			t.Errorf("%d: assembly and go implementations disagree", n)
+		}
+	}
+}
diff --git a/salsa20/salsa/salsa20_noasm.go b/salsa20/salsa/salsa20_noasm.go
new file mode 100644
index 000000000..4392cc1ac
--- /dev/null
+++ b/salsa20/salsa/salsa20_noasm.go
@@ -0,0 +1,15 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !amd64 || purego || !gc
+// +build !amd64 purego !gc
+
+package salsa
+
+// XORKeyStream crypts bytes from in to out using the given key and counters.
+// In and out must overlap entirely or not at all. Counter
+// contains the raw salsa20 counter bytes (both nonce and block counter).
+func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
+	genericXORKeyStream(out, in, counter, key)
+}
diff --git a/salsa20/salsa/salsa20_ref.go b/salsa20/salsa/salsa20_ref.go
index 95f8ca5bb..68169c6d6 100644
--- a/salsa20/salsa/salsa20_ref.go
+++ b/salsa20/salsa/salsa20_ref.go
@@ -2,8 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !amd64 appengine gccgo
-
 package salsa
 
 const rounds = 20
@@ -202,10 +200,9 @@ func core(out *[64]byte, in *[16]byte, k *[32]byte, c *[16]byte) {
 	out[63] = byte(x15 >> 24)
 }
 
-// XORKeyStream crypts bytes from in to out using the given key and counters.
-// In and out may be the same slice but otherwise should not overlap. Counter
-// contains the raw salsa20 counter bytes (both nonce and block counter).
-func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
+// genericXORKeyStream is the generic implementation of XORKeyStream to be used
+// when no assembly implementation is available.
+func genericXORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
 	var block [64]byte
 	var counterCopy [16]byte
 	copy(counterCopy[:], counter[:])
diff --git a/salsa20/salsa/salsa_test.go b/salsa20/salsa/salsa_test.go
index f8cecd9e6..f67e94eba 100644
--- a/salsa20/salsa/salsa_test.go
+++ b/salsa20/salsa/salsa_test.go
@@ -33,3 +33,22 @@ func TestCore208(t *testing.T) {
 		t.Errorf("expected %x, got %x", out, in)
 	}
 }
+
+func TestOutOfBoundsWrite(t *testing.T) {
+	// encrypted "0123456789"
+	cipherText := []byte{170, 166, 196, 104, 175, 121, 68, 44, 174, 51}
+	var counter [16]byte
+	var key [32]byte
+	want := "abcdefghij"
+	plainText := []byte(want)
+	defer func() {
+		err := recover()
+		if err == nil {
+			t.Error("XORKeyStream expected to panic on len(dst) < len(src), but didn't")
+		}
+		if plainText[3] == '3' {
+			t.Errorf("XORKeyStream did out of bounds write, want %v, got %v", want, string(plainText))
+		}
+	}()
+	XORKeyStream(plainText[:3], cipherText, &counter, &key)
+}
diff --git a/salsa20/salsa20.go b/salsa20/salsa20.go
index a8ddd76e8..6f9bb106c 100644
--- a/salsa20/salsa20.go
+++ b/salsa20/salsa20.go
@@ -24,15 +24,19 @@ package salsa20 // import "golang.org/x/crypto/salsa20"
 // TODO(agl): implement XORKeyStream12 and XORKeyStream8 - the reduced round variants of Salsa20.
 
 import (
+	"golang.org/x/crypto/internal/subtle"
 	"golang.org/x/crypto/salsa20/salsa"
 )
 
-// XORKeyStream crypts bytes from in to out using the given key and nonce. In
-// and out may be the same slice but otherwise should not overlap. Nonce must
+// XORKeyStream crypts bytes from in to out using the given key and nonce.
+// In and out must overlap entirely or not at all. Nonce must
 // be either 8 or 24 bytes long.
 func XORKeyStream(out, in []byte, nonce []byte, key *[32]byte) {
 	if len(out) < len(in) {
-		in = in[:len(out)]
+		panic("salsa20: output smaller than input")
+	}
+	if subtle.InexactOverlap(out[:len(in)], in) {
+		panic("salsa20: invalid buffer overlap")
 	}
 
 	var subNonce [16]byte
diff --git a/scrypt/example_test.go b/scrypt/example_test.go
new file mode 100644
index 000000000..6736479b1
--- /dev/null
+++ b/scrypt/example_test.go
@@ -0,0 +1,26 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package scrypt_test
+
+import (
+	"encoding/base64"
+	"fmt"
+	"log"
+
+	"golang.org/x/crypto/scrypt"
+)
+
+func Example() {
+	// DO NOT use this salt value; generate your own random salt. 8 bytes is
+	// a good length.
+	salt := []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b}
+
+	dk, err := scrypt.Key([]byte("some password"), salt, 1<<15, 8, 1, 32)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println(base64.StdEncoding.EncodeToString(dk))
+	// Output: lGnMz8io0AUkfzn6Pls1qX20Vs7PGN6sbYQ2TQgY12M=
+}
diff --git a/scrypt/scrypt.go b/scrypt/scrypt.go
index 14375c509..bbe4494c6 100644
--- a/scrypt/scrypt.go
+++ b/scrypt/scrypt.go
@@ -9,7 +9,9 @@ package scrypt // import "golang.org/x/crypto/scrypt"
 
 import (
 	"crypto/sha256"
+	"encoding/binary"
 	"errors"
+	"math/bits"
 
 	"golang.org/x/crypto/pbkdf2"
 )
@@ -29,7 +31,7 @@ func blockXOR(dst, src []uint32, n int) {
 }
 
 // salsaXOR applies Salsa20/8 to the XOR of 16 numbers from tmp and in,
-// and puts the result into both both tmp and out.
+// and puts the result into both tmp and out.
 func salsaXOR(tmp *[16]uint32, in, out []uint32) {
 	w0 := tmp[0] ^ in[0]
 	w1 := tmp[1] ^ in[1]
@@ -52,77 +54,45 @@ func salsaXOR(tmp *[16]uint32, in, out []uint32) {
 	x9, x10, x11, x12, x13, x14, x15 := w9, w10, w11, w12, w13, w14, w15
 
 	for i := 0; i < 8; i += 2 {
-		u := x0 + x12
-		x4 ^= u<<7 | u>>(32-7)
-		u = x4 + x0
-		x8 ^= u<<9 | u>>(32-9)
-		u = x8 + x4
-		x12 ^= u<<13 | u>>(32-13)
-		u = x12 + x8
-		x0 ^= u<<18 | u>>(32-18)
-
-		u = x5 + x1
-		x9 ^= u<<7 | u>>(32-7)
-		u = x9 + x5
-		x13 ^= u<<9 | u>>(32-9)
-		u = x13 + x9
-		x1 ^= u<<13 | u>>(32-13)
-		u = x1 + x13
-		x5 ^= u<<18 | u>>(32-18)
-
-		u = x10 + x6
-		x14 ^= u<<7 | u>>(32-7)
-		u = x14 + x10
-		x2 ^= u<<9 | u>>(32-9)
-		u = x2 + x14
-		x6 ^= u<<13 | u>>(32-13)
-		u = x6 + x2
-		x10 ^= u<<18 | u>>(32-18)
-
-		u = x15 + x11
-		x3 ^= u<<7 | u>>(32-7)
-		u = x3 + x15
-		x7 ^= u<<9 | u>>(32-9)
-		u = x7 + x3
-		x11 ^= u<<13 | u>>(32-13)
-		u = x11 + x7
-		x15 ^= u<<18 | u>>(32-18)
-
-		u = x0 + x3
-		x1 ^= u<<7 | u>>(32-7)
-		u = x1 + x0
-		x2 ^= u<<9 | u>>(32-9)
-		u = x2 + x1
-		x3 ^= u<<13 | u>>(32-13)
-		u = x3 + x2
-		x0 ^= u<<18 | u>>(32-18)
-
-		u = x5 + x4
-		x6 ^= u<<7 | u>>(32-7)
-		u = x6 + x5
-		x7 ^= u<<9 | u>>(32-9)
-		u = x7 + x6
-		x4 ^= u<<13 | u>>(32-13)
-		u = x4 + x7
-		x5 ^= u<<18 | u>>(32-18)
-
-		u = x10 + x9
-		x11 ^= u<<7 | u>>(32-7)
-		u = x11 + x10
-		x8 ^= u<<9 | u>>(32-9)
-		u = x8 + x11
-		x9 ^= u<<13 | u>>(32-13)
-		u = x9 + x8
-		x10 ^= u<<18 | u>>(32-18)
-
-		u = x15 + x14
-		x12 ^= u<<7 | u>>(32-7)
-		u = x12 + x15
-		x13 ^= u<<9 | u>>(32-9)
-		u = x13 + x12
-		x14 ^= u<<13 | u>>(32-13)
-		u = x14 + x13
-		x15 ^= u<<18 | u>>(32-18)
+		x4 ^= bits.RotateLeft32(x0+x12, 7)
+		x8 ^= bits.RotateLeft32(x4+x0, 9)
+		x12 ^= bits.RotateLeft32(x8+x4, 13)
+		x0 ^= bits.RotateLeft32(x12+x8, 18)
+
+		x9 ^= bits.RotateLeft32(x5+x1, 7)
+		x13 ^= bits.RotateLeft32(x9+x5, 9)
+		x1 ^= bits.RotateLeft32(x13+x9, 13)
+		x5 ^= bits.RotateLeft32(x1+x13, 18)
+
+		x14 ^= bits.RotateLeft32(x10+x6, 7)
+		x2 ^= bits.RotateLeft32(x14+x10, 9)
+		x6 ^= bits.RotateLeft32(x2+x14, 13)
+		x10 ^= bits.RotateLeft32(x6+x2, 18)
+
+		x3 ^= bits.RotateLeft32(x15+x11, 7)
+		x7 ^= bits.RotateLeft32(x3+x15, 9)
+		x11 ^= bits.RotateLeft32(x7+x3, 13)
+		x15 ^= bits.RotateLeft32(x11+x7, 18)
+
+		x1 ^= bits.RotateLeft32(x0+x3, 7)
+		x2 ^= bits.RotateLeft32(x1+x0, 9)
+		x3 ^= bits.RotateLeft32(x2+x1, 13)
+		x0 ^= bits.RotateLeft32(x3+x2, 18)
+
+		x6 ^= bits.RotateLeft32(x5+x4, 7)
+		x7 ^= bits.RotateLeft32(x6+x5, 9)
+		x4 ^= bits.RotateLeft32(x7+x6, 13)
+		x5 ^= bits.RotateLeft32(x4+x7, 18)
+
+		x11 ^= bits.RotateLeft32(x10+x9, 7)
+		x8 ^= bits.RotateLeft32(x11+x10, 9)
+		x9 ^= bits.RotateLeft32(x8+x11, 13)
+		x10 ^= bits.RotateLeft32(x9+x8, 18)
+
+		x12 ^= bits.RotateLeft32(x15+x14, 7)
+		x13 ^= bits.RotateLeft32(x12+x15, 9)
+		x14 ^= bits.RotateLeft32(x13+x12, 13)
+		x15 ^= bits.RotateLeft32(x14+x13, 18)
 	}
 	x0 += w0
 	x1 += w1
@@ -174,36 +144,34 @@ func integer(b []uint32, r int) uint64 {
 
 func smix(b []byte, r, N int, v, xy []uint32) {
 	var tmp [16]uint32
+	R := 32 * r
 	x := xy
-	y := xy[32*r:]
+	y := xy[R:]
 
 	j := 0
-	for i := 0; i < 32*r; i++ {
-		x[i] = uint32(b[j]) | uint32(b[j+1])<<8 | uint32(b[j+2])<<16 | uint32(b[j+3])<<24
+	for i := 0; i < R; i++ {
+		x[i] = binary.LittleEndian.Uint32(b[j:])
 		j += 4
 	}
 	for i := 0; i < N; i += 2 {
-		blockCopy(v[i*(32*r):], x, 32*r)
+		blockCopy(v[i*R:], x, R)
 		blockMix(&tmp, x, y, r)
 
-		blockCopy(v[(i+1)*(32*r):], y, 32*r)
+		blockCopy(v[(i+1)*R:], y, R)
 		blockMix(&tmp, y, x, r)
 	}
 	for i := 0; i < N; i += 2 {
 		j := int(integer(x, r) & uint64(N-1))
-		blockXOR(x, v[j*(32*r):], 32*r)
+		blockXOR(x, v[j*R:], R)
 		blockMix(&tmp, x, y, r)
 
 		j = int(integer(y, r) & uint64(N-1))
-		blockXOR(y, v[j*(32*r):], 32*r)
+		blockXOR(y, v[j*R:], R)
 		blockMix(&tmp, y, x, r)
 	}
 	j = 0
-	for _, v := range x[:32*r] {
-		b[j+0] = byte(v >> 0)
-		b[j+1] = byte(v >> 8)
-		b[j+2] = byte(v >> 16)
-		b[j+3] = byte(v >> 24)
+	for _, v := range x[:R] {
+		binary.LittleEndian.PutUint32(b[j:], v)
 		j += 4
 	}
 }
@@ -218,11 +186,12 @@ func smix(b []byte, r, N int, v, xy []uint32) {
 // For example, you can get a derived key for e.g. AES-256 (which needs a
 // 32-byte key) by doing:
 //
-//      dk, err := scrypt.Key([]byte("some password"), salt, 16384, 8, 1, 32)
+//      dk, err := scrypt.Key([]byte("some password"), salt, 32768, 8, 1, 32)
 //
-// The recommended parameters for interactive logins as of 2009 are N=16384,
-// r=8, p=1. They should be increased as memory latency and CPU parallelism
-// increases. Remember to get a good random salt.
+// The recommended parameters for interactive logins as of 2017 are N=32768, r=8
+// and p=1. The parameters N, r, and p should be increased as memory latency and
+// CPU parallelism increases; consider setting N to the highest power of 2 you
+// can derive within 100 milliseconds. Remember to get a good random salt.
 func Key(password, salt []byte, N, r, p, keyLen int) ([]byte, error) {
 	if N <= 1 || N&(N-1) != 0 {
 		return nil, errors.New("scrypt: N must be > 1 and a power of 2")
diff --git a/scrypt/scrypt_test.go b/scrypt/scrypt_test.go
index e096c3a31..766ed8d90 100644
--- a/scrypt/scrypt_test.go
+++ b/scrypt/scrypt_test.go
@@ -153,8 +153,10 @@ func TestKey(t *testing.T) {
 	}
 }
 
+var sink []byte
+
 func BenchmarkKey(b *testing.B) {
 	for i := 0; i < b.N; i++ {
-		Key([]byte("password"), []byte("salt"), 16384, 8, 1, 64)
+		sink, _ = Key([]byte("password"), []byte("salt"), 1<<15, 8, 1, 64)
 	}
 }
diff --git a/sha3/doc.go b/sha3/doc.go
index a0ee3ae72..c2fef30af 100644
--- a/sha3/doc.go
+++ b/sha3/doc.go
@@ -43,7 +43,7 @@
 // is then "full" and the permutation is applied to "empty" it. This process is
 // repeated until all the input has been "absorbed". The input is then padded.
 // The digest is "squeezed" from the sponge in the same way, except that output
-// output is copied out instead of input being XORed in.
+// is copied out instead of input being XORed in.
 //
 // A sponge is parameterized by its generic security strength, which is equal
 // to half its capacity; capacity + rate is equal to the permutation's width.
diff --git a/sha3/hashes.go b/sha3/hashes.go
index 2b51cf4e9..0d8043fd2 100644
--- a/sha3/hashes.go
+++ b/sha3/hashes.go
@@ -15,22 +15,54 @@ import (
 // New224 creates a new SHA3-224 hash.
 // Its generic security strength is 224 bits against preimage attacks,
 // and 112 bits against collision attacks.
-func New224() hash.Hash { return &state{rate: 144, outputLen: 28, dsbyte: 0x06} }
+func New224() hash.Hash {
+	if h := new224Asm(); h != nil {
+		return h
+	}
+	return &state{rate: 144, outputLen: 28, dsbyte: 0x06}
+}
 
 // New256 creates a new SHA3-256 hash.
 // Its generic security strength is 256 bits against preimage attacks,
 // and 128 bits against collision attacks.
-func New256() hash.Hash { return &state{rate: 136, outputLen: 32, dsbyte: 0x06} }
+func New256() hash.Hash {
+	if h := new256Asm(); h != nil {
+		return h
+	}
+	return &state{rate: 136, outputLen: 32, dsbyte: 0x06}
+}
 
 // New384 creates a new SHA3-384 hash.
 // Its generic security strength is 384 bits against preimage attacks,
 // and 192 bits against collision attacks.
-func New384() hash.Hash { return &state{rate: 104, outputLen: 48, dsbyte: 0x06} }
+func New384() hash.Hash {
+	if h := new384Asm(); h != nil {
+		return h
+	}
+	return &state{rate: 104, outputLen: 48, dsbyte: 0x06}
+}
 
 // New512 creates a new SHA3-512 hash.
 // Its generic security strength is 512 bits against preimage attacks,
 // and 256 bits against collision attacks.
-func New512() hash.Hash { return &state{rate: 72, outputLen: 64, dsbyte: 0x06} }
+func New512() hash.Hash {
+	if h := new512Asm(); h != nil {
+		return h
+	}
+	return &state{rate: 72, outputLen: 64, dsbyte: 0x06}
+}
+
+// NewLegacyKeccak256 creates a new Keccak-256 hash.
+//
+// Only use this function if you require compatibility with an existing cryptosystem
+// that uses non-standard padding. All other users should use New256 instead.
+func NewLegacyKeccak256() hash.Hash { return &state{rate: 136, outputLen: 32, dsbyte: 0x01} }
+
+// NewLegacyKeccak512 creates a new Keccak-512 hash.
+//
+// Only use this function if you require compatibility with an existing cryptosystem
+// that uses non-standard padding. All other users should use New512 instead.
+func NewLegacyKeccak512() hash.Hash { return &state{rate: 72, outputLen: 64, dsbyte: 0x01} }
 
 // Sum224 returns the SHA3-224 digest of the data.
 func Sum224(data []byte) (digest [28]byte) {
diff --git a/sha3/hashes_generic.go b/sha3/hashes_generic.go
new file mode 100644
index 000000000..c74fc20fc
--- /dev/null
+++ b/sha3/hashes_generic.go
@@ -0,0 +1,28 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !gc || purego || !s390x
+// +build !gc purego !s390x
+
+package sha3
+
+import (
+	"hash"
+)
+
+// new224Asm returns an assembly implementation of SHA3-224 if available,
+// otherwise it returns nil.
+func new224Asm() hash.Hash { return nil }
+
+// new256Asm returns an assembly implementation of SHA3-256 if available,
+// otherwise it returns nil.
+func new256Asm() hash.Hash { return nil }
+
+// new384Asm returns an assembly implementation of SHA3-384 if available,
+// otherwise it returns nil.
+func new384Asm() hash.Hash { return nil }
+
+// new512Asm returns an assembly implementation of SHA3-512 if available,
+// otherwise it returns nil.
+func new512Asm() hash.Hash { return nil }
diff --git a/sha3/keccakf.go b/sha3/keccakf.go
index 46d03ed38..0f4ae8bac 100644
--- a/sha3/keccakf.go
+++ b/sha3/keccakf.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//  +build !amd64 appengine gccgo
+//go:build !amd64 || purego || !gc
+// +build !amd64 purego !gc
 
 package sha3
 
diff --git a/sha3/keccakf_amd64.go b/sha3/keccakf_amd64.go
index 788679585..248a38241 100644
--- a/sha3/keccakf_amd64.go
+++ b/sha3/keccakf_amd64.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!appengine,!gccgo
+//go:build amd64 && !purego && gc
+// +build amd64,!purego,gc
 
 package sha3
 
diff --git a/sha3/keccakf_amd64.s b/sha3/keccakf_amd64.s
index f88533acc..4cfa54383 100644
--- a/sha3/keccakf_amd64.s
+++ b/sha3/keccakf_amd64.s
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build amd64,!appengine,!gccgo
+//go:build amd64 && !purego && gc
+// +build amd64,!purego,gc
 
 // This code was translated into a form compatible with 6a from the public
 // domain sources at https://github.com/gvanas/KeccakCodePackage
diff --git a/sha3/register.go b/sha3/register.go
index 3cf6a22e0..8b4453aac 100644
--- a/sha3/register.go
+++ b/sha3/register.go
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build go1.4
 // +build go1.4
 
 package sha3
diff --git a/sha3/sha3.go b/sha3/sha3.go
index c86167c0b..ba269a073 100644
--- a/sha3/sha3.go
+++ b/sha3/sha3.go
@@ -38,13 +38,13 @@ type state struct {
 	// [1] http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf
 	//     "Draft FIPS 202: SHA-3 Standard: Permutation-Based Hash and
 	//      Extendable-Output Functions (May 2014)"
-	dsbyte  byte
-	storage [maxRate]byte
+	dsbyte byte
+
+	storage storageBuf
 
 	// Specific to SHA-3 and SHAKE.
-	fixedOutput bool            // whether this is a fixed-output-length instance
-	outputLen   int             // the default output size in bytes
-	state       spongeDirection // whether the sponge is absorbing or squeezing
+	outputLen int             // the default output size in bytes
+	state     spongeDirection // whether the sponge is absorbing or squeezing
 }
 
 // BlockSize returns the rate of sponge underlying this hash function.
@@ -61,15 +61,15 @@ func (d *state) Reset() {
 		d.a[i] = 0
 	}
 	d.state = spongeAbsorbing
-	d.buf = d.storage[:0]
+	d.buf = d.storage.asBytes()[:0]
 }
 
 func (d *state) clone() *state {
 	ret := *d
 	if ret.state == spongeAbsorbing {
-		ret.buf = ret.storage[:len(ret.buf)]
+		ret.buf = ret.storage.asBytes()[:len(ret.buf)]
 	} else {
-		ret.buf = ret.storage[d.rate-cap(d.buf) : d.rate]
+		ret.buf = ret.storage.asBytes()[d.rate-cap(d.buf) : d.rate]
 	}
 
 	return &ret
@@ -83,13 +83,13 @@ func (d *state) permute() {
 		// If we're absorbing, we need to xor the input into the state
 		// before applying the permutation.
 		xorIn(d, d.buf)
-		d.buf = d.storage[:0]
+		d.buf = d.storage.asBytes()[:0]
 		keccakF1600(&d.a)
 	case spongeSqueezing:
 		// If we're squeezing, we need to apply the permutatin before
 		// copying more output.
 		keccakF1600(&d.a)
-		d.buf = d.storage[:d.rate]
+		d.buf = d.storage.asBytes()[:d.rate]
 		copyOut(d, d.buf)
 	}
 }
@@ -98,7 +98,7 @@ func (d *state) permute() {
 // the multi-bitrate 10..1 padding rule, and permutes the state.
 func (d *state) padAndPermute(dsbyte byte) {
 	if d.buf == nil {
-		d.buf = d.storage[:0]
+		d.buf = d.storage.asBytes()[:0]
 	}
 	// Pad with this instance's domain-separator bits. We know that there's
 	// at least one byte of space in d.buf because, if it were full,
@@ -106,7 +106,7 @@ func (d *state) padAndPermute(dsbyte byte) {
 	// first one bit for the padding. See the comment in the state struct.
 	d.buf = append(d.buf, dsbyte)
 	zerosStart := len(d.buf)
-	d.buf = d.storage[:d.rate]
+	d.buf = d.storage.asBytes()[:d.rate]
 	for i := zerosStart; i < d.rate; i++ {
 		d.buf[i] = 0
 	}
@@ -117,7 +117,7 @@ func (d *state) padAndPermute(dsbyte byte) {
 	// Apply the permutation
 	d.permute()
 	d.state = spongeSqueezing
-	d.buf = d.storage[:d.rate]
+	d.buf = d.storage.asBytes()[:d.rate]
 	copyOut(d, d.buf)
 }
 
@@ -128,7 +128,7 @@ func (d *state) Write(p []byte) (written int, err error) {
 		panic("sha3: write to sponge after read")
 	}
 	if d.buf == nil {
-		d.buf = d.storage[:0]
+		d.buf = d.storage.asBytes()[:0]
 	}
 	written = len(p)
 
diff --git a/sha3/sha3_s390x.go b/sha3/sha3_s390x.go
new file mode 100644
index 000000000..4fcfc924e
--- /dev/null
+++ b/sha3/sha3_s390x.go
@@ -0,0 +1,285 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+package sha3
+
+// This file contains code for using the 'compute intermediate
+// message digest' (KIMD) and 'compute last message digest' (KLMD)
+// instructions to compute SHA-3 and SHAKE hashes on IBM Z.
+
+import (
+	"hash"
+
+	"golang.org/x/sys/cpu"
+)
+
+// codes represent 7-bit KIMD/KLMD function codes as defined in
+// the Principles of Operation.
+type code uint64
+
+const (
+	// function codes for KIMD/KLMD
+	sha3_224  code = 32
+	sha3_256       = 33
+	sha3_384       = 34
+	sha3_512       = 35
+	shake_128      = 36
+	shake_256      = 37
+	nopad          = 0x100
+)
+
+// kimd is a wrapper for the 'compute intermediate message digest' instruction.
+// src must be a multiple of the rate for the given function code.
+//go:noescape
+func kimd(function code, chain *[200]byte, src []byte)
+
+// klmd is a wrapper for the 'compute last message digest' instruction.
+// src padding is handled by the instruction.
+//go:noescape
+func klmd(function code, chain *[200]byte, dst, src []byte)
+
+type asmState struct {
+	a         [200]byte       // 1600 bit state
+	buf       []byte          // care must be taken to ensure cap(buf) is a multiple of rate
+	rate      int             // equivalent to block size
+	storage   [3072]byte      // underlying storage for buf
+	outputLen int             // output length if fixed, 0 if not
+	function  code            // KIMD/KLMD function code
+	state     spongeDirection // whether the sponge is absorbing or squeezing
+}
+
+func newAsmState(function code) *asmState {
+	var s asmState
+	s.function = function
+	switch function {
+	case sha3_224:
+		s.rate = 144
+		s.outputLen = 28
+	case sha3_256:
+		s.rate = 136
+		s.outputLen = 32
+	case sha3_384:
+		s.rate = 104
+		s.outputLen = 48
+	case sha3_512:
+		s.rate = 72
+		s.outputLen = 64
+	case shake_128:
+		s.rate = 168
+	case shake_256:
+		s.rate = 136
+	default:
+		panic("sha3: unrecognized function code")
+	}
+
+	// limit s.buf size to a multiple of s.rate
+	s.resetBuf()
+	return &s
+}
+
+func (s *asmState) clone() *asmState {
+	c := *s
+	c.buf = c.storage[:len(s.buf):cap(s.buf)]
+	return &c
+}
+
+// copyIntoBuf copies b into buf. It will panic if there is not enough space to
+// store all of b.
+func (s *asmState) copyIntoBuf(b []byte) {
+	bufLen := len(s.buf)
+	s.buf = s.buf[:len(s.buf)+len(b)]
+	copy(s.buf[bufLen:], b)
+}
+
+// resetBuf points buf at storage, sets the length to 0 and sets cap to be a
+// multiple of the rate.
+func (s *asmState) resetBuf() {
+	max := (cap(s.storage) / s.rate) * s.rate
+	s.buf = s.storage[:0:max]
+}
+
+// Write (via the embedded io.Writer interface) adds more data to the running hash.
+// It never returns an error.
+func (s *asmState) Write(b []byte) (int, error) {
+	if s.state != spongeAbsorbing {
+		panic("sha3: write to sponge after read")
+	}
+	length := len(b)
+	for len(b) > 0 {
+		if len(s.buf) == 0 && len(b) >= cap(s.buf) {
+			// Hash the data directly and push any remaining bytes
+			// into the buffer.
+			remainder := len(b) % s.rate
+			kimd(s.function, &s.a, b[:len(b)-remainder])
+			if remainder != 0 {
+				s.copyIntoBuf(b[len(b)-remainder:])
+			}
+			return length, nil
+		}
+
+		if len(s.buf) == cap(s.buf) {
+			// flush the buffer
+			kimd(s.function, &s.a, s.buf)
+			s.buf = s.buf[:0]
+		}
+
+		// copy as much as we can into the buffer
+		n := len(b)
+		if len(b) > cap(s.buf)-len(s.buf) {
+			n = cap(s.buf) - len(s.buf)
+		}
+		s.copyIntoBuf(b[:n])
+		b = b[n:]
+	}
+	return length, nil
+}
+
+// Read squeezes an arbitrary number of bytes from the sponge.
+func (s *asmState) Read(out []byte) (n int, err error) {
+	n = len(out)
+
+	// need to pad if we were absorbing
+	if s.state == spongeAbsorbing {
+		s.state = spongeSqueezing
+
+		// write hash directly into out if possible
+		if len(out)%s.rate == 0 {
+			klmd(s.function, &s.a, out, s.buf) // len(out) may be 0
+			s.buf = s.buf[:0]
+			return
+		}
+
+		// write hash into buffer
+		max := cap(s.buf)
+		if max > len(out) {
+			max = (len(out)/s.rate)*s.rate + s.rate
+		}
+		klmd(s.function, &s.a, s.buf[:max], s.buf)
+		s.buf = s.buf[:max]
+	}
+
+	for len(out) > 0 {
+		// flush the buffer
+		if len(s.buf) != 0 {
+			c := copy(out, s.buf)
+			out = out[c:]
+			s.buf = s.buf[c:]
+			continue
+		}
+
+		// write hash directly into out if possible
+		if len(out)%s.rate == 0 {
+			klmd(s.function|nopad, &s.a, out, nil)
+			return
+		}
+
+		// write hash into buffer
+		s.resetBuf()
+		if cap(s.buf) > len(out) {
+			s.buf = s.buf[:(len(out)/s.rate)*s.rate+s.rate]
+		}
+		klmd(s.function|nopad, &s.a, s.buf, nil)
+	}
+	return
+}
+
+// Sum appends the current hash to b and returns the resulting slice.
+// It does not change the underlying hash state.
+func (s *asmState) Sum(b []byte) []byte {
+	if s.outputLen == 0 {
+		panic("sha3: cannot call Sum on SHAKE functions")
+	}
+
+	// Copy the state to preserve the original.
+	a := s.a
+
+	// Hash the buffer. Note that we don't clear it because we
+	// aren't updating the state.
+	klmd(s.function, &a, nil, s.buf)
+	return append(b, a[:s.outputLen]...)
+}
+
+// Reset resets the Hash to its initial state.
+func (s *asmState) Reset() {
+	for i := range s.a {
+		s.a[i] = 0
+	}
+	s.resetBuf()
+	s.state = spongeAbsorbing
+}
+
+// Size returns the number of bytes Sum will return.
+func (s *asmState) Size() int {
+	return s.outputLen
+}
+
+// BlockSize returns the hash's underlying block size.
+// The Write method must be able to accept any amount
+// of data, but it may operate more efficiently if all writes
+// are a multiple of the block size.
+func (s *asmState) BlockSize() int {
+	return s.rate
+}
+
+// Clone returns a copy of the ShakeHash in its current state.
+func (s *asmState) Clone() ShakeHash {
+	return s.clone()
+}
+
+// new224Asm returns an assembly implementation of SHA3-224 if available,
+// otherwise it returns nil.
+func new224Asm() hash.Hash {
+	if cpu.S390X.HasSHA3 {
+		return newAsmState(sha3_224)
+	}
+	return nil
+}
+
+// new256Asm returns an assembly implementation of SHA3-256 if available,
+// otherwise it returns nil.
+func new256Asm() hash.Hash {
+	if cpu.S390X.HasSHA3 {
+		return newAsmState(sha3_256)
+	}
+	return nil
+}
+
+// new384Asm returns an assembly implementation of SHA3-384 if available,
+// otherwise it returns nil.
+func new384Asm() hash.Hash {
+	if cpu.S390X.HasSHA3 {
+		return newAsmState(sha3_384)
+	}
+	return nil
+}
+
+// new512Asm returns an assembly implementation of SHA3-512 if available,
+// otherwise it returns nil.
+func new512Asm() hash.Hash {
+	if cpu.S390X.HasSHA3 {
+		return newAsmState(sha3_512)
+	}
+	return nil
+}
+
+// newShake128Asm returns an assembly implementation of SHAKE-128 if available,
+// otherwise it returns nil.
+func newShake128Asm() ShakeHash {
+	if cpu.S390X.HasSHA3 {
+		return newAsmState(shake_128)
+	}
+	return nil
+}
+
+// newShake256Asm returns an assembly implementation of SHAKE-256 if available,
+// otherwise it returns nil.
+func newShake256Asm() ShakeHash {
+	if cpu.S390X.HasSHA3 {
+		return newAsmState(shake_256)
+	}
+	return nil
+}
diff --git a/sha3/sha3_s390x.s b/sha3/sha3_s390x.s
new file mode 100644
index 000000000..a0e051b04
--- /dev/null
+++ b/sha3/sha3_s390x.s
@@ -0,0 +1,34 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+// +build gc,!purego
+
+#include "textflag.h"
+
+// func kimd(function code, chain *[200]byte, src []byte)
+TEXT ·kimd(SB), NOFRAME|NOSPLIT, $0-40
+	MOVD function+0(FP), R0
+	MOVD chain+8(FP), R1
+	LMG  src+16(FP), R2, R3 // R2=base, R3=len
+
+continue:
+	WORD $0xB93E0002 // KIMD --, R2
+	BVS  continue    // continue if interrupted
+	MOVD $0, R0      // reset R0 for pre-go1.8 compilers
+	RET
+
+// func klmd(function code, chain *[200]byte, dst, src []byte)
+TEXT ·klmd(SB), NOFRAME|NOSPLIT, $0-64
+	// TODO: SHAKE support
+	MOVD function+0(FP), R0
+	MOVD chain+8(FP), R1
+	LMG  dst+16(FP), R2, R3 // R2=base, R3=len
+	LMG  src+40(FP), R4, R5 // R4=base, R5=len
+
+continue:
+	WORD $0xB93F0024 // KLMD R2, R4
+	BVS  continue    // continue if interrupted
+	MOVD $0, R0      // reset R0 for pre-go1.8 compilers
+	RET
diff --git a/sha3/sha3_test.go b/sha3/sha3_test.go
index 312e8f907..83bd6195d 100644
--- a/sha3/sha3_test.go
+++ b/sha3/sha3_test.go
@@ -17,6 +17,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"hash"
+	"math/rand"
 	"os"
 	"strings"
 	"testing"
@@ -27,31 +28,30 @@ const (
 	katFilename = "testdata/keccakKats.json.deflate"
 )
 
-// Internal-use instances of SHAKE used to test against KATs.
-func newHashShake128() hash.Hash {
-	return &state{rate: 168, dsbyte: 0x1f, outputLen: 512}
-}
-func newHashShake256() hash.Hash {
-	return &state{rate: 136, dsbyte: 0x1f, outputLen: 512}
-}
-
 // testDigests contains functions returning hash.Hash instances
-// with output-length equal to the KAT length for both SHA-3 and
-// SHAKE instances.
+// with output-length equal to the KAT length for SHA-3, Keccak
+// and SHAKE instances.
 var testDigests = map[string]func() hash.Hash{
-	"SHA3-224": New224,
-	"SHA3-256": New256,
-	"SHA3-384": New384,
-	"SHA3-512": New512,
-	"SHAKE128": newHashShake128,
-	"SHAKE256": newHashShake256,
+	"SHA3-224":   New224,
+	"SHA3-256":   New256,
+	"SHA3-384":   New384,
+	"SHA3-512":   New512,
+	"Keccak-256": NewLegacyKeccak256,
+	"Keccak-512": NewLegacyKeccak512,
 }
 
-// testShakes contains functions that return ShakeHash instances for
-// testing the ShakeHash-specific interface.
-var testShakes = map[string]func() ShakeHash{
-	"SHAKE128": NewShake128,
-	"SHAKE256": NewShake256,
+// testShakes contains functions that return sha3.ShakeHash instances for
+// with output-length equal to the KAT length.
+var testShakes = map[string]struct {
+	constructor  func(N []byte, S []byte) ShakeHash
+	defAlgoName  string
+	defCustomStr string
+}{
+	// NewCShake without customization produces same result as SHAKE
+	"SHAKE128":  {NewCShake128, "", ""},
+	"SHAKE256":  {NewCShake256, "", ""},
+	"cSHAKE128": {NewCShake128, "CSHAKE128", "CustomStrign"},
+	"cSHAKE256": {NewCShake256, "CSHAKE256", "CustomStrign"},
 }
 
 // decodeHex converts a hex-encoded string into a raw byte string.
@@ -69,6 +69,10 @@ type KeccakKats struct {
 		Digest  string `json:"digest"`
 		Length  int64  `json:"length"`
 		Message string `json:"message"`
+
+		// Defined only for cSHAKE
+		N string `json:"N"`
+		S string `json:"S"`
 	}
 }
 
@@ -101,10 +105,9 @@ func TestKeccakKats(t *testing.T) {
 			t.Errorf("error decoding KATs: %s", err)
 		}
 
-		// Do the KATs.
-		for functionName, kats := range katSet.Kats {
-			d := testDigests[functionName]()
-			for _, kat := range kats {
+		for algo, function := range testDigests {
+			d := function()
+			for _, kat := range katSet.Kats[algo] {
 				d.Reset()
 				in, err := hex.DecodeString(kat.Message)
 				if err != nil {
@@ -113,8 +116,39 @@ func TestKeccakKats(t *testing.T) {
 				d.Write(in[:kat.Length/8])
 				got := strings.ToUpper(hex.EncodeToString(d.Sum(nil)))
 				if got != kat.Digest {
-					t.Errorf("function=%s, implementation=%s, length=%d\nmessage:\n  %s\ngot:\n  %s\nwanted:\n %s",
-						functionName, impl, kat.Length, kat.Message, got, kat.Digest)
+					t.Errorf("function=%s, implementation=%s, length=%d\nmessage:\n %s\ngot:\n  %s\nwanted:\n %s",
+						algo, impl, kat.Length, kat.Message, got, kat.Digest)
+					t.Logf("wanted %+v", kat)
+					t.FailNow()
+				}
+				continue
+			}
+		}
+
+		for algo, v := range testShakes {
+			for _, kat := range katSet.Kats[algo] {
+				N, err := hex.DecodeString(kat.N)
+				if err != nil {
+					t.Errorf("error decoding KAT: %s", err)
+				}
+
+				S, err := hex.DecodeString(kat.S)
+				if err != nil {
+					t.Errorf("error decoding KAT: %s", err)
+				}
+				d := v.constructor(N, S)
+				in, err := hex.DecodeString(kat.Message)
+				if err != nil {
+					t.Errorf("error decoding KAT: %s", err)
+				}
+
+				d.Write(in[:kat.Length/8])
+				out := make([]byte, len(kat.Digest)/2)
+				d.Read(out)
+				got := strings.ToUpper(hex.EncodeToString(out))
+				if got != kat.Digest {
+					t.Errorf("function=%s, implementation=%s, length=%d N:%s\n S:%s\nmessage:\n %s \ngot:\n  %s\nwanted:\n %s",
+						algo, impl, kat.Length, kat.N, kat.S, kat.Message, got, kat.Digest)
 					t.Logf("wanted %+v", kat)
 					t.FailNow()
 				}
@@ -124,9 +158,39 @@ func TestKeccakKats(t *testing.T) {
 	})
 }
 
+// TestKeccak does a basic test of the non-standardized Keccak hash functions.
+func TestKeccak(t *testing.T) {
+	tests := []struct {
+		fn   func() hash.Hash
+		data []byte
+		want string
+	}{
+		{
+			NewLegacyKeccak256,
+			[]byte("abc"),
+			"4e03657aea45a94fc7d47ba826c8d667c0d1e6e33a64a036ec44f58fa12d6c45",
+		},
+		{
+			NewLegacyKeccak512,
+			[]byte("abc"),
+			"18587dc2ea106b9a1563e32b3312421ca164c7f1f07bc922a9c83d77cea3a1e5d0c69910739025372dc14ac9642629379540c17e2a65b19d77aa511a9d00bb96",
+		},
+	}
+
+	for _, u := range tests {
+		h := u.fn()
+		h.Write(u.data)
+		got := h.Sum(nil)
+		want := decodeHex(u.want)
+		if !bytes.Equal(got, want) {
+			t.Errorf("unexpected hash for size %d: got '%x' want '%s'", h.Size()*8, got, u.want)
+		}
+	}
+}
+
 // TestUnalignedWrite tests that writing data in an arbitrary pattern with
 // small input buffers.
-func testUnalignedWrite(t *testing.T) {
+func TestUnalignedWrite(t *testing.T) {
 	testUnalignedAndGeneric(t, func(impl string) {
 		buf := sequentialBytes(0x10000)
 		for alg, df := range testDigests {
@@ -152,6 +216,34 @@ func testUnalignedWrite(t *testing.T) {
 				t.Errorf("Unaligned writes, implementation=%s, alg=%s\ngot %q, want %q", impl, alg, got, want)
 			}
 		}
+
+		// Same for SHAKE
+		for alg, df := range testShakes {
+			want := make([]byte, 16)
+			got := make([]byte, 16)
+			d := df.constructor([]byte(df.defAlgoName), []byte(df.defCustomStr))
+
+			d.Reset()
+			d.Write(buf)
+			d.Read(want)
+			d.Reset()
+			for i := 0; i < len(buf); {
+				// Cycle through offsets which make a 137 byte sequence.
+				// Because 137 is prime this sequence should exercise all corner cases.
+				offsets := [17]int{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 1}
+				for _, j := range offsets {
+					if v := len(buf) - i; v < j {
+						j = v
+					}
+					d.Write(buf[i : i+j])
+					i += j
+				}
+			}
+			d.Read(got)
+			if !bytes.Equal(got, want) {
+				t.Errorf("Unaligned writes, implementation=%s, alg=%s\ngot %q, want %q", impl, alg, got, want)
+			}
+		}
 	})
 }
 
@@ -193,36 +285,89 @@ func TestAppendNoRealloc(t *testing.T) {
 // the same output as repeatedly squeezing the instance.
 func TestSqueezing(t *testing.T) {
 	testUnalignedAndGeneric(t, func(impl string) {
-		for functionName, newShakeHash := range testShakes {
-			d0 := newShakeHash()
+		for algo, v := range testShakes {
+			d0 := v.constructor([]byte(v.defAlgoName), []byte(v.defCustomStr))
 			d0.Write([]byte(testString))
 			ref := make([]byte, 32)
 			d0.Read(ref)
 
-			d1 := newShakeHash()
+			d1 := v.constructor([]byte(v.defAlgoName), []byte(v.defCustomStr))
 			d1.Write([]byte(testString))
 			var multiple []byte
-			for _ = range ref {
+			for range ref {
 				one := make([]byte, 1)
 				d1.Read(one)
 				multiple = append(multiple, one...)
 			}
 			if !bytes.Equal(ref, multiple) {
-				t.Errorf("%s (%s): squeezing %d bytes one at a time failed", functionName, impl, len(ref))
+				t.Errorf("%s (%s): squeezing %d bytes one at a time failed", algo, impl, len(ref))
 			}
 		}
 	})
 }
 
 // sequentialBytes produces a buffer of size consecutive bytes 0x00, 0x01, ..., used for testing.
+//
+// The alignment of each slice is intentionally randomized to detect alignment
+// issues in the implementation. See https://golang.org/issue/37644.
+// Ideally, the compiler should fuzz the alignment itself.
+// (See https://golang.org/issue/35128.)
 func sequentialBytes(size int) []byte {
-	result := make([]byte, size)
+	alignmentOffset := rand.Intn(8)
+	result := make([]byte, size+alignmentOffset)[alignmentOffset:]
 	for i := range result {
 		result[i] = byte(i)
 	}
 	return result
 }
 
+func TestReset(t *testing.T) {
+	out1 := make([]byte, 32)
+	out2 := make([]byte, 32)
+
+	for _, v := range testShakes {
+		// Calculate hash for the first time
+		c := v.constructor(nil, []byte{0x99, 0x98})
+		c.Write(sequentialBytes(0x100))
+		c.Read(out1)
+
+		// Calculate hash again
+		c.Reset()
+		c.Write(sequentialBytes(0x100))
+		c.Read(out2)
+
+		if !bytes.Equal(out1, out2) {
+			t.Error("\nExpected:\n", out1, "\ngot:\n", out2)
+		}
+	}
+}
+
+func TestClone(t *testing.T) {
+	out1 := make([]byte, 16)
+	out2 := make([]byte, 16)
+
+	// Test for sizes smaller and larger than block size.
+	for _, size := range []int{0x1, 0x100} {
+		in := sequentialBytes(size)
+		for _, v := range testShakes {
+			h1 := v.constructor(nil, []byte{0x01})
+			h1.Write([]byte{0x01})
+
+			h2 := h1.Clone()
+
+			h1.Write(in)
+			h1.Read(out1)
+
+			h2.Write(in)
+			h2.Read(out2)
+
+			if !bytes.Equal(out1, out2) {
+				t.Error("\nExpected:\n", hex.EncodeToString(out1), "\ngot:\n", hex.EncodeToString(out2))
+			}
+		}
+	}
+}
+
 // BenchmarkPermutationFunction measures the speed of the permutation function
 // with no input data.
 func BenchmarkPermutationFunction(b *testing.B) {
@@ -309,3 +454,37 @@ func Example_mac() {
 	fmt.Printf("%x\n", h)
 	// Output: 78de2974bd2711d5549ffd32b753ef0f5fa80a0db2556db60f0987eb8a9218ff
 }
+
+func ExampleNewCShake256() {
+	out := make([]byte, 32)
+	msg := []byte("The quick brown fox jumps over the lazy dog")
+
+	// Example 1: Simple cshake
+	c1 := NewCShake256([]byte("NAME"), []byte("Partition1"))
+	c1.Write(msg)
+	c1.Read(out)
+	fmt.Println(hex.EncodeToString(out))
+
+	// Example 2: Different customization string produces different digest
+	c1 = NewCShake256([]byte("NAME"), []byte("Partition2"))
+	c1.Write(msg)
+	c1.Read(out)
+	fmt.Println(hex.EncodeToString(out))
+
+	// Example 3: Longer output length produces longer digest
+	out = make([]byte, 64)
+	c1 = NewCShake256([]byte("NAME"), []byte("Partition1"))
+	c1.Write(msg)
+	c1.Read(out)
+	fmt.Println(hex.EncodeToString(out))
+
+	// Example 4: Next read produces different result
+	c1.Read(out)
+	fmt.Println(hex.EncodeToString(out))
+
+	// Output:
+	//a90a4c6ca9af2156eba43dc8398279e6b60dcd56fb21837afe6c308fd4ceb05b
+	//a8db03e71f3e4da5c4eee9d28333cdd355f51cef3c567e59be5beb4ecdbb28f0
+	//a90a4c6ca9af2156eba43dc8398279e6b60dcd56fb21837afe6c308fd4ceb05b9dd98c6ee866ca7dc5a39d53e960f400bcd5a19c8a2d6ec6459f63696543a0d8
+	//85e73a72228d08b46515553ca3a29d47df3047e5d84b12d6c2c63e579f4fd1105716b7838e92e981863907f434bfd4443c9e56ea09da998d2f9b47db71988109
+}
diff --git a/sha3/shake.go b/sha3/shake.go
index 841f9860f..d7be2954a 100644
--- a/sha3/shake.go
+++ b/sha3/shake.go
@@ -5,10 +5,18 @@
 package sha3
 
 // This file defines the ShakeHash interface, and provides
-// functions for creating SHAKE instances, as well as utility
+// functions for creating SHAKE and cSHAKE instances, as well as utility
 // functions for hashing bytes to arbitrary-length output.
+//
+//
+// SHAKE implementation is based on FIPS PUB 202 [1]
+// cSHAKE implementations is based on NIST SP 800-185 [2]
+//
+// [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
+// [2] https://doi.org/10.6028/NIST.SP.800-185
 
 import (
+	"encoding/binary"
 	"io"
 )
 
@@ -31,19 +39,124 @@ type ShakeHash interface {
 	Reset()
 }
 
-func (d *state) Clone() ShakeHash {
-	return d.clone()
+// cSHAKE specific context
+type cshakeState struct {
+	*state // SHA-3 state context and Read/Write operations
+
+	// initBlock is the cSHAKE specific initialization set of bytes. It is initialized
+	// by newCShake function and stores concatenation of N followed by S, encoded
+	// by the method specified in 3.3 of [1].
+	// It is stored here in order for Reset() to be able to put context into
+	// initial state.
+	initBlock []byte
+}
+
+// Consts for configuring initial SHA-3 state
+const (
+	dsbyteShake  = 0x1f
+	dsbyteCShake = 0x04
+	rate128      = 168
+	rate256      = 136
+)
+
+func bytepad(input []byte, w int) []byte {
+	// leftEncode always returns max 9 bytes
+	buf := make([]byte, 0, 9+len(input)+w)
+	buf = append(buf, leftEncode(uint64(w))...)
+	buf = append(buf, input...)
+	padlen := w - (len(buf) % w)
+	return append(buf, make([]byte, padlen)...)
+}
+
+func leftEncode(value uint64) []byte {
+	var b [9]byte
+	binary.BigEndian.PutUint64(b[1:], value)
+	// Trim all but last leading zero bytes
+	i := byte(1)
+	for i < 8 && b[i] == 0 {
+		i++
+	}
+	// Prepend number of encoded bytes
+	b[i-1] = 9 - i
+	return b[i-1:]
+}
+
+func newCShake(N, S []byte, rate int, dsbyte byte) ShakeHash {
+	c := cshakeState{state: &state{rate: rate, dsbyte: dsbyte}}
+
+	// leftEncode returns max 9 bytes
+	c.initBlock = make([]byte, 0, 9*2+len(N)+len(S))
+	c.initBlock = append(c.initBlock, leftEncode(uint64(len(N)*8))...)
+	c.initBlock = append(c.initBlock, N...)
+	c.initBlock = append(c.initBlock, leftEncode(uint64(len(S)*8))...)
+	c.initBlock = append(c.initBlock, S...)
+	c.Write(bytepad(c.initBlock, c.rate))
+	return &c
+}
+
+// Reset resets the hash to initial state.
+func (c *cshakeState) Reset() {
+	c.state.Reset()
+	c.Write(bytepad(c.initBlock, c.rate))
+}
+
+// Clone returns copy of a cSHAKE context within its current state.
+func (c *cshakeState) Clone() ShakeHash {
+	b := make([]byte, len(c.initBlock))
+	copy(b, c.initBlock)
+	return &cshakeState{state: c.clone(), initBlock: b}
+}
+
+// Clone returns copy of SHAKE context within its current state.
+func (c *state) Clone() ShakeHash {
+	return c.clone()
 }
 
 // NewShake128 creates a new SHAKE128 variable-output-length ShakeHash.
 // Its generic security strength is 128 bits against all attacks if at
 // least 32 bytes of its output are used.
-func NewShake128() ShakeHash { return &state{rate: 168, dsbyte: 0x1f} }
+func NewShake128() ShakeHash {
+	if h := newShake128Asm(); h != nil {
+		return h
+	}
+	return &state{rate: rate128, dsbyte: dsbyteShake}
+}
 
-// NewShake256 creates a new SHAKE128 variable-output-length ShakeHash.
+// NewShake256 creates a new SHAKE256 variable-output-length ShakeHash.
 // Its generic security strength is 256 bits against all attacks if
 // at least 64 bytes of its output are used.
-func NewShake256() ShakeHash { return &state{rate: 136, dsbyte: 0x1f} }
+func NewShake256() ShakeHash {
+	if h := newShake256Asm(); h != nil {
+		return h
+	}
+	return &state{rate: rate256, dsbyte: dsbyteShake}
+}
+
+// NewCShake128 creates a new instance of cSHAKE128 variable-output-length ShakeHash,
+// a customizable variant of SHAKE128.
+// N is used to define functions based on cSHAKE, it can be empty when plain cSHAKE is
+// desired. S is a customization byte string used for domain separation - two cSHAKE
+// computations on same input with different S yield unrelated outputs.
+// When N and S are both empty, this is equivalent to NewShake128.
+func NewCShake128(N, S []byte) ShakeHash {
+	if len(N) == 0 && len(S) == 0 {
+		return NewShake128()
+	}
+	return newCShake(N, S, rate128, dsbyteCShake)
+}
+
+// NewCShake256 creates a new instance of cSHAKE256 variable-output-length ShakeHash,
+// a customizable variant of SHAKE256.
+// N is used to define functions based on cSHAKE, it can be empty when plain cSHAKE is
+// desired. S is a customization byte string used for domain separation - two cSHAKE
+// computations on same input with different S yield unrelated outputs.
+// When N and S are both empty, this is equivalent to NewShake256.
+func NewCShake256(N, S []byte) ShakeHash {
+	if len(N) == 0 && len(S) == 0 {
+		return NewShake256()
+	}
+	return newCShake(N, S, rate256, dsbyteCShake)
+}
 
 // ShakeSum128 writes an arbitrary-length digest of data into hash.
 func ShakeSum128(hash, data []byte) {
diff --git a/sha3/shake_generic.go b/sha3/shake_generic.go
new file mode 100644
index 000000000..5c0710ef9
--- /dev/null
+++ b/sha3/shake_generic.go
@@ -0,0 +1,20 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !gc || purego || !s390x
+// +build !gc purego !s390x
+
+package sha3
+
+// newShake128Asm returns an assembly implementation of SHAKE-128 if available,
+// otherwise it returns nil.
+func newShake128Asm() ShakeHash {
+	return nil
+}
+
+// newShake256Asm returns an assembly implementation of SHAKE-256 if available,
+// otherwise it returns nil.
+func newShake256Asm() ShakeHash {
+	return nil
+}
diff --git a/sha3/testdata/keccakKats.json.deflate b/sha3/testdata/keccakKats.json.deflate
index 62e85ae24236b46c09e5cfa84c71c69f5cc33cf6..7a94c2f8bce62c70664cda859a30845cab713c24 100644
GIT binary patch
literal 540828
zcmV(+K;6HL{JXAoOO7>&`TZ1$v|B*%8f1CALcUB{4XE%-(8a0WYv|pDSP8W?6T3cR
zuXFY}-&~BC<lq=2BmVb){y+b>|M_44{EvV9@Bhm`{_)TM%l|p(|Aff@{EvV9U;meX
z{No?L-@ZTp{J;G_{>Oj**Z=(IfBfU0nmmUXN%eN-rPKjo;XRWO*(`q71M*xOT1g4b
zy8rxN|NqbWfBonG=YRaq|NB4x;~(e$_|^aWKmY5${<r_}pYQqS{PXwQ|L_0$?=0xO
zC%V`Z=jzN*s1u~q27@sa#bWhJ5(ZcbUn}wt3+&5+s=qAAU34*pj_D<udjvdTFe|xm
ze1}N6uXz?FTslx79~OXqnZU65ml42b-pgL+YIrOzXC)|+XBA5zPp;Q+SJ&JrxCmb_
z0{P1bSiASny$GTb>$R|hx@TP+Ts2$!oSCMCvA10((sNL)Vn5#o;pgjssqOvK5IFO`
zgAm-s71W6!nyI!H4l1vKs2sY7&q0f$$zmUd@TX@YED%S@{mYac!J<<x1tZ{u=Z@bd
zk?lFoLTq@C)v>D)t{}(ue3|m?qPlW2FAw@(##l1Du~**Wd$q)=M{HXPhY%};Ky!}8
zl_NI}Oly1?BcIL+;1{UMXlC{=a}JPcb>AcANlEMsvjdtY=fZe~v%z&oJj|<nOl>~Q
z(NDMK;KhS%EP#Ug=l-Y*^)clGUIyC~c7)^xC~jX3ptzN*yQh`pfb{t?=;C)AsYWuG
zOnWL_`OBmc-NKL%yT=bf@4>)fjdoclF&exqN=Nv#wcovmz7X!ym1p`gBH~q`)D@~f
z{RsLR72P5X%nK=pvm%acos&wwurYV6AMR5Y`yPfbqduK_Vy2~fx6ONMSY+WZvxMso
z=Tco7aEu;A>YXrM?88y(LJD{ZTx{+AjqDGz{L{T9hpGH5q8}XIv1x4j%dmS#pe8yn
z0xEM|qS_G7v6MT`y4U$2QiAU(p;7$uD>$E?9+wp_AsQeq85AY!@ZX!})8f-0GJZjL
zj^2&45<thuQ*L&4=uR4T<eZ~>z5oi~)9GJQxKOR&r5;KteCBZh{L}pnl18+4W^5eD
znsNs@^H%jXr<^`%6#y}}IZwHMT8E$hzkz6%v+AhX^|4uiP~USA|4jcN7jjx~glCrS
zZTH@r!&$0^#YA=&b3LjYd-d3U+V>d>f}zJE5vsZ^nB|7t>A8k*|HQOoho$yfBUy|3
z#f36C44lP>x3nt()_xAzhqx3zcaT1#!te##@L}q%2Ao<!SMRfS?o9vbgD=kcl*oxj
z@(YtvV;+OsiinY$cTdFjojm8r1<fxT`7=JQs8LsnD7-I16sAlaKW>Q-2=iwYV^5__
zK%xY8#3T}jwd<UfivWzOs(~|C6Un3$zpRwcNI5z@J1mD}6gFZR?IyQ1EMSG-`7>rh
z%$=0(32HotyjZ=N0}6E%4Ji_>N)B8Jx5v^y(<<n9&OikxH}9jOwxecqMfk+T(aX1e
zP5#CnT_!${n)zdnX7}J(a>?!ks~vq9(846)UORlO=zd!I89i-Xwmq9&^Y&o4GIp*p
z-;8-!L<$GvZ*m*w0kh!TYP?80hyyJbd=RKTr~^9Phj4bc&$52mdcU*FJtoh;fe|zk
z4z>~8Je5Qi*R*Aeu<cK3HSVw+z$x0LiO91g7-Lyh?*n3?P)aXRzv$Y5Ph7I^jPvLQ
z_ey8VRlkD;x`E!aQ5H#}rxj2){uFW-%v1}Za%j<kl<V9iJ=a2WPa2BlnR=ND2cP};
zMRUMEV=JaI4_@)TOw_uSM_s8dABAe8l%(Cz1*$)B6-kfw(QRA1g?J<~W&3auO$Hq~
z?jm@OsK(iQG5JgE;Q5TQ2X^Ji)YKfuRm6hyRN*aaQ{0ntsZ+)*LjFXCBTljpV^Nu}
z^b&8lu7(3x5hlVNdx~lDMh`y#&QF^^<Lzb{o8Hy+@$I64!&)&Ef_3jSo0y&%)H8Gv
z{<L~?%BZqa`&ixF?k897UP{onM~)g&Nd3rl&*Ub2TK%oDH%gG?VWCewJ?3$P#m8;e
z4>(xxl|xK;XH&%ZPu2&cPI<Bh>7vN#crlp33lz!3{M6ND>=_!<ZD^aX7{qT`e%A7#
zL2Y}h)o#J9+61`wcnUQtD+VpGZr-|{CVyr+xb_pc+y!^_np{|(=P&M-(DZ&7>A@6A
zPhB+XFRa6FB_A*FXv}3-;^eR)^Em?61`N1%WkZf24C<Inl%G2Mr;k%!&ii%+7HO|$
zB&HV0qT_>)qdm%g-^OXXU)q|_TF7@<iULf{5>C~bUZdzeVQk03FBlmWpL<G+7hR5<
zx<}!kl?x3uxtrmK(mU`9sh=V*VSC)$Ue?K^i!%|RW#V9;)_+E*@uolu++Hn-s+2y6
zYm3%#{N)|OW+XiOOE)=HWF-0Ds4&=d1Y?VKW3i=9nlsfBEuF9@*Pj@xIHm{A<re>}
zM17YSd~vI8`RO@+TGMXzed5ImCbSX(z_zfZ$M;dDPK|=`f<H6S9Jv&Ik0x_lapU1N
z<8+AxbD+7p47KP1+BwA6`D+E=Rf!&3NZJU_d-zO0^<I=V;)X(SZR`&B>Af<%i;F$o
zzeqX!XKu<MK%(P*MA)d@_eLA`Y2;Y8hr=nfyAb9WBHj6wP4T;sp}0>g7CHCHx^nx;
zjO$jGcH^8mD$<7y;x@K#inUWrmtIZzn-k>hPc8HP$(L@P<C><BMSSvJUBMxN$)Rh}
zLr3zfT7}=WkHoGW-+c@&k!tRf=#1w!jZEEA01OMnm~y=mW=huvcqBKY`A;-mnENz?
zO>pa`sob-w4lsmbMa#bCpu(Fqo<ErW%wON-62AL{U6d68AFuQ92`}*t1qu?y!%#|8
z3kz#%Dj`?rppi^tA^V?dw=fAVE3-QB4*D3^rW8sZ${`v*hxhV06vUp+YoDCw-&9xt
zLmM4O?^NOro92$A>T#jC!p6J&fORS`PwbhlZYJ`_bZ2;k|6B`&9c9^Jyg;n+Jd<MN
z0OX@aptR96qkz_Sm)bkNVuZeHGJdHRle-@1g+2NQ;9PkmlLz$b2{1lw#6$<|pj-vN
zQ_mv<*r{##?+yT!Ob%0^T*#V58J^G^T;WD`?`b4?i10{htkbT2uI9UnV<%^_8i&@x
zS)iHSU7`FE#HiltLY_EyYAF2yT-J%Z*N09xG3)K%{4@4rFLdNtqNZfKMA1ql6?&fZ
zY;zv{kyjBoF_%UfKU)c(v40~Y0H-isoap6YW_S|zY^r!48z|MDYHOVsN7;A_S6Qk<
zFBdzrrp@0q!0s!69dSyDt3d3@-85E*zWwBr;fUPRa!qY+cSwJ(=(`hO)-&#S_2EY>
zBSuz6J$9CUc$Z+HqQvSNxE)`W7CX0DFH+)Jy%`FpF#l|BXeIAs-x)*|*65Ts?(9_s
zpL^+e2Ew&!4xpF(@sq94cWvpwFzt|>ttpl>^&==pXf&lo=eW7f>25!lcYtj4kRcqr
zr;NBpC%Q26VacD_Gdzt+Mr2FQj+6Yb-z^lqfW}0NN@^R~0M#Fme!i*iY825u_<jUi
z>O(9N)`eR<i@DZ!s-fA}Pe$tDH1fjHk!%Fv)A)AwM%vKvM<xEOw$NNRIf|GLd(k70
z=mZ}eyn7&pkU$Io5}g#owZB@G^j*JFa}+-7%4Kyq8#@oyi8f<_Q%M%v%<qF>%K@+G
z((IHbVTw%_J@yuw4kWH&e^w7hphXDCkp1XA0MY{lbSo)3b*>`hZJ!E*dp5$q^a_1f
zyjEPHw=rRNw}W?c>4=^JmE7q_t2sG>Vk|vrT?*$sF_L62zK*PPZ4w8@V;)+6BB4u>
z9J*oWs-td6F+!1mo+#N7qQGmocov(M^DXpqZQr;NM<H-hYo^T%YVgQ~i*4$CDZm9r
zspX;q8K<3^6c(6!^JwjPGHwE-!q1(7!aEs%x6co9@JsVYNq@Y(Ow!K1=P83!ZqNWZ
z5kl3&u!p{?)AU_cgUb~6;)88R#w(|I0r&`EH5Ji%O4Z}qz++<E9J0RImrmB&W8!>K
zNjd%3yvg@G&p-2W-VoT#W85<-0;IEjQO`&M;5?<+5ZJ&8jJ-~$ziI&VU59Ji$bgl{
zEVxq^u5RS+n!FXyD&C-5eXLeQk7b7KBcI&2?t)x&o5<pR6xh5*K#|?|PsOKDYjgsO
z*Oo0ynbvQhtRdC`+DqBXl?={V)*|04{I1;PxEkl&L;N%&T`Dg&%n-O^?pp>KzjQ98
zeJ@_W@&FVvEN8D-bxJMk(ei@2s}R%j^x>cViO2pFCk!BPHJ3{E;R|0$e|kpo)B)qQ
z3+!EwVAuCN!8aQjkjC_h%a7u$YFTgOub~8Pc@wlJH6UN0QQa9ljBDO>P3K;(JwkQw
zHHq+1$2Einj=O(X;}2RWdEKd#0bTD?%_C6fy-2-^$cm~SQi6v-59a48Kas`*!5>Y%
zK>1kC0U6&8)q2=v^tg%AlXj85WJ|+)XA!-UA4%rT-~+RX+4&OXI5`|dHx(%RGr#+>
zS+svug)*5vJ@#%~OKLxJz>A(7Q=DW2k5hKPJeI%fiDiqaPT8lg%(_=hb|FSDAG2@?
z62?`!cxWC!%OX^}cIMh`wMMHV^UH#(Pl1NXrK-tA7QcV@EHug(e&X^Bkl+gr^4n4L
zJd2!f(v>?l%~MBw*8EGa@plDs>a6<(IH0A0ac;Do2K^ze*61?B5#L62W_)pqR$6iB
zCgMyKd&?vAb#he^e6fy=_nBYkvq%2ab1WTrFG%&36}yu2@;z|vWixy*o3IZUm`>xe
zkLTxG{jOP_E*3B#x)p?Bh`4iuav8VYE?;I8uU!?A!>vbP$2cMGZsV!sN3~sR@JU_M
zOwaMKNGSE2+8Xqynox?($ecPCflqJEj=r^Kxe#{+92Y%|L(n;5ed3GD@pqN82Td~=
zkB;T9;mT`g6RP)l^Efp68tb9qpvgL{rt2Q8<zsfzwdAs)h~bz4J}i;v$h)O-{Y3!d
zpZzRlyWrGbIpUPm5ptS)dv7-?Af1!xR7pNGvjMU3x!&)QlgTQuBNqiLm)7gtvk;dM
zh(ueOv%sS;7+}h(XXb`n7#utktFV2FD9-LA`t8np!|$G85aQdZniYQ!NA(m+4&l9n
zw|TE|wCvhmZ-w@F>Z;XAfTD7y0YCj&{>@~erc{^jxIi{3WZ%dwz!P$W?_=X(w%uym
z#zWqe=WT(o-zH6_%DHJ08dQ@V*2yEnUNj?+sayZ5zy8^Gpp$w_8$uKmpS*eWGgo)=
zJ`D&h!MQ|arCslBe<~FIuDwdh#;PvioHYU{!m$oR<KSsM<`5Eh<ZPmgCRIjU-%_oh
ztE^`puYW2GwlGb=N?8sr*qs2*Eq|n4{2uwc5|t@YX>2lhG8IpA96ITR(gdR6iE2(U
z=iIvfq{r8)zpJ$u^bX9y9Ee--NWGb=t|7(z23H&}EY+`(wzp=EWQ7qZ9Mvuygq!rp
zsUg6j>)xw<+2A+ZsT5rt>As|g_0R0&_@1eP9xil*&K*Bi>ZErvJ=zJTf`COSiZmka
zdo=QUOmjO3pz|qZLMS10fwM8{Y<mdd<ke=H%WMsg?i?k%4~T(_SNqJ<iUo3x09|;1
zV-Ep*Z-*2cRnh20sso#U^U1n6PJu-pS?wnhpqdt>#XG3pqyAM7z{gj`{FvR(m47oW
zY2eEt5h;y~7!^8f0CtTi6ak++KkL8(p||^*_LJnj(*jAdd<UMAed&qQEA{3*aJ>q3
zMJVQ`sJnU%2&DbJ_Nt;3U$mkvR_r>Vzq!|ym{9CEk>R)a>Z4GmT3@q+{9Qw?`*6$|
zmZA4B2Rh!cU6JHuy+zc=e2<$&pirZ8bY~}_(5cgm#}ZDviyP9OI(sg$8lR)R*Y_TG
zyXWZvAp{8fd-Z7b5`^x-V~rdU>Z3)zf^rLp4vj-$tI=<i+tcq?omRf9&MUX{XX6tS
z3g$S#QZHH|k@fLU>bTxMEvRVXT^&~Ru<%G8YByep<Ul&e7^!)!Nv%ts&>C%Gw-%xc
zkKmkw=D+oRfv}#t{&+&J|7*kroyy4c<r6$Gk)f-bFB@2L+Sl8c?>hB3YCOggt0M$g
zJ9q0>PckdbzAEc4ku_Wke@teUB7mS2hM-^=AIn)z?&^{2K~JKc*_;)5j#N;|hsoPW
z;vx@j%->Zw8M{$_Rv04vRMy_@J7-RTU_H6oG6P0ueA)u0zhYm$E8Fl08?~*Qjb|S2
z@p4^MyavB|eGP}8Yx2EV@%YlDolwE-MOZmMA1CZYTHi}ePKhnIJr4Ta8@M=6b#{<%
zkW(*2{e5hMB>VP3VQ6hmI8mbqJ&^0%AlrV3pMiMy?7cc6gP(iwiGN#+Jd=0}EC3!b
zlb49J<+ZRQY1TiPi@`W8PvTBpy1QzLEZTM^O$Oj`-=MXL-1MVO1=p1;dF40i=LJ`#
zf3X8ObpJl3;NDYdwa|Ro?@6i+yBn;SSBB7T`U`;J<HYEL_&H@E-_`T@^`<d}=i(*K
z&UlhY?2@uF3KTCw5^ZKV_T4BClHwsk+&$1pb{+-dS=&6ff8&y9dDB-?+n0EN-UdHf
zk8^SOnwhv~{5|7ac($o+jv+}NxOjtmncH+8z926=jKLj#Z0#=OSKUGWO}$;$_c`}s
z#e=O&p3dAlyVN0*8FJ^g7lXJ3<{2hCOZ7nD`V<mdACTQq6vayd0K&1g^zusX@z&zY
zyxnIN`^vfA%;z4>znS2mj~bK5Jk-&Z7iZ}tUAJ?TTA_yY1h}GuOSZ-5`Hb%hePr3a
zN)-bYZrN6nh7}pYQATLGcE=SCpv7>HT9ixg^GGk!bK&O0|3yuEddb+a;+At^!N9C&
zUhYhl!YC4OgY6{fqjhimImaW7pxj|R_nun~bImV6sB$Du)~Y^v;vRlHpikx0=UJ6c
zoOIq>VFMwI#HB4%^};0Sk?vELVI^yJCej*Zr-80h_&vX=13Ys4ZCTqeK2`_qUT*yy
z_|82sze&><=i82C*cSI*J%Qp|yxI59>c$4@6J9hy>zaa{iUJcTAt)RjlETebE6;Uq
zGW+bj%Xb$5C>sr6bsAIm*DW-csF}VwYhBGU2?*EW31N=2b`+1k3`^-~P?+?XQ(W|#
za}2<{>8Os=wWzL=6K-KoGG8(~C$+kBWXJUpG5v2;WDmXF4>y&`B@r158Uo_07C7@e
zI^Y{1OHw!`@}(W*-}DV;+A9OD$2l+le-E&G>8(fj-U@&_+VUuzrmS*lma-kFK?!5z
zmuXR3uB3%-!kK8=26vq9p7-RO3v#;L_9vqV>CVbc2l5+XasNK^hK`a-N#o?tYXP|^
z_j%i*ha^J*rDAm7!rz&Uuemq*?lfe`<Nq>6LAx<n@7)?)4V=AF=V=+bDE$a$<vr)c
z=BbmX;s(0jaEVbv^?1z8Sha4dF$X;L9i<9;XZIW-8$#-Qz^%-AEwR~pAkM?RKl{@>
zM%9jDc;w03hZ?_<C_h)6xtFmLoAi(gU3lW*Yfrv=6K7szMu}bmy<Jg}rpF1V6>wE{
z+0)L3$EdK%h`jGqJijrMk{J0_wL9(H9F#ow9HRGZr0kZ2rU$M%;K%FWziI>tNulLC
zjokNKcKv%ovM!fTCeC`eA%-GaHh^hYF#}|YPdQmH-Vx4YpGQ{pyPJ`@?L-aRH&>ja
z?lKA9+Xc6+B_wUQf!eik^`SgOW($Ob#l&UEsmktzd$T5vAk$=@L$y6Ic5hX1hqIpN
zoa*4<ZFz|H-X`OU1L9QhXRof27|*(!wCWze%@k)7nV!ouKAwb-lF?dQC}+;a&wcq;
z<>y>;_iZYAc(A#AR4aRk#2iRv&(@U!{GE+7+Ys1D=k>Inz2#A27}8noVsK;gHY7jv
zxQ7S4@Da9N;=63kp{<7wP$4b6><%q1lTmd48|P^sRN?QK8d3L+5TS_&ZlmIL6Zs4b
zT9zuFV=Vnyuh8#~i836S3R4o0!ZWuvBTk$&JAPO}dFgViLv^;wLx9Kv17D9aPQi>V
z$g^`_Mkx_aJyr+G{BWsy+hZXbziBcqwW%TGDGB!7PVs<j4Rnk+f1e5}n@7?wk@2BA
zK&?_IC6iMcD_6)X0gl%)-woBzOr+mEmSz>sL9_Iwya0uL@VWI<GF5W<LW|mo^Nbea
zy>ziI)I{V(iQh=_)^b}<gxsy5nj^YTe=AJYb1+?CH+Wb-t&#FOGCZ(ahNTswTfoMW
zRQ9*tzfUlX!)y&>M_vQ>8Jwg89PI4QNE(1iJxFv4Ke6V!D+Ab0&SpkOqFm?E{M<8;
zV1@pq_IO|5Zt+!t6-=|FbF9RSNrde&l)x=6H~?Vfu!JIt$RT`sboTkw%VM*zc@8n`
z(<?jmHbt`&1(LF(MYQ@)UWfae)pL$9ksjXC2f`(AL&X6sDSYvfBPDY?(Yg6~1o{(;
z?LwTsAxm1n14>&XH>xet*d7t!jV978pgY;R%PPOi5(>ID@}UyFsJA7V1&v*foco&<
zTNOjyo1^y7QCk8g?3fJ3c(v3Xcd%<g04e;Ezs4f{eZ>PmwYrCeDwhmI1IV5}9jU8g
zPl#@^#XX+n{1mw9=MH^$e*7fw&T_Ndta}08^5P;A)MMDI`Pizi<(hcg6-)ED)ueFb
zy?3%c+F_K@vZ|B;5VE=oi=^AK_9TXk`GV1lzfzEtQ@7M$9=C+!yO$kOsu0n&{_Y?M
zQ#_h*r?-sa;U6rv$Zw#r)5PeoqP@rWxi`r^Ps!?cuV^k>&ri{ssGL*$Q*metSZ#-w
zPSL_?(oF;}sW=gIE@~wB8ChDqKIanky>n4-!6Q8PX}zZkf*Xb&9dN~~WS!AZY+>CB
zI)v)ezy~<-Y4i6Mc%n??Pu@d%?Kk=3Vr|b)QM%28hx}3i&`5*A=?#(OO_umnl=|IW
zQes;~pPSGRs_&_Lg?R*2=NOor4Ja)$Q1854SBLSX5Zb83tI-;#VdJKprlHiWzWx~5
z<$D}Y+{kIZjb^)MG{_YQb=MAPI%Rskt+wp+d#LdtZz|}Y8I8g2PE0>(N-amiHLUfh
zTA0DbdD7WfAUM<x{!-A_K7IG2I05hWNY5n-P&<X!4=E|$QHrvlh2(o~yJ5u>x~3xS
zxnOG^JHmkXHwScJjv0$Mr(U3=aZu_vrjoi&d4gOJyX;=3n<Irx`XJ?;nj5K?uhYws
zMJFcW?@3V|zN(!(-T(({MtkSPAR-V#dOa?3?w+`Y(pThud(?La>liESIa<41rJPr=
zTrS!jiL;LZ9VyRU^G4eCgH6bF-48uZSZQm^FHg~Mce0T<HOiiI$W+}{qUUZzKW-@7
z^;{3H$%H_&zc6FT2<p1$4kD{rDIZI<gg>W?2DbcSZlW`oEV!MQOzFMWO)(k+jHXuJ
zkl@;T=<~9V@1B=h*_yE@;2E7$?&=|?8Y>QA=;^rh6k%`>xVqc`wqggeM_~8m6nN=L
zrYFb$byEXOS>_|UUR$Bp`WQ_3llfPgyz>!nYrf)mY78x%=OQvJaz7Tvnj{!!{=}-)
zMSGDiPa2oE%h986&knzTAU{<-$YSwCOCHmlPu}$1B};2jzUab3uqixfTXC7z9!o4@
zbEp*M=Xb~U<^?6~M-jLJrhf(HEh!p4hrPxPGsEi6xrYwDJpIzOx{UW+O@YIUo5eyh
z^*dESl!bTk<;A!3J9d!rY^JU#)!+MN+L%D5dGHzg`)p}Bc;3r=M)0XT?KD|MNf=+4
zb-(*+r{!0hkPTyE96dEVLy!<J1$7?B1;pM`qvPk^n0`SgXe-xDe8z`sHaRZZ6I6uk
zcvG)b^YYU%tK3N)wPSJ$y1_2<)9q8$zQbJzd`#fj^5Kcpwq?N-W(@wj2hGYxbfp1s
z3v=!&Kn|x{Z*-8EV=>k2i=m5}Y@b#4``w9yD>B&llIjy>Aj+aC<X32yLG^ctMBT>j
zIoP%O<C~Z-a2A!@qs5^Ywr6fKBu<`#MkO(s!~lepdT}Cvr36sG{^ez7pR7Kd2MHfB
zolwz3OYF=2uVxT-6RTJC-xxN}9<>;Gj&uq5oDAN&{hKC;_bwR7DMS5wUASJK_XB-b
zPQXqNgu?qXbHz9V>#g93TeVz{x_91NH=zazI8eG0I8t_?Z<}<vplN^|F1shw_nd9+
z%0m%GXm|z047@A)qR`S%Bi)z%u3tyBkj}?f=2-aDEtKomp7z^<b@*>oCW)4yeX}4j
zh!)B%cMt~fkrdF-rwK0~d-$^pH@<i6dxCvQeka7Yxw7CMrG&ZdClBsR1~_wM-5>Ep
zp63LP4}kd2k#jG|T~`AV=74)x9e8~<m9JtT)!ty=c?cd{Z`0|#7`=GYVADP9k@qTq
zt`N9%<j!HZX*)OG(?Z*&MC8v2Fako`!xj2oHA0YvIa3kUq)QH@A3MuJ)Y@^b9{s9b
z-hXqt=Hk{t;xp?GAo=`Y9qYhw9jA10U#%^cO0qMfrj;^zz{ie8dbY?YaU`4w#c=r@
zjn<3RG~FrYFG4W&ZZ#45>JK-WVJhqfQQ3-g@a7XxwU{VxW5<m$2?95I>I(ij9U0wp
zIid0Ti|k`_6K@RdLLM&avq`f$;t>>Us(L=L?cdxdqcgQG8iLBccCVlTYY$N`vOiID
z2Epj8%J|u{C>7o+e71*=9zr_v=!BjH`1MawttSItx+j<k|JRw5=e@Koa&dFe<@!{!
zWzpm2g_9hbs6+2xW%D;gdzfP;_@1zRkoxz9b^WNhIk)3Wlc}~<<obK*rx@hd9V)MB
z_XeyD`P{qj9^{R#ld4XmP^i9mZPb}V0^8^uH+X~sag97mnaOT$lpoV4KTQg&OHB4H
zF8!q$Y?Z)7kK6UT+7D)>^>m*`SRYJ38{^;vp1^4(qLPR4<+(JxEem*v4u<yuL1MSy
zPB?V=@0%004&m+LC+%#7EP2Td^z!a|55YJ~X;`O<xJUb|gM0tY-8;`2!VR@*EKRe1
zmfuIvtyrs<F8+>P7*5So)YniwpVZEqD?pczBPzr^u55@oYO**tj8r*mbI5i~i57X@
z#}2sJK$b+U`0q}->mfHBPIl-ydd4JWpX|C<_XxU@w^t2k|9yYJ&gPiA47!H*4EG}h
zz%6kHh!2aBhbCMt>`OYInD^c1R9}zGP!WGg0Xn(sIZsBud|_LM!ATF^_kVClpwb~~
z@nax%^LXa4_eu8hC+rZ7PvWk$mw?Fnm9@osd+MjIG!BOyK0D;Alo^|RsC|B;{%Jag
zhn&Ofhpm!LWwPOW>Y9W8JzG=f;3ZsLvPdICbA*+x<gj`&Oce5rZy<2V?m_UcF2?=t
zjFJVMAi)ZW=?xq3QoeTE#*3aH%ID#FIX4nL-!BRzl=@%ems$;>qm3;1P|fvD#IGDv
zZp?n)J}1GG8j=@o_|Fsb<nLfX-cy;C))y1wqC2f0k7&m|%yUu#%cHy!G@jaAgXKTZ
zG%=5#gX`_L-7=Xxwn$-rl@)P8noB?$SSpEwdGxF1c)xq8+EzNuo&}`D3m})hkgecW
z16y7Mxq(GD*Ia$VD7p2?tMk|rK%ve2Dq72Q*u_<z_+--aW4)SMzoVX*UQC)tq%tqI
z&}q}tfcJO24nu&?P|*s9lPV22p6MyVM&m&d<yB-C$-hrzVD5rehL4=9_+rE+ubp#^
z^<^hru3v-j`a{YaC-GC0eRp4Vwz6Vbpa8vd&PlJ?Q*_yzX1p2dX3IJ8a&C30^mIO!
zk!BL|@&I9+I(_UK3LY3bgl6&U>fpv5aj#PXJm=aTDMP3m%x-z0_#DD{`t@Q!{f>&m
ztwEtNe>}6OE}$VY))Uf+$GockzSeTKiz)(f=HW>yVRNan)X<cY>*;OvIGi~LK(yrZ
z3eeA-!bBx>2nZDUAqcdo1sy}-D`S1K={)9(2zJPAxq=xf-4Hl6C!!F_?EIXT*2*cH
z@#*4v0#Ivu36Wb~Rx0#s%*>1U<b_Ctm@uZ`^WAEC`hC^Ujhzc6eOVEagI;Wo(A+u3
z+Lg)mXJvEjvH7@<O_T=>L~&#pHi<)O{)U=Hsz>El1-V7{^WM_$4sY0{Ii<Hk$$#;u
zkI>lOh^O_N{kq5*&zkeEGRl(<H|Qkr4dkU&)jDypFA&@G+yk}Pa0gN7u?Co;Cr$cy
z+r!%R<w-LrHadA7=vw)K$%`@}1s4glwDstm*xSp!cdrinsiu>d(aZ9vz@L4YMC7bm
zsW9!$pb5G-i0W5P3Lzh#I8UfzbBdA7*O^HB?g^ix4mXw8yLzFq?UseYeJfuTyP!69
zHp0#tw(<Vj+#|n1-ruz|HH!QA!X{sx1HXG5@bM;x9z}RCJSvAv&fC0*mxPaN+16EO
z6*vN<(mdnm9yl=NsrDcYCu}Y9i9ndJXeVxY{~b$D@V$S=I1ifX?V6>ydBrP`+u+=s
zJeBL6XJ6heh7+Fr(!l3#es_@<sQh9HR#FuQ_o9{G#a@6X@I4KLRddYjIV(*PSYh<j
zYH%yzFwik^6Nbk!{iY{WN(K_xlY*BUdJ!(i0^9EdVumL!^K(9b`smaUiMYEwjaPQ;
zYI_`$cp>fQW{E2#o?Kb25Nqj3vgki&Iiya#by2{!Ud7bkfgYM;XOw>|C9FFbq!>4q
zF3?v7x9`65kX$>He%+(F?iG^e?o^{%qFK^=K?rXx7l+tyqU?89jp?fT+5z(x_Lp#Z
z!(JACl2Ul;B4koTx^z8tXBrwCPKMg)NCI~p?R^<-hRJCb)iY}km#;=uY+$(C4HQnG
zTROle5Y%Dds56kU{oOrV(Wh3?(DQ7@i#Cwos1vL5ovz~F1;Y7&MpdCddyMwosaBpk
z2<2ij2X;rBAoHz?>w2m?^+mk~N}YV!`Nk2_%L?8gc0i*OnO4eLPK4vii6kAlzKb3C
zC`i04<8;qs_wIOZZB{ph2g*6x;Kd6&M8gRaQv~v(Z3A=ZDE_AS80<>=Bc^g&`xH(W
z&$a$jYj+fib5@hwQF63E7`I;^@%Gukx@Yp-x?|(i+Q##_r{A{+yKqLz6X{Qus;0Cr
zx`Lha#0V;K^i?!Dnj$ifXBvtkA=k3tW^f?T>7fCY1~7uad!9f0t+B!;{9VR#`aYTR
z@^PSAt=sr%W!F5R3LX+x?*(dG93}28tvh8CUgtc{%A)&1zZ!h5K`b8r4Jg~63JBTn
z>0fuaeCTxLsDi=Wy(|wun6mukTc5u58%p`SFVeod;ZL)zV`7QQJszTVk>kX!pS6FD
zT~Qt+vUQF_(}bf-q^i4O2Rpb7vTIJCF|EU~&C`Wj_5?3HhV+E=xk{ek&gGZd<EfFM
z_9himJcrm#fN}#=8x?&BxcxGN>dkX51J5PzyOaAgXb~3N2rvs%`)^d$JeTn_raY&d
z>qv1mQD{MQ>32L1pE{^ae_Y7<^Y&2t?w>EgSn~QDMQ9;t#2`C4(jM8O8&g7+{Wj!j
zOF9#J;StH-l^PAga<ftPck9`P!`)yTRX<OUJc+gY8&hY&%Sp+XuFpBaWc(aQ4}^%o
z@0>5792$uzrZ#<gDG~in-8gnm=gu5P$8oxgQ0K_PWdOc(82+9D(&K2Tv;!?0k8E^U
z4>UfScd|L}IYCbVh>i>C=S`vZZ%%-UP0&tUvgbm1(sF*PCUc&Ea=O${kXK)DnJ|+r
zcWCpMK;7}N5{&btu>)=%oAWaN)ny08n6z5E3HQNGH26WGUIpBH6Mh%l<52#d{4fL7
zR^<SwOB}mFGQ%??L&QbuZ8Os7t1k8cShd5wmwq?q)89ADB%i%=pY+F_y2?DqHlGPs
zExMF`rNC+<BEp5-PiFPqqvw}WfA?jvv$2Zf?|#t3d-f+iy9r5*x~}oMTR2ri1((hm
zH$#^}Vewhwl$_C*=k+FKXPhHgvf>XyRIY;+8P2`X^#5b*T9PEmRp6EQf0lsI{g3oa
z(c2uWw;3Dj>aNU?5V$KGoDmX<W}+JwS9xUlAh+<Wyli-NVZifH9Y1fCCFi)h!90|K
z+9Ixz8@6%W8aHSE)~{j0H^3vxj|U6i`^w4Y-L*7@abv7wOnK0c^ikK}IpOzP{YU=_
znX1K_V$UrT&u`wWh%7sfi6%nSJvpqW53w$^wSAKU_dzdLl|BF@2EyF*?_vozEM6q}
zw=i%#X{GwUoO4AX^r2-qp%U8E5$aovty{J-bBi8k-^&~TX2(yYzeO3ts5*RnBkXL+
z1<+cl1G)<KH_KYGIRqUJ!P9w3>=4@WdEfo|sA9In!$X{hozzbML<s*eaWRfnX1_&@
zAZb!dG<T>FbP#aDnYk|m<<^{N(_%ND)h=Hb1epx2QG3TIYx|(x?IUwaAAMkGxR;o6
zCXOL)qdfd$QFL>Sc{0y3XZqa|9HsKnMMgi`dTI~rcKOjVSkX@-wN*W=SBDx3F7Yc%
zn958ve^2MMsT<(est3!Ru=En-olhwT;?lWP?t8t}7ny*5-U;My<v{PPRu@h?exuDn
zm);{q)8GU_H_7squH}8H>9C!?&a&U6(PP!=RC^Aq0P&+~8>FGIE2BtT>8aKCFkfak
zdCxa^(WtwP%eF$#qW0Eq*^NUWMUiTtxnxXV4*;Iqu%<oWHBqR^5l83WC<=0V>_zX@
z)z;d-Z?H_}C?yuYdg)z0C<t6|#m3k?^~R0E-w3DNi0>Bt*BbxFbjsC0`B&`oSeSSi
z(X6}_BtZs~daz5l<7R7C?^Hal9&yT9jQ0v)M$3!dh6ac4P0GJ_#C9*{0qlL>n>y;|
zIu>4h;T|53O&vK8^qsu`eFgJ&1MuhEV~$sf{q2;=wO8}c=9mh2h@S(e6to&maDe{h
zj1v#u{XLOBC6UxBpf6T3DND45;GS`^TT#l0{&2bYb!pw76Y29m)CsDCu(hybA%k}C
zt=pxf#J*$`v~&xE9_bv%)88$?IXV7#>M5mroDZPSH}t93Sxzv%2PHUQM{ne*83}dH
zx3BT?&*uZhjUUQpECijl0?IDOwbd{`p`|LBI2?}!<lgweUX~j}ui?C$QE&NSICJo}
z7t%qh{kw0slvpJDOOa=}Ip@eLD~6Kyovx2+9c|8}?5vvn**}xN^$fJ{fF@rJy|Txy
z-3Zg}TJf@ksGZ{@lq<dSf@JX<s*S<72(Vxpzb5Z~g>7K%UNi9eE_OC=BlcWgVvxJ8
z_s%)TMu(P4=7?V7NuvV@CJGvla5xG`*`b#EP=gA~am$Pi7RX@&twKXREduJNGm##e
zpO!~B)#a-E?PStTcb1T6U%5`H_P2{ec#WgDzt=xEzN7L&28iod^~>K1h*OPt1{%aq
zgAmkPbF~pV$>^$&8Iw>*<~1ug9f;pjRnzr3_wFMdyn5RS5!%GU`fF<ouYZhF1{5x?
zkTLeiPE=kh5J%$^AJNIkU8!oomcfgL4Mr!N8|M~B+{1v1a=(jkRPTHMo_O4Y+p8uH
z!!ezM-4(~;LG3@^8w#AXyiOR$u@fG0lC9adINSwA>&$7Ar}W(INdASB^S5R~Xfx|=
zR_($9AbA$a*R6sJcvwoLu>#>GseDXI6Nce35^M*9=4H~2l+v2iJX4OdMEDX!q6x`{
z=Aj2kQ}|N{I0^KP;fF>Zd!AvUmZ&1orsNmrp<znZHGMRq=i2nV>Ia$J$B1s)9(_lB
zNZTr_ls@QOb?;pCbMBv-DB7mD=ZeOWyYuzg;7Np5w`&Y*X5E+JB@d`J5&EgJNc|7j
zt!#OR_9fY=jpZP|(WiynFJrsNEN!F1!^UUq+{;$iujK70VuBg&b7SA`7iAqTeJ}z|
z4`J5%^gZZG%1Z|&a<lE81GF@JxTIB%!E%Xztj-g8)Kb}_%-%ov%$1nxzHD-nuNb;*
zUl1Ab5HTNra10I%w7^6`!~|-f{U6qp;Z3)Q>$@gd_ei~XlasZ;5q7zN{GYR5KH@p^
z(;Dvgyfj=>Y4>T=2S?r0u}sd*)x$Dm#Z$+|uQdZ4&a;h)04bJOrwUSgrR(Fl36*X_
zVXQ}$?D9XSxbyZzPS4j(xTY+E7+!%l>&(&O(Mu{lL23=CaaGLu%pfsc+r-$uW1~20
zzV*&IoxJM1BYig!7A@<3gArHaAp5y;DdcZQA9d9S@90igAE{c`#2lN_#&ULD`DSXN
z!*$qQN%*<qzm*(h*J3crvP=_DvvS0GfsdxCWn4NneAYcX{tb8>AzZkGovMX4jykx5
z`v4<vn`lSNCF5&g23rgi8MxcWCWed6DYPwdVpl))lF#{?<I@*U4xtgWvi0esXCq1P
zbv!$Ed%%pO+L~~gGLX+E99(rew<8M!3Fi9_ta|=-%X17F%UvAdd(;Gh=2+~FjHBlv
ztZ#-b9FP}t{g&_7JyQPGewbp}ZJuugu#d$UAe!qMq-?8IU%kVi&LsPIrF)Qq;mu3F
zUMa?0{pg!!l#8vDx=&pt8KoWc2ywhg9mD>yI-SBis`<dyJd8X&XEvcdZy}I<4c&dE
z8e4%!J7wr$;^W%9HFl4l>9m@X2CiV~+p<|VBW9;B)oS{5LVErk=~rQ{$JaE6JPG<R
z<&Yv+U?qI-*6!>PxIH<SFs6PvhU9OxNL1ZVtGQ8h(s~e@=fxi6Zu0wK6X=v*gz6Kt
zbAslAKtH&VTgV4PJx~WW(*w_Poo*F*0Ba(BRq?GtT_UVX3p9?iptaaclpI&AXZ1mz
z$A{<i%WXzZq<PRY&La0FEW+L$I^Ys=vI&dBVW}z?Y~E+kfwv|?009+HiDwt>&%2RJ
zRlN_bw44(wXW)UKxv~kE<CArnk8~=X5+uy~vqvI->r0exV%!7pY9#hicvR$U1#rz2
zVGYKp$v4S~3jLHOjUP*kxTXQ>%BiZjF^75K?uD4LJ)#ju4hl5ygNRJ;q+c9mRFmUZ
zg5NJ-5f&};z(t&+`$~oLxq5>p>TM-JxF=hrnd7GTywgNYdFF`mNhp{{N|53d5w#W}
zibD6m0*S=_dFxlB2jHOlIv($=baGfDfR)1sJQTNSH5#cGdiUf{(`)z-^D`68>?r#h
zA$M}kYtKuxE}9dk_~4F>k55p!P;@@Jd&_(iuEo*--0nSM$Y!>R7N?}pE~j2E9uB7F
zM*hY&PFJNKD!5BZSER-)aNCYRb>iRw3c7pD0Z08U>{oBQW2~G3Z;QHBaqC4@e5@hW
z?sXTB2L*f}d&`?M=1#BzU*-7o!fM*nvt?{3$mZ<z#i~=GH%3(KoCkmN4%C)B`V8*B
z7e9Vawcu)4P;t%%nA29_eefYkpa<xtbyZ;>Q&Kh<+VIsBz^gkXdx23x^}@%e+)|HP
z`E3+*ORh_W``rv(y1Q>bbRW7dY<#~EiR|{h_KihZ4N1gtO!JCuhh*;Is|U5`>zO4J
zIjLxehbsnEb|n@u`k)962#-G=_XvbGp7-^uRy)D|cB9J^GuJG{lIP)2-0lNlBbgz$
z>vB=kCTR5<xam1Rm;bl$rHt-qY73;TG21HNId|gV47wi2Q<KLP%8>aGW9Fy8iXiZO
z$iA%64!JQVYK!4#eRztNUm5`DK8@YYS{?eSlCyTKq2kQg=3;df*D<PrveC2eaUQaF
z#CFT&d-kCp0knH>P>tBFxajGJKW(P9r7fQ=RR-a#d2m~Fs1$pc&H+_Z_*2@k=i~lf
z-U|uj-lnB@j)TCwKi#bh_xMFg3rK(b`R4}w*2+-ZX`g){T(|e(bO@kS!Vt1PRX%nq
z>l}iJWSVntSK*)_WzXkpe%W$gyeEZ*#-Z;8r5=>?IV;*Lc@5+bQoq_u1yf6|#4?kU
z5B(4JLyC48WG)!J0w8L7wIA%j!*6^02%JlS8OzS3fGzRh>p2R1$d0WgzY@M6`t~<p
zw4NZZPXOL{0{>*MP~@|g&eKE{jR5*iq?f6HMmz2&am{(;1ohr`PJV8|e~fj2(+b%%
zXR6BvjB1(tn_+52xs9>>Kt^|+`r6IOADrzu#KI^72&O5KFXra!t{|nrzJ8WWH3HJC
zh#mC8C)^&oI#YRR2!%H7d^aD)?O<VZgs}B=;Nup1VC<Lz>piO)n~ym(ubs2n2RQ>~
zUieTuF(CH=W(v`ezL(t8!?9s5c*QrI=<g!j`xYZJ;0k|^MbVq|wSV1HcsczV=t+kd
zJxDsTd4HRV|DKS>Uwgts4F1Xc!w|5HQLf2~JXU#cioz)5xd65?DxSe(ic|0GCAwC1
z!6@ej9e8{TXylzuoo)tvWCy{pal1xtoGgB5hfZ5#fY1W&+ywM8DOhz8-|;)WudaOW
zL#_+(E)nrjI_xcdg+3aMe5{4k^L;QC)Kn`(xe*LbQ|#Bw&2UGM4fpRUj!ekjm*%`A
zb`N(2jFOUtGqhb74FhbYwAyA;{OP=f@E-#zBB~)Q5?|FUWu0w;H5so?AOGG9#bpm;
z&PcBp&YZxgl2hS;W-IRg4#MpPv=*T_k<PI~_O@~ZjSSf@dhOh6*iNT+=?p;{M!?*q
zz;mm0m!mNWBOZucG+;WbD@V0X9J!xkmlHNvQrCF)YJn}f-;D_vc<=}FHnaHIyuwG-
zaQYKKX6v3mH^S2_WA-7BITeI*&=5H;kDs#RhPpEM)lTEKOu?H!H{!SM=N`-jtl(|i
z34~73py{}Mi|%wLJ<9)JfJ=NvyB7!!cN$FNu}5enhFYZ_D=hyv^QNk@NFJX87-6d(
z2V%pDhb)7lL)o%poc0^8NB6T?^heV26KCu#F&pLwbL7$66!b^NGt0O*DSPojBG6;A
zyn5h3n%~d6&(ccG_{!8IdIDI{Y`dz^aXt2@R<P*>DlBRodqw45A-TELHish9h;gs(
z;xRqFl!yJN=REw!Aor}L?{Mv-!d@9!w<(yU1nv~+`3ylWUa?vZ-fJgBP{UuL1{q%N
z8?k|mvxcH``xD5d;f63Z0o~HNypYF8Z`BFX9?VnO`d~O5pz8AiU^H6$@Lh$M6#&Wj
zGN^Fi*B6P@L%eiO%XP#9;T5(Iit%S+#l}TvGp!>LNEgL{4dP*}nafj;#`op<yP2h~
zjk$e8-lFM{Rv6s~vnG4IY5CEeBPg9_vj(^*KR4q))J47<Af1=#Ge=@0&uFKH!luKN
zcxF3ZF-&9C;7{qo%@k^=jE|&bdzS4hY7UADVJ1NL47v?yq%UihO=EdAn7@5(Nq^AE
zS8K1s%V(2zkh#f&5?#=j6P2}fu@$fQi9Nn@1W4~@oC)t7G$O-SnfV}mBUzW7&N^lQ
zhx(Kfn9n&?CpA)E?Es7U+c#V==6z*&DYNBrsEC;o;Df-EoKqlv7=z^+I}5SU&+YgR
zTT^#DI{Ro*30Cq!HR0nJc&KPERBXt}S9LGJp3f%8d#^L~<uceS?-}3ccW6({5l0WW
z2xnd$e|#&Lv&{XaH^R7%>-o+3@!DcZ0aK))$E{v9Zq+SMyCqlco`|%T59ndGFrn5-
z^KqmmS$zcsOo{111|%2AL;J$j`ca_c_Lch1I4Pe&#pC7`pmhJX=rTDTf$k`GLCNWG
zfbKVIQ6Gnr1hzSI6jJV^V3AP2H{@plZ>E#l&{=h;BGAs-0XulZ0760g#77<E+Ge3~
zYtiGpdV}@A4oARV1&3EoNLOeE>Vm?|!QMy6wTU5oL5}y$KsF)|7-#%^+~mG2()KDk
zU&ref=Lq^$0txEF1+Q)sQOj<gK7cCX&8*;$N?fiM5`S#)v#xpcFwV{v;Btpgbdq0f
zh~8#5m$4hm@&9;u)5!WL`+=ppU!$s7_K@^}b04i8r}CR|ymYTsp#H8OzhzG#g0PGb
zRPs$(5U>mS5>#3Bx~!bi?6w=aFGe>CuV0!1IJZm1XlM@gJsWLu`@wG*2)>An(O-l3
z0q*#0H+Sa|7sfsS9&M=RVW&P}_b@}o=!kcl*O;6}LDRaXEutbP;Nuln!jH1^_)Sk5
z%G|WD_SGO<pZKQ3FlxU_qUL^*?9`|?U!qgtJO&781%Hp+y?Cbss^2CSbDuW6X?5xW
zw`6}O=E9?^9!;35@KZ>M_**Fz9rzgOISXVL<)jW^raO>KF7jzFoqyfjc}EhDqoGN6
z%^3%S6G4W01W`C@3)F@M=G=7mi2JbTL5z30fGkvRGC7FT!Fw<|*Ef*57Qq+JJ?mi1
zfbDo~?#dGBRC5zkg4UzcDHmdwBC#upj^yyE`_R+%`5L39%})?b+AC^eeWEBYIv_jW
zhAb>w9!HJ;!zbvtf8$zYs;&G{Qp~v%@L;Bz9bw=lK$wj4He1ntZp&|R)h*j^!fcs6
zvP=Z=k}qZ{)6h<Ky+_ZBXD_bbL7s;=C04Lzs5J7xXHHA`%}L`lQf~EWSb<kf4h6Zh
zskJSf=q;R65K`>?(q@H#gx<M)o58QU-_pA^5|%ntSKQJGNMqddabwXJ0Y=|I=je;T
zwVlAyRk81nIv?j;bD>!{O5ZD!*mSwfX-NCej=?L3{-2A&Cba{{K1VO7MSO7LD{g?3
zn9N7H35wyw(p=`7KgV|<{?=n<f9k4!OF!T^%Tu?KR<@mIqwMMl`kdof1lZ#2`zcP3
zw`vV4xO3ZG@zeWCoqTp($9(DWfX83;Jf{44h{QMY&_qQ|sHt&BjQ4T$xI--NV@*}S
zs`(fVvnSTIx-vafh-UR^Qz%CL--NV=4F{jPiE~8ybfPX$+5#pVwZnYkoJDAD19p#3
z&pvokc!>5e>z`NXoqC-VNxxT**Fuw##2mdpXUV(y%4QbX?gi|#LI1Heza?B~et{4l
zCL|Evgv2uOsndH>4Y8E)E}U<^3&us8fT*T)C)JEvN{fJcrvkh@<NEO2*?>cz^Zi(a
z0_x4``^jNz#oph1#8h9(U!Av+U)$_WeYkt<3h1M%GIXP&&*+roxMc5%S?Q99^zY{F
z8)aVqN{{Nm3RUXCrKBm9+wu<Q_kQz)-|wy7KU1Y;5UwS<=MepEC`v&bmCEGgGr>3R
zc}WcqauoVL_DVE*SS9gmyVCu+Ilon3DebqQ2S;R6vhld#!`v-SFuf1s`+O)>Aiuf#
zuU0Qd?#w6Nv{(U?a~;kNwh})uj?8SWK+&wpa9+jthgBYp%x|`h2)bz3%bX1;vwN?W
zV3*F<i>Y@z1G+lrdR{_}1>Wmxyp+Rn{9i&mk47$Bm1w`iXkQa0M}fipH#K_LZepF>
z9w==a=9uodW}1hEii9oZ{;kP_d%hM>P?uxZkbxe+y)X6LJ9o=NACarL=A#KhKd~A9
z7K&{NZ1D6q{Fa0U-<r=HXb<HQ&Qo9a)vI%M=7mLGorIdcZnZbJK4-zpt+Lk-+qTcj
zy*T;m_8@*%jlIe970AyTi*=wLQ}teL{3Zt2y?o;v41LB5caO_ekQXVh8YFZ->Kjg-
z%XevZb06~_!PBw#_zB~=2sZ@o8pfkaANZTncerkT!&a_+U3(CKg_JTUj<4Cdb^pGQ
zJc=v?|J(#*N&@B;ZxTs&c2a89bg$J4`&`5!@^^Cktu1>;PTN-${F<GYCSClc=U`m#
zexyPU$P5d|DWsc#K*n2or*5Am^*l}2TI1$7kerXcU~ka-c)l&)3b>c98y;*}bqD~}
zd6`vtmFKiEsFLCF$)@J)^CDrG^d06teLjEU6QOo`cJa|6dS5#+<J1iX@b5lHQ4wn;
z-E2ImD3yRCL}YvKQjpqh<|AYv{6K|srFiZFjQ!b@B>Bo<wn?tUj@EHDc>pIs*uR)$
zV$YQ?>wrh@CE)8F7$rZiWbn5fE!di+6;=E@qjyETWMTMn$0bOFn#ke@uT>`v4jnzz
zP7jmL1E7__%7h)}z$J(eoQv7fC{4FCrz(Rw8r~s+XCD|>r9u;RPmff<9p$3}osVYX
zWoqbyq1qrTA#wA@+|BJ1iP)R!f#sUV>!g#EBhcwpH+O3vW9s4ju81F9_a(CT(V8iP
zr<+^H!?6&rDmy&#A)|k8lHVIeQH=yH2vmD{Z^uh#A#Lcy&O}9h{Xx2y`tJPRq~CMv
z#yzAYk;<#J4jVyz6LaceA)mwZ02f=G$;)R_uHv4ngiUC;7a=ZTK~aXPXW+m)7i+Ue
zw9oZ;DfGUi@P2a#o?~L5VQI3bUSjOiz2kb1C+RC4eu_FCMs0}Hh+A-D&~{8R8f8?^
z?7p1YT#3grRt_gu$Hvw`klv`Xy}Oupt{}l<b!aZDEM!w9$~Vs9bgSnV8ZLO`@B1``
zIla{{<_f~_^1iclmEh)y&-^NvUkLP+clV=pKeZ_MTlDsI--_YAmmHepgUtu)&U#Ra
z)Rt~S__h@1c3QU%ch!XriwPw=EFd=p^nD}$2Ab)85!Dw{y_NVeQx-hV#KS;a4#DAc
zjy`y-mQr(0@i%3?BR@Yr+bKhk33_mlX`=6<C$zr6ksZC84|1Hx(+`FBI)X4>T;143
z&>ndZ+K)@)J_IU#aUkzn;VtA(BVf0-_E=G2Dijj_eV!=W-V;vHl}zv$XJhE%AoA`5
zu@{Suc?;=)#@YLOqkik;woQ@m7&gP)E`3$VH{hlm6pe(0xp)E^&!x41h%;~LQnL$=
z1|JRma!)nX4$OU=D1>!eX-|I9HtY52J3J@7_T?qkjTwBW4(x5xT){BYc{F!lVr=nS
zGIc$!?3&u$A@;kn+g-N^Y~N|^1G`e|`2H`OuF6e3Rp;W}zQ=)y1COz_GoNXG=;t=d
z64$+WE%xx~xvrC)Ire|d08E~Ri6gAa07pLOG0jBEv*kjtkALOMui7h2jnu!lD*ppQ
zq`WA*dd`XnnI0LC^Cfz`?-a}QHKJ3O1@EGD+KX2kc`M)shvhzc*x#J4qhA@KcuOj0
z7M<i0w8}$YSMj`XX0LNhAJ<ZOi`7@rj?r#VSAFt0*ef#_?eL(VWsuvQ+ae1)DmFBn
zb5HCh0?WP0z@YJhm&E9XO%QLR_Lac3_MG8=Gn6#7*)%qqor6AcVZ39d_W%uhimdbB
zwlzSJcE0?P8J3rtN;2PncCS|>LtIfCj|s>=HSzOaj{ajl)ZD^Hhk=3Yn%zA|kX=-x
z7h6LQ@aU@tH7RWGbcG%1!#O@3z`lo@%o}`I%*aIYz>GGWLvxAn`pU3Kmh|Rl#Y0Ee
zyziwXX7zLSmCBxfiY6{D^`^N=@s@U*+}y_I2B<{>$eofSxMf2JN<4DhK(BWP$2k$)
zT!+_yeBHI@l2HT-1>|RJcvD}=gVZf#Sm;cS(#LE^$rP^UpS_S6xWs_hC`&ELvD*dC
zJ41*2kk&MMZq|dF834IQes9-LSn(c1r<3NErx|@0FUiN!3Vh}=Rn?i<d%@Ou<K(rQ
zkOaAAj(Tj<!y`s=Z@=Q!=&*CSD(ujag9WCwuy-O!E}I_n&oMifdgoKmrX6VEvm5*v
zeO7W`wfRJHnsvHDEluU$HNN>BFAv}}$|EUpP<_2W{rbVav4O<i)t@^%(mhpjl+Z<P
zMx3^LE{MJmyJtRkQhTvTS=Z4vC%WtJ!8bYw(EBqi<3|Z1PtMK<2RDb+6$1-G$n5wF
z!Z`g?Z%Mxee<3uZ!3v`9nd$iVB5fJNxW1<IQ7h;&`sCKdm+nE@x4&@4Kk+wZ!5OIV
zZ>Z(VXb<z_X|~RDnkl)nM!ITWMjTrwz{U504}#hvO&xLTl{AQY2M`!?{YV@-aaL|=
z)bOMF_q&Z5sN9_h$ynYyidW^l;t>?*oSDu8UsVLcqMWPK+7D?aYHvp&W=2Ox*uu^B
z3fPy~vHSp%!_9L4Tc1`#0Y!+DQIDeD>2}OZ3d^fyT{OuR%<1-kHHz;~i6H%!2--+P
zfj`{Ft4<PTxEc4eg*0`%SvVEQhmAuSYbicK-hJ4vxS|G!6o947VCgt6+Tog!zBx;%
zV;8k?;LgiThY$HX4c{D$*_|Yf8<+a#0=3j6d-6H9l*{0ImcRKL=NeC+_p8iqyF=is
zPm)tqiT1Isl>{2`@c>%Om5+`O$ZV?;JyNU+kDF6o2PY>YvzNX{BFZge;8<3vJsx-2
z|2$_yA(IS`bhRDInJSM*3`Vf)e2!jNC7UUMWxI6c=e-5}78NSCpMGSA?%fvhN}Rc?
z^b(c8Tfz1vakV3F4UVdT0Ysl6KWGAw%n5c+UWUE*9EkuRIuMBZC{10yZF7_#J8r+N
z&BZ;v;=One7m>%*M(I6<gTj3M@JoMs&NpSz#iq`bx*)@aSD%4oj0LJ;hUU6lqE}8o
z7v6lu;?j0X5Fevv6!0ruViyZ{N6-W}<hVOM(6BDnQRevS4ci6n4FcD^e>!}9<A^+)
z<%p`~zC(8)U-~(~hBol|3}ZznAcuc_us^r$KP;?RGf(nWHQb<whq1(o!+Pjm+1p1R
zBYF6p-ow58CMUoVC<Ec@e$KWR-4y4Lp8{{(77n_uG6yF=(Oz&JNFunZKq0^muL|`x
zI+DDf*du?5J5lei5#vo$lFyZDSt8rX9c`}EH?(3-5zL{i$_h;aB<1^x+ezWn>Uum?
zsSkcbtIKQk42U)bpMpmWrt1XHAX8E?>S<MF1|55u77|fR^Uow1=Mh7EnN|i#yv&aw
z=9dWEXl(rA&Swm93|YCF;rGV<ehJc>eU)tTd^Ra+dJf`V<4(^57N33K1+szYEvbu!
zC$z-q1gt0sY~mF(9dH@p&m)ur7_nk{kLFCQj3~x__nq_D8&35#>wAN@nk(SzNB{<B
zgj6_R>ZPz(4RB{8Dfgx8(dBO2it>Tmc8r;p3D$8&w#BHZjF$Q?#D$qU-%#`3(|W$!
zYAdIxHnR)9pl$~vCttR{O>m|pYv^#kl;a%wxAa$RPmz7^mpf6S1=;{*TuUGxAv#A~
z;KDhYSX0XVQ$s|*rH)f>-#89Utw6URLkF;sFjo~nym1wV2wz>k2{y1ktI#3__-L4e
zs8?=yuIK$QqeYBEu{aw}h(FqWtV$`_wr;FOVSi>kI1aJ|D0bLB`D`fno;;hqcT+8E
zqH2r1^0p&qVLi;C<FDLm#o61G9+umCj=y-;(o@8e_CgY|x*N%wz-~dgr|<e%M9(n5
zFP+huz3w`67e(uo^(mZbChKeRx3RT9HpQM6!@2d=m>EPm$h13wchDvddfQyQ2sZi~
zPyWXoHMb5uV=jb1dQ3JM-h&=TYVW#!8vq^c0-b;JkYH#cX!x;Te6-3MUueSKxE_1s
z&=pg7Y4sbl&DZ6Deg7<?eNq!P>V8CTBIo5N;y{iO4d%)ChL1WvfKN`m-y3GBP=1W9
zU`Rhn(jJWm(@Z45?t2uOU1g)#?^?5s8=5&b8JDrchon(#?0|rQs`>0*{U#(od_<2o
z=8^I6E7QgEIeye6-u!zaQ#ivA=3<^a?9*PxCFdN~S5>Eh*xq7%lHJcaB>Sh#n10JC
zNjoM7n6|9vIP<*|j&ZxG6u4w7zE<Kwbi>GNDf~?wyA~Tp6`0<^nd<r|90`|_=N&S!
zJ~9B=c5u)3rI&gzy}D&G>00BN?25#z4&hld=Rs!-ORVJa0~Lqk5#vX#@YJ@%$k0Wd
zx!QRY;s!Gh)7eKTvE{SDBf}2Wd1ZA5KaWxvm7{>8j|qdXwY~^OG>BN`<EFt4Xt-1w
z2i)UAB7s%)(fWHB5zg12SAcLC^I-Dy%PwH-`tL%s;wCF+Z!z7Ft)I;+^jm;QIQI;d
z&$M4=Y(BJm?`2<!I(aMSacjOj1h9b4Co_#-g`Y|`dS^&B2{@%z;_VFA%Mf;NPh42#
z2SJHaKNZ%Hn_l(XZn%%qOy5v*Wj@~o+=;>)DU47ld+sMEizzEul*cm4CvUBd)tX+6
zk0|LYi>s~rxVv7`UfO`l_%wrlQS|QgHXji$9$B#=RFWChImhTKVRcePms3Z2rj2Ab
zIb%k9<K&<E4HQifIX8#wAv<}1%sM&1S*A`%n<m{!drau$O_$%8^S5MER+PGgko?S~
z+FrSFS<kVUCequ^tv$ZDqZJw5Maihf>vHQ}ZgWPtB)IeS^*9*ri)})#4YL09bT7-x
zt?Fpl`*O)W*e%Hq5pY3V230;<sx#dksC-r&<kF*WeReMhrdTZKIf|-2^YvF$8YXnl
zJk-B)FX5Q=xe_LtN62r63BrwdIH|N}n1<kjc=XrfTS#_CZ>lJ+z<m((n|j1>KxIO)
z<^bmWEhO01nOB0CI79Jr8tkcIHULFPj68Qh`aPh`*G@IR&*5*8=dBm~c&?v1H?!>C
z-Spz>Z&ZxqRik`oUNQnCUBbh>Y(%Ud@$*}g1()u_nA{|rzCtY8$*rHXATcP<qpEYH
zn@#X#w>!iX+c1jLjEdJG4C*k6&4LkEoQdWa9{Gs8C453zdq8uW8pX48wxIb&?>*r)
zbzdPA)~%gsrORRHJ>LMQu_eo`gSU_6rr?n}k8_-&(I)J<eKS_dy_)Lc<$H>W`NBh6
zaq-Nbw7pE=NC<Mm6+a_>r0?9vSm!E^-iK51CJr*Y%xc=tcLn@g7P<)`UTdCyd!Vh^
zj;%%vlnWmxec7}W+Kwl&(pFH))h<&hR5t5aY>GG`SJ8t6f;?TzjeA7L8-yQ#QO$Ej
zA{2B1a*R)9%0&Ub0-hQKJo_jD`+1OFO1I`3a2At)uPM66i;BTde*NINf^|*VN%#(7
zoLg4k1cQh7iu1ddD@z2g#0<~eL+_yC13dB&%ux0{=lk-Lw&xDH)aWDK;xYy-Uf?k+
zL%Q+jMuv9to{W)zIG=RKi6#+qRMu3uDObIZ+}7y{kNJs9`9FlDc66v8*-Di=Ms7g!
zxd~U+qZ9|J$<g^j(`3U+X>xwDY|}Mg%L9#c+gE1$bJ&33gR|`<HQ*N@FQlx{rDK<n
zQX)6x@rw%%54niwL!ZjUd(L27ff)A+CRanh)gxP66wFo5@^PHB?~8jLj&H7#a+bql
zew7ZnsziM(lj9o_4$!zxeQpQq!F!mn*}DQ%vcaPyw;)g{>{0L+&3?62_BgKG!!`Pu
zs^#DB#QR~h>14vk@F!VsI`kvY0KG3;S@R(Kk@A<;{v);WZ|UhgTtWS)Ze%1K^K+^$
zpWUV)v9G__iOEjSY5gR-6j@V%YjH}CW~42bp($%LI5vYEtL6h3Dbo9L^U;N+SM~B8
zG5@Tl5D_BR+#H#X(>bA!-c2_hlgI2DW|C61TE>Xw;%<>#I*Jl}X$f*gBm1Ue-WtW0
z^XhZ}BIz3F4M^^`Oz%PCql%h#SE?VM+qkbn!nF*LfZ0ck^By!;f$ZZEta9pp9xE_+
zp>Fd2`F_vm%u80yc?WhIZ@8R%`~trIHc*I#@XvCFYXo1V`n{RI?`dk5AOD4-Win5Z
zL)Udt^?M1|&MITyQs66C4|ovYDTa1tJlV{T*u8)L9mcBtl*tYTdvAKIxL98pUxqn`
zAkatmr7mmAFy8iyz}u$`WrPyn5os%#AQWOylLGyW+7W1>U)CUYOj5co{OIl>gk7q-
zqc0{B_?F<}W8Dh(=yx}pWaoN;E|<{U$2ipP&Bs-^fo*OyW@HRZvph%zgEVxaLpBiu
z>x#Xvqm}1xALP}?iAvTr0Wf*<^X-Wf9EEXSG9O`Ff5Gzgr=0Usuh0Ks>v-Zo)*j4@
zfSi`Iy1t!sgNxn|-Fg|vRYGJd5pA|Pi|7?K00#8_UW2OYEi-z&4Z}~zeT$(c9gPFl
z*Ful@Ws2`=3OblIu4Wzrk?so`e5>Pl+)#PpuW1-e45NEvRfNnHwl2-c*Av?30Q<iQ
zp~gdf(j#B}6NWV8xNc4lW--d%d+yjLfb^wPZi$aVN+k1pUfTWy2lH?k$ZgW7(c3{s
zKTl`(8oT0ZfPU}&Q|GTK)D^8!{D@KQ3nR)KH`9>;H{5T%3<ad;s#4?cmreXz5Iant
z!sBea8TIAMr%K}@d%wh4pCljl`U}y}%7+shSPRTP&l<T&*(WXjIb=N+Qd;w14)kn)
zxAq7P8FfMdPPV~=&%=dM*T!8DPvCM@gh+-B_m*9;{H|AC4NMA)IeHaMjPw(uUl5X1
z85EX2cOMC!=7a`6{0)cv?*ASG>3d)!q~M%3&qpqN=Ij`UP-uw?<w4XMKg3#&PC`I<
z@XU)%yn3M|HbnGvX{=4t#Ma+ZB@(FIbdHG5D6Zgda)#;=JW<^?9AIT+!{_s@{we+A
z-xAuF&9{Ss_ZvXJfg!DU?*ACOvK&iuR=FiJ8F*ye|B|l!)&F=}dDUvEDl7BkHyDVp
zAwptkn<1hs{8Hx0f$C!s{{(K^;ncm32&07j2-D@e_Yp*>I1<KVU8m>eP6nSM_Ie1G
z?d6<4pGO(WH%HSoo5y17HeP4V&fGQurxi*$_d#Ib<3~y;?zNj@^Pm%Wh^Aj8g6VMs
z_74XTfQ5l~aO>4`<1K;YfkuDpY#MLug$6nE^>c_zGu|5~TlWg&|C;I-^pRW>mh-SQ
zjxl(%ZEyA`Wcg=PQ!J<@bW_ciUqlTw2bIhV?R)bi3AVn>Aaitr<>&b#{cgGqH)`RP
zLw0Da)ZLe-^C7N}#w;TOQ#fIFKeiO0c~W0l(<Ke}K5E}E*(d(k=wB)<a1F)W$d}&=
zFwPdM>9!uw*0`X29*+E!+0^0s%Los6X7=NNm4;hN5ycV~FIpF~iB<PLT$<{44+f;+
z<<BDW?u2sc5lF=QSiy0hdXOggVjAU*?dEeF**@jaPkUrX;@FP1B@4X*4wD&Iv-QNu
z^8$RGGa_|KyrmyNgCmR9wfVRD9#e8N(!7YdM3(t!&%Daqx9bFo61h-K>!gwD((l*$
zTYrNa3d}W5*u6D!`I4kEetNKebFp+E6K=KE!Kk=*ATQKq%se!qLN`8XK?4}i<<R$3
z=7q|-Cf|@fvjTAx;vv3A58);V3U~~u-t~p)_}2xZTJ-sjTt4<5AKlOBzU9?&I-gT|
zOEmF;Ah1WA8dy2)0xo9C*}P%-vNwfrYxkfPe>15jT-INv6(=chH-OG9)A2b+-@2YO
zy9QM%=nA~{$;Xy|9rqf&>B=*BUS-;^PyA2ZtND2L%y@qyQ*i`lP6g9R?mYl~<X*sf
z5R7ktY5hFpqTh|Z38&<7l%cNZzOB-0k2`_b`5Zne{E?|s=`sbrBCMaqD&>3z>ItxR
z@(wW8{aO~l?6x1)JT@XQDs%C|sK0-{_dx;9)@rXM#P%F*(an3|Twi2^()^s@S|K^<
zYnUqRy-h)A8<U;x60Xi+tq3CXs7XAIP<HYKp(oRpUjAsP1r##FD%&Rpv&JJ=Ui4cx
zPR-3*RnGj9$;&zsD>ROGbB1y&EJw_yR2RJwAjiDttuNWX`%6um4&W(|V849j#3!6L
z?qzp%vpadh`X(EErZD+ax`=+a0{43>_jpEz=Bc>Ej`yX1Aup?p4rISCZ+3IL>0Q+a
z>`$HLuO_wvg0PX280wL#_d}A6!K83^F26F?N4z%W-Xyx5%|3G!G`rp4bOX0-w4IlV
ziz_xstM1u6I~aC0Ss2nPyv4hQMU^bPsckPqtQBqF4!GC_ck4WuAgIA{P$apLpw1)B
z%e<#wX#t8o^pM|<?%4~|$B^qgeUS(7*><vTL`%s`@1@yMCpItgwCxAC&i|v%@&zXn
zr$?1(qWXI7G8{Z4M)Y|e&{Xkz8nww=0>A6*@8;p0Y+eZCt+(QaSuj3-7wqdphhH_p
z3-6BFkB~YkoEyV~*5hpvd9cCXMdJ3SMDvo|px>93xig$ePXKpjVng%bL8OE8k{%u-
zgxP8ne3;pXZ<mozc<%+9Pk$$F?$WVQ#hWpw-fwNr5$w1qHaN@UHv$2f8GYGjrIPKo
z?vhj#WK`<7D1b9(RbnKup3{sClVtf3+jLf93l@9TrR!$jDPc``!7!32nnO1fkO$5^
z1$y@HexH-|(3_SHN`KZ2^I!l-LXY&)*GcqE2A$7&@iFt?X_<ew8%tEkjY9#X#@R(^
z-k(LH`im7QK-5n+#If^4NATjgEeCB8Xs=q4z!?Boe-Q@-Yk9x!+PDl9f!{t}2}oW1
z%zi;LWb|UyRkqPNeND04xb-{AO-g`=Bm5GW&^e#uMqH^Lc6rE#Z!w$L!$4K};_VhD
zOU?SFCPL@VaXmL*d?GHS7FSE01GQ5quo+;Zh;;{w6X0G4OWwO|;g*+^>gbl;&k;Rt
zAGQ;z-aPlc7QwSnY}{8R|J<NRHo442h(?KaKz+4dStmJrlA^Zt;YVc6rM%U7^!E$?
z?UE}IeTFaJAS{#Gic;ExTknA`xZ!^G4+!s-8yy;EHR0p@Nnr{ToRK;&&HKajE8Ooc
zlP@8)(}{Os1uE`Il5%8^&s$R!;-Af=B7QS!`^`f8;J0Zx+i>kl5u_Bg08olOF81|0
zpN;H}^P*GeYsS>`XzIzA=}-ARrvGg5q9v)xJ_U;E@|+th;Qi?@p)Mcu8;Mdy{s85>
z3pp2{PD{|S^FAXW7wkqhqstYud>2*iY_6x#P4%Apw_-Kf<In6q+xS*}PgXm;nm}Is
zmb0D_P_(lz79G$0+#lxuFz>yUIakLyTn!%p?psGRAS90)t0gB_&OQV)PG!TmB8mzm
zDq9$4ECj6=acxbVOvA+E(;=EYsK=^p^#yd2No<kmRZADOI+L$<&K|u1L1$s#EA#Pw
z`O{3Y8(sX!%&YxyEiQ(OYs0Ap?8dg5&*oH0M*<l3&KaZ#HjJDHL<{ab$^~!1Dhv+N
zEfUY*@z1#rZ)oc7%TN;><6l$X4qO@s1<!YVC;V3S$Y!}v`-t9Zgd1Ca2<gv6-GD>(
zmb%qGmfN6eV?hxC;KO150LEGyB%oTpr1kS9|Cgt530kcxxhd<>=C-%qKb-<qxZZP8
z6wG>&D6z{zk{*STPDY1*)Z6A}G-=u+{^fNJ^Eb}KnMJLiu=oI(9?#P%qa{vFRn_%*
zg(@f~&vlG$!xJ@lv017%29N5Pn))SHxOVP&Kx(SOimV{a=mqelOd$v2)pNEvx?B7~
z0}&$ah;#FCO|gx9E4Vi$%goiNjj4`Bblu{;MW0<3$Q={-&XOH;IOu9hv{Re10S5HE
z<>6E<^bJDMpS^%>LHwwCvmJgF*>Gv+oJWgb>GtDFEyMbqZJ?Ao|4!Gx+orw!bGWM(
z$hYuCar^W!`;7Aa^rqTzhmO(y3^gyj2dH3k*FSHp5ylJN8=)^1m)=y8Q<n+ba$gu^
z@8dt|CrI}6;d)=9lc%@TRF;G1Vs+XGzDm+sV~m35i^T%l<ILD<bY#cm6S?!z`@Vye
z4X1ILv>PaK3Jzmzt@l(Hjj28e{ZQ+Th7*E<bQ-|%5ONqC=MI9N$jf>o7#B|&e-5Gr
zB_{l(6cWsCQvTW;;i_W{w%rA|44Dd#xBk_)WLNld-N46xUslT?%5`P&hW;ky5`2y=
zr*_mF+@GY0e>Ymoi!n2O<kR=X<EJL0O`@uP?>%$FUeveSIGu;FTY|&ra}`+?``ph@
zgwd`Kp7=CKb~2*a1-;L?la5pp^G&_AFi)|<w1UI*@})~;WXS6vdOc~b*{lB7Fb{&j
z$jpHeILQQMb|v;<yu6DmUU?hPJ6^Wex{YZYw{8dRJp}HJ4Ox-GdJW&b^{p4KR|Eio
z9Qq~3LQ47OFcGKjTduC<f@9o`7PEdlGG1m&KMy%=ZV{#Gp=$SwAOV16f4gcnQ8fw2
zD{2^zi8DNcV=t3{&RUo~ntVi0Sa5}%->>?&F|^)U5<E>OHQ3zK9@-cZAC?j@k8U_;
zm~t3B4sOz`Nna;apHXkW_j5u}tVXX-4mH8?8xhfx1OmZVNw00D@H~iB4P?g)Q?|z4
zrt6BH7cju?ouiw|&04Md$TuYd=8;@l3H6E~M&#|jdYVYK63$&|$0Fyu%x?i##^9$y
zB@Z9YRq-Xl)SF`-UpNO~3ELx4LG$fpG&|j;dAa;B-4*h$ad(vKle+Nim0<ar(ltvH
zPabFEqj7JW$l%|7P@hN{gAiXzB8uT1(cJgwj+E8m5aJ*YJfaNpAGUqK|KV5Niy-)k
z*^p@2`waAM)lnlyX==USeE0^YFa{RUQbPl1gLo|~ts%i7xjVz<Cw%0{=viB2`#g8(
zTE=lQ*g%%a`^xtxg6g!V%+nR;-V|zaKDT`j#Kh5ki1xxGyF9~vWQB3GPe-!!)q3Tg
z;+|VyuOUpp!>UIzj)LB~?|Ze?_S%OK?JnaU8*$k)g`lLE{xEaZC4A}SEt;WEUCA~0
zP(}v`TjP-;rl|9ZL)az!boVIVPc7kNoD=p>*!j=nLKarPr3hYkb<E^gZvowFY4C~@
zd=oCWjZ++*lKE%96#s7jrU4;2ZQ6G-r7YUL`CVRpssMJJs5ESET4wHvONv&r5$}%i
zBGt(jCopmV47N+O`Sq*v9Az)lU`V`S$>uCV-tdZMaN>2oxDD>PQ_VukDtAS`!{%{3
zPEqbG5VMJ~zD?M-bsz54)et@{$F+{%$)coC1YzhoN&!^|zgG55NGE)MO!()o^Rkg?
zJScZB;!C9?e9JYmXK%_S`^IbzVAvyQ4tcNKK9Qde=%t!agG;;m_<g^83`&;Hr{Pxo
z?bk6N7Snf{%A1*RkP&08Q6v(U%x&*VN<C_!CW1c?6Zv<;c#-w}4w1A{1alrsKA%SP
z@mb1~;`FF6%j2~Rfv5)^(aveHPtD-cEl|`MVXXs+z^Xp)>gtT#vlgR!A!qqP@QCX-
z9bx;!at->H-uQIm)dI(KH#=qOt_pAtp5w=*Ei{;PPz(+SL%dWXvkD^@sJrnT1OJ5i
zl^;Q%9X`jsHr^7FcOM%Tx8ra|SMuQJb2S9p#deN46n{c8C!)0cXv*zNuoY5ciPdxQ
zd;(*t`khSQL*FV>=k5{}+iKb9M=Ag8i9CVOE_3<p1DJ9J*?5pS2a=S=^W5WkO=fG@
z;OI|DS^nK(ZjC*(C+WR6lXqL>b|m2?L*3(0eM;jz1_{Dv@rK0bgY{yQAoFtRC7Ef0
zy8;9@-k*O{=?RRC!vSpciDZ&|vf*f{`ho<;;^89Jvb4T&`gkHkQ;yT)f2Zofb#>}<
zLO{CE9V>N989FLJfeAX?tLCn%`2zZ2l+-7DdRh-1`gA`{GM#Q2p7Q{&RTgUKD@DS2
zE<8wbm~Y%Y0i5xjir{UR?2DS;u=G*vgLzNq+1B~m@5Bn{WZ?JFdwLwkSZejprn|=?
z6G(hdo>%zS8Mtar&;6WF`$!%m;X(ipQ(~<Dc<I0Og7|V~N25x~>1sF1E03Xor|+5s
zj6&JbSD82y%MrQ=Hmj{<i^Z<R_^e6Z@-)f}3<*QT1Jl>U?$p<rwTUJg(h%6kzxhI0
z#QyfG=EBNA#@W4N$x->xQ7GHPaJ0wBm7JV+b;E{y_0>HNq9VK3R9>>F1iVzvN7})U
zjn7Fr^XSb+=B2i}nW@w^#71@8QzVPd?s43`mN$BOn^pUg=qX<j5My1sgPd_vkBBJH
zsVULPXy}s!L2Bb*&NFz2;%}|u)7=e%wdc~Fl_M!&lh&ysdU#pNl|=1KQJ7me{ycx?
z-)-z)Y+0s-iW2UiqJhM<fbx<Edc3@+%h+l33d*}9pvNO7+XvyB9Fb1E-*{)(w{5%(
zu(CJnpOn66RH#*<`iZ-q=4N71Ug`-~c9G}at11NVZHi)!w829_mjxLN-XbAXJNS@n
zdd$>~1&l=-F|DZcZXnQwQat+FSuSKr9QqUs#b1^E^oppHY=EW{J*Cd_;k~=2YiH}N
zwm^JWhnwm3SRk|#z2aef8aYcP&rN%zr@vo#g}DVz?5$UK$B?3EPX4V6q2!tgYpfrS
zALnJDl~xkD={MuUTe5mw&@SHoy-zN`8{cmpFol=QmadI5!a~-mTKVK`!I+G1mbF_$
zd9Jqi-AcAcKXZ+eZZj8eI5C}Am1^*l{T%?U<J#2~3p?cJ^x6RfIb_@>Z3u)5Nax%r
zjQN_W4#pwfxv|+-rb6qJ80@Al<z>q|8j#yk#a(aVa0`xOHnWJa4Le$%iLzAIyF*on
zz6rMA-euO)xzo4jQxiUma{RLC)D~f&etxzq=aEE3i5|Z2a<Q1X2!|Qn@>-#6eYdKl
zEds_f0g<#q(|ufTvB}?CF?*vJ&9?>Nvvj6obhd*#?twIWD?^AT>S!Dy>z|ZOez(e(
zKgNfwz}cKbT4q5Va15tIE3!ej=y+>>9Js1oK6@B(=1WIDVQKY4(03}r_o_4?z&MHL
z7~boTO+T(0*5=)0g{2p|`%Il0A6IdGz|{kCV$Q|tR(Oean=b=+j?eXmhwF4(YtG;!
z<fkl8<g$VcR<O<bvTzq3Du0Ok3Z<gH>Ik$pn|6o21SnJG(ZVAy^T9$L$$Yg#0ljaP
z!9E6Yql+can4!jd8zZlDi}rC5J6Mm)B2|4R1ZeA0r>$^b7DdJ+`rCFASc(M!$?;VR
zT__&;JiHzg{wz8{fbF{bnSGC$ejb3z@8<fWer}nfYueTK?Bvn&{XDD;7coINwsJp3
z7Xn|%BlcEb@F~=!hh!ji8L)UE4cX4<dDTY}@KyKYCnShKB`_1M?L9@6njNB5JG54V
z>Q^6eHrRu6H7I$FL*Y9FK$}w-?fPk$-@S?#dFw4I2wxM>v(a=mPG+M#JV(h87gU<B
zx?8@rDSP+ff)#p2+iS1Q(%`p$l#em?ARSCYFPVvJQ_QfHv8@gF+d}c(b;~_xB;Ume
zcRTE(nZezvc}s=E!9^N2Bl=HlPgbLF&N$9+Ua7LrU@y+CEqqAKPvy0Nb9i<9fd1BR
zlHcw4Vm8j{M>w+Z8-u%^mO)GmsaoBFHfr~b^lU|_=P3^sjOH|qpmXzq*Z&FMcI6zg
z)-;YAvxYYhT3Q@b$m>ybkAy!)5WX^xG3hx=lWHVc!WSSN(J#|EFG<agvcu3-Ev(5o
zhBz*_8ZHy%!Mau)NGMpeJ|GYbH`y;ee4s{i$o3|;lrO+pQ@DbqaoI!jyZ)-Wi+vRT
z&B<56E3$e^?@MlQ;*~XMfNSoQ@d*<94Y(o*SCv>Srxf!HdHG@i0;%mp^635ZTrK-j
z#f!AEEV0{XPYwxoW(F)*GM%0Xduh=+fa?5g;Ftes;5Qc!olmC8^p!{hqRZ#&{1|j{
zRa`usS_Gm;%}q;03*+{uOK2^4W|q3x;W`cs!eaq;q9^xKCL>VFG1rZA1m#XMq+CC%
zwt^<|zy(|j{$wm_umh9jwuX+@ryI4n3G>g3d9IrRj$cv`H`+dW8DjWzS1Tnvv{4WP
zumNkO{^GX`ClXnsJLL{uGG-m`dwedOyq}x$D;W`!3msICghFe-C$oKGhi}r0bl^~&
znEcewn|mL#xjoC&{Ot+k1LiNOyoBp|68=7O(;1$axPV$OIn~_j4rzN#VCRv`rGy8l
z`{+<`&VMX{|7iLDgaaOT__oW%E}2WPK$CgU^@wz@ojqU7Yz54nORJYs3V73#)d;9;
ztj_EtMY)_)E89-$korwfO%%LmM>hDi+S@lZ)+r846fo>Z>+<Jn(SbDOhDvaf&OL4q
zW^t(Pk%JdIC50tHeBO)bikF6n(-es*jqy>h*xC-`BQu@(u)%{Fen0yr@o$*3D2~wO
zA%()$yWj^G+6egeI=@05w?seJn;HEl`l+TdgP-Km0N(0)wAblfYFB2_)#0<l^KbPs
zPN2jd_*);CX5QL44CmUr6`{L6rG14{<r4^p!>OiD#kGF==SHsl9ujD{InjGC5}Ld2
znxz$sa0$#?%4>Aeyv}{)AY@HN$NV@wS|d=#@6}u5TkAxyOd@S(mCzrqyF%T4@l^M)
z(%HOaeHy#+MS43nZ@!S!I`PnXHiU(`#C{gN=v%k0I74;k@w2PdNGD40S|s0dw<^P@
zr%&Ju4d9tm#C!7PxTy1S^j9Hr%xCge`$Lp|VykwMxV7??A)j2a>QiFAc(S8-eb1n+
z%FrAhN$Sa(do<W@8(Ux9&}0X~Qb<$V77=}=E5N1#Hanb~|Li|6FTCV;<eqAnYsl>*
zcR>ARw20z5?SwBfF+<+x{@mV`|IqUO&LgwL!$gl9xPuv^JD-(h4*}{(B)&zbkM;8^
zt=&U#?$oE_3ilqH#r|Ai6JJV71)$s;dQZk3uYqEFHTsjhseQ$>+4ytXTFEp5p>OEG
z=9O|9y=xgdb^i$f!ddZ6&h$Ko2@GGF&;|5QVe8&yKH_sg=YfS=ISdakza>$3;?vVU
zhb-ZsyBT**5x8d_i7w}HkpLk=@cK3!rq9SCAbz8y%conk82LPUOqxo=fIDY{^$_4`
zty5QBaT<vpoJu+;5bqII+@PQg`?INemd+I%dY8{r2+WGPZ)q%@u7D;8wMj-);tMjd
z@OvTHZ=FbU7{NKs0tSR|zK&p$B#%RJQ$q<f5kG^x2l0Eu`4)dvFDf%Xf<GX}OZ1|p
z6x~=SfI;vf98K!8m}JS>lIx`oC1&TM0UQdN$c*WcQGgNhxnYU5=vqqxb<~nKY;{TM
zJ2=QS1I|UZIMDpESjnS?kGH(?MPGYX=p?k-;@A6?{BnpIM?}Ua93Ho~q4#cp2mmpR
zqD<qMuA9=QzmoTTV+_M({f1!<-`sDH%Cujm+3?kT?<%Sj-wPi(TD`!vz4B;drEL0e
z<lma);g@sCCW-YLBYs(vCSkVnGSp{zP<gI}D(9#9^K&Wae^`;WhBLiu<=Dv9ppYRJ
z9k~zQsf}@JoIDk0tZoZspTdqINYr!c0@}+KOm2`v`S2jL27tAA>D;{R6n59{1JWb~
zXkWX#M}zV`p_(j+Aq8es)HkZ^&V`Hj>J$Ty2ON$t$0HQ@ehb2tFp-RE+gLlqA>Ez|
zcUj{YSRK#28H*Sp=V9sO3cRo)su$e6F*e)my==8;K#RThIP1|q3tLJh70QRjAF(EM
zOf(p$tVz9)J&FiLA)?1drXKpl>aGamsYOzxs^bnMpW@!1gz+c?-7Am4Sdbiq2kDI+
zPO@9AvLPKgmk%<<Xc^bfet7vk?4T$3<mRj+ss==~;@;GkPgTLSc(R%BUaOrt(#Jij
z@(P^$YVj_}t&^xk_u5-s`Cgvac6-NaG#)0hZZB?N06s(^g(%qoi=ZjXO4tEcXK0=L
z>%lurTmGs)(xKFp@f#C>(H)oV6WmC<<MUASXYK7UH^D6VSiFo6=p5z%$TCA0=AO^4
zbXTmQNiX@n1d>yBCX;9TJ7QF(d-PtUtt<Shg?yGGXov1?z<>QASDBWI@`~c{IdmcJ
zQM^FF3>jZE(B^n-$Ky${5Tl?-_NR^BR(-lG_ZZ>Io{gQpWDwh;J3u6xn@3VNVb4)%
z`n_%Zdpts!<PNhh=h|gn)dXJdtCcs~3%)T^(TmWM2K<r+=9RivOez+K9g<DZ<3JEM
z;%%nu;tv44|4+*`ANqi$Xm!+`V@-?SHr(Jj_nf|%{p}|#oAufaW<B$rL7xkT!)(XT
zal4;<n4My3?aT4-!iIt$W&iYelHx{|k(%L};rB;kp|4rOJOC3*4NM0oj?P-z%%XOg
zoP$O0?iWH%&fIvI=OGwSSt7VsUmUm*f957}VIE|?MnOJ9NaxkTGr|072Qxs7)VLoy
zg0>#XuVn6@WO7RCcHWc6h&OT0{2Nu7cm?Oe18Pp6<^p`S))vw~=g05wfeI^9w-Ly?
z#)hp#+7y}kxkK#OJqjEi-`NEW;5p)UPxl~4n$jooo0n_#-LHh6Rpjb@7-Q)3kNZSb
zFFclo@jhu;;@jxI2iabonyYu9T4gVZ#KRF2uk;9X8BqIs2obzzp?&Q`{Lx-o*Ck$6
zqxYgE>*S+zlHW|^<M@Y~li^e$g?ik)IK0F+WUSi+3Qg2qx^pG56*MM|ADJE48+@av
z@jDtxX1C9O^ERfI^SNW;W1ra3%P%*LDx%h7HZOqX)~*h7&R!>->@IV#Yvif=_nD&X
z?SY$G`4Uc{UE#$TH~99<M)Rhe6ZD|m>`|iqy(H|nG?v_4rBl2{E~WzJ1@G^P0{4iD
zhV4{+)2XCGg>onlJ|1zEU`!tDFmkG^JpwmP=&&K@CXftKE@Dz3rT?QE^&VuT3Ap78
z(!{K0;eOu^R#8c~eepsOd>tnx??HzK2A3~Qr9lmeNb{a(zPJ0aZ3{o--g*v$yA~x1
z@q=XY61&G$fJjJ(zTu4sm-&;$a;3_?CNp}Oa$DcJ4_uA$O0>_P=a|Cn2T5_H;IVze
zZ))#`pD_StdR(y5_Vgoyuk^hX!+Up%?x}kh1^0dfgyr{d9hlUCEp9TR>Bqp}ewzI&
z|7<?%j7x$>*{5^kLmfYH#Qi<Akr#;9i^ieb&N<4b&++${i+l{A<vl#%8?Ky{U`@=I
zF(af}{7|fMi%m%eC>>~-I{SjMj~uT|+NRxgP;79DJ*$TAfiw_3KEm95<_zQKU@VE)
z2a1cxe8Ib~XRnJ*4%!d|?+&IcSeP0?ZR&CP4mLkgLxfJn417W9iCsu9nRK{NsiWwH
zoll(Y8y^TJ8Np=aP(|7sNTQ?+qCs43DEOETN<bo^;jP($Y#Keg1rh|K_0lPVx9+3F
z7o8ix{5zI$%~FdHx@3;uh-t6Y3+zAlA8wSl@Pkk?Qn*HoA$L985lA~&AL1)vK$o>*
znxA;${vPwFZ&N2<7K%Kf4*M3qjb#d&oQwB=xc+hU_)NGA38-I)!v@hliuqsz3ERsy
z7IVv{?nV)^)SZ_C;BMf4dg1qOe2N&TXkv@~Iewnv<EDH0MJ=1gvR6xyJJgui1jg3|
zdgDqEGq7KAB3Ft+e&F7R#NnRQ>gi%!^nnu&j-VzFJR|bMqQw3ZT-WY>Y*9{<YTx4`
z?nr(7;q|!Z979is8+py|b$Uq)!9A%ESG(lpY>+e*V?0B^_3CP!bFz4Zf#!A_mOHHx
zoqhNKayTEJI2I5m_-~{68C<7NxPaT$x+$P?Euo`W$&Q|@Y4#`*J{*>Qe(p!y--99i
zO_1$Ian^*Ovd%Wl=enab{9bg9gOpjo?g+Z)$#cX=gKy&E39qDjsW5z~<Z__Cj8Qil
z{JnNMbYDW*fv~OnBC`-o=CM2Ak~5YxTsrMH&y7RZz{~m4*h7+^-Rxa88N#r`%oK8C
zKRJPiDMjZ~r~{Mk8DslI*-p>Q+#5kuIJYC|exmm0E%dyGpQW9<6(L-L%jh<+u}zSX
zS-UCD<zQxY@!?r-Kf0YvHf`Tz#BIL_xGfSn_*Jr;?XT6{<UAJR1l1GGekbp6*dh7s
z`s}jy;Xkdo9<H7NowmXJ+|7?`C;Ov7BzF&C5Wj`0W6V?5W<UEE?(b2Ona^Fc_iKni
z(6fE6qV9EVgO{c5ffrK4YH*~fQsv-cndg4$;&;0FdLMQ>4{4ZT=*(uBY<ajG7aZR(
zPK%vv`b^pSGjF$Z(D0M__xH0CuqSLa!fOst-0>{FxOs0`bAWXq@PUDJdPFJ#mlP#$
zCtTx2Iw#!HzcD&#)LlIs`_P{apnkL7^KJYwkcR{V5NtzVqFbo=Rx#<ZvxlJ+h~c9m
zDRL?~@Wk!T8#V{s7ZY9rpi}ZscI$B#O?J+%+NO|4!r}!Kf%wVA;&X8uqs7+G4eY;t
z-an61$8R>`Di&nB++;cFt;w34d9ps?ELf1$Ir7_w<Nh8#nafMVQLl<HSYO#G%#y~S
zL)|QPK7sh5JiU+p`M(ygb9-V1`)0fvb1S}0%r!xJAl9k}lf23~g84IY)4{NzmGHhc
z_JC@`HS^7HMD#elWww_NQH;l6cBE3872dwtC^LM|49tpco^Lp+O32qrZ@)^QqmM7r
zWO|C3PA}CSy$7u%vn9Qg5P%e-X$KIRKRp;m^yPu6l{nu?Mh3Th!j`5MiCFZ$DsfQ=
zKPQCMb746Q_CtQGFsH;tXyF*E?4X}!nj1$R@qah6d6f~@fa9_592%=X+gwlCtDy(<
z)D`}A8Xwq~BwJfL6Vi2O?H1fSHbC$3{ahZu$5k3DKaP5c*2jTd2+)p^Q5Em02R_Gi
z9-lqu>nXcQ8`q7a#M+~elXZ`TE1hF)V8woqw)Y?!k6y5aw3s$h+<YI@!Xgh;AfElE
zK3;NRIsn%_U0azxza5BKl1J~7rK@~^9xeDJ%4Wb%@N6elOzM&o0ch@}$SxhxoMcca
z9f-zzB9EBbxy22n`6@}ui7fvbiFYX~9-zxiyE*#O3~1(v+Acp%#oS5v%r`@P^#J-A
zy<hhy-aTuF%YqjbbfS2)#}{jtGD{>tNA=d}gC_UYf?EwI8tw1lHQe^?ZDf96kr>zP
zrfE`l*9e!Hp3O(FUopRe2kAHN_z!;rbT^lOQvzR;H30NV4V`e8Om!T*C(n?EB(yW`
z*NFqcQMmUuJ6dZrsV?^s;mYL_q(;~;d8_wb&KJ5}=?N;<l;rmke&*7ZcY1En*KRJI
zl*KTo?Lt0saeL|$4)EJ2Ucj|5_JYbl4v500V9X<gZ8vZqoCvFpsEp!Jc8pioY35Nc
z;dqe-n3Nczs-LaZW|N+=cnlikAx!Z1=|LHseOmA6t8cZ&L`@Xpjizf=j!66xtioYP
z!TWigZ=T_kH$E@!*w3*Lr{STESJ9A?izZQvHm2<U-9HI=a~>D^pz*3~^HCXLSBZ^x
ztLeD{l1=BlMMKTMmx%rcH2wTL(A-loNN$EmF86-(inlu7jZU&^HW+dEdQ=wiiAT>A
zeQ{miPh2=TXBT815xOm%43|0GzMW;@vvqj|BM$9ByJd0tTs`M%7|#Lqx8@I%bwVax
z=-C-1(1XAzYliP@cpGM0b<2d(z=Y*3(RiiVSpAL|mEO5K%H>fgrV;#@*qR+)+(|LI
zRh$(0{xe1oQTuFW#od<>87IYO>C_8{$b#F7o&8YZMLMkI=H_eGz!Q5g6ajPKPGKK)
zgNSf<_U<*GYCl92s*lxxn}uQIYUwN3__tBwBM0VrIZvt6d7xk=Q4F`$OQZdSSow?D
z_1qAt-~P+@_Ylq3{bkYPNp?z&=K<B!OXCrEWG~a9b9E9P#c}GD$DVQ}aL!5nCY0=0
zFY>-Og11t0=+mLxW6Y0Yf?WOl0ZgoR%XJg|z#)P>&^KuF0k<khS85dLaAO+cNBGW#
zitO}h(nW^c$Zs64313NiWF*CdtBOqGbD1=%lmFV{&SD>kf16Sa05EVCAK+job=1da
zL$K?ZC&_jT(tG}!nzt<`TP{_=#uX~5gV5V|#qrEtuzZv!r*dC0J7_>e(+@np<ss|^
zWovb*_2MlyLL66zmR&`3KJ58T-YD(g<p%b&nFyI8Lo0*=j;vh60=elA0msF+_*ubB
zXixlJCcous2E>;(h%Wd!FIi{RSY>u=qm4{^Ul3w(DK1~8#}30Y36_%1qu$NI^eM7)
zwUirs)kX2C@G}_d^GH!f9nH^@LpK<&-hjT>M9&=ZOQtDVFNViHW;*?V3^<eotFZ2c
zN1O4zt49|rMd(uF<FL$p7E7r!1wMVB4GHs$vn_j3unr$x@Y6dRtw)zi&(XfVOE(`q
z4#}He<Kd`x^UA4n1z^Q}<(55QCgt$C^#n=XT|15$s|~N7yfpU>1U^<jlUxUuXb+j{
zI;!$xBd^GFw-D6%`VE4(3)uqq%%A%qhBGGemPklq;0wQVs6I3-$}JY!-NKuNaMpI>
zx9`&ZJ*Y!z<65#?*f;oWXpiovH+q&5u$<3mB!dvbpwC>#-Y9j?bG+O?r$arqH4lqf
zNs-KB>i3(Kn=URs$xT4_VSkV8_HS6#8{nfsN7(PqjaqapE(}<`$%o>B*dq6iHA%kF
zFZEsI2N?SrT@}rqkE{A==|_lf0ojctRM*&>i2~z^Z96JltZbNybCR4V^3z`iy!%L3
zXkVFhYVnoik|;i_MM*lkbe$KS@r6gMeGWG(UhSO=FU-!%So#@xs8#gmwEgH*YtL}#
z5sw^qFjQbSO8;hVTURcV_-)?5t;*H9Eocdky^z|6d(!%Lk_-?9++mF%{Q$wI`}q5e
zR)3H75ED-kB%Ci}?o6G2G}C$PtY&yufX^O%6g$s*tr!ov-r%e+dNSSx2AJbF!M&f(
zRlOo>Ao57aJT{Vr*a&QLr)9%Qxv0)dv~M*ZtU~aszE=X|-Yq4#%T@GfNPulJvv1tk
zfE(0_S&V?QE97;x7L2bQ!z(0WUiyH!Qts9;LB4g%j-!{_QC;qd2(n4+0uBUhMOt?b
z*neW|+zl)OH9T4uAu&Sk;ec}v<j0K7HPGVNaVbI>IDxlu6GA1oFMp?3$1_EOd6Dv^
z*%pBtP}j668D?=a*Q@^d@%>4NQ;wi2Kpobe)svvLcs|30c~AvjNf%TpRO2E))Iat4
z_4hE4mby?Ilr<jPhH||I&9)D4okJ|Q=N?u`<D+MmjkSm<l|?0C-wy}a{S4J4DD4vO
zM3A^d1O)CYUoTGc)iSx%GX(EBF;iJQ2GS4wy4-O4PQ>pm6x0+sGcE_^^yYP#sBCGu
zF~I41?zJ3HF7tlqG?-!p7w8+I@-pM?i$V9nmU@_E&mu<xfn_D?AS^5CMqVt{39_v3
zku1ahA7fXNt;x+Qw?relAqd$2lHO6)8-70b_sDit-O5HHB2o}xou%g@@6;Fy)jl<t
zC279GNBi)-cJP+2QCWF7EUA}ztx{HRp_rx6Vc&P{60err8?s<X<VWG!mG8^U$yX`G
zeQXKupZy<Zx87Qy2L`kWogIXwvI36BiH6@p_V=LVDHvGzIX+~+$A|0z>7MN?k=XP(
zyyZyl32!@PBs6y=K8be%8LmyvDCt;rc-ZWA5TLyh(4$&#4jiTXjn}eJI||R2%+Oz_
z7Oer^YiuPCwn#+Z14AT$DJAQ=6!A@~Jj@ecmSCZXugy|0CJGo;dpA)6fp?Q-T+G%k
zr0dl>x`W*1L$^EnZsq6W*7pvir4Nd%;~G-?#Ezb~q??=QI$|})I)6%&==+YK3>Z)P
z1_f`!TkTZJ+0`M$Q5TR=?$Pa1b2llzjswCE?8WhJ%|kCda0=BhvD{M|6bXnzUL8eF
zJ2xS({OuoMdNW2{db95XX6<w4^DCqAyEZ{vkd8Yih7iFA;`f629T*>*iRVsDl=X;U
z=>=0c5Xl_uq6Ek#^MUX{>Ot?dM<PD&Uc)WN%QvH%>%E!~EU52XmE=k4sYY;CcL&{(
zvHhaQ`wZv72Dl#Md-o(ioiSZcu!#6@i@s6;RNVgl0@rD>G6m)*Kp8s=q|U!NwaHAY
zM49UZRdV0;qju|o$+?nb4YIvAVOfe(7zrPO=_8?Jk79oSRo_nFqhZqZ;4$j^M7L)K
zLC>RC)T!DtH-*pV{dXQ1eO-b=UfWC)kb7=NRe&!aKq{d+_2G@*>-kh%Wx*>tK3R=4
zn2>ns>C^c;|GXYEtZPuOP{KS(Z*3eU=Z3vqZ$dMe@Ao08@e2Nw&h~pmiQ3Ooo!oF0
zmpb(BINZevCVDI)kX0Ui!1oAS`(EH!t)y(B)bx89_C8VvGFoOJ2mm@j#lI5vR8Q!a
z{_6R)G}0GuiF*$O;@COZSTbf6@-;jb;I?$(cRY(KZ!y%q`hI9QRN>}&k;RS>MPquG
z>xGDzM^5DnM!0oP9Y*7OH-d^2kGQ@oKeV#Lkei-!;7Tt=yan;VC1w37=SL}eI7@qA
zk6C-WDg-(xjC)1J#C?^Tz<{~j(viAW<ecW1<4*8o2$kLekoEE1Z$z5k61`N$m&!S}
z49+6~6z?&`e&&SV5Z31KO`gAjDOMlmlV5QtN8I_$-lhYRfp0FKgs3U}Ji!F|{064q
zLrwC9roO_tH}gJyH$+$0pA0+6owrHhpwSnHo}Lef_2x-RB*VG;aJQ{S9(!|n;0f^=
z9_>|$uzqBP@H)g9NZ#3|P^?>VavGQdbNFjWNqfrkey8jG_C@o^TRl*n(w`|)$!GgI
z3O?v(Pjg06W#6+aU$XOsx}LF5{7`<9r~Nzb2j9#rlWoIX%0s8-M%q(0&YOMi7hxNS
zqN3@BkBka&sz0?1hs5ifCT><@@T2H(DtR~`0JJad=GOr7ed$a|zVr~2*09<Tn?CcW
zxRhOtMNj_9ah#Zud$O0Z;=-mt5r@g&F^&|`O6$Ec*`sdg&h@S6e_!J%?R;mbEs|^D
zS0jFFrQc&v@8Otc9p!JX$?Xo8_ZdOBObjC$FhKVR1Q#}i1wz(+cPBcNuoSxCY|&4R
zJLGDN@w?IJFMz*h9CDD!QRxm=+G;x6QHvtTyv+_%XB7GC(TH$^(@F-In}KH|KdbmI
zP;q~>?z4a9DKTLKxa@}LRd{H5v=b-Xdy6rzNgJyN;~Z(^z$80Gw9a=5K9zT~E)=1v
zKXqdspZ`G^0-eGqi3sEz5~7W#z5R*ygFwl>2MyTNNnXtyK)Wvecv^nb{Qgvd$`f44
zv3&Uni&?)lCVaZCp1K4zTj%K=g?V)L>AD%?{~>>#D(Puz89dwHVX{K3zkjgH;Y$cH
zcsEBEAQH3br$4Rz9-J~fvJX1S4n^W#B1U4%I8kW?Sofk6HIq@lB3tUj;TTWWtc~1D
zOCDQ$&Oup?xMe$!iCJLbIs6_gpBzw}UL|IUp*q8KF>2k9z+vhKFPSp+0mNnV<-nUV
ze9y?TsF6P+dp@RN*8@7e>iT)qdY8`OI1PO~<b=7Y%t`nxzSdyr=2PItN$+ypyY4I^
znUS~O_NYr&!X^;tPV0jil}(exGc`wTQ@(B1C(hGGk3XD@Ub!$=R~T+B%_!c{{S0xJ
zTu<+cIGbrP_WHHmTZ)JLU(abZ+t<{ef=`4me;uT`U#z{$-=Ff<M+m(Oo@n>NYsPf!
zy<dZKajT1<PymKBH$QK*-%#~?)XMgw+c%n`vWatm{Tp$-otU%l2hwBrM$_CT`--4-
z!V@~AIz(q2>2kcP$8$u!WUIubntd8owDL=@o;9UFd*wIS)#A7u%b9QmXoPlqEEM$n
z-0@_L9=4}h`K;}iCinQ2Yk^rot(P50r*o_nD`IDaO|ML;`rEL>;J#4Za7EquAh*Ir
z7VD>NFa$>YJ3$6O;2WrXupF)(zM3viMV~E&%aw%7by4c`Ze>gLBgZW6@@?DLfP1gc
zlK0!*DlCO_o@yykvhOtAFmAz7=g1jGyop);c`XbG^f$71i@!v21uT-TJ^p9i*;Jr~
zDDr*J*$gM{M-Q3GVUre?dHgI-Yt($*zdskx@8PU)S9ZeKW(YZi>!d3>XCa0kP192H
z%Xc&w?&A$6zK@c^buwQ1TBAC1RPI?sXny4wLjQ%Ho#At#@2RBLUHHCrOmMOID<!8*
z4&Tqt6Eo$gon{j-TWVHF-_s9*x{&d5S(Y&<=@U**|Ap(xfa^CPzDX}u!p4=3=IxM2
z2BYZxh+ALJz*YwKLogJI@@l6i<`OGQG*3RF(&vOyFNC)DTLI-qW*J{?;6Yf-b;QKa
zM!%*k$^A=E;-@5!Vd>}HnszmN0fz{nxQ*I9Ij0$)sC0T@inEtZ19YLpp|6K5IBcib
z!S5FS?6>u{w^Ka&vst?QO2C=606{ltzC*9D_C9rx*K^8$o;TU=aW2U$B@=D_jAWzn
zXjVRo5Mbv@qC|0z3ks%V6r$b4U6rua&ubjEoBYP*SL9ew-`nrBPQ-rHII`OeN<DSJ
z@xH2(Z~;#3*llvIJ)Gj+8MyMcjirizANwCGU!H-*6+Oq;zT~{m)UwRBZ=NWIN0BRC
z|J~MB%$NE?B-dYkSRkF0Cxx^E6COZyBkSNRbP_cr(cvS0u=iZrr~9GLL$n#IeG-|@
z5jr#XKH^L{E42U`H^wayua02!U>;CPgzM~V?7lWDF5$_3bWik&_}AUZ_q?iJhfv~d
zZe3*O8;2{Mt7ipe_AdV2U)PTvYYRj(6Y2rC3zz?qZqjp$Y*pKi790aqz4bdl#eNTf
z9V;i)OxP-UrBZcioG#i0%U3U$Y(n?8^Kg$bza9JDrp5R5z4iz=-P7Mtt@l9!x!<wl
z%H@OmWcn@aJepEb^ptZ<_L}QwG=j^98DBDOukkAAmt>Z(YtfR3hpfV9Y>`tgfU*s_
z9OR>cAmJQHPmM;_(Cw$>s+R29d7@O!2c)*}#`!*8CcG87U-#+OxSpek>T(q=nLw|l
z0qdN+j%pFB!JYdqBlfA?IrG4|2?tma9$Vb2DrIy4^1(9>z-E+Xf3f0z>hZuud|Pwu
z^!xXUSJN5?H>@KcCjexcOAg8$)%m1v(zciR-yTGY#|rKetMJhYKia&U)_10K_+4jy
z&dq$mi%R_G67v5V8QaBG+Y!DH?x7v{%_mepg6^pIX7O>QDt$#khx_}T`(SOiPv=tt
z;t+d#Lsd<obwu%s5PK0wJA7RM(=*F<8jYnhh56m(W+)WhJ15VQ95k&ujqibasGRd~
zyK5d)$UTH8#c>MgxM)&3_mekjPBo{_Im97q_s)G{>GYA~lf%237_@x8@!&5G`AJ8$
zWxSWvFs5ASNIx-99+sCnzvisKjPLw1+7?YU&q2dR6$HS`zSn}{<b4I|KE9*!6g@tY
z)Le-gIUt_S-yjUy*IvZyID^Ku7lQ2Q*{FVmekRV<oGg1>VTM!5=6?w8j|&(5OMv<U
z-;?-@=YE*Bx_XdS!<;9UEfg9`^!FnA-RGOP!NTzFMn!PMXD5d3_Z6nog(b(+rQr;)
z37!;Zg)`>1Oc7K|`1X+HmGKPrr>}&JkqLz;OUA`n6iK11k*8+XT#7gkZo8PKcAB2_
zY3--^PKc!(X?YY`^gWDp7|iU`xN!;k!OnZ~h(q`KHXx(Mmfd^quoo+>4+LvYV0hU$
zd*8{k_UhuHsN&TxO}TH7s0^#=#Veyz-2GOWYbNn@bAtyihMi*?WO0gnlQa}DJM25U
z3Q?ds+lArF+dOr!4hra@w;hknQ+)DvoAmW03^*C}$W_DaW|_Ue_pM<r3>C2Vy7?xH
z9{PJ$QRC5EIjHSyfqnfuw<R+4g6NFlUY#%9lmv#Te~-8O@3A!Eyk{a0U7bC0A6DJb
z-b=gI<L>7+ao<4NSy+3o^Fvs<_+TxYlUP6R@AQu}xnn+Ndvk9%WYIMs(Q~N=W#`;e
z@gRMR=y*fJEgEvS?emxd_IYL7!{R(Hv{xK<gPwc|xl5Uc`iej9eM>Uxim6nzcCVO!
zolhw1-9eIxRQoZEQE;+40aez^-Kk57hp*R$X59d8=axtd9BL)UlOE;ZkPllx)bG+s
zha5$;*zq&4n+?G3Xnspm(VA_x<=hJx26^(}_l2Ch?>uc@m0#R_K(?sxXQ`rl9%YX^
ze(^F7GVSDO`fapSyvhLh=NxpcCVvlA=AXm#*A3rDrw{OE$I}*<%2fSp7%GADyB_@>
zWCJvMEQHAEMjv<8xGX+=f=J=k1b#2BE)MUc-cv9aDeB15p}YgJD706J&tT1XX8CRT
z9FScH`&PyUIbfGIr1RBRypU@?L(@*lX)zaWfkANSj8bOTqY-)DPqlk*^2K@YjDZqj
z(t!w0?%ag~VWZZt{wiaW3L@!+{CKQ^;~Z*KFUa=;F<vd8LlSd_K+Zh*Z5C=D3mH+}
z5itN4SM*WRItiQKp!K~IfGBYCJR!dQs;)ikY+Mht+*i`)X1}fW(I&*58;s{ZPWP_t
zn|9X&aw3Ut5np4>J9e0a(upjgNj>^p1waK=^WF;jvvpK-eIB7pj+pNVUGGtDmCrNp
z-~kopYrRy7xk)F^PmSikN8i{@>WQ7ZJdj=zSH=I|X59eqqWcLQx`cMjy}m{$iUZV|
zCP%mul!g2>xU=j55KPL@M_Gb$E1o>Tz(8XBzS>5m?#X_<b>~*W#yv;t;oS;>h5Eq}
zck?p7;tv@L!tNYX+@5?Du7{Q}dMg+0(CsPq5Q%H<$e3!ugWvJ5DzfQyyc43{iIJ&6
zQpa}NEDv8x7!$v2{eI~L#4c<-t~BdY!B)3VY~WF^6Jh6qy?cqQR^yN^cnrwSu5)*1
zc?h4A)iCy`0QJU*w`sfN7qF@ihC`gR22P(x21Fi0%42+0PN(<@xt)@+Drk%i__Mz!
z0#1wdbOp;HTVhE72t^{6#WQh8i_izi*RA-%&+kS4dsxnn-HR!)vz2i&u1S4a(+qv(
z;w`vulLsqy`0*2>-O^9TuA-kObGY-yexpW>H|O51)xe0Wcc{+ej>&ua8xS5z<^(XY
zJzoc%^cD!cik@LPpz3)ZgR2lz9a`-^e)&Py!3|tE2@en^4VL;?Bq@ED-R6^7oLqok
zww;Z6V|1@U$04@xd}xg}bwxO6Zv*bz^G|cCR*a?PTieWEU)K5BMB43iZ!3hqg4CVs
zZC}pRVLJ<M?>5PspUMG#6mCUDSmiOiuR4DblBX9fiD=$axE5Ek5Fe!xqy3^3bnxD5
zcUst3_qskB5Ob$SYaN`%|FjR?H9%I2EUHn-f4<WkPp^76fRVA6>lh{-gY&lCe=Mi}
z$acyN!@X|_gdLW?G&g49QPDenwe*-#Orn1F?m8#(A{dUrD=(6I<R+f+Yj(81KrAKD
zhn=AJyTluSkD5#$R4ZP90=>2QB+0OmgJAK<E<&A+X|IOz&NxqHJF|(@<D2hMEPNin
z-l|Oa<=K){7I32#A9*lmP6!U5UvpQFNy&vums5why~^R;2u?)bugR??>f*J}JBSNT
zGf(n&;vHKKbic!N!<O%$;#DIo^c_Ca^hJcTJ6S6~%H3y+=~a9II7P)n3XbW!;J3A@
zz}LshCcZEYoc<DXumQ=1=+b)aispBq6dH%<j&o%6QSgO7n^j-^)_3d49C+sIR@c5w
zHLRSWV*~CrLa+)WsdDY7S&08fe$*M%p8isI1E?~Wnf~b%Vg;;jJuAkWiB(2`f&Rr>
z77hXmc8;5L!i8485|_I{;6C;0b^x&e{SfBfqr~r}J37C5|3rK}0T4Q8?Qw^^=L;_0
zc;yNN$Idl-R1IsTD?UfMr}H1RM7*oPR8`r`>v6PJ9M6R>s|%I6F$MXFb&lfm6l-lC
zDi^<mPIlkhmBofAEHIV6=8624V4jDi;DB|rdlOBR9$(jEllSYOJ>_5jsj&wrSbrY_
zEk7R?R&o1i={~8`Q{oMN1#W_gwhZlw#<XnX`SN(1OBMq1t`dERzgGg8=cFGW5d6H6
zzHScP`rA{2Y#c5d7oi$(bH}I=@!cyY?DE(-B7LIZL=La)PmgQ=J;G<#Q7-$L8CY_k
zJ7o7&SIWos7|9AOE`YIlU1=P>GBMhCjm4fWtZH$<yeHo7rxJ}m$LPJ|16Aej6r%KW
zqiR38Pi?5758}>Xh}b;7bb99alUPInARC<9bWd8l;%S8UN1`{u)^5kq%_F1?`sEcx
zmv0Q8E``oyQa}4j`aD*5NFQ2k3cZ@6wiFlrRwm`@^r=1cErTzI0xbab>|8lw8Mo4|
zsoj*|ppJ91>>OW#DSjF`I30lO7~YY1Km`%kUHeNqIJfe&$I4#Ip(VVx$yO2P=6P(N
z8oVzNJ5A8V*`n3lzP^3A35^uaeirUW%Q39~tW%ump$sd0-=4&aPGWIdpl1Ux0ltp}
z<a3v*2B70-sG<KJ`WuRtx7xkGc?j#6cezJYeC7)jp`^VQuxAy#<93~s5ZF?2%6+~$
z>a)FaPn<)GT!DB+-1TTYo+(fAPVOol_r*t&%DNB}MPV?!``&w303{&!knGyxEpL3H
zRv+xUec%6ED=&!wX+gkjj^DYmM5XT)N#q^OYwQp7+}Unw;``-V5k9Y$D$Ii1G{=W;
z6^FZv2%aFn9+~o`;{vP`Jw%G69R-$uiMlnYyCkH2^{^WW(4%ATDY$2SE@%^}E8Ea`
z$68E21L{;Q$b}-PcF+YMP!!dGcFgODW`4gmFS>N1LIJ+c$~(a$V8gF$=iP|VQ-1#Z
z{zT$Z?H%u}YY5d$NWoj5J8e(6f?}y>{Ts?T-;wUmW%YYZu>E`Wp)02IMV$bOEPv5t
zo41{pH6svlT1>r{`q4*1!eL^u%CmB&C&(5(mfohxu+4rO7gp+E|BK+T9Rd{nnzhPG
zYvacIA<$~dE0^mEQrI^N{unLQ2@1Hoc-@9>FWpn$U{%gQ)b*`Rb>~rPVtdRF;XJ&&
z2)NjOm36pbdYnBQ<PzA|GPK#IM<^_&;@v=Q&Yf<&%H_>^m(7oy#{tyR4qmf-Y_oVn
z_AF58`DRSzuq*Q92@~i&G!yV$21;gRRqX0vI^7eURRsug2CKDB-Tvl6^PEfk)PjA<
zMW8{azliKMcblU(VEn%N4S73en(*(w>(8a)iib3a>%CHPxX602R5Muc3;DL?o5%a>
zYnk5*>nBm?L|PZ{I&hh;ofA}#`94zIcjpB9x#nw(7R!w1GuUS~EzhgYEBV=Q@ToS6
z0(#^YfL7#I`}p1{nTwNJHD5~G*kKg>Qn!!1as(_J&3(VG8D+J27&2DH2I@@463myg
z?V94~m^cI(x~QM-rALIS*YZhjroEnNAm`rW{yDiNzEz`g_3{iBXAfgg?jewqo`G0C
z4;<80`e+9)j$IilbL1P80y@I(y4=SAtAd+S9kUVQ`jLRA`W18iRe+<V!x6<^iU$On
z&#E61<%DIM3vi3Sh}|n~M<1!M9!eGXvJ2h$;rO+r+QFf2g~yGOPG7sPC~Ez=v|ydh
zUU@`dlU%noIVjT_;r>eU6z%8O+#t9aVf4FZ{T@X`SDf#=?WSa-{d3`;9Psm562OMN
zYW}J~?>L`&%;sVanA)K`F{CC)_pLDf7j`ST@a|KyHcsBj&kLFjF3UGqWPWtZ&vIV7
z^xlIMZS80GNp}PZnX7ER;2Z$4`dp(<7xT5-6&e{a<lph!$`|DK<%R7PfaoX+@0uXu
z5Ti6D%e+8Y<IBT!j1Sts0CW<NMlBPweT?l!$4N3s>is&IK|6hQGeq4Y;TtEPh_OSH
zA~Jc*DtV&Lxwi%UvdJM<#N42HK>Wluihcfaf*A7|I2t~x96Mh#OKj2^xykc%6r3**
z)XVYvR(Dk&i+kl=mvOiE>!G-D<?p;viyjU$mtaS@!15guC>86#Sw5`7V8>J&#S$gr
zXCPht9$o}**zMueIkPGXKB-1?oZ%_3!)@qx@6*D2;^5tjJaS~YzTthDsT!)saH)>#
z&2^Fcboh#2oHI|+cKT2&cj%yO`*{pu<kHtLT>#nobYxrRcIJ(ORplJbtRsTak97v7
z95k>#7QknWQ?ngDE8K7h%?0yC4rag;-1>OE;X1p<O|r^YuI<Z(#6j|lhEG-G-C^)k
zUxXr@yAGg=HggwC4;(uwedKOW>}j42YHbjyfbbxU)1LmdHflQoryo*m0%*fy-1g`u
zAF_k`nao{e>m#zn2!=OrU4O3`CCmNszJncFR-SusK&p;@{VzxAJEne^JEqVhe`>>!
z`-t4VqC)Sd4BvVDD~Z3rFB}KOEx=*-`gq*Z&vB&qJ?_}%lvPG4^_BpcSPf9~9I4SE
zh-h5^cw6Us%Hb!0TBk0Er0pv((Crg-`M9u7-^`&wdf+mTLO-O!;zyV6c`E$U!Jct~
zZE?jg5$dnac~W4{k^Fqf-edFR7%JKY>F(*Z2gE(ANKJFv@e_dw_XZq6-N?ha`sA&!
z3!0};jNm?!h6f$|ixp}sg`1bO>hm;0k9W7Mv*vI}uN<2=X$8KYufyJx>?E(qpOpvA
zfV#BhwSp?sNZ+SR!(q)6X{>Kq#boka=K~sr^~Kh{$5H$ikzAmw2P)RozX{?9p{JVf
z-nP)4b4m0D8l&r_FJ<yc2@5$>osJjg{kcC0{nQ}udrgOjR|^EREsIbGFC%iCwd>Ij
zB?xW<+@Crzeh)~>-f@ITmd{b)KsXPgfBuX9u<0`&Cx<2RyI+&HTRjj7n8SDrqw>`}
z<4U;l#8Dvsn-DpD8;aGuG7l}YENz02S^^y?zJ{I>hl=Z=)n@oZ9FoMNI^LEFY~Sfv
z)dJ_HoZI$6<G$U_G9wAnIdqAd!#=Y%mRCTJr`iS#mT~6Z=5<1}1yohBuc#q_6ndvF
zA8eg~y?DD=s2DcqNb_-u2h~{0B-De)4lI>Rex8oqa~X|#ytJW`Fp?mNt7H&%51;1f
zdc~a?WMbt4M~92XuvwX;LDt)u*h?DadA@18166?~X0OyWU;Y-`*#xafyF=$bj-2lr
z{vJK}bcP(3b{&j*glHNDuZ=S7ICTfL8JszI94JwLFR`E0UeRbV3{&SJnW8~%Wrwuv
z+=$wLAuMXAE?T!aAS%i{%{{uJ<yx4A&F|?sxDk3@D{BY_ir^Z0u$vMX>N$&^NJ_0L
ziqHrKGlBPdC+pz)!PH1gb$T>#oHY(MVaMANxfd5Iln3wE${9RJCozS4@rv6q7;(of
zIh}(A?FSaFZ!{L1`>-YPvo>t+$NhjIl{gbc*^4_O=^lXH$8zX9xXg8LDz<%VTlHdo
z&n3y5o89w%MugU~uoiP3q>Hd<abb#v77#B-*1udbf6@{tSnGaC#1&jOQ0^B_l~`>F
zdGOpiWr=xTiS`v}i;r{};~5iJYoN^(ul+kG4)4m@SK4vAr1V6UA_|h?)9Om*waYCW
za#t3Seg_4{?;%W4^|>9<TSF-KAUekv)*F+HiHCW!9$Re=b<kr%r4J<H9AjLQKK_lu
z9&7!aWAOANc$p%bG8AjM(5TohlY7s;Ct8Mf1AVfh8IByLfa*#^@lpqZ3zcWUqHah@
zUDylfWCT^5@4~oRwPCVKx+*Kad8z?0p?ii4Ah6B2?w*UM4x4rI?5@)(y!DDJ7SmG^
zPwvMz%HGsDL9pjq*Oao<H94D47(YTjmAu3k@4@>Jv|$D=;u#HNTamB}weQZ~VlcHq
z|2%+vI4&vaBj`gx(EKXj!UQP3;;MH?%7&>FV2|{2W^x46*Q~iArLgISlthMmb2$+2
zSP5eN+3QdWWJHbiFrnhgL$0@}2=;5>Nx>=IkogQQs0WmP_Fu*Cu}$DslH<;Do)Q^e
zH%ayBz02n-A(}pz^$@4!%5lw5r%zIXn3D%M6{S81n$NDm>u?1OWZzd!uI9sKx$ZtO
zw+V9+Z{*jn&EDH+Usz)s_In8@2;AE47lyue)J5ovE4_tT$M7-e8Lr7!N4wr0p=h3(
zJ@sJHP40tpQx4Tmn3^ZR2C!%a3Sgr9+`OrMi}5tTqYG;|Nl&Gi!VLjK=sIbzLHIR<
z9ar4w`xf({yFMb`aF6%;L;5vh9Lp<epSPz#y!A^{<$8<Qga8A+UMkJzv$$u-;}(-s
z4o~J)6q=^fbb~5K(o~#;Quv-ID|lL0&UVoRfSuC&h(uo1KNlMEH_0=8VyTHD;Av@a
z(mG%?x-%z=K<So00WQS%H}U^H=t<L;oOUZ-jYsrucpC<|@F_>-02#j3)B<x`<AFsz
zDS$3l1)C>~^lCt}8P5}vE(mj|(Ckn_0h^8WX!(i^Kzg38$7$}2c7ZbpMK^|`31HuU
zk;$2_3gNMVG=22g;GXdF)Gc$&XC6>2qs~vzl0mQ<yz;^A345*2gP=;SLMmC6`Oe+t
zrnKHT-m2eF8AFkFaY*qwW^9*qv%w=1vSAqB67gEdy9l}-xok%k<{Gu|3H5uQM!HQm
z1#X=8IQ8qbI>S$F^S{Xeu==uFZXWjhcj=pZJyMJ~fPC-cFWbW9^ZD;DzM`p57q8rk
zAkGd0@wuR80QcI_i)3Gt3jZCgu2KeKXM_3R#d}ZQ;<JxeNQaeUpF6(nmtAS~;_s#Q
zdo(nl$Wt?MN0<Yp-lBD!)|<C4LMWAe2xDjc$V|D0nF8E3sBffY*h2BVyLwXi35!F?
zp7QA41TbK7^}X`h=6~k1!gE4|L=-BX;tM()5s-9~)Z%M}+3i(UGs}+0$!8tncE)($
zt|OTB*$AM`=3$Gh{>Fc)Ivj6){pNZg(Yc-^I}F%xuGFg;t#MMT&%L0t()o3P*V&}h
zBNF%3c@7H(uxJvvf^`>Qs8CbyiO-ab3o?7#ff&j3-I~J@|3-{F9<!>tH^$~vtUFHL
zx7z6*M(5*+yeIHXks(UrH|vkuwjC$rTo$I;yzem;kRWhTKXJMb5R&tiB(%0*QWy8X
z8*<9G7@dyPfkQ-82lPuEU6f8OkF)d%XWkgnHA0i$i|wZvpwLIQ8cj~XQs$RpD1fJH
zmPTF94O#zE1)z5PLXG#3ockTgK5U=U6IcC4_MVtC6ZPfUKzxVED-CY!#~;#LRcL*!
zUY~1oDpQFNyw@6;msfGEj@(c!lf{l;+&v?q?<ttyZ>%BHNR!jgWnQ+4+x4}EiXBNP
zP|%Z}-l8K<ZX!?<cSkQIZ?C2DyV6us%*RU)ZF+aL&l5gz-zxJGHWk45tgd4bp8UQ;
zdBs-RC~V_KyeF`$UIxt^kCecd03lFjv`kk!J)7<jz9RoM4TEpuOtxMA{P4^m4EPE{
z39Q=~&*AkkKE7_3ohjwme8<va5n0oBWpLT(k%b`U1^9DznS~#;2VDzz{8G7cea}3O
zeQDij&z3kBU~bHlO7QdBfBYUlH9|e2%y~}IH7^XHGdXv~#UzXPl3{=|Us5;e3kxk!
zM{_bRA8w~f>sKir)*65uc`T#z3qL+@Nx*_Ae5OSADU5cc0^U*)ym}DaT(m);5JvN~
zh*>#hcy4*z8UK<I`eKa5&MvUi-fbjXEC<e05l8prjaTS=aK4Y6h5WFIhmXK*rjDjK
zSa2(=OQ6#yNs#df>baby^%#WUJ;$5+6!@cGmJ*l9rA5!8cAjY&1)B~F3Bseh1+%=|
z#qdhUp<bDipp(Z*bgwDn!6b9XbDdgS`M8+L5jV);biVeb;{qkhfzO)b8$yH_W=U5`
z%7J*C3g@gH-+F9*&oO}^<n;Y>VAYLKa*bPVPk6D&c}n}e13^TGvc6A+9=h(Iz2Wpv
zpN056u&U(>&0*iit2*IThDYqwY5tC7?Z7eh)pPZDp$QfX=SNj9T~6}JfY@F*#9!Ju
zCeSF)rN>mhGhX6S*HdNiShZbCT%Q~Lo~roC)PCwQzwoDa#yW2$M4nE8VCpm5Y2R9&
zgA5)pD4H|+x$<l0hL}Du$oNu1i)MH7L`#E&zT&1B)ugGYRom&zA|P7@9Z=_@Lt_%N
z)EAjIsOlRVddS}I7?F*KWII&d6f93y%;>?$%911I4h>zq1k-NfdoIC_Nz4|%m39}#
zgT!s;OTCk=D`u``^9o)l(hb($3*2P0Rb$uHcu_&C<+I;qe_PD5K5h3HtIHHp;C{~a
zV`%(8e8QC+7wSsZ@)plH-Ey~`kKn;wdHlPq%~9`JBcb}45fHyeTr~lmA(!3bZEt5f
zr{|V{R|Ar8%lnV4^P~XM$*n!~bvVtVBxj;TsmQ${=@pQDB>E(D=hqi(s3QsBbeY3(
z71$oE$-rZTI7{Tb<@LZa1J9L?b5P0Bi2muBBQzvwlM3GYYTn`C1S4s*P;TJ!HH(qR
z7gL?+mqHPbFbXor2}axtw!lbR=C3pv^Ldb!>Bj$NQ9?94LZ=AXWQyv{3ST@2kidHC
z$fI>W(j94c!^R&A;CXxR)X_j%=W||F-n)LOQWxG%+*jKMlu9YZ8%%Ytc0KL+4N$tm
z`5a5zjlP4|0H3;W&=kLuL3=`7?<32`J9#<vP!-1t3(6zVVFs7UbFKc)Q5@j+<b6SP
zMS$4CL~uY?)A~b2r_9sQ{hhmy{rad&@Ovn>_{u!h9Pw~dm=W|o1V1+kh<&Ma)MQ*8
zhflJH$1#_G!!@BoebTrcQttcT=LvG0$M&=FvZJg3`^4;F%Di&<o*h4MFB{x-6^B&#
z`l+g>a|JO4OY~KosrPbECdK2cospfIv>X+iyS9}_Og$<t<^yC(9QoYvOs*xQp2A+o
z;$%?(tcBh)53lx0tP0*}aha<`r;04D)>Klcj{5^XXH#(eZ1UB|avEm?rWyirz7{~a
zeG}^}M25xn-b<Lr+f(><73n=)a%?}LGPL0W)BRX}9#y<`0&!8LPbtrmlv_iFHutV(
zfr&>%W)q$Ut3La{PL0p@oFhBOjv<yteqc<0!|TaYO~ae-BDVlv5soJ+eWgx`!HIKN
zPRZvNvmHO%8VP=n(K_dM<Qw;v9EP2mC)VHJ0?n|eRQLFC(%cz4kMV=O6*2fldWb>E
zy*5`j7@lIRm749gt6%c_Hz<gnRD9|c>mbYWqr;vDs@m~k&SNL+2&ifD*&+3^v?>5t
z$z(4D?aY?35ZKgH%TkTzeAa3c2K5$UWS?C599}2+)v`?0FLm$niM^1Z-*@e)y2Eto
zJjs0QGsn2&Ky#fg-V=4P<{rQBcHpJdtIN|oQg*PB4;zFS*cFvQXitLjOK{Y8L-6d~
zM;YkEZKu97;un%~g}o>+-G(`!?VHO=u;VACc^?d1Uz9uWRM5!!dsj~-ltil?2!~A2
zo1XAsTnwqs?U4q4vLMT2A?NS!aR&DwyK={#PcXWr3)4X@gw)64y*cq56`!10nEtu&
zeh=QJP5ZGE_g>L@^`KG=F`6v;AeCphx<B3z3u<qr#<-ogP|}X3exKV8DeFCY_ToH@
z$$Nz^e%=m8gGvuWOz&Ghi&=p*m&f}(;pWAr2ZXp{Z+VwK3CCYbRl4smLn3V6A+_4A
zy*vy7_ieaz0a095&Ni8J$1yr*9X`V<pq5!n%ro}h!QFItDq!U_)_bF)Y@?y4VqmvX
zN-^{c0Vpzf59t^Q9v417CmgxXR7@k$cSJFHBwGeED0&rJE-a7P;Pz$FQg-K5n7CE(
zZUde$Wa{dpp%U)A8gSK&o>*8#tEbFSv2`{4(C6<-qu<d3<P~BZxKUT7hKSpHJI)pO
zthArj+|~<!ON#bO^5~li>ys?lcZ*J#PCfn{C-AoG!(RGa<W9;@en;?oR5x{pq3?cf
zTTC%dSpvgU^0m8@TsOYb#2~Ja&XRLK6XTP~n#T@B5ZzN=oZA4Ms9!%6Oqa)(68hdZ
zz|tk&3x)Dt1GLN5V;^u2<JCvslcWT1F80T(1<KZ=wiq5;hJD2R?s6+f);%Or{C|x7
zIj&_-4m^zcTE!oqFM!E8<#B|3nS%De4IxiKvhEMB+vq}97v8()+)OfpLxihuv2^<x
zwuh%9`6~mJk@QNRt`q$T%WQG`gU!M<b00taYzp*&bK8M-j@_ky`uyO92wIB8#zZD?
zAL(|pGD^2ZVch|lIAl4G0%)LJ#TSllK#OpPueBjkuvfkiXgw8iCd>12Ii(>rI_h=u
zq#dbKeeYC%Q|9Ce3Vi(mg6K<ZkGE;>5|-K74-Sc2Fo$DFQy;Pbs(5%(wS4z~5Pv)E
zGYqablRORuuZg&C&}Yo;-KV<HP_0!rUYz-P_<k?<IvurLAp<UoICt)&T0lbA<Q8i;
z!#yGRn8J;AW$@HXB-cOF?(^v*M)D&g2t$JW8P(Sn#00x9m|j!+1hkLtFrN|Cb08JZ
z5jr(h>)%vq`N%m9U@r5>oloC5CGQX+@5hH4=N$IB*f3q!&Y}72_Nxi_ed&??uEXu-
z)<=E6`G9+AFD4KPzi=vua!Oc7nTh)rwXuA<`J0zU0vq>i9ub!0IiyzC9@_=H=Q5Y4
z5kyn7`9-4*=FRJE9;8J@rW`pF^)m9UGyKpdzJ&b^l)~dSaG__wBu;U;6cpWB#*<y8
zNA}LHR`MtF?Ju59jV!^OsYgr@-}R!Ki3wHpaQMq+%Q0WcF<G+!^w06i%j$RHE`4_A
z-fh>zUj!0Y|1|NkfkMA2XK-o3{ExKzdmWg99=0p?*`D{w4{t8O9RG?}yocpbBw9lq
zdt~vOYNj)`-^y94CK9olNt5dfo!7DWQgr5)aNeN$+@u|eG)_R`5r`uszC`*SV~($?
zmWfe|)FUf?3h!vu_9#t|EJUxkOFhU&FGgYFa5wU!vuW>AC_T_JYy95X*AHkG;|a(N
z2KL*goR4@$bgAZHPY$TQg8y1bEpF!%#N*?7A*6fZAZtK5d~4_c-}`V<x?S7B2Oj|a
zDrS5i0GTGxeeBA#XcOuTimIK5bN8`34#9`u>8{~0a?huC@xWtMI1*U*oi*){wBkt{
za5*n4qdQoA>oez}5h8OT^S0ZC`Y5U7XeJED#h1A<=KtUD|G)j8|MUNOhvWbHfBip$
z{_iOIfBirH&;R>BwR~*1bUpV>n?7cC*hB*!9#Gs*mV|qllJAD&<DZ-k>r6j|4}P9Z
zfWNMXntf67RMTfYNKGyaWEu2j9l=biISvVs@(o&j(z?;Mzi81<PE>yyEzma)p`${*
z)wg0A6>!^a^`xTkil48RqBB$6cGx#?4CA*!)K9gw^EYD3LL`>qY+Ab*#GgV$6qw&V
zb?d&fhaqtC+&<qLNL4fV)URgKZ`^eDW&S^B#Kq<2Bi{;DZhjBZS~+oiIwU?MX9Rfk
z8|alApf4vX*1=yhO20E{ovH2p^8<-wUqp`OnT9@i4&Nc$Pnn<}V&&|+Iidr{&iDhM
zq00mME4u!Ut$6kjzgz#OKGs0x3wzCx;6BGN@|_-5^m_&NVv`37UQzMRHRcp0iG^S9
z==ZvQ=?Y{T5B^zM9b%{(%w#lMg$F+mN)2F(A}+W6X7q~Va2^eOM2PkJ<8MDc)bEw=
zbFLk#a+?3agg%2e0d9+h)TGOnatn`?NQiu!`KO94`Uqam;<JQD<#Ea%AM5wp@FxKW
z$j)+5@K3Oq*Ij2XNO^Xn;dD5@zm);g>-yb3Wmf1DaoYk)-3+XLs#N`6Jw2-$$)6$l
zO(m1Rb!gMqz3JRDc*0N;AJGWFilz-Kme1JOIWN}+IWFDL3tWDM1pf~!?zXS5ZF(qm
zh5mN=y^kkX)3RsY6MkR9hVidFc<q=$91S~T{cr}uHR9^8;x@mQ;QT)%;$~W^ciV4I
z4U6pGwGX|7tE<wVw1YVe%6tFtKm!b)>yvSpryp&bL0)sa8?*CE2=VtCmE<thg+;u8
z!#h5We=j?qLO<}Z^$O_c@EbIMyg?ba11Gzad+=*XBBK`R``Yg*{poc2dlx5OIQk^5
z4&suZqGTQZ`z88u%Fm*IBW+6d-s#ILdjV=sYksy<YiG__6~IHd*J1R~&jk5<p@Ztf
zY^~>(-cU;6|DTEVpJ_Z#XybY8Nbl+RP*%yM(02KtF6bzIGb#7w@DpN;>>U+9$25L#
z1#BR?aaMu4+Z~@hC-g2D{wZIEWn+~jx?Sp1kMRuO+ZdYhZ+Fp;-E+(FPQLVuk}+RR
z=VyQa_h`9bD0t+zx!)elFY4O#nBy`1dqFHe&o;fEiOV@qMK?-8j~ZB1(tZ+wm82&x
zi`i@m-U`&8N;JRclO5+=90sQD>hqaS;nmx)4mR`Wq&{EzP;mj9{mb<x@_7W`6fYOp
z-jkoGAb(Q7HGB&0=`#JPc=~(D)#TIMN)bH__4qGSrq1U)k0<_zmEqHHmJY(yzHH-N
z!%W8>fm;9Uf$5&SQ$fzu$&Yaq4#f5NIg|T)QWCz!yI}#6(X$cD=$72xXAf3f8~OXp
zp3yVXEC{q{>ADZIheJjZpNsu|a=IerL4a?Q^VCDG`P+~AcMd{5m#*Ii74;o;9}{7S
z2~cC}yDop50yhjTUQ+|Lxp@23Ja+hq#QI{~oV+++NokUftRj#~Tx9<3`ucn6|C76z
z&91r4JX{$&=FFBcFNS@pz<&;yVe+K(AdD**S7eIhhEhm*Y0S6kPk^AuS@PB*(HyG_
zzn$}c5B`XO%eKv7JQ{fb+v!+BC6R}@wrml${|V_d2DrWsiptru$_3GSjp$xTKE_s;
z)?dKzLzyU<XA5Tc_q@{Y>5%|o;9luWF}*feM>p{HY?Q|fs?eX0X#7b)8TPJ7mPiMy
zW>ME!zfKa$@S+*^7`5`WDr=mkRJ9y~_&r04ziojl6VT-DXN09&33`>vKC|X_N=e!c
z-9z<vTvpDhwKUmsmlhYg$ct%B7Fn}R9S1ej&-bQIz&(O_Cg*oY@#iOx?YhX+)chF=
z$fwCzg;w6KxRCD^rHp%o$lnvY%^IHvNF<TM5%P{k+v}yuOz`L|-GfYA=#$^n#WI&*
z{rv2|jXAQMU2S#m-0h+{z*;dB@;O2_f7Q4dR2YIhe|~zaN8o^3k~`CscYRbhjB8-;
zA?&y?LBh1Ew{AE1@Hh1R^V9#X73|lC5tF!giXH8S1<Rf5yZ2Mg3N`^^`o?rboc~0d
z+H;iSDr(E8Gtw>`b;R%GB?%u=oGKGqk@J2pT;jlihMyx4|Dm9|{@MN3_HF%)%#T%V
zp2rAo3N<P#1}(8}TG>tidujc1@jIA(K6|!OL$=%axsMUwk)5jxei@J~S&p!v;VHhq
zH}mj!MIzn>rSU7f67T>p@~6A$?S~KU2Z#j(&!CRWL|rK0zbnIADAF%8pIgwu2{&<Y
zqwp*OuqW#tD*|<i9EO%MrX~Ab<M~~Nqd2ba`Jfw2uT%6wI6HV;J5El;U{G4Tcm*EO
zy;1l-l+A(zc8e8Aug5^}(l=I~#TaFQZGDl(LRtY?XdGJz=|3t}zsDMQQ%=gUUM-2L
zlm^6?#l0WEJAj1ENccVwVdqqlljPr(65JEAcH|E6#JSa729tZ!&z?~2d~sUZCYq|w
zp1kksU{L&$$HU*HlDoK7FIV@#h1PVdwt3&fC%RIJ=N#X{mY%y0nssW_nOg_`=8|GN
zFyz$~2YDj2+HDQu+pMbsqaZ%x1(WBRZc@<8CH4#R;P2{6kMBv^2u=frX_j|e(nqeN
z&@msk;f7w5;ayzp>HcmK@Siy@E{Fo<ah>JGmc%|;+aV8b__R#kgtD{=41gmhD-n7}
ze>U-c7i1Lo2v2=pS^w&Iz*2U-Jl*1va}{Y|KVgl1H^uu>OqZIb{Eansx9P4G%Q5%)
ztZSF?PC!^el*2tL78U6GDTB3`$#`*{U+e^b*KiWMcJA)^BnPO*I`H$3Y#N!e(sM98
z5M%19Nx17bD9t0e8O?u2VST`9s*iqp_BR6`(E=39V`%#_`8~nRmtN|UoTz*^jD&uc
zh4FXUhiyf#MS0O-xCJksp%Gi?`6kW~_>>aWKJ@A8Dj}u==p@shfEfNgouzzpw;m`!
z%Zu*g9kPO(k*L636897*q+7FDXInC)#!pQ3AC;nmp^X<uZ7OkxU32H6DqNv3Vdq_b
z0eLF$(@LAJZYH{=i8DOHe?C()h$IgUe%q01RrhZ5SAXRZnlpH{_Rg$Pv0>!J7l__x
z`Bl9CU0b?FwV2$skQ;88e9q<ioK<;_nnE0BXeTCu<L|8Kxi<AqYJ4IpzWjHGMD%h6
zF6F(7h@T6lQY1N{WOe!VFv8wREPB!VVMskM-tsRlO24a74mp$c&Fpzxmeb7lUOjb<
zPRyg^T`$f8LJj480Wk~0*6t9*C1$lR!T)&zYtbzlD3Ze%Tos`<xN3}-eM74A$P{3n
zZ@Gvxc%APk{A{)ShwXPp9Gt><_ehP0na`uxu&Ht%Vm+nWQ|+x2b5S<l3s6}qAn?J<
ztm*T2jkBaB7BRT@Ml}?OZV<E&zUyN*5Skm602S8k?)s4me+c5|ll|_H_-Au+(e%N|
zSVoMjjQ4ISFYqp%ITa;d=I1)x)yJUV5fej7gjLJX1BLmwt3{N_i*UWGq6(}m0)b9D
z)jXgF+I>mHxTq~k`W;&g-1(KK=y#0_&M@tez}9>P|N4Lr2#uz+=)m=>1Kpqd*Uljy
z1#&!q2Ia&xI?;uhFXrgqmEU_T1}}7G97Dh1p*B)Do(G${2j*p*`$&n$F{NGpY$$$l
zd-`2fBQn7EU%{UGA{@y-1kAIT>uoRJe2VapkqVqnw{UbM8;>x24vgO{>JZ!qP5xe0
z_Awd5eeVoy<Q_T_>rIh?4zuz3=mya@bDY&9VJ{nr|BR5o>u~B9g<-F9c^PM8CtyLe
zJIjGe^4Mm6f6&>w=d(bg*(puJ6rcQ@fiN`hA-NiVn)l$z>S)?o8cCO13HM;&y=OL5
zPe%JeV|zL26UzwSDoviB!%+0Qa<_8z^!5u)5AOtj!we6`)ltcvj`SMH5fo?XN$=7F
zz-gW2@BV?TbZtJ$84t;5{T(@5w{MBugyhTqcsSWT3eE-K7)Jw4Bq0F&9Jo5yXxNkL
z_cQ*EF9G^*Y`$hbcdHr%v18b-w~gXlIiu8KsE3@>p(cgpj9G%#!lRQDFT7o_nNw(!
z@psMmGZ(dpZarg<1h-?hLKyU;*;;qoZs)eE-f!DK*DjpuU$qDNT^&5e6lVCs{Y6F-
z_%}uaLRd{jv^S;d6SCrQac&OTyZLRR*ZSu>YpA50H}^{9`*}D2%<shO3J(`R!Nocm
zkSZ!Q4=;dX@tpW-6<&t#TMTUEqeb>}UY>r}6Wcd3&dNh7+$noZH*$Af-jmNNT98$P
z*NP~3X84{V<hHUsVt9Qbi~B)szcq3c`QH7Ld7c|CW?L6FMq1-xJE*gJM83@ytWO)<
z0B?PM>bZeReS`Fu5Fh=nK;~R^&M}~eD}apZ7CUChvGIGi{A7HvKuX&T?V7xRdony{
z&AmFMmKC&aowC&v)AD#~|1Ca$JCol#g3|zZ3_}&<MAcCT8NMsmD~Ab6nhP=9Pbeqt
z&$*4?=w^;I<~LMcp|Gmuz44j-|Fhl7qdlqdj@AT~%^)zY-zIaN&x96)%FJ9M?&!sJ
zJbO57<$sXCSm-M!mD$gEsZ49DUg+cFRi}YAkEWzvEs{3m)lZ2v|6@w!XGFSz=e}2F
zhw|%hADO!yss)Sf^stUnnrY-+@}=RmS;Sk(4~+9>FnsFW`6$iQT)GDkudAH$zejB!
zjj;qslVT*0S~@+4`}$ts$78iiEK~P#p<{*Dp)QvG)w$r`b<z4Zr!HlGLezV2#bm#;
z(#zl;SAv9bl?;LA;l3<Fb#oYVYxPF2BEQChtB(o4i%3<Ii!9gv?$xw#<yuR9M(`(~
z;iJwk(j8A(u==9aS-Pam7VI<Y#~bt)U*zAF)G63|?Ho8-8W>>F4t?~C%vz(%d_e9t
z>Se}vkI_pjfGiPbqP~Sxzg&>3isvpC_}qs1I>bGKe^)U;;M+==S*|VXt9$@6+^if3
zA;|2qUz*3mugVk(TQ&a_c;Vl*S9r(b_{-uI^tn8}0~VCaxOMk^cZ_oDp>7i3exYQ?
zIZxPbBUG||9rGG|l-o7)<~#tKr}SECYtY{l8d)c+3|7gnc;^AoSh571Y`?-&a+9Jm
z`rt%OXG!9j3%}3>|E|{dplb#r=y<}z72noLp6Y$4eC}zy>#RV-L0`LDUH9H#tvl|J
zS4)f?MI6WdK|LLL2Yk0w?7o}9_-9{lEqjn|G`K}rM-F2ZHx*xU2tciV|H3w6A7c9k
ziEl6m|BPY3>${I+*KrU-!OEq*1qOQ_i$6r7EzMcyMq%(dQ=gUZSjeZVjWDr#wxNgu
z_7VSU-Dwur7J`ouTc>JP{Q2aw&Jyo;#X{Jn1CAecbQlPNeJ^(`s)vP6B;xv%-9Zig
zdCuiOCPFo(y6(=)7EStz%;nZW2mxVxs6X7dTYcMk=r$$1S0Q|@Nt3B^EL}o_>eJBd
zZ)cou(TtoIbn9Oo`A@!}oe$H&86Yk-PbF=J3{vaBC0jKx|9Y_dDLcNyFUQz_f9t<%
z$WpSgs!KSqPUjTic!#5N@U(*86B0H8n|MW&DkHwOk5-T=E6n2$kNusk_gRjYvH<RJ
zn>d_XSAa~e!Qb7<&gQR`rgX02IjmA=i}2qsXdgb4C8HVLr+uw>;ldjFPn7bz>TE}C
z&H(0|u!=_>+*Nh`p?scMx@c#qP(y01W<avS>F5E~E*w0TM9`mHCy?FSt8MHDX8K!U
zD~`N(Nr5%~)*O+tyRD-e?$Zn}+rGb=GwmRJJ#zAVRu6PiTDcF?Z4vzW?f<S*<95(F
zosY2-o)W?<=K*1T3=Rknq-pbKAme@1Z-A293*3i`_tOH5t91lG4%u1z=A6#CYaLST
zR7InPRB$%`#;Me|ZZ6#R_fE?OK=d4JFq&~`fT#%Wuu%04c;5jURde%CB=ftneWlN*
z^c<1WpRRX>&clmtP85od;$g$y!*W7D=}+ygdwQooVT@&)^O*EYYn-=IEe(#{DtvhI
zQN|R#S8vUcliq)i=3j?K9~}MS9CDys3iP8E=aZRf(EXgjnyrF&jv1~e_0L=IyB1#d
z;@#!5e0qU7@S=t9iX<ni6@A`O3)ejYg&HqMcXobC9|g?_o(K9~xsJ3@uwcaM44}Ps
z*Wg}%89Y}A&k6tgErj>#JAupRUS5++`+4ZAjXmD(Fm#SnpW+a`oi03j=H7%~{Z08@
zJzufX@3TJAqQ@`JVX1eUPa^BXwbWs^@3f$z%kAp$q8Bqk5~#29o=6TPK*mT-^CtB!
zdBkqCiLbX1*?B+->NNjdcR&keKJz$1vJTd_n-V(-<M$NXI~WMV?z0P#c4EOFW1RfO
zQssBOeJ*M|<P)nSbWA&U>#KLUmu8#F-j@LTn8$sHXqF-lozgRO>O73n8_UUEJz_WL
zQ9_u_S&?_J>QpkkpyecC$b%d6XSJ|66V%8F06Up0%;+A^G(Nzo@R?H2!350_Ei_n9
zCONpjx_I)tLVq3rr1rh;b2H)7^SZjIXnwx_Lk)-E)qJ<Gf@XHoAyhDX@vOji_6a+Y
z_O4OWrNkEN8-Ul=0vG48-441NbgB15{k^^u^F6v$C}TVDAtI>zEeU3Ws!#zSl@y@a
z0a(f-s1qT-_X~d4^tTv!CeiA6obv)X-Os1m(>xp`-8<v-Lx(smg9TGY_KAKWi?+k0
z%bfEtb<p}mZeGx)I(C&Sd1Xu!Zyi(V?@pZ@vcI=dPVH^2dEr-F<i(9@n+zH`kN@2p
zEdY5UX+@8rv3J_a)t@uH^1BNVImCu3JcdU6iRgZwMn=lYpIFu6NutfHi)|ZqgQR$f
z5O?7;lEZ^iJnNfa{f(`nr{!Hq?YqQt=)LGi8*mJV&E4hR4EY}_vM}y<@as@?JXD25
za8_0`Bel#=ESiE#teT3jZf#zPU$sj4kG_HK-FN60D_(drx_OyfXO}u;GUL+_y2VGX
z2PO=Y!&1E<VRs6Nz2V62D2k$yoO6U@Yw6{o4-javF>g1lVw-^7W(EVzzma7(?{W%(
z2rhf<4HJTRUz(pgeL~WR!1<-C;nVT1Vv<bl&-?Pb(-2v1rc^Pf;(E51q+>;faFi3e
zuG?Ha06Rd$zi`lFxJNzeO0NvzEmE*!`SQi0raxZhe6hmna$%i0v+tC1XQ~uNk(~SK
zSJP?GGK)Xwpe)LpGljO8xZCYu$BScZ{J@p);p3yL$2voh+UepXnEtGx$bX1<@>+em
z!@~GzO$$}M>yy-U1j;kKWZhvRy-{}hkX?#va3+Tk1nzrvj{_jirPKG;^$zZ}F^Ksl
ze$#8WFOp+>n3=+ZPg}g%hW`WahB*>SNEnz7kVyH!GKswx(c1?v&DkAVGt`UGLyUIh
zXO{Wh%{Y{ee$MJNrtUwA`|jUNTh4k{^QY@|?4C!!Iba<WL0@L3yy&Me=^?N%yft5c
z<#rRO&L#7xu99zV-5*sq^7lwu-T7}??*Tgf6OSb|NUV()gND7_dJ)O)>CaR$>Ae-a
z_Yxw2P>|xKsCVOk&MwM-^gm|$R>rX#053jFiGZ8YdoE$KigRqVMenGld~$VJ$_}Rn
zC7h98hDL2MNe|sT@F`38xfiFq=l$dyI|5zT_oHisWV2#<4_%A!_!F1Bz%)3)8F(KK
zzu2?IX<#N?tjgIB{Huo?fc!*N%L*`2epRUCcgG|{9>0(&3fhgqdf&Al)4*Aig6a!o
z`1#k|N&~oY0SXc-Ebywul^Au@8xP?*tCpoYbDYQeKb7gVhb2MChmbm7fLG=;Pi*#{
z6W|elJ2-@DPV2+LbvX859j<FyqXNKpZoiwXHy@Pmrqn(4lA_=*J}19>EHE3WpEx%i
zwXUd0SGa`JdT>>C`KH6hjZtBh5n-%U1e4D(Ax6Gxe5Zrupd=Uo(fip**)4gRUJ%wf
z7w-E86`?s#QfS@%guM-nul_xWii@Yg+VX%p<&CmXn!8m7wRhdE@`CKmT_Hk|gYJp$
z@^g+$|3eWiw=YqjZOfI*QMOEiW?jeHTSC%@`_W5nT;(x4k=b%W!ehet<WyyM9<!{8
z&x3rj0jRbo#?7i8JHM>(4y)dC&uvej7b}~bKUc;}b^g}u0t8$*V~3%WKjCut7tc1f
zSA)HRs7bNR-%TIyy!Gv`$j|rlyBYvse((KfS(5%q5Q1ub;w|F$kjlcANgebTJ>56t
zY~<y=={;+8qr@?!v-*l3i%sj3{Gy8i&$)#U`1KOovNwme0>Pm|+VfDsX}K~PMSm}d
zCw_8Deu3?=Vf$>|7a@tk!up&$9L;ogKzGkB#sOW7r1+Js^mpe+`G8D?E6I^U7^}?)
z2uOFhz<QLIj9c%i&Q^I5BC?L3yEn=o3eDI$2|M;OP>DR=<^`wTLzL=me<()do5uTQ
zO=}2wN`mihr`$N%8h9}R{+?OSn>SNk3i+)6^95h%jBi)Nz$CgYgFym!cPv^GX#h|C
zVh8%WSJbS+Iq!nrrL=Pj8}J?X$CRqX*iMT&1iTL~#A{?&c4{KhP~sa2-&$_(N7igB
z=u;}&mtplx)jM#yhp(TP6Q(s%lKJ|a)p9JY7~MMTEJ^i0_}%+^=cE<^bhN+G&ZTo(
z5XaAQcs33mc=(L)pf1PDHozIb>J0k3yL7NGU3PZ@iMl$EKIFoj{KPct!p?0w-2G3#
za0Syn3BXI-nMBwh!U^2sI&jYMx@TX2R74J8=+W7C#$MK&J(~c;XXTUrtM_s=J5f$j
zcC?6A|2?UC=Zkolh_~A0>cJ4f)2<eYapZCq<k`_MPrJfZ^#b3*&-e7ZALVue+CrAJ
zsN?k3h()zWI{SlQywOCOb;u@LcUi?#*y?m`q<)$n5#mcSdo*@Aa_pP2TNOuL%TYi1
zn5V><aBvxnxz$n&_Z~M7Iwyr6XwX<B_}d`Ns{FAm`5aAe;g%WXZReMc@+yP$-n>L$
ztKasW&LJ`6`uV1Qcd#xb@6K|wSeDs2?=iy==~UpOxcSiUr@i8GKY`x#8&*wvK;AhZ
z|7R{q87-?y8RvxT<3Ed}+p_+si;UkrPVZip9!Y_+Qa|%B>Vdm!d{0UhB3>=|TNE|Y
zWYNRW`5O%&nmR-W`lJg~tsoY8<A(MI`@Kr7t@U%#Pk;Bk#?X5{2JP|?Sn<ae(e+@p
z11~|*9%#}{Jh!9*A_xpM@?02MTC_W0L~S;PYIPo9vc{v2Z3OojdNATDnv!=$KQf19
z6$FI(NH@db#HHHzZSX|7$e+0Bh2_g~`>>p)4z5qa=Z34F%TjJ7Iayi+@8(=7DZcOK
zT={vjes{@~*cb7R<>?pF4eEh<9yzK5eq3PVl$QI^+i6^;!#H`JHY(9HS_ArQSPC@F
zgSgdp@6<JZJPN`hr`a0acim}_D_;6phogDvOJf7(*?A49zfJYj^S2fjE5E?4h<haA
z=H-WHu6|Btxwuy=3cq=|vb%@STe?Zx0)EYG>+ilA=Rw;Z=`o@>>QHDGNJ-H~DawQP
zBpX;?$BGFQSCPKC$3I(?5k6?&d=#7kca|4Z)eeCMpwta1N!?2cL01sF+>FU`<dd_j
zTmq=ENPVb?UQR87n27&j^0p(`>II@BhN{tkrY#p=1VuMo(1dEsYaIRpwK`h!Y4e}B
z>USp&ob`PB@Vi{4oF-UT4BbWo_JI_TdIZ34BW+*6CgievfgZN3^!4SJ*J!vq*-0)n
z$^rnn>h+cAv5n}5F=e~nQABf@kkfqM^<&8h>N2oFWOc89dU>Ab{5?7N*_#vA+}L_w
zX$|K)SIZBARQ6st+MI>Noa0SbgYUUTKiSOh-ko~+y7SG0Fgj3=KZdw!tlSfhH!m(x
z^$iX>SFczc_TqcU=M1it>3Qi)rYGlKd8zeG`O8(7x3)sf8~jY%PZ(T2Ys3fSz1id<
z)Hr%x9>a$&k^7-I)+E7z`7@TS;2gja!%J>n=!>@}+3X@A@32THZW!}<r=gC<`)~}q
zKP7p7cl**?lnt-&&}Rua=v!e->kn-fvENfEpZI@*ucaL&?FTKm;!J-9?=2}Be(b&G
zI%bBK4Hys*578lKy)w7QH01y<ZWas4)VI|^l!c!a%JJ1j8waF>&D0g8`g>d7Z-jfE
zv`3UDSWodwR>O|>pe)O`z0?z({+Veh3vxl<Uop-8!$rB}tBJ^lGck@r&Cbxt6E9_T
z!o@v^y`@fY!9M-$r4jTMbC)}Fhif+ZrTDq5gnZFbO{#hM@uOAlq>kEoDgSgIH|8>~
zsp`AKU3eH=4)`+gL~8r8U<xw^{|`O(CAj$Fzhgl%nuAEr%mu>T+XoZ|s3^g0PUv|r
zalf!|ew{e`-BCOyGT1oM=aIf6%A)y+bJ8v!)o-asua6r5cCCK674u!FMdiNHa!>Es
zp0VVUI0=AGB{7-A=MYk=;Y1vkl7n*m->HLr^c^?>2_L|nP*I>IzRUfuiG|(7daM3^
zcV!$gxWo|1$GkG$0SB&(6H(On9HJrsJ2K%|=c^GHi0Dt9s^1lx<Ivx`fB%^=an8Vc
zPXcniT8yL2=A8l;>LYRBl&%Dhl*4Ijm#!=58pnal4KnWnY;#uvML40O$r1N+yP^$+
zmWCS1UbeJr7u7>LAI=%@xKmarcFkX4-#UBG-<480V#OKEdc3F4nd<<t0T$4bS`WFu
z_$H<$(`oNcm-^-XnN{sSHj$RZ=_Q=z$~p#0dB*xe0`5y1I0LfxJ^+h6?@(NP0g7!v
z!0d?aRX-%maST}R;k~n|Y>I(YYr%KtMf!(9PbtB>yM~s2Ht!98WT5Jtu8?B{Vgr0E
zeaGVcw9pTp%HN*ek9>5-0gH%AXT(-jTQzg1yM9&Hhsz&bmxIn#_Z;;{)PK$9+kb33
z8Eyd*!|c81NWOEi7YojC!6R>S@9IlKQb`Uo>RKt2aPBy0<joctC5}80p%_=bRd_Y5
zrs+=cTh@!Iw$(&<SHHN*e5S%Jh|2d93E6zatQHgHz2Lb{nREg-dddX<cC0%}3yAa?
z`bXdVwCahq?$!?7*pSV+S*La$ir|ZIL=s_sF$en(og$s7y`mwgeAmqc{jl~B_5RbX
z2N*m~uqtz5VNoh>t1xU2g90JJJQ$*|=Y0KORPV_^P*6HEasTc7ywgnEB8HoTSL{wT
zdlrSa7EW?#q7J?PDVyIAGBC$XutE5~ko&hF-e;XEc&vi+h`Py{#o=n=(|3w!jw(Rz
zV;fky=aE+D#$SCy``t^m=z>(eG<pj4E}D;C=8(X40=Rx25J6o3w6XsAe{a+U*GF$%
z3ad+8_B~|YmyWPi0uygo7a4rx_tFa8(0KL^=C>7c&!uzoJYFQClE6qWi$AC@dk}~K
z<2D>Y;``ZC9w6htE4Ot_`u4?$xbu-{+<PUxx3M2h5s?5w3jxRDag*5=Ab)Ny+J9&|
zy~7dLQLDz&HS2o<dw}1IwR*`A4y`#(&13H7s5c*_Ps^1<#&8k!#5~OHh&k%AI2KN-
zoV7XRJFY~FJnxU4bKU1;Nz}@N=mvH}Ebf8qP<T+oC1oF-Gt&jZt91L;V-NlJ?t_r~
zK_t*7s~Njc(Wj}pGkk7bYT5gEnR|jDI~v_`r=OjD``xeAyEigJMea);r<1$p^H0i`
zS9}ZjTv9-L|AIRLm4K+_f*)~v<U5CNL-MWbD2?b0iM!Ib<cRDwSzoO8ZZDKc<2;JV
z@B-8-WyU50^__2(B3%b~=yKfpVy|RVxomu1$bOH)|Da!i>&?e^)sE-!ZY~q;DxZes
z2j{#H`C4ezx$A8)_8r$>H7NVt;U$j)L4p+$(;GhLma@6E&n<dHEB8H@ac(5ue1B12
zU%vm1scQ8J9c^U67xk{%M6}=Fy3Ty<z3-&+sEec>i~F6-g!~pa(x5Ucy$ut?@Do>u
z8_^dRm<Lh<>qgzmqX8ATewP2-Ewc$fM@N~sPDKD;(A$}PQ(yS(diSn1+%GXTC90qU
zf%*Q-Gymb~)?PaNxvG#7?>S<83)$;f^<mGih!I$1`5?lba7u1{v<+tPYgG8mIecZA
zfbZvk1T{<wA9~i*I%{|_Z!u}Yw=DHJ*Fw8OA2f|4fFXxrsAz@bk}3^1!t@kjqw}DM
z@+$Hb$-g&WjI`Zfmf48n_AyVEyb_s5nxU_^19=&u<iHA23)7vD{E52%!>(+$vSL|I
z9lV_bkhf-`$oMwR+~!l3EdcRybakopbUt*F?h^9y1z|uzgPWruoFO1|4<mAZWPaq{
zg8HWY%@?E`PgyWuPdLT!8O`i*!#MRx03549q4E20YEjuiM`Wx=)DyvPRsC71xiAOv
zRCtr1UG9Hc8ZmqzXYrpYaf8Ev(DJ*7NH+A@qU=ve+n>3IiAo6Q(9uV{;cJt45I72(
zj5lNxJOqt+9O(LT1v64!$HS>P5rwDR;XA~%UYD{NAMdV5EVZVW5V_@Lufl82%)E$?
zu82g43u6ktvs_IrEvpwScI=e2u_7V|?d>~4V*}3G^{q|*iOd5Y#%htO$^n_ON7aq;
z=(ic17eG~IrczP?sd0i{*c0KOZ}evt3O5=kwF;&C-AjEy$k!s2kejbv5qJ=G;9uG1
zQ4tG*JZyoy^jQT!7`7c^pB{r#i+yYmg^KvSM|xDJvu1JK?tV%hr`QS7?jiHKa3&39
zLh2aO(b87XfmrM1UR%@Q3)KXP8NDnII{cZB5dBIkMJNz#`6As<^V2^`s|SYj7=+y&
z%VH#j8i7Gc`&Fm#-@R=By~k2{Z&&YWY`5~zWA6>DirY~ihmCMp$9CSYZ9no2K7X=A
zHHu3&bdya7&Zpaf4{zPmqj+AJ9u?pccrP*HC2hD`zGZq@<$xSgX`Z=YaNtbcR0r3^
z315$V<nm1T=ibut{(mfmV6(rgv=1qa&=rspY(HF)R8rlKh_%j)qD?R#_aii+>E$`H
zTE95B|L%tGp}K}8SV>hJ+>2h<7JJXB0l(=-ST)Dp-{GZ6I$jw4IN-6$1E2M$To*nM
zrC!UM=Ut*eI{ql8ai3m1#<7Rp`S8uSiOc*B<9&P!YKTPcz4EwYIk;)x0GD`I{eor5
z)sqOh?^#2<r6b9s|F$(Gg=FNAM{j{&;w8ZW-uJDpHzm0goJHOaxQ(jK)3&QW6>$A`
z|9t4v(avl4#zSZ(B+cEaPPIg{q-IA5t(J>J{F|uzG>lwV^{&J5+rkeVD{p)rvyZ9@
zPZ^#}ipVQnk2Si6#>OQ_?Yu~GY%coyWwaSC&@8Gj>o0DbMpbNJ-0K!7oQJG*4nyG4
zd**;%KIHtTh6Xg{RNgtsF=vm|ow;s=$#!+_C%bT8m}z^oUOke&A=oqfYah^mcifey
zzTTp^44mE3rjz-ej?3<6DA|vw`BCa*<I5Hxq{ez~A8|MuoyfFO-U1O9SKxi15xcwC
zk!cR`ve6}j{`?;itTwBg;sy$U_PND-_GMkpGciR+KDak$j6m_5X5`~0c^|M9Yi%f;
zE*|s#+vPf<+Xlh4$;k=XZ@l#EbKyOMK6Fmri?#lu+PB!z6;c=J=ezx_hJA&<QYqFF
zTC1k?UA%f6;E@|t<Y-fL0ZkE^hf^Izk&tWolLF(wL(oHWRQepJ6KL?x_qBTTqzU8d
z3bZ}ilb`9QdhLDB)XG;ALiOB`@OodQwg)J2Z)w?-Puv1{n3qNOg@o#J=iksg@Hfcq
ze=;gNQlF5Vh67Ie3}D@FOo(<_zY^g4$qx`V@1~9)M*IIVb|p!V+`RHi7>H?!iT6L!
z3s%3S9N!<_INWVXRRn=dGJ(8{Wxwty{P(T?<AOJ+s71vfQq+x3Lf#v2{h!>73y9fo
zoCMxsTD{Dwdhchfm!}<TdSPH)8&2Mrp_*=c9X$Au)g$U)%260`I*cbW^7it?u!<`I
z@Cg^>x{0boO0kS*!p=ceD*!uq);PxQ)_vTznHnt<-P6_iZ&m*)UjKxeUc`%p)Ywp-
zE(rrPF2}3ThRyJ$s|Nkf9s8&H&423vF5`Ng8w*M}!Z<|94z)6oHKI4Sg}dgxn8#Te
zHXo5b=fFzgpd7IplKV}~yBTOVkFRO~YS*J|_kQyJBV?zzj<Ll8<Y7PD*A*~D1iwCP
zBmrJ|q=?7$@vkBZ+qMJ;n7X@gC}@N25;lNbw1aqz;rxjfK;lyE+|O_3R>*B>$VC&;
zUay&!MSsw!=&E}H=g}(i{>>Erqa#;*lkcXnzmO^@ul-n3)jmQNY&?(f_ZY@!4Jo%H
za6HuX<xrDoN(cZ7q+8$%4=I@56R4D1{?b^Xy)=}A0VF(Ek*-<cg%+me`ab#P61;v@
z08v8{+>&MY?5-^HY1SCum7%yA;x9p~PJV8y*W$q66AnlUcFhe^uWg+>p)#>h0rP6c
zt(KDn_{fp^cQsF!zk95o@A$XY;Jgz2%~d;b{HO$d^J(E+xF4mRVPbKfHa|DQGq?vk
zPwQSkb8y<RsSjK}CAF&$7pN82R00UKT#5Y#l3SoRJFOWGGeRIyw^za93inwa<T~7Y
zP8eKSXs{T{v3YO%d@4Ir=!Z&B>Kqe~bzL9R!j0a)b$gNK-+2z7u8W3x@$|J)+dF;a
zK$>*xQDINS^t}^f@7pPUzvbT@a~hDyly$VocW&yjAm`C@&a&YneSzS4Cz@qyh-IO)
z^qV}n53-rasR5v)aF~n!9c1CU`im_4UeF5=+LLu(F1km+<)Ll(GM^NcyVxdU$)@h<
zzDbwU_A>h;rDNk?lX<qHXAY08yUymh0FrxhKvqEiW^Ld2nIyq<_~#R=)ZgSEgbJ-F
znejU*g-m+);NF*8!hG=ObaelZNuEBM5%pfCJDnoYKsAH(g9ZnTu)FV^ve@kLQb{(o
zUa7SG+D1EEvgL7{j@%m5yEUgL<<Ss^f_sT6x_uOJ3(sVedeV(m=8l+Uj<CCVu!YiI
zR%Eo1lF1#Gt+bI;*dw17Y%{A_t~3=STw)92&ykv_|A#5C73-JRX%p>iwSP9;GCQF3
zHr$Jow>?@6Gv;N@D<|*+Bfrdbek&kqZ<g5M(6Q^K2D0=X&Fj@$C#a&cd{5=_`UA48
zQ`h+HH`#VHD~xhySPsxPlWCpA1$Ivh(q>pl)*a@{4D(?9djO@XQcm4;nMJA1-PG$t
zaFRSkL1Ian9wJnnTd*qCVA-B1!R{l?WVS>`j|IuSvQm=!_lX&c&z{EpY`neTWyeoH
z%Xh0a82!F4VMQ8AI9~%%;$u_r^Uf>&W9sRO<M{^;V$}7RD^c$eXgf{{9Wq#Xxco**
zWNoKU@Nu6sKFWI!V0fJu%>@Mp-wn^dyKTJ}V*qOtKG%@Ev4)8kU--NEV`p>bfyLPi
zQ1@WmDgXw?xoUV%vb`14b2Z3mHd^I?`LP+86p$>`gAMdAmyADH_$MnlX*KA%_-O7C
z4?3CB2{3%W`{XcTB}cG}axc}T(>+{q?yu9d_z#tZNF!`6Y^$F}9enTaQcz%B()MpK
zJREvtwhgDgQ-=ADpO|-2=#KFKT7N^oYK_l0<9lF&0Ufy>likO~INtjD%S#qP#DyP9
zXG{d?(gcc1!_^g68<!M05!jE1amQZ&Kw_jRL#<-JT#|1YpgE%PmL<|4<^J729qzFY
zZ6ZBtfb!66%s$pH;Q4*e2r}R4Il)#B;BhA}#!r1{{MKdAzKt7v#pRwIy?WhMs&bE|
z26%3d^`ZBRwqMXJ4s-%K--m$`y6|hhuU7yYR_|2>%kKbb;}&A|<t2u5*W})w8Et7=
z%F}b?Dt9OiAm|Ygf5gS`z)2mdb05l(!)Ht*e4P(OGl68HqD-9wVp9=Fj}3I4M_|Ry
zmGie-)&SMPaH$z|mab#x7VBw}rtXYM*r8jMWg>LyAOx_Z)UPv*_^sraEW~LjI5q``
zAm6(e?L!m%;dpYPLw+KzYQmHwey{97dh5A&A9>-GTSlMl@ln_M+6LY70j4>pLEz#Z
zQpW1D?HQL6j-m4SN0`E6_hc4eoyLob1xn+_g`ahv-(f((bH4+56svdyfVj<^%QD-C
zVN`msDt*)+RR8;abAo`Q_J~8PtA&mP!0sHztsLDH)eSmlO)J$u|He9zzj_hlxAx=E
zMkHN_+=T@|vPe2#w+}Ah@X2!u(-H7%AjSp>Xoi2jROS4r7n7{VNy!e0=``#m!k0J#
z_0U<D7_u>s!=Jjr=s;a>e(2?~@@^)o<Cz3f6#U}e#Z@RPyGGoruXgpTk`Tc)N_0ba
z<S4$7EX~Li`k;5_y?wt{=)b#T9onGiFe=xV(ssCf-)~s;IQyPa0Q;QN-jFnAnw{ek
zKO<fK!@Vx*yv_WQaOe866JM{XLuQ{>`Z>L{g$55>Pk*lGn%C}$Tb{%O-CT2hA!(B$
zhf^NxK$RhkoKLreCM3Kxcsw>r?+nmV^KhP$GYZRj>|==*$SoSe=BfJr2cz#kH1EqY
zH~1b!)2$2V^f5n2tqtH93^de%_5}BK6vsbn=%}m{&qEG-Z$*(!)z!WIK!Se;pSKEW
z{`GWi>wrM=H|^`E_2TcjdAKU4%(_q>oHYx>)H63$hEJ0wcaFAQEq+BjX6rEmh@*iy
znGjNYDnI@lkYRerm1RUoFK-;ZHg9dtRDa!?tHS3Xx~1cdoE}MTxg@9BNwfgPuN*a=
zZX~9w8|YiNwFP_CHuvSli7U3-r|t&AqDEfx;@RVaY;(^gKYyP3_3F@!kDP<IQOe!#
zju9v>e$wQ_SUa0c`_d1jsYru1|Lg~k|4^imUiC&#jZ_IhiHts43p^4k8h&ZAdDbk-
zzvqcQgbSCjLL^b!P#U*!AJF72JyKrhlJZqhg-r(XaNMoY_U2?Yaw!dL-<405Wj)`p
zg0RJjCRBnF)|wib^&q*|aJKbUgDRaYEy86AN1hEBTrrwk9*K?w{rv_OnZI2q$-$5t
zZW`+Q#kcP6cl`@FPJ-kdC_E2u%)(dK{Nx!g{^|Z6zcnl>n0kx*8!>II-U^6nvI=pw
zM6<5kW)Nd~^h}SLlYrulOSYDAlsW6sK?zSgx+le~^9r37+D3CfhBv6Z**=yiofsn$
zbB^}I*j+un0cCL$fwXtc>Ygkt0dA={O(dFQQoPxEN2V)Yrac9m&ZlmjjlALB+jS{d
z;_E;Ui@zh^2=Dl-XL<=|Gebfe-j8`)j7}(EkacK&t%r5ot)~)m<Cjh&eyd(Q^L`rD
z^`r@{MkwwVix9iP?+=SWI_)B4jnnox^@RhULsD!a54xD6G;D-9&T>wboWs4?9=0O*
z-bP*`%nWr@_F0fzEG7!}d$fAxg;I%aPraO{WJD5!7Cwty`{^$BZqvXwt}%)**$tL5
zV?q0U2Mu)eJp|y84jDMRsDIl#3+MH>=QuitM*leiB-q#Y6t~oBfLWT4OLA!&r{T2p
z&%U_$t&<VHfqn<z)l#exc$8)~9XPv_FdMx^A6J8>M4ObLw$V`ctKuLg93q12J<JPt
zFL<Z!9C4pBc%XP6v}Af2;9?7-=o!1m`F#MN!$(rhaS?lDUnw!3E7z$#-;x5jS+M%&
z-oA0H-|nKKc#KAQ0unkN>m#2eqLL)UBT&__K<D`WtyJ<vuL~)(dhH{pcJH1}?pLwI
z7GFZEix7`@;61=cV5cm8x-r6km;>sOi1O60(R4djEq7ibwj<F#$%EV4*49pGhrFW1
z&rP)rxavy{aI1EXBCF~Os!yIoy&Q5ax!IW>JLGSiXV=@;LkV|D=$@0U>bRwIAS<wO
zfSm4*8eogP7yQ-bDsN3=z*|R5Gr8oV2tL*kqW78|^9LF18@ZlV9NxE`1^5d4p9f=U
z_YsKQeWm5DldT4cjwmedcUBVR5K6c0rYph=*Em2q^m`Hf_tX*2f(1FoQ2;%q=~jae
zfdV}s*d;3h`xuw7Lesjf!~wjrO=mAK9v8Xr@iNnp5ly>=2Tg<XQsRzK;HA6!)<yQA
z^TfjUfk>pc?$vLM&5EBuY{O7X-!cg1YQ8ck)n9Ki={XaEI^3MzC};QhB6<y;Lk)-9
z9v^%JL<;Bq{LGaKQ2E=N1)@)(UqQ6{oqL`~%B2d=iWKT2N?ZJ03JQh}oOC%v@$=pu
z;kSS%-$F`A9SB`z))l@zw|%fbp|#;;$CyAWG7m9Ee9AI+0*l8CQVVs+lrd21D1Mfq
zleGNO13=XjRuxN@3+?5K+}48h>DG<KtW3^P%7)aISyP#Ba3f-w#`2v#pUDvFz1J!G
z=uN+9VZ)ymRZBycXH$gXaAfb}6VjA|)l4%Wq5}1|Y2yH6<|pVr^U%1IhmI*So{OWn
zj|X()8f9L^ik{;Dod2;9zcoKpI%T~N#LLz`oDU8ZLg<IICevCcBWDQQgQ@4<%EZQl
z6xBUra9Lwt{0F(X_|SKODuZX1?v%dLSU~n5`Dc}x(79wne7d9Kv4_Tb2vaY^=?hA)
zKpauIQui^g;kV2+2j-Gv__8qxU>$$3cSeARbaXZNmHLGvZ=Iv^@;F(3LioaQw7>iO
z!NofU(2|CYtTShA&%;fAE?PNJ=iQz>M-rtk!_D@-@N+5tW6TCj2}Ds(XQehM<??4G
zkEltpg}(eiNmb5wzM5p{d8>!`FrEVlD&Iu;mkhq{6B2T)YqO*x{?e!>v4LFp1nf;$
zx-%{{;h}xoI%!S04Aiyf5SC0iK5nuDt)l`gcUHtV9`h((omr_t4u|d+MpQ-&$RCIy
zKjNqEB~vjsEa(fCe&U||ABr{Z3w<cDM=&lG($zpBsLi<oTHBDE;99lfdTz-h>r=m*
z`4E09i-P&g>O&azwLQF&gQ;)(>DhB0OT9OaKnuiN09|i67S64LondZ)CYhDc!m&;R
zkGBE!aR`&HV!%h55EKiyvd{I2<cE%EN(&thE#UTz7le8eR_q+xw%fI@?tJ$$*ADP5
z5%I{2)jD+#eY6~Tv<`{I`(jGS&Jyr6C1~s--$x~e;r2mR-2R(A<fA~r4Do<(KN$J`
z!O?@4D%2maQ>s0o(^k#=!t;9H#ox>Edtiur7PxxgtF9?5y+yEk+OophzI!UaY_81V
zVfn(F0~qB*ryHQ^9y5Cz<JJOdokKnz#=eL2E$KQcDY9L(+`ccj8cpreG(jl3L*FIG
zxmmKyUKoV#4}2~vFwM%I5y|m6w^QFs#{vziY>Qe+&_%Pm-VO~9E@9kael$1k;So{n
zas+!IaOckj$&0b!K5R>3HhJ#hqii1EI>>uRx4UZ)dZ-m|&3C(xPQStIZ~f98j0H^R
zE!}p6@7{;H{MJpnT@h5mFGZFeA0j;$2!<;Zx^VOn<l{{xC*$^}5%c37nUQoJF9Ybq
zn$-rxis=uLI(fOUMtK|UH$;){XFF<-?8PT4*_%hTnI9}Vk1oeSd*nVMm6L;_79WHH
z8SUkjfq_uF8vsW`Q&jn$&JMHy(4^inkwarL`llB1;>OpHK*hFan-lKiJogneTb>gL
zkXskfr-N>39@s-+20wlE;Xe!lBA1}_+CFM+86J6yoay9&+etE?LCwW`G?$(C>i9V*
zZm*!jX<n}DzK)E&ibwj^C-4cy^}|#IbW`&3LX48!{7!1BF(#v=wFw3&YhEC<cu5W4
z6|lMlNXnN%4m*DRrAXDpOEYz@A$|@TuKS=Hi!d@PC(TA^c_5H19s^eJhsnAxcbcQr
z<^H?bXNI>Hx*q}=&TEv{_|}PsD{A_|;EUgIrtaLkYIMyaC_8@__5V;w*{;K>xJ;j^
z7b{tK85JZJ4O8IsmcODI$|BC6QiqGlMNt^9gGE`SZiIt@pn$6$pgWDG4dP+T5~*F7
zmj6F^d+UTfsAVg;*Wl&34jp7JGN(X0X!{+pNy%af-ecoCwr38I+zp?0t7udr#aF?3
z5GYn3{GwUIa9|hf6auxL$(#@md9?-9`){BA#Ms@SDuS@m^PPuFn1$z~=^JHjtmPn)
zbw|x2n<d+^<ma;dhwZN!j`Tiyl?O9;Q1tK^Iu0f6h4l3^@v8GB*!k?Nto9mHT~39)
z=RGSMpK_`8o?~bZ7h(F<`^VdyIa1AD+9UL9xE9|$Cd*AeaX<yh>2b7IwM%5vLT{cc
zddEGq&Ib%J>M)_?gjyR?(OG!~2fj%z4_YAEff(93c(fjcn(sQ8rot!AXNdB+emZ<N
z3V-gGtH$>r2wU8%F9Ggm5%d;Jo0UB9uIDalOLTjFtvVOX_%}cQt;H&)2`Q+^oX^ip
zXLUdauPcBHNR5Bg<6PZHR4z$+99pik3~aMI>=iJ0<%Z-l;(@#%&^=iD2)-0CxGkKq
zy5Y!5WDaeNpD*FLFT0e!%FoyEn)=K^yFzfBY97#>bBU<VZcGiJoMXi-V2_Gi&N_7L
zvC7X%>CsG|?M=Yta%-<3yHeown6=tzy}s=Ki#PrV9j3lqTBqVfrXODrpB|+#mIeIm
z>4<3UQQYeS$CPgVM=JX*--2@x_A~d%^G&xnpcmvNuGFlxvu9GGO0Ublm|ai2cIi`s
z+)6o0O+8e1*6YD@!ZB!YzKD!oUjzOCmw&diyZwj{V-0|LDT<owB#(|iJQ?27$Ewt_
z^-SSGmAoo-j+`?NA1}GbZG?^6Zdg!L#D=<-tvKOY`_d6-lzNp$)NF!uvc-xo(WD!<
z0s?BnpBLC*t739SAAqk&I58-*{a{7|-DB}E^Va#Ooq<6ST$fiHe)1Lkt@!fthct3#
zf%M{;kOqtgBItB1@|30Yzi#=seFDc&QBPI&w1L97lcLN)JnXp%qRj_-ZkU<-eVBC+
z{p~g&b&(rP2FGad4tmAfI#T5#*uvad17!v*!>fJwERl2;7cm7$K6)PKg71<CRtC|W
zXr8<eZCz^(6X;T#N47&>(K}k>NpaBt`PFZT#MI?B6#u(l&GIOg?*k@T{dvTsz+OBa
z$PjlAP>aUI;W(X^42-o8!u{Mk_**1)Q}>%RoT`s}6M?_vjFH0Bv>lc26~x8ai)*)$
z`ytiidoa5x#be+zYo_?-+;J!gmsl6PUm93LPG+p4r3>S=i9HE^l8s+FO+Rp4ZePB|
zVAsrU%H8ba8q$>an1&IMc$>v}$Vgr!D1C#zy)FXhRsf&M^nL%S;&IniJJbs!^j+Eb
zhMmhCinPwK@wHIU|8gLiz^x@En0qqeGvdA2x3s@<x>p?drGyjKEoz0VfhSVp{5%K4
z-@3A>PbF4w2^tK0x$|bwo-N~EPrWiupYtJ~1FSy#{uH~~N+cWQmAlfr$EFro`+T-?
zqqg*TgdK62$GktU8vjOF>X9RQsHkxJDDUI^ew+B1wH9Rpi^O9@pHXjK&3n3<5>Yij
zO$~XAt$|%ASU0fF8`yJBO$EvVg)U&ghz|4k%p!c<t!(C>j=%B6dK2w1%b!R0cv_=n
zvu1C{a^g`;w%878rfMw>um=~rSVd4`3R6h%=L`bG|B#}g+66*<Sd!rI1_Y)a>zvvN
zQG6eZcVQlQ6!eSQ4xaVc6p4iAQm8xR+a+LW;n$k`_Bsp+Zf&c(0LpzJ^OODN9({lF
z5nOpCVda~W_q8A2kcZb>?*Vy~_cUEkuW9K#(RQMC{2Q)!+&`Pk+;8N4{wqx){U~3C
z3@!zA%DHvkX1&$X<95GW#((Bs%WycC=*|$u-$Sr!LH%oyT~^o-+XC;Dx9q2n*v+{I
zeW1(uQQ&m4{7mS7FVb)ITAZ?*P>p@g#)-oDOc)sJ7(v%Qj$r+v+XHdt*jLk+J+}K3
zr>gG(J#!7_I%^&qXhUY!5+E;@V3>ytEbYdlqw&oeItT4Y<;$oAczPez&V!ZGUk|I?
zt#GKU=xcEa#TR(5t@2Vd``EukIggGmTsdBLoAGmBS@r~l`)`VPv);g**lI{AZD#K(
zzp4_$hmsDf_uoE>;u*&t-O?G`U>dp$G!a3oFY=+O6}09hb={YohdN|ofASyvEqL2J
zu+ClR#Yu-6-@ES~D0AUF9Ft#nTJ&w5W>1VO9gtnuH222l=Ztx|<m|O!-Ll?uFLu28
z-iV*&Xl-x<FTrQk#?p|F@mj4EeiIq=UcUYf3ZK@*-LZ28&Wo5=Edr_@g?6Kg<-63o
zvD#{VaLV_NjVt#>xPIWSqCcwjfyGXFo9)Io?B?p%-3ShtNO5|6Y*pvx{rliEgY{PA
zb-ShJ4;}7{K70H)$Is+3HNV_+?@DsqDfuGo-uk&vzcq3wHd3}nz^>{<lG?GCzMXNc
z>XDK&aJu=hPa@p_1XA9V+j(o2#A1rBmiUctU_Fn#;4hH7ETPLc9qy%Tih~6!1`Z(7
zFYbg_xTo|p<WU^!C@PMc7ZJ@QZ*$kwB=vcuRdlL%@zE)IKRYmd@;U?9cTOZI_)2@2
zYFkiJ2m!mFbGG&_If>q4o<j<UANVkSn<RDtTKVsOS(Q`n*BxA&OmHVxhl7se;l4^N
ztp#PF!H4=tvfwwrc7HC_Z&{tQ7M~K7V|o?&?&o5>(0sZ45(GlFNAiQ^A{`1tBSU5M
zuxvlzngJ|KSgr<~2l0XWqdMX#VH#?bsgNUX<;QXMfp`&0)FWnLpFne4c;rCEqpNtC
z3Tn_r3eFxse*YcC$LGt7Sg$fTrb&$Dgwe@Yxu;f4&9tob)pU;UNE!pgmPp@MOT=lM
zDlTbr!$iCyZ170SY2p9D;GMg8T?8-qea|$dc$U<!^5E5kX7#ArFrJrSrRv-xGQR=&
zZzW#0nV&olQCgPduoC1qxhNlYvL5aS&{%UiE>Fj~FM6&J7NO!^1iyp{N#P<Ejty_0
ztoF{4nrr@2>m_)_s$SBY(W4-)p=T#w!mO#<Ho0R#@=A+MQn_$Zfrq%?gzJsEttY(j
z^f#?{UoI`qz|rtM!@*g;zS-a;*K@XZ7vnQ#BzUY4)y@hZ(#|}>*JrV-#NrDPJ2>a>
z^SVy&TgYL2uS?iyX8Nm6OzU*drg~-bEjfHi)$N69bgkF?T&~~Zy{~)uDBgSN6DNOg
zdoXXWImJ1-DI4Inb&_K%v`U)m8-C~N?Ls<y;M_PMYw-#0vgO|LsEZ+1Li`vm9~@)i
zW}r<2XE&OW2dhQnWX~jj)A!5c^NZB&RD{z`4?Z%r*Il%Lk{3W{Tkgh#Cd0Nk<W_44
zhw<Xd`YwW0p9j5d>=f=ptfwya<D!~)6Zz9H=*`U?O-c-bM8d!KSLCX}O_!{f^0?a6
z!urzbVHZR&`0BFWS5JK~37f+m8~x{k{nq<!sUY80EQY?7@~V`r!;Ld|!~+8Q;y4t}
zrBw&_>Gujlq7p`&M_j&~lm)pBeIKXt!?Go`6IrLK*HW@pEjlds<tvu;ZhX5C^et9D
zc&jS?=<>dVS;uak&TD?pu8Q7mV!L~GtMVp+?%TaJuzPY1-@irCm2(3pb1vSkI|fYb
zILcbaJYD=y(yf=gIPb-)zQa>}O*$%~^?#V%xJ+}E&?{elIOd+VVq|Hf-r^K}f{&{6
zZ9?9|oR>ch(C;&GjQ@ZdabDD2nb~s=smy6O^A!TTm-lPMRiequ2k)X*=!;+N^WKCh
z44?aGW`#}o$XBMw->W^-i$>=Xl$?jwuHd}zX3H6s$JOM#msVF$M`_ooGC!Fg>^<G+
zW$>V)hLe2`i03S9%h9Ih=sUg}2z>4h1_tpuBy^OnYdi54O5NkQS{B{>Z<dvWJc8=$
z#l}vbNYdXnlRH4o7U!&S{cU&PXuRCo9N#cy&TIcJr+p58!{1~^LKx}1%r%#TflMB2
z__b*CAM?8UCX#so1L;-0J9Cijh<GiQxD0U1s~6dESl@1Qom0cn*5$yq-#9xfuzsOL
zdQJ><OTi5FCBkca`u+4gwGrX+pv$V&y%fYOHnXpkR{v9CadL_k^$qg(inqwrw6(8;
zs0YBgoo5biYSTa-^Jr6$YgNuZ<Icr7yb5G%Ce@de-0_e@e1@Ah<dsAS*+hngieOK9
z47r6=;7a^GWzCMj?W6at+4bwF#D(2?_~!c%+%%Rwhwz2(Rb@QmONiCKm+dF~c#k7p
zL4DIgmA(U=;L*?o>%L5xIo*5j<9WP3arFiSL9D8wjBeOx8+>AKz2aABuzfkxb!g6D
zf=VvzZ4Ww^RYvV|hL5G%{#3!C19f<I{Zlwa2G<qsq@tC`sdUj$Ihu|FYPT)TfkP?g
z#PLC~wSsZd!MeVV#8z3xgp712^NbMMIXB#=^v;DNFVybz=ccPKCMoh7>PCB2{ylIg
z>#U>!KR9aFb4g)@yI>6h&-Drp&&u?J*BtEPF@>Y8=l)!{-@-*d)Gf{eN8Yp3*mt3~
zjINwt^L~paR4RS4^5jc*koK)JOxq`Nr%0HFbo+*qzD)PH0#313%oJ06{&J@>_hrh~
zH3D3GU-%%aE>h<l(@$Olo^L|}L#)m5q4C*sQ#_mdZr<HJ-jK1|?k9YCZwp>I!|+zl
zXQsPi;H#QIm=t}bOX?xhK&dTH#0W1hcU`zqmJa(eKBf&I8Qe&-zx8#F=$HD@+>0bI
zbw2M-=X(xak7A<tc!BQhEv4!=^jNlz{-o0MTk5EN3KHz$JboqgxGHY={p?Cr3~wZM
zI`Xix3u7+%CoH@V3nr&$W0L^zNmW=H!$lp=?o&5<38nR-6gJ#`8EbgR-tPG3jPz~?
ziC@1|Hx{T)cCZD{=u#|$?JR%uOXezf&HE_TTlT@TEj-`7QJ{XTZBGF8u{H-<jXfW&
zZ#carLiEVB2t1BYaSe=&h*V!%@AEK)hBu5xrs(5=uU7pJV?LKZ-Is{G1v*G=VTmcV
zii0=c;`x-*$|&(FD2k-Z&HM9Qk$#IK1<R%$S)zNl4p|0v-xYcZ?7(}IWlP6I=e&0@
zA_@xNHBC0C2OyXO^iEucy?5rg0}u^3qC85Jmv3p0@MGC!x1>0^y7pKt-r*!N?_5v0
zqu6+uuMNMnC^O$wOgq{+oni+WF1-2;bXxg97IafzJD2E{+s{2Z0Aep~#c|?MD#inL
zPvy~ziMxGJ53ZjvGqRFcJ6fJ<SbKx@g48;JN!&jj<U%55x4Shw>EuyNI~d;-?Pxow
z$oKU6OH=7FZOdd|%BbII^FOT7_<dLK6;WKLhodo%5xZ8?y=QODd5q@aetHl2^4=N$
zcXi+hSN3yazGy1gLpBLkxOLd+nw%c&5K=ei90($~B0zqC4PKS1Ei|O_{zM;n4BYm7
ze~lP#sL)|v>E+{5MrNpePkzHddXk`rA~Vt@2#|#DD}LVvp=4z&yHE{&!^zWfWg3nY
zIZwhP6kR#a-N+P_j4~x6%pk2V14AGlmH0Dx*21`<g63(Y=)H=154!@4bTw?;^UdaI
zPk$+{F^CnL?|;<2-vUgkjk-eGF`uoDsLUYlRj#lYP*-_i3`iTiHcwtu9G5&w<FH5I
zzy{ufDh+n}@aJ924vd)IweyKb_Vf|-^-rYu*dKP*RjqrSH;dEZ>%ag8<F7MkzLZR^
z9h|tm9u)i1c*}B?ZhBh7Egfa1Wr8*AK3hjADV3J$F8GD+oNtJI?Uc-SDz0hdS*m)$
z7Q}SWqvK`qTLja2BAbTer66OMza`DD@G3wn?8HeJs;~XQFfraHG3d$8HXr!9K&x^o
zS@U@5&odPIE!pg}SErC9Bppqi6b(TAxSGhZ;q@!fMEL6W4bX<QUV%DC0UwPsIAR&=
z7He@ojH&KzkbLZgmLGfceKb=jSU0b)cw&7fPS^%#3GnE!YHqz!TRSluwRb}_vORN?
zE#sDblUed%3u$}hSkh;2QJ8CN?Tq0lO3Ebh34Ni7m{o<OMW8n!&BAtV7SX~LkOo+3
zdas!@-Nhq0sWpk+#iVuh{3*iWnpd02^jyn199UKda`Vv18u{{Gw&*KUMs32Q5ODL<
z@B0AykGXcH<ua{y2!UkuY%shB9z!atymkxV8<+(&|K?CZQ@d01W6}6%nHIiKg}r{w
z_xjL1D)7?nH&C6goktSvvo^O530Tkj5ykfCm$!%=+53nyclb9n*6<MnGUEMiyidCD
zV|)os@=2(6#FIMo90$GcQBLoE6Jqu|HZA3XV)hNjWh}R*Q}_V;zySpjwcfoF3iIJ8
zdb~5{w7K2WmE4~bOm^Unzb9eocdkrQxeF~$uhtZ_8yMHJs-811@iTI5-*fb^3|(E1
z_<2`Azh$8$<sA)7n_4}_d~ds<-zrK0&a>%X>vbZUqQ})Z{7rtl>g!7B7*@^^V)7^;
z9Zn&O+oVTpP6I^g;Lg^imy$3nt4>GI)xzm`bseu5xJ7o4q!zjcW^mg;`mjHO{iqpE
zZXNH_bWysmRE&UMXXa*_eS{S2d^U@uST549>~`bll?yFr1h8ee25hzDMKYp-`wEY#
zI2WMeQi>0l`Gr6N&9|5GPa;oW8ErFh0?&+#d*Xx<oh?#teR*~=>o~z|G-~R@?F#sF
z5H-?oAt_<sX-exZyUbWTw0rMm+v7QLGx~9KzT5<`fW{LM$`1*21}nWib@m%}a&nKq
z72=et(0i->!U{jgN))0wSxu&L#crA6;<4?zE^5L&r7O^$cs&jyWSpJ*$>6+G6BZAC
zJ@*|qS6g#cF8V8-F0X8^lnB=qxg@o;4jKMw9v^j<yIos6=U8%|J=%mq=TU*4QMy8y
z6_j3SR2~+geclE$#_+Pjj{RGDdXB#uvPKhkwfh#^pmXMZiyYt!sAQNo9k;<b5fab2
z^1D9%mY$wHLY0S*Y`Q~q@40?iX4Jcg<d$(swJmN-dU#b*FpBcpxp^;_8soWiaQo|P
zGEm$X>x7)^q?N@E7cZWhSzfSrX5<c5o#2NYIKeN22#=&lcU3tG&mMzw>CwNM-3tff
zs4vKjpon#U{UjNR0ae|PEo|RQ*s3-6xE_f)WH($7!gYUmDy6!an&84QuZnzBj`X(N
zkR!MU?t`pH@dU$woOZ$N0gV1z;6UGK{wB(Ex5xQ@9t^nbEPQxbTf0=7H1y<Q+CFV?
zdC}@;GX(t>tKNK@0q5G}+=$eBcf*pizEM1eSCj%n;DkGzu;b=xseO*tBaU{nBjM70
zn3RjohV3CfQo$vk<RQ>0hOc+esbW3&vfgcC@-1k=E=Iv?;0ifRM|(ku)2F@og-M8C
z*MLv>s}GoNQQ@&j=}joUUVFzaJMSx$hh=lSOX#vITJ<+Dt940ZbMV$^Y#f}E^SH_+
zwG?6XtsA~4?K8l>c==8;F<*G7%r8#+-`X#wOPkm%U&zsVLoqa2D)>0{7}(Xpgv^m{
zYaT2g?Vs*u$iL;S8{o%s)xvHylospgihD!a;W3hzWmBMZEQp0Ro#I@nR5^*ls^yDC
z?&IeQn$rO%3zIbE>LYChhab=pi7)xMfGj|?@?^xhc!2K#i&tH^_fZSBc~sz}Z1z>)
zNGAKPMXK78lEEgv{`uI0c~#ixd{;I;H#O_bI9h3PeCK_sfnXUJZV@~5HZDG3bRN=a
zin=r3kMGc(+hpfqOd2?LT7i!xnD?G0S^slEUl1Ln9X(fc^gE2SeQ$CUeL@lfM+Jml
zJu^*V8n2qX_S1MD`9B1)I?_~+tc9H0N~S>lxm#!CqauS;WN3V$sH0#{O7M4(t17Fu
z8UuxN%l7ov=d=ROgS};RvcWDuT!^!WE{$G7isP|<9xu6I@DR>9^3bYq^3F8+J>YGY
z&Sau!H>=MkCpmMb@%gw>==Z}dhW(pgB^+t67+)ns&dej$8o~Yze+MXBqncaJGI)mx
zi>=Z@P868uiA``6a*Yi9bb41x&W_=pJDmNw7W^&!b80!bDP8!l*M;Pz4<`xsCKlgq
z`ldq9Bg1fLmh%E@r~JH%;@=Y5e)xmxQDzSh8nv0s%d=bLboA@PHe%ALo{~?3Odi<@
zxayNK5+1soiYhE#U|0-iG>Zq&<DA-;vqu(|UR8{@<?OR2LqzacH8o@!qZyY+54--4
zu`A29Y)6$-qBZ!FcK$<p^2++$SLdlz(#_1%?6qtl!iI>XKJu7hLe-_K8Yy*%WpO4*
zmReDqmxkbusNdYHcsEKhrC%L)KqQ?5x(=5!&%Ks~hx_YnJv$O<wK2Z0g2JBbAPzN;
zSl?|trUEzH+*ze#Kd&9A9f-X=`L{%yWZGpCW<sy?sGeR(;9K*GmXVW-!4YfJi#1X1
zxBN00{a)1H=RQ%xk4L}k&UEaGG_C2N>URm4#wvBbSAwsgJ%B>I6%1+2*f*K$tLDeP
z;Eb5B)7s#`>|XN`lamW&!%%$?1hRErN;^r{4^P@6@MOn9DWQumWb%ZR6MizrM*>tW
z%MfTFUlt)Yyri`DxZ05>gc*w1(ziD*@P^>vJzfgi`knn=I=vR4!y#1r&2pUG`#28g
z3y<~0>(>h^SswI)LaLV#UFIS>#>#mgN8|RNv_-*RG3HOlP>$7Jr?SVk#hbFj8;*yv
zyahK2c$`~|8y=hcxvc+T7uw!%V;b)wAm4LqbnNrbbPjs|XeWoUOvObeF5;<4zCrYg
z9smPce%G<8x^WIY-iL0TzVD^zk@UoZlY3lSY?=H_2SGZs`s%$+Ad<PD&Kv1%zOM4Z
zLGM9lVkn*UQ4u<(FtJo6^MF@&1KU3Z*TXNBUGw|uqcGfq>}$v9!7)ae-QGHiEM!9+
zb}l{&`dG#z`ACyr14KQ%2C_-&QM&2W`gx0+MV%GXM;3SY&p8IwA@Z#3j|?241`sxG
znIm9n^i5}AW6o~ngJ-LICgAe?<fHt%vA3AM4wRm>b10XWJ3@VtEnh;7Z{z@G?QL1t
zxDQt*um+s-c^JuFy4m;mKPR=vUP7ZD9D=OLw|N>N;d-<yK;Jy@;C6AK#GXgK5!-P%
z!d>M0Db9(ra_)Cr^J?TJKVGe?09!z$zj)-3eogiZLUL6Kg(Z9Ek?2Z(3C@~7vCi*Y
z@iCX&hH;mG?mTuMDY2@aI_yHOAu4nmQKPJhH4Ke}fUvRa?NMA^2=Q?d?F{ufl~g|Q
zx8DMB!F^G%Bk0XrO;jgd?TFm`>^o}o)ke?vuQT7FCS8!98VLNm6*&3sq?7YR*Wqz=
zNyT1`;cdZ)^0<dHAqT6$-^w3r?~739Tp}F%>c)X1XU`*;SOFR?<6Y46a;o5+V!8DY
zuQ=d+#kXD_)o*U7Yc|1S>olD!mYuonikDY870!dqC~!ebInMEu>hmBL-cZYXh#9Bn
zI?DZU0wa1j-VSLy1}ENDNEvLpZ@*2`i9Oh;FkhdEUTvXs0<vw7V*YPfVDX!+a}|Y$
zy=h$Vw)pmDf5M`F9zIkSsgq#zG~2!Ro}%b84a03xTXpO+8hoKa@wpc0dhBoeYvkX}
z!*QKkWfj<g$LsyFmFdiJ`smLJ5emm;>h3PFKubt_WzUu^?rkvthUq>r&ZhgN$ii!3
zlpFc-ULgf+iMeeXptZ$86L`4uQ^d22=e`W_fNEwx4q556WgJnW;qjt(DVxP?&%?24
z_bgCgIvoi@sk0L%X`q-yr;G^hoqEtG<V6JMiR~7EOX8oRtL?)QqXE8S?J3Hyz~f}b
zv225YgctC8B_q<7^|tl{atONQUHd1DsvKwZv7~*F{Kcj+RMpgk0D7YOr(2iCtME#s
zOHCggxcqy0f9sb>W1(LQ2tTJrj~v!Cp-;E>o?I&1BhYQ$HWU@-4CcW)LYcr5rhMX)
zcyz?Mxf1r?&b-jsYbhsmVOBA~Fev#xdWk1dN%6+8+1a}|9sjyh%!)t1nIquuHS(*O
zBCW61Gknhdt<fxi!SAKeHi}95L0ZaG*gWC+vO0%KTlbKcd^5VPQr=$%*2`LWuOoJD
zxy>B_d;5FR{Ww;c(lwOzPu{ogH%Va8o7ZH9;8m>s`riK}KQ%%3JIMj@IdfWU7*%B%
zbgLW(crIjoN7#=poH}`uec<;3|87uDgwn@thP$Hsv}vzfL!dg0F*3(ZYk<nDQ+QWZ
z49J)`=QH$A#C6CsD6fQ=E2I1A3t|aAsyL=|=-}9W|9nmxkYro+t!1LVIo4{M=OCQB
zB#vd7rnlNKCHZUYD(XGW!Q>m0o%d>7yAs|;s5+0*1g={-<O|B1!drIaqp==XB!X+=
zpQz5dj2?a2z`JQ`PM)f|A}_hTEEKWIbLni(aBhX?sQZ-J(rrS_@!RtS-~R19AVYTU
z#nG>0(<U{#7S}Exa*$>@IS=$*JS$xxsYU{G>!(`v+x<U#_TK6oxEUFiP;po;oy2bC
zTV5F*B=@|0+AV$E&YC?!00r+?&#OF0sN!s_P6k@_zDctwgbmNmkyqv#^wy@Hlgvl5
z<<5YiW%qT2Zj|<oc6ceeq+*k;>cA%KP&jOg3Z_@w*4s6rX6$jB+xG~@dhzz@z(ZYl
zw&1}CB?}24)s!a2f=9YnWT9Wl!S96NA;cY9*n`vHB=z0)=pzK;JK5(u_S2c(!?R<T
z#c%OV-+r(R{y%1|;1>h@#Ih@p!g0HI@sc3cgQ+D0eM9f^3U($?u<(AfEI$|dcN26@
zwk(Fr*4u$2q7<L65B0gjAg|ic!S`f+KS>NWgcBn}-gDa{5~%TJ@zC~QAAQMh=$@CY
zr8BOuL7;SIQe(>y5HZlaWJuslI9u&X4`bhv)8%|8Ztp>#PtPb$?lSn8(a9L7_gh<X
zlsXQn56#Nl6G2EKLU-lPYNhyT+hwgN%&4@vYKT`PtCAvF44{P?C)x8O#(Bk9JVgCf
zovxF8rc^BP1;uERS`MEuBpHMQg$Da~KayGZ0!vzNKh{qXoKQHbwC@+R7crQ_zb?#7
z?iM4+J0m~udgOQ8v_^%V01jkx$u1_p{aI_;eX*m3ME2>fT<V1A2w8&D3gk=3d(4X!
zVGwcei$E+~&l8oOP#batedmLvsCDQwlSa$Xu|p3!ijNKSaih8}ZNzmmIT3Br?_qRh
zfOr`=j#iIceF#WSiMaat3R%ARJ4Gp4v-fZ_)0NJ-1}9&<5-p~cRBHfW?G!0)#)CkQ
zvJ93a;yD*RWzUMo^*oYXU|W9Td=J(j4v}_0{)(DPuvp^K$29-GpXH|G-hM35L13KL
zJ`>Uf>EgHrD6rFgd2(L)zXVC^+#$ag`nUVCMl_5ZIl)w}wH0N&KwIy{E?%dNOj^RX
z^v=K|Vy*&LK1os)Mi?!4>Hl)gu1deBO*u^5mmxaA3Qg}#)>P1iJ8y4Q=>6<Tjp&=r
z+iynv4t<BAvyI1(7Gr90D<bFH+mK(+Hf&_~%YJRjUlXapqq&f;0zlmZZoH^xqcyqN
zKgEvfx;ZCS@pjUoAX@>yCz7;^?*pFiDHIN3L2EELyq^)6i+&<o=;~4Td>^X%ieH1K
z>t+Yep9<p-W1O?4EfbB!iI8`_CDSn`K5<5N<JKCj%_zxpg>~L;{khctVG4aJbB@iG
zxaRZ#bDskJ*N+O<#XKdYa`qvexm-R%t7>G(YPv<?F3Q+;h}PHbvRk;`_;j6SfegIb
z*Is}pyT%r)9rL_uUNHG;>nzv_42FkBUY(fRFR%J%B12a%=*+_gcsvfp)oYDVi_}f+
zH6!PUmW>7q?im>32yu!WJqHWVJgSCo;~EYP@hR4uA#<rn51p{I-IuW@B<6lih&y<A
zE*jo^pAX`m${yXUtK4_gPBr0)tqV*Xf9nszD+HqCz%+E|mHA8<76DybQf$F7ez@jU
zi2{4IrttmFpNsupUe%@KwPt+X#K2nG-~Rvf9L(_C9!NEG?<MA>E)Pw9)JHpoE_UBN
zJ}0Bu(%bgbEdY^kd`mKm+de_~L3V?i(57RhZ`W2;*XK2BXp%DLQgk~()O-3Ct=bp@
zvvG5~hsE$X9C(0hs=|xCFx>eC^x;h9i!5sZ+Y<ea3Ed%8X6pzzS$<f3Bi~N$P0ez@
z=G-n^;1OM?WKZ#Dn}&ME6~DXei#8H`?BV3g?Iw;C*z>l@<!a?`;EVruXw00oM@lcU
zO0auGSOu_l9cm`VbbyPQX5wq-;S!&_1i!U$<#+q{?fW?(Rx9QU1U1@*26r3=zR;WI
za4&X@^=HI-@V!VwpR@P#NE;P8czYx4rRcJg#tL=hyT{xY7TNoFQ(g$xg$AkjR}2Zg
zWp26>GKZ?uM@c_R<{B4Lf-g1;ec_5wn?IsCu3<8K$Ikl-HgTG!6}E2Vq$vcU*xK7u
zT|92~Aot3{mW>cfN(_y7378}t;YtT%Pvj9h5kgB)E}!#kVX3QpDTbA@n@zs9Ogwfe
zhT6{}9(l`yR(~#dBDko<$!5kJ;kr9G6hPx;B1Kts$>J85d_Nw#YA@J-Tu{jGhH-r{
z=WdU@-px;?F)mrNn%O<)z?|@x1^W72hKI>pL&EuUjagIw-1Z^DdG`)MeA+EL8BubT
zZUdajOI#ZBP5ZTqOo`#N;l=5d!-v_~N%o@Jxyf_fA38Wr351HHGk~KADU9WQH1=V^
zJWH#$@-))zcvZl@{xjb=bvk$tFy7nLm=&pF$LT#=pL*eYR1pdJVw-0baq2gRN}mOg
z=U%I;G%nrbF?-=g#>;ehfs=f5i#g4JtM5I88i>Syk5(N-xX#`inkc7N<`idVS%`f|
zKM#>l_NUAVNU>6{3JTocOa9w%+|Dd3K{KR<_`T^5l?>}0(Ngpq-3TzkIYKvpHu=@8
zuT!gG?Djq9bF?t3rdyvZZQ`YG1jb4e8I@k8J+C;a%!6Xp$PTwCb!+bR={jog0tn^a
z&aq9C7OS>><eig{5;T`r!)`^e5Xp8QgJ#yPL^!K`srbrSk++d6W9U=$(uX7G*yF8C
zX(z{TeBm8PrQ(l#1<!XT(sKFiXNm0~d{+7HV=!Y<pCri5UJcQ&x!$rY2@<ZjfW<lO
zszZNU!Y(XB`Gtf?0l5cJU5%A}=LRLQ<dt{{cj>fFz<chxrN8G_<v)DTdkK|3F(6he
zH+hTGZ8qk7Nt@fwH#fgQsX{@;yxiD`-|cp-7_So}u%4Zfx)661bPU#)#6NE(KAr)W
z9XCjH^1Sl?iP2u(_rQ6L=A2Y+y#lB2!b7QG`w;NKN0#N0P0&@Lv4)Nm?PK-e0LOt-
zUvDH%;D!Nc1{m6z^S;*Fe2;%f($5Ml_~_MzDMDkTybohn9j2FV-sTzpRI09p0B3Zd
ziZ_843rE2#8sUfO(>LUN-?dDSsZRJLlj5J(l&@Ia+63~e_tx9SCC1+{W5>Z$2YmS0
zs+Yp6^M{0_Yq8;{T%r7KW9LC-g?8&RnOYuwZ_E3b^{FN}T;{UyJ?WXb5QmMtW+UE{
z(;+U%*30O85h=tE^XAuQD+4CC+(Izvgs1owRlbd{sD>n+D~Go6-rT7cWfRl0s^4Yz
zT!PC{_ljc7CdJ-urao=^aI&q13bewtf_o;5lfwvAum_9-tAM_i{7uZu^!_uE&_8Lg
zD{k>1-#J8q9HVmT+NY;>QV;t#M)b0(KVo+=&(YHmNk+|wYr-54@7mFNa3T_oJ+DCH
zshGd-r};LGQfOel_b301*jUfdrxX0i5h8ro<Q7m8@)8T~A^F+&CBGZri@iUs9kohT
z%6TjsJ`HcUvz(B6`B7=n$BP$($bc@91GM_5_Hg(V8rh7B6<`vI*&V;W1)~SnV{8xR
ztUSmbaqh`Wxcy<iMtfUu?sU_!!b^FtJCxhKW{3a;aN%luSjeZT?g$cs@luP<8jc?1
z?j``o`xz>jJVL=c0&s6_ysf0~IX3(S5=cf@%1~>=cXiVx4&WC{J^>zxD60#WdipSK
zh1Pgd^&EO2u+hxEoACqu?KZp8U25uEtsDKQ=%1}beOMl%w0!Z`i4V-aXI2XDh(b*B
z`>37uVP)V`NxVnMf4Ahy?^bzl>fwdtw|=hg@%TDu;!BdYaIqT70v-cJ6<9i<@%f*<
zSY^ySQg&Epn(?e6qtETnud57#A_F8)oIi0=)=%D@Jk4Iv;CMXzBvzi@C!pab2{z|k
ze!LN?9=x~94G@ajMfXyrZJA(41sV!t$GugbZIs_dx<gS~pYSZS0Rw+}tFD=sPdNcl
z$9iRvg}oA`l5p@r77#gc76K*XyM3Y4SF;aUenaD6)IfQl6Si%>HbM2GfeiY7^g_?Y
zanV})TL+!sLdU=sy%@?{z}=6*_$2N&*BX@SUhlJfUo!RVc%L7C$Nlf-`jR7=9ZjaC
z(AC#Dk3MFDH}8I$w_{ii_9~ZTQeDC>#?5Lk-4gZVF?ZHAPu+CRjF+~YhybULtDmW_
zb8M4bEwnMH;eK<Kx<vh*ea*qu!3@|v<0(=3P*j-s!+N~ne2p((*|iNHzH4ja63oSZ
zj+?&ZQ;BrAu7LK%3qE%s6~;vGM&{x6I+<zQJ}k}!_oiwV!!BIfJ)S3edRy#^G=sXU
zit1v^XGk(24OG>T;WLS!jK+p!3^t#Oer1NvaQv+uU3Yx%$$05;*{~}<=6;d=;fYFK
za^mG2RqWg45hr9?@chR1zuWP@So2H|Q)Aj8BS($nfe$lA@Z<G8T`rf$j*`A7LvH4J
z++qm7i5TsqgXh`_|Bj_s5LfqP{j)w$iwg59vI}wcreAmUs9SaukM5GpImb*H->Rxn
zj<(}NN=K9g9p7eQG6z!2%^NdyVjsOBA9brJcn=VCl~Zr@aabu5O&b1`A@#m0{OLV$
zC;K2zC*9P76_7o<ZtJl1c3lv?Pe+@1>#;{{V}3=&1)3zwG~uK_lGNWXJSx(P5PM3@
zKNHy~9!UTD9R8KtqE82pDbDc+__ZGoQ9~-=Pw;B<F{`C|NCt~>B>epBOVi&C{0~pK
z;Y)JM$H#<lF$=0zKUraPVV9HTeZ8@6uJ!G+mEw=S<~k>z7Ae`dEDW)x)p#NMyKve|
z>mNJ~2fhHk4(O=BF74V*$h1fdaH1&YYxV*PVB0yd*+-|sO5~b#bC=1A=NSvkZLNBE
zmt>@s=2EtZs*8_Y@`Q=<G_kY8Rlwh*UP$kX7<BIR>G@QhVM*a0ahuw=0A!!<@hUuW
zX{6C32NPM<{i;g1^Ql{_oNez>jjdJDWhO9^S9!YO+9`4U+iL8luA@`)rbI>_9;**B
z5BSj-Z@bx2iW2P?t#w{Coc5n1<odhizpk<biJ@dm4qLegcOW=ThgD>wN-^BF{5W(~
zU;XTU^okq?{RF@50%M=4h`YzMkr3yy-W;cM?qlPR>xQ@AZuX+GgWU~NP;=*+UK6Id
zfjKd7sJabb0^XJ*h&SiXxs4D1*|ycd&?EFvU!bfQ>QIIF>|IgmBH+3Yp&#WmGH_Pp
z_1W|@a!ZjjO&^^EeVGs!3pDf96hpdwsvP$*juTy?3FA%{&ak7ew5v5-RR^lafr+a=
z(+KjtTF_p!FRPMJGXKf<_c-A79{S{D;Q=bR+s;UROzH+HbP#2HtY`#$&r-qTI6n)4
z{vHwlyKu^luB9J)?@%AT-_NVeX^9e5Vk`Gkz+t?L3F^|X@<5R#Kg5G+D@Y}a=_C$g
z5SLgJ=~aKY5E{&A8k9-i{@$i(%?|UL1FzSR-D8h<J1)>13r<;=F#IkV$Onp|uYDTx
zXOGb#*?OA`<E|?jY&63LWH#x;eVl@E(6r^)y`FE6>YjbLVU=G|zqQ9_dFVTb%EvT&
zh=J1Smd?cSsn3-<W7`@}jO^Uqy`Bp&n(xD@bYI*@PeZ!R@|3B>#jD!58PV|n@Lz#$
zW7PwGCJeF|fv8W&K2C7^;g%s_D7=hV^=d0QlKn?6_&rvj?sFwCs6-Z_-`;c6Ggw$K
z&8l0;$Na!(&sK!pgt{S0(UMLP3@0Dh{h#n~SANbHmM(E(*6AdWrw5Q>o*TsnH11;%
zaaZRtEdyAdG-u6HIf!|Q?hyufNo#gYE)E~FqM96VqPcpi@yIKpRL4t#n7+xVJE$0f
zC*>Y~_`#e9*!QHg)?GwcH#|yZapZ>O_xY>pEHxNCtOHzyA3{52=Nn{(w@QhPc>G?@
z_m^Au1RhnwW5%MMQ$`8Hw_e#sLN?!tl(F;YJsu&R14l|J)xB`aCQdJ2c)_GMqvhTd
zgJtlblV|vC!X5pOjqo3X2!8d3%_no^_DZND^AY$uQHCyGGg^X9D@HXiziy>!MREGm
zee_m>ndL6IcrFbN;bRRB(UW^PQwTW~{MrV9lAZ@+Q_qDpUnN(4-~*3`d@>(3)IlkF
z+QP=_)7@Iy#QEplJ?FY1%{^?W*LfT42*$|grdP%Uyipi~xPj|s_r-HLO(cm$cj_5B
z>>@U|58OEjd7xeaK6)Z17dyBfdBwJVZ)O`}M^5sKe3USnnEX`fTY4W8Iz21g@|`Ip
ztNBYZF9BbJ#J}(OKymP1IC5mlwu>K{9nP9PERQJYbWUhI4jLqBYj2Mpzw`5sPyb_d
zAt{JuMZe>C^}~KOM6ua#@VOCrZ|y96F|-vpXAZ9&PA!zpw<n#E%f}05CpqdWK&@_H
zw)-7t%(02W_YT>IzL5ccJot9%#bpj0xnOnVb0g^>p1MxP2+45Z`h#N<<_ijRs8dr#
z6ZOtpkgj-Xi6z~Lh0}!|Ws9xtZ~>j^%!eHw47umC<<k2NuNDU=9~m|*YCA9XXz|r#
zIlWh2p^sB)pL@}a{S#L;x0s<%s%nr<bv?R#`F+%`%;IAsup{$t7Yj|0#=@U{JLo&-
z6x2f>bstQ@RY6Ft?ZQN*7_LYtX7Xz?){;3X0Kf0|_4lwt<M}K-fg-V`>#TcviRuHQ
z^S1UnL;5W^uS|rlo7(t=%a0Bzmdo1$-t_i9Gp?{|JFGF?hyRXpcOQc49x;Z^Q{K?j
zl`r!9Qp@HGQ7edt=Cd(8>}u?1;Y@ey)X^(g-3b?Vt(q93l#WNrfwNT^cX}FL25mr@
zfnr(6m-C|F<M^*~<oKP*Q+*%uybxQpODt`buRPt!Rj-Cpze|uEC3_c!d`*W3WHh-a
zYYte*J?-LsY{OD6GL>Pv`L?RsD`|m`_2Xv8m6pG4iaX_{txJga<t?ErscK%6QPqn~
zgKe>POw;W6D5&yQp5NYv`XAcr-#uuS-f%Tgz%!IFw)0t<_Aru-Mw02{M9nN~yncWY
z&J?RMyt3xA)So+WlH@=dBIlm410TGt!4iKp{F4Z(eZ{rK<#SS7&2&cPZ+ODzm3kgK
z>lrq6{s}80tlmw@ya^zTPA_fPBHd4+?3@(=y#r|Tz{IH>K|lAttx;zJu<in|Cj#B;
zE}c`1_hy1d*Oj@dfyzvH>pQTRhS4P?`bKA0pj)kk1RkwsOXCrw9oP^9MuN72I(Chw
ziTS~;WPl(#pklPa!5RLyAb7Sr!A)fV^l<$Y37D{L#8nY1P?68U#qGfjI4cME(`5R+
zA^f)vr(YbUffhwaCWNn(nKk(aaGbO-MoXg45b;rh-neo~K8hHXnco4ypt>yci=HyN
zE;fOJO4)}kxnU{UQ?fPpmR&4$heM7C96XU3)1zaEqkQLtC)LumT2?GDPucLbWv%aG
zBG(-ym&60Uz9@hB9CaSgd1Z~iwz05DZ1bhBCoSdW6myA)j8Dk@VY9~Gvw`m|v)~x%
zG>zL{H~#c#^1LsM5j<kwa1Y4I{m#1F`emMtyOxxDqdMs={3zIqWvT7eM>i{V^NvLR
zxg{1#3i-2uii_W!`g-t&qJ7equo+mf-BfyYnt>t`BTeHswY2}Rq-~2U{64e9Mz#fq
z4vX68c`(p?T+#v(Dqy@$D`!Jd$1o-tKpiB1*+cj`=5RjT__7$Hx8AZjdE|2VSw9bW
zvlfzncc(WRO%8-viV}qux^r=#sPZ!h51nIEf-*M{B*HI&a?txNgh#_wGpc=K9auuU
zZyKHz3vl#r;_zfFQG@~)oRkVWxT<CcuivKF7mshz&7+Y#_W0wvU=52~#-$Y|AbKAm
zXS$T+IQPN3w1e4WL|7cE20l9VP%2e-MYv2Yu@Tqfg~<9T82(8#mr$+n=uGxDh$wzm
zE(?iBnJ7MaOJF=n$Yy*(Z4R_{|Ga3{-$NS)A&{H1m&hzIqK)>XeU|Qq*GeW^n9lLq
zDbR*{qbiRgoL8%NQBOgVF`wgam*rc;Tibm*)}jf7*}HE^qaX?}hZd1$BQBw(t{77X
zo(G`!^8I=QL3ryvbU+N8mOA&u1X6Uz5&wip($Cx(Nc}9}FV0DHPXUit36QRYUqlj}
z;e&Hv4&dynH#XbhyDy>Sl*44oY=2jpCVaroA>KMFuZrkr0YeUaP9y#6Q#mHQT%1RZ
zMgaI=956b_D1sSZRPg59*pA1mVll?hi2ZN7MCTKkYc?-Z@lcO%o+EkheN+$l;!P9$
zOdb|!EU!5oJ$HW}NB<u4Fkw9-a#wQwh^$$ntn{(UlYI-nv0Al5*qV;=k_hF|I!9eA
zmPRh7xY7;4U}>V$!sqIJ0O9=~S|1PM4}hvwN1Xw0Uiyyph5!ygAIkpDBUapd{e+0Y
ze0Se)&}l>*F2MEk$*(z-a9baVhbJ~3=Q8;>?Uo!TvYgGG)}6lpWKn*B{@4^!QkkRM
z&;;15r_U@|mn#4jzo%aeg`7F@FwsLeXu8aJj=gxe&hnYj#KC#c_BaRM8778TA7Mh|
z)f5rL7_GS%7?gZ(q`XqPf09s_YfyF>&-hJ)p+rA%J|nr$vzp6-?WAa7+RbJ;-TX-q
z{uJgrzXwCS*shOa)^TxaW47kVw9mz3#}61v-1tt)aF77>`ho5tiFD&nTse=_+Iwyd
zgEf-seHdi;^9TIIYY#qlM)7{qipF=5aDc>L{hDKEu-bGFtH#3_6R#vGb~$q2O_~T<
zSnRw0F@)$_R_AKGYR7NEH4F05K+SLVb43EUB?Y01IPAvBLnF&_LdUyZvB=f#)$UwP
zYD0@jmq&sJ_k^4%Zu+iXQsnyQyLy_^>I$6kxZ^AK^*iiI=ZdJkF`Ea`b8FW|BxlcM
zo9r&X=*Rh{{V9P9=YgCo!P}sG<&JyREf7e2?8k&nqoD@wqps3=s1EJhRsDNw_-{!u
zJ-NnEvd&lC6#W*yKPM?3P*V%vsrsgI*@lZ0IDsDTIL0`x50*Gzu46rlCtVrDNpcfe
zhdGxhIf(QAqbBuUXrwD%&lj{wSuHC4z8t-xl4<+U!D9S6UrOH#4+{#ZyF8VSHLR*F
z3(;~;w-kcM1-`cpK=58GPEr<)d-Nsz8^;hMF)#Ls+eCOoJ~^>#55pbT89TzcZEybv
zt;O6*^3PWZ-0<{+t~6TMM}_H|N<49498rX;@qNgJ9<=*P;!8QQXQ%i;owKC0=Npi$
zd;T8q-U|m}d1U%++7q>kqj?F5t4o~h)1BUXQQf=RA5y>bF!;~S@q73r53=kno{QZM
z04C4?_x<6JfFriPm#A{$nq(z<v&a$32(8u&9P85RQ<{OsfUQ%oFGw2{Ze{W|@9ssT
z#>=s==JZ}nBlF`gA}ug5LZ73xCQ$>H6tmyO+kI~KUiHZ#AI6Z~q11h(&783|4X%C{
zsh>zBVW&|By&%0wUBoZBbX?`KOKJyqK5@Hm{2_#Olu}5-jCfBFtFZ~H1xvM)(ql&S
znH@7ZothoY<}uhU)L<N|mtF~P+de9N=t?8{{jPnkWtm4Pe+LoYC~dD7&it+S$|GP5
zu=nl~AJ|7d2BL#?Phnh$X{z%+U4CiuLdGx{>Cf|v^Lt#SzQdusMW2(AUECK4KAx%M
z3Wv`Bc);WM@tLYQF>=3<#|`Fv)bzm$R`Hj8Jm!>7osD7=turqr;Mt&6EWvX&K7|l6
za`mPDoL->>uG=1YQ7mq;a;vrYUaWET35u^<^~BL&5tMuMGGF5;l1B#auwFcnRy|!p
zOLq|B;w3cK2eOIeVOEy=5?<Htc`Q>Q*{ly-)q9B>u1j?s0C2i_@kAcK=UjeCjPTy%
zB3kQG1qjr1QWt_@lzR2H03b_71$j=lQ{Bt!%&=OgF-P*@4e-E#kiUn^$-eChtwX36
zMnN=O6bKI=&A3`L_W6-<XP+yJjH*4DKhHDH?*SK)duMl}Bx^#+#AX}kb4xNFc?+I%
zQOiAWca-i;NC0)Vkdw3oaVxoAii|s4dL+nR2B{N`_bopIpO;{EFnsI0NG(Fwd8`nn
z^wBOJDVx40;RNt;ymjU9_(PnZ-SAm+9j0&)5e_}Ekkb3Gr`mi9f9Tph<KmyF9rVo1
zIT6f7b2^d_z0C@5!{>4OtP1b-;`fsA2wflC*k;W5ly*|D)J1o%Ll5`fzF^xa?9={D
zcAUP4khWDLhrSAzv;DQ`yTW5Vm$7=H<(|ni5)Q1N4Wl2i2Km!cEp-kA;2jr~7K4~i
z)4{V?eX$%e&#q;^wd_niMfa8+N&HD=&+n0#na@?WH>Beb8f?QcvOU+@ah>-7z7QKR
zN6_X<Q=p~toBOG|pXru!8{|4XB;rnCGn?hQb>k{rrMVj}>9Lc|pUGZ-=Kc;quV~`r
zecwBQ3*l=Kw+4{o%*~QRkGYk%1bPRd01oEmN4yeg*+}zr;&EAGfViGF5btP{?HWkz
zLy0~}_RYA@8C@3S8ybShxQ%_7Pm$5v&1~SXAXtVh_)(Wsg-Qv6INkX*w$Qyxi7z2A
zl>U<`dmP77u4GqjbLb;&@dArq_~%jy9NMO6^@lEk8v5@>J3rYmH<35%l3hM{=h2$T
zV&>~hsi799G6mug>7}9b%GvKt@>^);$b&mkueu0&AKfX+(x%|AyHg!Lq5k27{;ulo
zzt%H2J+VrCGG6UD72l!gx)MLI>(xWax9UoS$Y;!FL*c`#ar^lA1GJ6D{ce7vuyFZp
zw>=EZF*k;?BaPF&==8}Zosk1GIIF%1->_Ge@?9@G{VIfwJ)X&vc~jkOdbt+t0C{O<
zYu-*KL^h1(9VBe|baI5~t_)7C27EUq8PfU*g}QkpQStj*jYG=xIa92`!If~_C}$DF
zfzqqWi{N6qLl;_jPJn6*zX#boCPeEf@z{C}kJq2=xI|L6<pERdSI0kDJ}X<Bics01
zna^4o={t9U^Bn=wHT|t6c7BiDG*y1w7MS<WMgFYl9Gso2WT75N9k+Qr7~t!5JINd8
zx<sk>jfTtKJsS7HC~rqExd*Io50T5*L0?RdX=kI&_k&tR^??o|*l&8}B^zNtJoo0c
zHsQ}731gP^(ZUq%syoP!Mtst4Gk76nwv#I+ZTT`ITJGV<E*rI+6f`UwjHUyTpl%MQ
zq(7re#*_NO@Kz1<E=NU&SZ4akv6ptxGDppK<#8~PPChW-%=9rpx-fRW?o>Jp>mcPJ
zONKU4GS+jKYL_!hHPFWF6f}_Q0j4<B2+`z!59MvF4yVPDLw9#(z~b1nS@2^__D{^+
zabME8duCo~(9L_}cRu+KzX`h6ul}2I5R@uJ?A02ExK}gnOH+_AY@vyLg?28WVMrA1
zIW3pGEt<_%8dRlnrIfe{_e<(_`>f;(<*vMmrrw-<&tdvZ#w*YCoZzobUOV~G{(<&`
z`N+uW`9wkBo`!e<*ecYErh_@ChMP(;k4UzkpnY&7yf&gTO2Xt)yt>abkE*G}`Z7{-
zQmC0J49{k>!FW98jrx!%-uKgkGb9_@&e*GawJyxf9D1AF)~hZN%S*V1Aec($^S<AN
z5y%stCwuJYL`l>5(8#NF#3{v-WW^g(e*W(743Fz`k^?}ulJV}0da39GIC*aCU1k4z
z+o}#6?eotsoB8)vvHyUupT7$Ey`P|^o($Do>HX$0Pj$Wro)oiebe6b#qq0~a9<4LF
zOMC5o$3e(}UDSER>9lqV9+ABMomiv5){#|;0A3(J<#7a#0UQgL0klge41~QCGx=c8
z&KRQsp^&aSy}zT=INSCTuyQ)OioUHHU6)+!o>AwrGiT@Pi7ZmL2zkuyy)RkXNp(I|
zk{tQ|=R!Bs{IeC-d+#!l(4^j3hI(NUS$Nv0vlFfzVi2qA*YCPF%EV))Mo2k$rl`TL
zV?^A0<#w;%slLF>VfI)MUiWZ{Tq}Epoc=bzEPtSg<sjKa-XVvpT_P8~Ffd|bK>T1~
zH=s!1%RTGF|KSgOeh&kEU1=UYH`$@gWgehSJ3KdnK=%j(!?8(xl<0D=_TxvZK?9KX
zO<Xy6FUh`@p;Ku&{ONiwxX7cXsK-8^23N1$y0%Fd5STFm`vh-3fLDcijhj?Et_u&#
zBZ_daB0KLi+mc{zd}DIZOs`Zu@{)Q(s)}8M7#<ui$bap6u+)I@?{G^H5eH%E0TQ`v
zm+bN2Q0fA|$-3Q2ED5z~dD>&L^>77l9Ocpi!rnfsmtfAK=c7nDmHUbukRvlsE98CK
zMCBHiuh-%JKgO;kNt2vaUWs{Ff)MvV(lbT9<=2+~uG^|ID?)*AcL{JevLnGnH$8E5
z*NIX<vcC=@=lv6gu2;O5dJsL{B<)}-*@D#*WEAJ@+u<wtG)T=$fx;G17k=}V-|a(n
z@f+<`{D?EaOX7Xbjnh5jLvi&^j-j$>>XDNx{8VLSH{)_M;OQMH;cp_ooY9jZd5)3h
zJ(X~&Jns`xT?f2Bs}$c7GPlAp3w5}_X&m0#=k4hmpQ63<hz=$mEpZiJ!zZ`teX}Ps
zPph)=(9^ym0!zpFNkYv1j@h&#jqZ-Fk<tMHUrd<2Tc4K#9|!QU+-2)0t4rJZD~P<F
zGqMT?Oc7TzSM9_jZh8_wSEXV-wi}StwLbW8=B2%_(a}mC^vMBS<^>M-O>&pM@zt2f
zj4~eh>Kuw?4oMU(+&|A#CXggixGZns$vJ4zs=F6##0H*b0RJ8z_%j1KcFvXEYrn<v
z?}j7pxamiC&sV+-TRzwK+&u})jdW7rdbOZ3;ibISl4k38W&`BOoHNr7vFAR{7Do^3
zz0_e}58$06N1$c+Usa1_^-O+ExjBfRYyy?Ey;f%_>BynNb!!2xM|KZqPHkw5)x1<_
zB#&5*1)Hn)+)v{sjLs9%c96rWnLNGLx=Hb7)5Km^IpPx3P8XU}ZuK|k8p-yFwDK{%
zo%~^c%h5Ul>xY~D`m&`grO?|ZwedL+t>&4WUVPgPUIz2eSjFSid`|06evQw)QVyEc
zHxq*#C4)Opj>!0`32WNO{&~Jq72P9&53C81kleU8?v=3%Ra1NQDn;GG?ML+9lG~Ns
z-y!3_Ta;K>?qO_%FO%-Q2j<DslpC<#m2(R7F1W7WhWB}?9>cYgKHqNYg1{_{q_1Or
zzj<KifpDPe6D{|tmp(*8D4}*ow~}4XH%of%i)x^A2-7^*v{23VIHRqc!%wyp#<qy$
zmem$o@ig@jLb|)kdCbpZhy?_hvTEe<N8p`%_grD@7r&Bp-FT8b)u5_4Zqpo;BBXKR
z&6L9ZHw0g1P*m|;xqghWsY(r`5CE`0MIGryQSdm#VbY6GWJB9nuDxUO-Ht(atCq+T
z_e;B@idJ|me7FVg(spm2^UqiDPa!Q2L@}ODxu<kdrW!%Ls_s42g}MZ=GX--cS$z!C
zwyH&b&Z+U=O-+70l_&7T5X26ibPF7beZ&laMQyHuxONCQ+?5bN%-k;O+PLqB3&TD`
zJT2}pmc3Q1sa1tV`(W+u+kP0Q#&a*@TQ3nlQBSeVBgv^&8Q)F3*&!uwRk%05!I`sd
ziMLLVj#^!mP6xB-i!LW}9*ZsEx=M?TLdJO_WXGu39<4c#vn(u0H8Mt@CclI$&c4+~
z$Nd&ZpKnPX{`*v$9OS)y9hG{YdaTy+SY@#hKF0-5+d8#(WWbU|Tl5-L&o-)iDGA5E
zXV-kW<($+7N1_me<43=f9jTW&HRAdbo<HH~_G)$$^QTcWlpm`<<{|Kz)@lH4e1|lN
z+Kw>%`RzjL&+9_}-3H|kXjgWQX5kPq2iDbE$rzV*Qo3g~KWQk5499QXYh>4ZGSctv
zBmw$M33JUFL_mzr*G9}r6R3PYhm83u$7mh!9A|HRa7L>377mdBZX5aZcRF3=9~NpX
zYqC=2R|cw>HyaquX17oifp?4bhPtmGsBeU_*k0u6xO8T6&USrs@8+Bf<rNoIH*g*Q
zjRd<UFSLh;=mcU9=LSD9-bCN|gE3$}$()qD125{Sjca;RiL(zNqaLxHHji*^{-!)D
zKN6sUXZt=>Ljh?t$HI;%8!#jwN_}}1xm->`9sPTL2JCd<@%-%am<tJgm1yj|7j$1{
z*qT<;i|DwV7d;}8S?G7*{3ODYTZM9N-)x_&ifsqnR3M8vIn)S{Tki+b7s>=<)*s1$
zvU11mz{97qhx>h^RBY()9+&h<@!NwCkEsXP16beBdVb_`2@b%Cys>Ac`00{6{j`8;
zTpqQTI)Iud-aim_hrHc@`3YCXsRnKN*LQcT%3o5xCkVRryyr)oF@an6Xps--&Yps0
zZ7$_U2`s+KM<9Px`~$B3b_9#1>sxT!?C+>=<z57nN55#wY#tUU%QrJo9!P!Fi%QWu
zOgEuc&SZB&EDIpDQcHh06z4?Q*9+C~l2F|0LAqE_c<AZb`)B>i9nk{2sZZ7=IrNJ`
z7)JnIz@y*zAQzOweWv*Vj$fO8RQ6}+{BE_P33+Oj2ae&=q@BG1XYnQzJ(iKkrjK6W
zTgtIH2RPTds79%*;v9xOkNkmNYj;otO@AsW?Q{2y`bsV7vn$0t0*QEC1P5EMd#8Sd
zm<_n2)A(Hnqv;EZ-k0}<E~gos+Gz6Jt3)|iF&%awGru|f`WaK4KGMSIe9mT4bD?P1
zdvc-Gy$rP#bp?*jQsxVc2Rfx2PjNrWF_)`tF08muOqfApfWeLE?7Vqi=6(sEx#J07
znqF0r;k*(-fUrSr=e`dZH+H{PaDJhBsGSdWaBVxtBL|dknR36Oj$bp`eoZv|XWn^S
z{j60MV?zctiKj5N2Z!m4nudElYo<P0_NYKJ>G3!}hpYPU<}AIKlP{s}sru#uT%uze
zz=x%H>I@kOI(>Hd74>l1PDxQAIo`7mm&g0+V|k&Igpl7Ls6D2cK99^0o`94K#d~)s
z4f}LT-2tY=y8IQylt0CKzFYl?ygq#OMG^FrKCRx-`i;@O25~WDWw^4aYmV&d=j45$
zAD-_MOH`jkn)u2LAhxR7b;q%mN=W*iEPqNUcx&W*7R8CErdHwjNUIW;#Z%cJq|uoP
zci4y_#4td*_;UHpC)sGXt{&R&#I&^d&_hyM#~w!<`i5fVp_*oF0svMCym_x4sadMd
z16vABoUVV{ak8_6tO;%{bz*#-C@56D)>6l@ErRRFqYtk8*hh*7`}{r|_TTMXZ;{-p
z#rW&b3O|=SMy?_pCWfn)aDk2}BsUJFCqngkZ>e@~!BX00u;)A#A5d#~o!<-R;6dTO
zH=r&u1sa`;UA|VqF6P+;RcAQhwp>I0YD6-_LB_}dYb#MU>l@8K4W<#g3g38bzOAn8
z0Efd7qZ@^muTA02h}mYW<2ue3$#_KvIkCv4i8lD$hEElq>H|$^7EcX%<Tv*r9f73r
zNhkspAtl;;nmwM_7X&Jv6?9;?AbmOX0{RJ^$K&doUJy?`m_C74oXdxw0J$5duPe*+
zG3i6lcU$l!61XR6pANj&IsXQ)tC`X~Og(iquG6PeNgn2leLQH!$@!u|EHouqe=Uyk
zTb%!H0CN=G2Py4BS-6LYk=QFGyPN>~91Nmia+;TX+k!X)^U0v~tLM;C<o1dP>RRSE
z$HM%xylE8Sx4bNM!SK!+F>79Gxl9MMH$oJIX&&rU>Fp0V4tp#op3=)lt}d%N#Us4(
zF%dtJFcsY=<WcZl65*7Akw}&FaMLRV-w3pISUUBTyK~WdoQUaj7m?g4CeB3mp`+<H
z5$N2p2S27;u7z^@iusm)+ifJ}X({t@shrgV_t+}K>7{!O&$ayq3@?Sr?5YO4TQkna
z@!ivgLh-K_wuk*|LMX*2-j~11)>^SU75ev)pq0i0Kl$2S&JzU>Ntlch_kJ@52r`^V
zk3J<yieFu!ZxQkD5c)}-eP?UV$)W5T;<~``wQim%th=sG^wfaU9Uj-+_#A}c2_rJQ
zL~;Y^aIR<Y71hsytZ=FCK5eVk^|_Vb_4g9~(sFW`r-X{vy%`2D2owI;D%f{i^4W$7
z`_sBC>+6~TkAH<VxHt4hyFdkrcpG+pmwD`V^tM^N4SX5mZL}FU`m(nmkHJA!pQnW|
z6|Tm2V-0}7C(&521C9$HtI(&uW!vCz7vXXr)c$7RvX_OZxaV0u<C~js&WXDe1K%Y8
zYvUD!c<Vv_-QGLqX%Gv}x|hFR!0I`{m=_f0Ye78Cp98%CHtF<A_}}wNlY;Z>zMW+p
zw1R2n?h9@i<p&dKR1<~}RYyMBDRJue5Ig_fWR?-eL6|!XsY19xwrW=v^75l|)<$vo
zTuX-Yc!g{1qpom*oR_{5t*N@EN4^=!{L(a}{WGbP%W`0jbkW!@d}k#$xmn|-78zIJ
z^NmBrDiw1Xb_MsPVS|d5dC)YCjECE+ox#YS(0Y0?!=w^UoP_*3*4PLKS0{&eQu{V$
z)B6>tzgmUuN}PvmsFWSwEf1e6>}s`=dPHVK(r6aaCgw##hv;3#mn--pEY=2M;b&XW
zx4kIhbGG8AJmnFOZw7Apv6=<EL;%g>G!eyhhw+Kfpa-&e_pn=nEwl#AiPVLFol+P4
zUg1wTs~t037OopC#|SUD)UgCEx_pgEmQ9-<1nibGJ*`j&>9-d9-Ik_RZRBdh-(cPx
z6sxXBArf4U7HT%n4MoKY%trK6xNDle_RVyMouN2+_$577v=;?aK7}}sLO<s34sB6(
zA@DONEI0ttd;JUr_X?LrOeL;DHhG!GcZu-W`|`c8xN0KKo+MCOjoa=!rzD%7R`ss1
zf3LNjk5xRB))OyZERfyOC!MSl3m$OIAlt>4_%!>H=44zA!C5)92Fx(>knUdZebSml
zl;qxX9>J!%tGxi0CvSKm9=nP;7fZmX5KeHgbHw^x4b3PHv6URj{8x3#M_!h1A=H$u
z?SmYAQn)L)=dPmOJ&S+W`|+H6%<|{}x;6G30D72BLPz84{^928Edv)N9^Seu@%Y%!
zK>FRtCf-44Rj}RqQmEO|4Laxtyk7ob@|(72f-lc?=C_02SM~f(^?OAj=&^j#J28R;
zdcNz;)x(1O<o#)!5-aU&dWt)5&3f23Xa$!YD<4bqS?4vd&vC9`*K@QGg}gKF^+hf{
z0LFePRFK6IK{Gg!aBpSxr87_YbuamGIkjva7qqwWq<n{<1uru9tBT#eVIqcTp~ujR
z3G8?|uwAJWXr8&2JhksJavAtsxev7G?RPeW$0qlfX*&r(J=n$zu$ApKpM88tKc2XV
zZ;M`+dH?-XRP^A*O`ojC6#$v;p#Wpfo_YkQXeZkLyknPsYl+>>1DC3we4lhe;_`xm
z&>NLe$7-XdhgqAQTxa&DMvMPyecQz~->ZBeBhn`E>#OLA2n@7ys#(IQ+g_5e%k%xs
zeQ>usGWC>$2IQXEG&46CyJ~n;iK7X00={a5JNGWT3_9ynDKm=qRvI*&bERZS<!z#t
z!MCuHrXoxo)AvD$9(j=7oYFuNYDE=1PY#&}^_3P8;#Bi<?s?)$MpWX~<y|XGdRd>6
z`m?!yQqz1H&mnWn+o2>nPc(F-*P*GeNG!4PyC==@MK>!E^v6IH0q}6_@uZYGFJYa>
zhfL=|?ITgcU1(VsG%EOO;6eY&n|K57Md#iFNiHUvJuiven{upfwLcDVFPD+uzk|s)
zLH6FSYnSv?)8(V&65)~dFk#N#$4JTN+7lBjglyjDKZ5CZ9dexkPsg*HoynQsxHX(O
zFHy;3Un)_d19E{~QA&di<a+orWl}HU+f!cWi*k;q$CR9r36-c?Z+vsAkqp`g`S!i*
zp-o(ZJE3l6Q*Kgm$L487N%d0E(MP4#&Xdal7pq1FHxI!)IC@_I@zOc51ITE(?dQn3
z9L+`>7m}@RVn+K7jybnv{pCra?B=!4C3{YinqD@ygGaBuy*w}4!m5bx3=c%&V!DW1
zl7ISoi!2SXCjGk_OEsXDoyLsi9lkBtf(j<|wx#HO3Q^y#(>YOu2~ydQd=1>)YWMf=
zzF6kQGzGu8%%@mQ=ug_sB+33&`!2rhgX(}Txxntt6j+-_yVZ1TsXre9rnX*?pR_xE
zx7QKZk((uS?5^l}7<R7B9@_P}5g})Y=OohJh4uGYAzwN?_~5RFi`c%|>J=ZUiokjd
z_|%>ZsHWpUYI3MA>Rvh0`5=FrNMc~%G+m1D9eGRw=SkO!^pwYy_GrLv(vv%>XQ@hP
zj>hBYr?s+=x@qUw%&Ny%frYv;lcZHhy&nU)20`AE(CxE4Q?^tne4;n4`XulKk7jw|
zr7;SWitK=ZdYA)hah9Y4>KdZw-jEBsH2@re9;dAgec11g$~l1PP*Q^5i964n`!s!b
zNwuGZ8a3r_q>QaRYM<xE!NYu!X>VPtID=k>#~1+r_Ls?!Lt||_U+b|{jVkUzYl{u-
zwR0q(@Ef^N4^~VKN6hJGL0SB6$OCkG$VwD+awOvMHP*N+Nn~*PCVn5V4_@9|cBJ7x
zqTixRLUk_WqS78CmWzFFRCS!uZ=!VA#W`JhKn48JrcTAg;(=O^d+AP4ae3YYr@<jP
z?Ovm*=|?k4-f#7DPVvF}z8wP<<gEZAklK3|1k$hhz{bmzL#Bvi2kPUy4uMx_@Eh^_
zej(<|4J4#_<r1jeC)?fA{9`Fs&GxD~Kxi1oHL{k1t*?>%oST5CASF-0@94k6(aVDy
ziC+6s{5>^q%YC#8aqme+Igj(bCo^aW6Hv(_I!%0>vA)J_QmP>Gf+33>IR=0RW*)Ph
z^k+$H;!DGOXwK26O-p^~dI{bnn!_~eRJUjCg?`83x<W61{)d%G{BGgnaP23K&hmwd
z);y;1|6}YO@GM41+NDG2;t~B7WKjyxSh<RF7Z@vr3`DT504Nq!+M_f{wVhASU}7RM
zey70MWh*t0-|ju#uz5tR9}cb(cv=WveK6n7N8=$zL;AVmhC8=j#+ysan6q7rE_CKL
zN2=!W2xKht<cr@mvl+762|PE|VhXd$lC;Hl$GwD)7hKmk?DPIe5^@)|AD6ltx0Aik
zNN%E7v}C#*@b@lRJ?5M`4UZwY>;}(Fb)>RL^}zK<5ok8A#<)#reFnMq;5jwO`htu+
zlA!vKQy(Mj4wB|4{Pwn9?}owLgg@(x(&rR{LWyY`+{D|L>{8aW7KIgP(0%*+<>F4j
zRH5WG{C(~nznlJC{2VOJz1x*id0hMR5NDX92T#L!n?BiaG9)C`W^|tZUBi$ki+Jkf
zeyvi2r|vo1Yl)f1&ZU;eF^gA*O5e6G<^pi_m9L^tXB(7Wrmyt6U=}5h;dQE;U0R!w
zIQ$?@a1$4#-~q)ghouqEBBSrI$KzHt7dPPNLFm_GFlW|bQiwgH9*U#iKB}CwX8`x*
zfTvN-I<J@4i*e?!K1{yylnIxa9fORQpk``g{PX=1c3B92uSqfd)DZBac&nz$rjG%B
z+4{5mlv(s5qWf0icpj}r#205y`&m}l#dD6IJIc<sC+yLKyyy0{-hiMR^|u!XFi+^z
z9cHu9_0cN}{M4VesXxrP1uhN8g3s<5TgB0y-(mG1UR$;4xaWmJy0Ffnd-5(k%6je`
zYZG_MTWH_-e7ll$5FD?=OE+33dJ5&naTlA<sLTlLVJg^(4!b7-A9eXW1H5?w8tn8w
z#d<G01t>OO-9>2Gyc0dpF_rSvc`&<bKVDjQX5pKa9An0WpD!_KR|5}vv*?3A4?+k4
z`-;rwy0#wZ3Y8Y(iSB^+B6u_Be8qO7*$0n*GnBYNhWQp7t8s1z(D^R!9Y?<lke8jX
zG4`_Dq0joABgn`2QS*^~ELa5;K$@B_83b1BLY%RohS<2?e)BUg!8@O05e^`Q5*^y;
zUA6iys?t)3&JE7Wk?&6J&mvmD`*}|Y!o6L`z8Vh!FdhJ0;pv-$PIQ}z_d>Yw_%0aQ
z&pLtl4?i!tXmjUtPfnn&T4wsEYlsc7XG~U|w+g$R02AZ0BW=70s5o`QbqWrQ@zFdy
z0}AJ<-f#iL1`HvrJz~V~;|B&m9C+ftpHN7<vi`V59r=u?H(&Y!#p`n1AC<#ioz8D!
zU#fYp72;V-rtYp`-bk@t4U_|)hZ-95U@7tw`JB!26mIVbb!Z&IAV2Rb>*7E*Hn`~=
zk3xQ-Sn@Cy0<cfbY@w^s<Mk$f>wJ~H((%>BI!D6OS)co~*EfHLO~XIhx=#|#ZH<9A
z3a7x;MlY@8V0n%6g@xwf)`f&RYee5A^U*}+D-{wK6u%i!w*rrC|5-y2!zFq8aj4Eb
z*$ed5!gmAu$(kh<&tVneO2;ee;nz9N{mrj_w<7up)Wae7URa8_=aQe7b*UaJWF&9!
zJOIufeRS~J(VN!>kF)yIk^Pl%Vjans4XD*}M4aBY7U=GXpj4x$GtK770vbn4d(bBr
zQ`PU|Q!@8TJV{2B0J_PwLr2Od3}q1BkK}BDub)Y=Em1Oln{S44IyNuMw82y{S;zu7
z-N*Wb?4ih((#t{SOL;I(S5d9qkzS!M96sL<^aM27`!)Dgo-RLbeoB**CgoJSNbFY#
z^fYyH1pv7?o~!u)3^GrI&F3f~r%NVsb&uDjB|K-y*AVY1d8&X0Vh#}p-K2weo7QUQ
z#5XdU(8)md8;vj4f$8&S06jp$zuwwzEvUxg{!BmAYWlMZ#@m?>j31+9PzK~fuy^MX
zkk)hNXB~I^ZeF~Uqc8enzWxoLyzj9^P2=9r$c2jbc*4pW#N?S4DaZ%DDIIaYK5^Mu
zJ(41{$eoBs^(%+S$4B)^<y*T(60!J5RQohyp&DGwm^tU1RX|Nh7SjEES2_j<No?RN
z77z#@>pG+kWDN;->&Cf9m#FQ1D$P0<>o~^)!wB|MR`~w7SC!@ER)f2sr#$fCUZ?O(
z(_7KHC$dUEcVmDJqK8yjwAX<3pCfW#v|UoNIVK!V3iRmOTZM?~Z#vw~veg|JJl98E
zzd_z*)=&#g&=X(_aluf{5+<-tAiBr-%FO7HWTydqm7eD&Uj@JX(s-TCOp^}z^Zd%1
z=Nx}LL{Epl-E|yWKz07rslNTaPowc|-~yrhZBjiae&?>=?T!;)2&ApL-OpkMP<8pU
zjN3XBylj<;h<DU2W@#SHBqY2{tllN7a_1)bV&u}>M3ufZZzIEM3(h~w6W>dKYG2V<
zds}awe7^+7+;|@aIEs}1wYop%OD#zWXBSWSr87%M`fCiUdm;P8_LfEPH5y`n%n(5y
zjvfSDoH)jIdEm|sjvCNI;9tqo*0_mMdcOU;l(luwoxx+=F>GhqLsT9&FfSK8{ytG#
z^QNvWP@8-`vnm{hd`r?5W`*ue_#OkbDyutpO_*fn=2SmW0+owB*3xH=Cqs!G;-@P7
zbB+Q_lKCvp$0PiTorD|b<#VVrdG8SZ?W;IAU9qSkb>0X5rqPq$gItF~;3Wt%Nz-a0
z`;LsCveAkAn|J+gkmN$zP>2>dOvgo%`Z453p6Be9#E|2$&gi+!D4&4=vs*_!HL+TX
zi^|gDlnwMqFaWLU>4_VAvftC+vhMr2=Uo>@#m_}u^ra_Y-5j3tor1LYqA*mhsb6Th
zl}m6x-}JE3z`(*wP-%-svElTHQqOulsm`<~svK0#k%(`?UEzx!(_@G4#pasJm{cnS
zDixK89rs|6h3SY*^5XTQm)ZmQB$a|)<p^6Ialr26p|ZdlgghadAl+eD8?|8axm{#7
zM;i(#4$E2ysd2%w-ve-(CrtO~xY#2bK9|ZAK5xkge)xX8s6P+w83UfYMKZ_FOOn=q
zhFCoP9ySdXFH4(GoQBZN6-F}AbeeQO+Nm`8aEHf-`^x;zVZU1{F%0i_4!or`=>J>}
zZe0lZMlZmozbyZ<!t4!}e$3}!U2t=ubMun9BApj$_Rp+XYvH}GRc}h2Ti;A=b~ukT
zhL(recF1xaKlHwbHf`@W9+l2jBxLUPi$|^ksP{KLOQxBRpXs!$%uDfI|E+#Ti=Thn
z9tFtBri>?qh&UggbtA7jK-D*vFSk4m<;ylQq@aV=uI~F7-N{KQawwX;qVVW?#oAV?
zg=ayjp1qmZg>I?p{VcSLZ??!eqY#H(h1d{llkNlPC(cp*o4coodHZp0$9Xuo_bZ~w
zEt0FJ_&&V_LPAdo1%79J$Lz7Zm+oyDcW1wvjgv?J46?Td!c?k)hm1ImZRXZAH9bkO
zrzRGpM-F$E8NsPWGP}Qh-}849Cd9z*TrRtE*VG_xnbVbEc#7=>FNUA<H1tXeo;}D{
zMVI?+sL^}7FZE->)Dm`TL-joUz8VLwT;{~7xHQI-c2Rdi9)q}g=qu=MfEs(cbG&M&
z>SV*3ab2rwQN<is<-}4!2OseSmg`(r6Yz}?&VaO9@L1$z29)Hn$NwESI4n<*cfIuO
zpMNJ_q&VpK)JL7Y3?cnlT!Nep05kM^&tjW^xRj3Q*}1tgd^c%qK(!Mxk}zeWf-t6S
zf`BW842J;5QJlvg9c3Yx@3tlFAp6MI(uCl6>huY_AgI+5j~5C~T6;&W;05g#`|55)
z`@0T*SbW`JuKsO9rdkCrqcjpqTvpeok1!TNlNHfEHMhybLJQS<3W4rZ(m%uOciZN8
zP<1<%_6r4a^}ayESG2EPg3Pf6fVY)SlnOt|G<N%dYWco|12b{64@)T9ol|w`B0bQ#
zk7_>z!{$e)jy&~#NO0~Af*lRRbXA(K4EvVCifDav+1~O+ab9ZL1)Z5Y>kpvkt|1Lw
znZS>a7MznHindw8wf5w&awvL~QeMS<Bn|}w;(X%R+u+n8>;7gsVdQ&Tw!0o6WJkqs
zN_j)<H@{+!6bI=y24wX?HlQtSN3XuGGf3YNsN-cT$#S+AUU{qdo?rpXek6O5-*Pm+
zVA2D0OrUe!;_HacRC+4=>={qnD~HrhqBDja`dmPt<nUCvJr#K1zMuOm(ELD8`Dvl4
z=>hhK2fE~!t96PrM$BQc?|Vg+6Mmi|u&&>M_Pfzj_uN3pV*MsZ2xRa@jBie5Jk0ur
zxl_QB#@Vk3J-i>dBwS%UjoA;`$+-)TJ~5TZ|2kS^&Oozybd}ID>(Uk|nHP{i^Kp#Q
z6l(5=Vp|yxiAW2@?8bN*uz$C2-3we>DrfwI%ze9`^<FK|sY{1wIK3y;SYJYwDDzFY
z*v?gZhBpY&7tqY~Yez~1(8iduWx=tVum{gHD>cK`6&;qKd=QRpOiFW6Twtj~>zjEw
za}T4_+-Mu<BFrKv;%>bNyTUS@(=XXGgWg;{z&ROedD*>P%c1)1P@E;pj*_oiP@p@p
z)%~Tu;lp3h$re~=`MD(Lap-!_@VB)h9Q|sjnJBp<a6ys3!4tkWUF?pO)yY$H4X;fA
zjfN9D{SLLC62Q=DF&)e9LpVc++OA0*-Fq^7|C!#HOCR(Z4?r~3`?UJCRqL?EavXlE
z7!Xbvb-aBb87Pzc(u3pD#I&fp7=>gsW@-q7;Bar^IWfg{aYL{y%gcfuO}xRDf<rj@
zwnpv2g-+v(=PNBuzDQD7%CmShTpX^x)oYchiwzS33nw-Q8{|C9Df~u1PR!$mz)(h9
zg=!qllUZ~GVE3^g`YuLmBZiuNUyPd_tZ!Y4Vt6>Bjwp2c=)!tlc~Gy)YR!$MmexSL
zoYnvQ;o?bApk(XwIY@VMpF};MIapzj7nGo!miEFrFJ;FnjORznoKdbTtPjvuY4rYi
zfrQ8Yh3Eq+_rb?GkFbwM!pUGQ<V`5&0%WFYaK;iWMEzNJn!lS#)hzCr%-Oz#dIT{z
zKa=IWwOA<3Tm4w=a9V(gE44lFND*gT*OB;Id&S4Ti8(0q2w;`!mR`#BS{O8(&|7<C
z-^#Y5pTxM;ISiu0l+e@VsL>WcaG*;rc=kzc?E`y2q%x^fz6awTvw>UPI^EUz^?_Xg
zS2}XJ0TRcZ`>Y(47IvTFySqWsc={z<Y^J9+>?GvZqCYfslVIie^lfA9<0@NENI&9!
zyLgEY9>MdFb>Ln&h;l9cA(G|;s(o+%g2K%&#y9&YF6SfS_K5tYBp7~~aN#BxzGQ1>
zueM*NHh>kK<*MRLrseY4)Hc`(M=B!6J++*O=Xxt*|5;lhQSj0)NgY*<6)ewHdc3g{
zgX-yR5FKHUyqd`4eFX&K{LXE^+fRYVNF{<*o^rXo;aV1V_AJYnQmo=)^+Tf3qY_qW
zL7xN#^`J-yYASosbic6_(ZZc@q2|2oa;zR+>xqb)_Y7fuql)UQC+C<Q^v_Il9Or!u
zNrLe4^O@SOi-jtEwz8-3rFncz`(Ex_FRxC&y+S#B`>ynZ&u~2t=G{2Wrr`E{g6#q}
ztwICboRL$fY)&)E06ZG8j<@Kk88<ko;0V)F4x5BuL7If&=A0MQ7bENu_JJcY8;=33
z6XW$dYW~eYRmc~|bi2b&6T1>%!dJ^>H7tuOmm*Iy1=ZzSbqtm6kPMxquB+vyK}w~3
zB-<OFHdfhbx(VRYb{@f~WA<mjkwAS}z?T8-VA2zN=#TYroA6$~UlPcD8alrLRmC0>
z<Ub8!@^`~3-8mGr+xc=oV$8tXK){VpX&NW!<<mo>aL-si5a}lwF!Y$>@J%N>mN4wj
z_X*EXge%nOF4WM#?$_s9$Esd{ijwKadCt8y4Z)z4Gnj_1fOGy?U01!VgyI*<?a^q5
zBN_74Fmv8-I6|{t3w{Ea9Foo9r4ybg*yAG)n!2nTsdY{7cfYTvbnK+Wn0?J~3{5u8
zsm&tp?1yY?AhHT-;4-{WiC(C)2)2>6?4k?zIE}KT#W_z)ouN|-C*>`teYIY4`H6G>
z*SP@RpGVFq;i!L)zO^T^)QJ-)_B>v*qug;nKZC`WMD6M5)zg{8HR+&n512c^IWBgP
z{Bx}N^9qWpa-eXsvn{cu!vwFzXTL#{hvi)1(pH^$iWMB~(Mdb|a|C?;ZgEX$in1!)
ztIUbor{f0Ru~TObLK?My$m6mhdT)oNy8)ba=&uFmvZtZEx09DB&kdpCD1CJBCNN-e
z&pG<p5PZXWm9L~KsTy=Xg_tCqnNW0!?7M2?+?_QxcdyCE-R}nEnaUe;rbV&(8<T*3
zw}d^b=WA!Co(w$o)x(=WVQ@bQCk!|sNBiZFv6QkNIS1^nPQ^ZIFI!Y5s(D`C=k#O%
z&mo1Q*k|Fh1+uau`3+~|hN{^|ry0rZy;^{1d@WItk9l>Ulh?0wZUo*sFY4(CW3a@d
zOOhzJ$q}{in_+-9zLSzFhn4AWowrO4qzK$JPt5KEh~jczK_5>h3yt`@5a=l?%Zv3j
zb)AD1=}#m#Hr2oP>T~66x9K-U_rgGo&Es<XJLrCj21<KmY|vE__Jw;lr~=CLUAh)3
zCw1d<Yk=Mx2l~cbQaRt%FJtGGxp^$U3xCNg_hx_oL6G02_3A)4hXl8vcc=ANY6d4B
zrZKfD!TY>fb$AWeTlAz^yDm;9<E~sy6EOBTU;9OslNDFUVP5u|XZkBuRTnL2Ffgg8
z7`3ZUo+8i?&*Ur=@2r>cd(tvDtjAl0wqm9y?h{CPUbICkyD4CPqr!6$o?Jhd>Zq@d
zQ~Kt~d@HbP(GJ6$kF3DwtfA2Ev`ojQqK3{Td`Ulbq9L~M-WorjnH9K0I`C11R@kp>
z;tFqEXNe6z989I+cj+5ZomqY7tX^DpdL$x=c>(_J#XgS@VB^I*4yA(37JxCGM$vGg
zMU92{fMV(6Aa9S&g#$m!8uND>trOb&O<W>H$D=WU<kmf_p{~`$ha3}v`H+R{99S5I
z7OPt?@A3rQ@_Cu#VXy<J=wl&Mw{Drd(0~OsaCMvWl*j~91Mk~9cuWw&Lv28z5w4Yt
zs(U~B8nqpH?v2lJVh-l@+`9`Lv}Xs&7dwDUI#X<=PQJt!7w>mi+Q<*H__8RRVVWFD
z!G_b-(+X2@ixe3}(d2No^<x%_M<j+u8sgD2FU>;~I%=|LQ*uYIf!|3_O+vBVhP%8x
z%@ErxG^@8YNlJp$_P8+$7I_592^t$?33XS|aHz`_eEf4U1}ap6Zv@HLL<xDBwZgQh
zE~I1=URjsej#69^SGa^+v41w+BE;?rj`mqo0ml}3Ldb0AcHi(g3}45@NvN%TpLsU)
zNu!^E_q*}dIt+%>zr(MVjBZC!mzLr0`qu@-E!O0iM58M<>vwV6b?9(W+)Buu1tI?2
z>al>X@jdjI%y*Ye+!iL?4v&5N@xqOJ9-nwjN2+X|+N{rXYl0uUsGcmDQb?weyHozf
z^c7@?go|o*uYE2DHnpj4LPV9Hi)+)}y(Kw1plL7J8D<Yz8Cv&F1+yyXcEcpJ91IvN
zV%Gkw3on|*=B5ex`x{qv^C8?`>KRJbr$6pB!K|)UQICLu>0N?5;ZG5MH94+%xA{ff
zS-6p;;d?*#LES#;9@c(e0!%|X$u@g{hx~5$^%Lg2Xkb11jVtDOTg|IK4fq&s=xwCL
z{Tu+Uqx1i86s+I$u`Q|lfN01JY)tqOp4MY_pMsB<K=RJ9_(q-p?4zi^`Q7hUT`Ry~
zsO5-!+dY^>=AKrF9zaqaeg9J}Pck4$ZLiQ*VRav6k(;eXO%Ve{FQM!s+fp!7U%j%U
zT`hp1!<>O@!2aM)FFeMGcZq_xqaTP?q8yzRK_f3G`lowD>5`V;vPUdl4iru<aMD3f
z;{lehSdCOad-1|Jl!hqEsK}s_jJOAUfswX7UaE3tc~Djr{(p?U%gSXz&MY?fQ~aE{
zA(gs&rYoL%X#D=KVR99m(QdvTbkj6c)n0j#B2rQW{+pR`7B_d9ynxD+H))o!fat(I
z+Ve7xq1$k`ht|4|J#>Kc?jR+J!(Bt77p1q>>SoBEcO&=3x;b)FZm{)HkuB+bT=g3O
zH97Pty0+>43cG%6vJQa?d=*E1#9r!wX~mr=456EezKjg~0Jf{1!fUbmXWa8sw|Q-@
z<jL;&Ogvx6I5*_d-CM;$-%BFUi@$3ENt!xfzY^{}zlVDhi|4Uz_m@u@5snlKe!juy
zqU}u?Q63Y6K?*cCCpG>z4CKPMDHPjIaJ~PV9+8K6tRNZ+4S4yWjn5L^h~mPc9ivl)
zdTLGBPRRNCxiY6?86X&vA9%f!Z<8tFy3dskj}D2u=;<4~x*5bO=II6T67>xj{?q}L
zOXGx4!iQuqkmVf6J-sw9k8QE9FqAhNPszQMdDTmDGOmk^*-MCqD#zfn8xR|fX_)mh
z*~d?eeU+!`3P{@H;pz`T)rBBy3&!fqD@C15x*wsLyKa1@`>}x_5vU{wSP*VX!P(1c
z+9zBZdsiZlvblRiU!XpkO$&%2inKjMyhBO~kmB(r>6?GgZ@PtZ?Xagml9}#>(gk=4
zoa*?x?u$DV=eEBznH2~o`O|Oap5NoZhVhk_y(*dT?BqO>Z{U0y&r*sk8QGQC8KuVz
zj=qyI@L8s?p5!W>l65?fVdiqqc56w7jDLfUU~v;En``}Qq>&6-(8+9rmx~^HL4yMl
z%AX8WFLH~Vb2NFP_xjzLO+~&(Cm*}!Y*0g5&5bi4l@~mkV);|Toxm5{B1As-!-q4r
zP8|8($0xG}Z(Vv6oAeX^sIhaW>=qPx7UUFJop%%KhLkK$<8UfL0}|?S)}!@liJrE&
zC#~)wv0Z1Nt$k49l2_a9`usjl+*n4->ky`c=%@9YBa5SC6x_HkEtD;A&3SBTc<t@g
zV-v~VqIBF&#E}Y%^U^yj+@$K^K6uA(r1_p0_`6;~px3X}1KuE!@5Ugm!N;Q?xscM9
ziz*d;J@(*I-aG>be;&Z!1H_@zMoL~)EcxO?1}lK~Rd0fu7H(qp_`%sD`cABmDZK*|
zN)qxt*U=S}BB3pqmwTd$Z^5TsLE<-s@c8t;W3&+IaHnvr-%2+w^nD2umh~O;lt=k+
z%tOL#2k``)jhZW(ySasf$4}|Dhw)*7MZsw02{RbIL~G|0>^ir3Rs(`Y-(J*)oyQiI
zsUhFaj-ZaXQ2LzR22KH&&rBh&p0`M(mw}9tY{(5TY0{_R-ml~_LHxbHhF|X$Xs)w3
zssr1FEGcM)A!ocY{e8wc_2_SBlen;(;fkLU)%!@r3TQqi4+1SKZglz1z#aKY87GP_
z!kqFf;hcN1t+$<u&nH0+vA!*J{-z$wwMo6WS{$mjXn{$XS4ch1SbQDkUmrF2=J{6h
zWrhlhpGWZb$Z^OHp054W#_;;sjpQ?UlfQQS%Vmnieetl#2}6#lPxP50P=b`M`@KbJ
ziLrf72gpG-Jkx3ZxwpQ3KWA@U+&T&Tw&S$%=0hi^2%+S`{J5M96$}00Z$7DOo|||c
zsy_PweC=WjdSuaMPBgJC;%<W>eYiW4zUQM-<X&#*g6KzVW{cWT(wJ(-AD{Gd4$1@Z
zx^vnnb{GHo92~2AkCfaZB}C=pkEEMwDW+*&CfPYW0jN2TDo9*)xi36<oMxsDTW!4;
zgRJs}MD3{vm@Lc3`2+_=5yT1-Qh^Jq-KYBNen-nAhuj`eh;}4>{7!loZ>hq5Fo{ir
zDC`zDHlW7AiibBv%68>%6YEIZ&Y`Yx<e_^G7U-^=jEk~_VTA6Sy0aMX!p$kW3r#-{
z;qM`3LlE6%)I)_4;Ny>)9b|N6FOqIL4#D>^3Xe9SV=0cvZaxA8pKfF%J<@W|AYX#n
z<#N6^kNOL)uA-mtILHnW42uAqlncNJHC1b0muuNDK%b+=^T?o0dqD9!OqcfKO??M|
zto-(wE>{2?OiixFLvQmV`&|p~rj|#Qzdi(aT)%k`nO=D1dl`yJMu?Ew3tNdl|A9@%
z;kbPlHi4NqX#hpb^|9k~9h|5v6;CuasrgmhAlh_mwLmE>RH4Y3sF$g|VCbRI`x5!r
z*m@oZI(~ZQC<hdkah*c1r3=|r0=z!EQc0gYy1n=|HN1ERrXGR0_gyped|9!o9!`JR
zZ7Jq^vP_b!bL7u9&jMKFd&4$0k@2>jl%{hohTkOngoN8Mms=<=F7iAM#uw`6G5kH&
zjDZjP71?ah`vRcNJ!ina$1hqS28_Jgr$8UM{JO0XM)w<)OOd>YB&ytK@<OTGEpm*`
z++s=(tVY96I7R~E<OMzfjBJZ2eJ}=WMWmD!o4FpTF{tY!Rof#tfxIVr*^KK!I(#wf
z<{j$3^yqKuyBva`r)HJZ?Hh2cCRUm_nL&rlTi?p9VMLcaVrNNls-5q@(p0l4e8PYP
zCVqmu_rN8IQ+B?w`g6YZFckEz?I5@hpnflI<PVrk<B@$VOr`K;E||+A3J(YGV}TTW
zmy^&}@6e^5PtW6l%c`)8N4tGirGrz8CUuT6ylj2Vj@CEk0}rJjsxhjyde;?M3C@ws
zGZcPbCd-)r-B|E{{LlaVfA4Voum9)&4*WmS=zslR|MUO;#~4|H@mXl_(CYgqkGAps
ztelLCA^1c@IBf~I^C)D__}6J)sDSo$#78ITrewn$w&p$OR}B4ma?km*dNZSoO0HN<
znb<`zcnscIbt8XqeNZa>T{nXl%C(PfF`jyq*B*Y0=C1-qkYm_9OlarVlhaSmReu^@
zz{}rqysNIC*=>zF;oKDW*afyTEZKZI`{kc|ginr!od5;ruNwxnw%24BN`+qT8#uoQ
z(to0Jg8$-?nD#M5c~N$nBq+e`(CM(FKI%hc9r1Z19NwgQwBKa*h62ON-8s&=#vqeN
zRQKP56wR-0l;1cG_92l!%|!fWwj9bAAkxj8kF7CV0?vcJ9Oa+%I1zNLCqqkQ0qyoN
z<d=;^1|2RRx<WOkLl-K4dF}nq_yzNJ=g%KJm#k$UO>gADGj;J~FjOZ9oXaf>bs3^U
zVvrH`oAn2w_@4PLC*<tfd93u*XN9hDubp4&n7?zwg$1M+wf<aV>Aus)3ifl((E#q)
zSUZpE&amrME03H*nwycEmavt|gr8QpuL5D8v(yobo`4pKKgIKY%PEvBpG>8>f149|
zJqY@6Q9qibq4%5n{aP8n<_J-!TWLF<SJ1-fBX1}4C4<u^Q_@TcS`DP-vniICuwU!^
zdsH956|l;1X8s=Z_Rgh3PunEf-V@?iYU&_!P<F1D1d$BTNiEAhpZfus?>%p4Y<36a
zETOI_In0`C{S<QkJqG?s0-j4o443cUrgH*J@>Z%JNxge&x^A}6jNQll@zG<MsL>)`
z*Mq2t>gVW0F8l4<7eMAXb|H4XY%b*UYrTJu7{iK0(r2{qDX4#%x86^7<+4L<Q6&uY
z$+o<vSNCi%vWN1jfrsC~N;}=jdTdA!gK9qN?vi9+4KP?Cz*GKf&Fw!}&$rUO_o@J<
zEaTs9)@l!Q=))a;^D|$lo8X^e<zhSS<)+8wg=6e9O7py>_p_Sn^1v(jxX49so`shY
zZ#Qk<UytARAEXFpnyYu)yr+hk_s_Q}b+ET?Q@5h6zk&5*X-8_&Q0><Bu(~>Py?7Al
za^7yRyvs`t`*^gq9<^m-IB>a+P@G>62fxSeIES$O?7e>O(2h;tzlY}^IZP|%;$}Ld
zEtmY-HP{SG>yyCtxX<FA`L5Mjs9{nD^162CaHlwTiDoR_ekh@E`RC-|@0qSplKV-m
z!M%$Hg-J5>_a=O_58s*{kOydY!gT`rjIi5nn%2m)5t<Mv<MAvoyA7~Kz*u;41h+(%
zH*55PGAH(*9Sgq)hOj<N-U43YA((GX|Cz=A4YP6}OHO#n=D-QPIya>MwJ|l5M&J6H
z+QiA~vGf`JfZ|o2GD0Yhrlg_a7}20Cvpzp};`cPlzErG~RY%O!$7TUSe2?Bg<@xs0
zvs%Q<z}IL_#w9JedxgOL5cTI6T5Q9V3?X;W$D!_LzW4S2=%hEPC)L4YwI!+QKgR@r
zk2>%TITraTQS<{)tid`xY8Uj+oB&^UFQZ<qZw6%Ol(>nroVrKfg+78d#Gko1J8Hfd
zd|l@ey^uOMTYG!I)^pfK$+=>MKRcU$_tD!O@H=z}yQ|?deY-B+XYJ_B-(u6JN0W)J
z@Fxu<9}m?fBex~yv0OOJ!nhZ%(?o0EF}FOQRm6Nc9$lA}i{5|iL_DM-KfmR7leY4w
zQJ2gDbc*j~!b}-IZh0a8i;?+5@Hu5<Q?lLAzGqn9#pwjgI0cuXBcn=8V~K2%9QbkV
zL(!E6t*%X340|wl_u|>D`g!AjcL1Mn0Ck8D@(66a@MoIzlEK2Q7m4`4(3Dq(85!k>
zTP(!52vP?;JG3<h_LBowk0QWK*lTo}?a|r#B>fAH^t}tA0Ich41ohjh@^^dbTmeTn
z?;|X>BW9z_bYkL&lD0o$^yl4?qR`c`j2DWr*jXh<&RsK}3prXyiBX3uimu#@Xp6vg
z&h{&30rwd5sX>G(Rm@Pf`t1t+TU6tdmzmA3@g^Foj2$&1&6pRXKQ-^a8!iDnXbT<>
zyN`2EYD^+CImm5~{j3}OhMCyt8ao9SIJK9p1mUSfleD(WRnn0(ok}-;yOjJEW;@2)
zIzSgB63%Ty(0qS6TBu3$7T&f$A$vIN0X@VoX5~9roF}`^?mODnihzCfa@$y^DQA7s
z_kcifh1r*QOhygx>&~Fvb3c;*TVCfk0ys>Edbu-M#dRKO+_>JeQIBo0oc{cY<Ie{c
zw;cl|sama1q7+)%^0*UD#SpC=A)@t;TnN@38dF$txmTpYgzq-ZWap6I+Ty%<VSmru
z{kA2q%yX4}KVv=F$|EjV`kBVJVe(^=Aq!aYw{bxGVJbLWbkwbvxHj27ZG~_~+0bmj
zg*K41na`6gW9yyt7xnrx)10?`Xft*Ba`Ne)-0=SH7m3&|zl4oVpD_u4TCG)A%i11~
z%2Dj(F^gdS+g-I<)zUoaIv>4{FxtyjcT$eX&=F*rpwx<HJ_md$ZhZFEg5z(ePjq^8
zN!YombFhH#@7L$wMnG9cCc3gd{^0DuA*mP){+w%@j7`qWl{5Ho^50%+3zP`jB-x3>
z-LhhC6361W6-jy<H|%8!P*baOY+WCXwiij!(DXv>`z3Z%7Tq7Z`uTOg-_rK0kFs*O
zPmx{q&>;44+x1UvFG%?y;n!ZrZ1g9a5Q5NHz%=uQI13RtG_-3~><5c<AoylaT-LTT
zs9)cZP$c3^^brNEPDwpd`5@PIZ2EQQ?tf5jUi)m$Yuj6_b_=v>6F~KNGWHdc8@Nca
zsimIwx5x$Do0cYUa0d%)_Zq0hWr@mDk;Y(%*0(ZV5W{6TQ~OCHolEKZfrA$TZoG{y
z-hVQq^YaUTzu3hKAUNi{%W-nZE`2({*7oA^n(_u8zA#tDc%uB&p+6Bka$J9qQ_s=4
zRwI1l+Z9|C_G0*aDJ{Z>5RXA)uR>A)3@+wyEZ(_wtS`n%qIXA5_Rnwp{m6GPz{D)!
zRGsNHjNTJQb}U@M(D22;Q&O}qU_5y4QMdknHVJk~B5AH_+v8W`4yu1fq~|lUxwQ|`
zKPY$oR7N$_JI4Bnei@x@K(~QAV}eor&9vq3ul(KiM4JrBpuJKYRmpwsUE6CN$6tQO
z+jQ|he2TYo>V*N$zh4qFVl-l!zAn-A2P<`K_1>9066}_IeBl!h*=!Dja_o1sRskN;
z@nfWkmn@}Mr6Ow{_4xIjzn>C)?^bE~={bH{(zIIV?c*mFRe1rxwr;<FaUXQ<lqeW4
zIDdDl)xHR65B*A0`ni4>{GXZyCgPn(5bzcQuLGO`PeUeTZYKdLcj2u2?j_j+(0pTc
z^Zwk?->;87wvf2-lGLFyP5f?a+OXSY1hwyxzE7|63y*hiPxp6|5B-S&6p3&GEzAy}
zbDej=DyN!WR=F*Mhl+{LhVQsA1fkV|6DkT1kmTGW1`7lt0;43ulRrC_@9zgoxeH8F
zpGRSqvi2b^bt_BLIA@M9_aTEv)Y>0XX~&o@QAz$A%gNYXdfERh_N_vUU=P&A%QJld
zap!t?C0z@wds#mV2`TQleVT;0$N?Y4jYF=^O>?7vjRxG`Z=89%c6=8;$rY^8j{AB2
zHV#i|3BV1Ddt=H)`Eh}7(1V6^Gn)R)GWR;jH%9w7-c8gAV>Qc!8oN$C?Gt@Pki7+Z
zv8C5-2AHQ0MnW*OT!$nOJ8=#(Ubo4g-)p~}qn5=r$_jyw*Lm^yDw2l4*ExF+K?!0l
zEUbwM2dm7vhCKZVG5-B(#BFFjy+@-k_$B8H55QHhA7a<{eV?U=ZpXVP7+b6}dzz4D
z{8kItyLk7-xX1=;HT|iOasR_hD%_BM`A>8z?+%&dj$e`EjG;_MyYv#yRNPOKa=N++
z(M$5q&@lb^%}o$^AIL+`tgWvGotKaD2>{Sx&CjFZR&iJ8r!1VVH`*spCYBCLdKzt=
zF}R-M)oAqV4&(2)S68gPNnLw#!}KNrIMwI0O#`BG0*p=@zI+dME~|j+)Vm4siB;Ls
ze^H^;(~rfk>b%Tkd;{`RuMv^2m4z;c$lkAV!k%0a_Q`~HnwOP6s`S$ST`k1VlvP$X
z5P#(({QX*MCug$y4z7h0Lle2XK)E8sh-h_PnmG5=VEPN_StoSW2TwQ>iFQ!_8N<Ss
z;<H>_PMo)_kD?UG!qU61x+{1~17PiJeKR&}Nk;DyqoXL`QE}!MZ%*le3v~hhv<txB
z@4Ffq0e9-gyT_t5L<DqV&Ze;Uv4IkKWXxJ7#xHNY1rlET-ec!F(PNf>*BID<TP-SF
z&Jny9J+;QrxOEJ5?fq|+1GA~NUbmw>Tw+dc!%@EPKv*Byq<ghVmBL5w&vX9!MY!y<
z#qz82;C?LK8~IS(Uc>Z5y9fgn#a3$Ic6^2V(X7us2J@a3%@8<s^UvaQa69Ay;nSCr
zlyM16VMEUu{{&-T*6T>ydSduDENcovZy)#*$)==t$47N}^<A~k4CPmMJ^p?}J}{s1
z0iUfY;xqLD%fmR5+$?k4T;_Ct?vguzHgeD|oU5k{sYWKcZsv=Lf1;Gqj3Z(OosJL1
ziBc=oTs)q5&MoN&x9(vnV!8s=S=|19E1ZdLWgdb}_}s4_tykQRYrhZ~{(f~v)N|i|
z#RIS}LL<MMr$w_j*IK6<K8KN$k#Z;vz3#|x_64T%IRbyP0)xjNwEKJaZv}p@wT6zA
zFwrC?E9mK`cphfs9DU&B@nXl%36r4pp|jabl5};q_OMt}AIM?aJ-=FK@b^2lm|v!|
zF7)CjW#7(o>qMIo!}lr~+w@4?BE0DHS#;v;lqB9{oBW*WZb&{D<r06I$pMZWX4(L&
zS=0I~WJsC7Oxm^XCNG@@d5i<`NZ+`U2OeUtyyw2?F-yKpIxppv68k;%a|M3CY%lwR
zNqrM`cRT27MmsF0Ksa|g(rQi)UpC^Nv@U^jD76#q-T%YOU7JX8;~_z*KO_Ip9IVRt
zntiUp%VmdGyoW}i1WIl-UhJvO8{Ijxt20Xeu&xG(4h?kXBih5|07iS;em431ehaTS
z@^5^qW<IyZntND5Z<}~41~|hAHtQ8YqqI|#Obnx%M{3V<oC)9xe*_Tf>g1oV=bl%_
zbHCPrLfl5=URNm_NHr)s$DAiy?;x$qe2>ladBntwUH*vr`~8G%2bV@>#VmfkTH^25
zb5O!iy)T{lrK^1YwNW0%w+-*d`KJxP%0Odm)D*nF`6-;#+ULivS5PQD*E#b2eV%{f
zpMa}7Tiut=s@$r<<%Q3}Ob4nbOPx<cwNr_iE%~Xu*Ery8pBZ&c5G$_uteN8Cjo6=c
zUi|&u-nNke`xx>!eYT*ok-KaBR%TYN25R-OT4p(xpHlVUrPk5~)<-BJi~3O^^BM-Z
z<i7rQr8qe*O+S=5Yb1FB7MHB!!tJfwC!>_a{4_=D-3R+MY1if^(@ndo>hu`xy$T6)
zdT;hG%#Xic=yP0*a`Ye_lY@%oMRqe7bj*FrAmf8gT+*snUHK&p$grGMv+CsfXlnTj
zQ7aJB?CaWpJ7fecHUuEJf<m4<P?bk>zvjBgws&j3u5o`L5o?1>L7mlZk=CFTntvoy
zpigtMSBTNizPjJ&aDe;fH_TKaXXR6Th(y)?XJ45hJt+bC0>Psoa}V7$Z&Z`{Oy3V<
zsj6{=kN91?ut1^vclEHrcfK2kSxtuhLf~4Zpx9BD+jL?*_-Gex(7-m?2^rf*|9Jyn
zph$g0e}-5JguZHA|6Glq5!2&>=MXAjHme=r@$C?)^P(?4tSFeO66uS!IJ7!@uUFC|
zOSBpELED?14`_^|!@1W@7|Q<E+`xUA3Zq6$Hyw_i3f+=msLMWp9Ts)El^_zOVZ-qZ
zW_pwaY_u?~UbNbxuN!)O?eediLci+<^-TafW`Bkb>s~S0b#L_2d4ZS%neGbeJva|n
zXW<o7JENv8*4OHtQzgDDac_jNV%6l{Pm27{Y=YiB=LUi&kBKi8LqOx%rKUEU9R41_
zUTBTrjYfQ+nzpmS!M-^=ZlH|E3}lfVjs^6uN(%k1G)$d!SAYXj5;u-U+i8$5vq+6B
z5ghjID^7G@9Jy9faZvN#nW#^Q!JO*kid^u$b!@!Pd>t%3{O5ZDI6JB>e!_KZb$|fm
z49I@!&?xK&TypHZ&-NF9XF>?pGXXqtx_7n>R1cKhzRTCr?oVb-ziShxix><LwE{nP
z#=E0|-wSm4zP+c*Uc17`hguH9j!{DBZr@W$`c41UT(}`7nV#cekx=5A(h~S5`_u%z
z;h6}KpKJi|)Ih;}Z~i&8u~WVXMC15?;-rp5KAgAp5|mAcnmyjWbPif-DAW4S_TS&t
zjGk+fLHEd5o`<`>Y0QM`eYa>F`ua<R2ZsVbU4h3I+=HZi%uc!#E7@hXJ7(~(^6<Mr
zyCtmtZXVtJ+t(!UPDR9t@Zv|ML2+-WfkZJZ0v3tJ0R=yuZg@)&VCrI8v!s6RFL6Bl
z7`WWoX$Jd!T7K6*X0i(GuwK5Ei;oTKSqQ}oh%C)bS>RDO=>7Ab)&FR)!rZxMVg<HO
zA;#IAysq7;8m@bSfRVIQBrE=08RqT1Q&$_2^5xLk^py8ub2;ZM?^|YHO;;yg9Jt6+
zdaiS#Pfq0O*@}e`m`?ac{(mbV5&wsY2T86j-*JX)lur~kx8R=O!=#Uuh1qtCZ5s`G
zW1hEEOs<WRgq5Rd91>Wc26lg1E#!qW4EYfGzdFmGnVBJQ5&dOo?l`j(G97&n?1BBd
z&<l;jyj^;gurFaqL<Xmdp9a%(u6Q)88pik&6$bqEGEKj0EH8V-iY(qaYY0$y$2#m9
z1x?E_hv3lRvw58*u`)t^OQZr-=mp1f=&^g)x?k<Kg!tSA(+Qy5az3c+dj72MFZ9D7
z&h?g_b7GS&@Em>M(B};5@mdxTuoWFV;0S#WmDG^xoK-%@osCk6=dOYYANwiUM!%~v
z`uHNuxj7J8@yMN-h^$?Vp_xU$3X63mxK?ZCa8?+Cz!B-Xb3qgF^e5AOP~Cf_l?={I
zf1~9^k?xCfNdC;)3H|QjVXbPtCYo?_&v_UZ*0dinIvWxl9ZQ)It$y~%R3<EuS)7;k
z4;RTN#PqO(o*Mmmvwqic?sgzNIvw{#nPR-oa5hGqY!6;IsnUd_MAjhYaRg0Y;sGk!
zPZKy?3iuobR9OA`OaXkggNqESa6~WGfz7{p04?~P-eB6P5sEsAQ$BFdr^?Xd?qqg2
zOf&P4la61@<QEEb?hL!ToFbG7Ej6Qeob_kl9R05R_(KRv!4b**`Gi!+kO7z)V#tNZ
zviht8F@$_l;nG_U{bhkfUebY{w3oIiy;3ywfO^%HWyTmy7I*O)U`Xq~)tKhuPGhon
z$~#o3pR2y=6}pwVtNN*4IOHYIloA^>swR+qnFPkB{qyNO6?k5h(i#6bkVe02MWrtu
zJHZn49-_E@^?Tyyq$JV8&(m^`n?+p4zE07dou2|&ou+#%;j}xuUEEV=k0OcDIWK_v
z>Tx$cE4lp8UD)5NRMs$(!(_Y#4|*XkK(L+29P@mz>K$UP1cHH<TU`<;s+ZMq^Rm%N
zluA7ZKONA;;r&?+=ik+(Wi9!><&jDO^E*IXFPgmVk;fabL%n^PuUupA>afRk?+Z%@
z+l>|?DK4H%Hy*XKMzJn_#C)WY+?o*;9*{f*O@F^j(ZvivYRpO=q7$E&>@A({42;3-
zUU(Rm4;Og#T#{&&xOw{MMGvNdK8{qLZ<m{Vcz>QI{#}n6zY-4_#>y~)O6P8U@2zGf
z*(#3`dt-xI_(P1d7y$?+F!(?%-G?TZlDc|WJ@8TbGn=!_?_d^G(joLV<j_lVH|B3A
zJh?^2&<OCgm=0Bkj!(esS2-lPDzGcHc4*k)o6+YyU5;@xC8Tz{thF!3#jl&rWa8&a
z{jOla1JKyEZZ`g6V2_u}Ub$-U)$eL3__`#i-U^)ANjo8Yv-iUC`R*3p&Wr1-*yxzI
zS=-}W*VVZ1$a}qP;T!1K3sL{Yc<(YLbZm%Ddy*Smo+Gp;k1o?F)8OLKd%7t|;eCn>
z9^J#6;#mfb{(dT!b77_^e8TTP*Xm~+-=a%1d9}a-;3c9@wvO9UE$ncbbw1X6gYGoX
ztuv*lpE&6ymbNo#JOGcg1g<@Jn|`FRKwYSkmPaM87pQQ5cNTI`|DGz13(4HmwqK>^
zCOB@8AG#+j<!;4zfN_WMyf_-O^Ql#*_@NA%DwRxzYkp;Sy<h0O_WNZ0u98I#lHPp#
za~0_`3up&6MIoV2Y;!Lp;%1iL){XK&E*ivpcMtSMI}d8otZg3cZ>-^3YWi|Y`yvhC
z+lWWo?&uv-Gh_FRzxzlDa#&R3@Jv6xcELrw#ZKmeaU#^><mqd^el9$s8R~S}bC>)$
z-t(X!re3At9MXUF=wIvgAL?qdzVA})t$5*A(bI`qW*0knGJ|!ry$IOtMa&_zvsf=k
zsXsDF)(3cZ<g#2v1^}kmT6}pl_jpT@5^eWcxvhNEo9O6~{2Q6Ko>eoaxqkB~$Jt@o
zbiR3OOv9<(tw&N|-%siMUO3oIT~t>%HRhYpt_t&_lZ-&95x?G7`FABQvP@O5VxYn;
z+ltd}J$ghh_gs@T9TzxoErxo;qMUnq@Oq&f1<jZ5_Db60%|?DJw4CY|49sIxN}VZO
zHwqctU^@}|NT~+>J<OXesZ}1`y*nhi#`UOLjmSVklDK$+Yjo}%q}0RSmU(!68M7bc
z2%Qrm!?O?WEQ|Bc8RXxh=d@a%Zv)dsDrv^5cRdpuflpb66|dQuNbAcx4XBRcdSG(!
z9zOn-wr%L%d92I5+&ZXNN8eo_%}9F*$}ie&3ssd9mwk&iTmO88ixGaSf8w4zOD+qC
zmgQ?DJTlEhd94pBRi>%~N$=hXeg`zK<AEJS)4QJ6J=E*L!fW;Or2Ve;0e;m+Sed>l
z`*k;%bJR?0&RSQ~r-usakOfY0){fjG4|!nvHK?2T5Nhc4nsW@myYYyOqgqr~@d>xE
zJNGD>os&}CIlSZY0I&4l{V{YMtT%J<!#&0Kajm}f=`toRoW}(H>eUX_#}Fxm$yB~-
zu^xm^*`?rJ({pep8;-{PIr07<>Vq@wmGK$loEM*_n2)LA`)(%H3IH8x79Wx1PX;(k
z$PUz8ejh^*fm~@;P7B%mx*2dA{87B_d4F?`0zY(Q`_XB<sI#o;fUXf1f8w%x8l*~M
zIjK3OYNC%Xo|Di89gZQ#P|wWCTMJwW!pD+ltvu&ypO-96Kof?qZ{3$6@K=4Ae^(SU
z`0+cQ!ob~_TkotGJfu9UT&LO(>NnF}{;>)VKc`NfinmXq;T$7&#p5AhBazY+BMN9a
z_PKzpKFE0(ZSZ2}OF%-DYI&Qi2jW=#iT=d{Gf|fBr0^*jyL3Ab3p*>u8bCmBrytvQ
z282hc@#;(E{Fq~(ZqGit?}+x{GbB5%Kat1p8swRcE1$Uvf@oJ%q{++D(*k#eU)D}L
z8~%a}2@mt5yK;~6=YSQ%U$yCzBF?#-=kYdtfA@Vfh96sgNkRtvc%A$HbW=iNNcn!o
zEP9k&{+<-*i@tXQL^&W1!rYayU~HMYsC^8o^P%ahiBZ|Dm0Q}#2H9gTlvsoZo)ZH%
z^%BD+KEF<${0HUQ+;+r<ZOvt;C|yFns$HOM&B19y4cIPyS7=lrGMgbdEGG29s(L>$
zK{adQ@Fkq=bFj82##F0<I-KOZ!!8aEFW()+Rc$o-T)Q0${_F*~YptZ+pZ)Y(q$FDV
zg!<`jjarcH34YkO6Kd0!us$U-+t2zb9it=C1r(UCUb?hO=Vxb}{D(T{Ico0y&&n?C
zlaxLp^@;7VIiT>KE#-o1FS?s;Fl?mLdRotFc@*1ym!;a-Kx0!Il3sMvLjzv-0pngI
zU9zT-mh;b;9~U0#foA8)DEwPMM}cx=?>f?)lx^`rzwI7XZv4<5@Q?)v>Xp0xPynC%
zDf^HbX8NK+shq-joM@sq`}9xIc==r!6@tT4VS)@?_l(wN#EFw;#}5ezEh@G6yA%E5
zZ$xB)fv-myCEssGFVBv?3|h>Ta;y%N`Js9s-yVvS__~p)#HI!>O>vO#cD~b+Eph!u
zod2TRJO~m%Noe&U7Q17BpG0Ez#hr5+z|X^b;CnU6PwMq#$qeri@^`V_Eakz4gC+t4
zg+FJ*<##Q$Ntkl3+1rv-fVzF|yH1a(R<V*o^ViM(K8}%AzqcBwiAcR1-$>BbQd>_1
z>sH{WRJ#b*1*Ym9SXp?i{N=1^iR2`58(1m3B^4uEKt`Ncf7`LB>LWEm(%0-d=;xHe
zOA!xdhEP0KgGbz{TDbIu-kwLI89-|&)jQ^&9^a^cuHtZ<Ab(Xx<ahNIZaX@e86J*u
znMcoZ&jajM*UQh2w*qzl)45*0X_k176`K(<lRbnNcZ&)R09ZLJUS_$Mg6Z_g>^q|`
zYtO>wIY_Xa55Cr0Jju?>keD6KEY*MFXRc{XMKQM9Ej_tI&=R|CFFTl1GJGBQQI&DL
z*f~+=;$!cTlo5G`!J$p&z7=q3x$_?+gns4}Q;5?VyeNeo&|AYA)fQ=FT36}oDv&Hd
zoov}9VM``0=-S8^H6KG{TjW`IpFxqMUk~vL+m+QEF-T5n4w$fGJU7Oxx%Rk&sRaTg
z(*s2kd-43Og$8HVBh%U~p@atjL%@Oaj5uNzdj~?<R-vcD=k3KWs~Mqk+r4qLR9^@u
zgnU2jGj;sAlD{jwev)=)sfjg972f_u=)DLPmt!R#dyuuqG5s@!Nb}HY6gd3O5!yeq
zbj)a85zGJxURi;?DBHaDs3DK}g5kUOCBVt2w8UT@euLw?N)E|Y_g<I!`^5#%SJ61c
zF9J<Gl6ZyTv=})Fd;)3$^u7CrSDBFn;AQxxJIMV!v=HBf-`3%8xUc^GiC=5^yCyt(
zt>=3IF%~|j=wtKO1a7q*T0Hf*Qlo5M@ZyRSfk&@If}i2Vz3Oumu~kQ}Xn}q#;67du
z9@H@SV3NyKLF<fuWcrqV<&rBt4RnC=F4n%?qKPu*KXD_P0zka&ew@ixtqJrK)(#(@
z@>P6?725A!KP$#?@t&Y#Z}ahm_Q=57Zj6)fa^x}7`JHioSCIwD_Ff-N=$CTzlqwSq
zgUB2M<Ff%JWd`D%N~JP%C*5$P@~T8joQ4feK8^FWxVE}axso2gCp2=J^d*N~Gn`8m
z7fRO-Ncw{z`L@Ke)AeBARD%@wTa#6d6_@)c-*X!6;^XoP!=ESseR3D(7pZfx7Y7xo
zvSREJL@S8#Z}=wM4|Y+}!{_XesQy~d-*sn7xVk;uqlf`wr>^=zLAg4DQ5Lw6q(|HB
zR!m$rVQ$X_`|JRR39f$qmj~vU5wlZ%<1Z5Da(QrZ$~xu=biTLCR0%bQKl$a#$A4=y
zQk2y3VS>UF6Y=-t!uAd=<Uvxzy7d{HzZ8>?Q&2e9&7OO=`sIb?ySfhpi|(<xtLbSj
zIz+lEvkoq&L*@SL*_Pjx>SH9Z=SaPbS3;?L%UQ4KaGZSz@^E?Xnm@GGes1HX(zlfl
zdso`p(#y*@)SYC=j(vI0`JkHHa`fm%^uyr1UGFGgHJ)H-@^`(7GXlHx=-f+UR{wOL
zE#bd#f^Cr?5RPEt`*5pywnv;ZFEYvE?d_sgc>!IR4Iib62oSm>xir0(_TX8bnLWBe
zXZdHpul%lUi<PYzdBQy-bIM&j*hFI4A?$kkUBqe+3IrEt4Iuj_NNpa`eE<$#I_Bxg
zapwmOV9GMRG`+S$)E)<(@XsiRKg;n)gse%w8HTZI=`?yT!CvZzVo4JD#+kok>8Ho^
zFz~?Q*8%%Y3@LBMxNY5$#=fF)&+b9M$ikk>cMk5u_#2jWQ+>;nsyZmLGbw)cRLJjY
z_}39edYx(Tv*4a<TcLz&4~-X+IaKmznw7^^AK<`;@mi<?roV#A78eekLtf){Gs8;f
z=)r?Dh=4}oJl>;{42Sk^7BTYFH`Vu`&HXF|!B+O_*twWzGi6!uPiFc5Gj=7}vfL_g
zOMqyHblU%t{!zYZ`P}b;ef*kRl_>-f5=6kR=HqiS4rNRv+3ZeB)%fsQbUf}01J#hY
zgqd}@5c@lMXFFW&gJ>}}FGn1yje92PR|c@(_vfF+Q>)5N=ks;}^xoZrh51VE6a-x)
zn%n9J0_^jlxo3s^in&Yd#&Yj1P9xu7J;Xs)YSP1(AOF0{Q)ja8x<KO$x-qwLZ}-Gq
zo+e~)LGa7Ko2BEIg+6t$<o~1B9mrOIIp|#9U7U-~uF?}$dL+#!G2)JY^67_9N-mti
zdH_{?u%HIwytJx`I;xB{iT10<#eUzoqlqjHtqeZWjiM}CpUC~Wmr?Z_3f1s+1EA@v
zAFijz&pt)Fi5!Xd2zPd^7>l+5$WKdd)nUX#r_^XOk);Jm(Emj(+;hZ%3+T`z0Glcb
z=N^vB^Y4<DW)5p~|J@rC>gWq>foCM&axb@(wT$f5h&&lvFA$iOcKxox=@caoJ4a(V
zV|*X$lRIP59tM_vf9sh3K9NI*Sxm+E&#sAcCG~q!knkQc&NkZ@MJ{Jh5&>JUB(1aq
zj*ZK72)QOYaJxZOT!1?~U2rn}kdq0DJH~X5k(`HchK{{zZ=ZIKr_AF(z2F(!_VQ+!
zKW={;Z{Xi2?YNKVUZsu8%EkU2Y~Fd#(P#4^)*>fTjG>lsJ$u9kf~C=JoSl7D24q-Q
zPm_zK@Kw9~^X>kg<hn=vbj_Uy<Iq4);o1Zg(0xUXc0q2$1Ng-If-2}GNVWw5vri#T
z9gi?48n6cPgMg)MN=c`$CCA-YiIV#*&ViR3jI11QMWjD6)r~lvf_6Y`fzitETE3r_
zIw370e|Fw-H)GQ+`&@A`=jh;j$=5{YbB9_xw0-bGgDx2ap7$`GU2^VQf?NTgd%V0u
z{qXELH-6r0+kZ^U8r=pu{1|i~N`1peK@GUv5T`;SuJ!;-K(oJXmagNkUbuG27GSJ{
zW<`z2>ftPeOr;F@q-@lv=j=?0N84N~wcB$J#nmsbGvlj1mgltJ_w;=05#PR4ByRyW
z{8SxGx;fh>^k+AGqz{)UFkw4IV9o6W4^N7es8>ve;Cf0u<R0JDbJlS(kNaVn5g4-b
zxo&IAqm>T^_5GQ9|3e2-cl(BD3Mt2RGa*OTw^$G2#Urz@gnr<vY`}#}(ix+|aAz45
z4jtGBvlK4k*H1y}v-Q{|=)v8Le>0zNH$1o_-xL{zSZoh_^+_LX+J|?FbkF-=x%CZU
z0CVmp8>HWt^8Z9+YF+0poIG9i_~YVT+jKt(x$-q+8(o8#{ya8M2iU_!;J5i@+rBsS
zM3J<y*4w@JvgdCt>EFEumeWwGaaOTO<C6JmFsCGqAAoRtK#S=5iEL#)ZgsN*TvY&E
zntEDX?t2LpuUyioBo#&4^fCCxn`9JbU<hw4RlMg8jDu0g<t?I8z;qr8ar!3T3C;n^
z7(k)J@!8rV9QzaZR@H!v##n+s8kW8zN5+;P|HNZf6Szjh^i`3NehmH*?pV5^1lyL9
z_lCs1G{Ji3vGreU!u~@u^95IilXkC{YxVbp_6U<VYtKDKfajXi_73hbCylaNs&B&Y
z7(=|ek^4A_6V<BArM2{<%GI~__+8g?F7dwq+{JKTtd{I6kHQ#Oq*w+*O)7xGx|G~U
zm(BEo&<m`I?&bOuQPg^EL({eqF7zRVW4*5=3;L}S(kH`#W&!&weU_j54W31wNPRW_
zlH9VpHGT2gC7A|4Ki~6j))wDkW~xZM;)YW^{erQwUfuKCz!*n??EMLzOwt4Aj08A}
zTR~JU$3Ss(ILQz>L(#o5(Sjm3Os-$*_wEDQWN0}Z81A09da53<f-|w-C|kKM@Sfm|
z{&K(6oOZbx7uq~f|Lz&2mu4;n<tPaeR$6>*)@XOI&h;>_^mEtl#Z$+{`1Z|vYd%3@
zcj3|-O*X1#98ADOc;}bCsQvDMIGzZ3g!;km#|{^xmCbE@qt7F<b>DLv*Uh4+_X~}Z
zdgfmnz4qWEqeCq8vTmqt=6ED`ICI!rk2?6MpOm3xe34yH-{4#sbXAv+QBfLwCQT5T
z6Lf)jp(Lqan028hbkcRa9DmnAG{qK^=vC`@C4F1k4>mqTlcf)ywgV8T?sV<|^XwJt
z&9hf)!^QmQ8R|WQS1OtP{$zLm;Wa(py8O919zA>!#W<SS8?6V~%Lv7i`dD2LjZHtr
zqmLHDE`1kezKh5qmk)4!POQ+&N8w`^TH1Jxf-0Ji7Kn6}(a3>ug+a2nrGZkAVNahc
zoN-jo@(}E79~yFA5>dWN93u7iWFjYVVqWzrl|Es{uQEGAP`{+~D&`seTtoo@Hi;o=
z@Ve4T#sTY%I96TT-ict8nC9!h?#Apt?3MR+bzT;1q?lTOirx!-jAPDj3}ai30OTk6
zJ*_f3_0U(jOUkQfhY}hF+?<2}_rM|dv~!&4rmaLYv>-2-Uyydfwqy=3z-IW2FfaOh
zkp3ig(0WPE`seS~rwt#QVCpi|BJk+$KTq1?Blv@H`xO95*=x%V=*M43Uz#Iu59q*E
z1pGWcN7{{t)3f`$Y?s6J_{-uoM`8@m`Kb=)zxy)yoR$Lz4=Qm35RR+o0ViRT^?{lL
zk6{p@!wJ9K$xNrh3Awa3vmab__%^}0-f?P}>V?lE?%F%|5b?;Xu1#Ui%zTL+-TUT$
zU6@Mf?S-B*GIBM*@~&aa7%LHRo*NS@XKle*r>nUCj}!PrAEoPQpU0g(-dx@VcJ7>y
z9kiQ&&19ZA?=uIsAm1JhPerSOR)gD1nGn8^b3ea`pKttUl}xv@@5glNiErQQ1A2Zf
zQxEZc%69@A)eHZQ-5!;*JW$A%#P@twXAcIA;bGrd1MEwKwnTFJ@O#haQN^j=OV=$f
zZ@FW$A1Dhv<{f}rMzZ+`FdfwXtY{YU+FYLdosM%r&w-+Pk1P-R{Hd$5TcUkd_@<v1
zFS0i!=%p?olFJyX+&kmpZE=;yXz0Z?e!T*<K!DEL%(Qs{1V>P(f8lKZ-TMKcfmX^l
zrsv|&ylwWD^u3|0;)d$$a5EjQ(>UL+?PcW~-1uY>dzJ2kOSjl`0YBX>dU!H$RtaC3
zSpCM@;l1R{2Rb0M{kCba3WDHK8Qu*rK)~%Nb#T43>DRL!dB;uv+$u-j?^7!zoBf$v
zApP(nV(~hEBmIqG?5vV(<6h^&J(GFyySA01HLWiRW;DoZha5jZ#zZI7oo&+VA@5%u
zbN;(q<l^ZtYN4*v&B=4gJM7Y2#9r_yM`6`kcYncuwhnqz&g0l<T?mW^T*8I%q4cnd
z!Y-+#gZ?PI@!(uS<Gjf3j2x9wbeUf;$K$J?M!iTx$m8bi;HDD^F8NYPfK^K<7C~LP
z+9^IVk6P!{-<lW=H(lBX{nXwYkrQJ=MS8y3ayGjb7Yv~Q;h??D9_Dxsb45(vQ)TrC
z!#-F=mF*IIexXDE-Cyzwg2PtW`v%-*k9F}(sh_^*>^*9Ra>)AY(h&bTYCnxc*Q*-$
z)uI^TcmU(=--kL<NQFP5QFSsaWcsmk*VMcj$4RGxj^H=*_&)61N*5RwRoLq<513|m
z-lU9hOA;<T)}QB85^CTgXfPh<KQ*j0clt7u7O|gK^aof&svCrAXMk_=pe5F46K_|^
z=q8&!RD66H0vY0NVK%JSy+<Hb^{2to?~WAZZ6NFrmj%3cbq-d&r{}i#jQht(%~8)3
zKm2bAa@1Hc2IX<zoFYE=g_1yK&=tr!x?&#*&Uzd<U$u;5FrUvpf%UDPIT=X;po7tT
zzfSf2q|LSu$_Hl`*A6Is-Oh||Qt^Pj*yubiIn8T6f1agemjRw$6C^(F=r#>&pOJ!b
z9^_HL()O{mS?LQ0!_xVh8{Z4!4lX8LbP@2IHpeQ^!k_Q{x0_4|SC%04Js-O&nYa{+
z4)Dk!DRGV|xqz04?8E6!qI8J+ve2#MBs?&C7F7n(4<;GB{Sl8<H_f38y#iy8Ha`53
zq~14t14cQtUgTh;r1x8B9Z%51b6eZCeP5=9hxu9bzLe90vF4bUfWJW#|C5p4VB@dp
z0cn%;QF!~hXZ%%n-K4bG2h?Flb~)$5qS{5!YDVZdxj5mvO^6G3A{mU)<tL8(-SzUg
z_6;g(Q89=Vbt6v5djqcjYbQMgbdKNPgtK#K^`4`u_kM=w$?aIv3j^!gz<Gyvnr?eB
zGCt%er58+36h?4|or#RRkKx4}6;}c{94>h3CaMl8#lBb!V@6dgc+bddC&up9h5Hy4
zHCiURr>p<1r!V1A4^`FWCag1aSOn)>MYTYnqiR@X_pnckywc`Co~(Y8VK1jQ5`9+h
zk0;_Q!JJLMx?BBspUgeDUVLLg2}ceNQ67g{naCQ^o7-}_=DoO^MF%$3@BwjHDI663
z1Z_XL`<F5U?I!!G2B3C5%6soOzQjVtb&Bo02!rI~eEPZqrikFD1A-)QRx&?5IDP!J
zh{Col!2zc3E-(dc9J_=KAQz1h*$(iZXs66lV~?G@aP6F)oD<PeNXnGJx{rm%nRA?8
zCH12=$BbdFoIt%gc>@HkPAFj`A3i3WKXLtkC_0F5p1WzsUq}{|*M2OsY9FDEV`p@A
zdJN;U{FmDiI38;Ha=1w}B?JHk(k<|XhjdKuXJM0D-q%0PoW3Uq14zzXMY?8%7g`SO
zsqZJhT!q)K3Lt7of?J-K2X<HX9PXnrzAHm<H9jd=SDlRb?DT`-{Ox!0Sm4c76n%J8
zkD7-i2Wg<=rg-=1{9Z0x$I+Bqdf(r0n1HDF`FZU@>>S`R0M^=wpIPX4FAhHl@#(&D
ze1JFT^Ctj)!SOlZ&Y>fIrp@_Ac*g0$PHx@nJdD$hP0esWahY9xxJIo`O(lSQeh~3e
zmx={?AE!0LIR_z-sN1Vxapg4c89c?OmpKfsEHqd=j$`vygQLg96kY-;lwvmVSl5RD
zwQ!^N@4j3X%>fMXMYm4sjkV;-9XEeOFCL`~<Gq6&$((&2T&uU<E*)%b`)EcMSzUx4
zQ+O#L@6T2EJ<+TIiHEXSi+ty%vIY4WW#&DGt^7~Q>rV8Msi7karKMlr@Qaww)~W`8
zSb@(e`gahC>*_Bu?R$YR7POpoU#`0>;PTi8j0?LImAlyH!IDi~?!HO)r0qS&0aVAv
z!{Sc1;^Y2jY~6J>`4P^1brWO-^l#SNq&3+ryqNRAXuv=Vy>t?xs)(g(2avn6lX&Po
zx1RlcA0kfWnMb}o%wPj(<f<57&0i;%{vS%|KAI8rUbZ`Nk!YZrK{}%WgAsQ39WIN_
z9xs(Vrq(N!w#EqD;gbJ`N;`6EQ18}oPs*cd2MX?`L(%P{h+D{$P3lQER?q2(*>fW7
z?yGS^X)TKfZKULd=#j0okyKcguUB(3tB+i1DoD6=Ea+g!IYj-pN<WTE-N>ZU={~Qn
z+SrXpE$(+u9O0uEK6${0=fqEpN?HO3hTe%IdH3GgQn6~kq4hQ6{+f@C-yK4=H%p99
z=-BmA16g{H?nRC51XaX)E?4eZe?b0i&1;AEb0!$gPgj0tjxf-9w0WJx1$MdRA;7SZ
ztUKr2b711mCxot4ReDl4U1m{gKUul!L%>NMq9C!PhaTcpoLjIe)nM74C~@3J`jFWY
z89kOL_sU91?%yY#;L<n6vG2KjAL-EAJv;I#VX-P@3f6Zzvkxmpb(0-F>^7I6&?m0m
zQkIADT!2$QrM#cYLh&D}@+*$~58TA4E1N4(FAKD>lR}3KR`MyoQ4(2SpIIDspR~hz
z_A+32@!Jgr1qR;@;=kSvy%*!tfljzg<#}Tb6ED8)<K`~}haV)lv!B2cW85l$0|)1-
z;pIH`R#f?Fkkf3m3WGV@3``107Aj){{mWJ35BC0j18xfL7XnUnCPQ6}Z#6H*xgFc3
zh?<aHhmK`tX^(@|SYDQK;PGRLK2#IweJ1ndLy^B2bNojal1L+LE^MoFqYl3JdnqWe
zE@?Y0-2^7eh&G)1PI+dc?VhufLU-&8p!FyES!?HgJA5yMU_eK%$7J^>Mip=U{pCH2
zAUcH~OF5Vb(xnL$m4>S;t~M?y!V%cV=bnze{(;~~)6bU{`{k;9%LM)4C*HC|8l>F6
z^)-4J>d39HJ%|UC@fyB0vR0G_(LPaE&s>OmMBFUloKtd8pd9CDOB1u!m26h}hi6uP
z-j&Diz9rh17~))UxxAxSue(ZBE<dOZp4(&16w9^!f^I*FCO|(o2{54xKXI3O1-fDN
zURALC4)`{1Ay(hBbb#-g+}ktregCE89+s=8Lumj(SwQ>|J41eZeyI39lq7t3Oe1{#
zFhm~$$wWn&Vg|9P2&Bh`x|o#sRZ-!;^(YFNnHWIAK05%>LAY{it%?DtnU%Pi*P|mU
z1c@HSF};`E8OViBEG^%<WrE9}7_iN+DjvT(ohA!$`o)D!eS$0Uoscxs#6c6$_d!g~
z5mz-~$`QX;nnl-o?%hZ3&dMz#L?~r-t#54GE#-I)bA!OeWzvJyyzLqHQ7A(_-=NX)
z@Yv<d0xWL4s92yhZl|zs9``#3P>}C;VS{27j{wnWGe2dS?Q>vMdax>e)E`y(8{tCa
zlzy|nI$NE#=bs#$0U%1G*tT~km1&!S9ciiVR*Ol^;#HnN8F;i%xX+zLETLcBeet_D
zifJQ~u0!s^0w7r=@i*;=3pj_9xiB38jWizbk$^sM4-#zo0g2BY$%9j}Lt;7&dx`KR
zra)!lb%`Mx^WgJ!_ZYo=?R_5l%G=w0h>AUvK#JmV*l}?c%F3=0_v))%{i--TfH_KZ
z;}g43<R&T2$Q1ghN9MhK(Pr-7J(qFv8rBSvXPxz2`9>N0RTbxgyg`{Q@9AE${EQ6H
zZFaQY=OgBcHQMAQJa-|5KB)-*b>9&3AMV~!{F22h0-fu7oX+){Vlul2%b0s<3k@E(
znAW-XJl=UZZh6un=sq>q7m_w9a!$&FO{g-2k@NKhq6x`a8f1UOO79HNQlB}=B|Hjy
zlI>&J7I<1T<d~=G`wK?jeSO}S#crI-il$o^n48U+)%vkud;9^4p*_L99mVnQ8o!Jo
z8p#+|WmtJ1=sIpjyRUrWNFEYGM1{C;?>~1oj*%2aK8YM8>C|(inHeBC^3JWF*7v`4
zb#Ya=%(_q>oHq-@RGu3vbGS+KbdI)NtphM8W(xxWf;BKF6GCda@;jdh$S`GcJu)Js
z_iV6Uo40m6)!(%IsvKrSw{*Ob)9;B}E(upVi58&v6;?abjdbYh2Kv@*ZNXl(&3$=y
z;)?Ay*WEx^)W~aIXO?~N*j)ZBpZ`2HB$S44RqMFtLyfBNUT|dy@>vBRl+J5R7W&HM
z&CiEjL>00k3$M!Y4-DP2=}~JVc<;}Z`Q5Qades{}HS!ammdI$<S~&BWeuiI~>@#Z?
z<=^v0GvUG|tPn}mHk8I~+y|u3K8Rjkd`Zv!Y~eN!kcZ=Ljkfp6qed>Jf$h8Ubv;_o
zCw3FIIMIYkP~ZJzjm&zG+-o@7daFT|I7^Fg4~65I4H$foXKr~UIui8v9gfKS?eY&x
zmX+f|BB@GfMpQPuaHuZD)#H^LDiv{k^L_&zcpoN&Pjlq4tt<=|B3})gef&!1{^TjY
zd%RRI_15Xn;=@|K6%f^A6@s@!v##7eAa;oN@q9BU0mU1aY%PQJoUBKuCEm`~<rK5d
zE5t3djpojVH>kXieJoo#F-9bYS^IH}uAbh2vbc#r+Ph|TISWhRv{Y~tiRPHp*=)Td
z(-oSXTyWA4*Dc=28}7YbmvSYnD<CZX-Z@!uKi$%NAn^rEJz7$r$H42sZ8(p=e<mu$
zzR(y(l;{<Eh39kcGJV;VDnd%<c+WKO&zrvZ-4*7U_v=AlPnytbggX6V8Dcli`^_Sd
zPP+(M<Fq|aeSx7KyoyacgD&PTA8dp<&YqkqVLrXs9=0O*-d0{B%nWtZ<Fg>SScfQ%
zU)JiC2l475psANrm5fMY(86c&)CMfV-fbE%cAhB0JZ`X*84KF)GiacrFB5=6I%MGN
zqW*dI1t(YzNw&a>R(lDGm<mN!W+YKHrS(oAQ<{8U3lBBs1t3aZlRPJstLlh@C@<u7
zi21obzx&AK+(5qr@M=BQ2t3L+n+_)*K*VhH{#=a%ni6eNg4#wy-LJmSHaQ_8xZZQl
z!rcqrsXHw0!-J2w?SsyTUWU2YkB}*kUH0>Sz+pZtsphzdJ+iNq*_kWXsXgD41Grfn
z^-wk3VC%O#sVJt0^-MrQ$799hlSEXKgvbI_4GYBV`?q>SAZZ}vc?9u+@h0;4>>$Q%
z0zO^<8CApiIRtYXCaPC{4bSK-3X3FDXPVwut5_$v_|qdF{==MHSt80)zd`@)Shd`F
zg}_*%eew)$Yg=18r7?L$iSsAh`AwZKHNdUfVa21WE2uuniF!}Swfr2psZQbf<ih(!
zq6{V6C85ilt?Ia?!>_ht;{Z9`9W}rfdkgU4hAMAOJAk)XOfygY^9FjXD@5=8L~9<T
zv4*Hks}tV0{Ro^Z$Nv^_KlJv*sZ5c2brv-i?yMqmfg@<;{Z0$vOV#!{+b|pev1~Q!
z6^bpmrzVd&M!X1&%=;gU<iAy~P8KW(+ld0`DNVN;d<Yxp0o^WH5!lB_<tQ|*+e$Ft
zm2Kj^aFAW(!pB=pLq;_17BZSX20@8CLV=g=?prt6$4>GQ30i;L`qsVr$*`?B2VxtB
zTKbm3Czf%p3`+H<9YM-GA*gfuq&EuhvM-|7ATu@aX?uM65ilv7_w_SZDnS3%obbd4
z#mDUxRSt?4yguEr0vG_s$CY#YWP^LG(gO+DDc4K8Z#2}@r*S5My2Xbf9vZcu%k;a!
zEtT#kvceF$dXBD~+jH9oyV2wu*y<P)NX2u84n};Po9+Y_j~S&F>X7OABuH2>K7W9u
zJum$LR88TRnX_DI@2SXbEy(xWy0Q2&{mD_vhSZi>Q<=w%46#gO&z*f}j{)`G>y*uU
z(=S@soUfN$OGEd}rpN(4k-d*kNmB||ADRIX75K9?>(v1ai1YTi;c+<M7y^#3(+06=
zg75T0FjWtdKdL8P>;qO{ti-o3t({fX7cp@T8-}0wxlq4*;;3}$l|NUNt$jQP94O@F
z)$i&kt#vYThF-`V>bbWvv5}FYx@QdT(b%_tf?QmD=)1s|L7t^MrLS}skUdKBFa*6^
zv1CGryQAZ=r^b2+TJHhw3rep*v8Y_B`xxn*7X~#9bICD$j~x=gV%N|9QQ!>e=%-iX
zmls%G9K=ge<7D{_$`p>{pQi~jHZ8Yf*1fQySu=Gw$d156|7n_Nu?Mqc!ZbC;qx{TG
zoy`}66^9wN;bZRIPCQyDKbPu1WSU?~Ac}fAE44u>_ni7P_BCI6Mc?y4RaH)YGA?B3
zd8>yGA7lmum0*t-!~IRak&t6un<f49KSDL>7|4Zhz@_O*cgCeAWZKYyq%}QduRixM
zVab%^<7PY1Ix2AF&WiZPV_tPuXIAPnz=!S^W>iK8@YKLL<Sfp0FPVzDVL@N8bdJmU
zH<&o1Rf#NPt1(pt7b1o&@e&>%PJs7Sz*?#A`IrXWicTPE#cw$S@MP5Z$b1tlfD^^@
zbFqGR-o4HESXM{aH&*3}fT;)hDlhY6`S%73v_Q-S(DfF!@Y5>T8DG<sN#?7navr1^
zc)S*<*&$52>Ht1ciJ(}xmCe^D@;r1$pWA^0(*kba0JKz2STSbXw%fI@?tS-m*BH(&
z5uFj5W5souzGDr1@0Lj{-Um}cc9wvrDM4cw`93N&2W~SS#r^Y^;a2Z;m;qf|sE7W9
zT{@+j>bQ3WCV9X`$9Azg3t4+dL4_m6X-4F}+Jd%6upy5gEtlVE@IM5n+_S*d17Gz|
zInrAMtK60q*7n_V`aR})PIy?p?QsGQ3P-0Kpz5-jy^VEi0kxRP$HR^<lfETiM<vB$
z7cIB%RV<^aU798cMR(}C<Ty7=c8?bZq5A{ZiwcKkWqCw$eE4?iTNEtNpvtzWl>}Wh
zyX)=H@ZcWCtyd&w<MJ61#V$v%2V!^nZ&54H?8^514zcmvybaqrw0$}K@%Dm;|FBwW
z^!ixG3?AX~C2w^U&!ZyvT?lxovsmon&jtJ4-**RN0n^WxZaYE+i&K~1x=FVyf=Z4$
z-!k?gQocYir$V6%N6Y)LH<fV4?M<U|9{2i~AwS*<pD9XK8_-cqe~8=3%jIa4x6ytg
z$8;A|#2y)ruW4#;vTC36VBOc|6^sUACnELa35r^L5D;Xv_pA&IgxcKzU=2-CJ(oNC
z(+31i>Mavt8k5mKdy(($@bO2#y#}K5{cFCh9dl%7!?s`Am-Q1XVnevyu;l3?{{(+l
z{buf2<-{oFQzUM`Q{sOZFhwpw>HYS4TZTv8B0t2*a63unGdR3>S#yt{y*kc};`RUs
zaGyPO-PiG8uOds|`WoCqah(qp0o|0mXCX#OZss^iHO6F=v^K#2Wz7qe7B8tecLl62
z0g|43K=?R*^Y=*Abe3j{uOSY&rRzTEc|;DLqbF%LLdyezWRVSyf<H{zeNU%3O5M|c
z4;!)}t9U@4iiWdu>ppVnXGFyqUU@%dN}i)hc8#KsG^VR+$XTz5q4wBWsG*Su(q=DW
z{am#F=pwXT2d=n>KGWKxWZ`90kXST_0;jk974^^~;^*sBJ9WrKQ4U@Qi?T@F2nPc}
z0as<9JB_9d;_=dVq;_Fi7O1`TFAjT9(N=P=!ONo^I(SZzeX^PS5`Ul^DOoJR%dcjS
zEe`|9-SBC*ibf?;d<f$V0>$csk2L#mGaMJ|6auxL$(#@md9@AHyZ^l5fa{e;5AZ&k
z8jGjNscu5N<l@u^8-(uTfRLHrNU#~|!hjcEyHUm9QX+4i+wnASKL80om+g1sVVU7b
z@1vi|m~jS0`HZ3CP|{vVU+0O39xlPoXSZs#*ACS^sj!#dyEt~ZT&lf?4b9;qOg}vG
zc&(oksb(*&68be<i%&1ma`SL7s318#4*O6=iELWv%}?fj+(U~$VEa<bA(Wg@YeOpH
zl~?dUg$_OFgJcXbw8O|+k3x>=2U#k7f<HsMyQAsvW&drl+&MJlx2F5#qo%h`PVctR
z!IQ%{d@tTW>CCSOip)=Z9tM$Cuh_nYdih3zwDIBd72G@jv2Z_uNFADxf{M(cbVr@l
z0sSUh0bD?8{G(ocbt6$vNm4$fef`M5_Hl>30tT<#kt|a;<OPB5!CF}nDLUY`z+-j8
z@hFiww7o~h5WX*al|E#0u6@VUGmLhHfSqbi!owd#RJ<Eg11QW^=Lp!NV)tY*u|3xP
zS#drZ?z6oKxToCOD?Vv-@Y*`2#;w=)Jk;{1s)Iaew3Ws7!p1l5r`j!wMfAzpA2qN%
z7aqc`0yH^C`otl@J*@U%xEL@&8=s>xk2h2-{Kk;K+Z%xyVGn{+@~2+JpcmvN#?-7e
zUY?Yw((AG>=GXI+Hs}PHTPdv6)I)V=y_9bejzNQ;i+IrM6F?a_<=EM>+mHAitN}1D
zMNxB|Jfq`%4urQfTa{Y2@)UlOdRL{Gg?Su4UUu1S<k)GuVL?q18|qrN;)HAMODuj+
z>Qy>XvkB74e#rb1O}d>{KtN6Svw>o+UWd{V?R(ROCCQRl@;knxLA2XP!Y`|o_Lz&p
z<%b`Jkj^E)YMrs4B|ns1QGMSh_SeND;_r?~FUO6_&m~wd@`N;Cgc%U`=a>BGN&izT
ziQ61FhKkBn+0zCJ<4%e)jL64x6GZzk^xQBr_xmvUAo|;_K<Xkl4jHh~;GOSU$kvf6
z7r_?h&Kl@BfMs~K@A48!XPu%$0h03SDqrwj^1#X<8je1b_o2mWtziOPYU4y5`id@V
zjVHxL13Y$aK_sT`X+!b9JBuH5eALy=W1LYiLte?^3sc4`!waShjS{L((#NnY>R`})
z)S$H{_XU}KvSxDh45HBQ^G5vLM0r#9b0SDp)g&VDR~#@>4mE8@<$FbO@nN8~+j#mR
zarR}*Zc6bOh#*snPv`Z7lAIFjf@OHsZpg{(sA#>S?X`(L3C?-!ymXz;@LA~HbL)Uz
zGrK8wv)MJIDKDFb5s-MB1)p0iFH)2~BN4BQaB?f)aAo?wU#fWAe$|+IVT8UbJKr$A
z=Y%4yANZQ=qv`)SF!p#*I&O{Sai)0H0!PRorcys?`jr#sYb&(23s?^uVH6759JJ5g
zBH|OXGEB(gd3zPge=gwfzRL%D@?yOuYB20Qoi~G)x9s$K>XmW&oWBn<9QE1vyV%uM
zBH1Wlc1rKEO)VU4{%ns&ZRznSV{w_R@5lwqKdESCVNs@{!fn>G=)iuP4x6<WWx^4O
zSKrUEz`UB5yP6VFHNT!Q@)lbIyHK!hV4XLxhq<N#Wr0E$FknRIobj1OsQ0ptnSXOS
zjT3yDXy+W+zt1Nb_Pk`hQWTHs)0jfW$;8DtFSFRL#M0+YWqy~qC6$zy+)mzuS+kB#
z=1KvWD<Sq<MIP}#S~XGa0wF%EOu%OY0#n&Kr*=XVF@^9hjPkmmU(|N+EDE!SoIIC8
z-67vD14|3P)~9c;!@P=J+v+ZWawF@0ZTY#Z?@u~)J@_>%{TBR_XSgAckF;I}c?pJ_
zuBX?ubaJ$D)Q<OZCA)`xC##<&PyQ>7A`Q!wA%janox->HZT4FoJ#P2ArT%CBx(E2=
z65Sc1Klz@uo`h-a6Mgw+(GXpw#sV<0Os>b|VC>&*E1!vnGX~n+oU`e($heYq;Fw$-
zaa?19pO%t{zq>nw%Wgt7HuDBY;h26q{Xs0~+Q*TsKlIKJJZvB4*yFL?Uvs$nGAPeA
znCnNA?R`@`=V%F#*O53d54l*{jYrqx)2d@eW2t-@y8yX&@0Db%l>TP)<!*&TWkp|$
zODMi@_S)*%$Af+BUm~7I*B7p^*8>u$-*El$1cm$0g`|((z?|4>$Okgc@vic#Dlv!Y
zy>9jXTVG<pW&A+iq48^>WS=2cI_j%7c(<v=N#9Su#(i&?U=_uqfQFlXhi>2C0|Wy(
zCjOnz|6a!54WXM1>!%C7P7+h&Tbu5IGMAHlV)C1gjlQkZ#}ng92V~bZ&AqYtIm6#m
z!h3CwZdvbRLLCo(G~#E;UmK_4EWu~>d!!-D@e|iB{1kEY-gEsk8kyF_-7&rb{37aA
ztAO_wB;BZD&t2->SZ%dtobtV6<9hlcTxYne=#OfCV7F7=X1(!=on8H=ufYKmDY(bS
zR&_q>{y&Aa0*OtidpO&O^I<7D1)s?BrKvGBiu<6ovKMZQnPc2TOKG#PDD(|;<lCB2
zbqub{3*w&(`MZY{#YW1O1?;L$B&o5z^5F;9svarh0q#D0d=lvfAdsF-xt+IWNi3%5
zYKh<Y40F!N+dKtw_ekiTn-2HVHO0Y#6$1x&Ul_gRtel?G10tmOpj%O$sCg07hvX%P
znwq5MN9skVdKVv^r1!N0!zZsF0Q=721O+jd!&KXXl0pcMJ2P+XU2+n=b<Qv;@Oj|K
zP6k`-0<``)3wm?2MBVO*?eO51?t4pYADG~(vf((NA6mm1uxu;7=(vh{qT<sz>4<RI
zv72ai7CX;R1y;o0ZKr;;4ws;?=~X;;nJsyt&pqXrAP}-W@;urh(xLF3+))`ltlkfp
zXTXs|Sgr;q8S#-8Rvqz_Fby@zRLBvxa(0}3Bt?W0mBlQ~Ljbqsj4)I@I*<2IK@GY{
z0WUlIeIb4~w#EaoHpCp$B*t>$Z4E=9sTET*tyjvZ`n|Q1#Q?D-()ZC4!HrXON?z5%
zM7$!$;E^(J`ExOs_XrgZO}OQ;_Jc}s7h1DoUq(B!3@?J^GM}6l&d|N5<2$(3?#r69
z*D;zEjt0IQ;=c*U?@rZjdu5jcDJ@HKjuPajY?lxFS<mSQFpuVR+%p|~1$V9x7NO!^
z1i$n!Glh#-I5xa}w%R)^HP`&5?o05BWxb?2qpTpVp}dnXA=gxGo7}M=d8N%Jsa#G`
zfrq%?gzJsEtsGv+Ei%3Pa&?^y91UNd6DP~pHyfPfdd}AFV(45(g2#$cAGbS9+L<ip
z`Yd*pSbQO5jKhDQmui#yT~6Z*J6J~t>19_9yVcBq_I~Od?-znBSJI2`mIShcLO#rf
z_a-VW!fK%Q=4V{{b2)!Ew|?pkta$GwgChRu#9)4&Y81@5DI4In#d%^Yv`YF^=7n|j
zb|Ia^z&98kC;A#vv*q4;ObbJ-gw8%R#W;58^a0v5@Z&}^@@Ru-a6XcCK6jt;`25Os
zI~9TZp$C7g*6S`>K*<X*-j=)Zpwk>%9CE8Q1U`6iWqlVxs`*h18{@)#h@0zTL)_K>
zF?J<Mn&hnVN(jWXWW4{8o+;`rzqb5$ZCzQF5enqEOW?%WIP}%f$OF!435??maq#>P
z`}3r96zw5PULx7E%I0@pENvZEBPqvRVo&Bw47G16;9al#Gz$oo7bYq_h8HTbxf%1b
zSmOMyhn*BYv?V7AYBTs{Ngadr+vl=5IMkjt$kU4>24-DviJd(InvI%`Kg^4Sn1b4;
zDeV$ZGERHs&8*Sj$Px8&jd^%TJXUqyE(UoYv-Tbn;bN_v2grGK<5sNN-Wg$e^pJGt
z&Sb_0g3R0f*)Vfs^t}J_#O1qwI->XN<hBAK*=Zq3CF)9gEN=7ML5kh8V$;-Ft6ZM$
zCI5pru?%Rkk5l5~L_(CDaU$d;gn#t!vA3_v@BQ5MG4cDaGxWC0cTJAFd^8Wt*or%?
z%#|xYKdJu*74rL{cDZ}*y(rwb;P#h@&Mpnz$`!=V`TOh~NtYM@QunQt3N+n)GCW<|
zt@%rnXm9Cn*Br&W2+8-c&E?Z?dyq!A@YAY%-=gMsh4Z=LV@7;surPb8j-|q*y5fc^
zTbuU|O!1Y%PvEu9_yM}RPC&qx7a6bMnv@|;9?rdwfTVgA{qs8fH?)jxEJ?}mD<ZbH
zO?exzNd4YX%D-ErCh_r8!7y@uj7wILQB+(Hg8CuUM}5XqGDsNOmcoYF@_a)dAFf2|
zMITZ@<|mwP{4^;!_#b|cwQ*3*fdJ)+qUpYe^uFISC)v1xieJ8p@=Nk|t4ZH%^3qBJ
z(rHQ*P0*q%f^x4nRB=K#)*_zOxkdMS+?<cgJ!&<gxr>fOtlf_+M%KSdLkbGk#9Bvt
zpI{PIR7z?MSj++LR@}a4LJAw=s(Govchz8I-DZ>&O(TFhs+_ebXm&0d_&3mfonJ}@
z=ZQlwknUu`-?$(~VOaJ*d)oJQ7$nLjkE{;&&eel9GvM6!>4%!l(I-A<vn)=u*w|$e
zy5pn*$Z~B~gNOm$mqh00MC60N%XHuCa;4+LZx_Muz|5(|B|xi|Fe18Yc0opI{x#D(
zID(Ie9&Q=e&no2lY`)~1M`3Cy!lbcpp8(+)m@RX>OTsNGNtHgBQ(x7+OG94j86!n4
z52sv~3QQdK=nP|V;VWT>L3B$)4afz(uV3rKI-1ai(kIu(4w7c15*|9Z9dVoS=)LP^
zowB`f`Gw+k1-<uwF^e9nN5;!C<8MQ`Z^n&1g+3Yrr<r}PPknPjw0I-u%mIJD<_T>z
z;r00ZEF*ITq7D+chNcPZTr&CQHctM$pTysVy>_vRjTkP!wZYc!!guJHP<-Yl#S)Mq
z__cimEp8v27YER#UlR&?Ko^ARXUhGM^l72fNs`{3gih&EHzVdDamgscne%?(queqF
zEBdPBTo<r-8yX0Fw68U`_1q1%D5{;<nYmUFK2v7bZD_XmEZ-)0U)H+2D!t*$+JGm}
zYq^s1F>61ZlNRT=TUwgQz<O#J%*!YzwBew_dZ_+gU;1eELnF!E;NdoU;^~~dx(E9l
zJde&_0!Tdueaz29#G?rYzJAT~3|`P()6EAi{jyyF{{FPTOM#_sLV!M=O2dlx8_DXn
z-#C0>J?n8Q>`;@CF`XE+ukdysmkkPwI)w~CH$-5t^~{l`sJgjcgNIA@aGrv#hlov$
z`gYgn^HekC$hNka>jRiK%1NEN9}EqFP7i(lQN2Qy{r;&(6IH>^%b(XPF#O1;TIV`o
zT`e`h5uf`VdlcN7WJXlSU<TSS^i@z)L=<^xqpn$~xD~W`1k3q`GO7JNT&EU;;OH8P
zQ$f5nBhh2hz`Qj=U{4gfJq-)#qA61~$}Pm{b{_>zNi<HdN2-_Z$f@6e{JVIVPip5A
zi?};^QNvHw4&wvJ3vZ=U=i_*N-&!@ZfB;x_q4tpr;6x6x?MpDb-Pa5NvBA#aCkbO|
zQ>vLnF;X`<DJU!FYR=iFKvb(33*MH`-HcY79_(`W=jyCiD!PL89)g9(9{_I&U5JD#
ztkt`SFWviF5C`yCob+o*EtquPp12uT_QaW~d*q(6+p3BmuhlDQA$oGwNftQA5R`r6
z@7~O&dcqTGC>-C5jrXC<RlXGUP1F%d(UF$D#92?4TygX3h016kw&u8Cdi=-^He8~j
zpP%<XM$Zzvx6?Aq8N;U&PFzJY$->>2?E5}N_jC=uMR>S++dvPX+kxeIJlOWA@To@a
z0L?Rb$?&~V^(ki*Q=@2bL|A4(yFdyrOXlR!gZKT3Jn`&j%HsVP(peYAOEg?V54IFl
zkJR4y%$BMHp&C8H!`KlHGChRr_Djx@;X}rleZJu#p)uSAmlKUT;H$&Qcrg01qhrwF
zPJZMRxISnEKj#X&{tv_cQ8O0|1`f01XWN&|{Xnu&R3CBj_wBF95ss%0(B)9ugsdFc
zN2!Lc_mu=keVmmq{}w;^yFeLpJeN_*`x^_$!rkZ03Z<(zhzUP32`B}Y6F2tAY2&zp
zZ7`SN!uZ*HgbVc6i&2rU0p*;q%4zm0n_HKUjlHi?PyL>Xe386sG?5erUk4QsC>?Ny
z{vaPs$|=q_su6u&nkXL1lnDzh*pwC`96}g9Rd@0V28Q5Z?tm>+MSnwRayq%cTMG$A
zixiOs9blE03%|nz-$dw&>rvR`55km;|85z09LxyL1wj|_I9*&egPJ4asRwayml@&}
z;_4x~(f$p+r0wrke^^jxsC4f|P?FWBynlb<-zCiz`tsyKb`Co#hH?}@?3yU^)uyp!
zD14m2V;!Vmw1y$?6*y1EDqPm^G4)a3k0Xm&DFj_5Ib~Nfpj#pson&Hd*y7|jr1F%)
z9fWhGNhBs;s?TZf@tmE{#i1->f;4<n4|$w;+=oja9pJE@O>}*WlhduI<#2EZ(sg;E
zdroBLK}iJJfKYXv(VlbEP2gYy33kn@a^cRo937G!rz#00SMHxhVz(Eb`jP{j3xI1c
zfiGBd@=Ng;y~7dt6~Gu3Fb!NT^LX)rmIs`^mQF*#3FBoXkJ6u}zz6@s7gZ&VyF@P@
zKyG=O3*LgX9!$+x-2^y#WC8o1&ma`O2rN1<d!8(nJTKH?)>duS8utprgY$3T39a5I
zg0#Py&T@7bi~WRhnb&8wPIjJXXCo@N&lFwH6F#U&^HogTFs7$?0}A;o0i0$FESGx?
zWZ$dYnqd;O`HrnqzS}agaXLdMO$%?HD<usV1eir@X4wV$<9YaWxA!eI-CG${-=w)H
zKkI)x9oqR?v(i(9&}_cis)a}W7iQFyi;_k*qoBIqi)YIf(&O@oJ~TG?#jVl{#7YS#
zf%Edu<462mHjSKCUO+e@S*=97WqNEgF&HTBgniZ#agNF{U-3(yGw41+E*N%P)5x8b
zp9IEB!Kl84awYo~fT#4Co?Lv8cU&X$mOHNG>GBNov#en1QPmuh$HY%Kl{SPm**fQw
zrl(`_THV4uT(z9u47Ns(kzl_?w3GK6bB%J+nCqqes(<qlp!hb!DQ?OJ9Z7zXevZKV
zB-AQwZ&l?C23v!wE%-r@h-{8O4>}IMZCl7hpMPZWTWZ3RIMkp$%oF*~#M|FKCl8hl
zQ7ax?t;BV@@m0c_slkm%Zrek@`%v(Ap*5b`{u~4<b%{<=<IL`o&b4UY@KUp)r9yZ_
zLaCqPqsLS#oCM#VyyFPuH|E;=f)t$TvYTZK!}KUOqO(Lt7OL>FZmOI)SEq7~MVY8m
zhM_FZnqN8)ey8^<^Rx;Hm~+4B09w8=QW7J)$6o3-erbC+nJJffk#lei!tJa1)jgMY
zDkrJ$)u6g_rSLG`D(31IT*edW7++0%nyb6i^-NScZmD_7|Mtuzc(PQ2dCw_>$KjvU
z-`2eKvK*V9tUclYi_oZi<{;%gO^I-A8~A}9J_1TpLqd?<M8Ea%@6zl$moekwLG3DM
znZ0XE+$~m#-@GzP&eAzk9Ojl8=yX_U^lt1@iqg4@_e_0#jS6z+?G-!}V<_M7MA)<E
zZbVwbY<Kha$-GXF*-(Hj0W&oRb5&;AVd}XGck#*J?3smo{E7{5_vd|4_4R{=%W=r8
zdTMBD7f*>~?=`vXeNop<?twLXd@new2n%81s%3h(#zEQQb-sM&!Z(iW%DGO^z_*M~
zRKxN5yMTr!V1u@Rc;Z53jtAAL?=&+mX$C&rc?1j1dF}M$Cgm8%Wb~?_AE+B4$ik%5
zWQq2c@8`$<UCh1lHq+_Vj$ZeW-5J-Q$j=H*&+_|K&T!ofuIn{5(U7{|{6#R`C=b||
zO>8Lfj_X{c%juN-mDKn#^rp3{zL_NVJXGC6LYsu*Q%UF16fl8k!Yef(NMT);^uoy5
z*2Li}oR>$eCo#`e53UJFTFcosjf#DV`o1-us$^U;Ihyqu9+nJ>PxRSr@$q~5Mn5gq
zfyIe$x8=Ic4b@2e44<}xkZ9qtM%&Z%_wh)bJ#l3&I9y2%I#)%<Qb+T&hri8pFBLbu
zWN}E(+Z?g)bL;SDn5Vrsmsz8>eQofe#?Sj-`d$7#4t6z0^t*Y6lq6|+xuGERQY-R9
z@nA@4btHZy5dAJ^2;VqNB589H&D!qrQNs&{>dK))S(i%_E<GZ~?7jDzG4KF*33a&N
zJr`&%JYYkhnkSt|`$?S}JW(q^9)$W`Yh{)O27!LP=RrRA#J<qSOIvuX_j4NTwxcOQ
z{+*|W_yG++Zt6abZ{wdw-0ovyg`V5}J$$)LZ=v2O7HqhBOMtEhsMXv;9<#p(7WN~Y
z3V<)CfjyLY>Uf!-Opxzpv>#=|i1TRrBOEL<h!HX=cGo24Yx{~DL1hr-S~uWlu`2yX
z!MHRR<`b*VcS}$OumI{-cs!}q2NU%uEhLsF%nf$(ubo49<ZCjAJh-WIYx0}K21b2q
zQt?KCE`Trior{YtiwFIhk6rm_slsDm_wr-gOhMCK$M%AiY8aui9Noye6BKAf5lZ*d
zelFjGt2f!_FUaJfFvq`4d?+F=Yl%DAH(UiE&nRYZ8gZX(!jlhJ4fuM3T3nw1`|8&`
z{Jf~w<>Wi9XYMvd@i&y%|F({Kz^Lpc?{j&dxYN`__XK7DV()ok+i~*cqxXoD{DhUo
zj)Ny-2kW^aR#Z2&)4!4d`l+w!cZqpDeuQ~)+T0vlv^!#{XA%vsd_ED1gwk1^{FU&d
zc~rm|u?}u_a~TRb!o-&F010kOBsCoKdvjh+XdW1RS=rx~)o--wIS0%~RP+$GVz=>=
z$CZgK_bKCqDo1CIyd_9?&rIN5Y(Cd$aS(hio98+o-zYwL`|${abC5@X*T5-L+%@Y6
zHS=MYog1mOF}5#*!-^YRgBmDA-#(&z!L!wj_;&0!iw|lCVx1=cZiGy-7$jnZzRP;W
zzq<Ojh|I?(?zpfr7f|$N>qg_)#9lsDFKc@?$*Js`mr(f%oj6wb`=kFpH;ej=IT8Yg
zP}J{jT;(~;-z9J=@h$n5?7W2f2o%y*5Tp{F_9S}3`2F>7b4SeAsh}V*yRJ4@ujE4M
z5LC;73)wsmG9}SXXj1n8O?Jq+b<xk;aw&1k@LVKdxdF_Yr3Y{z9}3~qrpUN@iCb>t
zff<b0;ukv(v~kZI7b}Ks{?6VVrB?%ZC@$7MCC0MrPs33HNv-8^b1SH%mp%*XU}0O@
z9Y4oT?3MR8{C4i2{Xl7Zs{F$~;iHnSDTosGVWnybABS^p)tohgpx)Wwut2ruTK1bq
zAHrCHOzC~xX03kj_5T>h-qzqTeS8lbdg6X~bkcE+0^c91<j^VQYxhq0IZ~74f%uXx
z0DbjmwJ6NIA%ai$9@9?Sw`eRkKUWyZ7303TgeKF0kVeF|?A{3XW-hSNMp~<_@%>z7
zU5?SCD?Dq%_o67n#A4N*M+~zYNdGyA3l(O&n!o&f30w}@swh6XNaxOO?^|WMsDm9U
zex3xs=0xv(aq=smsmCYbZX#P0ZyNSf<91Y|WUsQo(cS&Kk4ROe^<jA(W5?ttwCN6R
zEvsJ{SiN<%9|*t9?j`(9SBLPqmkX}7RENju(+4If=^Li>Q>4-F!uKNlDxi8&MKG7X
z$%6cZz2*b#_*#BoR$s^)hd*ANKpY_Q%|N{C=-DpzZ_?{iXTedAu0hu13$8wp;1+ER
z(4GQME)>PNu~MphPTLuZFuT`HigH5sihsvlFGo9?ST!#nxlgdD+b&$Z&i5PplfBaq
z;*%T_wCOW@{?2WmGRtikvm4NzqW(meR`ryS-G`}{FM6NzQfeb{=ux}~_|~~z44>tN
zxHfh#cLv)?C6>*fcVI?)@5OU<XUm2&n#N~tiO31n6Juq1*&;<hiCRtEv7(RJE!tPw
zh9f+=F<@pAGO9GcKmG4g`6S;-L!*f<p|N8(`SfxOZQm177A}+tIj0)zMTTfwKg}rO
zh-Z}W5(&tal_#)I1#s9M>w=z#+4uMqU9ZR3ufg$`{OjQ~e|>*lvk4Yk(kOm4J9FFk
zI4x5$$fNw{Ngpnz5HU%%c@*$?u%-(Vo#}Bq*FT;@=UCYBj@v2<5-(Kp&grLm6Q)sO
z<@8~gua1eG`=UrdwyyBW|8K_Gqh5i=m*Hs#9J|N++V*CD#?*f{pB-X5?EmWgpdh`K
zzA^o=9h<h?>cB7OA$<lA(4wdfG}|aM@u&-35*r*Asl56gFoS*`xYF<9`f#J>y9{JN
zW2NrCcRKU4R0F$v5znP?!tU<68b=dSU)t3r4fh7MubK8Ub8hqxg6p`3Vs7Na)jAlk
zb=7oR;b?2f(F>0^e~zc>NBkkoBifn$G<2ommQqCBm+s!~U(BYfy7G8<s>=e#Nkh4T
z=a%e*-c;a|h*F9O?o*GN#T87Wl-TYI;CStG4A*^JW;nohv@I{wBN%5gLo{0<AmIVV
z`pt;cCHCfiMDqYITG!^^$2B!!6$@>%ak2U7!&#CMe9EqUnZc%IE9KH{(YHOGl4i0J
z;s<z)i3>_`LrG<uPTip2pZ~Xi)9q8oTm!;HYFMrir(XPg<y~^Ibmc;~TI*m`h|Ebj
zB^NV+CX`9yvjDbp#&d7zTfKQ(Z(Z|B@WL#g0DS_6{K@Mhc^LV445`Zcp6U2k{iIs-
z&6AT0_LiAm&c3(#aSZ|he4!gn7f#TzCn)<|y=gB~VkX0;gyqW`6ntB|2d(bc<8OS+
z`a^hj;yUhjPUn{C_yFjO|4B2kQ>Bcq=dOMB^5tKrjz({~-Wi0K5%=pG`P2T`OrM|-
z#;8^7D%<8mG~Bo14yj0_o7Rd<48Qe(LB_^y40B*)I3h?h;tzBk46PLPx1Rr9z@G<-
zpLQGSif(D;Ueks+Y%ofPC_J?RDxIg!i_NQmN=P}%hb_<f3<>63ED1HHV<zozHNl4Y
zjPeM|8TI$a^6{RVt<_#ji2cv^TsK9&!A^MXlx98=+<NjReT9dGz0wqfwlUf1&f)4e
ztQ8OQJgF3CzX|O5Hnr!aEtUJpc#Bhb?^(U}nU1a9Vc~}+Pftyaq*RsPd%yWn8WGDh
zj<PvJxfPbfW>cz*-gr)qdC!YO-oNX^16+xf<g<lwZ{-qjpa{IJYY|8J$os5(R~c~@
zGWTlVPuy8{VkIsWvws7r$wgH_=Vyr%{Vw_M_w@ukBSRA^gs!9H>1Oh>%ILuB^6<L*
zw!i3AeS!xH_I^3L_2A)aq{M~_T=o7EXJcH_BRg_mnr&dOO%_Qax!KoeK#yj(+kx(L
z+cw(ZrGUB>o1|3&o3MjnuzC5Ov<h$br*m1AEWD|0<(^n8+Ln$Zk6g<ZJQ~BOaRZP!
zZzG+89EQE0@dBhCiUoQMc1IUh&NLX_`fls^37Ts=*%HxQJku*QJL+`Ji#%=n(MI?m
zc!1Fsrk}4p>E>Y)+QY+?E94-QQOpdOk1N)CFl9yh?tM8_dpJs*?uy1eIC1>IM!z`t
z=_5eDn*?&Q@1C%`^&<F53yg1WAGY`q+?VZ8&U^EAU{WVNATf8)db}+n0sD9s4Q|hA
z;RmjRE-xG0&hSeLac*ZO_UStahy*wfY!Qs`%vKxY(+ECSx{Q3nd*#@CesCeVOJJjl
zlJVKYXZ6ite4L3NE806Q5qR)X?XU88KPy;i-6gK5lToSTtmpW>S(O+`R{{EBpGmU(
z4hGV%(zUp3FROJ)woLKWJa5wsC$i>{gdV(eK%kDo{#_5J`a~S0pCz2nA>9h;GYw-q
z3;EE-zoy3~K{Q}Yif=lBJT~0NTM@2F(C&4OD@tkiLH5sU+55Y#fTMyXfZ~wa%`QUo
z{ziwZzrDxbh}+M1%CQroBkm$dGoURVT2U+F19Q$<e>?cpSxbq^&q(t;ko(SGiw~Dz
zD3Kk_;8DRU(QBiR^O|A+Pe8E0x!qQz@=VHebkbbt7!yD|gb(5Bxz3NFU8#GG?QyxP
zeEU}l^K#9)P!plw&T$3Fx8D)>q}HwG064W%$Y(Q-jUv|PP?hIF@v*!sdoA2jZc>46
zJ=OKSSijF0sor<w9!^HsQ`a7U<NWg=NbOvaLDt3%_B-TVh!7}Hdes_VwoQf471PJr
zbUFBh7W#H+EYfJCm+Bp&0*fT8>D1qW@RJw@M>Kq`MnPD{wH2kbfLm|j_qgFkCN7>A
z8b&~KuNq(Q`&m}=r31qSFTFU`?DFlm8hM3~+6kf)w2rcS5+?&M_`KMwVE@LiE8^FC
zyPpSz4}OQuvwg&bi%xP;^Es4naUj2*2H42%fVbP3z9MObC-Wg+hJkVc(}%aR(VWy|
zpW{$<d5*;L@lF&B)V*LXk;ql#j~KtVV32bPnuEaL{Tp#|k4a=-bQU(t_fXY-%@rEm
zUV;|*TO#J<CP(b3>e2&8<C8k+5oF-U?+#@gF^`<lxzzUto8Ey!Ms@1#Pk1SmP+icN
zw?BWL58U6a3m}y_qT@GQ4IkleDPWBgoZxoV^5(6aeN1ee%I4xSE9xOu-oh}uOs7>4
z*Vfd@G>knyU%XjB1*^8z2M|fdu|=$+md<JglP|Z=f=Zkq__`!XeY_uTn{jrdvjfjO
zZgRvzFq~ccK<&Y9Y^#|oa=COk&OIvwgA{QMBcGZ+b!46tJuk5J3=WbMv1i<IEM!3m
zP2GKnH*sV9E27;wLgPn|=X*W~m&zXAEN5yTR;k7#vE@KWe<p~nUI4<SoAJ$y6ZJfX
z4VvdMuw6Xn3Bj`>7xx<!b!7d(5MG$}d_3ZmBssruxzUeE9sivmem6VpDMqVRB{#ha
z+PCfPpU-bb^@#UCvL3TuBuebE;G`$*xbvc)ZeOvHj3!NMT`4bsd%yO}n_1NQ4Lq4c
zrr-&!JX-A3R8?KytbILt^Nu)1w;@Cg3ijoyjX_WyQ&ShZdgN<-K7vyfR%CU;j2<8e
zWit7py9%&<qr2H3bzvsbjsVFrA-0Wtk=~n}W#($sc0ZtvE~&dx^o><LEMt7WS_VHl
zH%K%&+Nn*i9gNfS!pNzb>1)WOKWlFt-!B5p{N}`7OP~XEXC%^;das>ELMPnhZ7EX0
zVHmcKD}9!S$Mmx69xkJUx)1~xf0t$6-|Z3J{!L)6=96zDvEnu~n4KXYhu%~J_tP=j
z-=KLpZ=v<r$oe-!b@-wj?~Txx0!k&77)mZ-TkhLd+52>1It1}T!>#wf2oicrO?hwJ
z5v)!d#+SibYwRK;e0#f&E%?3IY6QGv94|}ysJx#by@u1cm$ds(;?#kQv9;b)T{Ncp
zB*WgvefvN#G7|JTjzD<B4*2b$(-SFICF0^Dl-+N#ew||D`#}^jW;f~m%8HMuV+^**
zo+J0XU99zIKtMxP=T1U=J}&1>gx|@_=npwAU3lwSYn}Slh`S2vSv$CC4r;(Fbf_W0
z=`7cKpX`jE=ZW`sLj}J*Yo<@U`@a4CxshoTtE!6#jD$TDX}58Lrzx7_hS4{*?Q49e
z+YAv#yFLi<c~k9VL|td}29QZdDvtTOd7JN@x_YMd_?g}-Bt%Arcm1%6Cykgrb|Que
zc=!y@z!^S}mrj`p$3Cu_vbgM((g(fcWf?7LOxuu>4q5?v${qVWQN~xr@V#40z3nf|
z=inhft(H|t$zLBj;*`9wb}eTdyWMCp>)?^`kTM-8(Kfe;QWdD$UGQ+6gY>t5^{nJs
ze1d+mE{n0*2x_Bsvv{zDJw<uqG@5B%_)c~b>+_KHqdD%@$4#Tu#zD189U^~+#7`>8
zDzo2>HbH7!b5DD$X^4F;7a#NJJ^*tm=b{JTCcT{bRSGtYdb`Ls@ky~7y*}IWJdR%r
znil7w!}v12*k<ybM-{8jBTI$JTkmzIOIYD;z;oR@M>qBM)oNX0LrOfDz`3*>>YsBh
z;@xghXd>Rq1G3zXMSf-PeSuyXgP$uRKb||H>`R2Hl4BkpJjB7`YfoGT&39(h*GZP<
z<q)_e%jEkM*yyd#vdFWS<MP*hqFI{ww&}IU=tSC>2mdzOa%WY-(SFFp43AdKNCPp&
zykAq&@>sHp0N&a?PlIpS#@A-5=zPb9qae{yxNOyUlz!_A{*R01#l!fSp%H7D-uLmk
zRY#2+xv5n?Uycn-z8F|UOMUtr?ZaMsmDcbjKbD=j<q$p$JPK=z*S^_@B$n}wjoHA<
zlk(`rXIAdCQ0D21Ba%$benHw7PE3IAWAJjgqVCLX;N|;P5IXX5i`Jtf6arFTZSR>l
z8w$V~phsoo{j9dyihWGiWG^n*u=Bzc9wo)}rxB`z@WIs!uA$Gx?+JRKjE=+C8i9*0
zMZrr-VM6%%&r-g>wS-TJPuL_OpFgjm-C8M$nO`^n+dh(VF1Pu{)Rj64?m>KK$>;{c
zx!CzY8phsca;s6l=d+o(y;}7+>C=lp!{T?F2hCw(Xw#O-<g#e@zV9{ab8RtjqSCOH
zw9H%xAw{d%h_^B*NCnyKbd3BQjB7%)`PGr%0li+PaZjRz<u$*|<b7UJkDDld1-FlT
z?o?kUy~?u8U$MhDf>V_H<rA}svA#{%(z=i5>uT_YW^gTVnJh{Q#l!dXfKr?)z^`Rx
z^Q05L|ICBOK5Iq4rtv7L2x1(H;Vb1D*$>%S$i6l{I2iVXtDh8MX^2F{CZW$d{Rr)<
za6LK`d6X>uLLaG^zsJiv_gsg)^n%m<YMr7NelRFRCj&;#>G$#F9L2;3;O>Oy0hJHl
zQ-mXD!{zqd?=n@}|A8038$*h$<-2s$N@mQt;1|9b65z9xkn99n=kk$9paM|=9nk=q
z?Q@$Eda;Z;!&eJVzNb_lbK8PpfwdT2IXQcu<cJWLbUfQ1C+(vzM8~HaMe8`GyBU<J
zyXrXr2;kt{78;jyknO;Yd*VS8&*~YLL*0!4cKjO{r1uFT+PMJkwedoY-+OFWNC(`E
zuDpZI4d2yT*EIn1Q};6%gNV{{&}3<$vlU!piPa<cNNOKd{VF2_=!-`6+g+?|Tg@B&
zr1sybWbrG=dl9`;m)-qvK)Vy?av{7-_b6obn8jDO$rXuxN!PbtBx|~<Sf)XFnBJtl
z^4r7s{%$3)#vWQodf(Uhy*{}C=XoHk3x2AhG~g-l!xt7MIKKI&UxD4plv^sqGfhX9
z4;>rtZ{B7p1V#qjIM?VipC<mskD#UM+jM6v9>2R<mevx`;E7)=#W+1(3{_8_s8a(3
zAMQeTtkf;Nr=#NNxpX?*t43DUd=L6y6xU}w4y`~ypP#mIrjwK*0CucZ7Ha5AfqWC>
zJjw+3O2|T-oAKR_p|o?hpyp>P0g4Tn0-dm}^Odo(6%J(J_fIeM_!+xgtA7@+nmw*N
za3M!-BgKrh&bT0=y{A#5^UWjN99-lDRrCcYEIB$UuDqW;`q6H_Fg96V#kl_tj^BQB
zS8irUqjE8HwHu}IQ*Ou8ca7tWo-)vvId3MG<LRQaS#8BzmrX3jXN^<J(<n1AI1CZt
zOh0-pQ(xucCK_vSpTGwH`lfji`#U>)NXYYmb63XlM&)C9q1PT4{nvJ-<m7i(H*CmP
zSI2G;6`6=BKk%wNC{%ud+mC~d4<y4pVZV_n)K-$2N^L{esK7t}up-z6$6c|M=;`gN
z+Cr>QzRZX1>XHoJ3`hlL)<aNJtdr5FA?XA?VQ|dv49ZaaJ$v9g!J3g%?OF`WbfNZk
z-PNI|8+oHNQ1SuPcXVrRaI??Oo>_c(_)>YD!GimCy?W9kO~0|@ce~2BS0DO>vJ&om
z#<Lt^amtG$=zP!6W!Gs`82P>Vp(d)y_QCUYoN*`05myQOt_Aj<v%He^Z*&i9RH#+q
zQ&6&==4NbBUg~*-ckzyhs4|`R)mbrz+s<QhavATj^MZ*`4UjcAJ!VScs~ticHmxXl
zFA(TV$sR2RdkZfo4t>tO?2iR}es|PKHixDYJ-J{n+?CH1#bE12Wgxz%!_D-1>iD!0
zy`*Iq8gG_zf}}l>*WWJ`zPI^6tkiu1!H}Y8ApdS~K{#JUZk$@badDq!-pW*@UB9;a
zc}zpll6w^2j>pvB%9D=_x_TWcQ#O%$V%~0rF7{9H%D)?2B;lBz2ck=2qZiMfET~%k
zZ0C<%vMX8EPb-(_YWr8YbM49ZT%#A6_txETx&*Px)yE<GyD(hGHPL;N9LNEB4UQcK
zvfIXOcnJ3(0Z0_ae8q-<0i-(;n=L#QTKBqYH+AXVYbm2~a+|Ae*9)-QjN_PnFSA{n
z>u3oRWvN$XhpK?SPTIJ=d#^(0PD{_{`VWf?F4uHwi!e}8A967~@vO+vbLHeAW;18L
zVV{9vEz{=#ysV^ON&B6N6G_W7-QX&9jsNzi{XDOT?NZ-m8`X-On<0XEH?oe>dzOuL
z#+hk_eGI83+;&9&H5E#nCt-_o`nD$={aruFzguF;`6;5S=Vsp=(lQI`IAAy(@45Q$
zE&2w$eP;+&?fi|)W4~9P=nC{z2RbcN5x%0_2hSNN_8dbI5A}LlKdjBW$qGy5bT>>v
zjgKq4Uc&J>IWZtu-FhCtZ(q6Rc#e;FpT|#iTWetOfIKOj5V=<m4^~{8^}T%i5xMfG
zFoY=;6^!`M+H9K4_2NUB%5M__KO{YS3OMuSEIsHgRd)6%CW)@g31fyDMzF(=TCg@a
zvjNuA_()aX&?B^UE@&&<hst;{iT*tAxP$gUebAwgAFabl$DCGJtq!{1%juqVP2r&+
zU5j%jaZ%q(JWjbx$o4rY9jl(I2(|plL-=<S4XDEdBXms@eQV4r<NM7LHC)6zd}Ay3
zbMSg;@FcL^4v7nen)DdiN!@#}?w&Nf2BQ#;#Ch<s4{!($qN5y`iPrX3Te)V3Xw`t$
zYEWGipCCL7IHEy$*KX+fE_u)f3Zq@W87H!$_zll}!FR&f_`D6(^mbKdBR^hBc~8hu
z?knnU`C^z?_VJcwdZfZ@#b#;nJEzO1q<fG6)6k1&LTu{Zvz4)}eI(}Y`0l#p0u1MS
zIKJI}_Q~(K-Kr_2k0Kst?z0)ue`=Yt>DsdQTTS0X<#g*lIby0|VEg5}bL*S?^C%MN
z^+nhqUZ#M8>^OU%PaFt9kIZDq-&%%$x81PW_)Q1Ck%h;+S3E6)F5Q!=)y-(5CNSKy
zFBCnWc)E<yHw_~QBp+G-f8+VC9AIlryCE@aC<$n30jMX%qey_mp8^VBo`;hPur#Um
z*)Lr=Cmqq{62Jq!+0pA~NK^}Ja=;MBS*jm9qXaCmx`Bj@MeB3;#66PNg&u!VqXDv&
zyv^l%4y@@B#?p}Mq4_<3Rmoz5;^SICRmUYmrBohR9*CDtPoE>^PWk@lmP;IA#v`h9
z*>XxTVaUrD>);`^oya>Xe;4gbQrU?hw=z2(TX)g0H*4_jJ&uV?P$(K|q}0gtO&IK|
zyI(0QqqETV#UR?o%Ey=Z_fTX0k47DH_R#rk{!CvAw?iZszDlM+Cs)Nq=+vUa3Xei-
zF>7H+f4;lcj4-p*b^VCroWb){k3sb03T0kAlnmy&0l>&IeNVDDtlBaf^CLe;EbeDB
zRD&Ium!&myv_9X##mzJ0kowY(>A`U!J?uu?pmI;l{iflT5&~`1i8*KEtd;u1gEE{*
zyc*rfGALyC>UazI$bl570eh(`VscLh)f4BZwcpBYL+o5hddP8ZC{9d%Q&0N#J|!nT
z`-sJNrjo>J52PM|yF#A7?`T7E`C8=hU4fQ(*uNpTU7qYnYL}Ee_AzZmqG{5bwF&`8
z4~pw8>=T5DZSCK#W(ee;E&2Q(tv!i>bocUi9l|DL&T;uPnFonSq<ifwe0y*!&d3O@
z3MJRMo1XVcb}Abyn4P33XMkGXc2Ym7-+|CXowvqhgI`OH4QzQQ`&ptma~-tge$%!(
zkfz*F=|B<)xIMafLv4Wp1v@$akFjgZk*r72TLJ?H9=Yy+Nh6=?$M}__(MZ+ZRhbdz
z*x$tlK4D1|pZCJL;=vkmnjT_G<MS+OY;A`z$V_KG?eb)h-!Jx3{A)fh3J|(Hr1&NN
zEIORUHbTC=&QEB>EzvLCZ$|$OzgE-uH{A+%@Z9S1S@W;>zALln>M-o^{9EOGCXU3y
zpLJgu+Fw6{_`PLy^iU$9*#QA*VCXOeJU6mvu6!f6`QY$vn#Y2Ks#-!G14gN7!H-hO
zemDEd?`ELJn-jfoBC)yau31{K2$$fzt+7Us<^}iBP{^8!jy*a4?4Dp5za?UQ-rga?
zWfEzFRXYCk=@shkd!V|9m0<IhHT3DqhaByvdGl>?Er{nvvN0^wCHCBXGHL796=$sO
z1czO%J_J#6u0`^NyHy!JJq>YE8jxq8h!^r<W)ys99FLiD%xCge`%}gau~oZ=xV7@p
zpHHq>HI&$+|LiDUUzlU7GBm&=Nj+I}L4*CavGvsrO?ISHifL-wBBGBn18pjBv%|Uh
z&;Aj%3UPcI89VP|8qLvCU1R*FTqD6@Bh^5!J{wehW{NF|w01!2IPAF&(d?uC&0<_1
z`Pn}r|B=n{-E(J&$5TZDc;{q{?tGEwJ%mR`BF}f6M@_`5w040I?i7g-;Jsk8r~A(J
zJe&imh?ILnFJ#>D8Z5S_A-)l3wU6AJjlU$*l}sZP`kISup46bx`(?{c-G75?5mtPY
zGd%&A(9VM$-Dd^fqPcgOL42MId}8KS4x?T7w{+@G0G2NRSt1;FGwz%sbk78dF6VKP
zKp{Hl^&Qwu!^j>y=WBgmhHlZ~!_aO`no7fXc3^`Q2oJOt)K%9reZJn1Ndky-E(q&;
zt3es|XR`q(8GC}`?dSRvP3{+sYsJW=a{9cNb<n6A7tm>xwlND1x{3Sq_KsuE750@!
zwSA|nZGJBp`#lHQ97oPTv!Edzgs)PcB*_CPZfYo@<~d)W@v}6&;e3lf3mlc1-vP;>
z7%$P=eWk~ZbpjdXWM9&xhCNA^oGrOt>R4h1_ZT8j&_rfTkBs7%*f%#UPwjE7{bKRe
zk~eI1N$R^8$~8mIJ!}EkZ_7Qtz<;xM9&OTBmKZvTt+wZ@c}#woq{b1E@dbgz?QQJ6
z8z_QEjH5@U&zP>8(l;L~@B51}jF<Imjsw2A-&vq(Kjhl*)jYW#)p_2+7y+$b<l0_&
zcDhnFeK_*(Oy*M#cA#a$!x8lOd;6L@Q@Z%}+FHeT?A*ENX1BOPvY&bJdE)!VV<MCk
z6SDnUR22w*-U*BTM`V3#IMe%192;NiV#pASj@&0x)y6nAAfW=r>b6ie)ae+)JPJ@3
zk3IBZa>E?Tr)#k_5Us^a=jLUnu)B7jad@)**w?P&(WrdkK`qNUA%$jC)HkZ^&c%D~
z)p;9gJP<g-{D4rL_gfBL2@}bvwv9C)4(aw(yvrJ3Xa$~mGxnSa0V=r373boLs9tpQ
zKC#(mZ&9d4<FVLl&&z{0EN&^4R44<BAJ?SwY>DAGWlieE?9p?uC`1%&Wa_EtQ{5F|
zJhg}PP!+f%$u|M^Pb013R|Rla4QGqWTU=4StSV-n;B9}P9ycVX1@WsJ?|)~H7OZ<}
zVj*ry>N#(pv@BNVZ({o0)T9s$xjF0SJQ|E>J$q9hj;o?;@nkcdd#!fr=`8oC$}0%>
zX@y;sTaZVI?zOiH^SxxR?e>n<=mSh--Co?thzvv_b&g~s?m<miRyrMcb%xf-zZz9w
z+VZDPo=i(k8NV@sC%WUZeS?nD?)VI(*pP$c+(ffvuy{;^$2rUq56cW)oC|XSXIHGT
zNiX?6K*}kD$>iDouB4Ueg5G;*>k2=Xk}tyS7|^|q=U*MuRi>q)yrO3qfG)-bJr@a?
zG2`1cv^gHz@qA${#wh9`>%U{;j7&2uXwvL`i{t}$gz>FdG0|@xIMp!rQ+bpvUvlA4
z6UXR4eRroAnr(eV;8Y|d|89Gb-)&IJBzKs7IoB@pswVPsU#+~^Uih`ei{67RX~++R
zPF|^d#iU}-uw$~x@c<0sKIb;mb@3-q-v2|(H6Qu}vS@YG9k8Z7-?8W%fD6#~WPj%|
z%VxcHgIQs|+6K62XP6Bf!0mqHCk=|JwJ*ohGaHHy%Kpt&OL~Z0MrwA}?0kPD7J5MO
z+#sGjrG}<+CO~H`ZDx;lnE;%k_w5%$AZKnoP4*NPsw@%St8c%!5r1K7adDpXzD7Yl
zLx<q;FHA5$&SFN4ks5a(kYnqS{HS{WG}%XM_DW++{p<CP7U_V#fLZ>q{q~m#q9~*s
zObFiJ@kJf&bIY-kc{o`CPJiXa8Q;0<&qC<?yK%~j)NKT_uCbj~B5jIH{ZgiO?1CbP
zM=QxUX%Rr&E_Bb~uW<Vto}ZU%^*t8}h1J8=`!vwdm(TkR7r*%2=ZW`|mL<N6oclEY
z<Hxyr2dh=~l1MzAGw~=-u*;CzH_t@y!eaZ{=WwFEw604$Hl?>9Bn$G{T*<FDdzk~M
zIT@kqP^ibvdxn?zhKzNaU>y^6m+oB2(~26C#?Ryr?hU?C)aSeUN@lk&SN--$EoZo6
z;bY7C)w}FXql&2Yn9Yl5xwWgqoU_+SC%elW?HYONpCigS%Con96}17y&A~GGZS42r
zR?G0vDk602c78L!XKqCuz_8R~LB?}0**6ETx4Gvzz59FV*zb{va&wiSc#T|41<ecJ
zf6gO#K~ywsr|RpbCmpIIKndshrmKWw@`X{8Q(f&5ylFzfb~rbYWQcOlNs2@1|EyKL
z2OepHZuvHSo~&l!et#XUqLR+`Jr|4ctBfjnFC;WhaQV_y8rG1AH1Bhh_qmKhuy7#v
zRscr#huTMoCH%@G6pyQjk(iEs!}}b(%-^^~SNe`cWkxSkZtL40aaLoz^4OOf2&Q=Z
zN$WFG*jJd&*A;xjVGO?^h>h<<F7!Mp;@`z=@ZO!G3w7@vIeWhb<?{Qd0bigEpy67t
zL;L}5cIFo}ni>06sQ@6;?vo+%5V_*yVrw-pg+A2WWLuPZsL{C2;x<1C>;7)e%8SJ7
zMdR3Q0H6#F59A)qG8kgZd&t5!TsbSznwT%2jF4(^pjhJ;o01Gv0&JOreVe>Nz$=rs
zX?Gp<G&;q?s-5@X8i}6&Vs3_k;Y0Tvl{}{bi;Kv7(Yx>4b1pVH$A&O?cTUQpg{cwN
zrh?0N5&jL?JzvRj#(A6E^K>10;MCzlrG7*&?tH^NzxJPCl97{qI8+bqjYFcOjG{qY
zZAT7$V~_*$(6MuCb}*YpVYg6%aI_vgAN1A*V7kY-5zW7AH`gq+2%)$6&)4eSYlSm^
zUQ2qZdb{Cz>eC9lb}i>^PTlZcJv|~<Prx??>|h=*VCm&2t{<%*#TL=o3rA++h#2@D
z{!LrI+qvpHJWH?hCH1M}zKvvKnQ~0vp8G!^lT#F5D5)Jn>IWIPLA1|$KUqV<_Rz~>
zZrRk`C^{^4=RpeIjkAKqc<;tHVd&^Fu|54IxkE9y>0W*)z^1Y6)l%e+H6}K3;;W{<
zaV3Zu*{?W}D@7fCX2yra@j`0#bn)5agAk5>P)(i*c)nsFiTwd)*Y15TS|CZaFSv;N
zp$0dujtc;GJRNW3HNV&Cf#5;+q&jD{O9UWL(vBD(7(%Yc=LG;+{M0PX?Y2|yv_=Fg
zbsKXypWXor3<&<yoS%X$;kcRr(F(LBE-Lu-2Mn`5jSo-}Yh_!}D|)SnAn&v9j<&$O
z@+HI>LW7zRhvsjeb$>U2F}u(1Mse1J9Q}Sb&X)$LH2fAsj-!-W;O@wAPe=eU(%_qC
z4}@1zJqQjTD!Cj-9|F~lMt{qLfbIjR9SqyLZ>QHmlX<Qexdg`Yp|Vc<O}GJc4ZXe@
ziuM$-^*wgKeg!&Vz|0hKV<EZsX=Bm(CY+*4_l&W9Lp`BqX6}t3sx!AE>7KWk;cbY#
zcD^WJcPl!02`?YF!HsRgjLa`R*|{9etnPWb+}q*P7G%@*bvE7hd+=<FM9%pbG-vy3
zK{0{n+MKX@qS^1{9S#GMFXq@T>!X)Hmry5qJ@@}yep8{2wjo0W0fxk>R2^Ded4QZI
z5Ngg;x^%ZlL2lQcj86ZG(KR>xdO^g`CG@*xZ01Xi?+xy_2NkyA>e0RaKGGWP1$<j{
zSPem%Dpla@Df8Sf-Q!L-UvFSHcuL6ZgwB`MCtDsa;Bv+{jK2w~+4P0fHg|{{z_Ihi
z_W1j^6Sxqz8sRm76n8v}@7cV!tU1s+4l>|iIz8i<c$V}?-cG#6dk7%h(gV>)`sl6#
z$37KngGav^7IR0I7|BC|5ec`kFVU@|=dE^9Fj!zLMPmG{SBgL-$AP%rdBf&Q9XyE-
zPzXx?jahsiO_QCozry>FXFB6;JVJ5EJ;iXp$wDo*4mVE2pT=Erq#IPEo=rRt#bWyI
zKYzlzM(<CtCDCqRU}0HoFyJkohZvOku>gWSgEVkdYV>r;??v=`kk#d-;i$)6jMi6n
z>SRfOCkNdu249fNP(tss#s06f5pGYcoW2>4+it~osJteJo*1|4IZ0mS9Krkr+v=RK
zp_TA22=WQ;#%t!AU#mJez2&%<fGEaePIjbHn$@{|vmbHug&CX`+k~%KvP#I;N^d^~
z($VLmX)-;<OsAJ>K`$ID$!tmQq=QI`(X@jHo4+|+e2y;<POSudH&q$j@(o%xwa9ad
z_M04hkI?y&jaK2}au{xu5wqgJqZpyZ=X7MhnkuHb0U|N<zR2cPK4%R%t`+CdSoz<x
z4%P+JzKNq5o;Ba(D4WApZT?(U)(!M}aJPmT7}C~6<jv=P<1o3jh8mfQrKf7vpFH@v
zjDEMJ^{M>4I}ojpBe@VB10$m<UZ^Lc$8?_02l#3!Z_>tf<0!HAXmGObk#HpdYeOsc
z3)<duj`8S4TTF{-BR!k%2eo{|*!PP8`?|XxSTO<Obx+q;rZ3+QW0vIE-el=2AEal4
zzR{I4=ny>HNfnd2<V1*?dnvL@M>HoH6-x)B&xJ@3Q-fRFNScqqQXsOtYM^&1Dmqv*
z({7GF*h0-5QQPI`A(=br!hACit^yv1(fd_LpS!RITo$}XQ74K=dwfsrQf7(7qanQo
z4aejHow(Hq(Z~L7dOZk}g(CNPi=z{JA!LUJ4UweeON|-YJs5i$I49EMJfpUI=?t~1
z+Irju0xpbNy5d3gb0PglUeR$kmw#P8j9lMk?Me+nxJ#z`nR6jwNJA3a`Rq8LVsO;i
zdz<}OYc#1YH;8cMa>=1SxF2b#_g&5h1zqWhD%O<b_tN3BOO<zeZqU~TBAt}QIM8-6
zpP9Nn^$kw(+YoO9xA5sjmBAbo#Z5Ue&nUOuIQ!&ISZzdQ6o;~(_~Q3wp4AkNwIw`B
zc|ufGU}!d*6vo0T3gszf^!L+)GB_Jr@95*zT4SOn3h_RsYgK*@@dIo{U`#o8$b2?o
z81e>MQpA2q&u1E+8hT86D7k3zXwk-$-Ty~@vFsJ!>+Tu-o~>%}alo*?T)1IJSD!vK
zLAuD0E6qunN$r>Ww4vPf{km(K9zhx-g#ErUz4{*#`^)z_=AL?j<YtKEa_`p<eXH|5
zkV#g}Mk5YikIEv3c(zrK?^)OPFD^n3?4rywez&EQ@iM2|cO!rdTbEZ(1kl2<TNan$
zD!|n+9zgYTLxIUUF_SL#?2HmB9ONTwcHVz?ZsTmLZkbRTny|d399@2l)$fQ=>7Bcy
zTpo4AG=iV=Tr=Q3J1IuDijyMW{}~?-QKLa^ardQj_)Ln=64cu^k%hPQbasO4Jp`=f
z=H_eG$P)`E^x(<CJ9Qe=4I{$c*}K<#svU^v$=l*VHw!zFtEEpUoWBF6^ShySD>-{<
zk8^P1xI@{kR4UH?0(p-Vl2zQBCj*RGh2c4K)86g~YO+}73Y*Mn<^DP6?f!0-`>Gx-
zdOXRX)OeoYPQ5f9aX|Jm0m0Qte3s6sSNi$8l{f>C`gJTCSnuI|Z|=Nrkwf2H<b5Ce
zS#Ol9UyhH7)o!_Nz8wTan1FqQHlF~k!t}3HQaaq2hWHs_xLA>$K25rZF*ovS<83;R
z3ZMB(@!+Z=lQ;y=F4TKs=#cOr9^>EPA0r|T!k#CH*h&59^Z6mC3(S*byX6ok)TZWb
zi^-Nt6}WMQN(v74_FeG<a~Cb2#mlMON1|{HiD+6N{VgM5FDzTDORe|ZVxx1$)v;w)
z&v6F!{5tHE_D`DQrvtXz13iSy>ERDtrVSI{g>20)EX;lT?Q%EhDgb!C=aP53gW?3C
z>+K*(&GPpt_%}BFZm)|$@udx-iw^KeBCEzKvs?Sv$h7xGAr_b7@_qUYPIxBaQW9Y0
zHV4y}h{DxUZtPX}h);#XoKT-<0y7FUzbG!<;B)l`_Pr(w1LT)XQ?ec=jD3!M`Ux#`
zEQz<DbT5(;ocB(jjjj}-OMRZVXJ*(_N}Va_`yE3{nBOzoviHa-V9-T}ZwP-Y=u#<w
z_Vr!5`Dh^|Z+->0qu$LcP;dpGq4t$q_JpI9<CppuBz1QU{A8>)-mj@;>uV&w!H-(G
z0GDWiOm+RJa*lm9M%*og1z#OY5O*E6I1BUVd6MThPRzP$4nNu_0yiRTiubDQV2snb
zqeoRDhPd&)L81Pp)?adv+P)zCq#U1QVSump_~(N9-H=CV<65#?r*AN9Xpe5qmcvrw
zDQ6gsWE46$$7ime-Y9iX05A8h?o_a?d79Enie%=b-LJ=Xy0{pU`|X|Qbv&}$zovO_
z#LxDDu-}~<wZ~6!oxs(b3=~g{7rA$=N%D<;P<jtP;oH~fs%Z9n9^Rp)8F21{_Zvw^
zU1M+N5ggCcwxhzu%63xEK$7!BemMkq?mm+l+E*r>T6`tBB#Pm?4<{X6y3UVY&f7-+
zj{aa)yxKb#-*$wDfcgb<sZ}&K|Fe&+J;R|O9y#u4N0Hs=!ACQ<u3RSZ+q{3CFFBPP
zu>fv8cMlf$KKTKetL8>akCii+_2~wW5wO$wkbY0|`!|LJ1Nra)fV|PNmyhqyD-!+P
z!beOzMVJU5QtwPbKl|-G2CEs~73i~|vN{Rx^`CeO{Ki+2-FP1zqX(LwZ{oy$^9t*U
z07H>yy5_mBtaJJxo80-Tr%1V|-~s$w^>C^V`c>a6fpYJb65i!1%70NUo6PJRH#YDF
zb)L7S@XW4|*VS4yz6N%#kcfHdGZ;#_Tf>C;);IeZz0`ix<w8V|O`a~~ICxqQtvd(q
zzmOB|Mi#*u9<6&YPlR0HKmfq}P7KU7js+OF6df6aIJeIxhDz>}$47wR!Gi?z9?A#X
zErK_&u4z*;&YsO&ulkoe{O3VI!IR=NIw39y+?)jg)|F)f{46wd+t<Yx`NZDBz3UkL
zp3L+xKIERnm3;C-o5AsI*x!xA`n%~*OI@f9%ld$AW4T_#X4@wm0f^=HTws+n28CHR
z)*_-*7L~+(|2WX@7YHjsX_t5>g2W{vFwQ>OeEU8hhsvd%A$-r1nabihu6`ok<%Zi=
zX>sp2{V_#g#s!W*Z(hfV%9fTJgPg8#ujQa}nfFuK!4xBBk&w?NFEif0C+G|Jt*4n5
z_Hcal=~;Pn4lXO{M&47Z6J%N6BU#4%H*2Vnc5)Qu<UaQsDWSGPe4D9C87uGVNlkNu
zJ=gMD?mdyciJ}^Em~7u?7k}7P<+7l7j`4-klJ8`T;~}q@jqbtvvsWXmBj7|<K8cV7
z@K%dd)+uB02eh!p*~}goa&yGx-a(qW1_TJr=fneEPItri=19xwXRn6-ZWGi;^vl~N
z9@ys)8OBH~yR~xaku$a8pY>%&g3^hZ`^Y)l&2@I$51>9s>A5$78Tg+1+WbjAV@mTS
zDD_u)cvb<clr-hh<q^5>!6F`j$$PZ3j{Dbb_PADTNu1=ke`UymKAu2$Z|??*BhYS;
zjEU-MLD;REe0PvKZBBK2*JgZkJD>P~(6B*~HC)BhHokNDE&ZlGrwlQhe2svK@|^E{
z<r1JX=2ykE4R2SRycC`7a>%m)38naM=T$S6ua#>+p2Ar%tj&3>i42^06$8^OZo|a`
z=eRsvMhfK$h?2kO=TuDc+VSu&qK5IVR-)=Om%AQJ6O0sZIj-Nhq1)%}{JC(J2_aGL
z;q}(s(<IpWP(Eei_rm%q)Y~@#xhBW+3;M;p1$u?SgUHF`9zaT&Pb3V)Wwc&>A_wAz
zDsCDURd_b#dxb8Tkl#K0kvPtijbL=m4DOE116$N>9ty?=DD$zc<)G)Qrt=vz5gTf`
z4|?DvwY^_pclv1R1)^un2|K<}>3@Bz6A_wESd<;eeC9a?Z}(-Gn36c!Alq93OOg~q
zc<?djePa6PvkD(E=C@;rud8%ETK4>oLYHTryL$5PbllrB6+-;YgylzqUv;b;%WXR2
z5X;q`>0nC?cv4PsemrMY7SFY2Bs>taiEKQB0fBX%A0PdDB<vGbi@vws>uKbB@^In7
zvPXZ(14h%)Pr!Hfq&u`*#TQ67fO96}@;79=?Tfntnz69oRQS6U@wD-C<J3?W_q5;I
zF{s7o8O~EVj&$Y88+?zt?=z$1doxb7oVa0C1Y1v>K8cvBAPD06T%O-AUEks><vm~A
zH*P)V#!+T$Oc~X5`3ij#a9cX@yUxceZ_(s_Gepji-wPFMdDM609B+J&$ZmnV&lB15
z1rt>kCle}Ft@}v|WU>1`IiHmsg4nPahLYan{ua(7wUD(W*(Z5=DDw8evT9q~z2InY
zVa(Fg$Lk^g0R^Ho4a3v9BFs%bY<2))?c}WikhQVhZ&U-lrCcYK>ZDO@D)18@$KPY}
z{f5?l&6XQO74&y50UOW=^pro(?F40^cd~HZ<|%sRFD1DTI~+*toaARvth9sm;`D$j
z%A@81;m}oVbpIJJtG}BUWzgFnU~fg#^SyIU-8G;h4(g~r7Z~+0(P~&cop38SPT*0T
z+NTRz^BY>&ChZ5ozd>_bSKPIqn0h-0oCkt-wvS)TO6QmcI*u{)6-0$TM_ymmMw^c|
zjl5L`*&+Qjm8E=R$mfC$8ZS46$I0m8-6vWG3bHJGpV>R{S-iHdj09{WB2~5(V^8qm
zobu4;<cv0&%f<;EQLfxD#V4xeP+Z$J06t>r?l4XF5Ex%H;0ziH9e<Yd?8Zo){Z5oa
zg6ce`KC76mh<(1HdtN6x3G)B|2^)^jNOAO@NH5qB$V0C3cU(1y*v(1<)j?lcCO|oO
z`yNVU@?xLrrV=_LA~cRf+ZYaD<|qgH%;d;5F5&MkG@hi`pXXQlyWR0UM7@#xm2f(l
z)=*mW2tv^z7`YAur&z!#u^&$(MAmx>a%Tee_+2+r?=1&|*z2S89*8#<GUbdx4AL>Y
zrv@{0Zx|_G^*j(!O$KihU8Ju@$lVmU?@_?maOCy)qE$NKikYmy7jHn5qCyH#WQu5+
z$Y*J82acQdCSjCHD_wKKVQD1CILdj>8r39xuC^iz^5DJp+?<+!b6s2!4ktbfctDts
zoU{IId36m&I6=LP3Z&PLJPaN{Et7saGQQ~}_T0^tXE1|&spuJ`S*sis;?BC9bs%Sx
zQEM+u`Pt`VzmtML$uSOm(OUF=Z91wvG%Di**#ln@Y>oQyBV`-8N8)+LjjOlMcOBXW
zZcEShJOE^BX<E6(zsd1;gQOzMKFUhv<AGb}5FXNS_6$9MS%r2^)6vrp-1FKYH}q%Y
zR!6GN9`ns*W|Y0|mAZ5Fi%d&oruX=XW8i(&y@yDAPV&$x^jtF*U^@M1EkY(gVk%Nw
za;%V{;*lk}dh7{u{*;iGIdoWN89$4#dzi_&q1jy6)%416z&C<%74}qsovRe*eH^pS
znngUS$NIa|f7VJ|#}Q6V-$!p(HdF$6a`@_oeA}_v`FX*stsLGf1ygs0pmNVQNo?+Z
z1KRi4<=z!BQoTvoYo)uD7x~z~TI+1muZboE4`nWWmD90&r^Dp$BhxQ|t8sjJ%kQ4n
z>rGf5c%X+V;3-O!vPR7XLOS2j>T1*Y8d**=b9t+*)4lF?F7?HN|5#!_rM+%%bd~q<
zjBnZ=kbSMu)qydqqUTu+(=$!)*R6dC{qW6$zIV>yF+4@S>PEvNUqWW!o}7K&U2X<A
z9+=g89QDDzlRaN!!WuJf7oZW^^nG`@-*M5iZI?-(mnU9b6$g0w&u)ThLawDUgdJwh
zi|M{ILV8Ok@3jX2LtwU$-B5DPh>`k2A&K_$a_HZH`>)~v0D;Q!5@Q;aGSv-}lbXDF
zp(x|vQWi>nGr~#Z8Vjp>EmiCKI#iX-9&1R2D<p}-2=<=G(XaYK(JO(kk;e=nR$ye8
z5&D2Ye=WR~BykfjU>@mQHvM~!;$e?(CePxqH!|DxpynNmxP!r_JoBXu`;(E+`69?y
z+~CTneN#>7Sv2y~c}gmAApK_^wEk|wbhAr#(6<R(_~6>PD|dLoho0QLd5;y<+$R{H
zu2Hea*#>1tY0p=}*Aa82coCuL(E#}U7qZGjT+qcCr|(xfFPY<%B=(?*TZO5<anKkc
ze3hG2K=qm93t`LssIL<Vi&7(%;GX-8;`6(1m&2i~9Q^C(q<gS&rM+p}B`4AIydP2d
z)uL>MV?X9ZIi8mNc4|dnM#>G2C#0I$@971<ZT(hC8p|x<!x|cd#aKfO{9<QvQsbC?
z$%*uwGb`r(W`u{<jo#<c4nR`tX|tf1CVVE^&Li=!%TlkyT}UzLGM5E|?GR=BzQUi!
z6nycV2FNd-uNRI4w;V}}3#T*+;F+%QCy~xjJQmk27@PO;H`?PID5-B4odm1VH2|dF
z#}vQYHYFnOQMpauVDq=+Z)7|P<Dgs;D4x_~f`Vb_iKrF0d&PC{m$?DkeXP9bfhGyw
zw@Ny+1F@gP_vluIycT!BupUYUyziMiT78UinL^Au99O{eXk4-HlIFRKr5RXUxy<@D
z7(+-TZmMoquqVNj`WbfreXUJ@s^+NxDSLRcaPEXW>vz*J;1Odt(j9!jDV}r0+ik=i
zX>gsrKm^T?NoO<{1L82t;hCyu08Y$GF2MEjF%87JBk27w1MUfgGBQ#!Tb&gX|Js@E
zvNyZ`t7@j=#}dg0#d%}1@M$7v$}q~F6_nXp{JUN>GGK-Z?>C=NXz%d7MHKE9O2<w?
z=fn!qVOI|^CcSjc?uZ=x27-8e4YV>NV!M+uj`_1bOMf?dvZfup5wMx^Ao|`tW2aCH
zG#>uY(eb<0MngSH^bp{^b@lJoB$oy36!+J(Z_Ri>>brhkDPmmJjY{m`8<L)<@_C!+
z)#riQ43`wcpGwqTrM+;!MAU#?^_D>7qv<xIixg4-mvoK^Bk^?vaU;irJK>RYs-JVs
z+@qyjv2@i2BsZ~~zeD1Hw{rKZy51bS%op*R)J2V_RZ2sF?r@ahRrkG49XsE-)4z7y
zd7_{X4$wt-YIf^hNj(e@PZr<+Y<Oz4wecF~)2WO2w(uzT`*Zrk$i~5S?I)s&0O?E}
zgG=Pu@vMHFZA<;T6!4pZa^y=O3Trt!a*PA-+}ZIM<EF{FGhAjd1Ce;85HaZNp6V(-
zNKy3Y1B7oEv~t<cBMkem*3eztt2;skZsxZgzrLYtGeg5$6-jLOWZnldcc{O=xsOhF
zn>(KK`C5Fc*YCZ0q3_7W5;<gfK-%D|HkqDTQf^d|ju0Z`f7SVrr)oHOk1*=Z<i_{l
z&95-iN$Z?PQS!b#N|JNJVUrstjQZKRt9EiYnfZ{vEm>2~9CEX;O$_bcKtD_TjUR|J
zbe>hdx`b8dD*B|!Vd-aT(p;lX$5%w?82;U3d+Va!8_cNKcm)Bl$hMw=<ERIC_4L@4
zepLQMTz|P}9s^=w^fjoVe&ubnhBK&?Ti{3e@_P0&CNs`;V<Powlo^V9bpBp!Vs19V
zeeXaC<++q`t$iqhwU1h_X$c<uH{1IN>oJ_iC@B1mFu~S=>+gSZTxc?xxc(oD?ROn~
zRD-%=?RvVC`#0_p+v))wcVY@#m^APJsUU|KUEopErQ?2b557IAQ8E@z_WYzAeI^Fw
zoJbiHBe{4kq&Cvz%&JKq3dU^{y>UDAa@h3k=W*FZLs(j#)R$Xm5e9=1&5i4Ipda16
zH-tFnOGXAHyuPVbTtk+0&)R^~eZcRQI!4wt!K)8v`FJMn&8$6Le&ou~)mvCHcapl_
zYP1`1Xu7Gv92Z@g_4-lgq~18!FJiRocQxs9;UsS-x-IQP5XNK_xP0EWWtr!2<?Tx8
zvN-5ZIOP+64YM1m`hM?Q>y+qMK*yJ;g5>h~`|SV5d#}lMzCkE)chuu_YR2e@S$RHt
zN8MjwCm^2ftV2u!@*PBwM&>*Xs&L!~8D~QCcYe72Za+N~#pA)J?kr0^j;y)8b#}GK
z%((hcm*d%4SbeV@yosdn(P=crq5EZ9gngpU3<JKIAzN+`c}n5P<vKYiJ6xRpB**4C
zYz+;SXO5X}^HVa|{OH15ou5|Q5`$eo&#t-Do(Mi&V$VZVN_dv&mGr*dD{5bb9?Dv`
zABn(|`zfHgU`LZ3GPRew<L(J$D$Dg7Sq{`jEgtGPr|&W3Fi!)6c$@}ut@dyj#9T!6
z9pi!BXaF)pwaOb8wMl1NxC+n}f`jq9v7qi6zSEh(ky;MXa)rK;Qg``T53jMpXAF_f
zPRtFfMvaSg2>{REbr<XM_;VQ6(<c0ZHmLg7O?O12`BFG>0(&n*5jK6t0?QZ^=Sz3q
zKBE2&I`9;p0iOG_S>Ap(tODwJD(O6_=*?#LdXd-=`#BdX$MJi?Sva&4w>V)6k0;9>
zK2Za{C}-;);=!EfrqinBo5*i>uq(q0ghA`9ONX^B7R0K}oat}(sZT*AC^-3@xhJCY
z$(-Q#Q?;ss3g^9Bf)n5q2Im0BPAxFF&eevshqQgJAf8(gpB`5*96pWL65{<p^oK2n
zkNEH$5FQ~(RloYFq>+1fL=?cpF5294lLI!sK@L^pfGEJhJ|No<#r1J^<C>$!K8l!%
zep~XBb%;CVgj`Q^zE5@`!7hXFbAFYFN(rMznU0*Wb2OmOHE*s9fEVt4JeYp|j>1)+
zsU;^wLIc5ErEer~s=Ge4KEOW5dTFD3n0>zXZg?~inD3bilAk9iFRwK5#xo)Gb9A%)
zZgC}3$!G3rX&@}c>x%s^MnnN?(Tx4hse{UDmS4f%afZ`3R9GkjE<FX>U`DbGAQ&h7
zK1t;#HvQQ#baXs~-zmCh+~w$}zjrDV){FT&(aDtq>em<_;;W@ni9JS2aIImzxIOU@
zv*#?K_hu|ApXy067x7XvB#f(0gI^iIy-0e?u*T(D2YSSlCCR$ms=-tmFe+B0{V5g)
z--XSm<z{WtNwb=L9r;?ayK;fP@8Xetm0bFZ05SbK1-m=aT!=ZcVf0Cm)9WMFdfUDp
zLWKM1-^I?&0d9UGMC38EJVlymhm)Rh-ANhEghpS7KkLh=FS|T(5IlxWtPmiujPK=I
z<X+J@w|V<=EQyk&JTZLnTbUMmc0Oz!{kl=_-lwdqeuwVb@1|H~t-=uB*$n6KQpvFA
zmZ3`uE1@1}I9+TvHg>t)($C-TMdN4dsH1$pR>8)KsoLD@=w7$xBtH!twA?4;!A1}T
zfQl}E6`|6bAm<yc<QfC_TJTet>7w_}+1t%l^eB^YpK|4ZM?@0}dzzm(x##=Xtu_%!
zK?(R}<m#w3diN@{^P%?;pGrWTED`dv)qwjj<az9S(?>(&?E#{%evrTNqc-L4?F()X
z;JRb2^~;T9QeH59U-MW$OaY)LF;}h#U3m)hL;EkXntM^>oHOq!lzK@dBEEH~XTM0H
zJ6Kg((?Uvj%kGmOJ~cTv*TBx$-|@ar@JwvOob}RW9)<i`YrfvKlgQVVz9IpnX?Y6)
zuTl`&@#o_AG5+4IsdM5qz|5S;$@snO{v)d~))lwjQgLOHt~2Gc@FaCj*UihS$0zW9
z@g;ZIqYxBF;lY)}WvM_OD^<Sz1!3L;_i;Advb6iJw1B#&8LuWSK*Fuucou9(&xiUn
zvWt+sK5f~M*5OP*Wkf2HPdCSOFMPA)t?#9SUvB@Aj09@bB$h|7Y6rmp?pK7^qmojP
zVZzCW`b(mEUj)a!>np}=@hmL;W~@;HH_-%Ll1sj6aOx|*P;B`wm>#-eqU{h*pP{ZG
zv!i|KS%>CLI*&mFfb%5HxnLN!3s!ymB-q+$>i8Evh0|YR9X8-GIj7EA?#hktBG9k%
zIW<Ne-h9Cp{w&hgHY(b4u9U;ha@Ng;Cl0^tzCpiiUU}MBB>&xFr<?Ci@O{sZ=o6qV
zWyWkfozVRGxt|N~Kk^`X@b+}!IqGmSVu{W_Uv}sMX7}T8rH#N$J%En(#cd}J0t$AF
zsdPX=Un=pUZV;&F>P;CC6VUizZ1Fwx7KfqH<C!>N`HYO;;nk;YqL}}Wv3JMWWyh5T
z{T{`^@f)BhKHK9H?YG&u^Pk3rask)+3jZ<6sH(lz{xVZyL`Y=B9FX-_{(#RYmFlCC
zU(R9r=NRfNnk#Wmt@y>vjJ|ixNpjf^6?_?;NAB$td@dh=>v`!Z^xP&)V=Fv{T5lEb
zo(9j8pu$~haURlC(8F*rI9buXag+t0?hw+6`Z~uc?d!YNYYqb1AkCoh`Ac14(~maq
zlWaZ7)?md@0m{-mxa568qxB9f<n5ch;1IQf_%#6(`?+^0jBJ3<=OH&?r(|>g?q4h3
z+SvzcN^y@q{_>ufYQ<Eq-lntgPcePoQg{aXi*50J;xOvHIijrt8Ekpui>e{}8S!Jk
zM|HLAa9yLBfkm^aL9JKSF&=BZ2Q@*x0Q9P5ai5Xm@sU2Im-Xr3%w~fVMgFP@CW|+b
z;#&&@nQ3O|EckS?NI%(vtw&rQw9*`B)_Hu6dgjUdLx>K*>o>NsD6~xu^?~<Cyf;8s
ztDR(n80CU|xq{wl>vO47pd&7d(E=#WW1WQZP-=tm)iBXTuVa-F7%S71OZY99FSqHa
z!x7pkCf4xE&{EL~_UqVA6{&CkGfZ9@55HjmsHCTc{Q)GnmzngJ_(PRJZN9vvF}QfD
z8g=EIsi3D?u)(?zui-e>nN3`Y?XvB<jYm;{_KO}NNjt9n_i#$yD@ldP7go67#NLG<
zsXZz94aM$B9EMeg^u6?ioajBgy<f(Y9Ip=QK%DFA_war7<hP#vJ={C!&2RTufAdG$
zKJT%Jg>B{w>cYS+by!*fYp+hC06)#?lxFk!G|={PkrUybn|@9)n+b_OzRc&CPwWbk
z*`7z@QajIy!}3bKbyrm_!(j)%guJVJDy>f+Bx(4XJqS!&G74D%CBb1f#%hWeG39+q
z_NX~gdhLO&+0~D}y#G6w`O>S+0<*vsYUkl<I^FI>gq@f&kKixeA7JhAnr~QtN8mEF
zK6XDxc9BuKgsv$v;G>K0Eto}q?vvvo%ln|MMw^wtpo0)eh=oMRHjo7yki#MlZ70gk
zQMLNo46%?rT>!pL;TpfgpmQG#M6J6ErIG&K7G6Y%sC%HuFE?SK9|F2Z)Ew&0oF!)I
zYmK0yV+0se)cUD$giEM0{z}#X?2$`@Z*Tlue!s_o+rA~@vaB*+gcuy=y<a5hMz!6&
z67J`mX;!gb>_>y~;F*h;HG`IEdi*_-`QqDz;kwbU5WsTM>3@+`x`S|7zNW&|lw2==
zf5|KDa+m97@j=(mYT_|-OmcLn-BYH6)r&>>4MxTcc$RH$h}j*%#;cE+9-xQQb>Qp(
zNkF#0X)C!hw_$qhS~PGW=-0Bg(JJ({;7|H{fY_Lt?o)Ep`bzCpBc{haL__J6YCJZa
zcb)gaQwn`E=S<h++zE1J=p~$S_<qLW2#-wP6}m{>;~kj^2bkt$OHx*s`h_4WyifJ$
zmmCP<NDUWnw3_LVl*3p(Jb<Y7nZ`4JH(<`)v^!&;R#NJ3mcy>X=a$A}F8TI#k-@!W
zj?Qjg#NAjQeQst;$x@TZgM3z5gc5$&zuyDIHx8~bSQ6C5QX<EE4E~Y(t{w7YRBEgD
zsPDapz5tnfRnnrw?sD+i!<VuZJpms{2f$^nY#ZD1<f$_une(Nyj?z7RY$SvDl{dJ&
z-nZ*J<w?ywbRqnS{(+<kUxZ17@0r<-oj8LKE_(!RP4N-6?A4&8ytri%3Qzx&+2^1c
z=dCW`l5d;mjh=fPV+nyNEc~3bsbeT6+$8OH&uH;rs-0Vo!63ueO!hV@oJ_xsA$Fn<
z_&2u%lxcEeEf$0%Wv+W(OF0C5`qGLKvfO~ZIt5U9+l05cmE@5b?ZFU+FWcDcKK@V|
zm^){%Ti~`&Aa!ZIA}jgl5|kmirJGz!SMt#N@F#Xu8aF<lk2}5PO)jygOGho>=xzOm
zoD3E-FV^;@j%B&GXe6tDFTvj<$H%_z(0L4sqmTYenVA?c`m9l4T_1|Ps?s}lDIfEy
z6Z1+lVT})p^1*s5QT~PXb1b~~A(878HSuK*T!p&)4g9H*Y#Qy2`T{v9IdOA8duOcS
zgXi8%ol`Unz?z@C9(CSZTAeN)?t}JSzb=14zhD0676W*DqFd)U;&oOG71W3Vj2zoL
zH%TuY-78Iv4BSUjS#=+yEN`bkg}~k+h9@V&RyLf))B}RKcHBn^CzyGHR5R{)5>+*W
z)m0|Ea!#z{JOaR7cvwGQPd>*dgS_<g!`Yp$Ny;~nhAZwoJqUz^PpR4Y&N@rvvCIb-
zviI!vemytk#eXhB2V$N3_<7BFfC|78PwFGl86acHqp$WqdVa6b8EFqEN}il`tIuGq
z9;c9t)n8(gs)+w=MEBoA%3uw<JvU@%R#?C$L~+P2JjF@3^_W)ef-O0n+B$cb_z9xY
zXr9R&%*WI*$)sY9xv=yuTb-e~*H4EHw%m4^M`w*5gBdRT1`0k?NqM@tHDWuWJYhv{
zj6@_cA8%N`euC*JXp=fz8oeRW2A@T`8@!zhYJ0BV3y1u+Jbj{P?V5N6YQ`)7`sGWX
zIcRnCJarVcbHOOTh-IK!0}wen^U-tyQhLgeYkPdD@2q1>19LjKIUc9BFg(^NZ3s7v
zP);L2>!DXn9vyyUijI8do^`G^F)!W&dMYZ*WPlDwnmt}hr(M2~rG4v!GfBR_D&qXw
z6&}`)3iR-wT6p-2Y<N4~`lMlagsZ&j%%8jJ5xWkkaP4c*!+CVk$K)({(24hC^|m;|
zT|MxqC@tp{{$7T^$C_IWBU3Rr-%>$k%>nE?#5pnu?kx)dZ!4As(|wY!WwL-dbYH=O
zZX3_KWPD}1A_nK+1GRZl;34G6`{-PeG(+JR^=t^+Y;s(gvA;2Z35F%&_<SAT>$SK(
zn79kv-P5a&0Q9UJY#eGkpXd#!db|9{deDuPC+GPZAGP2|b<RE#dFU8eed1nIprTMR
zKTo$~{+{;AtQrtXG3hvkCfI)dGFueakRNE!@}mTBWO37S`3O%R{EmqA%#|Pyz4Dfy
zPsE+FOCaCr2kg1;b>w}EjSH}Zo&r^|&r!ggQRmzKtu8xM$Wngv9+Sc^h5AV%b*9M<
zI|cLp+@C&0@Yrqm!H$qNm@eVt$?#OM6U%jK&3<4{5?j7?+HXLz%fsz;#zUwV9r|M4
ziP@F)|1g;2zXzdtYwUo><<HrL!0paC_W9`A!^AHP10M-stNn%`O!I-4!_YmI$1`3H
z)tdpuPYn9G|0c4it0AwbWdz~g%ZnSpC>nqSc}tH4J7L~@D7oSGkPbNxiHx;|z}4^e
zGjrj_22-_uki4&YT%O?o?ieh@zOLEMa`_cxvJhQ|IjJ{dtM3|~qYFnwSid590633z
z$X+`AX}<abQ5f^W#t`=<Lw^+Eq+Dd|Ii&O$l5u>VyWLawDE3%NLk1oXgut80b6}S)
z_4UpN7WV>=FBe>IHx{3(n#!RN`F8N>Me($tZ(5ch(@(PME1iAoev6VeK+;2Nkm_;x
zc)#KA^T9_D)!g2v%l5Y`uk7dZ4;XaW;Z)|V<-S_^Mbo)9^JPjsTjxu)1t0ZS<^3Lc
zC4UF3elNwJ5=D;U9@i5x4?*Q9#AdW}^G><v{tGP=rL3dfYH*Gm9{z;+vZP6#(9`$5
zWdl<@7Nw~TegWNY4nDXK_TyqPdn^tLwg}6CKA<q;r^-66%vqxo;-MjikEV`YaXO8s
z{cWAtIt%G?=hWAl>~{`QoZ#DgicLvj*z9aFb<9a<BUmU~?~_3FFfGn!J=@lgo5F<<
zyb*`xTHbaKECSelEDXPk=~%P=9L?Vz5UCU2dkM6@ea)hXA>S8USoNVtCEnMQym^Af
zB?0eVkNlS(YEMc7`jsr#`^6+@`QiG)A>(9gK+vH|N{tisO1>>atAC_W@1aqK)dt)M
zw%k82=rEb|Y|J%aV_d4e&h(%I;;NDz+i#W_NM#VY&A(WTn{$zQT>5xr-LLl*=q<MQ
znw3j`9@zNrVQUt#sdn$p!NW!8*maBY@`*ih=-!Qdth=v^fsit$JaBR%y-%k%**6+b
z+VVMK9qLCwBbYaM&{t!jkDNB1e>t~+o_e(W*hG3?Af{L6vorLtr5GR-WYB<mmUD6z
zYynZYV>*35>}HEJOk{FrM*27BH~`96G&ceKwCc@TszXUvwd2n28d9FhSFBH7d}>I_
z!9NR(#*T4>rP9txxtyg;8<lNOSWL!Uymg9BJ>+hffjWmqT(2&(YeDXN^0#PIbdG)A
zW;WLg1?35iK}YEOD(S*F$a%$DYKK$jVhX?#_uh!O?icrl_ByA)hUvjTe1$6Z`Z+b4
zd`|w^8`IP`pDuq?RB>>0V^d5!bas%iQXqP{go{;+h-%9@FmOr~0KSoKGq(UGfVr<$
z>D}KpIR1M)8*U3SnO&x*yymVchuBl@d+94l5;iCDAzgDZnS_hsC!vAW&>RdCLmu?a
zXB%TlHys9|>s6<cczl4%%*Ll0PfVQh_~sd|_4d&(%(?aS`&i@%rmfZ0ZmT55j9=_|
z<>wA`o)Vb3Iq~Xp=i5u@eV?+UeDG|_^=O33b&(F3oF_O3PU12oz<4)RR7h9eLk;j~
z%IcZGr?ym}oIwwCQYftB`5F@G@ptcfi++xoJVDV=WWDwn#wy-38pWcYM>B)Jb&iv1
zQi)d?;W&J~d=gJFoTWkY%8Q0EcOps-<1|uZIc5xp3L7#8-y%;<c-o$6J8>L9DWx8P
zi4ys9LGGNwLwC_x?Rc-3cLO&7<-joOOj~haY7MbA8_T(vr|8bq)Rkxj3cnD>pB)m_
zHG%)Y8-EXU<8-0nZu-NPbF3TQ285gEDdo?oZf<2`GfcJk1F3wH=GfaXr|-C;lspEj
zdglpe;{!vON0l%k;i``INZK+FKv+=c<6Jc(onRLjz5BQvWjI}D{IW;9s&+^RLgmqX
zg(5e4YW`lI&zvMLkJx<z9u@qG!YfC&EnrKV9`t2M=E39@p0EFcE4ZbctVO<I&kKpt
zd7bkTsa`FVjRx}wh=#fFmXhT{)E<yEkG)E~@ajwRB^RrDTCW-_7|Q9rPWgKMXf9iw
z`)_gvG`|e93c42me)`6id9dP>v9|Si(>C9<`SM`)ydo@Msmqn_c%xl`Z3;vcph`*V
zpni#Be_ruXpA{4_8!`9ft!mQ!jxWZg<jfKOjv(G<2eg~`8QvtC*`__|xLAxruEkJa
z&$`hb=imJC_XxN{qJ>199lqBOXQhpuX{o5Lr`9p`LpG%~;+ZsYRRO3~$Zv#fuDX0(
z+OMwOCy)r^TJWQz<8a}`&934v#^o~`=R4%g$Sm;Xy_zFkcZa|V6!ovgYPVOesA{x7
zZ82-$)!}1Zox~^dvne?`8+6qp`?CYUY`0VK&0`2b9J~1>C|x)WRQxnxv^a%iQx(W8
zci2AZK^quC%w7*SuB%@F^~U$cPu2nq=8=#h|I8b2LPT#H;614F9?gK*zL7rj$NVy@
zd~_&%&CW!<U4cdS*d>c|m;BHq>Ny<e^9XtRVB5)=>hi_esP~!@kPqC%eqwwdz{CyJ
zrK7EWQH;(0ZuAO}+p3lj80Yl;?$HUKM)Yf25i*#2_7QC14Le8R5K*&|$Hp-g>E!))
z4v}^p@mi|Me>mv*Jv5Fkj|}!vCWpm{FTI%IQ0FX;7*jd#cSFRGJ64cmJ;+qw)%-o_
zLp@$%<<Uz%G~@Z@zkz>E1<MVl*T`<t(M*^8S`8onsE~`vjPO3cN7P+8t4UlglFED9
z{hnPKb|HA0u)gu22t|n-Ms@FA9k0%>)tQwzAVEMVEUa0EpS(VRjknu-A@25S$bG*w
zMCHWe&4e4)oo(|3oYz~8mV8whj(<@Jz6bIU)nF9sax1z%%yaruFT_%z@AXH9;7cxI
zNLAd6B^?%xHFzFqIJYI(#+ixMx}U$OD!9TeK9CG+I(moh+UO-))4Fysm~<9D3x4;=
z=~|w%SMiY)$9osx?|A5^E2S?VRwFTok69b|q~oo6Bz70K0u5z}?Nxn|a=Up-DF1o>
z#Z)++a_EQr7pH3NXRo#Y9y3=wLM-<NQDCX%aX^}wS~gaW#9OGx!R{>-Q|^L=W=N8l
z@Va!{a6<c4o`>-Yz{HOQbxceMy`=*SETF8?^^{WE!Gyah%<rKNm>Nq1Lmn6jYG&2%
zeAZ&qyk_i6^yxZ2Pyg-0HQd@hsC&}j2Bka6Qk1{KX>;Z~OwMy3Cf>QkP<^qz(di^q
zMs_lE*aY&qhxiE9jg)-Mg-;P#V^e}XdZ@u(h{nxAd!&P=c?5LY)!Ffo>?X|Ky`2|q
z^Ah&*Bs)@&A<LG^J#+%q>`)oDv|KV)Wnxo^xnZ~TOW6mE!vvp2&^JU3KKF8%JfSh*
z<cVi!l^&o5pCwX;!E?hl|2Elp`?Sn!by%Y6SkxSOi*3)n;Pgc}^81vkb)T5)D~E#p
zR@NkVsg=poH`}1QMCc)Leg}j2@4<9Q6X@&u9sWJ_m8pkVDXH&wJ+Jh{zpYRSSsvw+
zmv4NOyRdGcO*r`WtKRosAvggza;NYysqd~IZ;A<JDm-<drE%8gvw3?=iz1|-T8=MN
zvF)Cuw_-e~gTXI0&35Rw=7-J&bC|;tGxDXxNXI&>5F&<uDdLIqHFbJ(1G~IpDaW%>
zLXKo^huzBzyqVArNp%eR1m4T}Mcd91vGsK!)b~#e^FE3NJDA<*_lbftBXm46l8My}
z8aj6orcK$F3SmdtXY;-lSqo#1Y`XKM)AHt1wkE0b3aHD$@+-Xsw^3&^N6SR-9s$Yb
z&u;zN+lm_bY1GH4jVBNK*)Jhw^yvNjsJtvZkVt6p?c^sJ5gwSIu#cj3J<{=jx@%LU
z@%TQ<@YOeQELKc;WXCQAflPffAaQ7a-e3FgQFaM9b|Lnf`70N8k*KGV!Ls2X-{$vU
zBI!w*gA|)f_;uLLqf9iOEcmEzL*Oe&`@{eRbjQ~ZuSbRhz_9LhJ1cPY!6^?s#(HKE
z?QU8=kPbgo+)i`^H5BomE+fW44xJFNmRCdR`VCOzKI(ECE`804$V{&+$FV|}bBOQZ
zbAie4Ia{C$_u!`5D|LD=J*bQ@z5iyqoW;#uCh=V5NlcpMTZae^g7zfwqn$R~?V+`<
zV~>5@d3%(S#1F1rqF3d&)(SIZAHeZ`IWr)bg2C3HB3sh=wDvauZ36T;O1CL~7wZl-
zSwKhSd^fsk%qaE9yxyIt8$y_QefgpCBlxZgb<tw=&${U+qvM`r4a&WZlgH!IuH)%E
zko~yS@k1t!++SnyJQ<rjXdh529S|B$(+^_!ob+#==f~ni_&xldw|JCN+#g=^y$7UN
z?w4y1cx^FdM0rf?%%!;I=A_2|hS^*gn?i3J1lRkYiD^IYrS0fb*A6ekweeZH7*Sle
zXvYYuu0pK|8-&2u&zCtJ%jX22WO)^A@+|_2K=(oE@aT}hy`H|YtNSk;*gU;XJR*Q`
zhCg>v<<fu<%F}BnZ(J6DlMB5x4=1<SSNN1S8&3%$WukgXP6oQjm_5L?s{(euI2N(d
zm_D-(lMN0r_TB7NSDd5;4_7biEj&Ti7JRESQHna5bU(p0xNZ#7{nSd3$f+bhXOD1G
z%ALjctsBCnZ|_PZD4V-SG#+ZuY<jpGqL;RZh<8Xy&q?w4NC5sFpL-9Cf%7TNl<Qn^
z#3Dwg2zz#=sQNDFcv+ICaT4(A*P!s;f#~jJGu_T!0-r(%V{81qJb%g{yYXH9dsQ-B
z*vTo-u;UDUVJStHj0`1qM(HUR(6@5te34bGkX)rxvVP$y<a|GTyR{@k#=k+|V}W@o
zn`<34(n#i75M;KUhjouVT|00jls}ud-pefl0Gd3}i;g?9sh1ISa^Jr_`#cO;%?+3%
zm3TawV)=9Gp17|zMu>drxR1wdL4bVs2a{QIv5+ABahSfKH3m3kSf|LdPEL^(yq#JY
zQnGjY4yV%TbLlELD`>Is9B2!Kv_c@UUFSnv`=|<%R~vTCu+@{o%hwY9gz4Pt(E80m
z1}GT?_uU68WqY^=o|+q8d*AA*on&uO0yl^Nsjz@YA6O42RS!2@9LGrWg_u9jGiw`o
zz`&heG1r*Iwvr)w`)eGQ1Md-)fsKL2v`0+8>}e1^$OfN<qsG&60rIF)6K?*8`uTgn
zK6Khh$*YPbUwz47J;xi>n+~Rho0vWQ0t=#VMf;f2TTr1SA>VN&p<JoQSnABfwy0vP
z^LfXRIHu4ApWe63_C)%@sXNy1OZ45-_yG7U>)Qq?PqN;zN2kqp?u9t8QG=qnn_G7-
zIFxRC7z4}MD>qts!t9J9(HeY)eSpog8YgJ<eXH6qcxq;u`sDlaBUeXUD1BhJ52qZL
zFKi}J;k_hM<U_`nY{>20q)DGXh@Y^XAdcoa;pn|`nhW-h>YVMmEGgIQhQN4b`g;t3
zdh)%qNnF^??utW+Dn8M(ay08cvUyro+z1(G4vu_RK@i1w&p>&Wa1P>a>uslE_#zfg
ztZz%f-_po7P`WvozUD%>`V`F+*WCGLMDz<r*ttn&#}W#1W;X736n^n0zltrVKeKdi
z;7_&I-ubyie~;vc>|E&D&u#Fck6|RkTulDPL6FPz7B^mC69~H;Q=e%)MO+C|LU+WX
zw7jtm&~XGV+lA>g|I)$Vx&T-#yjzfm-{*oh-hAu`itZ_SG9-|bPsN`8^Z`Tan&;+)
z$NFKPz^L8Zay_yLne&?1em%~1hV<!zNcxV)N-y_vpRN=Agx73Q+m$q?n(?QH9RRL8
zk)b=#MzOp1Uk(gdA%c`(k<z`&;B>%Dwe+TGB9rU@Pn@ecPs&K3y5K8s9?;CxVXLi(
zH^?eqN!6Z;IFn`X%c|V@CRN1h<VihTr`mn0zv+r=2?FHyh)A?w(x*SAcQ2Oe*^h>?
zX%K~Bao;{y18&9RyCP+~f9F)&-ImiIO;VgCxVc{MDOA1_VWxG!B3I`=wG6T_gK|eR
zUj0?fF4Cut&xRf+WL@m-__;`b5AoY8*1LQasBXmZ@h2_e@^xh|lKzrFg7GOHk2WE&
z6u+0<eB{vid}$-;i7JG-jC5v~%Na32{S{|d(Jxrx$PUpN7C8q}@EpFUzC*FEOS)|M
zoPG+B=ZRUH_Bh3Fu_5iJ>l)`AvT|&gF4uGJ+|=ai3-lI8WWR0W-PH1={?{kse%CSK
zUZz)`8Ieyh$q3P<_PVXaUp~tdp2LBSdo~X<anhVCTCPvs1Nw2IveXOFw@J-W?*`GP
zTdT#Dx^-13awh6A0k1Rk*f2h#@HIZe(`ew(GoT!&sEiBhdM)9}u9Cy+9}7(S;vekQ
z$Eo4HFlXusEX21BuV-RHRXv^X&~Yi|JF-oZECBhl4fvpS$vG;R<9ROU)$3$b8_^X?
zc3SLFnENmLt)GZE_I1SCxnTDZas@f@g^z!&|EE)*F#fqre~<m&xQ}}l*=)~y!b6)2
zFvq^bKiWflZX{|$9ev{X>*l{_biYy16iK|7M3wuRyi)A;_SlWi++s?PTYc?*#!eC^
zAn`E7;mfx7O2dsgwjxr>dYieP=(1DjBURfYcjEGXjRt01k5b-O^DuF!8|lgS)VF!$
z9)+4!Qnzn_x0+aK0y2Yu%v*)>3GMgJMe>j(1ynoZzpKAy)AJdJ(lK!e?p`=Z5>N)8
zEd{{$KI}d~tL>nJk05_1j^vN{Oka?FDp95GCe#^Z5j~HG?^CH1jLS*aS8)ib=kwEf
z<hCjdFKD;Vs&sH_(WDL-pT`E!479#6wDVZdy`KZCwR#tdtOVysCJcq+L&A*tKaC&%
z*MI%j|9Xq#zyH7gH}3z<2mky3`LF-~Kc10_uimP_8~%i^C5v_)<4~4yEjRo|H<68f
z;6Yd&Qhu*Y4ksSGv1fUm>YTab1XwqU*_Hv0dpoD}V{=E@*aYo#HU2uN`nj?J{&e5)
z>s#;lf31E8nXu!YuuH>Tb!Bh{Rv4oc2T+hUa5#FVO1r;%bAzX?spVW#kS!Slc1`{)
z1@J-w2%aiTM0cMr`0~e-{M3x~KL`{8M-vVLacV!x)LAO;Cjfpm7*S01u{7sOODg;7
z;*M2|10zd<dB;_AnRp`E8>>Cisq{GR=hs|K{SZnyE}UEP^TOq)x}ftn)2zft?wFi;
z4g8#Q#4NvjZL&In3k?ERH(2?|RXz)V{kYa+Pb+%tQX)2jv7g#+y-n@VE%H}L`R2v9
zRrl#;_LE<e%CAZ8-#ql}V^V)NPbFpVd_9?X`pVKOM8Xp{X$|G)l3e>7w@5B{AKK_}
z3^amcGSf_lqqX+Bcs|_0j&CYmC31(!bA;7OmJVGx8novZXZg)o>P&6#pAW=FPwg9x
zsSBv&o}-TlruP|Km!PECbM`<LAK82a*<Xc}41EBO_F?WVK91AW6$mlGdBB?yua-Lt
z!P%zwDbGHde}8q0{l+#tdoI1I`{#w^B~JgQeRZN!0%_*-QU1b#tKOP&iUObVFFVeM
z+GU@<gtw52>00s0sD@_O1|U5_XWGWg_mE_kfsSNd<28oO_w9Z?((h6r%aExw_;<=Z
zfSvN2t9PoHg7+=|twU=WGoAC9_5nt@Q9anSYi=glAe50$^Hs``Ng9}M_#N}h&}ja=
z(Ho2N8`vCxk-hHUmHqyBsNYr`=eV9*W%sGYKgknAt7*Sq<f2d*RMkfxNf-^FI!_;N
z4ctDn$PYrW9b<qhFYz|v@PTV(H!<n)W4hKSDVeL-tR(&1^JrBF+vY*6<X?w<zil2q
z%Tquy;)9HTJN%zp&ZngKEM5sXu7MurPI*evX^v*_vFQWoj~G(4UT;%jM?gE7PapQ%
zbSW@!jbmFzhVC7?5urLy|K*Hs4~w^${(__576NBQBIy`Ud%o)X=TZz7**tb~_y!&L
zl8~>q!SFWhJx@uP5u<-;)Rr*5ND!hoA5pV?%lB0&3a(jLx`61#$~xIcF)2TXZ98qn
z7CtU><d>i6@A34RRzgHnIX7kb)}Q-KOLZ<xjoYl53lW>xEgnGAWcz-F)T`B}F}JNP
zv!rE*%>xj5^0Y+g=S6VnKzaDrjD}U+5l1i99W>QVZoK%GKK=^hw*O$&`e3Abx6ONM
zh<X3+wd7uQMn@XI_g={6>~E%1u&yXBQjq)U=vXy7GJsdb%TFIaz*pDn_*Rd=7lQ1l
zZrIJsuCPjP%VGk-ie9p~*Qw~|;Kc8-TF!^<4vXl3LpwH&f17g{#JNYO_|o)up<(9^
zWChd=JhbM(FV+e#NchF+VzTtGJ+<oV45&-@bB#7Um&l80#g@7aAP*NsMw>=!+`M|?
zYi<8Uo_^14hLYfCMR^eS+Nql)Lw|onrb4B<-HXzOv|mPDUh)tCbAY#pa1aoYxH2uf
zpz*UIe2mx@@c7xt`XYTDO^-32Q@$*IF3w2zP+b=hOUh)3*}A{5;QSs4y!C0Wmg6NJ
za+3)rIRyVKGXN_3DyLpX=96eQY-*|0QE9EHCYW#J!$Cc@h@ZpDBhL+3W>5S&E}jdl
zm!OP;?^C9@Z;=;3$*lxttFJ4hrHw{^=WhO<HrqfnrK|!mQy+VD=}9Y4#J`{OJi)0r
z%8$^mLqYA4x|tmT;@w$-WH+y416og$uQGfW99zXVrrMXaJ5%rbb9A=#JP}}<JiYRW
zv+Nlf<mlUjB0qake~&UThJZzWPCIQu#2T#AqlQQS4hk2dd7C;#2l2cbB)!u$eEZ%a
zfjt*ZY{8ZLSR&Ro`^wdB;|Kzt>joCYtPtc@khWME>}zxA>cp)1BBU9*MQ>pLY;gQN
zCu2B|$P&=)u0CIAD!O>XKFT-!cURnXce)OWwiJG?SMwsg?Qr$&HY2_ZyQh0RFukq?
zYQV~u?jZ2_@WJ~H2@7(U*D|#doIO8-L1gcM#bVtcfMjsvpAJ^PhcJ{s57A_nLr{$P
zWw6UQxFw$WA6SCKiU$d!*3t9W+rPu$3^bqaJ~P#E?(jW#NJMSY0Ay6I8^1E6&^t-(
z@c9by`P{Y#xkC0hCwK)1SGflDXRubvtoHNE{_gOHZ$N&C;qu7Yh@}VX)YfMYR=Cce
zwdwe&*;5h$;CUiLlyWfdLI)k&ULOgaTFfDg$I~Cr1-<tW^0_zcJ|2GLRB2DHceU=^
z$A~LM5aSvtpZ5}XPLCw;{q0ZjyM266j$b!#5Ek1Jvr%Sx@(e^t+t>I{%n5;3HYKD~
zBy7J~HGFtaDaT-r>Vf@2qLzjyEDJNNg}{A>FwFv;=iqj1B++SAED8^8bxQnqj6H#R
zSWf_5;6?uFD*n4Sx$U#}n$529CK{@Y9W^4&n1?}M+Qgp?*Wg>xt`oOXQn%!=K@YfC
z<9+Klb@c3GQ5G2(;Z4zL%&qcodE>cORp0e8S3o*GRw_7;^~cfHTYbONJ~UR4(ybG}
zlL&vaB?aScokMse@&LBoqY0JwTBu3$*2T8Jz4g9bkzi2k!K+N533dW*&(eM@;{;~f
z#j$#-J_pJzZ%y7+F8>+>vl-;+>7%Px322t&VEVUh<cR~aJaaYiK^mg}_MiIApnwUe
zmphYHTnFpO271p%S>$DbmV>hK=K&(09tc6)k}U-+E$rla?4Sa=R~_AC=<C{i%p|yD
z|II;PJ?**LJ%%{d4M8<%LjhlI^=H@|Ir}~bKN#8DH;>sjK>2&7_~&zfUe2iO`vvF9
zR)V<PQUW>Ec9Zk&zPfqqPh1u>soVK4Sf6W~dW=J(``CcSAnth@O_b*}&Dm0wd-YPQ
z3)->pz3GxycT{N$rRQsGHGWIc<tZ^<xuM<Cf-PT{jQ;Mp`T69rU5<47HhsZg{CSC2
zp_a7?F61L`$zvA5e^zokBt<vi$x%C|cnFszye5e5rw&w-=5rkDy5715i6P1S0LUL(
zG3H#2EFLK!%TZb0D?XWMMk8}|kI9%G@4d}<hkic$@1VXcBNJU&AK$J!2S_UB27k%<
zO~xkQ{U^+QBIQq(k|z6bXH!&kQUqeX?&p`#!YTXR>yt(@sc3JK^M%P<aNwJPkzRSo
zF7?f_Weu*NFg-F}bM1Ok?kjPu@X%77dgbTnGX6em-mm|GmBW3C4Anz}*vD<xKR4GP
zWw>;|_FZP9Kh+|hb8+jO6(ETI9A;1f_1{z_x*g%CuQf-F1^rOU?Guj2?NPIA7rhZm
zzE^jtWllasjDzy!2j$nyLj(6rt`y<0h59d4!~c+6u$HfS*S5D<?bgw%&2v=2lW(Jt
zVBEbVn_B8=f14Ot@KtKZeZ}4eh|dUk1Q!(7QOraTD+3m6xJc`j5^$BS_<<7k`!sVA
zU8SVqTv_QGbY*I!Bj)RrB>mz$uUEz8iTe2lexGQ^D{yzrd6xrn$dEoCd}}*&a7}rG
zf$<E=*!%mRmZCq;d=4Og6OGsVNpdZcLd~X87VggVLX$nl0d~{`o?MT7Om?qW+_3D9
zTI9rp_xgOGTIzARi)BoJ8s<#-#oYA`V{nc7c}Ma48tld~G0Ov0Fuiu87sBWXBG+Tr
zZV@Py6fOD_1L7Wqe_w4B`lOx<b})o7_U?MB3i?wcml$wDM09j~4ZvXv!(09(B0gXv
z-UMo|M)6UQna>ni2|@QMT4wJ;<MJ%VJsikVKie^WpPL(P@<~4WG%ZI}as%SpqIEn%
z4tTK%FT#GbC#UM#<;4Gijg4tJ5T2M^Q$I&Y`%y{Z%8nzFqBuob)%0bPpUZJ(&3M$|
zCS%=w{~1NhQ%4+KA0;v*G-nCGl6wM?U=JR_(k%UXC5pd~+I?}W-j98h6k5`>TIa2U
z&#bT#&pEb*%{{(P+H^|P8L#svBWeuiM}}apm#v0LQMaI+P%kIg%6o3sW<2t97<D;I
zVb)NqU3=pg8Vq;OJT_IQ<<^+hU{<$bN6M29Zla-ukmt<LI|uxII^Sb^@@@pB0>L!#
zs}^a)Zut0zjp<NBukz3?F7|YPl?3ST^Zd1f&DJOJ>?u@#Ecc!)n$NqpO9U(tmlX6K
ziOAdHu`qJcPqO%)WBE#h_$|)(ZU~?L!5gG>*}i^+zC_X;v<@oU{qr94_kq5=Ek#pb
z#&VXjHV~J(m8EF_3<z@r*$HiI-(+jQF<qjP{5Mz5E$t_Qh%X_C8))&KbRp#0{p|eu
zTxn7f9*6J3z0R@EY*OovZi^o^KId`H#96!?B3X5=QJe;|w5o7uZx--#nf&KT4*tFa
zNbK72-Sb&~-5Tw{c*Usi@RXLEgJFRfQ!dJ3Cf}gl2V@yde_H{@rB~o1Mf@#kKSU^-
z8GRfxpz{%lJJvKNnj%&Dw3EwF+v5?d>52&=_M`^fgdLAGOyR?KowOEXk^LMz^|`Fu
z)8Iefhy6~jT$TqqR`(Ei!NU{OOB!;%$pZvBCHK~zJ!{`-Dys~jU7r4ojQ>2<-0hUl
z2R?K^rzg++qN*HMv$8<sAfxr$AI5l^%lwRI#zDuY{<Vwc`pv|H$Cd{-9p3`8`<Nbx
zM94MR%dB6^_Xy|x$t(WDO~XUGM#mAIN_;v%a>r2woNp+T(JnneoeKOspQo#v?)8$y
z85$=1`~36CKI@MTPi?nH7$5|M;*(u#c;j%3Li0hjpcrQcog@F7v1`e$BuSN9;^X{=
zfW!Wm^o~cq;jN?YLFcI|rF0eHfSChk?+fS7)yFXAB~7Tj9*{96LI?O#reB<DD4%zp
zA27L9lrg{ZDgW+GgmEv`xxG-EZd3;`&ZELrXHZQc(GOhb!wl#^Vv1qYFVgZ8YxF&T
zPl#AnYQ_4Z-*^euou|S*WzTLm5L)uhms58Ui#<N=>H=f!0)Q2wTTAzLm15<oJ*Qc8
zS|0mu*A!&lFw8hRlo8IPzif5*cQ?bKW~wg@uV);=drm|sb{J!hs`YI;lR(hJ6|W#w
zL)uylL&i(&cJtKV_Yod_R7p~^BdMb!-OnDf<_0Er%MnhEU@D`*PvoI0L_H`jDsxD3
zrWbv?&!Q*zfdmQyy-`Zt3M~A28Alq&Hy^<AbJXOw+fY^}(u0C8kEoqF=iq@H*iwlL
zKG>>v`uf$$36jnC09E$=F5p9Pj+W2gJ-)TRZfuEJti`5CBX)5l`JN<=i{49JrspJ*
z92hQqAQmmoG$!6e^hAi96+E|C0(Qu1z=Wp3Nwag0_!hi0P`3pae?FPt6CVEAf(DsB
zI+lBgvbr8maIS!}%Q)EC;%)vYWvt4T2QiKsaS^Oqr6M%dpTjRjSa<FmKb`2SMj-wU
zX3;+{OL{a-a6+2;rb({N`F7J+V0Z}_IUa+j$FlDO(1aBy!AK9T*DaCz0(0pVX^YP)
z>!|)5Q2O0t0i478EmrsR5t#mfI|z@KT+xB>(1CkD_wF5J9|d+oAcJ;3Jvw=ts$S0i
z6UE&UC6x+38lMg*O!&boWp17*UO6|8g8Df498r6q#O4GM?5ps^apel=y(THX)S^Su
z4^&I?L%w+Uv>J)@b|7HNg<qp}{JSf|Y(Ve-@_6a1Ff2zGt<Nmg`nBncpF<i{mcpsW
zt7&wkE}<N_6qVnu*f7L{#(&-iwUg|Pw2<!mDw7A@L@}x;T!TuGUAlDhK~~bVvymlC
z{J{O8fFsdZFYQ9&;G<w-yAKNP+2a;BKTCX^&T!3SXe;=ci+}fVUV@VY8+zK?PF=bM
z)R5Qx2tpTo?mg%I!T4UnXQ9rs(^^a=KJ_^PQ-0Gy5}JRS_4=nIE2f(K4kmzuc&v|i
ztxZd8Sw5V}4Fq9<h0$wBy{IgY{5Xp`5g9Q&1Q83UY~b$Zw{~l8k$$dfiY`Rb=cec{
z9>BjlKP#bl_fp~R?jsXh%ODDkDz$U7ya#H8#E;ymZ;~D0l-*)KU-DSFy~QUfAClJo
zvvSdG5>)ABw7GVN>MZSr2)Sl1VczNDIO)JVfwVN|%qa4m+7@By<5$_)mq{)je6Pvj
z@xwb#ibvi@Ma2zQ5QgbA=%3H%cYaRLf9tzF^SNpF5Qw4Cb&YGB7=ojG#Yi73DTkht
zBRFOS+6yZQlPHg;*bFw=RQ^2~tB8<5*E*H;DDS5;LEQ^z{BX^2Y8wE`8)Vja5g4uR
zeP{QkZQy-hJUp}^LUs2}o_jI3z7c_fcw7`6PSDHyCTHx|qzeD;E}<PxGkWDZ=#UBg
z8>0vLB+L83s(J}yP4JA1pL<d^9${vvUVqH{Wee6*Q5%x=zF*Ye_;8k!JWlI;`3100
z`1l5>q2PA`l-!Q0N{_Le4D?eApRZtg$ZAQ%<*tKEke+y#B*)KU>b3SecDC#rOWx1A
z|30?%i%IbBe$@5NN?dtJ`P`C4)6IHpMc$K}RkD2e3%plE!K>02hv{5v+m~p=C#%nW
zRMn$LQ0YYM-v*S?_8^x7QhahS4ykl>sB{sMV>Tb_K6fsD(;OiXH)MKVJ!|%cj0Yd=
z#yx<ya8WS$zzIaq5a#NfZ=6ebA6^>nfuHx7{JVoy6Y8hNfDgC=8+Y_^suZ;Gh;7Hp
z4^~R+H6!~bLhivzuUT{N`}sd8=&QVKtC({oHthaw;^b+U)&(Q4er{0JQW{z;rzO3P
zg&v?Dr1L4cvCpJ>a3X0q!6&rPF*~AtZAfn)ov^fR@y+GMv?N*A>D#!pX!CQ3@%-+2
z*`QpiZyC2!VO87jX0h4*XJ1~ZcS;lMB_eK{Avm-im(6v|q8EhQUh>V1(V%t0#gn#w
zcmGRzW{Fp{#=%Na+g?p^wZw~bAyNIvk=QnPz>G03KLlAsbo*;3=19o>1SZoX^d41_
z%_yxAHvk426=}f_i!fIGlqNgByJV4sQFGXk>xwy`Ozch7hNbKLu(ooUX;$njE_2pq
ziK6Q~GJCf2z~>fLw;s@%;6NY>*Y~;p#F=>b0-a5h_WRBGiAVXGAEtX^77v=w$xO1_
ztnUmz5V~~Acn`)Wd$P#Dh>oe7I%idp%;V+$B2KZW3f{5%7}3Ev@UyRUe)rY-Q_u*m
z`x#<wMCa6PqP%;+Js*LTL#u2AJdd|jGpU=ye6!nr$-5sZKSHZXl<8vJJ+*Ws?0=ZG
z*y9gO-OHKE@YQz}PmvOpQZtTMe6+wNs7~WGOYs7=1sRgCPr+QtlWr+L!gKGnZ=3an
zd5YS(&=b^_8Q`BN;bHlC!hUz+rePxt5l~x`5-hL7Mg1zH_UN92AhDM;&Y_pb$Xh#s
zt%zo_KcS>o)S&iNtypUCi3{^h*xivo?~^F(TYh;Fmw8Y~<;+nZ@Xv&5uYuw{XLyCF
z=2SLnw3{VOTAgcfwfb>PuK~{lJtRIWhKP)Ck;^^o#kdMXX~3gQ_4Aqi?%l!dBk0I%
zo&33be?G@tduTiMot;Axy{p0k=PC&9_$f@=y#!syzU}!QdbP{7DrzD<3tPiVuO|O_
zdw``kQBiRFeho7=Qs?9F4hh3c`$Z`uFE8BIwrW>LV~H_deel$+A7gIA5}j5HkWKqn
zEH@UpH!+|du@Qk6s!r{{81nhu?Yl#+m4`sb3mz{0)D8;!?u*h1ycFw4f#)QDx<Kl>
z5qY#@+@V5S>^O-yjXP43j=TWfZ58`wD-Z48Hw*hxi;Q&uegbc2$moGM$(gy2u4(|k
zyk=DIqY=IL+IiwofucwA(N{Rak@&%m_s!-|d)W*-25y*n)X5Ac;`HnA^Y-%m?hnpX
zH#&%sP}lNCgTbrBOvo&H<(_JcY|4W;?R{s)QVfTNU~(1rLi4}TkfN}A%PhkdUaax4
zTdLK$f2)06I<zIb*xDB{;hVo(mTrh)kqnc850_o%gZ{$t%H8#<x>y=}E)w+!KQ`as
zCS0$Yrr3K8dy&Q<eHLjDKTBNL`|H->$bW3~X-VIXoe-?c`ibJ#HWH+O9DA%e-S=Mg
zy?%z{a=i~ka>6ca9qt+{m()ju>!#mN%k4z-j9`^+|La5kd1HfDuH0)EL(8q+IrpXe
z&WFbRoIxOUyvMK}t|od=&|rGW_&w#2i?ppgXb0~sB6l0Y2?LCi*7mJ(31eKV`i$(L
zM1QfQ^ScKrEt{*lOb>%IVl$23bn=sD?nB#{k~RWc6r#mlnHJlsoosp(=J9Wo1Gr7)
zg5G)rXwhvFPi=<)n}ori^F7y*jzQ5ymeRp$XqVfdLbb8lv@v7w>Vc}EV|T22RNLL?
zj)(#`R9DZ<Hm7q61<Obh$Zn88mL(YH(HL8Zx&<Y_?vT&#uBD;c-~iQNK0+M#vl-T}
zB{FAbImmFiNmF{QXF#gc85KeGHVvT_Gu+Px1=u3)>b2ttFFz^g?UNO;tZ?*i>jvOi
ztrBF)Z<aJCxQ*bSsd`gW#Y=k^lCda=xDR4-h`=g*3Sc6-7Y@|R0kH-V{8d#u?Q_+v
zw`GHGB*npu0_5L)&hxv^NqdtKZ&lLEaxF|D2%DpEe1Qp}Oz+{bbNr%uBq+PR!ugW<
zex3>$+9&{mY`FH#`6I^KP3hy@&7(%#fLnj_Ec)c}A>Iiyd#8TytNj2-PR!nPS)G9r
zWDD`sgH%X;?rbmUvOkb{-w8{+1E-oJUiG7^HHHBvBhxCV=57K3FW!d?e^!m(oza&h
zK1Z<3lKc6@^+Vi_FBvnZ6278#VFQm~>SxuWcRTRz+)uD`j}6`_f3W0Kbg7jAT6B}H
z2<KRdMricBF!H~->es__F+25MV}JwRJ-1&LlZlh7ysNiYpe`Ydl*$&%V9nPx6j7il
zCU!7Vpm09nbj|AUnK)?iPVvmcu6!h3(BSP~y#D;|r9L!tEe`I%yKqiYkfra6)TyJ^
z{CTo3gnK3lUy76W)~!#$wBa5CFN7N*;lv9K3&uzN0O(!&7eQ{YS`XJErvLpEx$K7T
zG71#|eJ1mpPzP@7q47ia$md+tvt%xIhW#_};YK}kW-I!|RT6I-KRSt8CjhpBa>{21
zw8S^it4|)sIZgbllF0Aw>x#90zw0CY4>Zx>k$%|>i;g~C_6T6ym@A~@61Q)9^Q$=^
z1$^VX+NzVpK!>ul%wMeCmdwP_`wqYrX2S=xq4A!-?=7bU)M`yBDX^Es^J=7{CKPxK
z)IDeYQ+MlCs2)AWXCz#>yZl1n*GT1!Z!n&>EDrTbsN5q#0C-O0=T@Kfen2F|`Gue5
zcfWRmG#_%#)mPe0Z|(MX-~X)yU(=U$<MKuG{Bp`HXCh-O4rAkkrgw8so!fWBBH0E7
zW@}dD9qh)g1Bc@}OB$V_&H1}m2Sa=n{t3UzT3i7*R`s$8+;3mRGz7mP>)eZ~cc#<5
zE_My%wmk?tz-USIX&{^xcUmLP?MlwIK4Mcs5=U=p3s?Q>w#e@eFFpdo*EifJs^HUY
z4_#6+$FKk0b5ba@jv4jKBRl1g`rSzr?)MwTr-DY0AsJr|F1lhj5-4mfX=yC_RkPUS
z;JcXpxBSPeAPAoY%*_ZU8zH>bfz0?a%4g9YMyYKgpGCYWG=v{F+yOQ^DW8?q!REe~
zFP%*+M>0XUn(u@TdV!Ba=v)JuW$vHP@@JjdK6GY^tkDzk6;h5Ck?Uoi4pQ#767RPX
zJXeMqrj6|rho>W-yI#2r;^TzL>yxz=pqCph^z=IhV_FoArgFcWfHiD?t3p&~ENE#(
zmal1_<y)g>_a$=v>`qzFIeyx#@AZ~@^~Gzgp|$C}92K8t?%g@v$lSQ?%JJ|zXUw6!
zmq0MKGx1eL^!TYZ@VkqgHT=k?oG~&!pPAGR6gSqR=My_$!eZX44!XA4kt}_NnP?aA
z+vRys{LK0m*!|Yt$jd5LN^dNmL4Ggl(PkQ>Ip*#XQTaCx@4KdGFT~T2NpYTA$luj<
zuG?ac%XB;{=Rwzp;KIn6c6!tlmM+>7reaQCkJLV&-~Qt)4rb@rD?fZ^g<jtL8Xe=m
zZky#l`p&wsFKG8;?SAb6*mJJVF5i@?O0lsUeNe)a3g&zhSpAZu#WeBp3n;szB;V~P
zBFf3_<%a`mA+GkZbM{_XrE3EA5H=WS{mpEmybTYb!@^t_mUuYUHDCREQ1gCMhPa^0
zL1WBiGrQLsaV@o>#ej?xmv<5qg5ttEz4@R4ph-zqnz~|j+Khvq-?}pLyHlOjZl>Hh
z*co0gRLZHdQckurxvtxU;seDw=Z<=I$XywxXjU+^di8qgv0xJN6Vz!Pr>Sx9lcce8
zt5lk@Suh;;7UKnNv;1=op0kV-(xf7+VaC6o&ZD!)9urPzh_1F~lKY^L&E2gz2p8D!
zaO+{*JD2Yx<>cV{J`PQs1@;O$TmoHAaGTB%VYxqrP31pKan4$QzF=~QPwRcK;)Q?l
zWfW+y^p<sp$?{9GbCE4LALXAKCXi2OX|K;Anqa&U9e(rNwK2%~HU`Uk_Xe@k^)xeu
zB#G_w%>(}#`?DuYA3Spoqe$QZ06(g53T=T~u3US8^C*@YB=R7N@#p$<ES0A<QnKn>
zX5V0^>6@9=>hi7dADDNPe9z6=zQNr;tNib7IC5Qb#MQY}y5Dq?hh)!Ot69H&&!=~f
z7FdmO64pTp^dT$$lz^IwAA(P#=mBuVxR*h7g3YsUw?Kxc(-0WD1H1=xYh)+%5d!@a
z&nFM67rdf#cqRtzn=A{43L8}belfv0RdUq<<X*gBC(a{qY#_8&9J|2Kn1k15`wTRz
z+LWbfE7`oCAs<Oj3mxiTbNcch{qva{U5WPXJx<fK2)G%)=OV|f^WWCAXpCyfX9H2K
z#{qjt(hr@7ut=|%l&5YXe9m(hBWUh@$dKj{Vu9P?`(1Z1vCWEAActjo{)tPK#SRwR
zs`izhbL-;1SJyYdHWZJJ85D8A(cB7j41`jo3!~x(cU{#%XC6&@ycdwRMINN)-Hz7b
z3*19)a1Jd6XZ@^JzdP=g^7yq(bMkHu^*d{hrb)9V4et}P(dY9WT?P;t01XA5mK16k
zlA}%<`53|r%(hZLC-Exy=VG@uy8yyIOnmDVNIj>_i|+9|kE!IJ?CB~+Bw-g8<Eyk&
zYS-zWF?Kou$YtMhOr1PC2Lo7B;cyxPPjp7vB{2y!>r;;`BAY>QFURux>!>8Hj=}nn
zw8`fAxm_#2d-O1yq@Q^pquTB4ELZphQxs`cc2AVUX5^?Gl@a;eBMD4Chu9qXx~cc!
zlNyo&17LpNo4D?k!pr>)cVIv?(EHo>yvLK;v7hmvy_nU%H@U#}8%utbAWxMMF6*`T
z-JDlzBl^mk#KGysT`DH|%$LL9e)A5%684Y*1h2%S;7|*4E)t+kUq$#H{eof^o_Gb^
zf6fx?e>fY|-eA7C*J>qBw(Vgdv)gFbucVaExyU#4(&`yA%&IGxlAe<<N~gQ-Ei|j1
z1fj!I7l3>3<hWUPo||zLUa)9jU|cU?UbD-7IsqlP@o(Me0E7BAwu!not}@u%2dMf(
z$Zn@k*dt-9z;Z!1SC3s=yK>4&pyZ&PL*bcyPs_Pc2kU^#y$_lP=25%?56~alMtWuP
z=kxu2n+ISX5&x{D%RkE!Q0-4lSv-(c7Pd_q$zSzx-$(zl;%t=PS?kCar<7ZLLmVx)
z>|&jlT@B7)G(F;Qmyhl7ds45$C#6Wd_)r~Q37N{~zXb+ANzu>rSI?1~_b~LL?BGL9
znspAJc&WYyk*Po(M&>RQc!?}#&5M9XDhEsenIaTJ_8s6ReZ>HvkC|C9e`-I?r`vy?
z;NO!2dJrCsc4a|ng0bGpgoJX3R~JyvvYo4eee0^c44KuhR%~SZDWS@3EZBK0vRdSn
zf;V7$z-iUE{!pyuw~cXHeR`PAwB(81TM~(NH7O_){_H7f4v&iV#v@^n!;LPil=_n9
zwD7>oT5T6!0pQQRj2{ce_1M7z-Is~^$neU%GQv~6nwY3V=if%l(SRGJhmLc$rN=Mi
zpucAg?ol~4<X*8{hS+q0Ubvd4cZ(gvE9&sLOQ!HyW1}|g$^3dW-%9BAp6hoq#lBx<
zKy(=?6z4^9xh|e?d^L5hW=WkBKDgRWt(~LWc>G9l{||PBH+{_eJ?r}cX)3$D;fB6r
z_i(Xa^@n`KEIx6?>zhUxK3v?`Kqx^{9T&j%QnSe1tNQsg*evXOBc{FY74khDGXTHX
zg#MmRK)S(k+?_$PL+8=oS{SU)Jg5V9;u@ZN|M{@2P`MWac#HdCk>d~HCT*WaKt%7r
z{UVv@q#U@9N4+!tP{%B80r0_<0^I5MaJ6ocV13eKBHH&)e!-$~Bf;<cet-`EavbQR
zrx9Z%Ph-VyJe(1B;q;@&J#^Ji&Y+(2-5g65u}HQjv(kx+l{s0D>cGhgr>lkL_d<U5
z-2PKS@n_9*!-Q)o%i4Ss@AimgU(fR6)?{b%GHW%mO<mnRDqeD|@%CoDtj(4wzAUrf
zO3=v~`*tK&#Yxv{)Ul-WN`6DeE<-u5`1e8tx_L5U$$6kpbBX`FV?;hY+!vLug+H2G
zS)<C%<p(HKMFWSmADrl$ooJ7mgk3uXcqyIy8cpo0<OAl9cfvwUF1IV!MWDWgbEn$#
zil^}O{Cv{CCm;gq?9QHh#H!5@-(yN6V(cWz)lVQ!*K1wkGfpdyw7#qe^3Eaq1-<E9
zd1Y0(5;0{zp;ThsE9;MX%Xln0zr50l^4PsS@Hvm;AjGbnz>;nv3hh7dcd8Qb)?}!{
zMpIrpN1@d6+x!1me1zb6RATM$DY<m#49iPc-{$L@={<_^Si#sk+f%rQ(tUNIN?<Q>
zw6TYy=$w12ej<(EGZSOvcfK1e7nN66zuOjaMe6HtmZ5nOF6$Oyv~)rygOO%oz{v8F
z#U~DR&BjQr@d0MLg!<TWp8HVO>ZjSS?6>k}{L`sP1}2TUcmPk)a_@VaXR=-7@0%Y|
zuck8;9CUA@n*Cd2U_^{K$LXR~UThS|c9+FV(G0F)t+Ds4^+@Q;Fxy>0aI*{GLeDGS
zIuozP>gggF4Z4BXf1m8%Qx?j{mng;x?<<K0Z6@c8pz4653v6O*yQ9V}J8e3Lrowr%
zi%j!s!o^K1fy=|C+t(td!;V1^q-D)LcFBF$org|8;%4iBTESIO@0EGo3Io1W=J?6$
z{@FwO%(??MRraB0kTXmjE44B@VOtN8k%I>x-2gj4#J?rF@mUPigBWMi_S^Q+!x!h;
zv<AtAO@i=sJOSbpae?wmmtvjnN<I2ZaYuj8Wt>9#bY<@tbE5jIx{r~vl8y3LD;Db*
z*bS%7NfK9)8@1@49r(yWvTwc{aKQbD#3?mo&;*i>l$O#BE=Ud`y6t9%twuh3k*;Nc
z9?McY7W^<xGvs9cz4`TWRWhG@>ODB4^jk<l-M$#LlmIJDq>b-)I}UV=xXVq!AVcK=
z{46fKhbRcBtg7{Zd~Pbd`_4rcVp1*>n-O+&|J?l2-;*5RM{xnPcTcyTGNBGJavMq5
zhoIpx{0Dq4@!kNsOs6dZ_;HgiU*Gd^1%C<cI7{$-Oc#J%HGC!S*k<0xQQk3pp+M#`
zDR@u3^l_vz`L=-#(NX{8zP!{6|C|~J)c*P^H5aS}mKsaV`tS(d@r!7JBcDC<K*M=F
z-O`3n#;#nN@Ua$0C%0%6KX%b?kAHrsz--m$IO6--o`<}gpyekr`91rg-oEZ93SV9t
z=m?DzSIw2cbczaE=Dv|98AC%X@%ZDa?1MuqZHf<0$gA8FArIQ%v{yx2MQ^8?UvQj^
z&&X0P$E`;s{T`Db=yCFjGe&f9>D-6nj}{9h%%8bD&$#Tm9;ZfV{V113igDKqN5~*U
zgli&8R6<do7X50sc7-dBz&r4CDD5+U$~AuwGOHWY*_{lowqFMNF4ro>5B$2l)8Eq~
z<yZ6=#Y=u)-*w2h(+;mcw$gk&uuDEu+yY-Kd(n9xG(4R+_iOlVOY<Cn6FuQnmEJaB
zz`$pik^N}M#2wQTgtN5OM_8u6t#0OO`YgxsAp^2;ATHP{T~YqKXByw-fL)G#%r(bT
zkRt8g_UWL2>;o*HJ`~>zVw)y@Dj9QgV^&JVAZ!~^CX;z=?y!EVhD=xO;bO4nQ(*Wo
zjl;eCYc9fm&zHbMl>N^k{_vqu=-C;@!hDe776dI4-EDP-0Q-C-_l2#mn7hP-wWnw6
zq>)b?WjaAtYSQ=YdHjC$+~S+P;{uKMqT4xbr>FbI&bdu^zy-ngz?m$)zDKC!9Ln?e
zj9C_KOXT4sRqY^nc^F@nAeYe(HbUzn;zopsj-%kflwYKJcrnt(ir23$`>PM3W-@uu
z*5vGp&|qbg;iE(TDfg8B;`8=<A_Yxk=+el;Q3WV^MC&t=;@yL)pQwO_j~f8pUj29v
z)k_FVdT!*Ez`MA2#_C|v6aYE*L$}2Tk%>QzqD(x}f+XnwPCYEY6LSiP=@Fz!6$M^C
zvFH99LZEy3XmtPi>_0{KTtDyEVzhGj{Bw8Mi-g?Bz`tGGs1TjUl(Rqfxn}JsuP{Xf
z!&p9W*kUDN4E8O5os1Im^XbSMQnERm_vYwa|EY8T`^FU=?qDju|IPdhJnHu(K*IZq
zooustr_hBjN+MwEO1=-`fY+|e?GSQJbU5t>Rj~kj&+P)vbS5Vg6nBi<d5wgZhcB@`
zv|?dF>M6G#P95-!X=@S-b8gRV+`zv(HTYiBk)u3SH<;QO=6j%x;F+$UR*{;^g7oQe
zSRQAfb(^j3!YqI9?*aP0a$GLE2vCGPv^6w~Sl@{lV7)dE{hsCc`SgEp+AfQ8*WG)%
z8V!^S$8JCY?JK%81F{j10MVIuD1%;tJ~kj=hGHA)$Z}4i!O_6;l4j}orqQ_9^2E-o
zlzIBSJcgHhjI12DBGMlj?MA$vg2o^=aNfz?v3%bx^@g;F{5jdr`%-wIq&W?D>*J7>
zgz-3L(xbb5Z5d(_UYs!dsc-Tr^3#I7H{=_yZVSZ$t(|f7hr3%!mZ{Yqd8d3N@@%s2
zr>XR-n`8f>wqUdk#0O?0@O{W@v_TCxry;mPB366*NEbWIybo0}1sLO?Sy5MHlus5y
zrc#D{Qgmw6m*?IRkG8v1YTK8YV)d&l=iqd@C3E|V+&rH?lJwHc6jnarT*a8Qd8bY2
z?`<AIex!qCi=aFt<2Km2>b4KD$>fS1(aU0~F0&?dQvyF*QhF~U2F~IkWWRBcA5Dj&
zDzoP<t@5aHod9-Lh2yy9tiKFI>_2q2b*48&Q%Fy&n+Z7{y~BL>pRX;z5IV!Z_q(tp
zopDtT?41J&Oy8Qjn!+M}^GKwAr;<QH8D}#7?fidJ0((V_wuVA1rtk4;PQThTbyACT
z`2C}7eM@L?PR`^pNZ(g-{+{vvbk|PHnOC_1<dkOJYF&N6?C=B9Jq;0sB4%>u8;IwM
zz8A_(Htu<pI5p0qch~N;c9z`{ONnV^GCGhgah0w>5&pWXvEQ>embal)gGaGRW669p
z&PhqS&H&-~fF#j6N4B2BZnfC~t||cj>87-}?0ZNRubk6WNvaR+H5+{EqjD8KPaWJC
zs`tB1U@%7EDQ^*#f<ydJl#^XqBwz;0xPU@@!oN8&VEg+HM?rcTHSN>;5t3uE-S_}D
zVrhnab(gs#yIu6^MeA^+2b$1a0Qx>GQ4--7UXtx^--5$ua60U6;Ai8%ovwP!75%54
zfc=Li`8%8$PTD<QuGQZYutzw(kM><Q0_1&ZwddlnIcb#DJkq^_YzKl!G3RkMC#q4G
zrLlY=daAdEeaDq~>CF3M2g7}^TC!Ij#WVQ0Q3gWYQ~-tXmv^Of&2&NjnO#Nqoca?H
zwY&hoCXRZ~L;AJ&*vnBHc=#y7&&7Y%wDB1^O!M^47GP34orKjRCNHv-uYCGF=9Jq-
zMNRlmiu1H+gs%lCDeE@=d=I}_Z){{$sz|)zi?`10cbF^d)n(s?gTV@9?<>yDBxPW}
z65uFq1yMC8F4Tz*C%Hs^py;vpXhD$;ll7&3?<Sz_(fX4Q#qDsca#d~};2ZO;5|``1
z8IF_DU+s~)+%B83(B^^q_e^jRM;uH>1jxdolS>zO7Ejzt2KWSfu#8@=L!0kDN`bBs
zbzcci;!)waJO@M42B{MxhbrIk<%qS6D{zZ}P$!I+>em#j{hknFPlRNlPRY5OJ{bK%
z%Raj?PLunRrK_FVEQ)&nqES-${#*0WzL+|C=?J~7A8M0%J@Rz;IbrX872~7MQihiC
zMMgn=i_2xuRb76KiqhyafrZGtK?~;$l;opI9bKpiowSa7;_tbaEO>_m^<q`~mz=@{
z#KjaV&`eT+!E&?LAP(=8xQf|#QslNNWJPa2z@a4~l&LR2<HFU{jl;!(4|zrT0E#rg
z&pQ2krbz$asy(WamCquIooG7VXnpZ`8KGEGv(<WN%xC3rwbC1A=xfxze2FJy55oxw
z6@s3_3LpE@(#ACks_4U7AktMvR~W7<TqM&(0ZPFG!_6xvgH?IXC73(Sbm;@{qGy#(
zh}7Sk<JFMlM}XCv+yQxL3NduVgTMB$YjlY`?s-%3#ybR`Y8j8jz4Oqkb?U7?k0dQk
z*|;-~tGc__E0KE5_gu2$=vS0~x?I`sDI}fk`b6096|!3cP|>r{Z07~##68$nR{-*1
zq`s|k=hj1)<t{0&-ZCXLTyS#|0v!G%^wJ(8r%fA)XlTJRVE*Wm6Sn0!;RV<SfN5gU
zjS~BlutV!1;qiDprMV5si4JucY7uyJ_n$YV<^)LqqId1!VC<fY0;+u6dtEnJS$HCb
zq=JcHg&1nzIpqgV#joB9+PH*x4TP2Im35j%^z0qs$~mps)HZSf5x0I?s{O3phq;A;
zkx}Wq$inOD$>0xf$oPf243B{kp#z8S={$$H!U<1lO=c6eJA6UJ>m6M8P(e^P)=Nfr
zndn@3)xRms&pBs_9$gm66qiFK^kS(mU%9dxFMEt(%eA9Kbdoo2jPTfiAH7|5dj9tQ
z@RNrh&*v_pEr~UEcriW1!+E*j9tM&Jj_f`{^fI^bD5$Q(9@C)nXf-Gu{xoU~sl{4{
z$z&b@sg}T7dYfRRzE;`KH}bQJryCEnekxM&<rRHE*4HwX>D<pAU0|Ym;NP|Bqr#R9
zg~yW4@@LfyX><+w_}nqT{#Fi#NVxgD_rQ;8-|AUfx7ah~j(wb=ERfAR0H=&(@>7pz
z)Yhw@1G#n|ow7BZ6VR8TsPgWS2i^YmpkaU$wkqHf{dI&b+@-G^w$#(jp)X(G?ok<3
zL`BWmFbr4@WT+G-h*MYT=y~j;gedG2*(8gi4p(S+to9wd$msj4p8N0FC;$z#((_sR
zEMB^9?Wy?LAFj%`Q9b_Xj>9@#Kl_c1jeLt|pDc5a(sHD39n%5)bTjGU<-j{ic>ejs
z!fAo`5;7lXg3$JD(>N*!f~<1SOn?Ex1M#H}u1k}?o@M2Tlm5B+U+GU5R3VSqpSf!Y
zg!~~|B;x<~u5M(Z^Sx+zpQx^ibEWfKGR9tg8P>>@jLHMk6#Gu=_52i8na4FJZY1$h
zr|Pj3c2r`~pi8|@zwoaAo~Byl4x<+8;_j1=+IxpB-9_vHk8+fwTI237czBA@oAMUs
zLF+;|$nX5Q9DFP#tfH_>Dv8nSL9cW1K0JAH@wgv6Q5i*h&I^Wkd>?w4MIu71eA>ZH
zzeyg+m#PBnWd_9}sFl@D@hdlrJ#YQ3z^rK(=9OR>S;*=_<L%F@NlWO$@-{2y4&x<^
zV`PV}@rd>eWd&xOdyrZBY?5@{t5X;AeO|WCB!P%4886O*dzI?f-Jt)TzZw>Em<o%?
zd)iD`?zy+rx!*xpRx=bP>pgu^{F|u%G?-miHP!(=uDnoXJ)8beQ~s00X(O!S%nG?Z
zb<#C8H-nwNlF5QLLH>RiZ>0;|BdRbT;&IdL&dpCX*plQF@=M})APF^a5Ht?5pFcGu
z4?1tCNsKip`O>yy{IfMYgot^#uG}hCmny=4l3E3G`J$dXz2wOmfyKas*B)u2LX%Hg
z>qxqMULC>ci&UtPIOqP1nBNmydZvM}LtF-Mcl0t=y{B{9qBMf9k(#6Otz##S<pUme
z6yu^epyn+)ywZLJGJ{qii*>|emu^;>Lw=n|Hh3&Eg1~yK@8yhl!ay%ZpT!;KIfawc
zjPk+t!7&D<ZyVyEn^ZhvBX;#d)7(B|e*g9;JkYvO*^4-jwLkn$0KD!&_L;0l^S3kv
z9f|fBuGpCAqfLiFtMcSsd#}w`XOGx9C+o|QY~R{T*1;>YlIlV+7m9wmG5YTrF9|u7
zB}lzYc2!GmEQO*2JaSD+C$A~Fz{i#5@f0UfVmiG?Xx}F#WVpkFDi_filMG&bh4p*_
z4V0lPaP86Vho6$vd&4K->Ip4KRg9GMeh1-YaZo;YTid36G8*7<o+G+1rS-)abIc_;
z-y)p<J%MMm(CWYlY=WYJ*kJWd6hp;DIuF42<7NU~G#o*i<av}e%cfu2h^rZoV`;md
zd&NbM+|P<jT8i;inq^THy^6LIKmCgQ_f#10jSVVl`5L+@>P9CacLUb{jf-;uG5f|z
z;JHkr%dD!q;y^b~JJ#)i3**{wa_^bjFJaWdgAW-?>4GUoVZ`Y$zLAmJ!#6IgxV{5?
z!Ug$JWz|bcF^uPior9`Y0Cw<<eFj%k`xtjKHCiURr>pbdnGJ4b%J32XEbV*n@pizo
z<Xij7gP$q8r>4sx`4-cljt3|e?@Bb@{Ui<_F1iHdN12kcZGGMEDFfmMLC-gp=({Sv
zQS<LPvVA1A&c=WeUU}t@k{xQ~M%ESGoEGl7@4;>sF-)rABO(u{<3%}QbxHPfP1p>y
z&EumQfZBDuarax#JVJJg>lj-MKpytPkJ$mHh~TF~g(Qz%XZGRi`uKl6WIAmL4sdH{
z;84&6+Y&Z_EZRXl#&G^NfDTTGK#312TbUHPUm@E*x5(`gq`mi6N`6hv)BFBg%Qt{l
zeeeMhPII3e6v|1UQ+@g~9on|?d=OJ#a#MkXQ-Y2^)zADt6oJGic_)qi9qD>7eLj|6
z^-?MZ8($s0eGNk<-DNuhuZNnx8e$Sn2?0QXv;{u!kecb9K>ZXudff``rO~_?K*Dzw
zY0U~3T9}6G`_3;H;`$>Xh#K-BP_oRNnUP^W%^KHd<Wj7L_$yGVHzV%yS{(Q@ia<sq
z`~mjJr0Q=tf-}#V5#5>fmq-0!RQu8yw57udaL6$iui(ZA;q=d^y@9o^?>H-Y({N@4
zN0NJ;?DKz&ok@~rDXxXLqy}|Eb?kphW!#wlX<n1GXD=%w+%G~p9|)ala?_^!v-j11
z_o|&Ifxfx)CypPLpwFKQ&V~CO$;>dZI8U3O8{rw;gPo^!uRmou?by@@E}xRx)u+qU
zifbwXgj%k|ON}ZP=*>=RhQo{yNYw3Bu(-l~mIt{G_ns35SN4Hi4CUCo)jE$H#T5Ff
zLX<kk#A998$Fy*x_wT;@TB6JQ*qA=EA%5T=JT#Ij(^}co)sw!5zp2PK#y@{Gn!|RU
zQU$)F?iY|{S$WnW;?jv3!qyjNjqtd1NA9_&(ZPS7F8lB9wyOb&Oj$>ZeCMWqtuZ`$
z&RI5W{pS66-ic<J8e&-}E&ZHN_DOCNIW+)u6b^IIzk_64SAUUh-v@@Vpgmdl<<ff|
zt3TR;aXBtU<u10#ShA^mx^L3uw7vX!s_NKySlr20^vvP0b=TQE7eI1P4#*1V-=_vR
z=&XH~nzzW(&ZBt+XwbufHL){Cj-C_?L8pF&#g5lw2tLxU7*GXXG4TVqpAE+dl)6*l
zTnMvx8>r*Fs+m!o3qRe`{Xd*&{E3pNw;1kpik`kvGe|#=0Kf>l`@ZrQn>}7C$)?sT
zm9};ePKQgjXnA+!BQ?ESb9!DvFJvgVmzbj4M-jL1Og5<}-B@Mrh*{<cd-RAcl-9Dy
zXd@+)J1kpiFVta=e7)40S<P~#sUYDJTM%OiGg1HTqSOV$+-TgUQk86YMl_#R^*hQ0
zS>D2EYx#g&k5S&TPtx{~U3rCY`bLdS_UAvO8Z3OrFAv$E4c~oa&#rE|o$Tqqrq#vo
z4!YW#C3ZM;?0TtzEWJ<TMUCwQRdkl`sa#%vAj3L!jn970QlnX6lsm(6fLM;|I*AMH
zo))Cdu#l`f%$FG^?tDfvuL_rP>ZZ#qN^S0@ULS&!pT8VPEGg4d^onx}R;3y&+Y=@D
z75!#1TOy-J(Q>b>l;rmRF%jA#U)d3;zy&p|vJ2<q?r@etkzCC4_!^N`_0|JIf0?Bz
z_G>XrZ#gXtH%OVUZd(!2_eO1w)G0|ihjb$PGnP>O*-st+;o7s}c>amA81?VMnyB{(
zv>hjf4jHV++<v1ZvbNJF__$9RALYFVFucy&O$7x8-wpM@-Xy&jV*qOt?xFI$v4)8k
z-}ZBJ1dTcK#Qy9BsCzJO6#xU{Ts6EW+1`rlxf<j&8?AD{{MZak3P={}!3O%53+Ef+
z_ILNYN4xpw+21d9To8-t(1x|UHq7T`w@3x?SA${kd=Bk3S5v{DsC2kW$C|M_7h?MW
z&wa%TsnV!jm|np%tyAZzAJ(6%^&ee&@~YkD!nXQp)WP@tF9ikGC2gmrn{bFSq7A3M
zQ?{9CyUaT&bjSD`<nj&ut~Ea6jPHXH4Cu)9nCw0-#_{6AUtYBcA};(WjWH4A^E#!d
zG+bSAwQ)(26M@Y>mpk_QC-Ngr8EO^#<-&Z+2+a|Vw=9tcDfjRBOJ~pYi9Pt1>*RSr
zJ>PrueN}t{nXvDGKQ<Zf5|nd!`H&vDO3WFAI`y=e!%AK+6kT)5L0zb~IC#)_&2L{>
z>+73>_vd>3)E2Za@dRISxo1bOUiUA1@3GVX&+V~36#J0x1?}QMC!q690!-+_Z+KWe
z0nxB}uPRu62e2Er5UZcqVmNnA?(Lb;mZqgVJ?~fM4y6GEJpvC<R16QC)S)`}sXRG+
z#-6xd=L6A9Ao)#$o;nA_rXr9Y4R#$;I%4O_`SZORwcjIp0|EuD^JdJ&f!I~Tox4R1
zFj;X9i;M)#oka5MY(y^R%b_x_pohe8&+J(%wS|9=0ba61TjotW%K=O`*!LG##qUnQ
z$wHilf@3c_2=c9+Xn(H$Xd+53bjVM{RZW<3#P5@5(Y2m?_rWi(+%iIh(xa~Rjm_}y
zls@O227!xvNdNg{wr5;QIEKpOA8?1q?#V2`I*k_<3zWu<3;QO!|8tJUbH58c6svdu
zNZe-5WtrbAgi-0is`PpJj{cqqnTvjaat;#b#T-|E!4ud=uj=9NsZUZ&FwKpVH?p4U
z*Zc6+q<9O4&Q9ACCL{~Y>c@&!?4K)KDMrRv{2N*m$Meds)1>&_J9y}!Al*lI3*Ycm
zi=^|t_QnMqK6y@IIszJL5H?6aGh9Z3EoYFpOtKy)CHqBKr(rJ<zQh-(ht9gh6G`TA
z`0H*nI#Ab}pL+bd_?n68cqV}q1;2gg;wqGtT_f(*SG)SD42a+wCAy(IauiRKlxAcK
zedv{WZ(p>T`}cI3%Zv2A9ve47l{*mgd3TRU(Aik>70#P9=@9scLcU=QXdp;9inhX6
zbSpn!b3H5@{^&ZlLS_4e=pFuwEs{SGr~2#kJbrf@az~w)j9wAyTwiwL&pz#t*<~y{
zr@zh%gU43WI`^{XwR_^0Cow@c*IZvn+N8+glqdU8We6kZ>$^o05?&fS9vh{12Ix`G
zaGsJg3d?!yJEgEdZqX1nPu2Gy7=8UDd0&>i!S^VdZe2L1kNG)jZ2-q$prH=5C%Ctx
zIR5RRo6O<WHo0}~Q+PTUYz3_lmM3ybryBV7=jf=Z=UhUg(7GaaUTBvq-cKY}ONjRJ
z_$2wpB^iH_{UA!X2X>)fGP7T2gYmmRad1^mnRR_<`~AocQ_tL389q&#+&S8IwHRPH
zW(xxW;%Hz_CWL&33*Y%qK!)idSC$c>7sPS&+Pt+rQ~gaVSrtA9(JdWs<n%~#%OyG0
zPND@Ue&y(coJL~0x`DoRTU)SK?FBHrWPZhV`_$b)Sk%aCUOanzkZta{<md0%n$=bN
z@MRg~R*CrLQ6n6ZS<5W*ctV@kYc8n)5*>DHq0{PoOqve0eOA>9p68;e^1S6Wy>aeA
z_liULG;x%CZOOU6SMGO5Bk5Id{H!ch0#G8OkJbW@go=h=nrxmmi}LS#L?6P1OIRV2
zsBI{X+qe%DcuS9zzo=Ed3aYTlKpu{}HQL^stVS-Sf$h8UbroCBH!Lk|aiR&8poF!i
zMrJ)o?lqiky`Lp6oh&WFWeP{04H#T8np+-;js*Sv3{OMQpSt9j)7;KdfwlC>jRb@)
z0Ga_du3N)M$8Lt}cL{Cx-k}j|7P$m+x@hm#kruZnM9w{0Kw{y19=TvVDCRRLDDRK1
z>Yw*n@w*371ygTve->-j>aBpNCaVx<OEl}sZ3Z!>v(<XcoCFkaT(Y%{qs&=@Hzhpn
z=$;gNdh7+F&^DU;F}y+L&GwyANGHZC9&?WNW2~;8-hi^Wi9p)BW_3>%mH@X@oF)>@
z`9wgr-jV4F&CXN6>3r(e*~lC2y<L}bC9EqTEdJhkc}CdxoLG87<3{Ff_n}z9Qwc-u
zvt*!`uiliTJ~!mblvLIO=G17^JuZ<L#*kICS{D?B&XIjpa=BJ|RS1YT#rCHwPW<kg
z^vwIcF<DQV&}xL@etY3b;NbT!i$FT<B4o`szR;;J9H=J`V-tDs>0p$GjWEYq&Z&}f
zxEI^QRs`SI%u9rsp^nNv3zCb)M8W=Iv-cqpm)Q2y%h^gsBr#~=v&gjpi?DZ_2JHBm
zD8ghnSo$7?XurRM20Hp40&qx&44hrmKhGZBn1&8ttOwXP0OlSBm8i&yo%oDab6C0v
z{CqdokJhA)5poV8f6Yz@LQhMQS`+KQvcKIya?SjueYSZTnbX}5lJ8H2`Mb|j_y+nN
zfTu;UM&Kdwd<Ko#orKxwEqby7ni6eN;$?IVb-yYOV!|OJxZcCOaQA|D>dq1OIfDm^
z_n`sP%U~B<7)8(6J<jhB;B)v$syQxVkL)X@#&hL<4mvL+0NgBCJyZ=hj`iE!R20*5
zlqVpeBPfubIv^@ZLOk*k6D-g<zJGgm+cYWY;<;A$Uc8+r><L8H&gAq5;(8<oNRCik
zJ(CCS-Ov06JW+672H`qdmk*wG_}m|_;qIO@FC75c><h}k*b_eb>r4{icWY+8pCQUq
zzd<Y8v1+;V3XvU&_DLSx*8coXDD99}l=!)+wgFdtAEn-^oukOAx`OJHCs8klTuW|t
zrs6{W>`1yYKOY*nOG5XYY*oiCoda2cjRWL#cb+n6v9~~<uBr0YGzPqN#59vjE{foz
z&L_aH*)e~T%Nn9KtvI}II}7lA`SI@&tP<v%y=Mil4S8Iuy|rEZ@NuJaj^DQ+jL=VB
z2~~Bz`o1T+Bu$6;jLw~rw;i%R*ub6+6wsKODIQvef`TS3-o@XG=)b2fauzJeF^&T0
zDNVN;d;|gXgnXB*2<#(vVTGo3TZsdBWt+}kU_35z;p2MKkP%J0g$GT8^HSoDP~fGz
z`_@(V(OF{Q`vZ|kZ{4fk7||6!f!KzjmcC^W%+-8lP^!P#KBVVN2<mWidZV1(<BRAu
z_-%#5Z3*Aia!cX7A3t-Y0`yNU^D28k0P-}5)3*@ndq}d5*8y;=g1KQ%#nXUNL|O8Z
z+qqzRG^<y0?g@0XK`Zk<V8^~2|Lbr2FtT^TN~p578gbaqxugic8$eUPC+SizYp*iv
zqs^Y%KG=;WV>sC{Ch-179%796I-}hQEFKxA7V3~GW1!SgjBAG{UxXzzK-Cmh6-$;2
z?d6Kx)`Ilu))$^xFHMb7Hl+4b>?-rf&=AWsmhbFSs|Qf;y-wLjZ~8?G8~)ycXldy3
zY>F@(j(iC%k2IxVH9yTKq5^-mCZ3yh#6jyQIjA4;l7XZ-brG=q<rOmB>zX6u&Zg3b
zuhEkja;;8F2}=eFGE|{|_vTqjL=JdX&Rh$4T7omD)|O*2elFzio>6*4YP}EQWNRPi
zfdhpQ`XQ~!wARVU83OlU>bbWvvGE{9b<Y@F*4VfIf?QmD=xZR6!81#DN}seSAbUvm
zG!7+nE}0OY?&x^**jSGc^fH{jp!5pl5tS=-AF<D?F<5h8F8Mb|&zJ<Tjz4Uf5#S*m
zT@8LxY2nC=lc>BrPL|(8y25e%^E5^-JdKNwdZ8~g6R@7r98aKvP$h~iQqu`FxG+Np
z*AdRV-#2XcZbC(8Jx!M9m{<X`$v6CuZujK`0691EyH5LF@uvS=%KsSi2U7x3)YDn1
z4NAGp^?CegQf#3wKT%kfli!#wGW5LFLwp#|0etH1c)UH(-|Jfva;$5!q$2L`cTQph
zx$r%JYr4{%aj6LpZRm^jHRUo;*PcUIGUfQ#bO%~T1z7IvgY9_aS-d*4QiB{0-7gHO
zj2Mt>fSKM#I(09Zin(FEC9(7q_vGJVXV_l?LE22HtCS|CrQG-5EeAeS#j=MNKuW<X
z)pu1YZDttmTbR35P8Z`w?Q~=JX|<@YaVeFWG9XQq-o`;jzf1OeF@JZa#;e4uPvP13
zY||A1QyI_Iv*(Ckxi^kL3&dOiU2i#$S6c-;!`uQ*GAp5lW1R*b_XG8D2$Qa2zz5w3
ziiKO*=lVqQQ>QegpRYD8;PwqbOFgf0d|nJ~w`*VB{qA+I9pGIedg5Z(>eM~-9Sb3k
z*7<N6!YCm-OTg2Vps|a5A4-0o_#i9p-?L<)L%x}cPZsLoL{~ni8gP&-;MLEUf@)3g
zS-pXAwd4%5?84_*K*)S~EJ+AHWIF(`D0_E&JYP1#LM;fhR(>I}1;4fHe+(>i&jMEu
zeCi~HrT3c=ciOVT+P-^ozih6|;bHl<7Y8uPiB2~_)jekRHs-Ab)H;WJJnT_4=?jT<
zR8nNSXt{l_Vi`^C(lkLRx<lV3$GKUu%U&4tSzZb(DlpB;o)O9MIk!{aqG5psRklT~
z<bwvYyWS2BPp)Fz$ALB*_wa})b~%DQ5x&!Z8-ckD?8F+M@TK$A^V-qG{+yW+cVC2L
zM<p83*(E??b0KQ;>&BKuM+t8wMjwI$Ep3-Q8>|j2tjSjYW926dT}I{ig8uG*y@RoU
z>Aa=ej!<#LsmpKOq}vriC9HmK+3_LLbAe#ELZJ&s%bSlkm7I**n?}r!Ju@TeJgx`m
z!%x*25G$rXqHywZVf{=(Xg?DIx(g~|sO<4I1@6tG+D|VYKAg^R&_IkMQaL#&YVk=}
zkcV%)GB6NocLU&PXo@P|^S(D)0BBNgnaH6r8U6DufE_o~GY8!5<edw)H9708v?hwj
zYV$L0D>wGsoglk%zHWTZ%Yim$(eZQDX!m4`HhwuLZhiA#^<|qq=l$TDa8(B}=jW3C
zhrwm!5|mzBsHfw@BX5y2ork-fB=Z?$U%W?i*?F&ypM&D|1QDF(<+|?c$k?lRq;Gu<
zo}svY_%mm_DS3GzMoDhwI7v0eWR$cv!2o5=3#5MHv4-yoSlt)y%9lY7JAU&?kgAE7
zX6jr+9B@n5ebSjl_<KK@G#jDifk3i&3|PURCVuLp(;THP_ur45;hx8agRlJWlWjgZ
zXs#j`6^gD2Po1;-0_)%lrte8ou#dYbzBHEi@hO)F?AmQHQ_)^j-_1j<a0Z1cggVOX
z{ZklzF6w`D*?yKbr{Xe&WDzS_co`KW77bJ2^p-!-5y~RYU#BJ)lZ&G8V=s%cNZkkr
z13>{-JwSIFO&i3+mL*cVFf9wzUVPLEds5d{a<9S5(;Yg<{0%$^wC}<@P*_S9OYj~W
z-?4q$hU9Mev|B}^5-C0f#DhSw`s6Ro8ioVASf>!E^-Si3c*v`*px*uG4VH;X;;nN#
z(r+{z)f)LugmkdWTtm$`2`S|&4bb3O{*E1k(rqix0h@95U?F4116Dfu{YV7gbL!(!
zYIcHq<@2JA-|6>vV{Vz@Nbke*Jea|QqKC)OaVTjoq_3ZO988yBhwy&6<{DF7PKCYa
zeJeIT<x=fE$Iu)u!t~QikNcfDQq5l4CiH8#7T-Ku%S}FUKn2O^G5%9MC9-LuH_sKl
z;~rY)6XqCom{9VeLK{-iS$PE)REX(GGbB3@Lpu*U>LK))ev+!fC(dU`e0MY*gl_%G
zqqG!{FM()|M`*9_{rXqWeq*xYB%XeeB-w*7uqCgsP;|~se$_VrjlD=h<p?Y^bKNI3
zD=k(Q?j3&E_D!RP@LI3z`n|9}g;Ft1NI^yBP`abe>VOVjR{$4~8voGqT-``iE=kHq
z64&_&h-P=#D`4=-Eq#tG4S7MJ`^iCB5h-GDTR3BN!;zK99NHK;G34Br9ZR2b;%j(K
zedeHDAvjJoobdD!5!Km^sR5L8teEBP0fEa|hmN((KP&f9N}ugbz~ypludmz{cx|z%
zo!0BiPgR}2yR?1rl$zMREBw-=+{aOoR@w)S9XL4aJSP?ONIL0Qentwod%LXclv1ar
z;CUNT!$w@{Zf`GAFjg(jd3mX>71XN2{#@GM?Z0pi!ZLzWo^Lwc0lgqE@up_2ojsEh
zReD|a?V0t&YnM6!=2psiaMeR~XT9{?A{>JT=Zg=t>Ki~cz~$K4vfB@Q8EXK{OHtHZ
zCwX+dnIXKTk5#E<>zTrXDtT4v964tkJ}$k-ZG?^6Zdg!L#D=<-tvKOYKglZ2DD^6>
zsM!SRWQ!GFqDePy1q9TD`P(eRR?jYslY;S_`{?GPxPDX1zn-y0_PJ9k<>mFD+9sC)
zHg%a=={!6qYqfK?2t!RIj%2;S?2Xv0K=CvY^lY*|{PSEFe|HRfIc`+WERbG26ViYY
zW<aN7k*6%B|4oaE+b3`g74=kQPa7zVJ1NQ>#PgJ3f@t%Bo*QQ7ejjrTqQBh^q%LxU
z$>10b-a)TeTSux~1Y4LpYoN@4Wq7sko+Xmb;v%L1NqKesT<~4;z{+@uGMXpvQ@ht%
z<9lxRSs77>zM_A$#*^Zr0kZKeh{X5J+fe+^+cWtbc_*nEVxlP1`sNxCDc!Fxe)Xu*
z*ZYM=_Cj-GEFA9*9wP5in8t3@Abfz~2lqVOw=WY5@H`L*I9b<wMz%Zi=P@DvZZf{9
z`#BY*s%jDu_$y8rDNIfKc<g<`xS#+0Q*+4uNaOe(%x+5Y7>FQKif_(2hmvrKb-^BZ
z)pp3qj8(Ms#eHpJPlBIh<5v#S4;+`<mv1rHHM5&?H~YATH03v!!U#yb&EoK_BQKJa
zKBF?Pi@>=Rz^5{O-~X$k&-GP1)C(i@UD^7Eoy#1Gw9c@xmeKV89O&QA%#^I8{d7he
z&=g%^x#l~-#7)7JBr-*>;E=q6YFGLzF{}X(l(s(;Vg{e0u~)hJjH2{B4w2%hbM;>Q
z-uGW7Q~tTYzx$G-zAoc>OW0u8%U_Qt?b$N!_0%illrF}64zT*{`?uKDRwCIbV8*3)
zk4-JG_7QQ~QCoT(X-8Zp>pQZ-^3RGvj~vlMMTOf(dC}qcZQ^6r`ZfmeOIX{(Y=L<-
z@9AnvMAiIyBFS594eUa}x`B1xz@BqzUUqwGMi($(<dNn0%p#PO0-O2w4zF?Ia1-r!
zM)W5NdF%3{nmvw&8KEyPKtR1}aql6@RlX4}08BN=m~HjynP2Cln!|YCKQzXZ3GRd(
zueq1{KqbM#0OM192Qd0PL90LKGa~*+D>JHHAjHQ41cx^uF!fmH)J}*ZrV!qR(X%e-
z_ZxBUSrqm{Gd!0<-67vD1xpLR*4($(VMuUmTipdvZe-o>*-Y*?$>ch9$t#H~{Q}|}
zUvonqZ?)b7Qo?$guBX?uJoIQgQ9IsyDvx{Ece4Fi2IjxgEYh%tGGuTms8i0Z^OD7_
zjvlxBbvdk^<FgEhbLn&Er9XLB!#w9yp9{CoX_i(E?0m`D#@`a9Joy|2gsR3J?ihwI
z0IwtUC5*R>Lfz4e^AsXh+LT@t96%+=`I1B{KTQe_(ZBC=@OSrfoU)rxjeX9>iNblb
zJ&bjXplcr^T7PtMAkG~7G|{rhc7KmE)c1g%xdwBcHIEInAv0?U&{G+~Fi%-o+KrUF
z@y$9t2kl7Zs|W>ndiP$*gO$?X3=+9p;ZWb8GmA?ozQB8Jm6xK~$NnYyIghsBzP(_#
z8TA_;!k(aT|GAho>kZ6_t%j7+X7;Y~t12;kDCw|z|2^&YC42Tha`~cJ1XAedM=cYn
z3L>aapM)kTwbu$KjJBj6w_275EtmU#RU4Y7l3El-okA}8skQ5Lxq<=%m|r-^{PZS6
z{M|6Ud0?Hp(2J7}HNLg$9w>9+JRFnX>-^~3I?bLKS2`fOu4(R#O}0b#a>?0i!@6a?
z=U(i1`lu13@73Di23`U;XJ%>0a{SCI3crbDdM{u9jLN1pad+%of%78nRm*@X3Q0Gr
zSiVcW8>_9>2d8|WZgu6p2-gqXRrH72pIGmdx7lxe!!ECW(;+_Ze55!%KDMfJ^ZtEt
zaQ6s#xE;5r6M8BAoLoLt#zJH!)1`nhJw)}-3Hzu~f_t>aI-<0G&wI;xIj%9Hqa^B?
zKDsY&-%frAp)Y;VUV3ur=R*JPu|~0xvONNJRVR|v&ey5ojB8a7O3%RQ=EFXTbOR7b
zc~frZtyvO_Cp@&oZ+wP*Jn}YQf!t*YUB2mXFI`g{ELbsc0FizbL-@hvlro5re$Mkn
zPj$?TsOInTq-tuu4!v;~o$6hDI8E=z4h)~X&H(nEa|#M#?g>+E3rY$hVE1#**4`y2
z(Ob-ONa64kZ^jwNJ`c3kKi`_?y^5`iSmFCb3LzK13~AqpULnGViMNm_{Lmi7b58<A
zM-85Y9lH~em(}r5T>b`LPYFNuk&)aJ7cUa=z^Rh~C>tk#F7@xWY-cS#-$N(UtH^iH
zvHZ+>FPC3}K*;t;epn^ap)fQuR7Q_Q`hiCVurOh{8gL%O2W3a~GujH%cww9hIpS7+
z9A_VdiO`E(F$?n$z-{4?0~Jq;;$<qRK^G}Fd;Iu~>wP!2#sjf7#2nKk#&W{wq~R02
zE2d^z*2+}P@m&dFfY=i0`>WpuYn&=BX>-FwydrGyp!2l+x!9x!VKHHFStZ_nn0Z-;
zw>T4=dJ8C-UXg@wu`?bwh@ZN>HyUmBvR!>@L#A<8F7XxfyBN6ZCHS=KV~4J)veFcQ
zl;4Z}dtQ8-`N<PVX<3rPulj$JPxEP4>*0O^nKh^5@^qXlxO0WD2o?7t_$5q83Kw})
z*zor0>c6+8bIo6AxCF0Q*Gt+ndi0xqsb?o&!mp{?Ho0R#@=B{sQn_$Zfrt3lIp&SJ
zttY(jw8-@Cs|CdwI2yiZI5^AKHyfPfdd}AFV(8q11kzvA^I73T+L=fA`Yd*pSbQO7
z2j~2KUi~EIBqi;u%EKv?DuZ!>f*C0MWo0t7G%JB47~hcV;2Y=ky)OGnAao8*`C9i-
zY<J?8*38*{glm4Yl=5ms3AfYz>A!>cyZQT@UUL-hy=3qt#lxk+yuIcWulS^FfZNtd
zj;+utX|Bu*>+0=7I(*>VI3R2BHEd_gz2#9CL#%{&pV~V(_UMv<HVvHJ=z+f*h{nmD
zN&egeznSuxZ)sBzPCGsM&QIRlMGJV_Anw_gyYZymuq_Tf!D9%A@#4z*E`n5_hfX$j
z3ilDisf!J9R}*g{e?44!b8|<N5<?)7@bCTo-I%<5Q=i*s=w@BKeg-U@tZcgNGI$ak
z(_?2=(48VZGMlFb$f$3IX+eoUmXeO$+k)kmWP{kTaziYT5J}SA<ot%M-~HlSD#*7L
zi=l6&yee($aN`Uf@qmE7I1Yt#Y1P4f`Yl07RKke!h|8B#vmm#j?_+8|EL%c5k#*|d
z;J~a^iw?_u`Icq98($UxeT&`q;0yj1>)My_>)6fHpYze#RnfamY<JIYRo*1fec7W1
zc2BP1`@f>-%DI7)IT!EN9RntI9AzzIo-TeW^VT;_H1EZ$zQa>}Klks5*8gMn{-N8T
z(>J2dcav9q0s-sjXlfdNO%Wn;KsQAW9k1Lgv}k$rfKyyChylCzfVtybghyT4X)H=q
za6xdq+34yMcRjiEJEg~eNVPaG>aWb~Ifqo{G@SVgA>Qxxa@SR&$;$`tqE_hJKicPg
zNmCd;mqNF~CVb>8)8uby&h(<u`L4^(Q_ENI>nLQ)8I{NCa^6R;E2yKi>r|Ovn>g$}
z-RNcTq`JNxqqlFJv#>2ko0_BV_--KZxi=UX#OsjIQM#_}#9JtJkK<}tbo0MixDryV
z;_Jo6PG6I~zilpefSN7NS>r$NtDw`L_%bq{Wk2^aU#xssCm>4RXLuP{pqPap!E(+)
z%}F6fqG8LfZL#<9ty(4uPAuMYm;3ZxIJV3Qdyemw5n=876U690<^}gnB=Z0U(yMxR
z<{;Y<@mef#8Q_*zFSFyYzTN)uz;Lwn6B4$=MQZi=Ua69v69e5+FhhOm{R(@U&xt&>
z5#jQr->TKU6vQkxvrkG?|LdgX<P<CF8{}_^w#d}9wXcJy2f(?Vul{Xn(?A~cXj71D
zRsQsoI~V8hDv+(2R9{l^r-U6M+U~s}PZB`LCNeBk1bfO7-4;@TEAf9!iEfGXo_hud
zELE%MX4-e@h&0l0`#V!&@z^jWuBjl(8+qvjdQ<l|1JoVr>cJyzFdcdBtofY_f&M=0
z%H52YTe9ci?`8if-`?ktu6UKiLY2M)$>7n@1na&`nK|8iFX$StPu%bQJVC6gp^R>r
zn|q(wTd(*R8f;(AbRC*An4ppid)tG~WtCCW;;vY#?eA4f=s+EwU1uZf$l$s!yHU|f
z<W#z7s2oj40kzwf=D?v8bK>|s-DCCLH4WDFbtJaRGA3lCJDF#M(9XHxKBezl9(kd9
zr<33B|6-aVuc2<VSLNRWLtix)8hWL97Vr$KF~a8{W4p3XWS+j?1J8XLZ}6_&!i!u=
zGf~dXU$WDzb2UyJd!i})?)$HNgoP1rV>o!1z3`lzpU;SpemB1Rp>A=0V)A`E8v7ao
zmeG~-8~)Uy36)CUv#ifteUSFW2~6AfNQ@$38q)1ErFfb8u^vvbR?HMra7Fg1%zc@@
zb&UWQ-(UEUK|iC0Ii|HI6g*!-0ESqb<3r=K=cafz_uag^d%PiIx7|<p@+W()oMCt?
z|9GjpV&GE^K$sMLrAz9OL7>!@Ct`$`m%A?9C`*TZ6${e_kPL35+28%u{6dEI0C(IM
zwkL`_^YLaP6;6rRc#s3|Ftpfwqq{HmiFzs3sJHJu0(&NK_+_{;Cwl62@6`*p?umzN
zfTydnSEldJIXg(dTjjM+L4rM<%_~O7RdHW@)iS9V-bn0p<Y8qO#$58RG5tO*o}8YI
zO#;9tRbgoi7j-zhPu=Jxlz!5r@FlyKafgTO?apt`Uhj60`1MP5V}a^q2V3xrF2yqZ
zvs4U8n5*11?~hWwWd@F~exK;14AhU>_XJQMYjdF0*z+9=HJsiOA+n$p0lxXfl!1{E
zk?Jc;ecaPDykRslMX@$6+n@VB<g`J&f(2FXC_xi^rRga5dc%`HIF~{AAIcQQr8-vq
zP4IjLgXu=PO8V26!?hAVcXZ(PhjiQd<g@wsGP!d^?e7L&`rTYFST^-wneN>>WEt3f
zSLh|+18*hDmX3+edEatG6coT~`ay*rfM5>LJ8}61=FD*iAR2H)c}Sd>Z)uOP8fDon
zDNe4gJywf%IEl>r^WVIq*m#()4ZpN5GoLGg9qpXX$FmF<o_+y3t$ZL0x~Z?7OZ4PM
zTs|8Bv6r^uIPoae*SK|0<<X0YyM0g(uAeb8vXWRkTApfHdxQ0Y)H;Dl-2C%wj@dxz
zzVsf=!Ut2{?z@x{t9=6_^;NP+{ffFG#;F>8JIb40-2(3Em9|E~ZIC*YIpYk1iJD3m
z+U9a(=6RKrde8j49;N@V_GgLsLQ@pi>2VO|F=E$hy7%m@Ige-`x6%7ZFK?f5Fa!!m
zxUx^j`$bd19<oWW!mYzj*W~nIhmg8C=RkZO7y{%6*x*&^+CoD*@85imV}aYA?|(*&
zH&o~_uk`ZqPe2=L-;>`kyPhQIp~#GM2?C_=?U>KR;gGD1Wf!W!&)h35U!sH~Mb4A(
zfUqmaxf_{+l2Klce*05eUj>0cJSy>L@;|&Wu<0wL>r8yc>KmPN&P#oTluOy|;B>?F
zZ3^{^fTCiD0no^e{r!MoX(Xg{=;+!o^};oBT7W(xbQK+5uuH(w{tkfOm#4K+S4cbN
zvo#i#8N|KH6&3^PDo+dpX@l41$%~5Pl1FJA_6Qu<z<W@o!A>8}Rz-GT#PqHmiEiK1
zN6^>bYW1Uke6m-y?seWQPKWOWBrrUs6aw>=6msq0#O?K<*jI*HmaBBr(;9B+C^Ib+
ztYP=rI!Z~Yv{ZM&FLdX8CUUh?GT*I|rjci<>IGX6)4_*nuL|8Fn9dW~G#oDl8oT`c
zB<I?s4}K0?6M7E7?#rg_zF<I-UQhrpn<<@CUfOgil<*~Lcc5D62iWR@At%y=7D$dl
z@Nk8nrK13qFQ>Kzeb)BB&*$lP%YT0lWD`k3($UmO(E!wstBD*NUcUlOgirt6fN%a>
zuRxunfDhvhj#$RJ#ai4?<EwicBp+kN_G6VWqnSd%x_N!Y6YDeK#x^)hfJcW_bL&Zs
z+KJhyy&IyD?U|cw8Mh2M67y*@X?t?y)ylm^VXm>YGlrumDU-xsw=XVYRuz&Kf!>6)
z?=73nB3ift(f}(>?=_RAyLcogwI;E<nDi0YpG}MtdB_xRIJ9{`2$$1`zzR}71MTl#
z!_s;aPZWO_BdKgkK=)<UZ^(A#aBe>+<&4pnM!7(J?vl}Ref=4j`?6Z-H=Xxq5d6nn
zZPRj@Ry%}1GI}-`-Uk~)DyzJ9>*XcX3pD@c$U?tBrDlY^_^@0H-&TRW{^;cT&^;>f
z%Ef0$#@Eh+Je#j)x#Q(5&-)z|v`4?ZOYHdFSUYovf2JRX5A4W@_v^Sh>B5ir6Pn~}
zVcii=>bKt<^uAx^^scay?{{rb$_2&j8;r|XZcV4~XzRcM1rfF0y%GxZ=}_uA8gts*
z?&(VI&&f7B@W$VhY^zkp<M2W5y&iW8q*zj9+XQ&e16YCEyxmSRS&fO4t8Io=7<QRh
zN!)Cqx--wKavf2sL19`ExApUi)8dWHdZ_sG{WJZ3RzOnT(ZIB+)nm-}wj27bq7>jf
zoBoZyNkmihcudOQ<mjuuu9S{ppTC}%oF~2xr;x>M`kIJN14QZI&eo-uQZX#6PDjwy
z!s)2=Z*DKRMRt#*7P<yzaNEFB#ePHTp*eoTsk~3qMd`j$F#>*_nVV_W+#Ktm3tUnx
z7wIQEx{)N=q2-JKwhY&Rt(Lr<fT-ZU!egHm4xr*viVv9ig+Kz$tdaclAV|K)y-&xM
zMm>ekpo&q{={>J7B%i7+B8+V7>t07a<5-__{D~h1u2B)tj>TRHKAtg;)APG#_2U~-
z!XD;)^~(Jo_Wlfn-wzSKDV0rW-DQ^<zwrqBKgO;kxsqH*UJ3KC#6aHvNNtSl<tx))
zlv$QiDZL1SfIA7e-+S4QL~Y*6@rdEeLjVWRKR<Behoq*GjozM?lLVYnN8+t8mv*P!
z+Y=X#@}mqysa7xQ$xW~NZ8tn9ex`4zxiW9tQJ5&aZ#N-S%Gvw1F~^h@9F)f{%O~&K
zI#$Q@Vm#>ZnRVFFR(;4@FKHh-0hRIfynhxF_e`JW74hPcBQ}IeGNU@X57iS^CslNP
z4oIG9kFhs7V@7-9<lp^uMn?*<Ua9Pyp6|GJ^k%qDJ-Qh^jxRzE&{E};EO~^@A-)a}
zT+~<g)ne5~f_rQ+oq+f8@%x#7BYxc-4`X_09=!3JBm5p+kRwW6LP)+dsdld1xU9Pt
z(?ojPxwXd+p3#bo?xJK=<KuGcUT$+nxg>bzn`?G3Ja4ZNa-AUSY7V$~QEpX7!@0Yw
zcd=WNAM)aYc&u4@U;3Qs?m*=|;vknE{qH^Jf?$fp0o_$p^_g#;v(hl3d*-pdGxrjX
zS?`tj#9)N{A#y>u5f6`+_6*YyTo8}$tn@;%`&LUu@d3L>8N^VMVL@d=v1S2t{%+8E
z+t|*55pP<WcE1KR)yg$8mSgE257wlp3Z_kKfB`d2-i;)_@-kYSAv<WL3v!IXZ+|VC
zB`S}T@Zn2Fc9|bfar%83M8Ag}ZoSQj`|$1F%(8pWNiVMcq$nM)8YQNJWCTdMgok<A
zh*%py_^ru;OZRaC{?u6f2(f4<w|*^Ki9xx1V`inBP4H#yJH!;HVHBqs6|X}W)G~?9
zflo+jCz@ZFrN#|Q_y$kx5rfmzD4wNr3Yu^9xf@<n_W=cAJr8NM(&aGpo=>oL?2zTD
z#oKFnQgEgAam_6nZNi@0H{(dTS5sZQe7BgGFFaHm_u;ZXxdX<92B&&36QXQf2u>vS
zVNd-87`yl&xlNE=tn-lS#cw7k>R@sD+y$3MB9`Pj0$jxaxG3@%(v>TrW$JjSzbP%l
zpDM!0zsDm^LWtKfPrp4M@UXR`5d-DI>!hzrltSBj66>QmlybGpR0@^NIu15PY{*sg
zAb}uH*K*??(eVc12NYFvuSkS~9)KL<txUNnz*oRigMjBeYRJBi%1P;|xdxnHkBp6M
z_jpk;_~xfylt-|xDLV<@A&kA>q5E#2x4k#ISEnoyyb?1!^DMo@fe%>9LyAM$clZ17
zlXmtFxzwo9g1C$Uix+szks&?tXFyPB7NhCqnAY4Q<ZAk|?8$;!llK%fH{%wZGcxcf
zjqanfkH|h&pA~`Ia^(6p;~7|YG)+XNoIX)vi?V#m?@mYQ{BGdn{}`yS)c`?2zQ3V<
zWIa{x82QU&0P}B9VEHUklcV#6rpbmQrOEk?OPL<?W4X{sxBbYR{+wDNcyUfUNe%b~
z$O|b)=+fFHq?E`L@_6M1hldbF^sxoy;<Gy#S0Ki{g5MiNzttnBxG0#boaN)TY2OF;
zT#irwRXNMyV17sdxvE5cER*9iF9T>iPQAB35&gSN*zEnawr7J!NuGj0rLe5Tw=4W=
ztDJQ_a+hm#!2Ivl?WDk7;Kzzp^e7Wn;){j2<yrvRNio5qu-DY(1uTr53^+^@a_8dJ
z_f<MeARzb5LwEEI{e9Q71aFgmQ!I)G+UEg`pGQpmdjw-1ext@d8yQJ!zFT#9&uI!0
z`*duam~4Bt^&5eq$eIE?7F)WSk#@KYO<AMCu^D8oninuqq|d84s|OA}RFH4W`)3W0
zh!A<q&5>!HcH=$DPB*QIq;11YQmR(V7_nSDr${cXq6A+$1bIXw`=(;v8pW1<I3@sJ
z?lsUGkD0e+dJh_}Dr(w2QvHoV#eE0@u4RA(%z+`wyJ)Tg+3OLkvUNYNUYL8JZu05B
z=jzIV_z--}A96kpR(YaMmsw{|EEL0MTmW(Ijd~=Eo2Mk?^Th&kA5x|1@ipEFKdt&U
zS>~vma_%}N?k0Qiqa}FpcToI3cdR*#)eS|5$vj1tuIoY7uL+=?RmQ$oim#wQfJc0%
z7}}X}vzg~}`!)ZPL)G~veH;wVz3Fkp#rnedVVE@pfnGf?C0kR5@oB#Zd_J>m8KL~9
zQQAr-2!$Bbq(Idl9tS$mFN+a7CMjJP)-_o|IESk4=!>lczV&%RTa3b8{q8=JY_AvS
z;S!qrn5Npj`8X;!u+5FejEsS4mIqy7kcKuo<RoHXU9tCZv~vHXot5?}Yz^L9=dfk7
zDGnE7Xiy!dtfP2r=C+dS)wnJ(XFINS2+OT`goU*>TUD!K-cQW@#^zq};J$;yF85Ob
z>jtR)eILQU$2?$TA?xLsi-4S#bM*M>&%?av{iRzU#_>mV<y0ctoaXmAUeO0&K<}@e
zLsf5?(c}FX{+{N&R5j^n9C!dLbj2@I*x4fJVAi;r`BI{EU(n!N9qVyJ<!whz!(d_<
zJvWYukh#LCOEYpFaP3c}_n(7>@lfwW?++gcLmF~iH>U?@8Rgu&cTACm{Lq$LqP3Dl
zGQa1g(_aJDJiH5Xn>1?lcF<}p1iIJQ6;}iFd+*;O!!2@#_HE#WGs4y2-(B94DC=dW
zs3jh~aYy*7diJ7iNOwUrF*mdxl0($jrfAPSHHFrl@lTBOlASXT@Tb&0Vjy#W9!&A?
z!H{A4I`H<in^9lByj2<(+4~iQ`bO^HTz^|8wDRHl2G)8MI^prdr0h+Le@^s|eU{cd
zI0-$cU+^tLLq=^Vz-Ajfx-(oTb#2@gaRU!mMTlhBaG$a(mfvyV!w5-XF{@Y6#7Ms(
zu?s?yDucq(d(XZS(wq<MFMnnM-?{i>o_!ZigcR(yc|KC<^EoYZ2!%dAN4bbv<4dgN
z=p+P$i#spI@#=+=I4`kpm&UPanmB*nVLGGbg+BDEvmSYYcEwCx`KaE9(8W%}O5l5&
z<Z`5VLsJReeDj*?XOz1;FRzn%m&L0iLILW?mmV@CJ<ueaF{X#*KOpDtQIh7or-On|
z?HHfHkXGEQb@;Ae)kLLnH}t_-h!;8L8=DAYmPB}*Ntg{x>@%f&1qHN1PVB&*R}%#D
z3`@>q91?)}z{k8gpx@l?&bbXycWlX0ytn&qC?;R!R<K7|P#{4^xy-^^KidPwEcH$!
zW;}Z`Q1Zh`j2IP|Te5BrRxgxV4ld=3*Ry1G4Hp&8*C(f`D`ZyC>(><f|A*Z!dQMTO
zC_L^%Cj@gP?%v+d*x-LTulSB2oEOinN8COS`!ShEJp~?)3rxTN#BdNXwsv8`t@XBF
zyPx2m&1fuD43@p+UpR@XGJ*@iS8cs{mwhj`jpXmV@q75BGI&+40tfJk@yxt(w)+Hq
z^z{l63Rg1i?v8k&H?+U9@0YzY7d*aU`p*ntDZdmym|jkOt6$z8q=Gx*;ddR-*UQia
z9`64Xtv%85WvE9Kx;F(M$)Y>XRU=waFMC|-WpTguctm^J1uE<ylOmL{d&;F96r0G#
zi6HaLgN`Le9o$xTR{)YEK1T|_4@(^_h<kja<*^1KJl$p9>rl|}63$KOs`ks8tNVa3
zf?kT9`#-d~3grx%kn%t(hgl%&*Cu+m$8#$V-abj^m1;Z9VC0%_AHGD_!q@9nC-(bt
zeb1e|1ruPD$sa0m9~?gmciakfFSz~=kKg)rvN#y&1r=s<)WlfZg+AYtw7xWcO<>n!
z{ZLJr9c;rfp>B9wS=s87h!4b*eWm=p-Sf8YO>eQ%3+E~pI2JW0#$L2WCB>}6?soIy
z+4|RA=RW-T#hO68W#ESyL{=ZxVE~{P+O;fz56L~kyeKXmhIFZ0;kH%ut4drd>$`_y
z<kJWVm5Kc-h$ib`W*~0g2lw*;_}d?+BP?*nmC{jeeD)@j-z1#Z-cJA2>R!dY-`v%o
z#RVQ)x|L8^bQd^FuuVb*&{&SEhrsz}%v*}sj3qTN>E3>fe{T^f-@!9Y_@V&VAfp}S
z7+vp6ZRy&0Qg2nh@=oRa^KzVj54beK=;Nk`cWT$xb#M4Wp#~ghWUg#qfa%mTm{(OC
z$eFm0D{3_24QM+kG*%wU7-5?r-VjF>kLxiqJf82b&DMdW*JpDs6K(eKRljY9V0q~k
zUhj6zS;v;<uQ7ILuPql-+&aDeaX?S0SSM6HkCGPN@cCMaLG$glag*;DBMOH^@G*c-
zl<|ffHGSDAcInKqwwXzhm)u?!th&l4$!?$XctAxTjX2|eDVGrYL_V_EsP}I_cfhd?
zRml5wB%Px3uU&83DNb=7b>MUM)DdLUvlqW@+)303$w%o}_(RXzNV$a<l+U%0n1*JQ
z$<K~IPxD)Y_l23CBQgAYBxc|08e~_OH%z@yC2QPO&WY*TB1wDoU{^N7?LLaV0RvY)
z%&?AxD#6Yg<nSrmNNO*Yu%q2$^2+>z=3{AQ&1}*uc@8*w?`9zEqHNsSfLCHhrf##(
z7~F<?r~+<_3U*B8YVI6ScaF;CjcbB+WB9IZq0tW79e6NG$x8}IwPlHMppU{8xv;Nf
zBG(0e2>Twta1GBwkj!`6s*jLK+|z4StE1=aH9q%vvP2GN$K3~O;eWs(GLvO^?}5k=
zL3gAMxDP^^)@3_uR#DYd9<fBFV@;p+6|sgG$8n^S7(AbBFb8i#xL+q)&c`qBBNLvb
zRt;(A61x0svgO}HG<|yIVujp!JK%^Y)#uAgYk3&tRa-KAZ)OveJ=qbgjvR_Tx$iN6
z7PE&B-95ObFL@tId(}p^D}@~jWxJaeR}KLY1APVs1i^&o&W1i_7kR{Xg7Z}FHH`D=
zX_oc93~}7ax(>|ytt)+$wv03mohv7;ijYKv@=Bho(-NN%4eQi=vn_s79Wh0Erm336
z0aj@7G)I32Bc0+bQKIpx=8pB+85M7Qo9bwjdLOoOBsmE7>Ob7S`!SpClv=m-4cNrb
z{Z?-XWF2eY@Xrx5Q2Ud>kQr;hM`s<QR!lDHu<RnE){6wumjwC7d2i9+(YSH^(A`0r
z9d`#K`H4s5_t=frych#6WDn^brpQe;xt?$D>L8JSx_e36P+KLJz*d3c67n^VVMREI
zc=Kfd9K6w1)1S~Waut2&+oPysuPAb$cj<AX8FPu_2iC%AGGv{2vYQ*xPe&SKC<D~1
zAZ0pxB=sRku@MQ4_l9Ts?SC6;(K$Dbmzh$wPdZq?d_i=vePmV(0Oy_|{X}l#IMLX_
zkw!F2j86<mqB7c~dBE?4m3<GkAOY2$E5`)2mEht?$lAjJf7-sB>G(It)(#H^Rq8CT
z-~%3?tpB9i-mK+48^kHm9+D%MQDIUa|AlWf`%$>FZr6@*-}4>X+<gJ8q+`ol74YGN
zIKP|r<oBRXY1P6J6Dy_(ojWzo7wFDgn2Q;7s~=dx7dpYfN5mh-O8G1eR2bptz$;(L
zbM95y_qJM$i8mQ)8+_0;vsqg~FXVZ#Ii(qT0G;TYt-qhfO&<CV^UqzhFdfF$;Z;O#
zjmN>inIE{-y9F;>D1So$-z=j-zX}GE2H|{B?bd4Za(s$uvy*+Su3~PJQITJPNUJ8D
z;e5dTJ%xfH4y+bK!2216eKD+hg;Gr;`hBR`lt_oA40i+j)8R=m33ZF5=FS@JXH7W!
zH~^apKCCumj*kk2sdnTQi6(BOSgw882@3m_X@HX|g`aAKqQ9y&CBwd-ffgKSr^Ad7
z#{HDqkl&*{VAFlfPfDc+J;Jg!pk7$okRcu|Ez{>dq<E4ij?h*0R}a<o4poFG<GK;u
zxZ%m+6`J+wihd_R5VLXpC79;Wy2I+`(WxE-=bKwQ7amtDhKu(teV*J`7b3KGDK$aQ
zdDsXo%BWJ)7hx{aE^W*?VkSC%v{3NcfkXUF*Hj-h!$CWbYU2xh$3utMhBdq7Bn_#N
zmABvfGUh3%lV20~J!pIq9kbu(gG!s;qqirO_rXq^CA7MeZ}a|HfZ&nLTKRtZJ?Akm
zDd#L;p~Jba9(G-c2d3Zp#;0>P77y92akW(8CsJwZb2e`*%@rpQGCBrn2qAC#_t!mk
zub;;Fj|M>bJq&bllwz(sXSg`{%EsG&pB|PwTJC{X$B4be+_V#=&5ye3wou}3UW;R0
z%ighmZE^razVT`49$x<py$*6XWW%~1A5C7KnH_9`adc@pmQ=ezP;<y=MQ3gu0{0Uh
zp2p&60R|7So|%f_7_10>3B|ZuIg#Z$z+I``)qK!NmD#rntS5{$ZuQ#<ds}<rYoXf^
z9*C+P8@V?8*{-A73B|9MCDD%*o43{`Z@2_f;hq;}$+ODez%>8aI}W9r=YINV{VGVW
z=cjJwo)TPG0KF+Qcu-O$b?Vxz_!#j+Tf;%0v#}PevWIzmoxJn5sxvducPyALMiJpF
zLZ#>C&#^)IJwBA1m+Q-W*l#1MKR&+@frlR^+S?wGiCf3Fxy23NLO8~;o1e$}Q6a<J
zTjj6Bj9WV^j0w|5-?wr48*a}|DAo%LGVe<a4SUDK^-4YJKihGXUWHtr6GBSx<%Yqy
zkRr4m40=!KKR@Q<_P&E%g3i(v_6PNv&L9ZYott}Rhflaa%5&vm^F=5nC5C+v0hpu$
zA!UnkPqm3#mCz-akQYYZ=vJtFDUOwTmtDTLc(g}w4{g{*G{J61pFacUVfH;)2h<&2
zIvk68U&^Ng%rY3K+p{jF@`G0*5UX)4FM^7o$qQC(Uju~ud8j_H`$#N?>J+orcP^T8
z%hr<k!Y4)WGhluX9O>Kh5l#}A_v>oEmE_Cn?rCOltm0*%%{a;MIMHfJ1%Ixo*EN!5
z6{>>o%|lS1_TD{RHIhoX0CqZwN9%mk`l}*m#9t1@#Isk7jX5|-Zlbzn^RbABjx4Bw
zQ1R$FfJYHp7$@S<%7>-fE?v!O+wWlERWTo1>bPZNTYL=|GnW>7s#V;A-m|UEOCP3+
zNXUun(KE!YpAH4l8GB)$KB;s<b}8!IgsiTYX*+?N;`SZpb_br#G(s&z;y;hz%oK-o
znHL|hP}YkNO%?7vbUJf(^@T<NhDNq_MEg`5pBBzxtgoNxA|~!dId^=)OlQ1<%6C-C
zAD0@s`>N^iKT`2KWPU<jbvu`pU>Vv=BD3S6y2F}BbQB|N7Xcp3K0;YQxB1oVuTyp5
zcy5|~j)+dPl=InIG$wr`pg!7<+R;NA7PnhJKk74!9FRk;cTT=^Jf;qB1EXYaAHVJL
za_{<O4dN!G2JOrDamA@(A(Fdm4$G`}8o{n^(r}7hk+%`1>(Hkvs}F}CbIr?4?batA
zTA+slXjI~n=i>97sjVd2<@0J32-{W8`xxYT%d^apy;n>08_x0`Z-R!DkWY?aL-o*~
zeX8XurbOb`DRd6)Mj^l>&6$QrZqDbza2LYoGpMx#l9eZzhA)>S-r2((Zy7PgX4n6D
zSjSyIi_;9EJ#|0J7|_P<-#Rs-|ItWr36(xENLHV4d5gR2empo|=&#$S`*Vw0g^K1g
z%)v$UMa_q<_y#cotKD;C5-N{^9)}y3BtCCqw&;T7z*{7G+8(_5%q)^GOk}6iF>B@3
z6tMkHHBW)x$3P5qYUCVQ(5phn7q(h-&F8@(E(4pdHyuymEeFu9hYs!7`(9s<Yw;oR
zuq$*Sj;3BXL+I=eOQge$F}-y6g75IBa++QO+_i-&u>?9STm!G@RT$H!56=Dm)nx*T
zdn!&dDgG@NJcti$n8IZ;emtVuov+R@xOojtdon4`y%^)g6sQ8@WvEO0SO6VW-^Y;#
ziSop&AxqmAK3%XqaBl(#oar=N^Emi>3`%~FLGeLlg$-Xj-8xa5x$+)!KGmpzWFD`t
zEvCEgH>^c5=T^NpM@Br*tH~JrHQ!4Z^X+d=LJqj(gqPq;x6$(TbaO5~P*KukDfaSZ
zX5TX_$}X;URljDJlLW~%nW9+dHr36$Ol#}+@f5#aDzFOa18Jv+o68ARa1S^a&H#NQ
zUAM85>HV>hFg|J8l<<0x*^H==>!{eISMRyjY8>AfEg)4qVxHJ$Y75omv}`=5Jka=F
zH=PHks?j+*1r}}U@AF+A!k($|nsef;JUZcW)@LulDSF&7qdEvl3}HuZ2pUPWB13}c
z?Cp72=)T=+qyOKeyyP0MM$fSvqN8gQpHuNU`yb~qzXzv=W9_>%_Gwk>Bakl;4}A0I
zUz1ES_@F4-19(N`KuHt;tMRE_8QZ6aevXO{U=xaap2)ZZM-6V&@oU)U%A-tGmexsl
z_ruJK{zCZV*(LMAq|S_h3D0y#1R#Kf)Q$2I_Cp#7QiAnTo1W`<)R1?V00Q$f#B+Is
zj_(nG%(?YKQQvdiin1+`uAP=cs|(-N=Z*wGB#wLnicmE^3EpaJjCV@sMAPgsdLVky
z-M`Kl1OB4bQ+7vP<Id`>^_aiC?~{{1n=OX#UJ`js?p;KRQ{%cg=e}Szq1)sSp|_f)
z%zL0NJ9jRh_twWf-V@hY)Ac6teW2U?-X+W9()pqclpS7%{uw&IN3CLM4_|10>mT}F
z4`;lh_maF{NSuAC5PDKyTD)YX_4${-T*26FGH$HrETdgT#yGj3U-mc@RToI11b^lN
zte-s=MZ3REizn*gPw|P4wSt9g5?t<+{CGdiJbLBH3s8!>Lzy(~cU*953LS-UD|6=9
zeQ)g|<)Ip#&v*jXfgfI2!qDzyn;-z%x-mWE<!_U!G#Ea}1|n8=p-{TM+e@-d?KSfL
zL}$Qhf!bgj9)9@RtTl!{rP}XDU)Ym)LUgYG*<9T+t+65bDTbo$C$Z07dyqaS+_;Au
zqS-%FaB{++!~=3J3q!tC9pMcE88RKvFky&y9|@219gU<i!Rp(r&4kEDsD7W<{2tC4
zG3nlVscaN>HiO&rF;mRWdqWG4;{^Dt+|o^xggcD4XJhn^Xjs(Ab3@xEJGi^3w1S8L
z&su2MnXhy9HidfWV$ni=x(IrS_B(q$hF1@E!M%2(rKTSWEthy$nJ)yVb8^bPek(qW
z;p-=)nCEL2aec{e8p(K4KsPZVP9A85<Dz-1KS_nL?sncdEWrbrt=hwIFC^V-(N=r*
zuDGwUI!s<w)DXXHholSIK~)_Y=8XF3T3l$xVvmy;Dd&(KuD`u&Sch+1*r70pGbuD}
z6fQx8*+NaHr)!g1hUK^)!uCyWIH9Mn1aH$yrRPYTuOZhysmH6vQ+}{11=w+8gZqM~
zp81darr+aS-(HXIC|76tX2}D!ED9$_s~Gzw;hm7=<EEtV%^)xHoZdWy-$bWA_K22l
z72mbY6~wF8dj46@sn?Xp40%G?&5n%FsLAncG`*MPn3=mWzNk>AKDvPqX__br2EJfp
z@&Hor+gay~)kUgH?>+g{z<YqARBp{$3%D{Q+I09+R@Zze<kS1)ZH|L{wkcZ&uE1wG
z5q<;iyr?ar_vz?%=REe0>->o}g}{>ZxHeeFBdPoSLQ|1dgt|83p(luI_(1<j&O6~e
zoZh31K_izIy-JZ2CrDu!m<nHNqdQ}QEm;+KHbq`ksCm1tAR+rVAUm|w`{<6SF+}ax
zLdBni8s_>#z7Ko+Y}nS{17OyG;rNpDWsBoNc(DiOg(+<ghH!}W#AYncE5@5^cUq$F
zaNpnu$V5hN<;$LRU1u?&_q*`DNjJ=|Mg?#J><z#`1rFKJ4ML`i!~j-9b-rd-paS-L
ztZuLAneq`y_g&s`xe{&13;V9l$j%EuS*4TIE20__N0Or9)I__u-NQ4$-=urV-Yep;
zeb3sS&lLtPDWpmGnfquhIr+<c3dFBgXzdZhMplhTRjCNJ$+^nC{vOrYR~19fDXiwJ
ze0Cw-M&eJ-l_}}0T931!=hx=NHqHhg7?-qhIee0#jhqUBhpXbd@1=F=M^T+7<x<IV
zf#s>O1Mqzdo;tki%~T6P{n!E^B==AJqrXSSCY7Z~9Hm$KuzyaNTL?jC%cpu#<#QAA
z{?1TlHubZc)f6!X{S1pdfpP6j)z^HyNQfs{vrmv&mgj`(so2O}j-heG-GwtSCr`Sj
z3)9KMK6Suob{$^<xhp1!*(Z<X;=|8=*XO_?1bbA!q56uW9-5LkH?OGd5b)$<NT%FQ
z4#A3i<J=BAlB3AouF>3}FB9X%0quS@(UEd(Ch$JSXSE~xN=1-YFx;aL+Ndw2Y5)zQ
zFY(N0+DCCy2R4T8%jzW5%zvKuOa|HGfM347qfAJ;=S5*zDBjV&>{Co<$gc2tQ7<Hq
zd0n+ALVs_p9tcu_%o~welhU35CA+yC?gxV%uWmi&OL*a@UV;7|G6PR|+>O#Z%-<TQ
z+sXTReFt5lMwPnL_fsHb%!>^gvSlSO<lh8rWBV0+Nf$dv0**r^u{OSkbVw*IW^^s;
zrr3C^;X3CY=Ia4`V-9(m(<8iifsT1`KWbWz-z6KxfuY*;&tuE3IT^{F7o1pmL($>Z
zGTeghC4IP=Td)jYYB$e}elf1s?!!%2`GK08YjG|g`pz+XGGz}jPzUAcIc0H11n+d+
z^+l^A_vF1dqc6bGejiTX^5DIB_pOwB+qg<4rt0GDs)fJLe}Ma7a_Lz()~rBgIJ9}>
ze6k{Q`EC=Vl2yX+$dEzgc=$OseHAueHN`<6-3v`Q?A$`;0<-Xn3OnpEIZgi@*iO^$
zF#3Jg9C1=QL8W>KBllW%bg{5tyU(st91nw|d+t<uHcXZ%)k+6dF<3vc@&CpnJAFW7
zy+g|C+#qY9=qMn^wyb%1x$-f%%B$xwWe2!?+Jm)6#SlA*(u4tC(meOLBpx>Rp*ejZ
zh)$}_q6u>Yjm1b2lhW|bgNh|+EouDllLsH*xYn{dc@g1;qv@kLCRyI!=bst7wBYox
z9`FpNb-9h(OSTC0$~7*cMZOA9dGDkZnku2WvuN}gr-s8hd1*dy68BWgar^Tg{dNvN
zUd3%oihT`l-G?wlbvg$>f$-`bWZajW;$$#;vZQ?sE!TDsgk5@w<-xic;#s@Qao#=!
z%-MNsf7liJp`5!vhhFtR2H7Gt%g-ls8vY<eAhQX4op6Ve)15BCwhyB^cx3pf`cT<^
zy63S<aL(l&NwlPck0;DVK<(*k+%1IM3Xz}pgOb`=!B$JS9#<(;ANWFxl27Jr4sB73
z+Iso%`E*w=-Nthg+FyB#uPf5nQ8V~1xCz#g&&__E3Ha7v9mHFBV?19znV?fm;<ejq
z=R5Bef3F?#7(yG&fq12`>h#4eo+x5m-}h$j!Z#w;{4x(pIh{KFxoWNKeN5E$T;Y}P
zOsQEtUXptSARQX{f6!-3(|&6a#&*$Ywd6po^NESd_iVepufAizNaRdC{M3BUH@z8#
zDq_$NoF;MeL$rtKyKX|xf@!4@yG7ukpE&?j^w0hs{g2VNrh0KI`dvq97)NS};&NoM
zWmRX+Jr}+`e5df(F}`lxIw-fZ#e<P2P7IuTnrl)4=IY&KPi+4tq)!cgJ^69y8##*u
zcXC@3FZ0)-1U@F8o8%Vpc{srtp&1M^9-Ni(xbX5kZELH1!gl8^=uW+~$kO4&!W}}7
za@U=^6#{zBc0cU&U|8B`E3Ns7M+_Gzn;iC6Kin=R(8Uc#vArn|=#+hOx_$FJY8`OX
z!|NRSq(%>tz5RV|B)^Zk(>-i{1n!aZZx;xiBCQL5>pC&JxJ!6JJrLC1nM%o1)aTl_
zBbXYQd8baTgNcA0dO`GRz7gMz4s8Z8^>9|I#|eZD;i72VB|3ancNbI3YO2_Oo)_uw
zVYx-?Q+t7`ab?GDM8}A#jN*A)>jpzd4%jPmr8ivtL_+eTvx*b)LMWEr-eblqthxc$
zneyRhQ{G)8nB61JaN8ypmUjAOo=sZ0{ZfPv)MHb<SW%u@m+U^6cE`pv1!uP*;a;C5
zh8iV{YB8`o)0O9e(xTP{lyhKM9zKY`8u-q5Ughf(c~0AGKIHz;#LT^)Jm>T)uX*}v
z%))5oCFre@n->nnbv=AQjyCV<IR^e2h=;_Q-}073rg7}>xT~uEN^)VGDZIUvvhugB
zbyVvZWt0JZgW2b6PX-dbKJ}?E#xTf(wOSRi@MtR8z(3ii8QnOU{0O55+L3Fk<e1?G
zrjokbkNP0;+<U<qal_zuIQ@sW)7Qt)pT501D4-qcI)0CO#&-!oezf`<DtBIHxz0BX
z7{Si4Dg&B9oJ+fQESsbcyyVP%t=yo?PR_xRco^oBXq@}N#Y)KMB!0C!7?r=_yEqT(
z@Nv7*<!9`lFgU{1ye-|?0Kypb(w1MO{1j@<t_WxzKtB&m+4K<%%Y30Vb_#Iv0&p|}
zWk$&M8OF?R(Ar5ksamMaggM`V)dRkI35h=GiYu_IK0*SUvFz=91nC~QB@T=P-}#Jr
zI-Mov2REAmipW64=@u7v#h=48ROi$H>L$Msvc66}i$ReB>778c0=|A=7i<g5Ud2@$
zQ@@w<Ch75sij+E<yojfVRu}j1W?=wEfH@|)Zzf;A)xUM<_4hztNF*Mm11pMwObFj3
z%4Y>zz-8^_jNU|8{wc=6-b%5NkK)&K_jf>aP(v>B+r8tIA$|%4m3oc6dEruXwDiM@
zIi5KB9)SW8xcJng5PS4E;!)0H6-{#~eJ(2wc(mM#>z8%Di@ClLD1Awy09RgC9d*?6
zc;+k1{I$K7pT_mL^!3z!LVxWcRn_$wNtNwg+-tW`6_Evxlb)p$elwgueZIE$jdcX=
zm7#~Q#rl3{rQ!QB->tmf)HiD$&noVt;IkKH?p{S-n%3KSr25a0S}4Rc^!}7Js6x+l
zbN6L>^+`X8zKNkj_hs_KBxPr#>%NZ#6`*P}U=jBm*>-sOEWgp_%U*Et_^DUf<LjvF
zE6&ZAf9I&*BYbz)D}~=POWo@AdQ_A}{ir<{?Qufd3mT^2#MmnLXLDJHvB?3(km6-8
z;f%*K`g7b{FT_~Q@ndb0Twyot5g*n;if>#iYthA^+*|Y;L&69iUaOg~V`yaNX9VSB
zAxKpufpXFNErg~Os$H{j>jtot?q)mM6)y;kf$X-fOH?1L25Xrj!>j6Un2}3$dm~=Z
zc+?_AT?=zU@P&(aoJXfzKr|`6nUb0UPjb&`H|#x5gu|uk5J%5EluxreRUv0Cu@lcg
zCbE7C+J7Dt;6(U$DX=q>b>d~%nhR}{3&FFU?lLTTaa{GNjOfX_#^ta>)%D;ley%we
zdwH`z`Bo8-C7RG<pZ6=UTMi&nt3v-iZ~8s-=THKD``jdQFRWUpYwfR2xMTXr=@llk
zn0p3vA+u)M6u}-=xt~)LG&!?byeRD#1UYv%x31R`2y^V_$f6($FqaOI_99+FZ+*Lh
zw$S_>zRCIZNQ3a5eCUW6xV`nH)hVRfEtB|!)H>|sInWx16B3U#MzlcGt7J$i6^Tfq
z=dj^1I0ks`)mU71<Ge4S^_hUvE$8mnQsBY{ZV%axsk|zvp9Locu-PL0>vJ;~zC7Hf
zPDcRPune3G8AY(`+f{t~t@GC7we?Bfp%cgc$@P@hcl~}D8GFjxQ9f#!d)3YEJ{SsL
zM<dQC<V)_hJ}fbx4S_UHF@L=>9BJ*~auD9jnNy+oaw|QI7Dyd)t5l8k_xaQBF+mqr
zJ0f}IkxG&4-Y8ez=WFZD!B5sg-3V7ZP+k(FHXSn!ow{@+u_ctU0E=JH+X`E1K7jQ8
zgH?+>`~i6N+3#FGmM?wB%7*|9V2yge^QbEkd&5e^;e5R-U>I~n0ums@KKb3plzDwk
z>fxzdjtMUL={`1>RZp--(2bz)k1WbB(L6Sb)HEI#e&`hVxzTaXCEp1JpyBuQ7fYef
zv3i*BAv|=w%xLCsKV`6dW}szw9yPGw;yj0m;njCICGu*b2x1+blL-t;akE+;6u5sL
zB2?5lLghZ$#^F2ZjNhEP=4NkrEEviIrC^_+nXKKAW${C-;br5a#*|HaBSvi;0nRGc
z9BsYsv8M7d>YTc30~z-xuCm{Qg)!_IN3q93g4UURxw`#xLA)mn9Hp|>SrrcwfMyu%
z9+K*C{>)L@WUjyWrsZ&*WcEG`cKGwh|I8l@AG@Y{Kk16rcadg560iOqb2~WedW}`<
z;jB}yr0S<z&YQRCRLO;ln>Rj&R-5Bvsr9Ngzktym=ttwVKkbAoQot)M2s6axS=L5J
zE{m0(*bT*@P|uG6U2R%NuhSvU2nVm#zngaYt{z(?L+hH_Qv2lN?NNE+ihuo1*E)Er
z=4PGSh8TUn`5Tc(|C9an?nGi(aJK(#A<=0#(rv(cymyNZ7PsA;Ra$(7(hNjKDoHK5
zPsJl-3u464eOit$Hy9joiU2_Y=U2@W>pP8mMblc=<hUF!Um&&nJGA1rB&<F{!7y@z
zQ^OS_2jBlUeWHP`UUARNr-s3Pcu0X8=<z;t#uNHrS#a{0?@_c4Wso50+sJyD`@usl
z;?956aNdGchhqL8V^@+SY0fII#3Y6#gSh{Zp6RQ98EyHjHr-X35#N9ucL{K>2O34y
zBS+@_IC^In(~gp2Gk%qGeclU8OG@cjzFm%e`J6MdkRz%y(g>ab9A9&mV1zXn9hQ@!
z=OwI2HN-5ez|o8$LKXSO!G>|ysGoaHg=@#&`bk>L8(rj|FD|&D&ZGWxPvcwVOkY>N
zX25ks5$?gSF%{;b#Y^cA@?>>yvqGyb9a{Yc1a#=18w?ExPw6QYDBk@y%!2aBO8eI1
ztq^5fVx+1Ugohg-FJE{H_3;+z`!2jrSxLi{hpT)sNddhk?=)YsiG~qrzBsM~__IJo
ze>X3dBFjee4V-ZRFo6Mx_diMkj`)DG@Q7xZR2TZNhzeEa={W(M4|0#+K9y(;IOjI(
z1BrnH@ubTR?{1*cU~n$1IlTuv$o%x9$Ov4xLaan~if8~^n%QG9W;ALxj^DcE_pyoH
zOLZ1K-JG$v4B~u+4BwD)!YQLldLZ#KKodW3n~cM4LB|yLe#4Ew_O}#1_fQE*nh~!i
z@iG4VeUqif=@5V29f?IuPTF_xW5U;9xA7$7wSMqU7-I_{tQ0bc9^bKNShacPVPy~c
zMp4Xq<Gp_#8_VhAa#SWRloLlk9VEd~DPZ~ZLO5#R&C-_=gOBvTqj>=+1~xp1MEwm~
zRDJ>}AA<`x_nR251IC~&CobXRGFS8a!k^*wyWO$B&BcnQ&xzIo_bo)fUUkS1DCz%n
zSl#CQOud~Lc^>58CiAvYJX*y^{Gp%c)%M%E*-Ua;?}H@NP1=JksJi)0C?g|3zBCGK
z1}zY7tMX7p+;ZiieRDjH>BnzUe%1b(dXhy@LQgP<aW=^lV{!QeDwOryX`!WfJT))~
z&Ce4lMDjR4zjwkty{mYz4iuY>LYxypJYVhNqym6bRG?<5hidQxQNoDgCR&?52Of@;
z({UlVjM9%UGyqh~J%W67#;GHCof-DD4%U@=d<#4=A?44_2V^y3KH$eLupRwQ*g*~^
z`87mE46<@$eK*JVs7)*SE^9FY7+Z%qR<uhVQ<KwA{9Is|Y<J)^6qQ_#sgMDn!@2zP
z98iBZNQy+<-OZNjn}<y7?%@60ZjG<JfT<gJ+C6di9*X#^fsV7KXwed6ba6k3&$!%2
zCCMIwwdP>F@L^zm0Jj&@xAh@K6Z*MN)uZ%*>%~{v?t~U-0;^+mi1PKv*nN~-*Zf?j
zbPy5Fqq$Hr`?&kD`%QR8KQs5b_&3xT=H7c%Gnt#NP8KV@V28J0N}WEd{RnR+R7MpF
zzqq->SXtG(bwWDO-CODDhL`}`DdBI-#-SLUP(s={C+pIeq3iB^EmnTusm@^Rxj7Pg
zORuB@AJ1-c6&n!#J4LP;awZTa$f2`#(1<dgT9CG28OZmva0`wTk88$v(;#zuLScMl
zR4?_>bCv#`7$9AIBAHzes~;)NiWL8RflyBU4zb@YmG^d)?`+DX5*j?MVPvae<G9YN
zfNzOkF-JJVU3P$$+N1V!chWl}8UqpzkBPZc+Pz!tXFD<u#GxCTF6FtmhCh?{k;xMd
zKu(|STfE=Bi3{m#nb8*>VBe?~r7hL=kwl*)6u|pL^%K5@v}|-rr%+v%7$Czd5;4Ap
zja>uDeJtBAl6^C3uHLgO$dM-nk#Pq{nYGF2tp+x5SP*PO7W|}RodaEx1gSHn=@%$s
zsqg_3L!W<RVxPvel8~D29nSMabH0Vicmisv1(bFu=lBL_(!k#v6BoPG#vapBUNaNh
zI~0`Rkt_%z>7{4$>#!8euT7)vX?a!B$44x79+TfFoc>N5NKQqZ@OhW|<nZ+!I=vX`
zhcN2W?;!g<C{Jbi$`hpRf=`d`ZK^&)$-pym96qD3%LTJf_Q$`{S<tz;hej)3?$ocZ
z5AOOQeqzCUF4dz6A(<kdF}z($zq}`7)UQ85FsSaa^^KB%;1{l|49s~WFV$ojmwS_r
z*3h|E6z*GY$G6~XHts$g>uowO!`ZdeRK8VF$KCEM_kt;q_o<pw@xStX!yMj=gd^Xa
zKOu^hi?{bAd?$sKGUppq@8(%V&F^ndDjlZJ8E*{~SJH8_oka{U^oetL5nSx-rGSyg
zY2cj4yRYb$nh>p{q<TwTzTSVfGYC8lG4CqUg0DpSZFX7*!&M-tL(%K)bVEZZ5bXgt
zQk1F3@Zx>^%k16*q};bB`=oFt<-Ol|$o+bM_wZSrt0xB#e$H~$-));iUEkgWFmK#I
zj>AX}&d%Mk(2wL_x7+Fh@YU*S@ur4L_VJ0&8_j3#$uI`+arBl@u!*@uF4rCx!1BD~
zY_#=0XpWroNEZ?8*ZugwP8bk1qQb_6KYv=xyL_IkFFDg47x~G!Z#3_{7?5&ziaT%F
zaxlLqy2@G8c8@)Aj)rX)b4Vdy4l#d(c95-JhO7fw9o-jZm$P$Htg2k=+Jil`s(Z|L
z<!NA%DOR}O%n~&~3b>|Ubw26BI!JrUlA+yfxi&YJ9!09^a}w>EX~O{dQD92#LC7Kh
zyQ%!!Ss0P?ouQwx;m+`5(UlqBY_frlb1j%ko~}k)0$b1Iz@ybdhpnJ30M8SS+%)P<
zEqqyNHU=K!K?_5r&*MgewSU&F>woy&QH00&*X1TC-H14Q`Z8q1sj{F;3I&%fPvL~n
z-T*XA$);5u3G%TVHd`4uN4i$}5D(#gNy%b#r5=<_R}|Xu;jdJhNobe5^v>1fug&R9
zakb!uam9LKQ0MkHI4N`>9{|h|nngPo>*6uoI+Ry+>5&lHN4N6Zg6_(eGzrSbd-&cb
zm5=25GE#9-9y2>|`ECsxTu<+8Jdep^yiZTAlo}Y*YcFs2x-buOo)~gl?+zlC2l$2{
zScmko$K8S}P@3q)nXAXI(;a+l>}6`=lIB}v&6~Gf{~z`3yRa|@onYE2(tJ3%)w~Jf
zw8tt&)#3YZ%f$WCqTB;pjiPCF2>B>$ELO}>J<d<8%@KeNKic0UhvM9;%LQV%9j!k@
z&Hh6IeEyQ;5oMHowDO!<nf>MwXivQdc1z4^&{;Azva4AjpDZ_ur44((p$K(h7tejd
zRp(3zsz`-@CoU+kt+IzQffvZNJyk#rKrLPFTRWs_Ana3E#fo$HUSl*M6gulp@9#+G
zaaFTzKU|J}<h)SN=^z&iy~nvtukJPJ$fo0#DNi}CJIK=BdXKhSinHDy7m7UQe9`7a
z#4?f4trK?{`Yo%hMjfN6DF{<y5bN;pSocA>xj<=zR2TI&4Olp4W<*HLtj8nbz|3j(
zR49gfI%Tc3Jt9K!|1eN^i8|xKSxZpSCYTT6@pUBeS%1iz{m4QNr?xUbYzDX`jzhs#
z_ufd;cDd8Dk1&MY>1*H%<_Co+?YwY#gs?G?`u9Hn?`G1ks@8LE6o00pa-Se5)6Wo+
z;H(M*gW4^8k~Dbs%+sfPk}g2m*YWG%vn2c8ENPe3<!`S1f{XOr!K3#1y!r9o?XWEh
zKw!oK98KPO1i2e4jEByd41YK-Pw0bUXHCT&wk5&ZtglUem|m)V;;~MobT|7+Vt8_<
zq5hQ{!_olezs*rWM7#(~kB~{Q1=%?fd1x9uiqFm*Vkzh?D;>{U^R?6ArXKFoKsY<P
zCkU=CdOe9+w`*UL26ANPI|nLWm>r46_VrdCQ_>b^q8k=CXV-{AK%%}5RO9u(dzXPu
zBUfuF=6fnrIBcV)SK_K2xiQ-x|LJoVx$;=MoI&}zn@?U{P(yiF4BRXvhPKkQwL0!^
z73*W^_H8Ym5`klyzr*eK7{ZGumN%Id1K=g0>b~ApGdAS++=)><EGM3DjumbJ%BW&o
zE(Yw{kre(Mv83m8xJ0+oiQ5@)DJ||3v6T&0pVgyn3aM%0sQNLuz@h9`r}|;a^>0Vw
z&Lesl_~@z~u~lSap!d$_=5(FI%0tXeA_7ZoJXHr{zirx+9!huTtkR(d0b2~1y_;iT
z%WVKQ8s83+i$|W)`U<+Q#f<EM20e&-BKBzeBd(_dKUdo1)4J;rRJk_z^5lcvuTfu9
zUh0+xT;>IKvkfwny8hLe$v3H~;j2?hmT3}CTDX7jr#(n_W^vYiIb_Y2@G$KehU1qH
zPB|aD+jzm_I488ghjqE<LHuKNpE@eBM}HhG*;pcqAn>KW7KPZ1aj7Ab8|M477+QZf
ztaAC28fW*h!W7uFxwd_`1C|S^L*QDLyc@tvajyo=W?Mu7L`O`|)C1kVkMnw;=5sHV
z>(|46r=<l-hLQDYwaA)@Z>U8K;wM|-Na$Y8UJ7byN?g+t;Cy1CIbw4ClxWU_VkLRR
zeAHR(Sk3+RC<5k;0A6im*DNLr%hf76c%x{1uN`SIaVnz=#UVHA^NB&yeIhw+^xO)b
z6MIVfWDBe{7u&UE4Ot4Ix6JbCy>BRe^u*NSTdwdB)IMWJ^UlGMfAV*1?v*q+k#!@`
z$xy<%qGLqH_Ned)9oawk*K%_S@I^f{YGYbC!XiQMhG3O`E?>%@7qc)6@Hitsu!pa@
z&CJ8|eia78bx5v0o=kodMaUm4C?Xcp!~d>3XtpCi`J4T2ab;n-%~%LuCfIu$X0#^c
zI;>U3bYk2EJ8QS#g$LzR2%1v;t>#K_j6@ImCdTYHPqiNjaXjaV#{1M`HPH}?AH8!n
zgH4(nUIKZm0;roX)ME7{9@TAQ)Rk_2vN6%OL?rgD%tTF|q9?47?(X4ewO({lhp)l!
z9FMjqfQ)OmuQ1k&e+jy#JV6#mAv4);(KJdD(irhZNaFr8v62~-bFi;mYb7koJPMKs
z09fCSh=(P4f<KndbS^@Y4sBuDsU4N?bQm6aKPj@r^<aO_K}~G+_qGM^(pGJB|MTVl
zb0dVeWC@cPKRQBU-{fSm!nhaT=gSL^c|W$*qx&9@S!1@w%_~#F)IcoRb<v9Y4iI}D
z&2E;lDyJtg0^*x>@sa?$ANv_}znfyMEe?-k`w;jJc9=Sj_&#C_z;bl1g4ih+Ft{r&
z*34Wc$4=qCUru!W4AD<=xw7od<P#_Jb6<FA`Qb*r9DS7MUdH#lpYry6igBLEh@%<)
zRnn+79kMzH?u`R<V79*FyhniNXkL^G166+yN!nvxib&zShZY%yl%w5cM=4n!t?S3x
z7M3In8NIs5F5!x?ZI)7--DI!+9?1%>O_oX{@2zWisP?J%tdr(@SagKDO|VPXsH{93
zmefnVRw-+?@R;QxVc&P{CmyzS$5}8Wa#3jO^X=?OKIA^`_od1HbDn2mAHM4PSs>S0
zUie(EPb*Pjx(<Q?jwFcj&Z8jI2eM0Sly7bxr=+cWK0C{OOSL+K_<z$4+BTxY*}cJL
z#&VZhf1V}S?>1U{L}O*APb3Zzvt!<qE8$~OMu%?iiBH-~AVb^DdzJKBO?cSdognzQ
zX3teE5CKu@Zwv<?8proQQrhRMT%|R@Zey$S(lMQ*@4+L|6HrPv)fDk{TfSU=eE9?)
ziulUl55|oGM%CF(Jb}Qw$>;hpTWd(y))L)|Jmr^qCZ@OYn>#$+7t+!n4y@xE()f+N
zDsO2Ff3>5CH5}^<!dyh({*f}^%UNF)+YY={L#3Qk6Nfme0U00t*(o)5JH_pI;qW6d
z$FaBW%gQJqg=&xZyQdB)5)j3CxQ?7AosX{nJwI!lb)YXlydA^lbW;nhmpZbX{jm~p
zpgR)TAmWl2G!y&|<J>ymAYC9@$iDCA`l}W7;mm@#d;3nX#LfdB3pz+AoPH<S-;K8u
zn~Bo5Zj{YE2TL1Fk3b}IupcEru5&+<av@dFXYG+JNKG@`a%}F58m{+><6uF3brf`x
zLT(L$v${Lz-g9m7;=}yQDL4S_aeaFw`RT$t^#ta5w>(E5bOF_4B315shpbHD-M1s-
zWWg!<*Y|xh(<<@Yc7m!;)E(3r6}Wl(B-y~(*-ltK#d#PBUuM=v_Q{@<`4Vq^D~d(K
z&eTi$QQuba%Do6GkABjm>fGCTSiYIp@{;UVeSOGlhv^37N>5Y;__6>}9V)3Wk9xP~
zQ{9yX4+Q;Y4bsJg#HNb|_s{w@#c!qzeNzmF<A6wEMt92|QofTHn2xDk9!j`Nbb>kG
z(z|T&uGtNyCd=j696v1x%6RIq>EUS}vm1C2V1;mspT4Z0Tfz3bRhPzvOqd5+acM$(
zuR|~1V4}ye0$I<aSNLAV=yU_eY9-|yN=@%(*nZ?0&ebx5gK)y0N)2sn1JAEioP<FZ
zw*><6ng|Zoxn>pTD<uEgjn5Q*<rt{v1y$|KTi?8JRp?wVve<iwVlaKmwIL$z69MNl
zrt4}cVKnaE2r5pL<NB^#XwP1T-1NKxeP$`*1=dTNdDe^1KFT$hvve-3n2nFCLZE}f
zb+4$n(Jyll7%-PxI?~jhBk$#3aVJ1nr_#OvXZ`x_H%f(Hs5g~yQ#t3Bfjn|U@g7s`
zH<bHpM&7*K$$#QrxmZz<qhAN8Ou_Rg3qGp-#B`ZNuuN(2z|a*%?#ZiAa}@0KQd8`4
zo93@YO)#MPaleUg<OPduQl>E8gIHyQ?RI|_AldKc-g7Y~UP9Q;?5FE5QS17*Ws^MF
zLkfaM!n~HAkEdv-BqfsJ?R~sttnPU%+0O(a#5c%tTTg`jJ4V5F2)U5FcZWi;x<c{}
z@K+GZUqM{j8PEQza>nD@@I5aIp(f8fPUm$#8;7gl7hP6{Gm<K&W%rS$3k}ttu}`d0
zeiC*3D-#0W%q%-QhPjkNQnw@RDN*Omk@g#mfq3+2y5T>G$Em*S07AzrBH#`yF}Nr?
zNF`rRyYVD5?dCmA`|Y^rNp5;ffYz|a5Qn~@p3#(3j70#zM;ve5ds=dqvZ7)0KoQ3a
zj6csN&ST7e)Xe0n3dlB7Spr^crL*l!?}I;Ye(T`J43)h=8p6b%K8d4xl1~x(;9(TR
z<;?T0%&wmC^9^wH$2NvLh63Pcd8Pes2YwIPG)t7f{$97fTt0FSLNhVkqX8GF<v?)Z
zP*@;j^?OQ3?@d?=-Eg*;?Er^djcfcKSPV7_*S!vTk;zf1FIL)WI-96P5oGqT!!5ar
z{MCp>xPgq40p@0)Y~*K+H3fRy&mQ>fW%$;y!v@gohUir&w0w0EZ@AAE<F_wrtR9S4
z&L9USnH14F_bvETd1o~gp{hSMY98O*rZ5DO!Y5$~jtCv1jhml+kfk6{@~q(3SLAda
zhF?HyKl6BOe$#{esV_ZGAScIi^Am7)z3bX}nA9rO1a-Frtykf8&^{f0uW|gDe8c&G
z1#jaK$ZKTBn&unImn^dw#2s$SdhC$7Uw%lzXrj$J$PXYso}5_9CT`TdCXZ(Ku3GEd
zswd+(peOVN;ke4r;&J=kKx`;yUrH<!io|UqMq<m5s5AnsZgiqyGMbk>N}V_y<H^vq
zd%9`KV{1hO&uT=M?N$3MHw#7hy&nF!E#6rr<`b7nE>mOFy2}A!nwK`;8mlkyHJdL7
zcAm>E_beYZ@+TPNV`A1GFzHq8@+8bIiEzlkh{usIH$7Jpz7eo%u+#}oYMk^g$9<~r
zB9a;Tc#p@+G$$Un0qXm2D8HW1+8^cC6}8RtE!UBdr)AZ~BxCk8+}1q|T}$^W_IDWY
zR5Q8C?4ILnro}kxZM$8HLjJFozlQB=0?UK+^>luf`MIKZ($C*p%1shH`iT0bmKX)|
zovSkV8HKGGE1y+ul_U4q6$?K3wCt&nBR+YWHEOaAMemV)%ZYc?q%YI@#KD7YUCo#4
zp?_WY?Ky70TaImKbNWNi${~Kl)W6XKJ&AeOjuAaIW^{+g&h8T)lkkKosa_(vj?^4$
z;e6$s&%rrysqXULI$8;V1b0m-&|X>zcC`>cVtH@40t~{qJ+=?}ZI?aSsSo9Am1S-1
z1i<5;t_5ZVwO%HWP9j!{6|wg|irnXxsy_g^4DJgx1AWw;1>Xy5<YV)+D8_+%{HquN
zK;RBk7A%K0;nws+WhGk*&6R}9)p+XjP+&`SIbs&Q++!OX(A|EQe4q^U@F~24;O}{m
zebqCD(FLN;k@qrUCuU7MV_Y~eUkiK}pVUGHEILywZh!lXj#YkLaYJ_lt4I;(Y)rSq
zI-ls6W@zijhZY7`;k=h4PZFkDN;SYD+tYj8i;Vh$!0*%1*e~rxMs(HyI|DdB;QFn9
ze>W+IyRs9;4nrIvTqoV5R~F*(qr+NC-rQG%p&zfZ<NK&Tw3G4DSK>LDS5M0#!thHo
z5c<y~TrNw)v{cgQE_{1sH@NutgEkpE!u^fI$IK&YGHeITmWCD5SLUVGDP(Le%Q6Q2
ztiAE+^>CF8XzzgdI-Xex2lq@2@5HHF7)9?Ry1rVYtqh!(nekAR*El`#omg2%Q}PkH
z5ecPP2pyjnNlzEvWqer07hy5i5feY#u)1YQ?w>O+KjklmrJsjFT5HY%ULt_vF&g*e
zyu%34?(|3k-fcDw(1kh<(;jERVJD9Xez)+a9C<8dGV0y&k<<NnCm+$%CIj!07atXp
z*w5WT6CS6yH;tLJuaXdO^3ds^zRLfOS#>hHVma#ThHhAXumTC!(`eG5eum-iw&s&r
zN_KSkGlqyk(X4zFD!`;q;(0f6{o!spMj=`!?&=9!{XCIiXUIF6AL#NyeNi-NlZf*q
zNaTzelzQp~$9^c6&;U{ZH9*S0d##6@YlZW;PX_LRD6+ShzeBL6ewOcr#XTxwY(WBf
zvT)06r&FRBo)oEc{dZei@mSSk8K?c>)dK0w^Q5a*V15#B23apY;5|{7PE7bcE;!%$
zxdJncyi9$s)nY=D$RWA6KkpsNyQdaFqvN_IV(UE^b1?;!5}}=)josJo9zWs9F1ivU
z5&x>@x#eY<62cR*xz)(d9m18)HFpo5yS?~#y|J?$O7{*tBN$AfMrUsKfsTeVbVjQt
z@~O7FpyYac?+wMd@t($1A;V+l!qiml5ex*ra^OM&k?NDHAUverMRILhexHB*ZiE&q
zC)7;Xs`FBS>e6*;v<AzEUrcsGx5xSNTw{I+@}k1xJC&+;MNTdA4bAWoBsl$*2kdDU
zT(iwCoD|JdQPkBEH)qZD8?=VYh8d5g+N|*^=;zp-uxl|V5rwS6@3lqF(*VkL$&Vn5
z2EqyFK*GHlS(kdA@~&F4HtAee^9!f8utUC0^n@4L`&IRCT~`rBR6ng~$pqS#2CP@I
z9n~UMgD3Z0Ml1vOmHSA?5MJPy`2cHM_0)SkkdJoY1=x(T93Pi;smGHS@h$OdGVi}D
z9>xw{+^~s!TnF$Q`|0o$Kuu2eB<*<F-=(7D{zQNJIo}jPaVP~{|Au}E$Gf4*@+#i;
zotHx#;^T`?iy2;0IZE`FUE83_d5BroxR0FJp3(|fzAxuQ5YfW98NW5M|5xkuF0R_%
z&&}RFbOOJ=xEgmyNA1pHaiuDKAf=b*`^kOjdUs^<DYxSg+q0pnrZ9SsVxL3oMR3O9
zt0ua0@3P6D@tMrSjAFGJ3Ps&lQkIUOX_XAV7vrHvgsFV$z7%*`2=Nq$6p;AQq;#Gq
zN7bC_N{I+@9JTJ-Pu$8p;(hb-t|kU8%QyZb=`ua3ueOZ+Ia|gpKO_%J&X$K|)8toV
z8kq6b8N}G4sip`T4(dSwZ1!yn3dw$e*^dwEnMV~Ki5#v({T$6aoxcW5w6DC8*YRF7
zu5Ac1QQ4?@!s*_S*1TEvIMBVEN_PJY#v2^LrsL5vBcgKUIGq&+>ggWom+a+w9Q=-b
z`^gsc<IGQtmfZ((=iaOS=;TZEcqOx^&|>D0JTf}R$h$^BA#a&=#qVJJ-G`AqU}4z1
zQSmPP8#jyN{eV)Yu#R~88IZ3z4keGXf?RuopCYK1@U3afKG!qYpB_GBj7)flvd(??
zb`(jWZ1Cx-yXL2eQ*g(RY3ih@q<<S;L?dx5kDPb6Vn-W2)8S&~JmnWnFfX0HH;8zt
z-_nN1sAJ2zpRDs@rS%KJnm6!!y3Rg*Q`R0%3&q0)t?H%eprhxqnl|>idW&aXw7O;z
z-x(h8z{M~T(;y2eo=wtF#GJ72XgH1nmFyITFYoXz!4f>6LT_2ixlf^=w`$L{Ct-kO
z)FYn*cQ?!IeeYWfTo`)5ZY*=>NAmuZE&c9O?C#a|0?q!|2{}B;&S%dzjnh`XGXObz
zmCItUgvkv&Y9d$Rh7S^;6UvjOo=!RkbYM=1KfsK2=O*w+(1I-Gr(cr)ZqFvpmK!P5
zdRI=r9NbrDn|5ukyGsx8bRg|rSbJdsG0dm&rRy9{V*R{@(mzt^j`<Ws=XN+`Q5(=v
zX{w87ue4M=%CkizJ}}Tlm)vbf9+Se6mySFv<Z;FA<FFg_<Yt^+$`qPD{xnY4$*4Z2
zr($$wkNH=@iD!K#=wu?*ehlm?I9W+RmCf=@>QbU`du?b|$5*U0C(;5hjgq6JM>#m;
z%b9T0dr8tEuOhzp=W<~;2Y}ttyh~HjhVAYg=>`mglob3<e0Zj>=%ZvQS=IqLM-P7^
z<#gpqqv-36&3ut*Z(dFBK}*F}2Eae(oY)24zFcazik#ueqdl4#JTC*q-Khy?fC($y
zh`U`*&FW7zyg#XOzZP|k@`qfV1!sw_Uv~v7*B3umy4HL3v(@qb9gx2px&e(IOCxgX
z7;#sP=Hr*Y`H0YU1HS;M#>;zCTMBL?Mafwb%DxbbhqjeiF4n!CS>AI#M-$hJ)0K}g
z3s}>}ne_3+hFtS|>5fx!THJ;%FbEF4S1EJq(X5pBsn*@ejrYBK21<yV4n!ciw-*G$
zuG+x*L+T+th@=hq=>-GFD>SHHknaOA9yXEC`G#x5k$d=**<)0XrQM^t_Z$Q8<BEQj
zv?O8k8>G^G0}u~LN?bTQFALZ=>>t+yE%&9E+c|H^ezX#CZwKSclPvGb6bf7gjzki5
z5w|gBUlXP$Lx?Ql34|DF1waK=^Vtgevm{?rj^#Dkm$RvAsD^IsZjIpr>#mh)OYY2m
z4PK909`}qR+;<=*Bj2)sZ2SuNFuQ0|JzFr)?)>vGPK9tP)H=6h_viki|84<iw^L7?
zer{6fb)xn7|7@HLuovAW^imU=n0tK%ofHBzns(%HB`6<q8F1&b0&p-XLm#CJ%B^^E
z5(5K?@jHcxN?pl$`e1KY!A6T{y*$2$z(QT{JrwgY?&B}x6@>K_Q{1`v5O*#uW6V}A
zno!Rz_Bbcn+>tTWf-in$8mh>q?btVt`XolC2AvYy9kUc}OSpEt+2;L|1bi($^|<6+
zzZGoNBe8*^UJ_x_VDDZcYt%T-6g-A#vg<rESssT)vIed_ibJz;kIy4_Cnp?1AH9g<
zq;)?Ldlb)kng2XST;(LiPk8UGbFB&nV*~!IFARJbVQ~giom}CGt10MjhJNZgn~3b;
z?e(}3Q0{w{FUx%i<r*d0Q=1PY%qMv*w>><xt>+%s^W@{0%u$Xj0o>}mKMTG5chk6u
zbz`2`yOkjsZKu*zn_>Dic0oVT309nNafzcd@7@Gf(dEffp6uAKRd%rRc5kf)Mzr>&
zlE=}LSBCOD*h%IDuwyG<Me+Gu)97WY49g3up7I!O#WB@Ot25%wFC`0Z;DRK)M0e9*
zX~ZH)>AUPPznR6~5cki+-LCmy%&ftL5L<XY7J_!G&*7l$0o;c{<0GmS*V6K>5$3PH
zRKD`Eag&*y2L=xyXL5b)^Bop8S#W!|Nk074B=DoSd-NRE^BC}#E#RI8nMF$?y6-8p
zMV~B0d~s^DpXHlg>~8BjhmCdH_0gNSed}tigVXgt$L2rII2Mh?bR}M-0R*&;eA5Tt
z>m+TnPyXMmJ%*LObAx0hu~&{7NFm^=+6K}**3or$2^~@}QoXG#pi)7vD$pGKJ?_W<
z%j-8c47Xn>g$bW&x*d1nQU1QuS}JA~H&H+PD7_Nd--dv}gS(R|rxWFRn~Bb6w5$aB
zI00yTx!w-IN8RoSsueFlfp%>^33=Jb;b8GSy9gy4cf1D5Cqo#xo!QQ*$LsUXEPP%Y
zKB`Q}UT5f37Vw}I%X#VBoDdv9zarJScIq@#`jHai@hXRRBX}dGzhd1vQH^ci3`Q=H
zVZO=AZ~1RIP=CcUhI76HyoZih==)G*=<;;3JJ~2dX*06L^fJ%^kfP#C3XbW!;5|B2
z;Op1QZhYo}c;|C0#Q`KgL{00pj{|-OtzXwT^>vPn5d~lPvk73nvnawl3VqJ%sk|hZ
z0Y+o1tKDg<q9nJ28rW*R8g)T|u6+&uZjmdve0NV@;uCQ8rJ@AJ=6<|b{NPHDi*n}G
z`CX^u|KTSr7j^D55?KIM<}%YiT}iBfHKVe}cr&re2r$rlFKXdMz=M<5?My<$DEEox
z8930=nr;G!1?WPU+oHrTcpRNy9!pBEC$vJZtUYd(Epicb<H08!ye4h-s4Ui=srV)q
z$5E@*MC{dIs(PG;*F&`SI7-9k0gcK$m<RbF07tPzaMX@a`SB)nvVKu=76+oR!1PR;
zC-MvBl*bXk0jqOn6YVHHU8G_+`|C`Q@~^Jn*aH-7;Hgr}Z+;x>ar<cdK1n&Zjt_XB
zuhsYHoJ%V)n3iLFVWD`q&O$);eihYj-Y1axO1k)kgWrtFn~tqpe_J29G(5RJK(YZx
z0RTIt@4DJcAQ2J5mytWsnEVM_;i0{Zz2S~DoR(Sd%bWZT#bY~D;w0Bcr!Q!~51NOi
zuuh*<@b6UqyOrJA@ie>Kdtu4__9g3=H7FmeW+W@H=x^$gSD(SFeQsPGY~y23$5+j9
zz-)<!MpQ>*M2udn2vn83QyitI^Ht}`DjGu#eW_b6#yNH$pOm>*{7GW^N|H7>cc>+8
zTu}z${YuOx*ji7BZptBL(9d@^rhMamHF_|aOzN@#M)$E^A$?hJ^U%XUwWVnEu1w0+
zJ5nq3h12J|hZcY;d;2`$5M60)YMm!IXhJ&6M0^k2V!4sQ=>TM6*!RRsz!1^yI-et(
zbft{Po^8uZOV~YRtBAK#o~oh&pC)3b8`OBWXf=1*cbbRLNI~|qb`mYeu;IV`NslrH
zsvQixBclj*4{hStm;KpG5Fa1!M=fXZ-N>agY`pUb(aY^d<;0h~Y6j=XchK=*c^*ZN
z?cz%GwA;W>8>~kDJlFQ$&F`0D&RcyxU;ms<+;`h@^!UA>5hEpSTfoXH_(V^MBm~Z>
zkaEA@oD|vF(-I=I$Q6ivj=PG+<MRj6<L0iCxGz2uSvG~3coZ&%&vbY10XzZ0LTA?&
zyL@nvL<hcN9Rar|{F;sdX+gl<yxzCZ5|zGJeIol}wz0ot?#|Y!iSM6l&tZAku5cGl
zr#Zg7T_HSEM6fq+dt{!gK?!f^)62Axv{!)-j6L;nQFrN(POGpR9iT^7-&1hU`lj37
zCoawo4ED7-c0MDRR4vGbBB*iD1;3zpR0GB_+Y!yYzcN#5lBiICuhP74@I7FcUmD5Y
zh)^k)Kld+_zi;b$pu)BJ4Qb1-(Dnd?$r#45Reza=83>x`mW;kP$2717a_R!v;*(<&
ze7fA@a#u@A3c-6fMcI^6Sa|wamHwO!@4wsS$G;E?-D7$`i%7t8mOsnu%^v4v%?L!i
zb4-1f=FxOQ!pp?RDrJw{$Cho;W9cp84BMOsB(SICGii-^YJmWcenqEcrM1!VJ_JTh
zc~5ioK??guy*%YWB|!nb`_&gy&r(Z$jlp>@M73{isykn$A-2bi5#;fJexx18TUjp;
z+_}!41E&e>D_PteQ#lkCx8mJEZr;8#*vjR@+RNs0<Z&CdG{H8@$Ht2{&dLIn$~Uv&
z2)iQRl&}M{LiYxImw_iUvMP2}m}KV0WK{vek&882Qax?KkRna|RGEFwv7kXRz{EM`
zZdbGeuJ_9)kUeql5dQ5epT{At9NQxkZPy86wZ-WrO}Tq@Jn3U*Tj{KB6z?q%)6mnI
zwFhzhepWR`H=OrT8Ig4(hVXBo?Nh7wy<adlaJviiJ3xO5B2J|B177mhNSjDdJ%#ba
z$MjwabZPT7MvG-e`3$_6P0RD!88~@x@vzhwMFBk#0YH0B*ZB4AsB;@{YSsPRzpn}7
zLBCol=fNZJ*%*GDCB4dOQ5Z5-k6kFa8B1`Bpg-RrN5{lVknuTe`Fk*rDAuf{loZpp
zXBr&o7WZ#LZ{mwSJ+006VsXx849XRPBk384<+ssEUC)S4@Zz;Tm&zQugYtmh!|u8~
zVt`e_L#d8A2+=MlK&o6Z*K<KdOD{(hdnpPW9F|oVI?4&lFAF|c8`raa#zY@kvbmIc
z;PcjZ=f_Xll4>trno;11n<UfL52UsJ4AK1fO0(3xf?22QrEnMXJax{1HC=E<=QDG4
zeb?vz2z!?tS$AGJw0}qO<BWh3-?zsn47lm0;rUO)&{u$4d9a#mqjpuML<J)xG8h|$
z8oXwYhCdd#JIF@f+2>+{^j<{Hho1C)kL{cUGs2he-uWK>o#KDD<R6nW-#f$xM<4y0
z@-;DF^jR0dy1p#+P^oteDIfEz69Xzrx5no_HgoGms`PRYb1b~|lE`(6n)qh2ph6*k
z4XtV<n?{TA74QKi=Y0qAD!{Gba}Q#s&M6uOV9n2clR6PgtJB59eXf1a-^<^i`EP#o
z*2`AydEGk4??q?5p>j2%;6{!u4kjtm(M4%`DUSO{Dy!~ewB_v-S0Qfi5W_cL$5u9+
zKkW*^Ts!WgbSId3f>bkbJc+8B!3ve>qMQ@!cOJpuu6tNN-(Wt+Cxg87^vmNrUlE*d
zTpF&xd3qJ-(tS$O&Ue>aB9G<1bR&yrxA&`=Dlh(LkP6^xg0rw7HPL}&rJydKAW=ef
zAwD`h8+-!g27Uup@D}rV|3p5S%y@^u$zFaqgJEh?@ILGmPJI^4OUWwg7l8QwENt`N
zP5fXDyFC~(G%GA%6QXy>5T0TtY(1t`yI@OBr?w6b6EEgF(9JWMbMq;Qn`Bb4#$2})
zm#xmwAo}UBxh>c(b9me6F{t6XUqed*M9b6ttr6Q1<q0c-F%pr)e7s>9{RGod&?a?2
z8pV)kgKq?c8@R;26MWDS;e0jMPe18dLldvKn(@+yj-RnJ=UN>-PrXI$AQ<I0;vcBi
z07Q<?)SeUqQVMS3+8$qe{NHa&19LjK`8`f;VfR?4v|Ye3x^nsgv>sAyeRLe@DjoUE
zgX^F+G4I6#dMYZ*WPlDwnmt}jr(IIhV(AQUCdpSfN1R_d$>S2E0zLdsEq~zHQ{9YE
z%o#8H$DC0#LVlp#B&gN+Et#GXPzh`rJkTHOJ<X0|uE&fxO2d3CnnCfa4bYOZeUxtl
zio5U|0MdSc@=^cY_TOqZGW7=M3#F^9j|Df*qr);6+*=j^-cc?KCVY~$WwL-dbRXbB
zw~c2Z8KX>B#N0XeCCzzK<z?WL_~>MjG(%lFJ&y=&v&nH~zWueKOfW1F$L9<Cmfr$>
zZr)ws?w($K1fyr=+`dC?=M(J#RSv{Q)`Kus1im3{d|o2EK796(*h9y_>bsoK6sV|2
z?mth*WB$G^%B&jDm15Fy3Qe&6{GYZc&@R8EL(7kHz>&S1_IR4`^ts;^x}HG^@=%l)
zo<0#cWk?{NCkgi8TaLsRj9hR_2+~)@K1U9BzB(T~w7Tq2U6%5rcueYEIpR;UsWVM>
z*eRIz|NXNL2@9Trt#5jN>#c%&7(#jRb`N9E6~4uIa1zHAjzxE`T<?I>U#9iBe4O}%
zUcbvd05e1^J2JF~)}^^eNA@U9=e7DBsK1Q@cx&u{2lD5<MBs*Vj(tAg_HynwOz0Zy
zWvl&~a7^<hM~5LimB%w41}o+}Gf&L=!M~0|>S{<7wTz&<h`e_L_=*Nxg2d8e!A>_Z
zUl!hQdztid91@vFzy(mh*XPUyj18u0{Zjru^g*8C0PdJu_cpp_JAYL+R%9W%4s%j5
zVykiOo}&v#L|8wNJpi1?I%JVf%Q$SE>O{VYurb7qWY-@BIVpJg_8d}zy=feu=XduM
z9=$!5(vWeF$A!3<$#Y<rkQ%-7B^yNG@#O;ac4P5D)l?3J$alg|?-frA`ntslGW{g0
zKIm<HK~{cf10+4P=2ATk5$`kn6I1=hXuxXNk!@^(3)%e@)-2x;8bPD3;H!%mOEcmR
zzbahQ9KyXe(%XUJ?XQ9wi?|d*J$=}#5K^=HsQMLq5GM`#J5+y4C^>rfxSo)C8Cs4)
zY(_gb@05G)-_S`>$~xMu2It7(VYrW5v!qF$(9`&K!NBw$i_+8vN4V~o^JE|e`*E?D
zJr?K6Z4s6OpTozDpDOD>nX^VG#6v^uKAJp+;&l3+_II>m>nx-T&Z)1o-Eq#PIKkL^
zicLvj*z9aFbv!2DMzBz}-Y0?T<;*yr^>tf6ZVU(^7b6Y}T4KA$EdtnmEbxAX0kLL%
z6LsGi5vdd3y2Q1{MzbhlNZ00t)hDOvC^NDo<_Q*;go}$F`8QwM`boI!C|R!fjp5Jo
z^TZAN#L3oxphK0E8Yk+d3|od)|46Cgp;3m_hWiq%<^J;lRI*w}3)#2ZF<9R3bKQEZ
zfaLgt#38~cE1#EI`2cUmURBj&J)m^ytsCNQ69&TxV<LLlq@u8_?Vdq{gi1Sl)5-BS
zPyKC1z#=x)?!7tpaM3x2Zc+X?^`1C{xRFm4G`biFDc_Wr{G3Sfta6im))J&GpX1%3
zegrszd4uQrYAp1T)5a59v~OopkCq>scPbHx39mzTh90&Qg9`;2G@zd4oSX$)Kosup
z>wX^$vqc&vGPyG&{p;f$0OeaWm;ioS6|<J=P!g(k;Owql%JY@sz)8GMtw}lfXED>a
zWBkHWY3HOMXDQQ0W!n=zlYx7&PSL5y3>s#j&Y=-k)Ma)p$bH}Z1(k}<vCq5E2EDFa
zc|vHeUub+tyf6-O9@tCmaO&Vq0a)T*j0kkcyBON*oB|uB=f=HywqnuGsnO(f@}IR$
zXRBWnMFN&Gph&Grx8A952-0%q>P|e$-*~=RjwzOm`Z;%?`q6E(n)V3m>kn&qnQy9J
zOH|_$X(3olrC30pK2|^9p8U6c0bt8zGDD`P90%8wLu`6$kv>S1usM-0lQtLAHzvXE
zcLe~fcFn<V-jJ7C=d*RPBus~a=z8c@@=b%}GPCiiz9%M5d3^meXuW+D)plA>zs)4S
zVA@(;?Y2r{%=fB`R-Q=G^OVXA=ETGG&Ue<XH%`t{zVvU(^=OI;x=061&J)Z7C+{*O
zz<4)RR7h9ip$2#~X!T6orv_D^oIwwCQYft7^A)6$$yx7uhhmPIJi*gYpP%ewFsm2O
zXcUWn9`X$S&cU5blgf+A7mmYM%PG-FdzR*!SK_rBgA-A5_)cHyTYfW!Lxt_~4aOo*
zO}M?ow4HYxKq;jjL5dRjXTUD{*D559o9)$v9FC(iLubD7TSmG27>8NDeSyH74F*!^
z;*A`1b1qOh*L-8!4{2m1T$Z!=G*8XrDtPBmg_&0D`T36TzYP!WbX~i<=`VMkW8Lr$
zFkqgi^aUMwu(EG6Ottt+g83xZc}Ip%Ki++%#Gz3Y=Lvt~14B2DD&2$xR2}V+v}GQE
zu%OPz`D#Ww!4UX*_cunD;dGsGWRG~Lct{6A<;f6*A~&joPZQ2(4wT3vhOx$1!BG?*
zoMBtQmiEg#l_8nuCa>^(^)Xz*E#+h_@-;If<dsfzP9#!Att%T1<`EDLgYZJlav^FD
z$ePEZ5-&{YmqA^u>S@vHTftCHZ#m_w^`t?zI{4SQ1)ATC$qGV?zmL9Og<G&*bhx(l
zc-b~%+I;i0_B;?5u+-&B_lwc4z%~V<3Q(mab*_FBAOHD;YG*9jyQ?qRdAg5R-+sio
zywG(#=AJQiuJIA^`#H^Vs<RVGJXMV#r;CJc@M#N{JDY%^Vh{_<x8M*+bKUcI7<2e%
zO_cw(NN~t&ArWVX5&dvh+Sr+vit0Mxa#O#|skBBslP0bz0JRGFwLpHJN{8O+&;#lk
zqZ??!j}DIm!U@c-;%^MrH!Oj1$eAy*K>AbYehJ+j;#OQy|4Qg~dj&;Rqy1^0Sp%;Q
zAM5ITQZzrCprf-vs2<s$oyN^}I~89)kPyT%%qO7<;WSWjzGZ813dyD_kXi1qebR_F
zp4MRYdU*$39Rbw)G8CVz1(=&hLW=w|cg2K=-Zr>+uFCsr2E_KYq?+e<30~!+L+NXF
zChDD<TZG4uEDkRDp~<V~aGcMB=Sb_elk?|Be`llKGCcr0fO#8k$-V>?7^+K0TOF?$
zoBg|xPmnGpIEe4Vr*B9F7;r>`ZnF$Rrkx|nq!Q!sjY*s`DokP&3!hBgny?o3#|bVU
ziW}?!GBO|u+Fuo%uCnCTF`N6}1np1JbzL4A?W0T%PZNIA@fi+v&fXDYD(AIt+8E@H
z735gYWvZ`q0#Eu-kC#|^^pX$Fcz*Lc!M~!9<pxtUGE6#}>5^ZmDU`jOj5nDtyzuad
z!j-d{#N{HXyr<pq?9#9cfuLG_?Q0QwB{1H~;i8UL=T|DvN*s_NAQTq%)}1k858S@k
z?Y$7Vy&8h=lZL3Ac)XqNhIMD#Jb~%;qSgNF%;5MpD#rIf9-^8X#k$;jUDwO~t-!8W
zDm0=$vIXB{IEGZci?^i1qHoPTFX=e9CD_K9iPpl;pI8-K0iVc8hBY0<AzT|pvNbI<
zyuqZi_Zu<d9ywjha~AbJ666<g0sd_-Jqo^w3}?fRE$b*03O`_|+B<3QIE(c76N=~b
z+rV<YH+o#KTsWG)S*jWGrSUd5G{S*JQExBTM5t!kOW@tXOZxj->$eSq-Xp|<7({VP
zEsw*ciK%5{<;aV5^*9(}T`}b@SZIbMi3u+xY`YWM54j$PPyi-=EUaT<Lg<ASEPPI5
zDqT;>wVj)Qo5Flb=zyuQG%)0Wk)UQ)O}pV1o8~oR-^8?+tww!k7trq3_PM$z4KOI(
zNtUAgGmDxt-(`Cqd^r~fiJ=;A`zI5gc8%<0=&*^)2M_TPDvXqT%!p4BS>L7vd-PO;
zz3w$`7TO~nG|eNR)Bf`1JtVscv$)uaV4Fy{mnYdT1=(fUQo%zfu9_VxyDcq9#;Q#G
zSmR(AmR^MK1@17xXW{iV(Sr{nhY81x0VmIUhE~ZoE%+>vGR!>~w*NG4;C%X!iR9`=
z^n_iz94y{}7|O*RQgy`rN)IqgDC%dz0UA$a7IuOHEw|`a7FEiPD55(LnMLE)5hK~t
zjQzE!o8I{8i|)UT8zfDj(e=ChOmfTAL#&k4_?1s60jbyum5}98K8cL+NrJkCac#oE
zw-@Llq7a;bJAza9F}bf6<6?>lWhy-NqNQ=xro7+ouu+8cQ~U7^&27Vz^dicGIv5;p
z(`<)+XJY6en8O@?8ArY;Thg)4Ds=A+KgaY5lidmO<_30oU@OP7uY?@Q+zvxz2Hs3)
zhom|Ned2rX{zjkA5wZ1kp{wsFhIzj}wEf(xt|LGFHY0TWX%8k=Gid1Cy)bRcwp15(
zlzlewMQkmM`DN3cZ+baz7OR@1&I4eVbIVbB3$U-wW{$qy$2|g)&EL2Pw0BfB^3%|d
z(Hl>m>u0|SQlm%l-%kmS5J@+Dc{#tbwR`KGgG*`wumpwq^uK9K>ooLNz_0{cnYTn(
zWa3IR1Ra%^Y~#`0p!1bFo>dg>cbG9xUUE2gX~TbCdHuF}kbq+dv1sNGZVWF`PbGt8
z!?}#j?;nx$B-gnVn@jhru$)KP=;aN$dCeN)K0w<iRw$r5zJ3cmG8_PQ3(@VY0P0KE
zJn$IvnZ4I=)AEsk@I%GzL`SZM-utH;iSJwvoe;2=hrxu70eZQQx?ls+SFC!O>A`v&
z`^<$7F&;h$OpfPlfiB>=n`#d#6_H*ljxfc)o<nDGbC=0`P<iqu%`(;@f^$K8lK9bH
z8}9bdTGz41ZgAcirX=xm*O2ICiLJG|8M5$B^ggT|koz!+twBY$q?7vAX8>RV^f}tM
z>HP{D9Bi`Sg~a(@%+;8$)DshmJ5d-yHxqps`S24Mt}o?Zi`9SPF4zTh!eYAzzBd<T
zyL$7T8ox+8evrTe^hq&dXU`K7dzbK=vZlo6;+2aXVIy3o`whIUr^mpYVY4&Gutn(m
zP0Mug*8r3Yzs(^Mi$^KN{qX@tJRrq_Nfj3^+TN5A<uS1{NP*_&q{e^Em@a&qLa_~k
z>-}e9+CKACRrD#e!^?m+K1=v=2NxFY7(o>()S9qC2z>RNnbWa+PVh;Vhk%nWNGRgE
z&y^034vD+y=^MMc8N@2)>2=}}jT>k9b0=0V4G5t;y>=1<SpZHh^wPXMyv6>xVR^Ih
zl-x_1SN-YTjO!v}_7b|G3fTF^Rf&zp^qF;-Y;cIN@8z_*;v_A2xO!P{-4kR_V`FvZ
zm7;z!XFowWcikAK`>ClQkyA;2&K}{W6r8=B_C1eEWA92ND4V-S^gYy|*|Y~SM3J_K
zh<8Xy&q?w4NXGqV_{ODf2?j*mYftlXHBBAk4tJ12t7{sF-bFndPZZ{zz#Fm>^ODPx
zTwC@I>KMqr9~d}32h*5Qs&O{rh9|qzRt%}x@9_O8(+uM)&G4#ZLfFYE(6HkSjj)s=
zOGb7jc1GzbE6^8NbH0&*tdLx#Q?icmzHKh&Y`2zV$oSXjek^VxWpk}xjWl}e5CoZR
z=jGDJ-p~#l3FXhmu@|{T06>!`davJ|*;M2UI=Sz!XCF1B)!cwNQhAR@Q!Iaz1Sard
zYlO%*J^k^dEeMeBePuFh@YW?re;lb1w8r30*{xILStqB+3f@Vs8&a}3jl-#Q`XHf#
zvx0t;eh+-*qiJ=4#CDwzZSA8%m%Q3;*9==h+*n4->nBVH(V_M0;|)+U3U1t&mdf^U
z4Lr3uy!Q6$sj*~lQ35xJ0I9HmM^9MKO{yMlz&m~;%@<<+d7oQ-=5djg4Q%4C>ij@T
zUOjipOD4ZAYDH=@K4+Sg9eB>gX_*zdwD-bygv`IvLSHXFB5_sktcoSW_;uJkO)6(9
zq<#nRZv%?ZX(J`CDwcfsl)-wA_f>B?H!a-6?CC355PcEvV@faJLP<it>sq>kQY5r>
z=H<?);#=qQZX)rULI^&+FAVoY`dbVf>$g*ld-}cvf0n<I<S9>b<Cuqp*$yJafsL9g
zn!CA$gWyoQ?O_bxJ-1-A@`TwLy+mv98Fs>Lp4B)(qi-*3!{Di{W$KeJGDc8GTqu2D
zw-2Wrmv0zXUWK<v^mdbsk!;BAVA7;dpL@S2w+VV$drtWEUOCMLi=#ScyO1RX%`gPU
zE7RZC0I0ioJDbFX-3(V8O5Ro@^2*UHd}Q~DdvT-7cjnxY?<ozU_~IET&l1kL7u$N<
zsTjTyGAGuzrQqMvtu_KCPx-<vAn}J9c)q9edP}Int2TA?)IMdd&Bf>1(X`y};Yjn)
zk;I;x8Nkz<kmN|tQTKobJu%eWZ7tDsk|MD6X9)kctO(gb=-SV16t9oncn1S-^4E@Z
zA9umxz6fjrVaPG{4c&NuPJ)!K`@KbJiLnjPaRiVJVLHv#@YIVNfW38b3-a*WPH5xJ
z$IhS#Psx)>aXI-^?CDRxFr=<|ZX!HY0{a9|?P3dhd}CWV(Zsgst;QMBr&}WFyZ$Rh
z?&UsRC;AD)*`hX-G^U#Ir{^62P@V|V9cZK2UHqGq1y=Whl-wdEL}hR~V5VA%X_}Ww
zc7P`iYR;2d4{KcRgGUc&X6mrFx%Xm_RX#}8o{Bh=W%)F-;QSeKTb(?qhwD_kPxaTm
zgO(sbZjb0hJCZ(qEWL}jRL_1ik4=Lp>=rlnK@Gr)$G1hwcK>;Cc60Q6D>JvVwh3GM
zdxC$s@O_!GxG#S7G;Ev(AV*a6`S$!pjHv4X)uSVv`_!q>o__eka78bR?gi?BQGDq1
z&D83jLHyg~!tjXhGV1$75y!`$GzMgJWiOI$0zbj`DKd{XA+QujWH%o<bUxqfNP430
z!XRHdUr(>|y$R|M++9V#!7)d6h|aLcdD-cn!+2_{*1jtHvf=ZVM2+W(ahvuy#V;5y
z?Wa5Y&N*b|w_&<m&%wde<Z1+Z!4ui<Sa~<Kn8SQ^Jnp!D6A+mmyz{+$ib+O@klG8M
z2>Iq$Z8{Fe?Yn35FcT-uLD6#ks`0NMCn`%th{h&0zls|~n{KTZD20V86gd<1n1<IG
zdTjhYBJvf+!_$!9&@-SMr>Kkz3cZ%@$*z*a>$5AB^o_T%hp$t^i!f*E3BY^bF-6b3
z303uU%FC`xG2fMSl4JqMzstnO(z1_pcC&z($6h4MF8yqa`a!FuKiP54_!sxCSGI%L
z&%Qiy-w#E_e$TfVU*cOIg&PWHa>3w;)ZLY@1R_6U>-#f|f7@bU;N!kUHrw-7;Lzp*
z%(3tCllBlFjJ(=VN1wR=x<&Ae?$_#^B6$%>RJqaQ<2ZJU9HTS0n9>8Q(eN`~lQ;qS
z6?z^<wndZ%j5)R<Qp$?WTu&6*sp}(E+aoxEyb!%?#`P#IKFqv%hq^D3OQ*iWC3qBS
zR!QBy2K8!Ur3uIk0y1wE%DaXUT_SnNk^-uo@88pEv+4Pah3S|$1a~i-OA=59pREhP
zw;qP_w9VVUb00zfZd}P9v6@DZeJWO^a1-jxWf4732kcYP6nvMH&{yx!rJm2v>XGZJ
zu#2GG{y1a@rxs1>fbn^3<C=li*Cu%$%R*FRRBQFFD^Fl?j%316_<fl)WBy-Z&j0tH
z|NNg99RKyd{zv@JIoJN{|Nqbb{%_4S*6U`_nC<7Va0G}MRDg|f`lTjtT$#->n>-;C
zwIMQl1uM@?xV<x&jt8(dA!hdLR+53ULBTc;0ni`6KZENrtaFjm>Z1o2yX2<z6*%It
zaaZ}VR0+0rB|m1!eR(7Z8I1F0^tSZd4rC9W&D5--Co34O*8>RQ&VjP5Q=i>!V(_^z
zakM(Lz79hE4gftaELLxyVxM%Y_T`~6@;#!#26-qVpYom2nI)}+t$5&`k7kBAeTGAR
zb-Wk!0mg9=Kk;_!{Sv(WIp?CiuZ?S}cqat&bMXsUGDQ@aYjpftwLtfy8&(BP<@bim
zF?$+Gl*^)w!4XSi_b_5Ql_9;eD_(LAXFQU7+vM{FN~m57O|L5i*W)SuR7iXJAI{#T
z#C`1B-<ge>l!Kvr@;qv@tqgXS{pIVuLwserz~!4e>1<2#q?SLv5^&%$Y=71MVpG>e
zw~S`*%dNXtY#@&U#BPaQ_-3bI`_Y5Ew|DOhNbcxOJeTyIrnpi-!x+kgj}C-}7lm{C
zDdr~s>W)u0B#*aYN%Pnf%oy=SpfGhZHh5as?p3Vb$<H05?ZX~c%c(o6&~P5ynvC8P
zxLQ&*SGnWsc{qf7Vvlv`Y<E%VTV5U{?sTkjl$>uSkDsbU3w$Y=Bzza%p3gym^oO(9
z7wGf_P9mH~+Bt-AZ*UR$eH68sh|eP{m#^Cc^qYEuP7vqIP7W!*W?lTuECB!PO6{hE
zmx;9>9l|esEy+mMfZ*`LT2*K8Y8|lyne}qK>?6OkWyi&fC&@?b<~u5I?^}<veHCoz
zSZgZN+%uHQDLmTfFQwmBbPyRWL3ZxgD}~=xq5eILpp;gAS0J8ezLMOyXZMmJPNba6
zhFAG$iqSiEN<?VzAz#bauue~+poSb^7^*&--N4-g4rk&nuIQttTAr&BjO?)2%c+v?
zqp4bAa|B?Xpvwt@L?KG*Gmg_Cn}DBnW}Vxd>Aj@az<tb;x$QmyZdU=R4SbZv@B|_i
zsBK+~N|og3#N3r`VXp}CDx}pbX77VxHf|lfa5Y8+?xhPtvs2XG!ZIM<)EfgyP^TrO
zI`3)oemp}gA(dM1WMYcmWR1mfFXN88bZQhtZ#4|?J@P&z%Uk-l7Z04*QZJ!O!6AIC
zzzIV!Rss7u3O=$;c%N=mmYJ{Wb)og-Zdy$4fh!?_^e`!=88}M^?&t7#FK_uF_io+~
zF3^Noi+3Q*vM!>QLF)uPl`r?Yzymq`ZrGsmg&D1!Z|vXG|5xaGs*n{wp}PgZ>>E@n
z&Mn=(Pwb(_6@GB1am!8CQed=8Ch>_&;E<>LWivS+qdU`oy*r)r^+9K(%DTH{oZ)MS
z<B}viFpW`{4?%ARmynKD0nggGz+zvELeFWvB&3Ky2Ij^B5GS@Sr28?By*%cho0Ys{
z4PELP&Ct75KEGZae%{&EzXy)`$JR4l%v}O`$PPV3H9dHiaT`vg?-(ju)TAAxt*N*#
zQNL95J#7V%%9t^3MQX>+>Raa8$!&$+S~h(#hiq|8c2E!Ik|KwZE9Zk4WRtQpp+|Dl
z-Q~&?To~kUqW~^_Ro2>aZG6~!`zC$`Kvoki!jXh4edTf-5CoMcO9ZaUglk>{qDykW
zS=+4?=WXI60HG52ff9N6(Bo^NQxAHURKQ51Wo0?QYBoQMm`SONc9#|#hP;R9kqLSq
z_#5Gl;^)LuCXilAEFLGdELK1Jtl+)-m?!aICfL3H86^3UJQhl;j$V8a4&Qi`1K$^P
zI!yaw`mn;3PW|~MOn3R6h0K%K>4!?GYS2BZ-Vu^*C8xZz_bby#gXa5ilx{Q6?c4}C
z)r*fSvA=)ao<4`}G3MyQyN^YZe05c(_{10Om=SA`rWCM~9cu_b=Jw4ztwYzp_i~yU
zCby-AO(}2aubdf=T=UUe5;18d2ahI!AC{(jPmR=mZS&|?Z=2R_Gg`AfPm~vMg+CrV
z?YI7#cceP{#hFx{^aI+#BaG6td(O#y`n@IfMjdTa!iz1|DltXEuqP-%v=|;`kbB{T
zuAcM4R|GK@to6KjdrS{3xJ#>=@bF`9pRE-!Hqq>|mzVI}r#UFcu^^po-kC{=$GFwp
z<63z()A0hjA{L<uwG~Cx>sMf}U5fmhb+EIHlY@oQYxvVI_vh_7oqyk?&TTwIA|A<V
zNV-)4$$Hf=u6S7Oi{+p;RlC60FV6NG1EPjpYleU_j8dbrvtmzdXtt1qZfYy-OZ@(g
zjf0Ux%APteFZkg=!)r=x4tZwJ_j0Iq#Kv7(qg1I$*Y+Gs9Dva5!{<ECj0zlMC;9!g
z%H25+6PF4r4&O9W+H{aHxkezD25#m$!yS?~Gb6-68@mHk5tRaP{NCGyIQBP`C!0>h
zS5v))a?Umsu5R;rNkWc2ah{(uF2TXQSH6+vQPeOUM~unkY(_{lP<-bk1a1_&uz#;m
zk3hhMj4GwjbDAzw+^OQV1-Y7!pTuLo#qju(<s<UfS@W|hy&d4$P0(}(tI57pt~<O9
zX)l{vB#9g_{u?-=aPb81IqRMK-Ny>%`8*_1a_MeLv#NPX$IY=vxF^~)y9zhtNv*BI
zQD8ljd1ojy_el^viD5R65et3L%#ZkKKfr!JH04i7ih#?!Z!muR7ULj8WBOf;rz&S@
zJ}cwQtYi84bNSak4XQFtA9vF&Pa7>jz_=cCdW3Q(`w1*lz79=#gdWgQf+|<<9)i3n
zQu$po^D?rQH;=CGX|=TbnES;CX8q`~%fX(9116rdxAQBF{ATSJ(q|=ybE}vy=Qob{
zNmY+#9lC`wMeN^*OG!C;bQUGHd~-PT##i4$$S(n)#Z8#c+rPIg)AV8Yqj?&FD=1&F
zyTp;6froi?f8L(`e8)IXe%HT;Ax*kH9+ht?ybnQaKYa=?2zwvIKJNHPhx6HcHw(Fk
zV3girK3PWUYt8}U0zi+(oa?+?Xw0PaL?}w)m)6<vT>k3EPX$7kdnM9+3BYA7?make
zaU?T+(BeE@xEW$~LNE4d{_28~;$&<C=H+ax7wI%-fJjj7i+GKN3*LXdyN2KElKbiV
zxfk5gF$uedmc*R?;N_;y<#Ko@{hgYd5MR5)HdZZf)-}1D=90bEl!^}#PoFDp+jemW
zJobeYn&6o^S5^7$^|!=Ux^?86><&lZboN*^LU`DWA!E-<$yXfgavL5+qL*#z#<p%X
zUzfS=pFtD*L!x*IiNL1ErRUfj*dBLP%C}Gmeg(ZP$J_KiOnQ0pOiEYSttYkQ7JL_6
zMNF4Zn{JrHHL8c4x(-x(v8v>XgIp_i$g=!Q5XDeWBc0ooEMy`07K7dSRKq!NZRET^
zhB!rohZ*V=44t>pU+4O5mTdlNqf@&H>m=c6XHs-49(~ME>^`yD%2p<I?!5&qkryTH
zk$|Y<_>zWH+RD^pL7=Trj#iI>+%f?5gkza<9i1Nu;k1-FB!SWT^+-eOdLZMT$7r}N
z#^VxWt5!fva7VxCU5~{dd+Q;MgqL1cJ$E*)_ZIbe`MTbhO=E<wwtUD*<znOc?1cQY
zzotR?a~sVQM&kI?&zeUkk=h;G-8=Zb=5il91bd)S>buo7<Vh&_0Vls-l<G`v?>_-W
zb2I6?O8^RHyM7XVzTvd(kIPGp8eWA+xN+fvz~|Snnea}Za^l4oDD$<*X`nxp2#EWo
z3{Y}?V(szh^I)H1<?4&o^s$jkU*$?q#Rmaid{3oHDfe}sp0AG(<~}mr;e$Te-{)XX
z*||1f^8>sTycpLu`Ft#%?J$+w6QK-2Lq?|`eJNYcr`0)PZ`^a?s`qWgdnovWyP^TU
z;F;ebQK>@0uk?6!%dS-7jXU}_IfCW9tWx>aY%BFi-2O`kM0oC_#aa`0GC!x&`P$wJ
z%V4Z$9`SW|HIYEDI&kixH32@i(FRirLF?40`ZnF|`kVm#8%^ll94{d$m;<8&sXN0H
zEoS~r$$YHA1Zx2VkU|<xt8O9|%(Vo^9YoX|qazn?mx-v0J~eU52d^A=@Vjx9S<087
zbv&b9UY6D|I7Z+Teq*1`FSbih&NE8~jzLP&g%=7>CmVdD5PYzU{63zPqrIYg8d4c6
zgH9^XaAl~4dEEHw*78$imxJJY;6E~A30mKnEj?QHV2Dr!#&xc!6q2^f<*7k?VQobA
zf?m56Xs+{9nN<ujm@l`<cW1gSG9J?yw=^NFr=t@n^3lmdx~EPV;=NO6WDki&tAYrY
zI$9IpRW_2#2Zb-W)o0r%$RGbK9qNRJf;y>}9+#>VF&<#iut=+Yn#izYBChtmRN*CF
zpt0fCcMCiK=LokxRTlk=pZtE?yJrv5Q^Egi4s25?(cr4X!9<gG#xZ5<upZq0?!rH{
zLz5DpA#*J5xc0e8-S?J8G}ENNNb{2pp~W1JuVdNiK5AypdlV3x<$%E4^xADwSK8xW
zr>Qz<Z+}B+7cnC?6vzcR6kf{qC(q*vgN5qrC(>X3e%uwm!6gs$+^|14*27|Arw5Sd
zGq{)-ywNyMgjL#+?Azy@x*~$NdmS|M>PtyxkF>vdx?f!{&P2Ep-2;<5(dW@uI$=d#
zexD-u)MM=m3uF8k8SIXO(kPO@@Pe6sR7xkEEBO}b$~OsA6^=f=vv58e_^;|&w@{wk
zjC($*&H0qVvGS?RgH&@m=U~zC4!L+Gm?4_t-Z}a}=%I~g+J$Q6?Y9X2gdv_qxH;-{
zR-GZ-#h>sb+tDJ<?0a_%qXD06Cu85c&>g4z?k$_%#?|n)mGccOy7!^!?WNPkR+$<k
z!+CCiUwq^R`B8G60iDJ<Mej%Q96B|FPOew4bOYeUxAkM+1Ie%z1G2xEG~Z!cuI895
z=#umnfW>Jr2DvPIOq{#x3?{KhD}%#=3O)WcT%Y2afke~f{pMU<$c}G3@7x%MesR{4
zgnMNU#*ys>%L(P1#F|ScHFS0RX!e6shxm#D$~f=SaHpoe*1<X@J@3;#ENu+cnbbKB
zpEr^^U3_bP4re_;aksN(33K{y(#qcYM*bS`u9ON&odN03Kj+vg#jWu>yOQ^p`Qh(z
z1trUnsSjZPeUB2(s2PPt-<*8-ghgZsqZziw>3zKF8*l9KiMWS43q)Cn=LQe8D`D%+
zz7|zSRvxOs1DB(6+EF&WLrd+(de(X3u3?T=(kUGn@6FB&=eth~>743%dssF2Br!W)
z8l`4yLV`aOVbMhXl)F}V<dfj#rZo!dZjs+b+YTAW%m4SApoiKCR;6^4<lJ*lEmGYk
zphO*;uy%NmzYS$2Q!lMjuHsSyS-`e2`;!D$@{um-B@ohE0grX|?&L)3wEM}C`o`!?
zd0yEEL&tk}>*bH-ZpT_ix-b47&>k_<lZPCsX^%S1q4Yc9enRc~rHk({L2%<YyPSLG
zDya6$1TTGL;-=5%%XgkGy0SfY=QQSF#0WskWzVkLf{5#4a!$~Ce#HUfH^vJ5o$ES*
zlA~Ab$i`Md!jWRjZvfP-Quw<3BeS($uI_KFcrMBNrY~aNLbVE2<u~9aDwyDX1YN!>
zc=(KOe{;k#L)YlRsE)gc-!!_LCz$%0Kp>p(URmVNkCf|t*VP|5gvrn&x-VyYbx)pe
z<Ymtt2!3Z>;WXLUb<5SWyn2z(+Pnn}rYrZ;$&rsPJ$|$WD;#&|8(g{NUo&Y7=39g(
zl-AYHQO^@l)JDRmYgp4o=s?BA+DgymY=vg|D&s=S(R-Bq(sXW>96ATf&;avXd?I-3
z@ow<Y@J%?S;920wt1nMVvJajRlE-L|G3l?0(BGpb&T&0hWjHhcG&gkB@0o@19g1D8
zqeWqtW7~VpB#IDCdq3lT4FQYNrGaTUZ08)&doKXQ%yBUnI7%}d=qUbHi+eZe9f7{2
zY4)^^o}6$6@d?!n*WK5~YVqypkr{SNfFdBj!o8U{4_Y3a!sC=~cIm$5^GlYoPdCK0
z!8j+cu{Yg3x3gJodtykd>aI2Zb-0i9*AhE-$queq%4ShL5|9?m8qlV#L_rs=&98jr
zqX<s?)!+Ame&f!FlObCj0{Fl*5yJQMtDpb(<1>c_zS=N&D)Ali{Tdg6Z{z<Z>`Ibd
zH*(;W3UgtJ@%~406rY!h_^W;$wk46okXZyW4;+FkRJK%vg13$$hFS4trD~{lomyi*
zYiB{n87ep4P3^vHHnj_2mIhA4qEp4+3e=njzOD7s*81ZRB%DNXNe>nj7~a$Go}JIU
zU}|BfDA6vQ-fscrNZ-8Ddfa)su`aD#zg7BB62pQPmm@Q8Y8(UZn+u<CeN1`3wBbK6
zs66o*{{P7+yFzc+V|BOZ_C4p^Gn3K>PF7Tu8s0}3`C^fw9TxA(x@XxH)yS;fF4!x`
zhH-=vTL_OAcE3jQ*la|jm%S&e35;zJ-wVuPgTtnU!FQumFXiU~g|A~7zFf}ETDwpH
zzR4u0c_(6_;Vi<)gGPvGgPt)8``FTSDe76%NMXVUJ?X+d_4*hdBRaF_HR0FRqI%=t
z4f_I@7GOR*b%b16IUAGa3fFipC@40gk(4(*mb9M`ci&X4*_5mHYggj8O~_{%e2^~-
zpy0o^_Fse^7S1_jef@0C%YYgwN6g;5Xx~kGK?qqlDaM6`gkE2-lk|En&7Zd1S>0^z
z{zQKk_PlS1<Pg`?b<C`YCY95A()pYh1qV?bh~J&aTv_x7Ge3O*Fup?zJ!u<ruQ8m<
za%>>OFi@?q5Ka4L-)X!ocE4@?3rJ__5&{ERwH5dg<O^3!*B&DlDq{R7iMGQ4WQ=)K
zvAYEFHjv-dRU5=ZltuU56Yb&0ZwcwM`|yCzkv^Oc&5+!4m|oGGd|y$w3T(|5AL(?l
z*m}T}T^rNL1t6(P@YAZAd6B|2E*p=N%pPPXAhX!3;mmjGx_6(rFJSkB5-;2ftl3T(
zeA4U2yqMpSmI7eRuuAl&zG2|;n(lm~JeDWp^O}^J*EFP9P47YAPdObfs+!DufZO#g
zG0_!vQUo1Da+OmLS?xJ6d)JpMnU5;-H`;zp`e+IG0GG=vcC~4=X%9fwMzOqp@mh$u
zJ&Lmvbsia>@698`+EA(^zUF}K@5T~QNb`xy<X-xaZrJ3kNA<a_TCYe>`neK}L${b1
z={!d4r~A?kTsUKBGqQ5qSUuVHm8Ne)H}1uAi`kjZ@fZudhg!t+ghq3gjw{p)Wc$p@
z`&fsP9e;$7aPZrnIdHGOs+UF;d~aSp-*&F_!|VExukd;>%!ZR5XjJ-klHOw?viSr7
z0#d&9y{7lIsb2Z1tX>)mcE0B|%=fE*9n}7|c!5=oWVkZzsbuoc`IM6Wj5JGL$LV@l
zcUF<abziI>yQN(v?J2_xlM<QpnK?7ty)NzT_3!{2J(%rRODp-)^QzC4DnH*{b^E5H
z-+%FWr&U>LlwShegC_y3K9{YixiS!)51<lz=J-y1&&uC#3K(1>D)?TI$x%~nII?!E
z{Ya(4S86!lkCkIMkH0W7;A2)=*SY%D)c439k9n~t)Ot{OdHhR52~vYZV%1MJ3_1G)
zZ~U6|Yqcs5kyG!dlR`Ir+ZGV(zNWh;^v<EpI)o=P4rrVQN^~<6?XK4!Mcncwz#5S~
z04PF)a%3xGPxQAMrTmym)!F2}uMYYL(*Qp}z`qb<GV$R9_e8qlI862k@9QB|-?6|J
z^9Mi}p-aV_?iC>X2!jr!wF}>nQ>k?@9uw1!dNA+4azP}{iQkpIlIyQF!AGT8fQ0si
zM!b(o&_s)JPPHXJ?efVnJZQd_I@SQ^0)+<8BO>LG@dZrhQKEq2RquhzxlABk{+_JR
z7UBdvq7t$qd`tSXwO+WIe2VQ-L~!;%+<g_b&#^c;%qIs_*#W>2*38R33xZ3icBQWs
z^&X8QNn|wl3Tpe@*pBTxYSeH|4PX~nZ)9{@MYFK%>0RZ_@LN~g81XxH*!Nq$^)}o+
z3ihgwCik5D3{f^PKgGom!}rK1D**JMBW0h~#7FuJ4orWmPR;l1U8BM1y$Fek;;mgm
z65-rb(FSsRfqw~1{<i0t`F{9o-ax4<RR26@IU;r9q65m}iPIUOaJ0uo%ySs-C8ckY
z;PJUFKC%0dv)}9HdK2XZ9Gr`fxYo#Y-IJyq61$+g3q_5tz@?9C+|%c?4KiY;xjW)o
zSL;#~^dt3t*;YrnLYZc%?Z7Encjiz%2`u8fX#Kt@{3_ONswIEG{css+?qy^-Ve?H|
zNn`1!7j*CBbxhA-msvXmyMrO`H@+Xm6^`xas_JoQK70Fx&Vj3)pAZKGXEklCE2bzK
z#4FYu2g_su8fd9so~*nc`0ca=TY|&Of+~!X+g>6nl#IFZcj(Q;7l1WWIKM#~`_$ZD
zi;L*0PMRy*lkMkF!DqzX``Tl**BIM%>QaEo7gcBR8*@i?xdUalK!okQ9(i9|S#`x}
zJ6n5ktGd@WH})K)4cM{Q7UhPt`sinLJrDVbFg*g9;o5xYP{|?Qvbe7y12$iAzi~x7
z#qhz_yr02Ly`<JFJ)&l1>dfyt5_YeMG0C;pseMnR9iVT|9vY_K&2NbD_Rd4Pc-cKZ
z`z9T`jV-))h2zTXX)`c6AuS*P{GA6!KIWqvP-`~VjmFJ#3a(DG?B`*_GCtsP@H-lM
z<atpZ;B7i_4(+XTy72gn-UYT=u$+{Uc|7{wI5ow}6qJFSDumTWorgUiQk~cM8APt0
z*BdUng`UFMw4=twMtm<_Nwx_eZ*rG!sX;&n$P-VS2Axsa<7qF4k{;o8SN`S9{o7h;
zUPb=Kclvry4U6nQcjJBUf*Eg4+$lSKRAFyd1-j5=<JmUKZR640LzcX`vtVGhpQMt5
zZ(+Vh(6##hR~8&v#V|{(&dS7BeHdtNxaEfc*iRzD=awkWkGGQ6D_P)|J0>(0u6uoQ
z#WbON?1qOQ+9PtbPs!`h#1Q7Ui?t5;twX+n4wRqp->J~B^ZMicULUqvbP5F!y2R@l
zabNqd^@~c!IZ3gOenTm>j~nrK1kn>?a@b2^$)+=;&OMZ<lj8#Jdf;=<eN?l_c72hz
zBwm^bP!qf!qXSpYEX5f5?B1dq0XG=ZZ2-a^J9s>zZR$0-JLfusP#(2Ox~DJU@jj9T
z2{#$ga4H{T=l7Q%z2A$GQ<>{4=lY}WS19E?V9w6DXj`YVi5>T0jvLY17IR(|hnRer
zX@e@9pgO8uZ^0t#WmJn?7NKvN;@v#}m%Wt)-vE9;(!jBHdMZ9gByyvb*WM8B5#6zq
z#z6!SMUPkwZylhMl6f4HD1-8wYq|G=WYqgLqA2KAxCHlf4Ch7W<M}ERV+7#Z9tgOf
zBFA<<>fy~;$tEwiX;MvmTkdhYAbJ#aXZZ!`w`LUhxX4(=W5|=2(;m|L4l2?0bucKX
zI($&&zDj}2*A-UqT@>664mI4f_Xxy@*Aa5w%Z(DSK4^)b-jKl*Ua6b7S2O#*rxfS4
z>&#S=^&=5O%?HL@y}Nwp+y`4d)Yv0Tx0=F^<1tm$U$2{g+hR!$Q~6m$KRCQ|r}5wB
zp7U@W%&ML`>q$}rTJSjp2)IxodK5aMZ_}M~B43u5IT)ig9T)5p-2If8@h)*b<Q4q2
zl~eXW_PNVy*U+*b8GC5J>NEvJ76DhW$-Gkk>I+kx1*eoaJFo10QiyWVM-3-N&!+*R
zE2zj1oEt$*-+oW_l?hNSqZfwX`QC1c-Nh=td)+R#E!}S50|)|_KF9S4WO2km+wK5X
zi5K`KFWE8d@^N9;je~N}F>)?&dM*F6cs$k%9?F8tBX#}kC|@EEabvg{I5u{)=;hqE
zuS@Y#bjkU64O~UU*t{@#n9qe$_#`ZEelN7U^k85<*hM1#e%&iC`he`*Y%QL;QKAB1
z`kLzdVj-p-sj?_kELO#+duZxm(2(!s^Rsneg4H|gYsF=~_0j<G4k_KVKz%4_8!r*8
z<>8zq7kyvuTh8Cs#W=~QFP-?%e|0DTg?D``qe55kB;KCQ^Z2?fHt5~fjnzlcr->wp
zJ{80ildalR-hB<dBx_O5*>m)f=HBGe6PS@x7x@5FnR!sV2`wDUTK5Zh)DcY{d)#t5
zm!{!_Sxf2p^9c~gSL_ZB_OZ`2sZ7csm7uqC>6<;|ZGBv}aWbc{n=;|dClpBGPM4q+
zL+jA;p`kND`Cw(;?+-RAY+NjXyeXnItZ_o@L1KPM8;2d}v1A#L`bHP2Qw1~xx^^}J
z)IK*8gb_R2m3tL4B`+i^%ujR3-=1b+tZ0OI0deU<QSxW+^Uon%ye;1dedU8%d~}<L
zeF|EZ3@u)ylmX$aij$e=X;L!*Y*{#=2k}*tnB8O)1o5g7Q9S1kec%VX90K~Y<CQ!P
zb#JPCNBnbN7dG#ms@Kgs4CyjXS7QF%S{kR9(;SCMb!?++=4N86-On5H_TR)s2x}Q*
z|Ai2*?7_#IB&&<?ToF*-?@0NoWY-ih*?vYXjff4EamCExT(&f6DHitZ?h3*pdjL4?
zdd+^S_U=?^NOaM7#P}S=9GY*5c!dyTuCtz#pIzf5M8No?SBQkZ#ebG5a!*%%Hi4rB
zu#Q9+wC&;*lBAaJImsu|PH^Ex9gp9F!H?Wb##X8zsZ*R%qP&O#5faJwKtgPu!}}$;
zrTGV^<;<zN0vA5@{rXP4<$W-o5IS}qvhCNZbFoi*d~!kRRwQ&|BW1;Gj`JmOnYw94
zhV&hGFttUVeIa|#gF_WOnaGUM66;tIpVxoEe#`vx$sbrI-$}XrFx;HhN5_MjH95pU
z(@gX`hRC}14Io1?Q=N<F8^$6+JmR0k0ldz>EAz1N;v-{<ds>eYF2Bl%zOOSn(1AqL
zDu#!{zBxI3EwGR9=`2hOUUj(nH{rp;0LZquHZ3vTfMXavCff0uU*Uk~<BbD>KBr@q
z%s=&|okfkQx~F{_3|KC%HJ_eSlpDPq^eQh-Gl}KB5A^=M;8R+n96y4-jG7uN@HfGn
zzg7+5w;>(Xr}@wdUh1Kg!e>%K@t?=MZ5?#S58-Y_uT?sgyE+)Wa!G=+cV_4qb(P1~
zrLx19Dego2EA(h#i*ojZ%nwqpPWQQnBQs3<(4)M#B?i^?#7M_OwH2<xp8-8D<t0Y<
za^avyY_Up>%t<<L9cLwN74I9L<!pVLuE!sF2j5trXg*arwh6~Qm$#NdE?CkxMMMdo
zpK{(ix`7<N=bF~#{$5PyA=bEte8c@U3&Gp>^#`@pg+1r<`LmV0<~ujdnGAK6FUVtR
zqJHJ!rgmiHU`{`pz>^oj^7X>LcjOSj`G3?lqdy(qJ5~J%$2X$hr!ee=ZyX(JOmxzc
z0I_y5IdVY}#oPKsqx2*AeqtaaU*JC=;k<);PS-hSIwa0tQxvN6Iyc01IHz0k&hpf!
z7bWF=hYPOBqGRzkzD7H>J9Hvm#PNPFNY4p{RRE1|uD7{?Qg8tGXeRHCdyk$pOW$wj
zU;4W2x28UZmk}ylVCQylj))<}h!BnV9G#P&lhf5hHU04CruRiTpML_hpWSK|J`~P!
zwHzO3sDw|7y%7@`0I=KpsxDykVt(%DC)z;i6v;z|N0A>QKlj0q#rvLvbPRAt!si`7
zyRq4*b}oc%buwHAGx(|=akk$u_dNLE7n(ez{x@z5h3Xn@gi&U(2-v}rh>O<34I&;;
zZAl*Np?J0FNH+(HvEVqJmc^n6;!D*yJ}uCJzDUri1$o1(VnfI8PYvMTZh{+#*Ep+=
z-fKR079iC37~;R`%%deyVW+(Dg)<!GX7mT*jzpu8zRd9}WZvB-Sw^jK>B3<tjKTQ^
z2v{Fq_1R1)j5}>{4E^=G#IuJoYenMf6`#tvr*1{+$#^8Hk5W${@?4amtBim=VMhpU
zj!7!?xpR`e3oe&{GdgB+m|HdSOX{kZ?3(KUoBMt~&<XL@yL;5A>J|rm(^^hBxu6Wb
z%gR$p`<;a9N$vDCk&unBa8gORHQz3czP78U_;qSf_c@b@_NjT%wNd0dU^C!&jse~o
zi>7wY^uQNs*{pD5lY-nU@qkXXtj{ahaO}V?IDDJl4$J&;$+L!D#j&5~i(X17>qcd6
zV|hJoAAtW%O{B~R848xK{uzvz%{^;*?H2MU2VjlZx2#U_(Yg_@c!*`B-YqQ(JZPMn
z54Mc9o{m4aDhKjpIk#h6I|HyQyzdF{!w_VC69u=Cb1_HxkUaj>F0BvO&x?-9d(VB>
zNalFm0zbo14Yo$B`<=Zn=jR6%iR5iz*ZWqtu!P^_Z}>U$`}cH53F;HtxZglJ6^vpa
z<dhr=ozSzCV7^|VkCH}YaJ@M0ks%q^!%7=m6c6is4&8^UargoId1T2RG`#1&Fworh
z=_k12wMdyxAeMU!B#`P_o5+KV38LB%Y_J4pI<WvF02UkX(M#WpG-<WLsl!uPi8Uh>
z+~=%W#6ttE6|LWNiPh&=XjLYAsrhE_x6PmY+pGMy6{O(z{xlJ)x^FOxh1m4i>zV(Y
ziJ?~fW}F>!KeLeL3pM>sfMb7hD^q8j8`gd4&*~&$McOSofEvjV4!4rC4ozCgY5PXB
zBTkFanMZXpE4BLJ|5^U526*Ig-wx+H{Q0-07kjeCgEf^c6pm7N@`J*>Ei|>n58c{9
z1=6{-OLg<Aev-}oD$tSR$rj+vb@|q%G>3-0OnZB6)z?Ua;bs0SWt^$UUT1cWbNmGm
z?1=iXykEH8n52j)>45cO6~Ebt@l#gB_zlWjX(Q&YrMcdZdoJNQ2TJe=PxP50ORgl*
z`rNAT?R~Uf=^`PV3Np3G1X85(j0w+?sl1(eo4VZU-qrk*HF^vo&KVCj-HvvO4qxSl
zZ(yTr2g(4ok(kb_QD>d^Bz}OYWs}#`Z&ylPfA=E}_2>4{!bAG%zr4(Q3Cev8IAVRk
z_VY42?sqjlqH)IW74vO>h(P(9D}_|6xw<OnJXpN1uEVWBxXrAk0e6W3FIHV2xpJKY
zs}p&?vz5tFZ9<jn55nUJq{7RAgD24kNqg<0K|)?D*`1lqURu&g0ztio#~r=yIq8)g
z=(Y2>F4MvC$0py6f~c1hMb)-`^Yfp~)>q-(lJbO;3_b+XtoOh-Wr(8I^BNX0r2?)?
zmxvIboUt<s88>O5jqUaWm-uN!2ps^s&A3I~-9U)d1TO;K)h!rb)UzzHbVDrS_NUyR
zo#h?{-0(Q^_@@E_rKON|;-@p>Zy(S5$Q=$JrtW&=uU632`|Le7^G}D}K8kf05bi?1
zi>r{reGh^z+tM1>BR4^Xr3Eqsnp(a|8dlKZg>s4d)q@wwwY*nw$VKuS?9}C|qD{{!
z<@e~MFWW<VIx>98Cy)~5=8)<+z{RdCfv?FO%55j?Yo3UDa=9K?o_U#;U0w%AkCS1;
z7V;-{No?YdfmVWrXJIeG;+5Qn_Zid9Jaau<9~M_0W;d9V8Zq^vzOUZ$H83eFr15*A
zW8>->^)ng3X|Oi)`O@eC%b<;|xvqFuzr)rA%!$+GgoryEM#RLyW_QoxN}Ud5@{$rW
zVo7l`h;J%dbh4uSy29A(jiGl*?<oT6?Sat>L5Jr4TdHFfd}w<D?g`QR(2~~8IIwpp
z#|q{fR`WRZ73(dtRpce3^3ws=^c5nzIV#5r$K3;E=d&Rp;^|9z-ASX5#^*XA4>SV7
zk*?kz6M2|<uVlvk>K7HTe4li_H54;+O1|Hz9lTl$^Fn|WSh(VVkds(*!9kIs&LgH3
z_O5Fm{ZhS%XdL<piXdDzUhh+{J?Qock>-6Ls51mZarlVdTC;U~+_8A$o30T>$-eXG
zTu*Y&!qp{HrI<^J)o5rMf2!(dKF0_1d)N~MhQ9%a1gi(l)&U=otd^*6Y`yj{`ul&m
zLWEpYLZ1EE8}TLwWu1FWS8zTVm&XNw9`o+n9KNP<*mjxq^5KiGaq$&5UVaVw3aijn
zzY~9}uJTKK7k-<tesX26_lN?Y5=3Fj)baC>Dg?qmHCiJJE`~RL$|<kiU#nvnH34%*
z3pKuB`yC&6pj8?VoKv)SSi41uYtD;L)5~%c6^<aB%qF$#JE=TAC(fjtV-q9X$OIr7
zni1@MB?&&2D0L$3tZ2(-+EX6e+=`i_-ZFuvdtS35FD1(W`fO$&Wq8dssPD0(*LB%K
zZtFo%ef2A(VsoYNo{2S;V0%0Z!qsR##q>{dk$^)<EjNj1IGn8hluH=ls_VD<M5r!s
z{ZpblF5$!lulig!Z>?#kyLXdXtL`dHPvrK*q1(9z;tn>n&QRFzPl3nq(oF5LSpqcn
z4w3-eGj!yj@S)9%iX#1qeZ-#mM36DojuBZ`zj6}i?i?Dge%(m|1ZT;%`8uKM7Yioc
zcn8bi;hA&Y`!(2J>4{fl00>BrKja&kk0h|i-8v7BRRg6SvUSfsZ5S^;^d25yo%`s8
zM_;B3)KMwAecSzb`1QJ<aNc7&&3mB0<5eC=xITIGtTMiqI13!Oq>mL6x9i=9BCYL`
z4Mq5?oKA9FTosO&Db?%xRd#wEHpf!pbx38Rl}=8(C(CnqzIQa@I_E~y>sAoQ_VA$E
zxB4Z>QhXh58r0>so5A<p`qx2JkeV!R`gs7o`DJ`Z1}5K{Q^(!zcY4loYD2-eUq)jZ
z9DE$ZLL4SF%sz#oS}MHWpI}jP6TU{+kKX2(w2gkf=;24Mc0`oT7hh|HWP^eyJwne<
zkG$Uwx<}_5FOWm>Z9>E{UQ6!Vuz(eA^Ut&4+{#TMDA4PGT1ZIi=v<H!c+UX}B#;o-
z=y?1EF;koRhPr3G@Dz@r%<t@#5zEk$KSe~l&??xUU@f1#ik6~t4oAp>2_=A_;{k+(
zz(>4gyyBpv=h)&Tf6LZ`8w{7u0&5w@Bem~J?>-Vm#-4Og$9+zw%|o`f=a3#wwo?uy
ztYgGLadigAuj5wWYi6E!==f*(UmoX0HQN^&k5yC-eKY3PQ52TOi9(-wVxI>b;^fO>
z@!)fCaMbofyU_SY3c1O@ZHPLJkH_{sE9d=w>kC>Afu-E$*Di;snLPk@Fr@=)kF_~o
z%)Mm}Of)BH(6#7B`y5crn6B#!NqU709$PWDSLsJ@L^e{-g|tr!{E`y`h&UblPAP-k
z4g$~`S)U6yc=F0Ay7l-S<F^+@zNu$vt504CIdLD;5=%A3^WmolKvi=*G9@4qOzcSK
zs^n)#0KP<kM<R?rYs50u;dA>W>NiVQT>?}lr9-HQr<*!B0P7-w@k1?gmiaNW5y`Z0
z$SA1S1BQ=e?57TqmAf_p;1xov-CN(7J6^}UWS6xjwr}J<JXU)=KCjv<d6PejGaSJQ
zt#fn{=kpNh*Ot@C#m@1E-%pHjs}1W2f3IV?AF3VJ(+0Qv1~cl?Je2zRsgE4DV}a)p
z>8-EQXk8aAU;@m(B72gyG~8;TY&?26*pG!(?dYUjI{oerklm=Ap?i7m&o@xN?T-f)
zocybEqIXB{{m|-(iKE8WzE}SF&iesLSp~5SKiBTuZ&K>G359y2L762I*-PTqPvZ3W
zp6Y#tftI1m;rL$C;9@yUW3PcTI6w3%j%Y}EMg?^w-4o7SPb#j^8hJ@pOt1+&T3O~-
zzkld($P$*0?)@w&So`Ie7-<Lv<`@sy;ZeDtBj*QDSv)@(96nP<Q}=RTj~Nq`n#xcC
zMqjKxkC!IpBEN6oYczT77`rHkV2t8^LMfc5eQW0N@#}DU`@RxyA5yyeGK8E)L3b|7
z`Q{F_&^n8by{fXZ0T-e)^r)oKP<J{r+aOL}`5OBG7INOx?#-j<5U1r{IhVjo@)ZzJ
zw6j%mxa9@=nM%M#fTC2wt8|I|Za`RaLN>WOahLXTT4>H$MkhXk@kj~sd`2#0b8Iqv
z7W=4%1JomzrhzlTFoywgBsO#%?rY+utXB~*oT>(aj<lobr*glMYo(1AHylc`@zLwS
z*|PxQthS~KMhZw{`3ZU_M@6p3G?Gs)mHBd!t#GFUI_P9jI7BNcb}48Zkw>zaqG$Kn
zbj$lViKOprstk^umy3&m9@N^8q+HCI`%Tz@TsxHt620(>_d|{|B!!H?-iiH~V~gKT
zd5~GA#G0U7nQODV4sGMg-g}`Dnd3O`GVp2qj1<oc86wL^CoT`oDq*?ad*|#(Atkh0
zDDOUe9ZaVa9Id9t{7!>-M+Bw%1>flh)gnV4DCM13+3wGZ^YfIrZ-0A5n_c70JX{$&
zc9|_7+z=*(ga0(_#=fv>0IVGS842n7l{wggMW;JS&LcPv34rucsG*<XHXfX)$12zP
zvo1g~JFR>lTv0xDIdwP)CN3X!oX3b0o6iZUQ|788#W5IMeS+}t=LPlBTUuW@?<HW^
z?o!hfGoWFqI1J>?p8HMY^fFV5o}+pTgxKYwYuWnVVtnFpDX909v(iYVJRaf;cjf_p
ziKEal!$mXFt#gs{F%}4?d2E7SV&xr-p5r_Qckke#VVXVP;$EQeWwAc94<qh6j3B}R
z$ZK2=#Griq9EVGVk0|q;M_yFWXT@g(7umHvKh>7GfHzEqZy{i-nv&sTGGq=f-(zDh
zT0opiS-HGyVn}U`Gs~bjN4{l3#Mk^m$L8KfY%Vs4Ba^4g&c#Qg&>2x-oYd<y$%}xf
zlHhN3NAIU?>-k4Ju!hfE{Wyar7V$_{;IWaC^3M%2ld9S_uPe|9P5D8V^}YlT^&Diy
z8aVOodY%ghVmisL*k}Jz)shE!nm%8%HbJD<vd%0YT)-LhBUhbVXEplx>eiMRJ=#C4
z-}~!_=X#l5N>zI+g53Cakq(`+uUcE;!SB%R7Odu3=+`8-?xTsobCr8CCsWoR9S0Ib
zmJ8{5KYYm#b=$dra8-<gu~?X2;p|SpYt4;TP2rux_DY2nd5{@m76%YZJk+MQ%fHu6
zYkv;gD7yf-t=IBu;VHjDRKa;R9|LU;tzh-}$*O)EkBdDJ-!{Mq8VLvAgR(r8L^tee
z%NAkZ{kQj7cjzG@fLn=v0}YV%UL7u5H)WNA)W-*5uC0xP=NvgnH-jdTRuDk<1W@!n
zIDoMi;wWke6xjImtkgC*S+*G`k5Yo?LY6)(*+_v=%P&qo?&!5ux30(P{T!eX1!OQ~
z;&$#qUeeh|dPiHk<D!QQ%OJ4ot2ZSguEsZf=Y&F1dU_=K(Q|GW<;~4c6lW%?=E29t
zJrB9wqY9T`*o46(#(cbvQ>QH=c#+qqvT8U%UMhgMFA1O(-E(_*34q3H7;|B-q8taW
z>&FHmk3TG+haar5tJ9LBJHZuj!0g<C0HOQsqo2KXp;rNJj~7bMr{r&+ebjy~j|_(5
z^^Md&GPqTY11;UNhrYQ0Y!4d+JM@KC07(+0&L!d|f<eS1vU4Dcx<ix=#jv*e0c5w#
zw!Ho7(cpT(VYgwVD4)yqY0<riaAp@Q6M%hmM--I}@;;7PFAi?JTq<G`69jkn#oOmQ
zikQy=U-O8ro<89<c@YaT&2UAsUUqy2g>IOq&d$wy+X(J86+I7;2cz9S%bIBEBy{>+
znuT8P%rt86A%Eaa&&9g^LS`Q6o>eYm;`-!CFjOD8?G_-l$xAyWqp>&P1_&IvADZrO
z-Jj!Xr7*7WJl=LLa<8GLLl0%2dut!k6`6#^&sHWS(g)>XwP0o`b!^d_%5t;NYdYU2
zmy8wqf)1q1A{Lt94uHvSGrZC?Ki^XQc8!lCeE6~8OfhvEEYMFLbT;ZnlIUp#)Qx`{
znB46=xy3L@&V1$afxh&yV|Y-clVLf%F(V%UJU4L&6LDZ4#_db{`fa)|a8{40C0<=?
zP$Jlt_c0h8)m~&LUn42^bqJ|R<Q7c9DiwPLM(K#L!D2tUi?QD{vt+=0L#f#!+2RAA
z#GWtvgzK8YCa<QxFF*Qfksv*02vxMkaQOlIUftdMsM?28Qrpd?KdoQG%hx;t+*9ol
zY1Yps)$v{>ikFeb*mxF@eW2{T3rldqqi7Fh<GEq-pdJ#9y+pMocdnzm{nDNCO3q%R
z%IooXki)CVuQ+Ou$;N!D+&)M%uM;bBKQ2Nqv!M8uxKIw<u*e?Bd}*nVXQF(k%@Fa@
zrv2EhnytHrfP#U9d9nR+mo&to@qJkEB%e>QmoxNn$IYzB={Dg^K2#`^jn>R!Oas>Q
zo<n|az=`7co)*299;zOcRGKSMYq$}O?Q>#^?6bGD5r%xV+g~pj^FvkFd(T<Tcds80
z!`4{1Th5!ok8#_|1O<C|K6Lh}c<LNoZMwqWk-^Y3ln<z3+NBpsN`I18Tl3%xQ9<=O
zDW|;{tA&c|JrdPG+m_BrGnakrItx#cv$2v2;ts<E$>ACxRyeKSJo@4{T;h*-F1)8P
z4^JVQ<4r%Gv0R0L%jgwd!*gyDEJxdMS-<(XzG!2p=>?mE^LG%L*CfT`la_bOirE&B
zJPP|Ny<UXFl#~##=&7*s+w=eD8FEZzo)^}ia(wGn9(AQMJ_@f0q$KSl*+BKrxg6!X
zC#iZeUP509pSCX@w+_L4&JT#|=^k{Dtc1nOI>-_fUE=|GL`VWow$D5IK>H&a`yI>N
zwifKTboGpwerF=25(qY#L5yXC`X1SCbqH^?{Tb{e^tI!<M^Rc6$;RyHnMVP=(!spb
z)pGlm(ttz+GLhzEXsM2S(8_%})5JzzGwe7gS=tYt^FY{5a&5R|(q?mNUyprU@*FaM
zmvxc?x=LK{ipQzx=6qa}_bdpE^xb<4-Q*~`oJZ@R0^mCgCj6vYWIib>Xx>!t65s<I
zy=g|&ucr9-DuiF%nYrz|MlDR0gq3;`-L((rxv@YW2X_6_sCos{GIWD4gal%vK91Lh
zFbhzRia%B>YmfY-C6nj3Azm%@fE6k$iQMz~c6K|d_N}18*;jvVck;$1a@)s;JQI0_
zx8wTX8uP#&sd~M|UYe$Omu3Yiwa-2Ly@D`R&hb|Y4^qB}%(BzPvLIpSw#2Ddt(O(*
zqO@GQY<%&uA@;(%B?^ZcE%55Cqdi-5_q@snM&T1y-j)IJ?nUqoJKxLpIY;{BoYIxv
zd)>Y_pOC_8+}&`4&Oud-@1+er$hcm|^yE1=?vXKi-Kz#~4!---TfryylZ-V5$(zR$
zmD9tE<~{VYFMw0<<nb`ocdx>?_m$aKPhT-6zGI);=Tgz&r(*W1&}Yx;_rhr2P3VLK
z;5OFrQ={vvbvzy(V$GL*G`}71e^#E@E=Q(*JnguO+#o$wXm$H4?#VIgl({!T{`n?L
z4jil`-_7>BujlRxIq-LeHq3k~ZfYx}`C~Nv7%NlX5khC{qakxRbn1?{_@^*^?%lZW
zp_~LdXPSH10_UF77ciqk=ne^d$B^Chok*{W<hOwW<*)oTnhGip8NR4+rgxWJY4+0b
z%Yp~p6q;$iSBaI`hcAkOM@NF=>6~`=dSRROZ7WA=oqnZCWkO$>S<eSFK!nNRjMWwb
zFMhAv%M98_88%cxS8&7aF{oEf-SCU_LfTEy2$`y&*?Cmy!Hl80w^XpMn@Z&C^5qR0
zL$zEt7$_=4O$siPFZuDT+wtJKLA|o{I&pO-&9R`k&A^h_D&vCEH1aK@$n`cCaC2H#
z>QQrVy*S8oX&l0Ju4?AK0*rO|AxY+4VtIw7kP9g0JR&m8*nOa`fcdEJLoT+1gR!vE
zkU}aup!FC_$UYn$nr+}nC`bm4bQ(|34b!;riOumtMs_~eko;)UdzQUd{0I<d@LKVj
zZC!d`k-t^{=*ryN^tY1!u52qm=aQZ-pp#+W?9=!wo_z$}|2j%KuYY@Gm`kj4%!|dn
zus8FyPQNGMzV;+eQN2<&B+^vHT)}`rqO#dHF???LFsquIf8wnVblxdUJb>bXZNn`c
z+R}3*9^2LPI?RNf&&>FqTv||k;6SavwesrEnf&wio852eRWPm0^1j>ETbc5SfbQ|r
zw>kVeH6liu<qVh{$Xl7eYtPSfWy`vJzYQNB--k)zuvQGkW6w7IIMcfZe5l|g{ImK@
zU}ynHMF8ck0a+$}v_VjUIpz}g#XRS{Bx1V3gfR8lZVUnW$z+!a+oRU}Z5!r*kzY8b
znZu5EaX!-o4g$Gd+#k3<*<5!_3-?|v>33@b?`Q=iNpKMq2oaK;+X>i8e(to%1((VY
z$#*|puQh@X=MlQ>k9>1ecHh2vq7&<&IjPx|ha8h#FHjqH^Ji>5;-9-fOb+DdptCQH
zk{`FwD3u&=J0n+Uua#I%;q`Hsjqu$CjmR?<GBcOJuUjKO26!Lhebs|3PWv^mXa%w}
zD0TLvzLwhzk&jvz)saB0&jp1`&r0Ls9{7av(ymltoIcr*ul`|f1Dn5V5b4AVLh>+}
zL#Ch5I1lXKFUhTS552U;<iX^J2+zC!RVVIt5BLS~)xfM4(20AR@7@_DxhHbn{2rkb
zDc4`cmTTWpb;^MUSRI?8x&4YN<n*y>nAb|AAiVtGo>!9>Kh-*vYAkm<fqi`AMCmPJ
zy!(EpKLm>}UlSV$xf4uHVcLUgwgG)Q;$D2IGw%F=uJxJ)|3}!FBuSFnQ1nWe2m(ut
z_dk-1UcC%iE~J*)va%xRB=9~Rz&AhYiI<?z*n#529Ya(i?&9hf{=`Uwtcg_LN%**A
z_mfjdzz@o0C-367<#ozUZDp11xMd%P)rO9^?~vFj@*`bn7IXt8qH^c~S-(J=+~rH(
zE#5tc0qMr_ahYI8)Ac}OvHixHHziZ&cYn|RXuO}2I0v!cGg0JLWwg5cq+ketFCT2Y
z{a5t)?e(@%hxptR?o(oPJ#NVHaocr3M+><JSeWi?o@4Uov<hZ=n<0$M$U$Yk2}KJq
z?qlf>>JNvMKCs-Fcm5w~*OIpJ@_x2|JsWOzj<bLDK68)z>Hg*sbI%R)i$<=Cp9EmW
zGem@zHl$-nl5xL!o7y=mbUQX2=GtdgjPgL~JQZj&qsQ~eOS~8s0Y-*NZJ)EMz&miE
zhIM635?3Eq@wDeblSY`-C#tW#M;As?yfBDQA4}AtQ~A~F=wAcW+&i>}fqCY1KNcPE
zo}=`=?Z1$PKs+#==75u4wQ0z#I;+rAOD|BoxbXD4@q~af+c%!NU5d}12IzA?LvrX%
zJ_p23-qS>U1mH<5HTi}nQPEzcN5FE=H*_UsSs6=TysU88uUhxW4R`cgOq(y@!shK+
zr5CxJGhu_(33EolL;Kc)GmT8LJ4sIPP4ybrlil-nB!u9>_xOQ*o|2fw;O>q<r!7Ud
z$oO1P(8U+OD)Oz~e9&^ErO>}Vi75#!-jhTDYxy|H4h?+$0q5340ovC>i%03~QC&DM
zJS9rD-DWr%wsG2hlu(%>BIgpLdBWK3di26g9x@!YG~sx{o&=k|91Aa4pOCSH<Njz(
z-#^MPW)Aa9d6Ieg?4=_QHnt1Y*AKjuUWT%wpOFp~&o+Fsab8>_x11;Mr*GP&Gb(k@
zGz6diJU%X6Yg9M!2h+QNN8y17XrUTiZP$o!oUAP^wXa0csCu!!F5pZJE^t`BQK4|g
z=f2SKlYV~N!@UPVZCl%qool!7zRitzFL)mAr_(9;A>=+D^R)A4<uXPk+d-sd_0a|p
zf{jITOw5=RviIrnrpoQh!rioc;1g&qR{>`q)knc4=~AxTBVT9R9#E)+MXYN&eoZ8R
zvLj#i;*ImxEGxQwx|e$10b@_teKMBnX$D@^I^SipJawIC`NF=n=KS8z(C75bF7h<^
zVSSPU0NKBRYdZCg!8dTn;=Db5JsC8Ftc%VQ6FN9(p8>L8RFNmzR=zUaE*}BchOD<!
z8~0KlBKA|tpbc`1-7~So?#(v3woUG&#d%+@JAz*kx3dm>Z}Slp>m_^PVuSB(;p6{H
z%})c!{pNI@Bh}7m?_dSPV=SG4b3^9bs!DYWdE6z4%h-quD)eB`K$YgHHMceUx?c{x
z^y48_wj3ZsykFbO3s_wD8?xrk*Qk#r-8BG#ZWp;H>;y{Ibt+BMPxT$INTw_DO$HZp
z2zHt=dEw`<N^YQ)oxa0l-)*ih$Y|&hD$C0fJbe9_+Y>6b8>XgJNa8PSgTGZLe#<g1
z%A%FDayS`&{@WE)@E%*$XZu6!m2>>oo<8>;I}h!6CC}wh)uP7XQp8@D@;c~U!-!DK
z6Y6&h{d{jQ9bW){`teLYp~W2HgU63gGKkl0(o?By**n}SbcUd7^r0vXY_X^lh0wi)
zl^8w8&Gap_E;PUu=R5YzFcQiWh*%|2t!KZ+BG3y@FJnRZ3|E|QMB}}}jf^v!?+>$z
zCS&--=Y`AAKO@j@N4aq2;xRwF=bOX&jXHya)`o(#cF)FvL-+y3nJ9+>`ICa`0#MM@
zG;5*<_eD`z(>SCJOW{;;b%);r21R|Dk4_QsH@X0)IP>Jw0T2iM*foEF<B|;axg`d=
zdJl~vFx`|g8Lu;jXYJ}4O*zC@>+_r*#)CyT_aS`->hxoLt;74ldJ-<>IS$p5Vk);H
zT14bPU?>dM6DD>=Pf>h>kWS)3(W^JLYvKXaq~*mc2s0UpFZ>B^X5i|PxX79pE}qMb
znjCjd)|!)7q3GG|Ij8r^+k2okiG8IYkpwLdfanIH->*@l8qeJ33-lE81M=G5e{WiZ
znR2x9Wx)*_r3T=3AYs1vC{F8mGp?=kscBevpI&ur#6)b<b2;psoc1aO>AlGDvgB8+
zw05jVzVY$fv6Se7jA?R?hg)oa+aU2jhabQZlz770R$FX@zP8W+{jy30Rvaw{c7f0I
z(M-sR3cqW#y#UacV7dh&hG7{XvPL#e@Z-`K?D*ckSMUAC3_%AQGuYc-!o&H_(Z5lV
zEklZv$W($rFB6jVH3Yy%4v2K=<$!}X03Ta|-@ZqPxs99Y$>GP3%S&|RmN4PV@=uf-
zzx?_l`#mb{LVfS5Oo+jK`GP)M>9-D6pGlFwq;RTz6pF}4uAZ_icLuRAoRs#si;FuV
z9$AG|Cr|AG=ogq?uGfd3r37|JJobhH-LHropHjmE@}dH#%u@n_QpdJ1(63Lr^8=UC
zNRIWJ9=EJq`m6uOpB}kC@1KDKP0bRa3Z~aMdLc{<ES|t&;}W<~TC(H^+|)ga>TicB
zin=@AiH>sfvrI8<tz&%SbaOAUyxoQ!bq^=-MY>PTzL-QY{FNk5>`dAN0sK~=O#+TX
zl5oHLnGpcj6&RYX(E=)u9VQEi0QD<znQ&B9Ud-#XI-ml;2$4L5B)n2o4<0O8qi%hc
zrjOG{6OVoKuT9Kv8wI`Ns&4}+M+Xy!*L%#0?GYzuAstHdE#>0F<rXAM+JQlu)O^bS
zY8{HnZ3QcUx_$k+!^KE`M};dqg4CH}W}we^hniV-cnl)0=mp)_n{(i$3fwHTuP6=<
z-8-Hyf`r%AJANqCO4c8$$SMt}j$%MG17>bIVHui!t#*z0&9tA}i*GsS+$VWm7}yBJ
z<(~VvQKAF{B<@OR<NDVLQOj{Juv1d6Z{zMPV0?{qbwz~g>DWaaoX9#(7g9QOsXxcB
z_l$2pG%v9CuN{v(*j?Fe9fGO60E1?8h?AXR_>{RrY&4<Z?nOt6PPko9oMv9@yY*6!
z=>0~L`ij07b}E|15#n4?yKQ?nidG?6T8cBY|6S4J)Bgvv@^WD!fP}ud++Fr^>3yFd
z<$OFJHWyB^sWg`C07;-vpUp=nodLyPL77n-lWO~8wo&X(gxfX{dG2RBwR7x##m5&P
z0+4|14G$ti*E)5h6s6Lw>WMAfGu78wZV0wtR(Kykj~d2P=yR>^UXSi-d4R1wx2HL=
zcX8j6fW`o?xK>=iddcc%6#97+ZL)bV58mFV@T&4O5UnlQX9tf!OfAF&`;{H$RI%~N
zzn$*3dZLY%y?Sfby)YwFuY4BMBvHpjMT<ZG`jBeMqHoS^Un?0w-fJKmc)`+F0ASm`
zi}4FfgBd<EY;gEcM1L>665^6A^&?1O5;i)Y=i%^I5ur-jb#<Ix4n6k_X?I^lXjpd)
zM*_%$95Y|BTh;~Pz(Y|34~N9juqjisS;x5`m7Y5GmnF39Okb$4xq!TEN$G+;Y%?i{
z>x68JFm}{tlb-Bi3r0AnJ`40X&hk_R<>fy0HLj7sc>&c#8auigZu99qZ3ib~ztR1`
zX@KWJKiwyT`y1%;*kP|}v+U6WJC}#mAuPV$NH|W1yE!t?#;qf@I`^udCJ8<M4QwB2
zev;O=j+WBCJ&RClmjJ(S*kg$m8e=sZ(Gz=C8qV3T*|r7kA}@7=O>CY)ooV0Uuk*i!
z&GsvNKe%6G$5Zi#eRvmzmtFGYm40A+#x-tm1KBpp>f>^pd?BFgD^n+t8{Zprim~bZ
z-iv3pJxwiY@947~xQ8LXBCg=9Dea!DdD7?`iiuWU6qe2!!dR9_xZ$q5o^fgpk(;Jo
zi!<dO2po>J%=k5vmQmM(cKf<KESyo}@?5Mvp|?J-2<Pm_lgXj*zI;{J2xeX4DG!tx
z8L$^13v#&69Qa)R2gfx0PR)3m4P{br?8@D2ZPk0)aCYE6O{Zxu1ERdGwsqxz11j}{
z3*vXCbYOi@H#>t8#~meergvR`)dA6Ot2<xXs#^{{;L!T@-rso~R5+oPgow69eZIF%
zcTVRM%j1QARwS;+lhkcgIvXc(*Z(#3!PI^-C=<Vn4Z5jPf<3qaoCTK*?37;`e~C4B
z&N3c|o4%h%TRlNvbf8Oj-roG?!CQ0%(r{rt{eF$)9`bHnb#%*w;EQl+;juD7Z1=WG
z6z&aM(4Flu;B#FZ+j13KE1u%BlQ>y-A;pX+Ejzr{Ble!W^$q1^g(EjuN)7R$t+})w
z8(F&V)A1cl3Ie7V!tnS#G5JXP>k<$GlB?IgYHY#oS|K_182fG59=Hq?FkSSvxvbj9
zAI6sguXlCR>|S$}m<@3%II#;Hr-C0htRhB{JdN{yPZ=PbODmuclQA<){KdUTZQqPo
zIkF0USHQ6$B#SDvZt`H=u1k8nSL4Fd(%H#hGRqxhe<Z~10w(Regr-2Bi^ZKh)aPNB
z!kpm{7uO(S|7PNDQ@su9E`oaxID(}OQ`Uezu>=P$uzeS~F86l(-ZR_LHf@T<R*FMr
zwm07@L_GyXFLGC_EP8$(ph(B}>mNDkc|>vH0{IOx2Ma!ZEn5|zI;uEKQ^!iB1Kn)c
z8;S2RQ$=THg0Ecedu@iKfj~s9MLih`an7WkE3xl;L_VN8Y<OoK0y`{)lsWxz%F`(P
zaB6OeL!6+@v|>Rbb0%*}2o+fikz1!;q$MbMs?XD9Wd||qt!)saw5U_3+$owoR!j#u
z;pVNqogYa>Ui8N)bAiqpoC^9(18(dT!Oy#)-|l!lwwSyTk{9HOhNE1ZHph()<F&Cn
z($Mcg$}TPSbbmKVAb-{<R_dAlZisy|(FeFYXQ*NFEEFliLX59@9SBhl1}?72R$)2I
zzF2byB>SHaP2zc>v9Hg?TLX9MD`301Xo871kW}-m({~Hin(Hca__JKB1KTcdKUe3=
zqp)xgc9tWjZ%P&8VHtZ+(*T>usESV&Fei!o(ZQo9=h7T8o-Um;4qxwk(ttT0Xim-x
zyURou83%d;DTu@hR9?>F3$!IloAmZ{Z0A>>JiYj2!-=<WcuVJ@F;Ir&Ad$z7yx;$1
z(0TuHYWRKzwy^T3?U{J%9fSh;;*8y%>^1@E4k~G#OBS*i=b(Krv#)vW04o3ks^D98
z>N>Vl(c$5PLZ>6Y0j?8(TySQ&RS<diK@5VU$~*k&l$x5Kp~DO8Dg0IUmBLiB8+kEZ
zbN?1T13fJ~#hna}qn5k?m1i&QVfre_wJEuS!@qeUTLP&e3lGb$5Xs@Ahus3?<?(aA
z(G@hC>&=LO0KEy)xk(Z(Tg&@33+T7C<}1pC<~T2P#Jtd(aiqK3s=(pN;T5a&n5UWs
zu$a&mW>2<vdf#3fCmnsrCH;*@azzmQZV0Pl$q3U)@ycv|<LE@sH=Snqt4{{Yuh#nn
zo09S1T{lqnF`SDD1RUH%v&5W|G{<?L7L^0MP+MoBufRQ5FOkV-tGrUD<K9Nn*3LUm
zWd!A(ef(i_lw#-T#jZ+)r#fd*jqk~kGfTma=ji^5MZXR8lotOh1aHW?=QhZx>sFR_
z17JYUX%NG>O)s7tYv-8%IynFC)wsb!wO66_-bi_AChHoLgpH7?4i$=l-4{6?Fraw9
zvs}gdnWr!S9OHH^g{LA@`Cfb&bx%U);{Xcxcx#CFrIg?s9d!kxz4lV>i(F@q<Dk*e
z@Doru6QFtONiM4Ez=<N(kCd0=tGU^)APrWL_#FCtarKT1=-ZGWd->F^A%EH$(C^8-
zFCtvIqv*5I(&uf}unj{CSjm@j{fdyoJzoRB0E)0y&D^`IE_dg}Dm{<DGuC{2MqW6s
z9jQ%hIsG-7_Vw<uTWB{L2V_ABZwVHkMYJ=@sb7o5=&i%|2BL#2Qb)ZbyO%<9<-siK
zS7NjPkB;|A0}e4bc+Dlv&QZUZ*ZF}C%3O87N-F5cQRAWza=$`V=ewn!S6)DXf5XXw
zXGx~ciF#5(Oz9jG>$({=61=8Rw-@;3X4qtILzNxgiLVJZm&N4${5!zXBz<pwgV5gw
z#K&z<6+RYK7alO-Pj1E#NClW*$}!<R-U`Na>OScriL5AQc2j)oes7;B5$7``-l&W#
z&}Q!3b#JdfH8^!7v|}0N^WXjE`ywpOEEPZgWss#gdbC$X=bWdaaU>}t_$|S;b1R7L
z?m-RcF$GxsyszM#P9(zkDh`H5;;Ci?N`;)!8%K@~3>C}?2%5*h!O@6$n4cOK%~E*U
z&>G3N)OE!c&Vr*ja?8nn4;DmUW<1|S94Q&h`KFd#ee2WqHF+I2{^c@3zdiW!Dd+KB
z^r0lKxgGTQ?KaPuy7d{xS`fvQ>pfwnd~HzX<Yu(|`4%6PXezS0J*+6}8?c|A>@^q~
z#wQONGTrOaNrNc>_t8t6hqyHfMMT)<0evEvV&w!@gH)2G>-3sP1mC)~Pt~xqa>P7@
z87-W{x7OxZ5j@H|Hv-hIKLnf*b=ID34Sic%Bhv>LBo)an!rt>3c2zDYzC0LF^`eWf
z3<4Ox(=NCI8`<<eS+@`l1KPu>OVHwo4}{23Pef|JlvSI$ZaRpj+Q`-&7AHlICMfm&
zyzO7Eu*(O0C&&l}59p<sTYwX_r~TYBrHNg;xaZ6h0TnVeXCL=3PTg!UFA@}A{2b~W
z(44^UJ@^$@Z$2TgV?v*|NafmAA9B2owRcl1E`jlZ+CF{bDpp$RA?Z0`NA$k<NkGIz
zXf>Mr0Oe5>kQ_?cg0Ndm<>}>VFBxZ_dk!P-!!^e`jX0#+=cb+z>RHZ7xMkLexB4Y%
zK5?&j`c2%219hjlDFWlkkH?Lq%l+luD)hkRCp+`eWWxlSN}X`W3c|WnsN9g6@lD>e
z*}4%gE@f#mpHZ?y(H+TVj1eGRLh>Z*V8t0o>hP&Ld@Rg-;xnJ=&BN9Xuu+eip4cNp
zIZs`cL{JVZ>p9a}RdSoSDgs_Mg)dSLmEKR)mA#aYjTL(X3uuz-L1UtMya+wxkHzp1
zKka~U5|~k*T6mE4=xp+Q)4&4xc;!o(c|Q*&l+W7|qG@CkDDWB#OQ-41a5g<s-ToPm
ze%@Wn-Iv&+tQZBnz|@Q`%MC>iK1v{1pXnNYJ=vxw&eZ|>Mk&yD(eP(PdemoN(-h@$
zYz=^F@sg{Sbu19b+i=raYj>OREaSvAtjp)6e9zH%oV2&UNgM!vp(XV)u0!8b0bfgS
zk1(`_eD96lgL$D(v$mMOnv)tEw73ulhV%MKdrFPza{4^3vG)9M>c1Mjmj<u3p(i3s
z6vOqqx_eWJ>Lv9jNZ!9FHaQIB-8bJxeUDk9E}cnnc*m0#dh0D>nn$Ud)qARQpU}d$
zX~po0J%Kis5s{z0XxgLMCqczaMxg)zZ7LO;s_C?u;Ac6JpI=s8sCyk(*Iq2ZJUg&t
z-AySI^8)<E-W5L%ciW8XMID;J?(@P=oTMu$%si>22l||Z_xq;si$T=qYw*8F{1Uex
zzK%8-rIQxljVgL|!}2$=?JaG`=}EPTui@vdr%uWC;~Dz~7D)0zdLl_A?%q0j4-;Q)
zzZi2s^aXq@d$Q0!)8!Y`CEmJ=#^noq=_``YM@mTZC=hM0E6t+_wpk2SPgPE4tz?pE
z11pZ*p=CcPIn}52$i-83mghXh??7I-$GjT)yj<v3y76f7D;p=OxWTYrfHmQ6KeXqP
zRCVUDAoY&>%}hFCN1%vT{;?OW1Bo^|7g0bpC}0sV4A?v=?oYOhTF+;5b|CR+eG@U^
zb2CxSOPY3wZk&y_+?N*TY65+;TKD!-t=!&hWkyf_>A5@SxW0#T?^CX{E2!}ep_id~
zLZeQKhsCfRjKtp_IrM*={*XeOoJQ|d(!Mj5`;_fxa~k)E$$q0=ALLNNH=MJ&h1pA!
zW@L{18Iw%8TMi2i#tN<)6|&8|aOBEhiGDfx3e@Cyk-N8`L&B-6{Qlmj=v-(SKek57
zrMz$!U#j~Ca?ioBm$1%m1HLscT860&qtdU(ID%QDV(QqwwAHfmd76GH5+WHm8sIW(
zo<|YpqkP7xZov}OOUmMzauw&AZV$|Td}g0BEhWD|irRA+=5BAKoF+s~M!pFdnpr16
z-v2*0>74-43yl5brvZIgcOf{dlUQ2j>-5aNdspTglrH^_gWLz;G^%@B&b(mn5nrFv
z(OA8GgSyqViLqaH^gKg&XC)jlNKy)rqV?jTdf1R_CwF`H8zDfRvG<8=T7b_tA4AIJ
z8(9-&GEeh(le&$n@#O#v8k=5)^}21GA$aEfZnFYI3K8%)GXzg_KJ_-7Cs@te&Nr{7
z4{F)Hdqga?`m1#56*&O*>Dz+};7WXFi(YD@K_!0_uBxnnD)(WH_=yKpZ;gS=pshbU
z(agMWi#OGQx^8z2fTKW&zR`qlk2N{NIu{Br8Ax|03m?ZC#CLdeTHp(|aLFdmJ?hf3
zN_poxd_$t)1cSOF91I}z4e_C`CS~k?ZWc9OUh#GKcP#++l0MQE1Ls<>nd4NdP1()Y
zztRV%d<aT1t_jv5b579P%t2MFM@i`1chU=)^GN3r-mRB85S-6dKDX{^@PRpv)_$6{
z4}k{mxd(t@<C>>&*f*>N+bywKq456d_Tb;%fc``PrMz#M8+IuL(WMejrVQ#;2(%ZU
zS@_8gpmP=dPCca;D9&vwn}3oLo=oVs7Iyje%b|zI7vRuz9=a5I*VvRl&*8jo6^?!b
z4g&kz97LnL{t?ttj-2C1U(&oF8-ie~0G%Y)fG*NBsqHs&As&r1AS%hZ_OyPE=Rus2
z_}r=QtOv0SqT;GMLUTdgmq9xv=k0<C7|V=IFcdODD3;12uD17aO!Y9c@&GqL$iGWV
zZOGwa$Dg`a&#ks|njT%4$B{Y+FS5|8efbw|k~@Lukp=vu4<1_@%G^o<J9mLR&h^Tx
zp1cpg@f}zVJ=`EWyE(mFYWH+<qJK@>A$2qP>lQUSMFI<QgHl)1MUv|vD|LTT?**~S
z0~D9^M)kOd&DDA7L`89?E~w%+bM*Z>zn}3rA+PUf+!rj{F`K{nJ+imszOCkT%<fre
zIfeuaUk~WkWPi5wIoAZu1++X<d3g+Oj@i>vGjSx&A(0gOrcxKx6Bp**9!^#ZRFns=
zw!K8Ik{P#My!^^2@(Sju!Bo5H*f~>^sxcW>W7j=dOxo$3K40NxCt$n6#YeTaVRZs+
zcI6K9w?<TK+9sMEN9VN9eG%NgS?G13-}x$4X@oQ3l=@=J(V?nl^mArzeKjhYME3w|
zPZApxSd%ts;V9eQi9y;k_FV+ZL0x2lj+>|<F9}4K^Qyxxe>W$J^bPfIsr)SIXm3q5
z5`6_~_V(sugIx=D$6=>O)&;zJ^D*FYVrqcuW5|%nIZk{A<zAAXmdO0uP0%1`vYLk1
z!sTF#xVvKc=M=1ZtLuFNAgJN=2+1sX^z6eB&LVm{B>%kQ_L}ogvEQU8CUjM>;OgF&
zj3P<VbT)EQ>+71ZxhElPrU!KUS~KaqFAd@`Z<lE7P5jJVE?+%-@m|+p>A@!jpFXeS
z@0j1C>^5BkZ%616f>UQ-<chc$%3geiPfO3_ruEZPYWlER*%$h$J&fyYDK|v5fqO2z
zZH@kv$O1pE{|1-!3F5WXD6zSvH!oj$$jQfQFE?#CQ6$$Gaj2!AERG|bL98QBNLNuZ
z+5>}T6_+c79I%FB#!CEIo<(1xq~I+PE%xL0R<hkwpasDAj&zaa+zC&hLt=~JUg9E`
zY6Wi?aDBmU?d58Cf9XNO2V%qWl@#PDRcCxiDjhufl1IY|yf1zaA(er=^bjNQc+|hf
zXDuI`I#B_4ix@`d8cUooJxd+;g*t~LLf7SlBiCU$2XuyMG-gL8c*HCNzPVOz<&p=U
z1U^ImZjJ49d$;7EEfDuN{x%<5e7(|Xgg*Q&gUmN;KDAKy#gqtvd^<;@Inx}EIBCY3
z5%e8<x$&+&^6y9?u7a|c8{=gi5~EZ+M~IqYzGk~8+g&3KV841Xzu**avvUa4H-hz`
zRDD(AS-7ithmNSXUXh1+`ktBL$aD`F5#o5e#G}(9-+6p}aqfwRr%W2^GwnE9pW(Hn
zU-6`4h~N9`68PNkhnI4@wro!DH~QrWT4X&s>*}T8k~O`NK2Q)t@7r#T!-oWC`v}Q<
zuJvpBBLDUuypa(|Qxuow>Xi`@6o`RMJ>Fo0j|!*SS|`ToY`g%bXSsmEhFnC`=5LSp
z&)4tXD+wOHx%nQ+BiBY-$FD&?K{Y4#z=h^(@EJ?kPEJ6)eA=<4E;fZ5uKQW!EH^$}
z;MqCk^5TAxDbsdO$3eJ0o)xEXcKqzstd`?!tm&oF_Vmp(P&8bnPaxvng@nsC@Y2LL
zC9R{Fkksm0%WXT%4%=;undINhWp!3~r^EF@Wy{Vtq!tX-+4`tZ+Ff9g9YOmhqE~>b
zaOeXIr>_|3w)WmYWj+TMu0Anw?^hpks7x;}Z)>?hYxX;?DGzUliTZ_<+kwW8P%Bx@
zqEh{t`I7NmC%|(!7dU}zM^{YA53lJdMX;>V`{ZJt16+?2eC=izBkav<?Y&@69qAsK
zy=Y*(pD)&NAHk|&L4=&mVLW32`QSvzdilg2ua<r1`g|8+YRt}GRoc_?FHAV(b$~)H
zesF*x!EW4NeS;F<^;n;mk<QC9gra2zSWj&j3@e9*-jQ(NyY<#;lPm$$h>lybb+Ppf
zYOH^qAO}rNa=#fm1ofd~ANuNhvK6ldFnP;o*01Lt@#>nsQ|m?V;|RKNZ1s6$f8UQR
zt2{;SpT$9@?IPtpF1uH4W3~I<m$-KPz5_oO`azuN*MdZ<mEcQAb^-unkQ=sa$?Itl
zP&>d9_HDDV=IC>o{PWU#0rMS@6AQTa#ykiJ@+Oziu;Dvzi@3nk39<;QoAJQ0rKFt`
zzuvY-e`b;Kv;g@a(QH@h{ESRLZ@bIh!n@Pe>uIs_@^)p^l5sl7KD~q$b>107H}KWd
z$KbZ;B~F45<rJYP@1M>bBi;Fpl=H|k;?)x>*YRuXAU*j|1Bj(CRs+fHemC3*fbXbG
zoLhC4L66qaP+hXIr$)}(DN95Gi0Bxf|0+Ka#4qZiuv1>i%~G&qbJ63QiZ)ru=hEqM
z#n~H%kq$M2P6#(ng-Jx_wxeft8eMq&;q%RskRlpn2wV_-+Uth=d$p3%u`$fIa63=F
z96rf}7o?7zR;J3l0mA?0K5Et8bB`U(^MvR)1>2>iJk8~DURLL~U~=EKx^8b#&3Np<
zu@iS=2q5I9+HS@iNxa0?52H4yoUgdhAwDK;XHo3<Q=5vhXAm#lv(a?Vy&chP6MX+U
zcl2=6{U%}4dlF_<Pq0{@eo1|>J5F21o%YI}`f36SeQ=))?c=e-SFT{&miICx=U4Ia
z@HucI{E&Id%Rlq*>p))4Cwrq&Bj^Nn`)PxK#c$N#H(_tl4)`%gvqsbGbpLu(1cf+b
z9|94=^mn+e)kM^N;Rc({Jh^I}VSsdXwJGAd9{94e6Gy5jK?lwwN0IBW{@KQ8@VTBI
zZ`<w^Bfqo0ez#1tFQLmxjqY(wRXP8v|H7~~&{tDV9qdoH(xbRrIB@7Q$(DRz@y@U_
zO0{>0$$^{~-lna@-B1hei(nL(hZb%g$J_I?&l9Ya#(S^jCZ4z9xxQKWw<>QLmt8lK
zhT3n;CdX7AbSB-6<io@FsgiWx%}J5)lk=2J(=p-v{=l!;^xNYQaD;dGz}A!;nEDz=
z;P7akK04s$I?&w?S9Tt;DzFg(T_|Iz(TOg~G|m09ijw$Ry@##W<&H}M8=K-N%-5TM
z-#~%vLS)|T&ERt=<yhBZhI~W!rfuaRjg`4+e&>%)Zl8ts_`5E=bu~W<InGqaXy_>r
zuC|xb9{OtdrBg`J#FA!r`;pG~9_ql&Ix2g7XdrCI{B6GoK0;4m0X3$tEq?=i%M}J6
z;>wOnpH)H~6?9*2)g8&E@8%>Q<oRW?JuhIrOiF=h@Rf*xHset!s%)velj{%=f%aXI
zQ<NP%UxxzvS7E%;$C{r;elqNv)Mj`(#t`R4K6F%|5wg3N%1?;jqAt1Rbn+%XH8aaB
ziHDzzvCp2?R_m$n!vNzK@-s!ZuLQIzG>(IlIrio0bGnrzNK_8^=Fvw>6a(rCejhfT
z%JO%#@-8kv%$Y~WZ>jT~=)jkFisFeneKBA(IKyweMT$#w0oCC%qr2Y_<>WQawbN(N
zBT-;!cOH7cqI+KV<9=sKIQ=P<fVmDNLJd#S-H{}-u+JQC&$n8(=LYrqlMVEuTzYLU
zH`xMT$!t!E^zX(iUOF6NH@k#$@`<0r8U~wr5vAv<_pz%0Z}HjNsW?dqORs}I_Re;5
z&S@?_9D7*qg`0Xz{Yj0QJ`Nn2f}Pd>Tz&6XyohHlw~66$U%ii1)mN_c>Yj4@<fR_O
zn`k2W4&*_*q4^%x`CioG^{?no>b8_w(6QM>YTQ<|_VLfAg6{-;%)CRWbuqqrWXV42
zzj{mfw<{vQ^!NTN#8PQS_=qmvl6gYY9*Q=$_&R)^jgrP*G&(1n@CY<{#&@|q3?A|~
zJ*n2A!<DEd*OU6D^4!j=6)#DnFnUK7Hb8;J9lY>00;;mP_zvvQ+X2>3D^ERT2xlx)
zj2}5&-Eaa~e?ssq9+-%3XUx;)XPyG1Z#fyZ-SNw}vbP?f0t-J93Y$|+w|3CqpIpfn
zIN^;(^H|)262MDsR<2u!y6R_b`$$enw;P^ff|(~XA-NOme)becwjb4BbdR^89rn8B
z&ZS<2do&YaKA*=>hLdU<<k$%QSz1+MDEYEAO*5q3uzlh+Fy2?Rw>Oqi^Rs5qoVM;d
zkn#=c^WsLAd!EFLxw?f2=j(pH$ndg<sgC*ABwONEb~7j)74KmN9_VD*7o>>4_l@t6
zHJ6GsPMNLm;6(^M<j|?UYo8(pggZbsqqXlyp9r@nQJedGT&XD=8_0~i5}#;{>Wj4O
zTS+YY)J0mkQ^QMs7^Gg!&3l;_3^X1d6vO8*8R7TClx7`^1oXaR%ytgBPkz&U57H))
z_Vr7oVv2|H{gA16G1dq(*k_F9KK-e{vsI_c&l75xGp+Oz4)^<9_bHH3fwUqB{JgG?
zu%|DdRyf=lqDf0nWEzg2OP3&<A2LTN@Vv)DSwkoi=v}yU1g{Su_S;?Un^dtc-^U@(
zy{ktMAKE5X(@T$g&eToB$ZzV#ckg}=ZQF~4XtkYGtCM;TmWWp<Ai1Nypg#zcPulj{
z6LPM?nrbYIN}pd|`<|2d^Dg|ikD{8>5m;9#tNW6ACs0AOnH+>l{)R`$`v>EeKjE#*
zvs0Q(d2F)SwkR|m`M8Gt{kHCjdk;Xv!<S9o_a@*=@&f-JA_m^wD{&tf)n}O<eLrhM
zQd7H_j{|z~NZbSJc3!p!ZBw{XZdSBGFN@cw$!&IfsDbXu=I@Q>IKlBVXlMG-=#hW~
zYR$I_tNc#y$w$Y{_Y{!flNa<ABBEvU8HpXJ-h=6Nt0u_KwY%}Y0ok=~wrfW}OD-|<
zW;x=>30-+3OOh6BgO?&E)s6-o{H_oZb1W?DhR0V|aGjl4<;DnUrd!=Ja?G`*)50D4
z^IUmsAwxj(U2rn@i%~G)Pbq|58NJI_#lrjvvwJ+SQ#W+`6v{n%*!DrD==;V6seU=`
zaVo0?aBP-~SH{|pJeB!%|JC<K0<N7MIeD?eO!RoUWfVVLI@xB1_bcJ^Ja`bI{VeK&
zO_hG#>p}}_69DHifmY%ze1`@wLuJ+EPPWLUPK@2kg1LG3%vjgyMoSdSdgQzCz4LX6
zU7AjwQ7DU$&$Ok5gqh?8$dvQ}sOsr^>3nv&5q(7s%^>RPNy34b&HWsXn*BtU#+?iA
zu{kQ&*M_vDUzr7WD^C<QWyJ*}lp{d<)l%yz-b+{EtBvIfna?j%Pz*)jNM4k4nGNgS
z`%PGa+Z^|+6@^RtfGho6-s<8*)%GN!9)8G!$M;&sqE4-@4dYW2QN8lwUg@d8EVrd|
z9lwk29HlY$dKfDZ{(0DM@pomM@U<2BHuQoV?7J-F_oXd=toSQJ{dQj5<BGjaiMzWU
zvYX5BBn9fposP5`$T?3yo}RQWMF7d$`9jMjIA5(rvV1N;PZ|B)x0?jo_LNFftktNP
zL-U4-0<3}1SEnX&uhU+pt&xj5=dJ3tFu$dZ&v*XX_wJWff%AsxqCN(lQZR$naJYtD
zmci}G^ciFHn2;+*nY3-$RT1yDVrLP&@9Qa=_4)2$zJ|>giHBbn;yBCaDpBZ#A)3p8
z#(ZpD&F86!ga)s0CvjkYkwx~azIl2*4dAJ*P7}wkKlc0F;3=9>FJOt@+ms{<Cyq&S
z4da!q#u(|zF8A`d--KV8dq49*G+BEZz7cWeB%&Wka(?0uJsIM>5VFo;G-Zy#gzKT7
zC-}Nf2W>#n7GCWaJVHC>mOr7Acr#v<WQ<l%igl82N{B`r>zk%RKnH1_RP1;ta_)f|
zqynYOoP9YjDjU*l%c0$p>b5zG=&tj<0gGcKbz&qkkH=H30!P{Ph;gb4-^96xADn3<
zW8~YJ$FS<*cwDW$6np<i*p(#NlH0H=i4?~r$NL}2p{(}qMf{!J(e*l00|=xjU@GMO
zUXTRYrde539H}hstHzx-p3==ntuIq)?1u3%A)>zXDKe`!3U=@gN$K$L1nvxk>sf-n
zpHI$)G`)#L+T;ASkB-f;%MGqwA`Sg^oD*u-F%F5Rnf3^OElAM-B-5veXEbYl1&lA7
z9u(tozFv;N2j<>uk2v&d@_wm-Z)QXnK`#hZSN7ND{5Z0Dg<Zj_r(<mSLL0OkMYa@a
zHlGNu=D>%c<R>4?sFXU+R%m#3?c$`<o;elHo_@PxSb{bg-C)npKBwPVjc-OE@H@Ys
zuaMQ?VFkrD@zxvQ3?sK$QQ(OMJN31!!>Hzw+Or&I0=OOy%s`<|{xjWi^3A))T%tso
z%lA6zpww)R9sgX#wB|IsHWUFe6FwLPwR;%fE;>O6Tg|L0cwK6|O{wIZ#5pJ#H0slY
zy0^oH$a0<@JMUR5E<D=h2Ux~$0){W4qlfJikqWO|yiHNBl9FC@yZ+Wy6nr1Tl_q_-
zK9?SvYjDqjdO8JC?pr<BJC3_t>qowz$LkpPt_1ki_`6@_v&j5*+dX#ByEu9Ob5dc^
zkuvBremqcp*bul8;o`L2u2s5kQJ*KHCpFz+?Yp9gOc|xnc2a2nnjC$_ZO`_Xs{B^?
zmorvu*W%<#bb|_kbUsp1c{G{sUypIU`8ZFE(th#8A!*;~-zY;~L)v~?^pVZ?tLf!}
z^R$P9a>L?z5ApsxZgdCY>q5d2-?_f3g$;4HZ*-a{HmJh3sCY4{e#h~7Txft2^Wqoi
z>grhMVO`yaF86fZK1ZVj;lqyeh!id5ZICqGSvzR&55uuW1dlVeijWeEe8#)I@<&fD
z=c0dg<s8Yu$Lq09_l`)02-&2}m#m%KnLVW^`-BqHr7ouPu&=bMoWOOh=uzn}6V^s|
z8|w0BHAORc)f)ASq#_NKtAzJHf_L2Ep$5(Rd0Y;|c0aSwe0w+gz-Zkv7dhi{A8I|>
z>TKT2w;2pb9}MxIsXW@zX~47Lsv5Pc#`sE(M}nR2(w!E4J%Cwgq>pA7F!uup#TFBi
zFOZQO%8oJ)++Qg5JKgaWi1?^$izDHyZ?ph(zHFH{59`TQy~;piY}E9yU|;b&S!>j%
zN#DAl^jzo2_j{iI?9cpirEetHrDlxEH=!dT;<d@Qu7@2wA(P{BPE=s~$Jff-;&hbi
z6E`xl_Ym_5GpF!@Vvv9U)Gu3eR%txw+`cFsIk3fK4H0nh7DmzWYkI8J6u%GNfMj^N
zG2(jdeOMk~Yk^y+PN3A;RIq6!CiyfIlvZ~=VP|(wgWk8+vEYf$X<kk{Qh*9?>W(=k
z<kOhnT`)W`dqAS>(e?ty@7`q5;{%_Gzuys)WvnoH1V!37Cwt%&5$XB*=;S^jd)4<L
z1bWeoQ`!)m6Y2LnM(b5GW&od=86*>O${wY&8H;Q5)QTIYs>$O)7o}Rx8uQY_f0@h(
z)apHPh-eqpvJl^T{|d-sLWy5k|BO7bVB=)qDUV4ZAN6wHGclxh1?%`*NpR%M_zKE(
zKEQ_r0&Xi?S_iq|V~u;6k^KSH#TW<B#<)CZzL=E?dZSKXYh_jLVaMFuq*KtL`P~sc
z-U`QWl7z$NIF(vRd5xF7x(?>qcCnw@tAQtbqI_9caYGy``AEeO=+fb1mRUmh8N+qf
z`H}%u4}SMt^h*J`ZoLJcKj+-<8gmSU0b+EqGbWe=ia*VbP{0CDVt&bBSH5$1EwRt(
z>R8Ho+VOn;7X>4v-%UG>C7B>EpQ2qs7$&-(yWgQNnFa3A@*6jxY~xY$lp~maf#S;$
zA6p|bh%25#cxh_FiKb-pJ{bVWc0jxH>MiCFs<S>yznll|?>xx1jSN@@r?0(bL1iO%
z*Z3jVtf0o#>SMLc^7TO2!d#@*(gjv@o5-TB(YCJ(Q;^;){1d5c)B%ok9PoQzshJc$
zZ@Zj3pS1$x7yG+7W>3&q?~@guIXh3B26>CQ02=O~KP4FNsXn)Cv?OQ?O1)OQE$G|S
z+T0eUN%uVVL!B4$T(s*@Z{2xcgAr*0`%dIEDn<4J27#$_ofh7XkU@?>GJu0v_yn?l
zaXX}_G*$<i0u@e6q-8(O&ms$XJ3F*#AwOTTJKsk@lh_eWF+3tqc2^T=dg1sufh^W=
zg;f9=CdGJWYZ>9HO77}a<hNt)OsjDj2I^5EJyQW3_crIXn1fqYb6qaJr^-R|_lBRt
z#jE5FhVI{aMx4cd;54>Ku6q($t1<&k3OCj4Q6eO#^?UQl)bj+z<Ker&2rK%9Up>j{
zcgv88w(zLh+xWUSaQ_<Iyn^k<X+wx7I+p~izY}FeT6Yy<ogwdAF^`o#o*${W^VC!M
z(&rxWHA6Qqwq?t7V&%Zs9D;qN7RkbyF%JsQHR&cwH@<tK<nGkanjClp{H}dh(^r-b
z=pMe;cE(8bF}b5}`rd25-9tkAKyvYbBf8Ji(UzrmGxzdQL&oFh2oVaKT*RA67(9(b
zAo)2M--9sO8S=&6Nm0VrF)j@O=aDgm8*{z+^Dx0v9TpDJTN}kt!hNp8>7|I&)hwv^
zK88mho8Br{={fkssrOZ%BO2j(w{A%F>1=J-l3Nt@1xS1LeUp<;!B5G%X@P!SN~0Rh
zqErPxJyP!P1j)x!jB@l`Iwt3Vo);NrFz73JTLu|lTPK&aDyl!S-UJzzvuakITuX9Z
z$$`=ph-rTHqW|gn9qngXw|4V$B9KZq6K6O%M6w3&_h_#!t6yI`_PBf}jZl~Fwetvj
ziq)c$+6f8Xy^zqX*9k{KNskhaIpi^#x59~_QCBy{Bn;Kw8at5QWcNh-#*|)r3&|t`
z-Gy)AJSB+tPGH03)8jj_p|WZIt>bvy=`D+UcU<Kt<Shk%8aWW%`p6T_Yc_X}>?W0-
zNVsP5*qI4kqg(QQUdDR0L*=BmTI=CdOPmIBJL6;C@&(5D=W^(n9)*VT7Cp3+oYOWu
zZ`-qH4An|eT)TYJ&*P#`A)(m=tMhHGslLIKs3^g_Q|IeERo+KWXCvKwmAeiB-nS*M
zyEpK;1eXBc1`-7qk3Q`hV&5H0)=)C&i&>RDQ)<V<&!s!VUT>l$8ZJHPpW-2WGM#Q#
z#r?h`-oQD^?)Jn#K*)I|USN<Q%;<bW@2Bh$sl9soRS}}|22^`D5}mn=-zs`+t{~ch
zUxi-o6xcxGR!|Rn!X|HGhsK}*I<jqAAnvPz@wE(GoS6G%d{I0Zbmr~!ojgzdJm7_c
zs~wY581bD|qH5^S8_Qc|yz{8|{Vc-~a`(+Ne0dgx()i?@??rxq1($hJt9tZ12$g7)
z_iq$P%_YZU>Z5%BOemcm=qA|HKzOF;>NeqiAKO4jSzJgJPv7Im^)L8&Z%Z*n;_WRF
zKKNcIulpGZbN7cST89n?RiuNdWQv@P8H>7SJAZZ}(C^Gi9pJ|F38e}-``HI<<W=p@
z4N?=NCncUXnYg7hcnH@X$eN6**Q+I^s>TsM;<$#eK%vX<&y-5bLnq%p!YsJ`-3A_`
zFTd|j9_y!_4Jrf;*txH#eH|JFyk1SGojUp)63=}T_T{dYkQX0F*0^_R@_OjDii$r?
zdDbXv-MAzw(O~FpJf037!&?`|X$gj(;y&Vbp0d1oe2MIc>Q~fED}dgk;(HU#_Sx$m
zcaQCpdt>5J`t)b=<%{X6UoyU=J<^hUMPp6RY00;wwyTII>2O~i4{u%19c0i=&R|3?
z#RsAorFJ<um%gnvYB(W!42Wzm7}Gi|La#p>dP{&qG&)*{HsoGOM0>Ou{f*uwC<$`*
z;UiB0uDIK)+&fkGynnA$jexI#e3mi$D4c`IeXk(WRcbR7!Q)*g!Oz><kHgdezj8C@
z5iZwY_I&(2Ya?x|ktfgmc{$-j><}INLQPPF`AZ*@?Gu>O#GZUM@N-=7v?rm5PS`ju
z9rudN86Vw#baap8ZGJ$l*|Gf!grev1BxRzEyZ3=o&(`gkTmAS>zWRQ7Z}g>>0Xcl<
zv*bvwY}(4K?_8Of5Mmz_k~ziv*{4vIgZ3LvYuc~nw%^7-u?e@dK1<kp`#^8^tC@Ab
zoRgGWYZ&+F5*5?UVRQZZ_B*DQE{T<YK9-%EhuHkeidM204H0lYUIoYJJJ)yfs%iKd
zUi>X$##%W>cq<s`0X*_;q~WBe7SBV6!B!rf^d16!+n}D1WE6xb=+!SMA>Rv99;?vv
z=(nnq|3s^wU(`JiJcq8r&E|)uJiZ+w^?1JBiekB`Dv`d|_71JiB6=m!XPlKm2WAuV
z5yGkQ$1FcTWQMYT_IdUh5<bP44ZA{x`voQ5vG60U#F}rICjc*EK5EBVX>});yh?h<
zHVMobE;x$_lqx<jek?az@~SH^s+Eso%C_ISF81BYc{&)2Q5(4A0xY<nuD`(IuNPPW
zke_V3jt9&8ZUSjuZ|K_r=P8+8>xu3dVfO*8dmsy}XBNYsi0*Saj#0Be-0`7d*^n94
z3-@C3skn{VNBp}aQDUM`9J*fTDh7JAWPOF)zi4$N<bxA1f+%5j#LmSPmMv>O-iKhJ
zkE_kwP&j$%RZwMnh-dn6_3C<mA9WsH4G)MNX?d%0*HA1grclS-Lo@Uy!UZ7RIbSZP
z#n<DnaliPC@;lPld6lwx9y-I>(+cMz@MCSVc3QCDN%~30H-uKiZ|7W<Wn%z!tj*Ct
zV4KWvL}8gW1Gz^rS44CHAD7<4Y1E_#{7#i+Zlv;Q5Ud%6``AvcnMc)ZN=;p~0Hfu~
zn3`b#c$BId0pL8PI%CXoo=Woj9vT-)ML2Q<pYRI7j<b8kFfW#LDDW`?Je>Pj%w;8*
zqgQTv<=1=LdG38%VOOyBoa<gi=wX3e0aYp-(*T-^4w_%~rlLQ2vyN?jzm}PJQaBgh
zVgPz@p*dVGl{gevyb)!?F!%J{9SoYe`gII)g_s!DDRxSITrhD%<UC<+Xbk5SZaE>K
zY!;skvqvJV@Wws;_-J%B)R*jd?L79M_wevT6Yu)vzCyoqEz1`3>vBC0AorD?$u7j`
z{Vw1*f6dk_SMl6IyP0)SOzn)CwpgQ8-3RTA`_yrSvEHi5#aA%#pQnK^G2F{Uk3;M3
zxo#|MYMh*(m1cAI-pL!V^LbgHIa&vlwimj`!yXG$x3_ocF@cNBEQWXoyH9<0VIuOo
zL{m>xkYA~0Wwq;!W{;}%A?@$3jiEUnEh$kv?`Jr8KZ}cq&Ouk4xX2)H8{GOVI=>j<
zaH?%VFw8ej^O>_8kTRxYbQ&i5y$@Tzp&qTLiWzo{pUOw!_--A<XPAk^hF^l?G0=1m
zc5t-{CvNJqc*#F)^o7SrYN5?Mp>BKYyy0PQ$?!bXCAyvTq)+S3U^*khS8{gnDRb_K
zb*M=}t$kQ|QH%Q))~M?_>iqr(hn0LO`04!c1E`mH_)M60?`QLbk-$gL{c65vpD$PB
zo?|kG9-BSPNL_G*qWzP{ZFk~5hSpPdw<sZ85l!*1=85te);ECKh*eKke_<bN5%_qk
z+dQ=nCb2SP+(NI;QxFS@IoOS6d^-0U@~LjSZ{8?iXk!4skUx>dg{Wpx*M%Mo@3G_D
zO+p!L&56ynejkjf`XuJtQ=od+a5IW-f=zHf%=;Vf_Qu#=frE18zFAi1K=yO5%z!ap
zqrpI_CymDRNX$MCtne7d;8Q`ECm!$2%kiEJ4Y`ciloP*$dZX()7`FlWafA!E;B$7V
zE|IIC5^THjr6QcCY2}tsAOvgxY3!Mr2N&C4P*0kFDzfpjSI$RX$`$VT33_EU>z)U$
z_i0>9xWn7OzFpDpB+NHG?h5eskp#xkXnWP?I~kN3St2;>+bB--_GzG%)aOEkI1@$Q
z+~!p06*mN5tYhPSK4$~y;eYx`g~in-j;NHQbpyLygYF>Cs{;TNfzYv=_Gp|AVeet>
zE+_Vh!Dy&Mk^MHoeMMb9o9tH+eXdwF_9V}>uY>Q)quTOG0x0lXgxwa<%&Jj=CtvOT
zQb^B2up`Tp6CQCqB(X}-C9H>mYJfoRh<&I|qTi{$O`^9f!&|A8%V3JH6bljzU9h`S
zDhQ<h;Ng0@a>^o)+;$Or9MHyaM8=0VO`-Qh-#F57jq54!a-hnq(Dhw~Lw~Ob)ah`_
zo=Vd6BbSFCL*%%^IBt=GQD#*3eoBsvE%8nBj85RykMaBLqtXb+*kkMHTO9%0hST;q
ze(doh$)o%=MxFOUO;v19F5wY>^ySd)E|U9Y!T;xYW&|}C+MNb=uG;LA8|&)%G(ezH
zgyo<hVq(S~G1jqZQQ`7Bbkr>|<kdA6Q!N-m*9f{{a#k<JV`2pYx6Xvhq#nAQE!3A1
zK+ynhKCXfE{(xXFo+||H7ivpsNcJ|~b9Jt%DV>l6#!$_KqYiW4E9a|*=5wSU+c!gp
z%jRv^)pj0cMj7Aed2gBqhve#7>2*5hCz9w5&4k)Li&@7CWisCAB_upibHc%4uSomJ
z9SEujopU?w@|UE_wht`wbH0*m@+HpahIA$mhTzSx{BE+Q29+{@x!h0(@4}9DGk;zB
z8@uOxaYzN^1XmqE9~eH6By7L@9XKSKe|{e34I#H*NjYTss~41hXJ?)+`rLP~R$L52
z#2t;BOStuavuyU-6~26^<$NsQ)j8d5Je8zP;!=Zvk4R>Iw~Q?kN?cP~;{MY;0qFFG
zn+rx#i>Dm9pRGs_54G@6ofDn|`)Z~dJZ1pU(0Sl~IT%5Bd1b!(nD*u66~zh0>ujD>
z2Sp6D>wfn*h7)hlNj@R%4H+XNv>kY!Fw^yWV@w{6usx?ghY<Z-R(UyIaaXId9bgx5
zC`_=o7$>W*hKD`&%$I%4#0m4zWLA{j9la-wGHz1dgE%K4p8lAm#@jg9hg<bCIJpuK
zRr#RhY(!kZe0!Q}t%F+<;KSrw{Im*Rk@?y=N}uLCK6%kP%wB=-hA)zu2G>|7PiG=|
z-h%I)cN{eQ#+?<UZc@X9HOf0Ut>>vn0saV_qnSy(fzY@dv(ua;?|Js|53G#$mWQj_
zl~D38%LOw_8~o{5c$@2$lYV9W5tFQ?oJfT@D6f8DwpEqE%-~xd`}tHTow?%)^DXOm
z6_B3xp+51(E49kJE-OphKD>}IF~KME+UdJ!aL7-D#SCs=BP_u{mbZ;Hj;yIU&FE<a
zO97FY6irzLXhJCBU92iUw?Av*27DDW(@ALR<SoZa!7mkQud+i5jN|}sO`Zb1kn~AC
zHhpDHz8AVHxXb$3+?TYW)l0WhS)SN=e}0ZpE9GO|VKsn5;C$=c!th-u5)1L~A0)4&
zao~bn*ZY`UHw%uReXML0PeIg4LcQ_GLMpI9C$t1>2F*ds^slq3m>$cToGYb=ifH)H
zODx?lF?B2*eoXz>9UJ<cw%LOw8L#w><vFZCYiARx_o>8jX!JFbbD#R1tV3e5?m<#-
z3!Zc-Rx)HZ95Z;#_4BLN-4a&cuZ3;@+0}lwSOl9IEiYakdU&bFUd^aTJ}Ojn3<mdp
zzHQEWr)euXAdKltL>8ap716GT^#s-2wuvP9j_rr6pH`6)D<xwGK$Gr-d=ek-d5pn?
zZz9ai(EYwfDxZ_%s9!g_9K(XvjqkuNmEKBqP_4rw=+rZZX>%B*-ENY9H>~nr^+!RO
z{OY~;@OSrqzBq$wP@j#2ho2f-wQ^KtF1Rq%JbGRtpYw7~NfE~ri`lAjBg64rpzr&%
z&VXMs8YU7bvG<#f*s+d>Hx|y4e3m1N!4)ymXhdG+@O^$Cxqdwk-5cJI%Id*0c2YP}
z6C<yO7kYze*VbV{GI`Y?Pu;Ei-6O}7WXoH7PTi1f+kLMPm!iLLvxFl_1s&nTvks}Q
z#oTirM;VX$`tRYfugSf#X|nX?Kd_vjFRcSsSXI8fpiS5t=!tRA^e8@XV+=V3Wo{FM
z)xNcr*X;}O?deAUoEfp@dbI*rg)uUJAzojY4fg{f4-hzpt<6r9m^3@&%Ab9*!L@XV
z<P-??bDu&XxsBbZ1}=}n0T)<0uY=4?w!+gF16CfBU!Hs4m_5hCD3VDX5oc|$zQ?Vn
zfch*vJ&!y?qH=UidLGLX4f0#Vbp=9J0Hw1G<)&<Kb9wqcPQ2YgxY2ZPmWRr#AO&#g
z3k%wF_pV;kLE`fyNxlb_-U|qj>~;|-g?8`2w~g^q;PR}F`z_lCWsi&e#I2v-;AgT5
z?64x^L;LTm#8X0g5$<JaZps3W!XSVttDYGRRu~*S6DzQN>fSiJPYP*ws)p;n1;m%M
zQzR??iChtNb=UU|Cmr&nRwULk&6&HOpBho*oP`F2>qrOk(bJte_KNe|OXnj!{K~g?
zg+D$?aq!c2=@;`p`pqDIp18=;3mZXBh_#FlK9F85Ip5{Gn^NaX$Me$FD?ydQ7{T)$
zJonaM4ZyuPeDTT*t-wvRa|&(Pk2cnu$cI880OYcE*a`f0)p?3*?nHu$2k&=_Kk`wf
z{4!-cjsjC7)V;!8c(Pl|r^4_MAIEtdl#|5-zVBgoFQO@Ax6phQ*I1ROHSWT3eo`m9
z0yurr7t;hUxoD?}#W4&Z3A(N%eqb`VBm2$6z3pE1WgxCT)GyftWy@O$V{Q@$A1^Ho
zYgvf52SvJX5i|iJ=#d~ps*RGTRK({tup$vUr8jc&s~8E}>yB==ci%3DZ8a60s=kch
z0sp<cE`9SlTtE1yd-W8qHs+)4h~j$O<c{i7%QOLH-`Q4qZM(~y_cF$NGx?qeDPu{O
z`Ef-`HaGMRqQ@0;Pw-RVi8Qyz=&5<5d;dJMP$ElX?Z#W1JD!wnWCWDRa_SA*c-)F6
z+XwqW5)1%+o`(1ISC+$tauJgYOS-sj@E^YQ7f73lBLuNUBB{J}89nRqoU|vCkE`Bp
zgnQ^q`kw;%+VS#)Q{Kp9WRuNaz7GP8E_r>P1;g{`*kZaK{WAG<&$3cKY3(x|onM6a
z*%A+3MI>|hd@%JX4m;LD><GF?LVu+*(C<V~0!glZV!;`*uRyj&ZULU)!=!AJVYc03
z+eUM}Z=MHbOs;(;A2}V(?~2oxeiznB!%SXxh9Oh7{&GP7*{9|AwDMX^(G^Eq!6+u%
zmPFvfkuAjWFLrxRwYbNrgs8{Y=OW=nbY_yuTZAxvUsW<x^Aq-n-CcPinN#~zEK+Gg
z&QrzGBgB*2Xs{@^{2W<*gnG=c+i|`YN+TqrTu;nZADNXW7<A;z^DN^_cJ;n8UJD*^
zv&CQe4AJi<F#Zt|j2jVyusOTt6yG^0F3l_`vc(><K6*iYiBDe<^hdj$AE^qvZ;Wv;
z4fL$|==DxgQyN$#k8*Z?uc**)PEB7dV3?-sz8q7orVRA;MO!La_y*UVeiLeG$|L9L
zl1Cs9fe+rN=bq@?vwoFDCefT79HgLuJzFfVomHdkI}%TBml})HUfairH@An6+=oSR
z{ZY+$Z=9~^gyOUI1SDU`V*^~p7-hqwk4JXjFZ108k{;iK_&z-lLG4jHHIm>ct>AQ;
zrVJS&=#si)UXAtdrk@I19)64_<j=5+A3)-b%cHoyE}TJ+EX(8l!4~Hr40Pm)MVvTy
zAa`KQCcl$x9e!2A?~bP2tFV{FOEpyIUT~zY4d1k*Z~kL%sO@Ko6<lJA(&tj{)0tTo
z9ps-4dQw^9TPPkxk|_6HAW0%T4`sf%*hiuBRvk`_8o^j4cl~Isp%E_?wLX2XVESqX
zPhKK>746!c_mIR%<+F^VvWr*ZbOe;I^d-z)!+UtE%+?a_W-3znj$W+1H>CM~xkh*M
z^7-ikO20Eext>%I*^6`5E<jxz>v(SvG%d#*f<uSTCOXS2q!H>*t5jSSk~44)0n>pk
zOk=PT;)4sO6Yxga`8)xyhyVGltE^1uCTvKaM$rE55TNmahd$g*L(IKT7Z%N{*`Gzq
ztymRO%N_<T?YHUjO-ZyNq2u(5LKd0QAxf8k<C$y-#`Xl&@iX=o@=R3f_1Mdkhr1pS
z!-eZq?yrjILY>xE<NMYBSB>A#&3Bz(GEYH*3D6fPX#k#jw)QcIxhi_UywFIXd$8?r
z))UH)7M@Lo)iI>mUet@Tx8Fju;AlPO_Vk5U?%w7jI(xW{eb?_}sKHUZ@>Sn5^*uTJ
z)O58bAK|D3FJWHY!k(aRjlTB9g%iXhGcZZ^{s@he<BhG~bNRGZrk6l<2ADD5^rl&$
z(+y$M7tjz#eL_qGGhdmxLO0^o33i9&h0hU6^5Vf;b15}6Rv(3ENztD8eB?ZL=P8|6
zvr0kv0)Vq2Uc<v*>;7S3W;{UsxFX$Zr`4qhJv`8S&0+`JC3Eb+**NoUwscDU93eiN
z9og*pP8y;ZPAWeM-AQ~V84>IuP)m9r@4FSCunh;4;>~)IwgU@z*Xbi|ELt>X%6$-|
z$4g&j*M3~Jn;#aUUNbS*Ygl8W%AXkMS8Gn1?p9pOPSGd8?#`+28d_x1PV4PzK7{7;
zMOmJ=))T&bzWn-pt}@{(d$+y_{(Ii4TIE|FS8U%Nf@B~*nK|mTXitq?;JbEr<P8lI
zPdn_H>-!`d9zMuHKET&@wIilE6=%xK1iQ}Xtqq9RpN>V^%A>!~>vw9Xg6O~;%z@Af
z@m4btd6*gVs{VC+#i3AwYqe(H{tCNK*o$=GAZXrudJO^2Rrg+LC4)25S8jAsr2F14
zZt$P@)p4zt5aOeqA&yIKI-me>2Oh04?tCj`GPjRrign@@fBL)nPKkO-KH5Y_ar{hW
zpDzw-i<bGq8?ul^&XS3xWa2;|fBSR5U14r)nn=HOk6r2HhV&>`tm=2Mhl=L`W5VMj
z6Q}E9+&Q@uGz#No%NEMOYIu$+2FxKj$L>L3#+?pAi7D|*GH3hA*a1s(dfT_IwGLB?
zV9j9&BfbTlc=n+t7pN|OM(f;ko<tyb;UX&v05fMQKD|!}-vGS8Ju_z~FOx;MGSbCr
zG1iEECDab-s}Ow@s8#hl53^NhyLQ;t_rge&V;gu8sXmh2gLbYBKY9BJCtz(;;F!;m
z+aHnq%)-lUjFm#$b}=5FU4EL7i3VHnMi9mt13O(?B#rRzQ%`Wjx@EIq3=_MnUE^E%
zcw>rA!q%1A9FF}ui`?5pD-Zg20yht9g}!{f$J2$?6@@TByDx3iEr4omI$BXCgXilP
z8*!DJa?q*3$@LLh!4sH%^X45>xn6j0!PAr`Z^@jMiIma@f&qrzB=A^RG}v5yV($dU
znR?XWyHIaQUvQ>ep>yO@2=x9F-)D@QRwoLM>oL9!F8+jMGu)<mGw{?@-==zs6!{)C
z0{u$eF@~&^A;_<n?>sGYt>ww=SKuKCUGQt0_%6#h4_#Wh=-b>+Z?tHLaENjRqt;W{
zs-<*UKd)A67kUuq7mBq~J!aVT#?L;k-#MeW9T%W8<CS(OzUcf4(TLNlhWN^jG~H1m
zYY_7|a!oa*fr?i8OoU4TpTqE|uy$JzfIrZEd*@c&5ye{vHvfIkM?R^qu;Bz$ZXBcu
zPGE=7IXcEH3o?MXXOoUbi!AufA($DO^Y#}guQc@A!-=S2?sFOqU*)FZGxr>fSQD2#
zC-h3lDX&_m1|E{m&oV6olsX1j8LstRpH!&?*(av?gsdJUJkk^gQMIv8e%sKiZHUJn
zF+Ur<ftSnWhKF3G+h*TCmP+?r(!EG#NprrI?bTfNIG;Cros?09u_wkv<HXG466hlV
z32@TH627*Uv{ziK4iuY*`K7m4z6g1W({DG}e)mo8VXMk}V4E49WaIDB&E4~a?-TM<
z%Yo!hr|_|EWeDGT{3)){G|KYV*QoC$lOE4pJ?9q9<`q#nM18!PO@gVFD3Tm8^Iq*Q
z_nER(YAHyqp>}n(U1zXk9I!a2{0q+4jNOyvbFr7Bo{GqOj80sr0LOU(oPYq8`O+2e
zH$mTrh=hVn!9Ym!8^WKRBu97Ob8)dM=2}il&&7e{Ej<WdXc(ks^;GP8k2RdG`EEgD
zlf>7oNwd2svo~vwL4Yqjc8?|2NU!)|)6=z<lsQci7yEEdFlks<g_zZ><d;%T8>0o+
zfz$QLjt#}hrsJEzF=SQd`GqU)p*mvmX!2bQe{`Ky0PwhZ_^KhO`|_kv9Yy!(u}4?m
z@Vv!Xq3M#Ld#K4P67%iLyP)|vU4E&&1oH^EiOIaNaHeSp1<W2buM2x{6=CU-DABs(
zc`l3nWMIFONu3)=pT>yfMna4V88QG<d)o9nh{itaK>V~sx0>`m2K}@#<mDwD=t&EU
zr1V$tQV*zCy@kv-Mw7)|yapK3{)u7U2X&b)m8?twCra*Zf&KIGA*r+b=9}>N$5+-L
z>w!M8oUs#b>vK0n#;%_ToIc0vv~-3&iFl=+Og=m6b@pijsJA2USv<|4UtnRVM?#-`
zN(%s6i4R=|NDgPDk;jVxvAW~ISY6uhM%;rK4n6clkkiOhhhiv63f2BKNPFzTxo&k{
zrCO6?dJn5bBL-1*T<^7o167M~7>jWW(BG`=t8l=#?X6MFlWzi5c32WRsy)sh5g>+(
z`L$dYmj8Y2jY1RUQ&@ya-?^Lv(I({CCz)KMzhM8IaCrz|bk!bC1j~c|D5i5;$dBtJ
z{q;c%WdhFHm2FC`+0{e)o-!)9<r?rI^}A4SR2sN9h*!x2t#k{d#5tb$6{q_I?pj&j
z4!$NK{g@-8PgWb%Lk^*@r3sW7RCC`xses4l^bCQ+#9LGk<QeS^!vnvkE_~;+3_uxP
zJ-P-xV|4NT(^RU%wc<>7oQ%G(*UzQZRxch&xVQ&d9r@9X+bL&5=3Hvj5S}>sfYT03
z6^Wl5wf5{v>PdkeKIX+1ZPn)qj3^H*%wqtv3io&?*oF3KI2Qv@v@b9YMd#vq`jG61
z_hIlY&U1sW@}u0GRTou7lHUJyz1scVj?7+8v;~9@BxlCM3eJcuVwIgKIx&hhc@hmF
zQxV=;86nOu>r{?P<RkB-3jGQMA8^yPjK}gz9^E+QD@P7@$c6g({r-2BX(?o@6D&dR
zp|^A&QQ7@`80kUd?PI>j%_6>wN>0(8o%iw2IuAlD;j}xu;oVbbk6sdc9Jg0}^|+g!
zm0Z3E5cY2ryUvh|<o34O+(Q5%{U((!J+gE}@=8Jsb9*@h;RejS0k{0TW|Z1+h*}wE
z(Dkq!X~S#BKQ!jR3%KTp^90uJX+{6M>bB};8$71^D21?sxauu}u+=>yI7el<&SCC2
zkKD}Be&q~vcQ!N6edH6q6NMo4bItj!RXdtqbh$y+&->YjJraD0X^wdyI|CE%$?IX{
zd%yemEEZ2j?6HfUhY;;(BrplA)GKWP!)bJVsgJ-dPWt+Np3LZE@4(tFSldu5IrBv)
zes{m<`$&}EE#6oB&x~*;U&8Mu;~T@&Jq_3N{b>|Gp-wlJc8`AFpxkrjf)G^Dy`Lj6
zrppeg);)y6=OED+4^2TOEb=&mPla6Gq2ou9)M!~cud&?O!|}vW5Gq910KFNbj6MGK
zU{XKweC`9^BE4_z>36~qxS9Rkf8@HRi!hxylXK1^Ic6sFWg;^^iSAiXDI$ep$NlVO
zuQ7Rqtut3Vg6^dINLt)Olb(>|6yRz=GlT}AbT6%f+9Bq+Z&3o9<f7XZC^|r=Zhl-A
zMCD@ZZ0p|bi#lK`-u=0fzClY7&pA5X+o*P3zQ7)r)bpezxJ(xS(34x=7sGVv!>mW7
zTN*d+M9vw~%XYOt)1C?C@AD%&40B>TH^~}eZKOM?p0#BNwyZ5UNuga{7DDV-mt$AH
zo<CD!t+-r-{Yqym&zy*D|BDZ3z^;3<jv2(SJB<80{d8ID)6?w}DqxNS#O2-#i6nH)
zZio6qdPYHG@9MC+b#cCw`*x#+c-8wp9Th1Ld9PR(M+A)YCAa2#pY)+T1x^3<4NQc@
zX|WByxir0LGmM6x8T8iG6M8TZy>C&jX>WY~H4uZF^%)Z%(KR}{Z@n-kFGQ@Xf*j;2
z9CXAZ1IBuy`BXB@QT*Bx)nLAZEl9k@DkbJUQ`A9EK3{<(xXW<kOd-(sQB!799mR~n
z3r6y&JT?S9m&{LLW^&yi>L|~XXBOY;ucEo9L)Y&zwy-F?x{aUR#3?(dcZb84F#UK0
ze!+bYUBLazgEO{)G<zIMF4n1Y&u0pyDpxHYipveILZj%|n&s2$YNS1my6Ez?eBCWj
zn!Jz6GTW)0>-iYYWe*eXX*cVeDHs0Eawqjl$yM>&#p*`*wbLE{QnyORE2>oudqy>H
zHtAFC7vpr81<;=wIE0QVGux+h3JfUq9BkXlW3Jp3UV?DWI?<u};+S*E>1aNH6xT0t
zN{fy&)Tk=qrJ_*3C|ogq?$^?Gxv!Pi0ZHIS_}tu_RuYN3X!$`^8Gb=KH;O$f7gQHT
z77R>28zrR{0rWbo`IgHn*orpSXk0;^r!GdQo|K8;F;7i&eQUw6@z(uJ{}1#%YxiVK
zV#VifJRM&g9u9R@!gBo`WU}Dg9LxiTZ|J!8w4Dxk2>B(Ei(W>2`zgEt30JAz`tquh
zVg>d7kFYDrwPeS2Tawj#sCNHLDmZQp&qGc=@arKnPefQ0X<MWt@tCgZ!%YwzlcObv
z^?nyY>e!{Ybz|k=oW|+T+q6AL0PH{#$lev+9d5T2Fw?+Wh?sEq+(TpMt;l&K=@*Xu
z&P$z(8siDEIzq>^bGJUfclXk4Q`t+msgHTw?76cPap;tuq4P~(RPUFB+0`R<gKUn#
zY|e^2Vppe<p8{(q2}2%yYW|;I@?jyBTX&j6B)z<L?w#9qnx}{(PVtV1-lw^`v0%<c
z3Tkef$=AOO?lE-LuO0W*rw73dzPlUzs8~YPxi>0m>5OOR#!;pBeD+AFAt|_^8{vb<
zej3UMtjHQH>Vf)wg^nQDpAm3g;G19q@rBxn<nq}P7loNjV_Fr%I)M8`P29%~!I@aj
zZC|_A$yS?}GUtY<MTVcd0VJzD7<QbmZTpcgNE%!(==-|;8NDrlvg&3Dslpe}SSnvg
zOTEr0{`vk|(psOeg%E!-Kwh1DKT1?`L1U61hA*7?5*Ed;B_YQ(b}7Us`i6a`yWlV1
zcwXU`N+7Rd>yFL9=u=g^c0+TC?_NDfK$U3UXja41>)(i=oZ0Npamtz!7xTMivCP~F
zdGg-RBMK+3Q8NMF(`Z`B_Fm+pzB_=p<ZMinR7WoDH*U#|E)-LWYNKAC)0f-_&wbyc
z+;dl`vxNseGtpx{o5Rc^4L^etfXBEFliPT`_p{e}RLeL6p~}A_UU_nO`>=&yj)>+&
z=zXp8kvTPW)<fj#3;4|&0FJgzcxI^iHy^QQwY4=GHkkNecnFpDL;64^_nZZPtBP^N
zXx}0iaUV{p_b{NsxH#&EeV^{%JyY}~;3^Rrrl<kPV&(Yh?q-3JYa1zMaV`n^Srb2(
zYL@BhDRM}~h1v$^P2N2hSZb0OvEYnU?VXrg^!j9+WBctI{X(+e39CoPliK&X&&>qx
zxpj3>(foY*&ovx^SCj3*GtKOze}O95i|1?M_S8-%(%v;{x|G;reFN~?TD-Spx3+`s
z23_hsQSeXCd02oG4@8|D!Td>o>2W{nb}Sz|KXo2=H_8CNWmr!PoSI8{nbd8_mGTQa
zmPV1_0-U#&`Fh@YEh4^ADDyBzkkf+?BFl_LP$KuZ?~_u=+9}-@NpL~eg3dq!L3cPn
znW;{)4=m@wV&ftq;qNZ#GLY$X-n)eXnV1nbI;Qy6S=pvg;CV144J9YmzFXl>On)}3
zS5#<lGO}^*IiBX%)x$mqqLeHdt~EjyW%kdClU5&>BTJt1)XC!~_&UImNqquY3;oWx
z45(}cb>umy!-AjJbev>#I-f1gXTQ?Y%yh@?X|04Djqi$qf5(}qq?^(BZNYcuxq3`_
z+2#1end%H8^nM*losD4Z%g!K{G<zJttLB<YWb|E2isJFYBeEf}hc~AHFcIE6`MgK9
zLMA=0fB-i@$iG_=PY9Ox>AJ!~tHz9mnf;kIo!BR(+2p&%1y$cz?4`AHuY93VC}Rn@
z0hn}HE_2`Zpx1!Bch1_jh0*kBwSN5jEv5J8fnMnwqh9|~2;wZU&w<>}axpCkA6JRc
zj(fxNqPqk!$5Z8Zhd3lf_%=Oi`g&7a+PR8z;=!!GF0(LuZs7Vka)Qks%_1e^v1J~B
zL@8V=-gaQVkeTXPCbH*FqU@JtYH+}i><EoO=2`bA{;l%KSHk4Od{UX1#mm{RLFTwZ
zfOS<qp?(WY@AVXpc5eYt;>#XJL2MqIr!wwl(!EVT)#dL@)-6V!Nwhj1=M<c!Cmy6<
zX@rBMduN<34901hM|#T0cGVxv)^?cmFS_&a2CYxz<^^qfq*J+)SH?6y+gg?WH0k-A
zSn8ktIn0>yxH0rV*tJK0c%O{IC$9BYV@*dDNaSSM`7Rw5yzkgjD5_PxRi6P(>_^?!
zBL+wAcLX7e=f+LYRPye78VcjB`x6~h#rK5VZ=l4EmPxYl=A+7sz-jX8Q(ew0VK(1&
zqdkTw4T$mZ_T=A!<LP?R@zIRiWp63fImP!fhH#C75~5ymmO5t=1|N-yvN(?!I(v~#
z)I8pxd!0?=8`z^ERR^9gY7Shq^^RjjUemC9>1+##FUWU>uH%T{*6odEL>@XKQo`{{
z1+UY?J-5ej^gJH5EakWBej)J$pG5~S4OQLG)BK)RI4qw7?Nf5ztA7yz;LG|5y+5Mq
zCihIQeB&-4N1A(E*<!~+MeMUwoYE%>ae?Zss^sOxgG=o;SExBx;nHx^1yrzmF7jkC
zd5Y?#sXQkiz#T}JYSE?}S8~HHa^5wczX{=ag7T>$_{2aN+<STQuAdB^^AxL+5wY3l
z5<sDNMegIdON%l|7qL6_5nVdi_h|Yq)?vPM{gj1n49ww0#691|8a_q^a;DSn)9wfO
zfKhI&VwyH7Qon{{*TOM_FVxh`Iiv-T95w5%=3CZ$o`Q5e!3rE)S#FP+<3tR#vJZci
zG;!!bXW^H(*-;#ITlF)Ny`1E^2ajGt`1Y{@Pq~D#*`T=fqu18f4>7+mvyN#yLoI&1
z13t$jc;ANNSU)Zl0<2q_aqe_N%mcb#X!bkBHFAg_d*m@R;_Qs?hMpTKe@5E%R!b6X
zW?gLCsQc~P4H4oloJMk}jNn<{1ZzBj2Oo#IE2;0N@*H|VX}g7EIBf1N_h$U_9;{BG
zt5X;Q`MTafN<6A}(bD*vS;lNWLzyvsYP;5MKecrE-o^MlpH|rk_Hd!?6x1rqh)`0S
zw#&i%t|<4pL-xfb&ZP%muv-9&P<?glL<mBH8?3)SkNo8fy?$Bv`uw@)dhLEGg@83&
z^^IUrE#KEO1!oNjhaRGmmpVL(Lu`sFM%QZQcByQT)!vP>7cdeptiQi<$}uunB<ymE
zX$}KVBWKGOsBqt!=b}Bg(hm+mYu~N_hzt6iU$VZ}(o{8CJ8|lBl?5o+I`nEF6#Qcl
zCpM@8Pagl++4g33`_@rAji)C0b)0T80Oxb7cQ*I5JffbaDjD-26^cA0^8IMG;UpAI
zNI23U=R5&^fxle8ovQCT0^7#nxB-u?eMa0=-@xW}fmKdFpac`zN7ZJ~PM_20I|J(Z
z%{eXey+*9B?>?EK5b_$_@a7{67pC1Jj(yvE$}}pwj*HhJ7vFpPGGOi85fgp<4&Of{
zT5{L*3D6+NB;9LJ`~_GPJJ&?IKpcW|HsbSw|L%c|53|L+mXP}$DC>nsb#JJ*^?+3O
z>V0yQ_AOdml*DT{raLAqE{XVi7DpMUr@aWUD0JN0U#&D~hGw8~s68k{Let=TI~vYM
zY@`$+AJA|qqGJimxiT|)%H!aZz4vmogn<Tj9gC6DJ^H%7sYrv`(^c+d{3vnG!4(gZ
z4mT&(Y<7}!zO*WQQb~s47oPn`?yK(ICmI(k_<Db?F3hd7OZ`ZChS*r&;v@Gv-XA81
zeMR{i^%N5Od-B~;6h(W#=m^KwQgU)G+}0<zc)MX0+XU=3GZ<+8`)2<xbg~SNU%6z`
zbdPi<%NAkRD?w|_L^Nevbu&Hp(ProN%)P3<3}#Qp+$O#zulVncJcJ+N!gRueopVQq
zC?#}Cec$gra*+3Q7=5Pyd!4GxAOBMH_nk*BsDHaId=lBg8U7+Eo<5EfY2ei6!q+*@
z8W5zl0X(thGp{)f!~|<OAfl+N)>MaI>q2af<B5Loi_W^DdFfne3s9)ZR}DETeWBKz
zEH3ocjnC<U&!zB-o#9CV>SNgm{R!f@GQf_3)r^Ai8qprg%9^|dad7O(7aKIW+jA0E
z$0Q)gD<4&7{w!D$Cch&o#|v_(uN2eyreWdAnL6Pbep_xcN%bRFJfK%ZAJ{U}!V|dM
ztnr1`SKD}I`3*cx6@Xs~$<@co^^V4FCP>e#6<8FKdu{1)Nmcl=tSYOWUU5!0w1+Q2
zJDKH2Bzrc6wXR>JC*_ze&5uRVI%3P!lrq*9r?<MxSDU5S(GQ7@8yzg7Rh$y_PL5f7
z)T>ABK9O&UsVW!MMRbO|_sULj7BK{6UZFdwhbgzazGD!g++EoLW9pzTzbn>#<OZ9x
zw)<miJ*vYGB=rhR18Ui0*S^j@tzSfmEMVMytvKBmUzrx_$wzQhYjIaXFN&xHc$SB(
zJGz;K1j%75v06eazONm!U8_0-ea0iu97VU@`cp>OH1&_4h2&w?5ZAf>2<vjSY~tsL
zBsb6fiD<u*V&hRxQ>vI#aXs5h^3x?D9OZ<r`<T2QIOt#KpL*1lUKzq$q+rMLLByh_
z8wxsKtg!k<AI_Xv(KPN%m8aoI&h@iTg*51+E&NZH=>kB0iVh5_agp|v%#p+s_vlj)
zft+Ed?`uo#7tC?`tq2zzLWvF38&B`<p0~jI30XmIt#LfBtuq!=!^X0u0**-9RoH~M
zN<P}*XxNdG-f7MqQAUspbh!mWZaro8BpjT3OmE@I1`onmE>y|~^IrrGOrhp?eU}1f
zL!Oel4^s|LJe^+m$RZ3fKG|U`6F1ff<@~w3jCquAQ^~|Q)OWSot>oB*BGd>TD?IWj
zV-?e)iT0&0jpRe8xb?B@+$IH$kj=rCY&v{SxL8v8*bUr02{811+<KC_ovwH)cXh!P
z<l|&RL?chigz{2KiV=98SIL}QvIe4N_60cZchO*I99Hk$q|_((NHe-HHw8G$?1|!x
zn{xFdLi)&Gk}zfCTdrI5Bx}_&0g#$$FYMzm3DmnbnmE_@=oyfQ$ZKc5j_ux8=n?1^
zm6M{z6S~{P4Doq9a7#G&45MDTht9A<xp<g;H^m%IO48@Bmn-tHBc&922#N^~DP=1m
z2KrsnBp84>f{M0l?6N?Z`ov~)op~ijD(TrznuZeiN|or-AZCJHG=y}dT;v9&zcz|%
zOlJ4He{tSIUGKH?$Whg}oi7qH#d=(&_GmOVW}lG}16h5K5i<v<%w?FC#Bt@G4iPXb
z%{v>umk7WSODDc?zOb{YrUhek(W8eByaz+)djH`tEIskLk?a6SPubJcDt&%o+V5=H
z%WD<>Z6YFZY0G0C#F^A|1j=7ye2@%}AvelSANo#X4bJ4yH*)ZxuYDMC?&n`u*E_iP
z3;ul!IwQZJpNr(!@2i_apxiCqZ2PB6q93foX&#U4I>J*%>+=Yso_L+NF@`U}vFHJl
z?;OvB#R=|#?x!{BIQ6nWux)*+bg2gs_80>?!NaFDi^gk~Jqw4*=+=`sQ|H9{$@6(@
zEj&3c#0#vpaK}utGd=2a3rp(Ksf~-@#AX}bFHIPbbj6|xcayb1q%QHnCaTqgAh)<B
zr(ao%gN4=L2z-bA-^J>fnxehOd=gG8M7;%sEuE3AdqwYgVwLa16-)N`Qr2?jiO6Gu
z$4f4t38gy<?W~yk8HMfmMpTYZouw;O9ie$2I|i4s*_$(c<vPhzQslnWJ~L!U2akHn
zg{aR5<vR@J`-GX-Jat6&3N`nRHeb9?54jDxmHX>Osk*U87*e?&>-z4?8$}FfuAQ@8
z7LP4f!p<dcTsLLf;*RhB)890(j3eV)N(wN{!>0kH)1flC@EVbPr>;lmyXAE=Boo^G
zqkqXQ-$b6U;;=9``D5%@>;ju3$@GPso`jYo@U$dr+TppXqH|Uejrfcy$Z4rtf=1A)
z4JN%1cY3C!ecU|G_E0p|RaEer^ORi7YnSXipDg9TyNE%_uTKwtN2W^Dd-vhg2H}kb
z(Rpfg)W#;$Tp!cmQvhKXlkwOWkvnoW``WGYdd+3!roMi;Cr3vgh2uW`l<gO|BZga&
zM#sR?^_+RsTI~YaYY-WhplW`YY~yLIC#zyiaGrX04HQ6l#SPo`O|t7xRQq`{a9&sQ
zb5^G@_3uQ(uY9}Bmb2c~ERzS1-IH}L2dsl4Xzmu}ML&i4_1-YNpEcV#_uDGgx%3!B
zSIL+B?KlWV?f|LPog+I}p9<H1-lwhDIPUZKWG`Ku^m#2_`{4txp&p6+Jd~f{xB|wH
zVx1<jOTL09^SItC2bzSMlD{3TG2r>u2w<EU`!?6@EPA4>-N!*I=sRFv>%inoc(){8
zdAP>8b6F)n3&CTW&a4tw7aoVPr52Hct2N89GJekiPyUQx>wuh@Bj?e&C)R}av$Kt+
z8-yd#+XR5xoT7nzA6^$)!j~JopJn3{hH{*T5c8%v6+e9j&bX>qvY*~l_8ho*(Y}lT
zx(;LO$LY16r<><Iu?Q1tk!$EuI|%jal;YwT@2pd7==+`;WEina+9i&_ki_GH2VG`v
zs3A$i(Tc6h=IPLupUY&dbnsXoSIOSIKt0{I>1?(DHVUy<AqzPCj9C~*qbNV-f7?$?
zxhZk$#aCnwRuDCCdGGB6+YLB{9VW+~=6)~H=!tEoYlu@&64(ou_Vw=jv{!%OM->xZ
z7NPeE;LG}`wn%*!WiHqwu;01C#5{h0yfM`GUgws1x`7{s;pmxA21IW|a#PVuUOUoH
za@Lu?m-h3_tGIQ`U>@596S}xpMIE!wV|$-vUcGhw-JFdrl77{f-{z^J&n!)xGZ%dC
zTRU}u4wr~t{~DFHZ@b55mnCpicf{t_0o_nzJ-5!IK1n^V@qrrShJ42^LOIq@;OH1|
z<c=jjMM}k$bBtsu!6E?QNzAe}rR!9mxk~iCs9U?IA9wJ#Fsux}1fpNK_8<ARuglhV
zqd5TX)RX@L{uvb!2%A-$W1}s4M>Rh?Zp~75I5jBYj9kO<m+zh)y7@|>9|YWs)7|s_
z<{Uc$UDx*;Hzy=}tRU~9YY`s*yq9)Bq66SK93?t~?m;3Q6~?INXuVauuAmSnR513V
zp_;)0JW}ds`BDUP=7YFvwcovT`pk{=94sR&)SeM`eR!gBIoCp1Q||SN1E@QRaEG8N
z<B5p$^8^dt&jzoOeKfgsy=LgxvKnDxmaDY+E+AP~Jn8eL93E-4y=jHaNGNzW-vguL
z+G8W$4~_4|faH*GPxTmO3+!um?xdxVY42Ze`UbHk5^W($aM?G_{^BEU`IWXjd)OEM
zz6e|I1V1)3Pf~%Ya95D?mX-2%if5@~0?Bm5{WW5>i9vyBjrlGGSxe~C77$i9xY>Fz
z5lDf&nffZhIA5ld7PM9_MEAO#4Eo|10qzAk%CE%V_w~oH0!{Va&#kCtt7Fgc@b4JF
z?%9Ax)i}P0U%ZF-HGh$Be-EmrIM^Rqof1l-e!2l$R_)Njo_*k=@4J4twNkYGk)nF~
zX%;w^tIyJSq`7I2Qy+RvW$4Rrx+~yMloClZGS}z2d#UAwwN|tQemC}m^2*Hnze|Zz
z+NpxB9)84kqmAylx7Z$6zQOki6L<{44qqc57xjcmO$$K5*C&M>UHc%$V_KmP#WFJZ
ziWi8XqKqv&S@vFoPQ7uNM#^DiuYa~;kJG=lP2eh!t^;*2pcZ!$<OaIfIp2z*Td(_;
z@m+F;crON}K3lWt<5yOznk^T%)!X2S2n09*PG<HY^u>(2uhxI=t^H2CeFR%AWr~7!
zW4@@F_G224$4Ei-<BurKpS8?eWpM!t5-Ke4s>PLf%201;=Q^vFr8;vwVdPP&XKi)?
zg#79LPFXBv{*n-zz2`km{Cj$UY|m+RGEi>1#E21u6#}1?8T9+Q*XDNbk>p2Bo-%Gs
z7<zqW`?D+5_DfND&xAAin0hYrqsW2zG;L|EjriShNGx3vMUN|HRo_YEf}Y_I;v110
z`w92v0^L(q6NZ^9wAWElyAM7cK_)Z2a%rab(i*}!73t^)_=f3x|AL^mPy`N$-`oqI
zEs-TGU_FT#=dJSMq_e$`BMW<RtJLshj=jctWo``Kpc*)a!R=6F(0cW)F6-{Z3o4?T
zSYN!|#9LE#Rt>eceN%G2`l82}^hoY&BScHld*hUABS;}%?G3%$#8e=@ws^4bfM~0r
zu-#rLuH)aEJNLxhZ>p<4ckL`R<5T^#U8!`Mo$d#G=!##T=~Hy*eP^UmzH?n~Fr`k#
zCJ^|w2ELC^5m=d;yTIYKuEev&Wg}m3?OX{swl|`QZ|)qp(VkV+e>ozihmK`i8juED
zc>R#WZrB40+(0=Pl8y>+`Ebsoxg2O!6bpLoc*j)d@IHK}I59jYZlVYK>J_5V*_v;!
z0NQ+lj{w-UJU-`AT`w_?*9#imZif;>`{aN<cFgxlNjte$H2cCB6H4|yxRG8;M<DZ2
zWB!IV3!FpeYK}!vdWHbC;F0(8<p5Y%6Ha}RO9HfK1#aN#>vYH%rPTO{oKbsaQxNO{
z0rQ3E3b#jcKnrT^3mv{zhYCt%+u2T*;51k}Tqvj7&0l_I@;f6JW&<@!)adgpj#pa>
zmvCC2ZjxQT>9BEQR9NM)#?NN_+X^@(G4iFkbvjrMO1?fz^!{$7?3Skn>vHLw3s3I7
zKi!-sDfDxVM{Wb-tMJbggaBathPq>ynLv?7o^lcu`GUFblP|e`?lr)v?=+kpaBRs4
zJ*3)V`3O}b(4{B4FWW*{r7hjJzSOpoTrX$6SIeKz$|>gg-0TshniKXEDjSm@skL0P
zOEg{NMR8cj1&0!!kZVDuRx8J_QQX%~kn1L49f;Rav2z2y+@reIQ;Gq?Pk?HrhzM)&
zcd-s6yYVyd-M^CuQ50W^yV*j5rg4;v|HN;LgbZ775uXzWefjgVP1;4sr<M>^Pw1m>
zE=ykDF@vSsiZizltI7k{1F?0`AP*nYd#GD9O>?`aqL00QT4=MR=)895bA82u^w`PV
zTDvs|Tu;5FPE3wS_X_JAfD*zC9Dzdz^_mV~nK^ywY)oZCvW2~?k%#^LRvEb>b<ciR
zNh$^75C)KM%_X;DC7BaMkC49()>>EeG{}QINR&^BYyrw4;}Je>-z*~2_?DbUXfjy8
z6vKFHeA`Usj8x?1@&OWt?d3ib7PI4c{X1eg9-r_ynXe8kk^CTl3brIpY-#vi2mJzd
zAOGU1d1SGQ#t3hh?{_8S$?XS3m2x_L^+?NQ(<J;n-p)DQlNP0Uqr6sM?@l5ge0Vn<
zAIp`6!q30P=Q}8G9Jw6^2WnJBSM!`5x%gDxNTB{1?t(o`u4`McZ>fF(;Fn@<Ztm2h
z5B-JyIYoVjJO(%79A-jo@a7})`EWWsRyBp}bZD+)|MJMz->JHp+n1=%_Gd-IQMUXl
z!n%&Nx4ix{+~<jh{<7oEPGmkxE#Wa?d~&L?JC9k`1PC%sHUQQ3#Q5Vm!5x<s9$D0T
z?z!y=L~GXMT%S0nI{7brW4c4<^Ja0-^bw<2=7@&0!_<zOW%!x#C_OAumB91uUC;D+
zbx-beD`ENU+8s^_TSyAre$Ay<u#N1-C5Z+S8`CEaP{{M%xR>TNx!A57n5W~W`rf)^
z)?KF}a_uwizQ8nauRU_unK7>tL%<&D4e9Lp&YlM%yQxE8=^!5({-VpV?P)hEVVTId
za^&chB=0lqQhc8{w>T%ADw5H!){-Qe@P*1M7fnPf$jozQ&VeBV;k@6R;b*gZvgVLa
z%<*%a#EKMSFbpq)&CV`)G)8T3A48x%mX|)$R@R{}yEU^|?J;>IU@T5EsAKoulY8W@
z$LT#y4||RW^Qosz@oEw0`Rto;Pr-$UI(rR6HNT9Lu7jM9)J<14*xs`H7|oDM9Eyxp
zcKObjnGvbM7(hOP>W6JckFS?H10@;J|M%R@me=^pm>Qu%-B50n_fyKF>)x25rz_7F
z=vo?_-{-i4J96fn{w6b^(sYQ9qCXDFcytrV{2pt#VIq&$_W%U3w8a2wR@o)bqAZ|0
zw*=nH@C}PdiD4ek8)qvZReFeIr46@o>cWAHbAh4AQ<7}X!h2hO^?(*V^7~q1)Z_a$
zGMAsWO;>ZP_ZtHru?gtU{B)V^oR9pSZ0_X9JP$4Me%jA^wy@?2u`^G?sqkJ>5}Ee^
znc;Dwo)+vY@6)Q@FBN3zP%CwoJyy-oIAP}j_}wFZmMMPX+iy1^0P}nAHWf*FY%YUp
z<@cie9#UD@GO2_9w7vU=oPCXHZ+g$`98uyJ(pi1QkHx0-$;YqBfal!8jNo44C+(X<
zTY=zEA?=x~k5^ooj3WEz<iS0}w>T<r<^(EhXj~j7lCgR?v(Ao%cF*QjBOW3+2Wc4O
zt^#H9=bW=EUxf3RT!oZqSykHz;SQImko~OC!FR{vJnWX}JKP&y-rn~MJz`a@b8ZjY
zA^eWQ>|vnI7lowdKr+A<34X-pAbN7brEiKi0Kw<=@j2#RxMsxmiFl^VmuNMD=0Kgi
zah>~MXhW$FI+)9BoU_O1h(l}Hsq3vzwrBN<c8j#zx0#sq1ydgC=!euib?HHl4bppe
z=hP~IZ9U#SVX(~k9w-ljcDWWnpI&`J!_9ZU`^?1a1O>7#c0xhD{S`|w>cx+fF4F^-
z9qlE(Q0y@5JNz1#)cv;7L_7)@c8|b0sdb``Q%r{?KsNgvO}l3B2+ZY!$p&d-%WxFo
zz1f8om%>{joKowNVLq>_?J(QLJ8~UZGX}E=ulTF&M*suwH*oz32=RQm52T+LoMiLo
za|{U$EOftV2bwCl_qDaJd|;tOKby$-Y^H>-77z6TCuxm88HC*-a$5=V0Yw?h1%xfa
zJ;IWIH^M<P%7sU-aiH(RRz5Sarxs3c()dkxJ&Pc90D23Qs+}$o!D;|(lHCiZq1dKy
zctZNBA<iD!VbK9PVDXgbRg}HzuDr?6mdgG(n^c89M$@XG4<w5G*0Af7KlzP3QX97r
z>nPvra5l43?&oXqrTaX_wDE+>#s-gAs^qxqr#x8k*L1u7PVQAcAXDK=a-<N(YBK@?
z(x2pIJ<3bQt@l)Ct2|(itmEhIBe|S{`9w;>j#YPl>qo&0PWgq;9HG6Fjs{$z$Kriz
z=uvG6zPs-k<7DfX?;r5bOaWP+Dmx*K%8&8HK1jV%kCxQ!7Fg=4JWsje9%l%sbM*`O
zJvo?q;hY{0Did%E3W6`d0=_kKa^^FLig;^lG=$E`AxZ_4b^gXzD$3gI6it?K2ga#7
z7f;fAsrL@LD$vP&gd04W0hT;>Hemh0I_{%kSqHoBAmpnrV@ccd`8vsW>>0-$bcL+1
zCM|sl714_>exM0W9Gx3)jKVJa7l}U&HnC_3=m<w^uMB$KY`zQ84(VUy;akSjx5b$K
z39)nf)={h#gF|5(H{v$L>$uFNIkpRW1@yBuvD`_cGqLLk<p=G{^IfW^2qOmsJ~ss2
zmeP$n!EYH3u2gJ(?wityuce+ZeTso4eIH)l>+=~FRkPZ+#l$}KitcsIF_X(InWVwY
zoA8-r)86p22iONsEj=6?MhiV~dz`mn!V^Gi+WdX2v=TL+VK|eRMhn%b<cVd6czXYk
zR40*IbZt1N4`M#dJ?n4H$V1)}Ingv)UxW&_>1zl~NL^mpt~VZSu1Lkl|0)&>@Yuz$
zM|n3d*apjBqAB_7dgL;R_e*vFgZQ#9?0nYF%EGaE<I#MGnG6l!Z&u-4z&>6ppx?EV
z$FKvF7?YY1JbQ9mz!CFQKwUv4&;mVQ234sc2T8jo2?}uAUFHeP6Mj*PE&{yOfN;Fo
z83bTN0N5}RL@q7G44^=vO?J{u$`$FhHtG&P*w=lR<rl{N&iZXu;T&|&yOefLVFNz7
zXdYfA#&%lNA>e_J5U-KFFIy9lh7$BjZ)>@|CqiuN+rpM_=H=>{sz>;A4_`kSlG7R~
z$$b6soN_F!cr@d@icBhxe@`f=B;0}cE~wy~rvTq7XAI!?AFk;GeFf3UwY(V21CIs0
zcBJ=w!!)noigl~p^JL1t#(NH|!p%66A4Hhz&0|G=Quw0Uq4$Np{ycq4be+sJVDCN1
z>tA?E`9zype|BPC=9-h1N0Taecn{U=TjogGj^hT^RC-yqEq&p$HjWv|_+ojeVIF_t
z;i$5fqppR0$A-Qg9WXktT9@7T)RUK9A?{DOg8IN6CB3>JX(zX{{Vvb95sR4)-yEZQ
z@7TBBubyz_yY6JU-5<XG`2;4(ql|TygeV{g&HPrNoz;~2{M4g!&cTNSwWisSb-#^o
z>(><9nHh4TDk^Ip2RDg6flRg=l-9L_$pKGj;QK|xMWFpaWGb%U1A4?dgxRGIwPj=c
z?ZVu#7QznX2s??GET$FwUE@ns?jsgZQ+~)So(`79n`re=oME7P{5H8s8sFiA@t3e0
z;NnkIr#}kL@rvZLdBQTgw-3tPTN+qr^$1i6&^9BiT!1cto9yS&mGn#LOPXf~4djbM
zQ9^E;nD3TR=h;<!9Xic6z;H3(yfOey-Pw{A!AkN8&@JqTaF@}SuS2_o$r*kuqa|<B
zDA_&s<*I){hGp&;k40Wj8a#8n>Y$EZ2)X>V>IVlnm}k0AAs0-Z<NMm<@KtUlE6%r+
zRPqi!+TLlW<UpL7&+Hqw%NVOtN-{HJwsv%{EJL}TtGqu^?sq!yLq@vn?gSFAwWuuS
z!hGX_c<aJ`o<Q9F1fHA~O!p)JFL7rQVF%R-+~PWL&hffu2}Kl<Ll}B=UR_k+)!DNN
zKzvpb&Q3jW)9ge!N!igNTK&)ay->7<&VSL!VParYbG4;g4nKV|3ddB&O=0!wF=3)y
z;xIp7)qFS0-%6H}suA3`@+%*U8pW~jy;)g#&!NpYc<<*$2{go^V@!{zHI!X~^pING
zg9gs-@=XJtJ}WJIjt$NDU<rOvbneEYaOYn30c^)T>*gYv%Q`;1O_u>bE7%6u$J|Zs
zmB;7J2GlRR6gVIf)6pk2kHgBIJWZ6Ild?vyd_6BRYCWbWa5R0CxihLW?ggj_J#BJb
zQW}(k@;fv7M&8)J%iJ0D$gwKVm9pYR4Se+>+-9LWQXURn)JAwRx@JTz?FxKB(uXfR
zmKA)?f^SEFnoz2-*{a2<h#=pm0bob`I9G@~v0E_0Pw9g_?za1=;PxwQt0&Hn&?Tue
zg6{LaX;HTVVmG*O;$GLmi(9eL@C9B>vV~;`)%DY}b8GYce=-q(QMRZ1hzy&)pQ_!s
zM<3N1Y<<k`j$OIP0eR2ONi+|9!guZLd#v(P(lVQeJWn^-cUEw{QsQu5?Te3P@3)oc
z@?Nj(MKB?Pzx=8m$j&`T;W?G5`MJMXx8Dq&C_^9p>;PVsV1Ui!iAOP^Ss+mz7xmsQ
zJ&%Pa%MO7?ru)67PTqZT>DWErL^SfEUs(et-q(woyIdER;LcolQnOx%!Gg47=(qLC
zFaT_Hfq0yA`xa-<je_-L`I7p|JR8;Zfb<Qt*RImh0R-+njPUDzul~*xb~^!WAxm1+
zae8aSqS_;!-3p&RZX(S(^mwH1vWllX9@DjvDhp&0;;*~!(b(nqt|)|_RdLj{9DOt>
zwI$AkgUevdt(MyN%iTQad`u~{H5Tcg9!Ks)_bi)xX9g+xYuUDT>@x9P3O`l1kFnMl
z!~p(r)B1=|9sKghW`j-)!-UCqCGbiI%HD-qmhUl)?jQ@H!<3>>Zk_gS!?`D)Zmz9F
zhSJ&OalDr}XIVk-H;(+Rsb1HxMU_MXzh5F}o2BR8S4YlMn-%B2-y75XjTW)j0W<$@
zSqiT^_@yl<W>9_1pATrFVchNG-_*`$*X+^fLbv!_Ih@r@aq$~<($is2WP!cT;G{=V
ztL8Q98X7|`dV2F!3>-Mb(Zj`@$NOxJEBd9Um*HHAOPYBGsi5|HZ#17#02|S|AS<2T
zbtpyWXb}q^)}m9_RTbSxQ=TrzM?H6kmHMH@QpX;k{@l`PB?E%{a;dkTR63XZnx5Gc
zu=s=*pTAt@do+U05Y3iHPE&aAJ@++kka+UY>#1DABVz=X{M7ju=f9IPpI}&7TUCAw
zXcw)#y8;opCfJBNu}_>rUoRjCB%qrOayVKY+(9<woU`wLIxzbuMP$w+xiCYWy9QOO
z-zL_wGITzq??B)FyX&Eej;MT3or_<jDgrH1xj|sNzYh0}hY~oxx8)}kyS;eH9|y1R
zrX`WWc~$)+ocB>%e~hYWWMR=<z+Qt`I0>CNfv$gX@i{2e%U|H8Pq^aVNb@ZPM?*gL
zX#+hE`h*?(o86Gd7melOQ-V#jyWLJtiWOpA<<~84=oh@h-`4V+#ps_%_d9|3Lh|k`
zH;ZMNowHwF7$Thtlvqt11YOT{x$P#Ne#5HigWE(QZ_o~>{M)#vjB`R(SI;8pwyd{M
z$@tyl^mJ{#dJ-rr{jQ`_AGrHC%Sow1#H;ns`Fe!)t?(>H<I#HLLd3ULX2<re*-f?#
z3VyvhHY?>VBFRO3$~};=_o=Sq!GU^_M;1+PWL<5~TkofyFA2_yq6V`dUeOKR`ix!e
z*7|LH@ap&;6kd~D2UNvHm#Z+TYAOmUvQaHyg5IvkMqgsmT!Rt0Pg%RITP(-tgtNG3
z7~%}P4^2_<1k@?TX_J#rSo;xKjHh3Y%o8Lxc*JFy5zEBZ?`yvRyrIWCR5;%!;nFZY
z{2Bceymp>gT0J+tY7yhiE7}u8hIB7R4_!t^K^G8`4teWopQ7)3{eOgATe4&~3fvO!
z$EQHB|0Oweu0JcHXC}sO`*wAmBaviEKu-I);kUomT)(bbTlw}$-_9AOI;g$ni$Zx&
z_bGMr{jN;po5fQH?ZVxA>^f~V9+6~vl7?=)#|V_C<38`vfj)4#6jG}nIWB7gP#!t-
zC<rs!b=jw4(E91)67GI+MkOmfp%8Y(t1t2+B`}!AA_drM6Lk*{*wA~4Y9Lh#0^%Z%
z`Ky>^m5VsYH^08X?#$7+GL&m~vy<#t&yxwB=C{o>*i`mjUX#zE|415Uj+8C?z<#a%
z3NFrWNR*1|?`g#x5CH7z<{XE-u&7DjjD;H%XFu<h<T+;#xdT4RdCv+-?JZu-vrqyT
zjzqps>x@XLy8;w1<C*EpO=pbpDC`Yb7;R$!Dg${GuhK#q@+H;^YWQksY(Apfip$$}
z54fE6d;K0f;m4St((OBrW`gO8kITJO@d;a)+=C_z^$Y8MdlrvV-1#PWgqi}heBJKv
zd8luIEI*C-(zR_7W@{ffhr!8CVZz_kD$jwJ%KQPgd85~mUqVwjdF0|Stx4K<ZhGt7
zr+=uu4+E3sTok}3C%E_Xiks7+`p>$#g^_)Ej(MVV<GUqsE|4*NM4aG>%u6&paryz;
z!{(&-^LOt`!BU|5c8-6iwz~RK^`p+4%0^brn#7$%+wgvlQvA=HHE~pCS++F89c2AN
zvvr<i@#Uup$p@1X{QVwM#=3Z)`nxRCjr*WKwCT|-)0MN?)H(S%sBvCn8h)ru_=H9E
zBNJo+8xVLX(5h~uJp_lI9f^3Xi{`3--9m#XhNVxg@)^3L-ABks<60D;5@<@LJ_(0X
zaK5uD&Ulm~lfPPC=Fs;ci?k8<J8;P{PCvaYr`OY%&ffW}cYk11AuCQ(eSznt5y$0>
zZ$5pWO4_*schV2HklwdfT4F9s6A-)O+&xd_JsMeFr)=*vq${WFHs=){dq~FMbK)dx
zp6fi2rW2v(CgviIwTU*|&Lr(IU0t4f(B_a(cUOp^3$4BqIzJy9N=nJcEuTU+>wXF_
zdol7>DWSNZ_ei3h?4foiRGWd1&a^t+16{BhAB;I3)Efl}j*17wy0I{MRM#g2(*PS^
z@+_sQT}C1DM_aE^tn$Gadl~b|t%iKO!MoH>-8`#_J`LWiwG$V<F5D+{!F=f}c~NJ&
zN)Bz<nzY}ff%(3yTRr+{l5`Afk{rGXE}Ngv7~UcRcjH>YBc{{+goSS_<I9YC<w4{$
zB-|-7qA<BRtn@@W@p}V_G%s<au3BMTW)3vOo6cumJarRO*Dn0(c(C6t$Ho#%l;eeW
z`73F1S9$E-Y#=Zc_F!8_pye%>b{nCo4Bpd4Zs*#8i+j8jE)SP&U(cLQ7l$M`erm4x
zrHI`K9+E!v*h&D}H!M5rL1xsg^e0iu1Iy6<c>{}2$ZbeMo!OV|5>B5+y+S>=60&KR
zFGCS29NxTxIG!n7dCt-A^2OPP^3keIM%01^%J+OX+%rHRxOoY&<Jx!dbY74^nL@W{
zeI40sq86TOWD?VXTbmXdtU<j3#-(4=B^JoZ>Y}gXl+nMN;TQ&i4v3|jQ-?UlB^kTU
zp1moSaLDyjO4yX^_;g|S>6S?q-UUqnLBBroLVHU@rTE_R1J!^Pdf-gg-6W@(t$QNy
z(svATZs(#OvR1fba-TB1^fZOP1>S6vNd1zw+9V6{%hJoEW*04n^pOf?L-%A~vHJ+?
z`_8#_XY%W_xg=ka^eu-WuS^=&MRpU-ZPaqx+uU}udF^IOF@O*+>Z3jNB%|p0W(Fzy
zm&zY04koMGIFXNuhrR5fHH^hk=aTha=^OS<#JNH~J)ZHF!XDcSP9$XbtHcNIGvrj(
z{4y)HOkbgOz1&x{s0)!1Jx?y-M)#vR!4@ihPj_Fne82D#Ft0EzAd5zR8BkmEddt*H
zrO-ab!C^4dyTcHN=826sJ@22&p~%?XZ3SNd#Fg*rtMgh~s&)*uZ<(xolLX)TZD#lk
z^@HE?fTx@TUbf-k3^zV)X7L1d&<TmUIyj7D_5Q{k*Uu0pMt{RzX*}XazWmykUljEt
zzsPhf@XQsKsK*QGv$Vv#C|wAv4#VY}`(8H4`$H128^HS((#ux8cl|`<nV;<Lw=c33
zlE3_W$C(dWK$9o1eFhcpIpgqRiG$w^>NAHlO!a0h#zvkU6(pCSI^S6R5Y=zqC^Faq
z($0q`Wt;rCLMqYia2NI(Z4$PwWq=+(->G!6Y;QB1$G7dDH7Dj8Z_$N3xEC(Qp%!^C
zqx@8(W4#Z&__?@HEL>BQ!l<tc^PZ^(U2(tpr-CxFd)C!1LJ;h5wBd34>$QU>p*cL6
z(%q(L+iOuzQ%dj?Ie1Jt>7r|wO@*_|9U*gu`AV+a6V$<~^!hNHY>HJJFcc%jyijB7
zR6qpsO-r)2(H=r4BPJf%4!pJdl2V_i)xvMY0##`f$$O!UAZ(9epa7ecH}#_DE;0%B
zTuA)<p%_}Om(LuQft3DibZE}|P$Wy?Z5rNa>_As;IS3UZ=W}ihQUBZ<Aw@I-tf&$7
zfKpw<_usee>roaMz2`vIxx2+Rnv8K@mTZvm(h|-}8sj=V^;FI|6Q8kYU_Z_bPIDwD
zw3L;zAATMY6N#0}Mh{3hW*Q$U@&hN`i^V`P&tqhhibztQYuZRY=2CDB9(`86tX>+r
z)G5Fjh2L$pk2Bn(YHy3F-H_3S8fqgQ-s7Y%;`Nh3@^oPcIpT4U^B6U@)5=~Nl|Cb`
zjE{@?#l6*rA~vjMhW??c7wOTRxs9Vcdr8GtAQmP+CtW`m#@M!>#6MeyRmt_7zA#jK
z&g8C_E1V(dpt$xmE%<%8bRy{U+e`<b&hkoFJ@pATue>@^r!;T3$Vhk%Lg=GKmu75A
zANPFR0>82&E$n4}+;9?#m-HNuqL_Wu#7@!Gmm$;boY*Tz4Guku^35z{17xhy#f`m=
zKP!iSJ1Ikm;XZA?E8Q;!lseTZeDuIRZ3x;~`<+Vh-UPZ#(w+%i65ACUPZHwt$h{@O
zntbUo7~n9=SUq=q&$*L^y7$oqCJ&vXcqN~F6|FBbJNOWZMYIV-Srp<wr<g0a?SMTE
zA@Ju)=zjO1cxrUXR4`%+-1o~v*ZOG&^;!Q$+T0W`ut<sliqFvS+Oi?kc=zo~h<-Ka
zu2`(}Eb|?zQ95_$fZA#ph;M9NuDf@x2C=vFzSIC95r^+E;Qg+LoIfYIdqXKT4f4GI
zyX^2)pT?j`BIa6}MR;?3CcRQb-#~AgA(nIWtZKp3=U!iW@KSKyiDiwqRWGLEjhb7*
zGShWBtdEnhmOg}q#K#}SPgiwe=@b2VUIbdFSxMl|9^|xMp{-$~dBl~sK<s?8<O05f
zFA7?@pbx2_>A=I<N3S<%XSW5??%TYl5VAy>pLjX(6>Y{{cyT7F^wsY}fotv7qJim+
z(IdVudBA4yfanzjDW4c6vZ<Tb&%N&@Pbl3bd;I3`%+oYO@MPB!^?X0UrV?fXWapdq
z3g)21H23jS1VNOm0rtYzMFgj^YXKhmF_V^jp6VjNyhp}f7DU5>JJ6`;Wx?=m37^9a
z?+eT4*}wU8leKX7sB=utJU)A2DeZRM61>HlB-8kQACaPvyOKph9OJ1$66k4Jpmb8=
zj`ln9Xg)tyKv-AUzSUk<-3D>KURN%UU4}WLJbULfrw!Z&UQb&Ghg`%+f{o*L<%Zrv
zrMD?fP6Rzs`cUhu>EAv#RUG=hRS@Q@eTqX!{`P#(;Lcrlx25a8wBHaG-$jIP`Cbwd
zqD4&R``xA8yZ96He%@DDbZmrVA;H){XIdT&vrqG%pqE;gxo;jhjE@`pL5Y?`j=`_;
z(+%_3)wxrXsi$w?bW~+~Wp5w*$}(|I4(a*k_TB;+j4Q55&=VAuGEOA8B)9zQ(`Kau
z^Ut%q1o3zqLQgEW)X41@lxWeWvzPA^pfyP^hOMwGbD1@8)o_4L-cT3Vc6!MF0B_Tb
zlTsf`F+?H>ynYWmnbF&aB~)LBXoPz`o%k?EsV%bj9#>;8r3$RXpgB*@z)-{43zytP
zE<8<D?y$uxyJQ&q^2XB`VxTILgQts~aDflJ=V^9deELD=^ZcD-=f!UO#EJ9OhPj>;
zlH-t~)^&_pxb&q4(QB)shMJ%I(j$E*y$W;X2%cao7=r|R0{1(BI8|SDoV!cB-_gxB
zw)<AG$cyYdSra|H8XTM}4=7ud@7pU`RGi{7LwW)1e)Sy1eid|E7f!>e^o>%h(D*EM
zY09v9Uuq2`D6yRE>KC$nc4(hEheG`3NKHk(4Xhkz&kevX*DFP<s2<lS4m#jnwfAUM
zi*Wd%QzVxS_qj4;()t1dTbs4`V1;HKAIYy;i#KB|r=~U%a+NjJZm*lS;?UU_H^2=_
z=QJM93zU!?d>ZIf5IuJJ9+nb6U(q=yhgV%(5A%b~w)}GytW3E3B;ex@Cuk3m-MW>Z
zLt?%+^=NC<LGG`HJK^PmGN0r4lqsIAC7|SE*u|zPs56ltJfFwYi1ZrXuLb^|tD^NC
z803-Vi;vAbZp!ru&Lhoq;=bf%M`MQlDUZjpCk3z<Dc~M41^S9`fRS@#A`~t%<$JhV
z9X!#Xmp+$|dE5L9oJTE;^{KX}P~_(=?Qgf{imN6s!etn@KHszL<H8$q<2FkqcB#qZ
zfe?=eqp{toYtjejeufYGcESjNWKRZFooF9$VEEdzkV7nW@{U_6f-G&l5YXwG|EFSq
z#+pwv+mcTJaluyEs`0-&$Mz3d2voTbu2cYSf91GUFrsJq5d@b!FR&gxi~VLV`2DPd
zQLcx!4tRRg+S{<#?U4eau7Qgvs~gQ!wQ)}<C?s&;JnkV4fQtcNoe|v9u!cOLvrfL8
zT$g5XQ~Nf$`yhMC17)~E+PZoz^a@{H%Lg5?_wdT;>DvS(T|TzL528N<w=T*$7=Y&l
zd`3GYaR?doq1-hZi@d5gL8pM(!h^e*)=iJ<<p*mnoh&l(VtZdA5+PW5xxH9ACo-)m
z@WvCRiC0T|7FdjL*b_vEi9UYISL@2MscGF%{R%Kcv)}vuZWB4!LSXl^K1&|-b1><x
zB%QTsczpAAdjs6O4bk+ST8`ihZN>W<N6xwDF4fz_g!~xV72S-I>8c`@Cz>@QVuPvg
zKCTn?P{AME5Mdr7Xx}+&4c87f%2`?j0>YO<&r_aZ$I;`3#NI-uLJG`BQR3RACvzy1
zZZ79{E4Zj5GB^@@)mbhg>|RXsfs8e0Niqg-xyvjpFPC&a4fBYrr+5k`K3>-JqIZu}
zS)v2oR$UqE;EOHcr-}j>o^C=pI5kGLpbK^(5Bmc=85c9<aN6J!Qb+|U(6@fIU|)|n
z@|x$I!TsugwDOUQdcq!7Vo|)VJz+*zpvT?M%lExQa;O?rJHIw*C?2kmSc^OWr*IQ(
znQ*5;-T2<NYic}x&fz```L=%*M97`iKvj(!`?6fnuR9F??eF}=-f1)46T(7c-!<Pb
z7M?%9eMnj)y4#PDC%B*aCU7amsz+$f<UFxga-3pPj7gHb%(bt)XboAD`<PGfghJ!J
z7%tK-J>56=ku$<i7(lFm%qhFEqEsqENBsVq@mcMQ625iAPCsx;Znbs{KmARO4{1Dp
z>XW_A@4d5Xu&+aXQ%(&|XN&l}=i$Cv8oj6ZcFaf<dyEBTOdk>md!TDd0lb<(qEGfi
zAnepvTSV$9!|58688V+S&CH2Ygra?E$RM1rC_M&z;`0VS@D=U0HJgrq29SPA>JjYx
zM(xA>+(_}T;C3>hKGoeJ=QHIg$1z7PyjdC~iKhHmoYpAgH`J9JH8)$^_e>v<9ei=p
z*m->X0aHANTkxbOd7ZQg)0bFwoQIQb#AkDH4l0JfV8*kGPHzcS;k$gCrsGX5ec9wu
zptnONq5ACBydaunJyyW@^;#;}9$$jv;OB}v?gH8MD!Aq2B0GJJJ?P26d_4OJHs7GJ
zqas$Qsq3?W5YlJPBt9Ly$3PA{7}Bv?v8Q33rtiHgMxjT*uLtW83CFw-r9QB@cm1mj
zK-~w+ZzUA7VmT6s>Vi!czXjS*Sy<Pt?0yvVHk`qmfwwFgUqa)Pc&!a)>l{`;l3N!g
zPWcSov`6j|(u2n3e4|nlF3?W&<LnhDmre`@0mRFv7-=oknrHLe<Qw9T(QiLp5f`iC
zS{04AYa$&8JH#fIoOdj*R|~D$=c?^Co6Vj`)zv_ny9199`FiHApFVh5w&u7^&EDR)
z@0}cDxszp~bo8EJoO_{?PD9?jL97SPQeEA*6HwiW5cP?(9dDGT7d*&*oqoA>`EN&P
zbk+F=wp?s{pKPL5`r?y!1<e$%h-FNCF5<oR)g9Bz6SQP<^W2y9-}=vZ2^LKOP;l#+
zDi%a0E_0f5UW_Y}V*If__=M)mFT|wvSiPwMfBwL7|4b0+UKY#le`4Q|i}htrW=iA{
zw!N)INT~H>1(Qu`e1=Q-H2y5}*|sOi56}un)1y=9dPjFb%9Ebd5+&qH^kO+*Q^_L(
z8U@x-dNwbK$GP~O`LlE70>e{<S=Vbhps8sVUXYFJ^*V^3!(hM@3g!5XA!LHbM1VOb
z_>sw|-uqB*?98#bhg(1Eo-e&-qG~bhHFpD~g^Y(nl(!Ob5bGTCWIx|=ptev3+aA$F
z=k``R$PtjUA%t7}B;n3U&ovd)9(bGeq8E(@X;LEUJ$qvE=%c;+UD$HCInaQF%9S`x
zs9A40&#}UClk>#t`m_*t0nB@bYU3jRJaa<evm(yC-VDiwhlqA78Ww__k6nG=fVy2M
zD>=S`DDdq~uk#cetv`;Z)%*6B=(+rK#5aoKf+dN%l*YpwF{lE9>}%hY3#Qq;c*kR*
z0^ubcX>!~brH-B_q?YXrQxskZqctr#wYv=?We*MRP{flKEZrpHr_MP<e9>;{ITQ2H
z9R1|Ew@!ZbYh^5AceWl}1~BnheYUofH%IvG4IPxZw<SMbJWZ?p#30kbvNrjA?4G)D
znpElZTXbxKZn>(z1hsYwt|%sIY)HQy!sR8w&;y~??7{i<vhFE6c?w|jKJ0@tqHUtk
zq+Z@&hJ9UEpLYKCf0!&7!m*$$*(DcK9tC}5AFi4C@EC42-2{5@thKU*2QCU>JWaYg
zJC!u&+H}$RiG9C4qzeP?;4ysvnQyPvp?*jNn$cIkdO`op??U;a9t3P#J@kzz#p^fp
zb}EHEu_YZ2^+F!@%IyL^Czyg<Q6n&KpX;Q&Jba1$%sHN(WO4KswteGba@ybP%O}a=
zY(GN$?@7f_L86L|?l0Nxm(|XFpFNp(9SxW-IXIHXWFx6v<7RP>42a0R<z|S=88lO{
zn;=7S89T1T*LjMB9;4(JR6fV2OLwhhud0q}_p&H`41TkVpYnr}OEaN3!$UL|0~Q)+
z3`33UM2<X4Walf?e83BoWg>a9jg9mhybHjaY=#U;y_#!orxPiogWw^*Ms?LAh07^A
z=B(VI(#;{)UML`bcWBsn6oqfTfJ}Mno;SsM$$=X(_$l^t`s}IDHYc4p+2?!{$0N}*
zTMcTh;&Z7rm-k_C=L`{4-9t)aY%NOfncf5I9dyR;bnb!@?6J5-pT*}Bp`(rs@v>|*
z3Hu1TT)b9FIh@i0U*YIU^^^H9?jjy8F{Q`shB7mO*C17hO3q_Y;!Az6FksclQ`nBH
z@y$KA>s@>MC4UlnL~uhd+^?Z@jzNd3=|~(DV_;CT&SAM5L3uRxu(`v8;WZU5h0}I~
z^HhTou^lk|+#c<*EPt;$eYuC`XhGqPQa6yW(4%~hAA#JqMZ$a7P7~LY!b{&p>b&o}
zXE(2C%?Rgbmzfsh>=T<aeI)?aJ1K@?)=Xa5(sBH1oCh?sM_U%2P*ptgjha<7yGKZ1
zUkb-Qa=cqoz7u0SP#4)l{WbuXp^zMVXqQ4O_oRtDLe$@op&3e@S+SP_>hOv|<|Geb
zjh~xGhy1dK1NMGhMC?K!m%~x?(Ix$fem`$GdRc?J?q2C?bTBR)zX=7jFg9;D>b}J5
zLo$z)B`NEZHlW~+>YEnGDss?4?CF=BEqki&5chtJeUuIy=?9(+Py0G~1#V@Yc=Wg%
z@%B-42K50!uh{YPKJ5uSZB^ZW&cj3V>LCeJGCKF%ei9Y&q(Oi`+1YmC%6EGGXmiO<
z21c?&Qe8f+gt@TSP0Ns%rhM3r?su0x{KUGs3T)C#oftx!+S3ar(MY2-J_kB&*GV2f
zkoO1Q>qc7daV$*e9$M;-^g_9mskb@4JKLp~|BvyU%C(eFkDu_J&jJP0ZYRS&3eCg9
z$dPjRzSkXAu)S`K&U&cLxVjv_Igc$xll~d|Q+eWfT)Zl5eG8ZgVPr?+_V{CS@bbd+
zm-BgN>Ec}<Ao1O&+62ATzEKHM-YLo+k5n@(IyXC!E0avH+>~2w7r{{ke2z!hP5S1?
zya(Txe?t!Bbx6hD(EjFtg9%?4pLMWg>Gz(yH>L36)08;ybqF&b?ZJJSnXCO|_X2eE
zPTexvXj2K$*3<WML+UaY4PYm{=t~t0d@@c|Ru~3?mq@a+mH?ouKh5d>NG2qo^BsrC
zD5dw-LZt|?!*_HyJB^tHIAP}3a7QY82<A?Z3v(x~63$XlKDpkzrk{u<TlBk#Vvke#
zWIXV#+^46Kxt^3feDc=AnE*FH$iI^nzBFeCD2}(i#e_hyq~`lx$jt@sT{c_;tfhl{
zI=>zgS78I;pt=5V<32!gRwZ%9@H8=l7tZH^?mdrTo60wZe8>FMOW_KKkoT{<+a_nm
zU#5Fdv3?(3NRs9^6L$a}>3=J~dyOTa9-f;wgv?WPV-1g7r)4eJkp7zY>A!ud!D$<a
z1!nUJn0mZylNxZOpU_CnT<dMoE)JNnur8ef%n7hlSyy$8<rKm>Mkf`a8_cOM&%LFQ
z?RTln_vuo~weMU}1m^|wVeVMfdt|H5)qabv4<ILls~8XMxzn!1|3tv)xA8t>revM|
z{3lY*z4mz@7B+T#<~6L+(vLz-j@pT<buSPHKOro2B*{}#87tA!!1_MCuyRWB`;Fnd
z39wwBrTl93(~4hi8X9W68&?J&ZwppGQ~baI4L44bWiZ{QI5P5{R}=+~{uwv$+c2E<
z6~ehF_ha7E+;HV;BU%;+4P&;u<6A$+VF_>j#zYhmm#+mra#~{NK8{#ln#I9{u9wZB
zIEpzQEjfMo%A9VpuWi7wrFaIFU{1)viby~HzFf{;Q)IXk52hdZ;!00`eoV51eN%+<
znm)1+WvNG(Xj&2IB`T8UsTB%=7AhJR-FWKqZ8F1K^0{g~{NE*sgq)|k?^hZG$b34S
zfjhoK&5$GkD^Vfo3+*Ue{dAPwTUPXR|K1g?w7S^Eyl9OfU;l`nsK<?o4KG3w>vEck
zdiTSKJ0#wh9V^cbh@IZ6z~oQXVN`P;o4b&8=X3erWv4qaH2A)Guj=>&p4NLEy(L#(
zBE}*iW}Nyuk{4l6uUA{%nfzL)m>U01Vikhtn)2m%gx$sUn?yFk3v<S%?)LerWB9SF
zIQrDKvu@94$4AVx?q++UD6+)*;v!{D1Kn%Q*W382NE2B+Ae?VnII!^rttd~^#+#ip
z-^eW}l^0xk=_m~xc;6C3eU`s=Pwt0+{zUXqMeeF=+ui4Mx&jWT$-TvZbZMRp)$EGB
z?~9(J_5yOqe<9#+XKS~aM<ne$9g-XFN-rziVZKX}eFI>g)P^;kgoP#T^R}_T-Vrch
zVwgVW28;Ol@sq`!Is^vBICGK;clWVLe(KO^>oH!>kAqk9iEB+$a;(UP-!FA*sUbj~
zQaR#qVrl80was#07Ew`VH}QjHM#m2_m;&LkOYpV>vS{Ao$Jkc+YtKozXICuEeGKo(
z^T3l{$jiBHem<Jm8*nokPH4<YEBL0S80LwWJ{43;49(#Ete$Zl*|4{6{Pr?WypUcr
zxpQg~OzpELiTy6k>t)5ReWdGYfp`hL(_`RzJXIE#H;_*~BrC;$x3lkg+HKHU{6gck
zE{Ay=`|B)ZHWPZ;t0^_^%;9UZ&9E(_auW9TvD%{(R|Mg5^z<lE@nKrTE1G%5WU}|0
zC(WUVa2;>hQ@z~4V_ul|fK1=@%W$}I&@QQ6?fS-CA|sWJ(Rn20eufZZk=;C>cW?ne
z-q<yXDDb!vC7o~Db(0?;d-}m#Dkc3Ogj*k2!t38LFHw)<ezunx;MBwx>u?eI2=Y+n
zp8f0+opKa)hX}<EYgh6G^k{5&gm(qFPKvwc`*W%uK{jju>USA@#Tr~*^d1+C?XN=f
zbP6=Z+Yax;iE$o5jO5u{aOb9rKUy{6_a@lxP7=TG+ZXJccxE<Uj9<w<nMtxf#<fHH
zq6Htktxdi34_6H=M(b@@x;G`r{gE>T!`bZuiZXPGq5J>r?Sb{TZ#uedKa-a>Ep2>k
z^@?{E+;zKLaFp~(R8ADg0xxJp>PK{jCdq1hxA4rvIZ|2+ey|{!bdBo}qA1W^I4tpv
z8eXx-j`CnVvC196w$kS?U^%nhxP9rHa%t44L%%#N{I?gjpW9Go$z#}Lx%A{>iX1(3
zg8?#d1b}FR^R$U@cs+6qVWt3~O?_KKKU43@`^4WhJ&(H|zs(K;IIGv-UbuvtZ?nOk
zNleCkiYZ#v^pP3v*$VQjiv-MH{T-k_ejG<`A+Z0m?ho_?CZv^?1uG=<xr&f|Sytfj
z?M1c6kgSCk2>cA#OO@<L;arR8z?0EAE?!euMd!Mps0c&D6UI?;2l(I}Z@##7-#R7S
zTZ{0>@y**pz5tx>r{Dy$y?>)ihh&xx-0`b!dTMyO&$#fp%$)k-H~?%lG?{ZzOOJHW
zj%!d#-#(Y&t4LL!+CI=kAYbdrF^^grz4}n)K^D3c8YRissh1>P_CzoWp|{VS<Nen9
z66B6Mfstz;&WpO1`F1=)bozUrPm5I(ylA@?D_1qi)i~kyW^?J=D4{4+WskK|oZ<{&
z<p6kKMYo<V7kxBdVo~{PKec5RgSd*)ao|!YYNPj!Xz_ElQ;%OE54|Cz=Zs#uas5Gh
zqP)1ND-;V9G>Rg6XEvbxn{_~6sTo4M@*O!vcxh}RbwA7c$Ml=*=~^UiX73t!nDx{(
zUqNvXxR;=4pwR<|PfT0F@?~27xKNxi`G)E}wf7jvwRofm)q?$AvHMM}(XYZUf;Lhu
z<XE6zfjM~B%L*i)mjC96_+bZ)w0p92IKJ}Ry?AL$5{yC%&nnSn`6ilRWBF&6S^ITt
zZ1a0#(sHfbn~BlgWxwgcTrV@paXO_^k6B8lEWz!!mI{0N{ng1z)t>zA+upa|(;2vx
zZl6;|CKi4r|J;Az!qFFqvk{phxNHxCDM^_uLI=zI>UaO_cUWm7L|zj7?ucADkm5<e
zUnuz7J$oJspA53@i3+R!5Xe(Tq8|x<q#cmg<IkmN*n=#~YpA^Tb3B10GCYF>6GSx@
zy5FR_$2Y3ChGQp;c}eE|Wd}22uv$;A=FxEQJnAPA>K+3y`1+Gp%N{vjP)g&x**#MK
zyb-S8E1M6Uw|(>+dm#?|0=NSn2prN~#jg(;;|>OV+w%-PUc!4HcMU$Kbw1BoiaC5r
z!wZdvS<cIpbI1~p`<LZOGss!B^%2cS2AIxE^MSa6IrMhD-^b;sO4jq6c6AC)%xSBZ
zaO4B>&5Svs_ZW$7Mc?fB45gn?j@GfZ3wjms0u03Z6($%RO4&YCCf}{y9Ip9%lzT~S
zvSl7xQ{7xUvxm+y@W3NuFK3kxnJwcG9^zH8ZRx43IeG+GF5ef9Yh3T&euL$CbJYgh
zq5k?jyP8CvS|$Qg2s_DqQ!XxHXB}WkehPr1?_E}0xzm~LEcz&+JQR2m@SOHsHm`g{
zdhnF`*^j^zZQi$ac&{A@xCUhYbu*gLQ&*q2dfHbK-aTy`QhwSe*^V#LAWMUC1@zwL
zum_@9<X*Y<Hw#AX2^X_^Z1{dh1JLY>t5|$r<l?<r^^Nsb0c2+sXx7V^;E%02=jVRu
zEd(c^2^GhA;G4?ml3LI?_uy9)8TW1q*&{8f{F1=qUZ2xKI`27o&dyWaC^zYSKhV6q
z$NOGo2G`Yin&+vlyl=xifJ7@(IHd>nqI)U8f({^_;nQGE5)f$aaA9UWAKAvU5d7#{
zKY}eaQ2aRpZ|_r<+cxxM_E%Xuc;6oMmrlRt^#D$lhMKp5Rj*z+*ngu;>rtWb(ic5y
zQi;x5*(dbsIKs!ywWtrkoX=&&>&)*n!QXz{mYb*Q*vr~8fVbp6$#d&eLP2bUV6p-E
z`w6+{kTEcSjuH6K0J3T%FO+0wkY1t?DB9JVt*E-`y0O#`8}p^wOCu*hV2ATXP@OFS
zzBv@#{CQr=aLUR4&K~t6!@4II+9T26pY!@2A>0bw=rVC`kbHEYwc%u+v@1sez9Ew*
z(OeSM`FxeF2zX6aUcgG2fEmiETuvX40?gRXi0%`TvkuK!P<%o}l7+M9p^*1(9Hxu$
zvT<Fe!qFLez_*{P;|ek~mOx({>b!OBljJ6Ha9&KK-Foqm6&Bm{-Q<0fGL&^<x=C&u
zS>Zm3ECn${`Pt*xeFzZQG55Cn<nB`?FJf44tt0iq(W*LL(oYJ}lYz=}qz+#gxGUdL
zg<U9p1jOF@$d@7Vt+jUaJkjJJ-MliF!z9I}<t@N5juZjKutBsjeBAMK6lU(d<yt{N
z+g3JnW-a~5e%4gSTF0j{P>%WMh^eek8kc#ZG5582jAfRH#okJsiHk$NQM3}gPk{SK
ztZ+g%`As`d(K{AJXWy42#Uu`V15Hry9y<?k<?X)AiAl({Ct=;}QD@en8{b*s+wt@8
z+}bJbM#Rpw1xbLoEP2Fj%J_s2^viOzS%yd+VKKpJwKDN&d}*8$;tSF=d=hRghowrm
zRC(b<&*M^f`a9AjS*AFf--$z?z0x_v?~$lr(>OZR$W;64@b=pa_nSa#I0stpC7&qI
z_8O&CZ6-9#(vF(PRxZG2SjCNbzca#fm#(%PGsQ@OB@z4zJkQ${@wqu6DO!DMf&tZY
zftZscX^VU&Z?)sO{FKuBs6po9CcKd-PfetVEh0Tab=-upIWsL@qPq6WOT&LVbaNbp
z!%BVh%-s`%*(M%-W3u@(GuVeqF14p9>-~d9J;oQGvNh|A$Hp#+(pB{|pL1^Hk(VGO
z{o!RXn)K0f^phVmEGPx*DTlAUG_F&9ep|_#kmuZ_1(AW$L!GDJvf6<@w4c%TKkEbq
zfqdK!s4ko!lfX8GZIbms6N9;mc{T#*6ef-!P9MkYgO)Z2rLPf#f#a3Idrg_y@G17>
zo54^v;b~89M-m`dU=r6d96WF;zQN6Gw`ciuzdb}@6+!~{DYexz7+=|&)IHyoOe-e4
z%+*5^aEp+=W;~%+vU1PS_bmDe5IxP!K)!bSh;UJtrdwsj{qBIy!Oi_{?yq*9yt>n9
zN0W5A7lH6HDc3b$ajb*N&|rY~VTN3vYr}r$W$GfKkTL`y)Hv%gUl++W^lvWM*ZGPR
z&6oklZW!Z%C$|fLv%X#?U}yq3Ws1!X*i-W|=s9)NN0b^Sb_DnIK0$rREzha$qHo;H
z6YaN@ryXoOZJf!6VM~rNjx8P56Sq&8Th^MTe^Y^`H3ODWcn)oOegsRG9@EelvJOX7
z;%t0^9GYyf0Qn`9$*yhHhrf%O4(`Kq<tu%?y{kL$a(Yg9WwG8|dODox$@9mVG}UYl
z_j17T&B39%JQBhetN^1_0Uibu&0u%K8N+W%Rb2FaS$bVCckWx91#{b#K+VV?L{@Mf
z?M=KZ)NO66Oqc7%clsK0Y&7_?!9FrUV2?Bi++>84A!oURj>OgpdH;Ki{2MFT(SrDw
z5FO++f%6hP2%E)3-dPW$Rg}W_t+<Zy%H^2A8$`YJy=u3wKlQP*@FIx92lNuikmV1#
zU{-|PLL7}A6;Hl>e$7Ad-=5xfqisa88rfJDQC;$p;P31OCCUla4>fyjq~)C8l52IM
zVIHbuQ_SGg3o8tgnx+Ij!UkXUvz0Zjf6a+4{OG!NmD5#*8wM9YdsYSdrjZQy(_tsS
z-a)xv^*}RS3K>#0S)(UUO8+^to?-~(uqb$19Sl1B=-T@OxQN8aEFR=g`f=>Psiaq}
zR=wSn>)dV>j^SQMwOOAlbMipQG6<eOAGE!6=G-7ZI-aE7SnCfpWUC=kh+Y^!K6Gd}
zA`PV;$E<t%5o9xs{Kmy3cmk_eGqwew^a#B@*{8sl4yknT%ZVpX;}e4}Mq_s*3RBML
z9=KMuoabV&c32hZYLjypncb^s{+*-BoX1X(Sa`^AIEpglGdz6yiylRNJksU@THT2g
zSnMW$XNP>$zJbA}>SKEqZtKW*3BqpgnQt~qe$6<Oi6EIbWi>eGCNqiMv*kz!i9q=J
zRS<t7lau)S-AN*M=W>?|HP(GtWf^*g_JKdrvBT%7!=<_{d5=uld1CS9)q{5n=faWG
zEB_I8Ey=R$Hf&4$lNwU|?0-qG<TLG8ca%zQPIuduK)@ma3p%a1onfC{SQ~xaZ6oBA
zcxx&0hR5b{IDLh`gTym7%xjNQU86~cyRI?vojxm#pnt(s+3jZg6yv?;5eqyk$DPi-
z442M!$t_t`AU<~N)Y?&hRpBZ3N033%w#Sj|%U!+#v)kKhp9{HK=c75FKfuw<_l$Ie
zk+6>ANJ;XRj?E=UhZg0toa`xPy6ETO<Ad<K7tdqid#M%avuooNryg5r?2B$SO<#-R
z5`}VHFnt9^va5?55&beJrs7=8&!WsL7<Dww#esvopcL%5H$HYB&Q}(rPXbq}tV{a_
z9r#{KM;O;2&!K_I3@fVETj#tViv4p|?sp2f&DP_tqF6|$?*QBf6j1DPnjcdYEWiDf
zWX}_DW!lqENcD}-)QfVN5(*l^gOmV=fhi)LIfOQS^qhC4DD$P9YXxC>ik$fD(g2v|
zEXG@Qbx1eSYe;$Gu#Oa$BL$IAT}OK*;#Ac?onm$v<<Y7$DmNmco^tj_*x`HI18^a!
zjji_*@6#T^kI9Ry0o~K}&9mg0s4r}W?ER_EXyEXLJEn6m-i>*B8NLJ;DbBe_MbOAi
zP|Oa4we`6I$2q~A2iesa9l0+Zm5gDoeBdzprF?LGqLAPAy261+ANO9Z9$cd7$Yp`+
zbZz^w3wYa0)FM}9(Wu4iYxWN?a@k`ZtiTZ(jwfXpQOC^=T$zyAwydcyi}ziP-}~9n
z_KmF~4Bvv!C3>DHOr7Net`Q@s#<3_*uad}ey7R`+<vvAx1yvNzhO5afw{2lB$GH1e
zSZ9;W(@hy~2k|5JX@bocMTYw{5nr4`f!rfcLnp<3Kxc#-_oGshJiI5BX8XWVwnvq}
z*lDFNh-&?Yo+))ml&^zY{jTKYYMR<_!@XrgNGt58^jv1z#6V{Q7hnBsSYVCcy`a)F
zjK}CGW~K?5bn}u;CFJ@yC<FaCjFF@?bMa$HureUV&@L&kZoqO7t*r_(Zldqk)P0vE
z*TEb4t+A{i?Hgm$a*toh)HuXY^JF>p)V<U<>#POY0fw(7;_a@*q8cCT+sx2&ndGeJ
zeqCAP=w?Q2Jx{+;Fc>%Y`&khUaE$dNPOu*h5l6XIrz1LTZ-O<V8lsdv0i=CWgIsdH
ztTTC<<2c|{=Y4|V(v<AXg@^s0-P*>joFE>*7bD+dH}Wqw(B3}qJ4eX%Fxk%uy7-+N
z{$)@zFftlRJ)P5Gkqkj9t`iNf<|-u+eTLYv^7I$+eS}-C-N`J%ihz$q@<tuLEp*{f
z72YquZ<$D1r*Vpohlsp7G7zcy9+?VVrN<?!x%G1k0M8xA(*6v9NIvJ%Gs@!wA=Y)T
z)IS|kC4sQ)wCL0xvK`lNL{UGpDBG-i{7b{q(@(8br+4k&ob160RrqEx50xA!a;Q8|
zf`C!71h2?3U(}Gt@bAUNFXU%}d!d|=Scl~6NLlAg7ElnZHy*@D35gVLsGcagoC+Do
zz96b?k~8OML`FUyYVBajM^x}0p(zz+;l1o0DkzxzWSK6)30C2Yf9@7=88@sX)&Lc(
z2q)!nAt*hER<Cv=<-_Ifb8hz`GjF*SE(jMz?a*O`2CIXq8cB(MOp52N%3kwz;atnk
z%tMbEv6*TfIY!2pW9d7u=<Iu5&CzSTyn6;9a19$+aYof2OHtHgqfLY}pQA^Tvz#k8
z&2e({i1WUp4hs(<_xQ&+%8!dx6kdl+{EjWo+MzD#C%@*3pE|+9J$?(Z&wDo4J#r#l
zci}YOWQqhPBw~yL!n@#E=;zMDjL`OQN1AMc=m)TPY1iT@M|1oDiOIpl2ZiovGsnBL
zu~FsOZtO=WTNbwRvQ65qTaYsw-IxWyRwx<0eaB@bx(~*aSF{ThPW6x~si>41p1#re
zxG`McK8YSZe(F|F7eOT@(bw=97OXjEDhJN);>o#o5oNu~fWWlwTH2G*;j*_MKqb#$
z3pn#Pe^PQ>n?4)mQYlf+lCSBhc9G)yVxxNU<unTE8L&qmv%Z&3EvSRbdaG7qCGMK)
z*bU!ExT;B*<p#HJP~2q2-k*s0^Ash+d7#WIjnAiREf^ryGrusrCreae&aHtz+Zfz?
z{0RaSPm<*|vx0PLN0ykLZ|;Q}eTbBc<>4S-6YpEIwBcuEZUmMD!}Z6Jq7L9(C!N$n
zCq^r41DjV)d!^UcZ5|?h?#?%R9|ijNv<daQs+d+R%dmrQzf9%QH4!AEevj84iR5#?
z*HQER`y6}sdcUp5vZ5q(JN8(r-^>$VGYbVu9UU;QjTOI?GPc)lm6k(#y283jkj#18
zbfi>T`1^x_7Up{xzaI2E7hy*)#ZubUst2b~b_J#DiFYu${h;+`(1@5^mSSg}ucMr=
zXR?ju0#HJJmW^Q-5;YedCC}0u)ys2$sIE2LIkoyISv^K~^{*e1B7nYqS?{5OE-9Pu
z%+|*)yw7p`CK%rR1i&jH>W44I+ot304*}o{6W1^U%~wKq-%i~TM4af1V$`EyNAeDb
zRcMA~E&)fceI_>5&O_fRs)ID6^scAY_eMvBlcj989w#|km#+sEW);03_4cqHe~<rr
zIfoIO31jDyDzmX!Pb+o6X<LWRMZE918%TEr>nR-VGqDuL)31gf)|(iQ^Er=XUFWLw
z2*0qLA(!snt1OUDt=!4$!(ZN?+$)nb=(YPK{&ixz9o&t0={vuDoIpdA=G@%TGSj@T
zCaz$g_)Y-C^j`C_KH0lHJ9RO;Xox-vAbOy|w-9N78;1z1!{AUf@;SPTeS!3lU%Ebh
zg{2qpFRtz~od(axIK;<<G)6fC;w^(C55wl+)U85s1(k$X5IJkvN3X%FRjE=ZbR6;=
z5L}+it%}G85;t%wMC<FsC_al1+fPCd8Et+?>_|KnMdi%dmk7Nl^OtLM{LUr^u!DY0
z_H^}Pf9GP6hW-%ji#J1y3E0el4eEF@k^x5zhmrd1tub0Yj~0vDz>_h$^swMyj}eNT
zCo4fp;elZ0@DVsxvE_Ee6hV<qTV@V8;3LlGT0q#_W3iFfZy-)a_F-v#|4wC);{H$V
z>?wBH9*6<G`gMqs1-_!(dFyzp&MlAH-J{#lMqs0bFyAYuVG~I?MF4R8roTdeA@Fe7
zK^Z`MY(Lo0L7V)>1+j(jUVn7!F^XFO_oA~q#pkJCvWFqy!lbFsg#(n^eJPId{gy*^
z?s5vh&n}lf#A3I<+-y7NA=8}uYDmFAcxVc~(tkw0%;~z{Q4epfHeaLDk7Bms<UXqY
zl%FcUA_-GNHV+K$X;3s{`z9cj^z_#4{=C2+ty31_9e8^*IQ-qsY46SYEXDiWK1jFQ
z3=^nsKxGczMh9Vnn<`nAI%S_R!v@dc*ihD43eP6n)8Y-{<+5udQ_Mj`w>)uJZ0hPO
z(CXB@p2rBgL0$6Xm+gEW3&waN<S|^<G`(~dIDE%r4jzdclQGGd;Ib*8Sqv?*$+c*A
z%39=VsUPej_HS4P58>PRQQzqy4)lrBVb*8BZG!Ymz<#CZwC6*#>&gxa1l_)mr*bns
zGMGKMDst=^t+ihyOHz%IOJ9`nF78`nXS@7fIzSv}uwYXj)n1u6)UFSO^YcmHu=l6x
z8H;iBKE3^*h;H0L6o$C|^mNsuqFVH%^ecPIT6HGSpjY)yQymCSy6>0AqTtBqtZ^Tr
zTe`RB`%;-lngQ#44Rq=y!)@m8H!2aHJ9rf!SY+P<9k)gh(NM0(I@+K9P+s+Pcsxz&
zNYZc<ipR7_TWPC(9#D*#_;%YbRQ#Q0zQ}d_@#(r;B`LiWb$qE8u?FJYKozq)5%I|5
z!*7hD?29SrbrA#^LeJA{{uS<fF4omYtuSt@exveB=#q;PAt>kOxwImW44&T42A5g&
zoTGkYDj@t7IS9=sl@ItWJ%*RyuC7&T^n)~x?E6o)NHQ!(`$UG**$A+6i_~LJJPtbC
z&KDWZyYuR^dbA0Bq(kw}ETDdi4|vaw3dqKbO!-+}u8`<a^1bGHN3Onlcc<=wF@Hk$
z0N=febF$`pMIGWqm!4?nWdSgz3=4-8@?OgPKofJ%sl9*{;Gg@jKmx+pB-qp2I~-4q
z_IXMQk30p756+vED)0%R>u(j0)|a|8uS77Qjo#8cP^5GO-!mx~l#T5J&~lIBad_*u
z9QrzX+`vG;aHq0r=D1!yHpU#hz*_;wYi#DEA+_?{QYU{Z(M71Dbg5&!%;DAJ9TFVt
z2543@K~<V*Xe|D6OIV0_v3Y<&lfztR!0bM)rMKvMC=RURv8RwBvv}G!;(jifi^L67
zwDQ*JHa-1LwMBw|o%#{)YOaduD$r$4`7FyX_19<V2%+6G^VH<I4Rtooijb^ocS?Xv
z*w8DL$Z*93c%LwLsPC+J5~P+{VLxBma#lm`nnxIHi`TX025~f;{tT<f_2hnGauIp3
zgm?XwCeX4u_$8A)IH?J?)9omgXCwrBA9&s)^f9*x_Rp$&^?S*Hj~s||Sft})z~Pw{
z5l!WP!QA_ha{IpGO66FKH3E=Oc|X(Nn<;oh1T`V$B<Wyetf=di&j)Q0{0QUdf}d{$
zpyQ?@vB1&@UyIW-h8P}}@6q(TCY`kj5u1@y)szaV-b~v#XW*!$Jk2Cuk}XvI!o}bD
z=fmm&b6*9`mhuM%E#23G-=mskb4O+JS}945=~K6>Tf)}tYyie19VZW)YzC!bDw)cZ
z6W+_2_h{E#c`C?q^Kg*$J;aJWhvI!1@6AwXQ8Sngz9-xsh1jG#Cp<~zB751OKoZ))
zL9ippA@MI{tQ#t%iB*=eX&rj_HZXyOxwCJy%W1mp$eKOSp16dzpHZ5Y#M|bdgW<zC
zJ11csHHp;`pl%$dJDXpUd%@K{PzTNeIekQ9#!scMF9Ogy;@#xigF^3T>8rmJtB07*
zV;mB4bQF5Pz8QTuNs_tfa<GYF^i^aV!mlw0dE=lL($^s?EESg?!KgB)_kl_JK$(CK
zY$+@`+vbvu>7$9)VwLjb=d|c?zLO(nqxY1spjYZ}?wKRNHhN-g!Q=>7tfZbmeoD+P
z!24A6^EZ`Q)(qXbmorX$9#w-E<}=iJS_`flP(zxIs5TvU2Qpo!4r+Z0(fQ#yRqngK
z{5&Rks)K~N@7GmpbIah7I6Ae!Dp407^B{<O_-}qfZKUfixryUbI6$HZx%_=;%U<N+
zxM^Q9N!t@VdvI+<dJX8IqOg&h_ctdQ4l27|PeLSD%dIBHLmmq#(itHPW(J)-N^tCv
zT8h%#fTu);I}Y@%zUiNL?B|4f2wd8r+HNw}i5lwDAzwdwXD~d$u5fZZ2=(SGZ<^|O
z`Sbf+RM+;V8<j;1TykF#Qu^k6hCaKOnG2bzX5@39P<!9^Fbww_bi!@Yph!iOFUb6(
zdgt70C%g8sa<lTIr?D^Lm$K|<fB>xV5LB|(WT)#TN_d4p=agYkII;Ux`%D~4B^^&k
zPDg+5D*6f3e)ZZXo{mb_<((UL-m_e9ieJe1J2Bm43JB|H=m74H^_Oe%^g{W$b`H0b
zd7yD$aXI1%%I0Et8Z`jziFo1FidM)xv<lygVfC|1o%eb`(p5U_-}~?HvDV(|=6uEE
z@Ai}|?l6yBoSb6RuU%+xoWWjQ$0Hd2jhD?;Z)+%;E*X#h=PdK#yRR5`&!YQGZ5DPo
zBe6f3StFv~tC(V;2L_fFXCg)~0I2dpoH(;|0X*wUmYwOjRzsud8(Qb-7B{ufNWVcM
zPWQ$sYElQRn#Iot(wmA!Bq?%8w7)5^x36WMVsEdfOI)fh3oz#;;C`$;?F3rZh}v<-
z!7s_Xd?aWClbJdi?Q1u=ibB2W@_s>9gG4D!-0SXb0fK4%e$x@lso;KmNpdKRfglCR
zrkDoX<m$yF6w<N>Ctr|RX=SCr!94GmoqI`pM~z&K;w{uOE5_6I=~y{+j|tDY<pO+3
zBw<c!MsjTXlOtk=b?7@<KZssLXKugZF7J-BTkNCSkd(0Kz<G6$K}nK%gC35$KsH>6
z-a{KtjE{5S7$j>?Qv{i7S^5#|*@ZqVkA&770PXG1I&Cg2M3UE&U1>(|%PsP7(UnBu
zQs?-b=jc6Zh3cHo+1ceYxSV3u`-NP;A9Xg*`Z6g?Wu}uOK~W#}n!#__)A%oSCV<xy
z@1-T+3h%t3SxIA&5p~Knq)<MP$A{wc_1qt+_KLseNVl}R-maq#Es5BuCQq$AG;_0a
zbF)oqj{s`in`#)6_i0&!<1@0vew=*$Zt1SM9(}9$UZ1^%JSmx{5Dw2g^>}rGK`uf<
zoNPP+^`v&5`xmtw``z`t-i%oc_e@<KfP)_&x+ZOg<F~9296na0GyEkZy2$QfUy@gt
z41Z$d&vO?&`sGR?)iQaT-LHxC7`}Q10%RoFZWIb%X`RX7Abkr#YDH;p%4ZVa!-J-c
z7>r2{k6%896-CXI$5x>o4d7m>B#YV;bD&Kgtw=NcHbgxjwvGg2>Ca|$Dke_>*tHV1
zeUiEw&-fFW1fuc?|34>Mp!3{4La5sxj3wK5>mfc9@_|!_6eUAs{K<w?86i5y@1PG%
zHdIuuYm(nbKX8qEcqI>$jSB=$xu@gf0+}-2%VOmOR*^L|gzJ1*>C$YQh=m8ZUJZRZ
zz%en-Wm>^nD2akObXN|!k{@c&VUq2>lj&hS)m$(ncew8MqQQz*hu8WywEkd7%s*$o
zGV07hJOhBR9ij~I^==QIM>NCs+Qdx6T8Xb+afDGfSpgjnHH(<H&_}<1bCN4ThkEId
z!95t=vZYe|a5--9lXmij4Vx4CJ@Zu8+tXL{&?AlMCQ=;DwkHQuVjsRr6|3B3t@~=#
zc&dvY)p?leE&%g6xkAsJmCH0S-uEIvKBoQFG+`FF*wZC*<$S&{i29gkKeEa9>|Hae
zuEd(o)$BOTZ$)B_&0SOxm+h&nc?2cylh1NPOLpOFy<oc+zVqw?|5(0F67XZ1aV>(C
zp!GgwPx)B2T*HW+orf$E-Y9NFm*+efJdCGn-`?0)O=YL-^pmQc^-vDrbAXU4L1E1R
z?oL}QoPz<hYOg%LlKDXPxW{%4X>Q8>T0OjVZ-W@hq!Agj!`r=S6F%^FOt+ODV+q$s
z)2>b&+^@B%>JlOAdDqEsuw3`!n4nV+Kb-Wj6M`JYEICF{md$R9oM=gQj?mZQS4~>9
z7Ag1e=lL{enxmXTFS&az6NC5HMP8*39Iqb*i&H;OrGKZgKl-tUE|r=(oKy=ZNyyy;
z8_VJ=e1Vu_k0kIk)7Ubb*}m#Uol=2My+Ff+6-aK&bkSB^LBY2?^xA?OpNp?@9p^rI
za_j3qW79AKU^$`4cN5K;jLtAhf1Z41{-~OujPq&VxeGg7O!dWKL}Xa}(+x~-p^hK~
zX*=Q*{s#@^VCjNI7kR^dwIY2XS2pbF89oI3wT?Ei?beyZqllTpo8;Y8as$X3T<$jn
z=@{~H^XRLuyk^K82Gc#6as`k$a~XrxDsKW7K^^an`KCly?Wv4IUJkm}*NVpE+83Aq
zn0tqL!D{ML_x-u6*+s>6fDu-C8YQ8M20_WrBf5E;Q6e0xnlJ5VK7kF2PnJ>atA+K*
z<eKV5Wjb!7_*o-U(j!-QZTHp|<W8T{?5AbIZWI%fuOaBYPraF)q_%V0lS-hMFLIp2
z?nx)x+dtRo)d%V4F<H}d*#oafT$wXZ+`d9}`9?n;cJRJC6Idj8zZ;HvP0`sCF6B8_
zVd9mK{n`fRvn)9+cWE}yaY!mc8RaN~uq?kN-sxc9lB|+?{6v?-^9<iC2tbbg8Zyf2
zWH!y0KYKW`SMGOUV-a=7hiF?JeCGWL_$a{RW6-a#59bo+12VFpJ%#9Za&Ei_>#Kwg
zG3&&9AAqPU^b$GE=d>?G!FP3D{iG){zJM~}ZUrGEsdp>K$%Nzm<L6+IcLMVc)mKD9
z&q#wwaS73@cyP7rgv`Z^d$+CM&USeGZ*L?{Yp?1_)BA-lRPC%#w~E!SpJv$^WPTR~
zFz;K-cCDT0q4Zo=AJ4bqv=Y-V3C20n$~6H8kf_dMAfo!Xc5$f97cif6o_;tac1YHZ
z<tjZ~3xc>(U$`j5FDIP%o#VcY6IUMLHo{hZWi2`2j`qphYMWE~x$vBeo0k|S?d^FH
z7`=~$i~4QSSJy!{5BjFWm_1oq_cPks!od-x2OC$M{n3>aj<09M08>@*8?{4H;L*$y
ze*4}MFVXQSPY8g%I|D+8=3~uR0J`XcD9#}N&IF}6pD`2c>8Ipb_i+qH#_YF4DB$`7
z%0UaF{@mhVzE)}9lH-GX;5`|LGOM?q+olVyxG3bS4k=uyc!HLu=WGz3hf2bM8_roa
zgz(DVH7UZx)Gj^WAxp2Cp&mcc=FSOc%h|8h;@yF2sB;gn*diV1(RqTnaK+@|$0$)R
z=7~qf+lx}@Vj7qyi^SHRkuMjCHF<>GE;E!6#*v#<BGFIuIk{rfq{92@r}w~@``<cj
z>Zgmo=t}lbyen!DdcM?$d$4LxvVLz|_&dNYS*!qW3Kc>;bO$KvdTT%Z@QNPhH8Tz}
z!Mu;4qaBcUvCyhdbdUmCf3u{RL#BtWmKcm69jmvi=qp%J%1^s;K1x@{qcRI^v5BKz
z29mVGK-Y6YFF{j`I(@m)XYwygzArYdkH*X$dEgmzW#n4xyj`=9B|_KZO0W^ltv)fE
z%Aw>f1>>Y-Un)5+@{kzv9pLm+LxyzmwAZ=Dr=MQW_iH{s>(J9gax@Cija@Vz9DJ|c
zpewIohG1azlN_1yWH&WOFgQ%~qsEUA%++yhghJPW_D4gHc;nvP$R}ltIGDe8(1nL*
zi+h7t^IYq0<#x7Y6>c$(xD=wsQ~=++p`$(>iJ8pbl)RiLMc>wcG^y(t!~L>iwB`%?
zy6T92mY<YrpvKVl`$$?!G{aU{5uZ%f&zxd8mkqu?gRk`?oQkSXmd?#^%RTawLH<sD
zca2HjN#}T!?!t{%==7X>XXTs5<+ib|c04*6p<Cx*$1yiLPw1VZgabeaX)nY;U41L*
zQ!K9l)`nm7C*!m604etx(z;(<C}kSH-zUFki2Dc&AllJ{@MN8lnbF}dFzj^9Xw%s*
z%tF5wi9Dy5*N*`I+d-!YdvKAU)J0h73scIOz&YP^TdjSL{(K(Y0Q_F}wR=Fo*HIAm
zx#X~1sYO?XoV^<T7Vxk}Q>LZiZ9SjS7_A(sI>)WeA(Rl>WE(4XFYMR}lp>I5c)|dE
z{2K-zW8hbWOk2v&7gXfs7JlQiBg2V3Y%=%Ep7R-Z9OHW8bMwsOccG4}yXX4*B8)F<
zNVbZ|eA$V&%~Qz7zn=RUGkP_X**tIJ-P1JVQp|S{<UHovk$fdb0{wAPa&$h@Uye9w
zEzlmlHe)o~F=QtMiDkhb1<>LnP<}r@ReSt%K1V~Aub&{{^DZG==>l$6J~#C1aKWqc
z0O%kS&B6mLEtH-;cbslqp(C>_`K~5ZiVp6<dgWf}N_>8T+>5-@13+lsYy;*bpWFQk
zrSV8qJ(=6(ROi6@(JHI1S626+yKsI9G51y`)tVqh&ncndc$xt`kFR4j-gs3y7mt`r
z^<^DkyP}oFTB37l+HRkXta}9L&KdP@tbQP`m0qTqdrz2$M-i`(YZqm>3cs&!)FH4O
z#%pjNJdv*tr8<_-XU`>H>|QwP<4k<iY%9N5J;k|tR3BkH_m#ko<0*%+biC-i&!fmI
zP4^sy4D7r&ea85jpWd$}u2Y8i-lOkJZDhqfoo62m?&@jBuU|pWpoqeK7;vxn!=MKQ
zkC&<O?LFuA<F|0}Ydqfs>3vKF4#SL?x|70ghOttloS)}2zq8`S%La<B%aM>*elaWp
zzO1j?3f)Ys!CfA*=X@`p8!M%3Hlzi+p13K2eYEz@*i#thmv7$$P%2$LPntiffl(YZ
z?%2!-=kex>dtq>tzs4uzD_kRT999Pk{4{+6EWfw;?dk?acrWS|ag8%!6YX|!PEG%F
zhI${Xbs#`oNj`YI-A-DrF}^j_C!nuGeED&?bzLO?Tnq5_NxWupC6A>Q7wsfZeW6^3
zkiT6*HjMZl{XM#fgcx=7h-;=T^%esR$JqwM{jzlWvK14kJ{}Hd_UX)w9@%pXv>zMS
zdbP4q)j5{Gi1--3hL<h-!NFZGJy%cRo-f?$NS$fJbg>OJe3cs}Zo|WFJ2-y)%zcdX
z8(n;g5chP=u{BJ>rW;=*kUu_U%}e)wbB#51%^pS3lX8qwcL4nm+Z`9OIdv{2+~bXS
zt<Hd)yqQ;yC^Axr<3^mPc)`k20c@JSQG64GYI;?vaY{3x($j3{?ZEoz&MD7xopHbk
z1fbv$-;R<zk*0W!G9$Ayb+aXKAo5Fv<_*gx-hD+$j603t69>WTcI+56b1wF0pjzMm
z%}m#z4(!{_{>4Q>b1)X*bkse#$&wn<lkD-trzBkAtBv*8uV2c<I!`e;yaK)u<&kGA
zT1j>a7lB+BI3@jw;*!FBs#g>9;!~8k;Dd*419!)l67n19A6h!hvUqU<=!_3izKZ#I
z{}8MdPVT{r@)i^A$Wya)%N*$Ft<DyVO5a*OW#75dsZq&AAA3u^4dvEtIXm;cY3HcX
z(`VRYdGy$2K{+T73H#i@g?r)gq>ZupItXoUE9t#`O+Dy~=OK0E>+DJW7U9B`wQfHI
z8I5D-o5ymKhWxVVu*Q0>LwDPmpD6kBq-O0vB2!+mOEJA^;)jCUL}b{p-j+v*+&-Tj
zRnx0<*RJhK$)v`(s@w)3F%afUe?~euVey!qe*g#X8b<Q&<0UH!p<E@<q4LSi2=z(E
ztCKcTwMonAv&;ct*8Ymu+0L>@f|~p9)!?KofaXXx=-XZYo|-wqWOryCS=6SE)e+o;
ztMRbykt=bL@bz$(iUvi=?GdKKe>1Jj`@qq{8|Of{I+ca^$@xxyHZHvtf{&9tI+{R`
zetBO>v@P1Sb5JDC4C1SZ_w?r|9ZHX39U`Wyv4la{<b62r6ExIyge@B3B2s1+oJaiQ
zsX|gXA&-Sib5&m7WF%R?K<{D@`}izWy<&EQ2st>7)auD@8WqcGvx7Y+5VnXM`z;db
z#B-=tfbpKFhJ$ASo3*>kIoguHMmzy{Xn1_y4ZJH5M5+-?O^o&(eJ@%n%Iud@?0IyL
z*Hiw<%oR@!o}A6Ww=R;*tIk$lxXw-2N0%?aXMCgDP-3QaN_i_VQhBORL8rUTTs|NI
zuWs;V_I1@N_u$T_`H`<;IYCj7IpQu`pK#)e3s4fuGmV#rHg2@b)MkUfD)AVxX^#Tq
z(%x11PD=Lrt4Dla?V+1UU?ZgZAcyg3lblJw#ba7*l^Z8%eebvXU#;<>>tJkeLrnwh
z*E;h63{Jkgrcd?z*Fa}<OP?O=t(#K>ya)F-UF0H5f;~mV_GLAHu2-Iu>SvnYf|U;=
zU%A)lC#w#BZ&$bz>_X2@f}e>kY{lc|>T^=QQO^>+aZHb%r1L?>^?B;g?1llICfZc^
zI--Sv^V&r-04A9|7+;3gq9KtirZ3s`UN&(jCuzBudlT_$AwHqMr<1<dC;gG<Dy}c?
zeopC6Hu*b`Uf()C=RPouAi1P=KHJF*K?eaRtg3CfekQBqnkKt>jXoyrg76IhWvSh$
zIytw|c5X{`YW78j3%kU0s-g{XE=p&SMbe%z<~pZ``5fO#!BR>u9c1*@tDV!VbJJVX
zU_=`?eKK$H=OJ?;;p;ab#-q$cCI6hc?kCy=j6aJOl%#r6{L*J?71s+*x>9aEB$Y9}
z0ls<y&OnIlmn(HUX<sFPpgWBIna9feq^|f-=U}VlB~1ED$Frl9!jE?F`;W}*0|%I_
z<?!TG9np~35>w7c1k@~#LG|n+AN`o_b+gZ~@zJb9Wyh*qku9xneI~!J2;#g&cJjb?
zR;AZBxQ3H;WwyR<@6HC>F<=-7YkA8-@0{M#*DTp|^?lCzCCzX^1-i{vEqqd{kf>AI
z<6;NXDlj8`XLRi}Jv6UyK5Fxn)a1QQI5Z00BU6&|SQfme$$pf(`m}!%Z5?6b-g*_X
z3bU54=au<79?beQG<jwlfPm&(K6!CRRI&QYzda0oeHtHH^;2S*0>@Pn!+_lfL^+M;
zY03Jm_L$+E3?zYjh=X25%w;=K@%XB%1OQELP3j}))R)s04C4&%z0#f5d$Eq*LAIx6
z63OqQp()8>om~9>7bii#58>o-YJ>JCBN>IR)yxb6;VtL^x9^N}YCZAEo9jx;=YFqS
zvm?^`vGE6aYxsFmLJaLS2$c;$LcoBB-s0+wqT{G7L+$7N`Ft;E@VNJWDVmfi#0lC&
z_oM#YIG=qUp@ixkuREt`jF!^T@h+e&FSuuu$mZQssIQ>olUH|AM&e7?fSi`CdjL|=
zwOBC@2Lzot6rdxo=<I4@@m1Omg}w4Fb1+VreXS{1<MD^Om)H&h;IH1F^E<)*&gNAY
zKGwc*%|VAAG{vRD3W9q{hF5M5PwcH`>$}eHvShR^?{UiMW)&b-v2TVd6lSCp=}Q6D
zyxYvn41M++q8g)nuW{OBXb<Y0S4eH6>6L*vYM^Jxm>Mw*doMh=D)6jG)WZ?2Z(aEi
zIfbq1u8w|9Xa79MF;LSaxenzf#?_^K{Pt7(e%-4aYTs6m1U5@A1~eSPVp`g-ulNfJ
z{30{#JQ0Dwh*LaqlnzH7Z0Bsp0KUWPc@2g#pG3qq+5)FT=V_G-jNPq=Y~6L=?IEqu
z!Fr(mHszlF5+=r^P}9$Yb;Z5&q4{YIyVn&5uYa^8AFGQxWk?xmUUHK9{W$=t(R(U*
zyavHD-2g`pY;(;#cF4z5`wZq$3yyc=__*H3@^nZ_h_x;oenDiO_j=bhQ9c@b?&>_e
zK1-{iNH_9=tUNFj7`xcAdk+D|lN9jTVRtCnqEHFhavZ*PW#x-WH3U7!g6&*xX1*?a
zQqLCy{WWY_u6%LK3UI$Upr-)9B@X1GoHYF`8xSlk(xmvPukaU))qD9tn!wWyk-ZJ`
zh=a?3ucZlwsj+aAjEDj9=S2n@B##!ZRtqhuZOn=C)b)ExYIwEr)aKa9js8^FUJdZ>
zfs)kDLV-iaAL)OBqTW-D{f^3S39jQ3=6W6D$9xn>AOAgVpYPocP2~8&tDxlVPkYx5
z?{g~;p7<Iuh#xEVJ=Wj|cKa$Mm)sKu^A=#=9l3I<AIEs4-H+W}+ChcyuFY7b-NpkP
z)pi{*z6MX7gl@b~_W?#P#CJ-!Xc1q;vvjU^GpFChAc>EWo%dg^Me(56Q`3Vir@v7l
zAEY?vJZd)MVA~R#9SstvGD;nzmYd!tF-DJ^SNMKm<?qb<7!8!a!|Br&CLTsqBMRjb
zWKc)nr3v5IbM@q%%IL!q(djJ4vjTYH%43rkE;xMs1%KJ7w)+{t-bq+_yJOEd=J%ct
zEj$qHv@~;U&jQ>PJbNzyKg{?-cqQ2%;+m{|IiqvRRKP>L8#?vT2Q<L~`qSbaEGPci
zRqk)WWrZ@rxR`kX={LMm&E80Jd7qRz{rOgiS`_k=URR%PzNQB^9_qZsOgdvLX+uf~
z2eJ}1qFt}7-6u}sB77C)CJCGkxnq)732H_0TPUlv>1m#Bc*Ewj%h^Z&^r19R(ltE0
z?leVO07Z7jcM+yI?%{Jzcii&JeFf@HIMn@?Go*!3I_>eed2-FYRu)v<DDTCJPJ{Zg
zHCd@7F5EB37q{n2I=;~n*ewkWdRrUiDpj29Ye`<)NtfGAze#iWdV<1SBAuvx7=Q<1
zggZ_S;T%*YMpe7cPdB*bAtH%MdL?N-1MZg7G50M+5*Yp7!{nYgT9=l!`Z44&Y%}4}
z%dvL^CZ2K#G1{yX3m(0*+CuaAKb_-q?`JX2zWFsmA&h~{IbTcz`H6abYG>fxor9lY
ze>^JxZl@fsQL2)2LoXQNTfTQ<?p|3aaud9-kR8A0d$S^syB+$BS&n$-)e{e30BQEI
zJ+&!c6ZqcGU4Cl%ft>fTn5{kdYU$ySZR$=%xY>Fc7BG~+<ZvYVTOo#K=<slE;jD?)
z*T*0H_++uZyJJJnA<oV87P+nQxFN}xu`U-TS&-oCV+^wLKL*(p=pBwXZ`R_1VP%2n
zq~V>8esU_Y1@rM8g@R*X7d`BA1;o6w2y0!|^d2^WH4ooNwXI;Mpo2n?b=Sa(<<jK|
zB@UeZmeF>;pE#g*=0MlU>*(CS(DHv$^7V6N$oXof6k6lMzkL)3?~+x}&?X2`o>Pu}
zzbWhPQ@+g8`B<-i0S#4OxbHYi2jc@Qf(C2dIGt4z`bCJz#?$rwy@R{>b!jptg4VSJ
zIyW81-s<-bO;tGui=&t8%*NMbbkdFC&U*lPD<6zP@i~QiJ&`_tuC0GgC>C(){qjHu
zHDK8Tc?{rtoA<@uC?V>B{|LL1WXE+JcqI(Pw8X^wAE|?K$6vjO+P*4VvP1xxB#`Oa
zmf8$%OYB3&m_YTpOMV8Ar)DR3G$dw#>s5w)Ypj!CLtPGh!Z0sW+(bh!PSmK?R|9X7
z{S=*44UVRQ<htOgY&w@vSv<)uuvR^GC$IQi`J9Qbp11T3djPi$Ij-yQgCL)L4WSTJ
zBMS2;SSQ~Ofh8f;`n!T<A~3v!b*=H!I-*SydUu@{mruG|Rh{(t4D0S}nivaism;Z?
zufW`oZ3hj1%`Z@%U!(8{h>QfBnF)YBDL2lySNxgdU8aPy4z{xx;ux>Yh#;G%7`Ua<
zJ-(bvF0>7-a=P%)P`P}DkHT~YCCDz%3(P|InNn3*aES+dCcaZmNR;bqet}xk3EHBW
zh%<aFhDg}t<xklrOd-_Iz3ubWz4a+e+1jWgcFuP)an3}vvcIAeYxT8H^?qD~?*i;b
zq`)VNJmIU^XfvK{wtMo%W%PP+hlg{H8y})+(M;Vlx3r)cDGSfV2e!w%w(N>cy68Co
z(s@3wAb*emyYaR;iHcH><zs*r9$$mp!?u{C?>_VB{q_t!57p2s-1j5|#LPx4-K%!y
zd}b{>iJx!HyvG?0@ChKP1}-a}Uj6JsGauw^<usc7#ts2Ad>|^>-0aZam&$RAq<IX2
zzHP~a1~H^0MSMH#*4@I}FOO=lKpZ;v%G3oAAnpYnhk1Z&@GJLF`RO<IpZW67vmM$;
ze1q>#;&k-tbyum%J(e2axjojO(^_pm(6%_x3Fv&202AH{O`#|o%ZB$jRKfBSz}UEj
zSbcek;oLR3w`WFMnwIkPoVNr!lm-y=2#61>7#=vOLyvX6vU>Q8X@sxyf%wjdGf`2d
z&H=Hh2qea#u0#4?zw$p%!zXu0gY5C}i}Y!QMISqAdA5Wn4i-ElJlX>__bL#U=HdhQ
z^nyu5=^E6!pF@^jIug9lWpE&8%1xD5?#omdL5HQOGJE|o<DRVf)cHV_`#NrD)3+tB
zBQVEzkQ~XcUM|sPuFH&W)m`$<(bYkp>^bcO`&mMi!}9xGWeB1uz5KAh7%HO@Az-AR
zP8y1vVxrQULLA3W`F^f}3kJt);F^?xKT^owaa)HP)>-uvLUSY4aiMMJbK|)JN-%rJ
z37NJXuYhp`ejs9ACKf6Q?a8~^QaV8(!n_w{kS+1<OUrs1cscR2ro0Cf;9gAqR1b`8
zuiZ?FEq_3(`oQ2G@5#O#tbHO%jB@MJ?0u+^<;=B*N1ZB~K40vsen19D9o4U#kU+k{
zPzn$%=4u?C-@J!>W>EeBSHHBqgk+s<oC9To9EdONT^&vJg-2~I&Sz8bc)X-iI)%Xy
zy(_Zq7>P-~QX$CdhMxBXEWOJf8>+IAxS}?hJO1u0-g~?aTM2ko=lx@cWrVv96yi4Y
zY2uXNsta=YIwTxRu=Y>>Hse;Pb;T=WgYPj6qySYws=r-hM5fFs9t0^oCN0j@a~`h&
zlzSBJZj@f)g5fG&S}W_f2D5#yy~6w+p>3bWS>G!O(v)~GGzUOGFVg!B_<0&w!_8qI
ze)S_p1w`|FZW||{xL*PW<+1scI_ch`g-L!C5rURr(opLj`Abne{&wP@EPUy<;Mf#A
zNc(c<cM>|m_`v@w-iQ1|T-AgrNBmM=7G3MPcL(Khom)nTP<qt$F+g><6!x5R8U!xx
zA!V#S+y3d%!g&!p{x!UZ$1A8=fM44KDn1r7Zd}+m+5HX!%3E-coS|4n?LEZb5oUd2
zCBrZ(Jy?}K`b|;)GiN^JPy(MK59oXv?VJL?I<%?`05Pr)BPSF?JGPw#wn&KxJ^1aG
z&wYriKC!9?fM;wfvBd#XeQ?-<5P!2p6sgA_)&c5-qilIA4jIr3f{m~GR^}N6dJp}Q
zSe1P9qG{1F<gyXB593i6bOeH?jmEx3G`Lonj}`!1+I1{jK$aUy-lLzOHj-gA(f|n)
zRnz<2JsVhXVkvNvoO~9L*iWX)axdu(M^`6LZafct$T(G9NhaBY)9>H-eK-uQa_3Ze
z_18Z8b)NW^&IPum*wJLVEx@sj24^uM?{zly6~E}>J9cnp`kJg4DPdJDo<l%rJ-H@|
zO^1-LsW1>6Jh)fddLd0)+?qZeT)c8=u6U)4$JP)$gmkVXp-9(wXrdWlVT|<1h{&Z3
zJ#}j@*$~}2<Ws2FkQFhnT3!s@Tc!v0wn$m0FIKkeJ*<8eX{V52DXsI9ZoabDCm|7$
zwM}9Ao<rIhehK8Eim2W1wDd)2-abUqx8^*WUv(?p9@DQ4;9Z#7YTN6Q$njF0z-jdK
zl4?2l^4Da_;kge7p7M0Baw~RE4Lex@Cc4f#E99=RpOW#KjAxFYeI*QP*boC8{IHI+
zDO1t~vgYplxWvS(Fr@UDVMicvfw~iWt@<S`@5|z*rAv5rKBvVxr=t1tw2e`GdmSin
zoz_9(JSM~o;Cl~D=&{{LBlq;3@o6=_l>L`uYy9oqf9UZ6dWB^d768d2>F~K<lNt`6
zJf|=pP_T!?utDO}bLRJU%NZo@iwlpFlKseNr(u7d=N1vDht7V}1s_8@{JC2j9jNQg
zl2dtm`w^fzo=G4@!4G%3xC&)u*NA)d)vjiL;61qJ^LNu7IS=svoDwpHzShh9Od}t|
zx%TgVq9Myx!Xu<um-^Ao>(?H3J{mT3S1$^GJ^+i~R^#S*dD|Q~PS48r;k{1qs%k7j
zlH2!lAk`r-J=j0{NjPi?7vc&j)vePa*MR4owWUXJqsc_IRBJjUg`~p0_Cd|VlMTIB
z77l)13EtD8z(OG1EuuMxiU@8O?5jAss^bq&!jb$0jPJb<{=`G3L92Rh@i)A=-cW3+
zZSHoaUFP^*Rj=$dg>Q&|9>Cs{y^kX?cko385NkM(#GV6)*hkH*V5vjqs_M3Virn&0
zD&KpAcIC5|#W~YtFLVTbUt#q17fQk9dgvRnd@S1%e9WL|Fc!R1joL$;9>Zk#IvRUF
z>4#K)q<TS2<+BDxlt%-WrOfSSK(-ulv#s_NMcs;Uc9^q?t%YQMP97rjs3^{Zle=*q
z0Ph>0I@mE*#g7lZmu`)Q6BusivLE@n#CE>J4noQ%i#Z<9RiZ{Dk5`S{iU$!WX?Ie>
z!A-;qzw<=Dg`4EUz}xru;X>cZt3PW7J7hdNpEuhbUHzKVj%{cryAVrYD8Qb&U&k%g
zyt1LLkYB&v8ZSR^$OhjofgO%ykcv%z*sw$>6~&N_;Nav5NnfA}W6s2DWe<QfT<ELG
z79p{>ZhD$`=?15X`)6gRWBbzK!9=KAB63ayt8)=MAB^EEuP7AqzK8G@(o5kF)gj!S
zf(B&nZ?h#~W)Je65G19A?ht>N<4>gdx7$B=yjLsGaH(^B*@>^$)FHFWSawb?ZJ~jj
znrWSTSzn-?xaCPq(9Jd17n1fH<mD8ZkF*Y9<m^ldnvn3);PLqI`V7!g^KhP$2c?$t
z*f*tPf!v}YY@Vv`14f^pSKi0cZ}2^erdt=z>4y=IS{uMI7-*;i?FpY@zc}i@Ps~F;
z-3y@kwqmm7YEOLHGYfs2?6BA=7P>FpKbFff1hq&v?Y-$a4?c9FcK|3fc*_G6#cQBS
zl=NaT2XE=#V3J5FhafrdxM0|Y*ki}^#>7FyqMLWgy5P)i-g~}j;iZ&@Jtwnunm@@>
z_Rx+tpii5vO7Sti{(8Rcvq0NyV2ocs)D4dgV|cvH?h%8_a?VNu@TIT0i$V;9056d2
z+Gt79i-Jm#xVN0%fBm+QbcE02*Kqr+$em1>SBK2dd>*2p2|uW*3s<t_lQ)h%c&Z`4
z$;46cl%Q64aMgEu;Khs{iuxL^g~iX--8%O->w3<G)0^F4*s(LjA&?JUYn}{#Zv^dL
zhph();oHHSP+lUci^o+Sh0%icTD(W~uDK%lVay1D;WjwIgFQyZIFQ^Sx_mARb9{Y^
zFRvd5oyy_<1akE-A9zrdR1tuO`X0L2@e1+HGTY{g7m#Q+{VFm)x{9M4ue$IN)ZS&n
z2>PZh^GwMM@X~qQd8(bAbnku8i;A@-nRNUPw2K$O0;Ti7TqD$c^m;BNTLF7O$Q8i8
z$G*8<;)@aUpkv@&!?`8;pwO#KuERBG?KOKnEv)(uZ}rG3^^Nz^4sco2ivhTO&rR#E
zRZs0a`k&WjZ6J`(eYmpMS!9>lZeG1`RKbKBGju{i&x+eMx^PqK#fE%?c4u=69c)_F
z>}5w3%1wU6NC~Jt*^L<K&+a1q^9*QkRZf|8p~zz`7KW*3ZmbNSCQa@fZM#|w4?oQo
z1_H#<z<lu#QhPpDqZ*K5ddQU@dm+8NarD}}+<K<kJR(+w&p~uc#~b-5adOKgIn_?0
z1t@;ysPS|oF<sq2-@2_W*sHd=1&1cC*lwS?8wiUUdCiMwkH2C&_gwPxPt_q)$>aOd
z!r^RGhE}O7$bRKo5QOa4^1$<Ok6pN;S#ukNG+*gm3rdm~8gcn{4%I_(JoedJ%E37A
z$7{?c-&X4`sR)g8;>cP22#@u*|F;8|N8kH-C{D<02hF@j;1so=8uqEKTUR>A_UL8f
zI7-x~K;@^l`I3?0UIRm0Z%ud02_ZiGYS@O>L5kvw9<7XNFGS##DmgHFa#SA9S3Y_B
zGBN^~;n7#09*#6HjjW{_Rp1p8b^4?;sdqMKkS5rpTxaw=esbay@=RsBx^!9`<3%O5
zqa|mDKb%8zz*`-)#PZZj#&8GQvQONXZL6b+2K6mxP)#);A^CdIJ~gBTxh)pppPVwc
z23Z~D0Q`DDUpd3;b9e=;&qJJcSu2hNZX$mhETj(+R!5Fr>2eH>IM-%g$^;|WnfMBb
z4xx-wKwluTSpX};btn}EoX<jH1lyQ_@7&MCSWgwAhASn|m4jnWxAinn9(n(d?%sNt
zD%e>AE{?XwCq(boO`sKPr23F%N75q#cJlGL1-x7L5xUlO@B1>)={iLh-gQU0Z}-J<
zhk2F3R@m{LBl^%|<s=93eII!E3x-4$E6(Gj*cj+@anGSkY6y&Hy!g6r906M0kVhBy
z?)FOxUqcC+snxZxcM}v<a&oY)njh+O;>v07_Xxg845WyV`%qqdCvLg$u-hiu^$l*k
z_e?D9S5v!VMg-{&+xatd{&^atq*uMsQzKOZP$Hv`)&h@&iiTgBY@RiX@-H7nAHs!8
zSRs;ciJ~-a;}Z4qmL4gub4mFssKO=#c{uLYXnS+Aekw{D*uE<-ZKU-ep+!8B7EP!G
zC9hJ}$gBs+y`STo-s%V6PL>woGJTq{8!)(HH21~fuN&;U2NoIn=eZCW?CROWXQJ=t
zxmhHd>ECg<PHa#iFv<INHPhs8V1BKGkG`jJyY}9qTa5Ke`4OYEd)StbK)&U3xXxqM
zn~yA$%L_FhCzCy(uIFo*(~IWl*qO|s<>FLu@Hm}7pfN>6`~~=9cA)bX=A$fX>+xRL
z2$JOCq(^AdoveF1w^O_NUCYZPuu!TN>LPrDuhP<Z>J%Hu<7pFSLNAaK8}smi2BPo+
z@>J%|mp##iWaBh13hb6wvNmU*_0MBs2V^2G1fzE;y?i&n-l4}S-mC4R8VT+y7OtTy
zW}T%V;FAT8H53G}k+H#IVcv~$&!?R0+$WF9H#_p3JOjo^b%Bt;**o<4@(n)7SU{sU
zPj)O016!GtrS!dSK=+YfyVUE)6Do9@uC-E4;SxVa6nPOLU%CVd8^!iV-~q_=wiRa4
zRjz(?JptOnK*nvBkcH6q(xaBa-`+(;GBwcDNgcDec7u8CS{}6_Ry2Q~wTmnF3g_2D
z{iyZ;ma%Pyv?<k@Gb%N61zN}!a1xV=@KHirxcHt8h7MEk;yGMx^p=}mo(w~OMSqUX
z+_IX8wTNB)dU%_$<`jqM<kc~_7IRWwQ2Do0OgaIb$Htm7K9>_ay9F>7aq-N{d6Gw8
zwXt{QypMMbf}O@VYdtd!rqXuTTJIbT{u<o-lX*Vu!*0<6uLNor$%vWOaUjQNnQiML
z3@he$vA=Ss{dq2=f~mLoQyFV(^;SSslU0bb^$^vS+YDk%XRGy?`3q3Iamm&)jxxX1
zcT>XCj_%2CjbC}_fws~78xRgEZ?<nrM>^j!mY8$2v+xD+^agy^?+EnBi2dw7u>`oK
z;xxTXHYUZJ?}5p5g=Rkl!s&eK*4fA#?!8@?awV)QAT0ikJXI*Q+y>SR0-`FD(C9Ii
zffq_(B{s2rj6*lN^T1A-)}tc}>G!1v{JK0xsbu5RK@^4i?tAE9QeOHD7=db1FQnv4
z*YYXE^}XNJ%_r6PR<x4`ywL2@2YF-YY_h_P<Y|eOGo8kunS0dK38eYcHZrqx;c351
zLwjj8<<5)JhpImzVvhrI_XXRb%ya7;U)UYbqotQ5z`hMh!}qk$T-v-E>g@TxB~q?U
zZRj}}13}s970Cd6jzXgcCVLEMQZ}Q?z8Y}}_zTDq3~IlcNh>#N7R?hLQa$O(lK9rl
zfbU$9d-kAmQ`IZ`Ko8pq7hg~c(!rk+F!?@khA<kdezbbu`USQK)d%+bOYb5FPQK-A
zkvJl^LW*Hazqz%fsLvhWykR8r5X55JBUeR9my)~+-@^bt1f(?%R>i8Uti(0yb2=uf
z4$XT?j~m4d8`(WWne|rUWBYF@quzF{1TelQZ!+sksUtF(_g<L@4pJc+Gsrw=l&<Ez
zwkDp#Jh|L@h|&Fp(&X1>lym9ELz0!pRZQWKM0#Z(QV-^f6;^ZX7Q=munfzSmBclt*
zxfRoN%zMu#gDgirw6d&)Tuiir^=WBZgVHkjyGgiiyYAd(3J*T|OKw(`#;BagCh{_0
zei|2>$`R`(HASI1hb)*!b)5RV*PT~;ZuKPVg;2r|6xZ1bPO?46LVK{$>}PGt`vS`M
z&%RCn^MuGVFBsikPnytbgyMc!5Mnp@{bRitOuGnK<MiqC_k{z6)hE8OX>>71Y1jyJ
zoaLN{uMhWP`+GBjFPr5h!pwN2i+vU(7vG}|_WLbpK{;Gv+f%1Wl^&dmK?|Qnt_@g(
zz1yEgm!FAxkH_tsu!;R#Rx@d!qwgUAhjhrm*+u=gW22!aCt=iRKt;h3=!UxIf+6?O
zJ`H5&T>pSDef;EW4|Gu#=Q%TQdc=5N@iT3_B+jP;hhNIMoD7)z@~ncBzdwEY+ku(^
zJn<PH?4?L3iicmQb6iA{^c7#=kg8xa0XmvK@^y}P&YpWd(RY;XrYHit<M);e!uwA_
zqGW6|u0mc>f)DJ}gJz$?TfNWUlHBY)zQQ8SpCqB(nC?gsGbYo)(=PStoAD6hP4Ir;
zC$o==ULe1XnmP*38Ty{@me4T`8NWI!*ua{0cxcLw!+f)}M1Jqwyhu@fVPNE%p7Zkk
z^}J@D^C<t8oU61CNNt|JpL9Q6l9da9DN3bvhP-ZZc$3ccM^?!_cV2zG>*|_$GTW?y
zX$T4U0j+#M(b5)x4X@~9%>}DqBy_%BC&p-wb8Ne;-+R?VXY4HV7;&y}gci$+$U!GS
zIl=iDUvA5TZvb-~dk(`rMyzK25Yp9syyp>efK{D(7-XtnDuvm{MjqlV^2B|VJdsoB
zQK0G;`#O(V`ID~=Qx4qFV2etw(yALlhL>07=FHTEDyFH}9u>bZNv?d?@9|zrWZ}me
zoJ<=Y;(v%JGbSkTBN6P)`!GTXt*GnrOIUDb#||tUu@@G*aXiXajtic<g?>NjY*Lw?
zx0Jw9$dk_PGzr-Ul(BPPvWzQQNMtA4&O>6}2Zv7pIsFXR@Y9l}#F7&FW@fI*C8obL
zIwJl&D-yneeg~k?0KZMN`;kcp&hF177rjNlE`+8;n{V&l=0Og>D*nI-hlt>M5A(v^
z`yF!b9C4pBc%XRCc?<C|=!-3kqG#+L=l2DC4j*~d78kKc7DCE+u3V?beID%sHw#t|
zRl|*A{m?BH#q=C~87HCRy)yDiA}UEjJOWh>3vYezKUI!2LNWlw_d&E5kaH%XU-SlT
z@*3(scC#lN@N`}T-TPL}+=_h+M2;k^@G@m3ZJMV(st~Mk>{>Y55Wr;u;dLAYWF+&h
z2bVb<_WeORqEJIG>9B}9C4${lxp}_x@1Qs?8akqLV%YFAZx~kihSt5LtlIjkLTdgA
zyY-RqQYbBqI%a|OVG<J0o;V8UT~y=)33IO^&j{}elA?knpkNrq!=iwR!`~p8HGbYY
z<}WAbiFZ{Qx`+CndtMT+$6kQvvMwx2xg#!HFCvB<YC-i5;Rg`;zG5GbO_0sQH5%M0
zewXd!yT84yV!(3S?feYN8fIt7PAz;MZC}$s<TtqB%5}YLzvk4X=3A7ulj;DIMYC7&
zre9h0KozpDw>J8IQ>!2+u3r08K2DyoRz7mC@qL--7D<0*NBk(#F);Q_wI0%;t&p?#
zd@de1cSk(Y4(?@^^_*f#aX&(4=U&o+v$+)8n9ZNRE!_vJ@=~7n6GJ>Qoy`Nr46z&X
zn!fahhj#a32b_k!RpeG#Hw4Qc?{ob2(CWn4H+;bYZHn}`CFoGqD{P3#))|?J{V6q_
zUss@0N}?`wTOCqRxt#YQi+FFegsSQS*joo>fiMGYaOi+u#g)CK`+jD&>3;RfwRJhg
zK+C_~|C)K3aFG;^&JCN4GI!&MvO9eX4-<|jsya7LE6S#~v0tdG@V;JL<T{K`9=?B_
zwj;ow$403~BFa<o^O^2gwcOEHJ&#2DeB=220^i!-Bm6-XKR4Aj;HvK@8(Ot<6j@dG
zE&IunsFy>oB{w@$ap5D_9bK6rL-`Q9&^;$x)p1MbKvrPmyn1nW)Bs!TCCKkwsmfa)
zPsLkDOf$LUq6os&<H+}#Jtje#))2L6AJn+*EWlUT|0(QY4~CZmVeNwpd~aR=ejJe^
zC2MF|TH3CNt{)y_A(fUg2jg!H;Aq{;c#o7QsfhF)3%VjlB`59;(PMdV!X##op9Il!
zf{67#F1Ewh{AZF;0m|CDZ907WoYd|-PSy9wa7k5974BZ0N3XK(cd!Blb#l|c@g#M0
zO3!eRl8skH)jHNf0ElhCY9$&jeA4*ucHT=nH)ir7+@Sf5gIvA`4&Mjrpi=p37dQBH
zi4pyA%PtZTUb=c8Y<zI#tr``t`Q}its||vJPkvK%DtoA3pwkVQS3#8CLRV$i^9a}4
zwcq?TzXVLt<CWjHkdO!#C|ZXCJ-D^P`uXY>v=G|H9uplavF>k5((>F2L)i7WS6|7e
zm*XG7Fv&sC@iX6%Xz^Y?OlDAzQptn1kH#~~#T^3>>FPdh-qO%>3gh;U9N7f8u(a`s
z*FQ!hv#ldgZ#BI&HjW*cttGq&J_)A}%?Ttq`NGQ&s4t&hx(7&aDfe5WRDlmf(#=En
zTD~8_L{{d<UjCEE=u$H?Y#K0<<ZGJSCCj6Cv(NS?&bWNA1*91~Cvi%~Xh9(oQvLrL
zCZKj{FWTYrA%g|3RXhChml_zYcMdF(>4(N`;)>8*jK)K$pShJukL9aE;<`xgq8TJ{
zjg9G0pYT<}wTrrzSM0LJ!{zv51;s(bXooDMBI$Ctn%3p-9{tW?5?3CH*q<BA_?Qj;
zokagUL4xHhSde2J1<+HPZZ$}q544q>uE#ZCwGRm^G_Bi89Kb8vboK&&awp$8bpJ@1
zXxgg*Xd3*gBkl+VUV1S7LFRo6DY5W<A<}#K_v%&7S@9EyZ5V3lTc7Yt^(TTL)$vk3
z={XaEI^3MzC}$tlMD!XwhZ+vIB}}DcOX0lR&s=$#=$~gvhjQ;>Kt1$swF~c!IxjC~
z8TZ_LxEfHclh03H8Y84+MxZgL4p53Duk^WAt6D`rr}$6Va;{x)C%s<Lh{^@MUi_Y0
zrcr)+`(9l2z_|scRx=FZ1qmG3%;GZ+7x@^Um!qp&Hx)C5<?B0O#!THvF`C2IOkYrh
zp;NS4!&}QtSP%{tDvKL!u!@+c>a#Gg!(V&o6>vDl&@Og?Rv8=1acY={H%T~d<Zfs9
zq2dm?iRFdO3_*HVT9e~zt!1kLtrKM-m>1q>;S7p@Vqjt^l!ceD4vKilhr40ivREZw
z?yrY9<PJ1GWO}c1A$*gccJdxEI|7iyHz#~jhRy@fT<p4PHe!TWZjQNW4;{YzCW}O%
zr*d^hUZ{*P?*oJ{f0u`uPq|(98MfInN7fR_5VvzGOyeOr_@=I-v|+C+2Oow9<=X-3
zvkG*XwU;Sb9imND%GKNX(FWMVzH#<b{hI~{7Ri-hw6L|uy?Y?iI*dPc{C#L(2>4u6
zh3&yOSLqc|^-o0U0x?diW_j#OX*-{@2!FbAhK;MZ2jUx1Q39&Cp|3o2v+d2aaBg|H
z_g#wVleUywk7ZY!dXU+TX%+Ibxs9Xip;>bluZH<6y-59ScN=xeDZRe8_yCoMJA0Cj
z2f)?f;1wOpnFq=C+upj$ua<ufijOG<KQ=@587kn#yYvl=^F7H_vxg&20pq4%Q@3CF
zGmWDDjYa9Ugw%nbIkc|u?YZrP-Dom~lb;D9q$2ZY2O1A#lRJUMIlZZcI%LWiD0LL$
z+TlrBe)JlkY6`20CCi2Oaz$=yLHfLykHxG^&QZ#S)P74zWgfpW#4?TLJ9|#r0o1RZ
zE&J%>S#S9aKNd!h;py^hiZC3G>|M?yO(|H-Gy@_k@K0-US<v_l=w2~(c=-^=VbUcX
z6YHTG>{5<XR+vdSP34Vu_cNuwmmiz~y4|0iOHplABO~smz`e)r3242IpQ)3SV6@xR
z*rWcZ3BOG~r*As|v7njolLxJ>utW809W(Q9!~^eul9lwbT6~If?Ik>Bvc}o*xSO50
z&BD8DM9^6W?zz^qFGjKF#dUo4@a~)MN&?Z3cHVvz3vQENQ05Y?tU7|9{OXq=RN|Ca
z;Y%(z!Di0&K9(i-Ru1q3HTeqFr;=hX>Ck%iBM<TNkf+7ZZ>s3LxbDxV4uf_pFA|F4
zOWvvTiGvGT@ddyKfG$T>_(bN1RY}?7p>C12dbE5@b{5WCsQUmoaFj2Le&(82kJxoS
zCnct41j+9w!BqZrD$o>KxIHA7P-LH#tYGiehjGtaZY;g^ATV)qlo(^_H+x#;pIOT_
zbc}f%i2VI2_N_WlGry~p4!M`8D;k0z*x#yRNP=7Eu@M?*m_s8lYBx3QYsHEVmsb8<
z&5e`m9t6+}clCWFs2o0w-G)+O%d#9deLE$Hpj?~!XhkdTRxjA(DLtJ-$5IWEuFCOD
z4X)cC=gc+7bHuP~tsLJ&b7u<nG`zzPX8WGpzG!#IkKYLqpO%>-#qP`t&Ux=A+mRH~
zMtVNmi*p4nfIZ8g10M9f!mo%P_D@_;WSjj;#bjBY=1PCnF+qYKfR1qVItqZ&77$!G
z`e!1gKhKq@bjo_iRb^{qw!ncx2>p=OWLoQF<P3p(F!j6`NNoI?2D@hr9-7{VKZE>p
z45QCLNCwX=-6?fQFCZg7AcCKzS1y@+E_l&FuH0BBOZ76GzM%9l*b$ZcHO49qzcgKQ
zU@kd^?*sS(SjQDM9}wiBujMV6{hoy*FHcA1<#DoHb-9J(_|IviQi9&h!?vjDQfrFo
zqMYq8(I*sq2DWbGxp1OF4k~@M&YZt}lCKR3D$mJ>8}ossaenY};&Piyji){ONxXUS
z6=zYC<)mBR*z^H`0Rd2VSEwO_;WFY{L9r;uzGo*+Z#Biqu-dJXbU}Q}gaprU<=xfy
z@N?Q8cs&n4ecBg~YbyvHG}meFevkW1>1QUi(YknB98-|ar=LaA<A|kI3s3~i7-_7#
z36@{q{I@-4jdUK=RXn#--s(d+H$LA`iSPjZ8s{U%`ax@XzzFl@_MRv(xVG$2U?%YO
zZhuoqBfW5<MbK>d(ASA0;5)mMFOS$`H-`z4aF>Xz&&wHhGpOv~&EkM~1b>3r>QFWM
zXH0S@_IA+0J45GHfmSmj)avdEYTE29elW53K}^({4*X2AUHR}5oW(R1V~R7Y4@{Ja
zTCjy4xfRCE#&VeW<$j=pf<|MPM-xHe_OLt>j>Sc{&dnukjT}G>46Hn4wxib&j@%xN
zOKPiX(`N|dCduQsl64a_L5zLqVL{q&Ta7w`Q%ZBbZf&?^uSjgizOP1<yr(*EW%Typ
z0(t1w*OiMN(GUGjn&I7x&DuTQcnWO}^zGg|k#RoC(4n_qBFg%R(2IYb<hKyE^u{Cn
z`QSB!l=pZ=%^4+`m9gnAku%(TzOL8DQYS7V-aH#xB)o}OXLh-k(AypS8~`1C_)Mbt
zVJ?b?1OH5={O1u9!aUGXpC4(ZHYnvX*B(dIPig^uIbg9WC#4gTKBa=suKqBd^U9gT
z@pu@p+b$^yIo7pVQW19u)g(5M3;keA)0OUw``G}}!~T%8rd$T<+H(j?rW|Rq_buE}
z0hT)}@~F-I_NR1ar3N`1x?dTfmt6q42AIi@_^JC=ftcIFa~CZA#69`%!zQ9LFb}_=
z29!~<Nq{9n9`duX_Thpqu5*_|yA{kQ=21sXU&r8MM_6%ucc303A=4?p^w7ZRhJ|}i
zu^Mp~1F>U9tpOLzo>n?Z7NIC25d>#GC5lgn4#1CcZJk$dmS!0c65y3F259;waiM+g
z1Dg(mb|e4}Z?nqH#vinp%sqJdGpoQ=#nYwKXA0#Q3oDPcl_3i}P`8h)*1b4&z#2fY
z8CfbHnI2K66$7vwU8xt9ZqsC&%>!I~xA#ocCkU-C;wK(x=R*T*BVJdnFMFP>^MKEp
zZ=k^TYXQ=%BNuA$Qv|xY?zqag(cqqQ2d<CX=q*%8a|p}hp|zh}JnFl_iLO+HN$~dO
zLwl;<`fI)LI29oHrAWd!mN9<l)2H)WXaeRHpojIq(Uo(6xH~t_@do>*PKT5kF6m8u
z>^|^#l=sb4VsL$w7Cwmr?znesS&whNpO7!_$Hb*kMQb=}mo8{rmz>>)e-U1gMGARq
zz;0krx<9P{D9zqYD#v#-?9k<EQ92IG*0oHAIk;Du2~K*2J%aghx$6Qj6@_;km|EkC
z9S9P9NUP?)-~LVfdniI&+CoBO!J?O^FB2<rT!P)~&p8H&@tY9xBODK$wI889a%y?b
zySWGfzAR9Sd#{`M4)TLYPHyT;S9O7#j@G#)(M`Q0JwvL)1Q?PE_?S(QkH5g`8PBCn
z7Tc44`4I6f^!ziKo<9$pg83Ck=m@Jx1y=-2Wjt5Uo+JJ_c^!ckh`9i|-g3ST5f$u=
zhiA|vvl3c3)@eW*7pTu$v(n!pL`OnUEZoXI_pvTE$E7JPbU3tt+cy9$^(3s=*D+$Z
zYc=hDy2{rM@CPe+gyx}#x`)28DCE(4#4O&0Dd7PH0Z)4X6T8T_&c<hbcaRnLpDK3d
zFCflmZz=~bKEgfs;PG_W9>6QKwU47%lW*LmdW)=1y|?^uxPTr90FTv+PQ<AXaL6ow
z&h8DiZ#6g(ockzvHS_fyoeAHe`=C+PkGjL&cE48DW&Tj9#9L3Q;WNTe1DQuLCr(5d
z-VK(z%U+s(cIe9l_K0$P8Vr!V$o)C0s(jnAjFusL^DZi%c=&Z${5E59Bt5K~PFM6e
zGVvJ+-#e9vJ3|GRlOE^4=e~*re#~fYoEIXzA{X6jyu73+Y!B$A@&k77?5yo<5Itm*
zW4;jn<$ZC|Xwv@V5ySn0&H|`l8j8Neo@3(g$IcZ^6WN(L0t|Wja5{~M0*v3uACY3f
z(?f5ySu$LOPaDEGY5g&@M?mkZsE_?#HaoVG^~e<@Y>LMrsvCOj^3CwzN><cnZ<HPF
zi#N6@^^~F}x2(3f(w)7mOOL_?BI&F7v+qsEV|AM)cqdsWdZ65=Jp{ph3&uvhwu+gC
z9>P3u<<lnbR#Sn#dsO26#SZ1<r~G0)_q|24i~Y*7B7AP^Xly3;oc=k?s@b7O$PQi-
zO^@Ar*;TaI&oAn<`V#<1LXdt~rkgjE=hAdSag>u2U&%v?w_?sg%F0SJm)of<>8C!!
zUt|Yiys|f3FQ*yqiQ_7a=0yjR>AHR{d@8T1w!gm!H-QdaUE`@wAy8vdzd$**E70lG
zoj_cY+{Yzj=rPOj<nh1L>7U0=>z)PvHFX4khZMa<pGdi7g|&U}!Y`XEb9h)jc*y~b
za-u)$1=T%f_JHZF1=Kp{<^3@BJ)|!sucMNFvlaFd&s8j=sa={T2u1hzvdM97mh6jr
z3_^E20*eYvv$AJIa(o_7)c5+ZK!YmVqE-@g(d@3bLqj_Y#x3S!^Ev*$_`xnmu!@qM
ze<oDMol?GuPN|bQxuOkTZE@DlTV!Ib(M7!NpX%hb^XO+>`wSg?9wnhluF3j@!cp<s
z*R0a>EkviYns90!YwEP{rX>xwycvvf=;%=&)oM45Bn9`c>5~r2@Z@L6`RLC3F8VYN
zJ?RjK-M6d`hG=AQFKy##ImdC7&lMfKOml=Yw}^|tT!1j(+d;o_{>RvrB*~Ja&?_+y
zOOW9HM{1L2FT?EDwkm&SggbhJgdQVLBwodP`q%_*DyG-PwR0ITB-`zrJNlg5h5%p8
zIdAEAU_IA~Y?J|T0bq}wz28X|$`vNrwM&ActfR9m7^?dIZSgtBW%s>YTUm4{zV|Z7
z#ruH&tg4{Nz`O^jugID?d5z2ao6b?!;w)(`+@~X9guL`AE<R(N{YXB(?SXpyPs2tQ
zbgf}7y!R{La2B=2T3M+lHnx`KE3~2zY<U$?yYKNAoz>^xF7y~PvZNv&vTM&RLG@)S
zm38P{UE!mdRTm%`r@lFoq0e*l#7W+Kf1)KB1HWB@SLx4JJT5f?Zv6IU;u%e6`?erX
zEANs`7rPtD!RI#v+AVI~Z^Xf|4AvWm-$$3}1aA{i{;U9{KT&s<<%v*LqHB{(mKjw`
za`E6X>SR-j&#+bY^{=V<jIUjWtdr`8`dO;6o{k1GW#1>Ed_=ntf)~F&?sE&ZQNr(R
z?>GJ&OUvdq-#s4OLL?4UzV^(1%Sha^gVpyYh9bQm`%cA8<muHfy?-wyJr%t%&oBY0
zXvab0pMa`A51{tTx4{aYwmE^&DH?P-wzp_cXHqL$$hJ#dB9jGz%bf<N@mfDu6o*=+
za?g|#GaRa_ERs3*8;-^HZHGLWUqSsTw+>}{M#pK+00ixT>6cX*`3)tWEipUH2ZW!Z
z;1qOF=gcxLPRghKM*{TP86LfGA<cK5nYFZ1GhR7$5<LN|=uEq+&~?2Q|Fryu-*7V|
zvep)$#ji8x?sqR%E@E^_o~S}_?&yuuTgz}WfbM!f@jX^qIC=XmmEmTHFIUq0O7!FV
zTDHT}_oO%L%rh(`n1W|stw2rM0zE^!K{XUYgXLYAmpP&7O6yQBNAR3yud#O8RQR6Z
zP=BnoN!Iv{iG8mN8oz14N+lzgh_Yc6TKp+zO&vACFA;7|J!|v)p-Q=^zB($zdS-UM
zMqbOIeTcWpnxX<tooMjgjw_~bij|?Q-M$;wW-ycOOiWL7KmCmu*9qq7aaOjii?D6P
z0pC2f3(lq}PoQwfdvL(H&k`M0J44@9)bsSepU{GlF0P|}ya~rz%@-eKUM;zu${Lx-
z=V76=H$UCj#KIBnOkOh1-kQ+)Fn5sbS%G8xrA2}qrnzT`zPt}&%dba{<QvC<Q3v*X
zX$xok%V%fH#}#H@cmL(OBw8(XFZ6AE96LhvKEc6Y*1wL10_(mH#ws8cLz?m2p_Myz
z^V_|ryss>t7Cr*U-F1qg0?s`p(sKJ@4SRwMpzpRVeW(_;WT%8&=r%UuAokJDylO%t
zK>}H|)%3I>H>0~$)KQP#WkSa5C`}u8CvoMrh&=EZ7Q9~<m(&1!BUyEyZr6DBTRJPm
z1Sm8L^F3F1E4b{zRKmivU6&_Tq&rW}D{2?!8p|&MAQRhh=5Pbw#clW--K%BX*^7So
zRP_}Ih|^Pa7cBk!)~NRLC`z-2plyAi`S`OZwN1e!C9tPRZ#-+ixMDRNJZm>ZP{XV6
zywVx&jhH~jGlrsP`y23{h7-cn1hl2KJdoE&x9SFIAIw|XdhEQVLG=w<J4c`YyS$^|
zy#z?c%b>!6&)^)SKEy-!wyYyw2(Nf#h0Usr-xUtJlW84^KsqQ6Y!I(t&RIV7%yKUu
z$$vKOj}sMSHnsS09Lw)^wF`YJ3r|s!sYRcWC$2XArs#JpX(*3Bbrn6xpYh?{_r4t>
z7`|;rQbelr1(G`>n<SH)k2cqH!gUWA1*_yW*<OAC+}9IK<cq*ikwn=NPgY&)W9LG}
zv&Yle^33I1YrGuLr3WtyGsiwxR3JY2xDf2AXsL2YYpnrN*Q94fpY82=CS#Z^<e7VR
ze|4{klOr;La1Kd0d<Q!7ZJpbLx=H@}4e)jcetFVY>Ofu2hyUktB~(1OSWQG?%*0pM
z!zk(Q4)_@OL4Zpq7#?94j<{gm<K@B$${^3{C`S;Tx?dwd@~o#sn{PZs!n+ArK72W+
z>wv&itsEnFQ=5Gi1}rmSbl=x<b9y+po2~8?<_b?t%`(&9l;S{4vA=|Rh&=CqWC3_w
za5?kr*}OWB!qS%iPx;J~?`Po_S`avw8)KctUL!pE&5}vh?RcCdmsE0BKrdSpGx;&w
zY&kxV)B;Hq8x1E_IS*If_$H5S(xnYVc*Qc8`0ULP5nb<rPO!DgM@mr3^n8KAjn)i5
z&gKZ7*36@E$qc`9)VTNFMk=JnG=^CF=JtDne9f_P%kt8f&)*2r`o1>+l^K|0OdUFv
zv{Cj%Jw1u?-9^5wd<yPTCbY#up_acd2-cq^2rgK=$rMj2?^xt&s3qiE`D#ZS4J{?;
z+*iAd>}^l<oo~F#cZoVPd{xqaf~x;KlyaX5kj`aFt)^G*8ST_i*mU`Q>oXnrOuw;e
z@HeTQn<>;#88^VQJ<Hx_00%{dutzI<54s)D_?j=W>@=2FgZabfmapNle6(gAI7Uv|
zMdrtul<0y!oT#j=gRQvYH|F}t6(HToxF?>YLnAVj$BGw$^63(Gy5pDuPn(@m0`v2A
zo#(frP7_$1^Y1B2{a91m<(hl-lUCh5b6>sA<%YP63aSQHK2ImF4r4xj-uK&vu29G7
zws|x{VmJj*bRF=P9!{ZjJrdXBj6RgkVPnrJ1K!4CNB>T)A(c9kN~_DvAOnh@#qg7O
zKiYm)ewyGL-P4H*Bq05y=}~&cSMj|0u`2PK_dbnP^yKV!j{KC$q&+ey7!9o&>yuyL
z+<A{+H_vffSC4RffH6;tDdXV)dG9**5-RsoE{AFzY+22mlnL!};TUnbxPL>y<hgSt
z(-CE;4!N8+Gh#a2;=zv_zGVV8?}*9M^XeSBsw89(CnpbCo7>l%)41_m@-gV^uJT>z
zU3!*tRGQ~#5AD>6b6Mc*TklYk_j&4&Rt|a~g2OPX>lH#cI%u63mV|O?edQhtXB)^}
z%0R`~4SsS`@p0}=ex5!IV9E}FpFA1Qdi8_L_gwx)vG13}z2XO#SUS|7)`3g>`0Pm>
zn*L^siuXS6nv#s1{%DEu?iVKX{8|ViO{l?G&Xc{aF;Q*<e7}LaqgT+|_Nkq?c~0`6
zxqcWk@ZFoq?6_<}5@nHGx2Gb4QLoe`#Xag@=4m%o^V6u$wX(~Knq?$#Ad5c(@^G9T
zWkD;RBA=e5<4OQ~qX2W5i@$5+OGFNFWI0k8{6f}K+Wb}lP{q{JwR16VBW9)grG5_J
zcmxTab_cq5P8*|8)kBAdCn)_q%6CeTr5l*-@Eca+_ZTI2yn1H!VhL9AMK$5;7<j2@
z7Ahv>CI-?zIYhW9-m}inUVi75^012id*S^mQXD;C5$?%(@Yov6S?1npKp5*dp1kDg
zHN}zwrbs~vrkA~2b;{GW<h%16kzb=Xy@%DpgjzSvk0ZSoroeQ;l$ZvdRd<2BG*?ip
z^BH}&??~(GNR)g?xO1%nl(zrfkNQlNQ>EUVl4_gYrY42=Oy+#fxBy|0xGlo;ZaWxm
zob$CE_k@jFvD>FfQ$@mHMOuYh;>!m<_8sY1eS?V(<*lx47pr`ViN3ga1@ZIB?OD9>
z^1KRc^khMui(lmWM&GFhO4BNMw#l54gn2*_zsQYCPr>Cg*%t8}Vc+9lGCu&51Dac3
zscKJi-OzPw7meky>%_+>fEpud;ZTbr$1B&H^GN%;<2;<{fsE5}6!6sy1>4L`G;Pbe
z0ySDDbTi<1pAg=1YXjYHZUWs=;-iV@VHRP!Rg3SMtUI?}pZ7S;`T+3W5AsEiG|FsW
ztaEqXZ%$RPK!Q-=5leC@+$Xf`3X&G!B!Y)3O4i)lK7^EUZybi_{m*w1+m@bU2cae3
zL$2_!Nl4UA@}3A9J}YuC{TY<;&hA3{^6e=mU%g^nx}lHyiFL<xM&Rbd8_`D)PbVAU
z7^l>JK{o79!tE=C8T)IJ0C|Gab0Ma)h_MUK`6Ba=U(7l#PX{dAe5L&$A1`L+%pHL$
z<%$wtqfGWod9mzL&0>J}_+jQ-#Y|t=xMKOTqx(vT3-q|tJi`q#@z&|HxTZxT^^K`l
z27_Y{`1}%<9d2j5dC|Uro?etQGSZ$*q)_qx1n#uo%=FTuDz}SG?#0Dd4WIV&J*&0-
z@X~s&ej}<bF<r|vu9}<4t5|rRmUxm4F)s&NST&>&CRo5Zzt8>S=Rs97-PDF}laDF_
z?T%fri~DFa6tr)At*5d!S!mo^RQGXpu-<QKWWcO~16*$UyBY|!pzk$e&ll#<^bK_b
zxnG7bvJv@PI*eSHD*N1d+YDV^$90SQcypCNg8FhnTzOp8GLyG2po(}iEBL(%%hf{S
zNAF}s^);%vbLOoN?(h?x<f{$Q)9mJQ?D2cR0r}@ldAYHfP^Z7RvgKakpcxM_yKFTR
z<Ciu4M4elcWh4sp9QRGO2|9G*`i3EfU7>iNyN(X7u56J`@n1-BheCDx+BehzG1R4;
z;e5g0Pa5#7de+fE%X5M5Y)9HQOdRm^o5f@Yt1N9A>r1_Bnlt$<1L+<+6j~d%C?Ouw
zaew)+NF86h^gS-~b>@WdE6>io)2u`c{lFy`_RAJK&+n0@GE5AB!N4@Q;tZ{xJ%=J;
zV4qG@r1ygb*PdS0+N-RGrT3ytABh68Sl%+n37_2&koy<aF-fj@OcLteBGEqiRACT7
zjtf|Vn#Z}XY$^9Ml4d|x#V!ros-WNY%XNBh)iI*7&wG3mgrmqvHJU-3;`H?{mw590
zJ<F|%1Rn&omRk5`A%tZAWpY!l>{&Rct61QXk2hKo(la2lc8V40x!zZ#Dmhlo3`gWU
zCWC;;sFMfykUv*|Ci8`3HIB+9#5Sc65MMgVdU?ZfSD^!su-}?KkP2RmaVTwZS3;de
zx_WBUAgIy3r33ozq0QW*t$i(n2VRL$oQ&01M;EU&n+aaN_kKMkWO49|o($<gG1jz{
zl?%D(Hq)xmZqHcOTNu!1DBMpd=~>BOe(KZ*`H4<{9?W!erypKv%6FO47#D9fYt1}R
zrYY})xR^`ofO_z(^*4dbDTIB$PN4TF8({pEgp8~(GP{OoXDdl_2z>$is0RHLTJz_T
z6^I}VBYYEDHKYY>L7(w2s~(q;TVLS%hR)NB6NUR;Tmjri2VxH^F7@7twy$&MI-Kw9
z4jH4>O6dZ>xBC!e4&^jsUjUDOhR(xo@wKM|_=y@l;@#$TOm3r~X{~9CsK^cY`chZI
zud?&;O;0+MIcZ_-qd_=+Vo3D)lg|8(Cj2JZt)t$&M7P5E7$Be({BwYldm*ady$t1f
zSnlURv(u4I4xVy5rD}R13@@`A`62lBs-JE&d}g*np@q*A=8|F;cv#!alKJ!HM?-U-
zvm<6cz%JOgAsN^o^pNXP)3Z&%XD>yX-a=Y~GO>Bu&dHtcfEaS|y)$Gs1Os(Iydmi!
zU)x*z$kJLJGcyvn5f0%8zAI4YG9An<MJYy<Nsc-G;M2#>3S7kZv0M+-H_swAn(jFf
za;gltPwciA1#Q`LGtE`}l+M|7aAOKjWqJnm*y?vL&aM&b_5JGMCW34|T|}<u*hAuH
zq7Fl&>JX{YrGAxWUJDPJ`7Tn}W-RFw$y1q5-&N3~wOFW5eUy!X_=|1h13Q8giV~-?
zcb*ui^QmAy57ArViG?kuZ}?u%9(P}B%BPGl`(9(ZYKwj5X{;}e>HRUsYv;(tGahaY
zv{zze8WG_-`O{qdl-I`juF;FODJ<AY?1aYmwb`co;U-_gWTb3*`ZvU~_|O&0CFyTA
z6%@oIW7DKY;!U&TrEuuG#>*EiFCgqar+vAczx>h23h}R#@P>4=T$LF;bLlu`fi(H%
z33{wcIg)t1<?Fot=0VRq5*)d1#997KZZAb+#pw=Q(sdr?!R!cH2-Rww<SV*K$qI4I
z4iVy{2bo*g>Z;V_gM_@!_W`;D%igBDbd~HWb91aynNpb@0N?hDY>2mGQ8pJC+ZQ!}
zRT^ET^+;>y=iwE??|i-vob0-HfNW82>a&>X4kQmM_<q5-mvD3PyBB*M4Nbc1+~Z(y
zBgjy%APPrKf!bk#zsVCGu{P)zF`jIAWv;sUe5N>E+>7xlZ33xl5Pab79S36uY{#{;
zBX7l=YHnhB?nrGi<++`q_)?LGuH@lc&nxKqv2=yg<~N8=8oC{^zESkJ6Of&^Aq&ff
zkE6yv)B6M%+x<M5U!BERtZquJb1;Z=N@!=bzfp;HU)2^Kd|X~iluxf@pMY@E26$?0
zgE!Rnuvf>C7`@LWx~s-hq4-py0>=Ta)Owix1jpT)hw#z~5~BBXeSumbV~@pcPpb<p
zBR_!{DYS?2`aTt4NA9DeSEX@>eOvv@i#9*!a4uv#IB9IW0SKfr$hhkT3XBW<%&F@)
z7gz*(;hL=jVI_H8dh+d?zeJjLze}aNN8`deGd{1@XG!t|B*g=9KMr_I`xf4lN8bnc
zFI&m%3H+9wR)?$4hx0IBy62{TbCTv7<47H?SfS>iSdT7XGKTjtZghx!X{0&|)byCi
zpDBb*yS2M)_CW6`&4OCtM`ZU4uF%H5pZ~Zm&zAdJ-yuX}hXj~kE$(~)Ydm<{MQ;#N
zpB-YVhq9PG=d3-61fdA&UxdskplnW!x#6|@?Z$$hg&MoU01qc%3qz8byPdOz%g<<J
z#(e3c3^}Qwp*9!3nQH{9j+giJa^+>Tl8UzB;`H;-H{DOAPN-B3YpDi4ij+t*MA~nB
zL9CUx-obRhyuok`^Ew1@J6*=O-{>Us+o!IHh5Ft&rER-?t`7`fc*KM}1=LTo*Z_Q&
zRwDM4O-xwqeGV~k3#lPB3>vZhsA$TQGuiJ0am3ADoBKR@N?657$$OfF@tl}N4u@{k
zRBLnry%(R_u&Z*8%Y`d*-z&7pfrr<D=jYuj#Gl7lTQ+mQb2>9CB7!I2zdbmnLvyn0
zL0B%{SsdSkd^ocnzv6c!p^+Cd=?Q#eiRCm>ZuQeJ0#Bb@iYK8=t!>~&PvN-*A;r!S
zX!X2I=$_?m2H(g2rC<6@Sn8o#aZ4v4jpLre+oBK2jlN4U(TniK*aAye#k~LYOw-1g
z3!Q<h^hLIQQ-zl~4QYbm3u(?n|0Pg`u@%eZ)iX89(B70GiScdsug!1!8~;!WaRC#|
zj-9)~T}x=Raxc2}_3_}xZKc=xzIxBra5?fEXMCe34=3vkNnaB#D6XDSBYSctv-dbp
z2}?Lt5%oMxj#%v&kD%?$lMi~&mB{U;GY=EC8|)&TslL*9DGbrTP7TO>+v3eW@k;9;
zyh{5l--r%e(yC{vxJ9cJmin#Q*rCL2a?y5&=b|-ELxr8#63$4z$<LiTAXZE-i*6}s
zE*RZ%x-d_pqxVB+tKLnLY3t*%b}uwTuS7^7z9&ggCnM=G-QC9LRt(8LK}8zMLKjU1
z<C*AFz9ofqO%X4*g>s&y+q8DL<lqCNP(>e5in6oc8MI2k2d?=|MY8oLZ`0qK(~{z1
zxbc|Wy{t4H;X+q9+*MjCNVIwg5Dsa42((x7yoIPZl{B>3QrUSoqkCMb^u8}Lsuj)g
z?MG%fFXj`Z+RA=M92oO_x3aoR3pg&~32)i=>%MUv^@xoV4_t|OR8NHbzPxSmMZX3a
zdi8=Kvht=i@R5FYa69|J5yXoL$?t87KlhW3uUf4zm4xF&*fl&~PY_~GPkgCy39=a5
zgLzc4`Z_F7V^4lFmj9YCPaA;Vx9qGCsvjMGcM(LE6{s5X8lAtPyyxnXyyLN23TZAi
zF*R=)ChrYI7`U#m&p6YCh=C5jw>Irr5B+k8kptep>G!%oNXCA~OC!?n`&Qjji~S(<
zfa4iHweQW!wDXxL+sC;T>dYd*7I!}Da{73y)<Fe#e$rX|_5j-v)u6fd4d0UEqM^6?
zyRwBHYzS(iq9)YTI7f^J10?nki~F&rDqz+8&KB7dYpqsJA1Xw%`ergy9QASVg@y?S
zKedVHiuCP79iX&%7<bh!^No84p|uUzJvh?&;7#E}G?!Wb8U6QN(Y;iKQhB=^>J~gJ
zNKd~o9(|wM@7D)q;X<;5t<PT_zZ-><CtNN2vB#}!Dsq+J4Eg#EOUvx>8=>Dv<SJsc
zRR>R1+$Yiuq3u$D+2fKEex961gF%T$pGA2ONU855$ArkbIu*LFKyM@=&2iyW1~*q@
zWG^{DQTlDKVIAdWOQRrtzgrJ#=qR>7YGsE!N55Go$;bUYd(0!l{AlI2r4{F_Rm_cf
z#r_>zgJYCW!uclLNU8PizH$+alXtxmnU%JbZy4+5t~|XSv%rzGyL*zo&x~|lGgL`?
zhV(x3TyMFz2T!9!gdjcvIVI?i-+Nkm?3DWRN_$``$n2_->muhg*EbmfwXU%$g%8;7
z8Iv2bHyQ@4>*n2BU!Q&w{Q5k3nC{gQSV#ODC;4cXB{O;FGRgL)gLz$iJfP%yeTD`x
z_rS^*xkGbr`BQb?3K3VmoQVA!{apv&GXuvJHa&(L8O6`RWe4q3Y82w|^eT+ghS4B!
z#@=%ZI&2F!>7p-dfj_s$bM=dKy<futcR<4-GMulwiRe27a(K(zkC|M8-mB><+`Rkr
z_Ze<G=Of5dt$S}?Xt>iLBJ)Jj=QYbBdd0uXn+z?oD|@o#9#7y&@1;D-&Kh*@^*o5W
zW|yB0%=_{2<3HsD(i*<SyI0LUzO@k>dv33}h%jEEQ;W}B$2={9koN541n6~Pt;YMj
zr^73s-w^xrXp7K%fe_;yBY1KEM?kp02olT0Pu-rIYKWzTJ8(@V6l2kzxvi#jC)JD^
zN{fJcDiypuWBu^i^EZDBr{`FFqXIXp*Qct#866q>7)q1uj-Cg|QoOmTEY0W3+H7T$
z^S9-HkDmIHxwGd!CDkPnuRf_JgyhuU)~tS0Jiilu9Lg_6Y+IgK-adJ5_<kw><08)+
z!}EVcdoR&H`&|X!tI=EYg%cO#$g`!{PTR4^q>MI@dA_5Et9<R09~M`Ts2#k}$34vH
zI_g}&qsr8r91(qQ-y>J}?hV?$qXreglo$AwseHSVF{YPoY6MauVB*OoBBiWI(K^`^
zq<ZQ&#2#T~eD6yzNJ+gv^)MklQ2?2z%v|LltGKbiqHqxV^+V*}{eQk3{@g)fsD;Hb
zdlpu5(6*YktccM-*^v&<1jMsC1bYIdd6{iDPKMZNVIdNYb>TYaE&U{#DRB$pb0%Nm
zNL<uBs(sHG+gtii2}z!>X(k_H;q4>qc*8r<=j6q@s-h+0s7VogjUOF9P#lv0-5^06
zN9{H|H*IR^$@C&RD4wv#jS;ra@}X^yX1RR6<D>VD3X|wPlS&*fyL>LkRf=cZ=u8hY
zAD>;htbV>dAcVX+-%*b^9yJ}Tx(W|7fHJ0<ocQlbHuik^)}xQ3a&!rf%02=N8J#{L
zZ%tFfckWDIfN?GZZfyGQQuz&%9GX4#ynuT}ai=ky)>@q`7XEI-40^vGkGa)%dhhur
zp}C=|yeB~YmOiM5Nq84AdDyds{a_I4aYtVSn5~f>&Hd8uT#hMDOy|=r_eigPm)Kw7
z#r+--X><LJlEp32vHKVzH8)ot5BGiVt+q@dQ=h5_BWB*6D;y4I&Q=NWULwQ|;>f-M
z3k%FGTS#dl&lK5n2}50C^??M@A&To-*uQlw|2*VMY2SiActj>88?PJsWo&VR)8mic
z&(|IGmhk<as`+p{r(yE7^^Sna-DiP<t;8=JM`pHu)X=QSa4F}#ht1O3r>4$|;Ioo7
zC%XaV%<O6je(mjNAatiQo*2oqo=d1P!1I;`59Q&w{<qO^-=Z2=m1y7dR(CuSivok)
z?6`B-HnDELGAwO7%-`Pn+IO8=s7To2{Bu7xRnsNuiEOOM1IX9DkTSft3ZfFWg7j#)
zck7T3(~QqIS!xO%+dgAQGiy-t-Iab{L=T3glEa=o;LCGT2cT$o5^(h7Jbu0gK+d&r
z{gu;03=}-v#>-n%3C8?zhTik=bMeSr%-Fu-$`e#VNU<N@nzWWcnGG6o$FmoGdC`qX
zGkQ7qRmF`H7lwxBJnWi9E^2G2b8Rd<y57s3>uJNylEI;Mec~C#DTt@HEu$wyo3BeS
zJGSsvHtY4!f>%TD(ZGq%<q_o<=#*hOV0y)GK5=>ZgKE3cr=nM{+*90h`$3k&6t~v7
z@?}QTQ<2c(U<X0&LCvYObevd`XC45%{pqDcfcmsN9o&qG<PCz0l4xHhm+29#%-C%;
zJbSJ;50kG)8X6lWT|<pqPn2Z1G9SQ0_i{iYo$tPYFhhq<KBufp#8DRx7HFonG1e0b
z+v8BD9wcYsxmQRoZ``|c?}5vg+2B;7H^cqrK8F@cH}ZVlB1AFzT|UPIYX~_{99t(|
zvn)nhz>;<kKXT{Ug*84!Zfopjb1#j28SG4Pl|ut3Y-!#rUDc$6fW}{M!d$Sr8+UU`
zxpm+GK^=cz%_=C)soeu6re3DL&!ZE9Uw5i)lG3?%Z<RbA>`WG{-6}N2uQ^iJz6oSy
zesGEquvg3QJ5ADhHRuQT)dv&|c;GW^m7CqqN<AvSu>3sr`LgCuo}%ES-^X3@^SEoC
zZ3sS%@t8vB;KR;yF0_Yo3FobT#xBo(qurx0SI^g~v~D%;QLzi{a;wbxlU40!WEW3X
zb05S!yVkF4fQKMFm{|{02eS8QBb<B8c6lQoUEE`ZZ;8q($U}Teu!L?(t#Ilb-k~#-
zW5@gm-sd5&KU;YgVMAcYFvgR=W`$Gw#O@~Z(&Gq~E(pNKVsdU=AG2rq{vF)%WlN67
zSqgan^h@7lL~&cfYZzKz@c7-KP{c1-N=O&!o-bCUDz#~BW6s18R6~+ylY6(m``)7^
zm8!hon8gq|4^=17&g^*-vE(hG;|yn!b=QhzRA>~IbWh)2E>K*~)9@e_I_|SXMA&}M
z9f14Yb@Wh5<IvBrjCIF-6{&Q}PP(YhquOULwvNSUB=w!UU3brkfG6ar^}A-G!IK?b
zPk4i+#Ew3}?q?$|!4-k{esb7c_I}gJFYf(jVkx-d5{^WV%Tj}k7fMjrUeZeV!ow@o
z(XM&5nzaX~xY(@_Ci~hgR)RL@KF&S;U0$Y4y0GwBboN@_bL9*n))$mr_bCB8eZ(VA
z0zQqy7Y`Td1@n`YkM<Gkf_7Yy6nNj4j)XH%kVjT<)+S$YRwq3@llKTQPJBCVw=N@k
zfHI&gqR{)5)u)%Kag4(((KWBelNwYu)O`+Of79*f#<Nb7u6xU+-l9vrU${>k1S&<L
zWG1DX(m?i2&#*}%$<XDcleXS77q}||J5xO4xwH1Wl~w~ymnwbT8BOLXGcGvh4@AzC
z$vx)FrCfx6drMM#L>cRgCytCEg%e;zU(-1G7R9tL_?4C&<Leq``xG(5cgdd8EqzsR
zTPPu<p5;51=Zy2QgHFmv0v|^|ULSmh++9^lx}U+T=L(|Z#Dsu{*_XuV-;sHLDcY1~
zRd5Ja_{95xDStY=cYgw{{tgvXzxo9vfUnujB6D%O%)vO`Uzmg3XFymuzJ{O#1Tvn|
zJ@u?Cspof4&>EYFSM$5VnA@N`tWV5r1?<wg;l+kghxkTPAjVN1<#XE@RLSuA$$o3G
z??d$SiULme?JvT7-@>=sX9k^->3!_Pj9VKF;NLx4MaB0*)6LE|KR=a#BSd6+9`=#i
zHuDuSkOx8KT(6{N0FLoLuO7gf#~Dh86EcPPKH_qwvX<pr(n{tmP@H0DZqOCfb;ESO
z#A15h_wgpevufDvvHpdf>UpAZ&_<nLl$^i83hY|C5VfmvL{%sVG>q+7wgCb&9K5q#
zM2oK7JHpZ?42R@^EwHS09nFhiTyp!XTwyd?wkJN1elz;GeC)e#)YY(jV@bXwKfVN$
z8gy~;LhX04{KU!no7X~LgN_N$GhpLbjqVISx0~(}L(V%_Y3rhBmLQ_cMC>E_d!MWU
z5TGIUFV@z-om8LweBhzD`3Sn>oVV=71whH@xotUc4xM9$R+naVU=KcP$xfT|EoQTG
z1&?7(L{bPMsHAe=)Ic637@+EIr9P5pHuEfGAO4d3pO^SX%DBZtniIx<<5WT!50n50
zg&cHw(%vH!8ffIHc7!84O(es2;6$FWY_PjCd4{Sdo{)naN=&KKc9d-DNWy(IgWuH0
z!Gq;zo#o`WHs9N%Fq$54qIm_Ue0L|Llu9%^4_+v9e`XT)k&ISr`t%JIseP7U)6c<S
zAfNO6!x~ND1Ww{vVbV)L_f{JX<TreItC{?~Cq!MgZtytTuV+&6wz;0~sQb1)K2A{U
zzFZ0gMRM2Vt<3kNhYv13a2h*q3;WHpv}?CjPTbF!ooI7l1p~U?P)evQO6Md!IgX(#
z>L8$_a{3#6<Qm1;AuQ8p_MTpV5)Sp!SW~d`sHW=4O8MCzi}v#fEZCZ*74^w5L*5bb
zl7Yj^{gh84)QK!k_lJyWaOvu$cIq2-j^k4mtW4PPzTjIb_v^^Ct5Nz5rEsb;sH@=}
z5_m_tOO*;u)IB{?0p}=R75Ms*2p^L}Ukuf!WF#auH_jKiej^ckQa!L9&3oN+l5zyP
zJ?iFe?Z=q<aDI_kn4msH_WrbH%E8;st;fT$5LcBQ5JBYVKf(5d!MXhO01uu{!9j-2
zbv*1g!<8L*i#d<s%||#bad9bhk3>n^4L_Kfk>5_=GXyupGIt)_`6<A-vWyEbf`leW
z$y8qkhtv`{GJWc{!3jP$5Knh@Z7Nu*Z$IgUe;Z-_*9k3{eU3jRcy1>@b@oK<%~lqv
z;UjzAXA&@02zgI0dI(N(6MftvuRKH_O9=Gja8o=HkeXkndD}Nr{}gMNve7Iw&DmRD
zYu?U-4CfJoDXe~9nXjx=e5d`iyCLjI-*hIcbHqkEz6ji5L%L6E?(LL4WLJ+sAoU{x
z_j@ySudGtgV8CH7cs^cWPsH?og9kaU=3C4))seC!FjsmQ^7+)|hM}u$%Xc=szl%?S
zp3(ucGyAIbvI5x?tszM#fgsM41rg`Fyj_Uc-S=>}S`}f;#TK)%0rYRgC8xs1GrhKq
zT$W~fg?s53W`sPV3%-w4p34mF4ZHM8*_fA!of_=fMpcLNSjP>Z;i*n!-hGwdF8o-N
z#nhzeY6eK&q|GB}5YBacfKj*)*HJc`u_H!!NUIJG)X02}O6%S)R}=3A5luGA13?BH
z;=T0A)&~`O51#N^c$Ft={LNI|iXoZ#s3o0a-`m6Sgl|HajA*>C#&dAlM5rNjgLXUf
z3S>XiN)^+SRcGnTC^G`tfkg{;7B|jE;NhaA+W~Q?6BhUA^<s<X;H$kxYzTMitzR=Q
zt>0k#^DykGfRK_zs%N|EveEm+lwaqG`?-8N*x2fxT)rn|73Z!JHlg9{mmmD4nq{bZ
z1|E1ib?nR)?YkayaFzh>`^_DA@6#$8mL_xG+M2%IbDr<<q{m3>x2Qw8-(yUT*n*9N
z_VqJIqa4+HW|;LfSK_sdk;}=|F){VtuWr<xp7{o-t{{Ovt6(mpEM%ujlsE2!%T~`1
z;$85{zw-*xYv<}S7H8}NeE0X4gbw>&BfD+rx8}e}b8x#c#v@^Po9lsdEat3qF0_+8
z(=wzw{^c<ohi1VZ)OnxO&&35|J+MzY971~)0<yRH-f)!ff<Z41V}7?6(cfYq>3J#|
z{WM5DT?KW&OP^u!V1;G?uN3Iv$XCrOU#qdOCOQ$QoYUZH?=z{Ga6HpX%>#NJuH!K0
zNH~Gbc?GSj2fnq8tl+Q;m!hNgCQi{4v7NWSh6URB=1A>he;p8CU*T00lg>+VrlT=?
zSr+)<$&2^6SL}%ElZ~V}UITT}@!+0#T7cHqnSs{(+Y+98oG$0l^rzz0DJjcFHs3;|
z7M$~4EbOCWdAj{AIz`H`%SC*AMRj|0F%pk|JA#+1oa5*T>4Pb*eA65|mS;wbzoFKs
z-&r9#@;#xKc%Zz+TlG%R352|j1E<oC_=6T>jM4pm-`9j%Y(17@tZPb=*R-?xeHDB3
zhQrDV=aNRpeGa0yE$%r9V9tH9kl7NAM_VuVQIe3{=gDIMkDus>lP3ISUXc#+eO_FT
z(IaR}9vTod-ZarCoLjoq<n9n9e`CB9F;ptko*&C^n2$Kp7EdOJkjMtttV^eb#Pizc
zN$2baXH`P>Nnkfe^wcc6A>WOX6^qelDo9cL2sb{sQg6#3mWxU8oP^+Xm`2b@^*5aq
z@1CYRM~mUCUz;%BXdQ@eLuogjcyeNx-`duH9*aF(Z!z3ma%hsTUF%})84t>*ZAvF0
zd|HZgI;~p|cYRxi7AKVKvcM}((D5Ai-a5M5k-eDetxx&+eXq!w_%P6v!($Y>S0^0Q
zo;A8(Qm__wq*m2~)-nV+K^CF>9KsHILhB;{nWH<YU31w7FNOCwf-o+QPRt;@M^5ht
zu75WWHA8ywK<-$5^VPo@UbZzg*NO^Lq42qne*rF5q_Szal*1B(ghwNPUA&O<wb_7y
zFO%^97`vKmJ#tjJCH_G}K(PNMy`#Ku_|<U_x{s^u^37CAL4+hC1Ys7WP%`8|<Ke{E
zru}-6O?3#*QOmfO`zeZ>04&-i_@o?~cb&SAeDS%ckB|5iDb|-bAfIJjfx@x_^pySW
z7b~0&G{4(ORLp((t{X0UvO1?fV8q9@*zL(bNHQe~JE)$IRawhr$R|9#WLyqxpKVQf
z43!zru|iXqByT3uzx@Ro7=?u<LKdppq3lO}v`kM0N>@bOsy=X=GtSxD%8?TjJ45>s
zn7ZXB82Au`Y@!>c9K!?nwR-L}zxouqa70&n&uS7r4t6guF1Od&gva~IWQ{H6)#@6O
zyw`fP9EK@AJFfs?4R1b#e6LwrJf-sVn(Zm%UWhwizY%#1$W7XVcR)#fAh$)HQa-hd
z+HLDI3?@Mia=$iXcmm^&{as%wQo5i}vl4ZZ#5!HCea938<n&!_0o%)GZ^q3l7n=((
zyY(tKJ*p@7K1jQS0W`STXMob%KR?km+3!|*l5%0)hDR7w{>aUfW}j|QxyE$|8teK%
z^tP#1U!WmZ_8G&?F=@c??tFih?!o2y5*%WQBs1LN1RDAhbbR_5N*}EnHv2CAay}AJ
zEQ~1^^w`(kyGL8z6kj$hPwJW}A=wL&CyMDKJ5OjkZ^qYM`LG&N7A&gp;`{M8V;_D?
z184F3y=0s0;V%eid=6D%oWhhu=_3rY8q9=}M)RBB#_t2NGDY4ttOw<l8dt7Qz#e%O
zFb*8(#T!s~m&O7jZa)Y-uPnjU;H#mZrq6<p#w}Y*2<w#6+><3$J&%3Yn4dnL^YlLJ
zL^nPb4EDgbS1`=9)!!gWRf%s(=X$KnnA%Pg`;N?1<>n(%k3H9g8Od>czdA*$^5%Qy
zUEHa?4ov*HOItbf?c!Ru{kje~cX2J|@~vLiK6Osp(*MA5-x$(i%?v*1r!JW}E4`9c
z{oQM^{BBAd1Piijbk$~n0MAp1_Gjlo0pS<?9EmH%`^DI)RuR$!P=F`Yxjo+2NuA)$
z>PI*ZenU)OJAYK{_r|t8@mYRMn>|syPp^_6>@S14003UaiTmAqr{u}UNE_-=9JDg4
z@`C8HG9~Z}*E>X*auM=NJC^S-jy8{}Q@n3-{0rp()AzLy)bU(Wmee;vOg|gX{(5|l
zGO4b+_u3x1%%YE??U!J}Sq-o)cKbm)sQO(mi${Z_ljCdBAQCl?fc7ojy;qB*xMJo>
zb>4)BRrhOJx5%cH!`z1$^$|n7hUNzolj_c6;1B<7(n=D(mQja=*&}=}iDAgRVhtE|
z?hLhT-a0&<kJ14-mmUri|1RBM#spTm(+~+y(DoV4c3h=fPXVl5Fhe^HJP}VP%qr6K
z`^4Y%Fu+Gn)(j>eDP#kK>`tZ$v9BHH3C1(Cf9XC$aJY(w;qko{rmHtIa>I?Z-fU`P
za(|pQzFy@DxIM=rVuzf7E5U8FqQ0|o#Y;I)&<n}6@AB50Fl=?*KSSWt`RIS9b%(kx
zT4|8reqvH(AkLBV34<t>SEBrDgsxFZgL`gDjmLQ?(AVo~R-I6s_HxQAHBUuc`V5H@
z(M0m(l!3jOM(-0?7b4v_bKZNrf<t^D(`>b;WzTy728#y{iU1pv^E7^Kg@1mfeB#ZX
zOZ}VUp8q&1JMviH>V36Y=q>$zwfP<=+~r~ES|hr-EV!Sen?3&cn9kz5!DU%G_9c&;
zxcY6=Qaoss+k;NB1f{aq?<(F$FWDcBQ0oAd2YR)N4~J%gD)SsVj|@sTMmc<Ga3{!Z
zdrM?sTE&{0Pw$PHgTS(T7#K84NJ)$~tb=$8wN?Vh%1<{Z5Mk)idhB$f*g2@Kg1piF
z5}IF~JR;-#Z@(_aYoGDYF64%IKfN3Bq^?rYxSw;mpHP<~4GjZ+Y`mb=v%xvP3qNR8
zGl3>=!qC@6x-t4*I$Y<ZeFtPJBk(GvJ|_MkPkHZ>Y#Pr|J#eKEGi(?%vy}4F)KNw|
z%=Yx_Ddkduyv@SE_kq;#qjwbYh(&StBY39O9PJMc7iR;_VEYYTD(kd<^Y1aP*|Zx1
ztL!ddu8GrVc%B}x%7d5d;3YwCxu}@C)T<H!1?v?(Y$;41F=Sw*ofG&J%+Uq!7$r;$
zKKxAvBJfiO_34%#JY2qd4n@+28tA33lY=)4-KZ<G$6R-ip|5Noz(=T+ftl%+bA!nd
z{p&P@7NLWghEsg?#QU&=_u?emn~$nKMz@g<$9DxjJ?BaJ;@RG{u`$e8^22k)Of!*1
zO_V99{gzMn`kOfS(ML?rxUkcZdhOf?%;k^vFGPDjFoA|nr4AT!xu@EQm2vpJprEjo
zfYEF_p^B+18y~FC7PF^)9#ube05P~6!fcXS1Pwm7hf_g*iH(c{uG52RzGh!GHlCtO
zDw9ICSOVQ@atjP}0M(rj_`SzO935eN9)Z=iZa<3kU`+^ozm8Emyz29`-L=o+TVUj9
zC*Hm_xL*=2ZVa+6lIRv3&~tCTI;RjuU--$k3R5XmRHXE$S(1_5j@Mmg#><^|@-e`(
zYC5o#jm*Sv1U3-SzfOsa(<ZDK=sA)<a}WrA9-2vSB6%EOAX~GYdj;7=HEOUl^uj}m
zCvG37w#RnEuGHnz-W9+;my6853Mpn}BImvVFSwU_iEw?SS>(Jzb<PRBbal*Ymku$j
z-#b~F)qhFeoSf=Ky>Hb3(G<D4we<$*6LlclDOYgPnl9vbQ^yT-y(&2Fjo{+EJO)oC
z_}5-<6oEnk=d|zc(L!lBI*AMebq+`B5N#`&!s@|)wmGcYzH)Idm65EO@OL7ob011P
zISi`MJQ{Sw$ysXntprhemEaNYjj*<dDx!Rz1TJJkCAC~RO8%7ey$diHLWsBMG5`0(
zb?1GlO#>^)wTlpbaE*~LOzTl6=|LJ1Ybbv>s8(p=x1|!<P!#l@Z)aTa6N^xYaN#qj
zX433PJSO$+A7&k_Ohm!k6GmvB_(Xap;7u!@4%ggcpYv4TbM)R5aJNkSJxJHRAq--a
zU-wu|+CheUzYxJ8zPG<<L_7K5R-aPI&*kX&Lru=3!2F<0zck)kd-m{l+99OiJ~s0T
z$9(3c3m%wrjM^f>0p;4ms$}L!Ogw~kNFVs;IgVdg{!=XFfU_-E1Z3cme5E~UU&8!g
zJYa6M&R1bc;EasRE3t##wi|)Nt8iA?Hr4{kVjOeQ_)T?Ry>jj{@o7_c#dFG{<4Kx}
zS01`$BRrrI+iUrR)0KghsHDFO9Kp!oht9D8ocGz#AFGn2xv52TOcfG&IL05rvOP=b
z6{qoD$ghYGmAjxeCu@BfUFR)lW@c4<REu?o?Y?@t1iD7H4cw1Ba@fcX)U}F2iad>+
zE5KpOk$az}Qkb_0F5mm4l{=AAInP;<>p|3gj_9kE82#or@D9l`NCkfv7X;r@S?p;Y
z?Nnbsh^k+O*95Xrf0X!f&fQml#5FHU-THR?hMx$WyIsI>t10kYnfF2TTC@0BYA&EL
z{|&o8kIx<)=@&V?>0h48x3u}%u_s!4zgUvn{V1G`^Ta(*`h5}XW9F#W=6HBS%bBeM
z;e`&<`(%P$x^gkWH0KNTJ8yhUuelX>ouQgO7<-RhDB(L3?DSo0<k~lNA6e9sw;n_s
zQ?U$GFyHp{06s?N%K6%ie7xX31&_5cfy7=}{zYKWcQg7bp^NN^xMh16L|>`c+sW_!
zUrnKt>u7U2s#5+LQnRR>yDlf1jW5V<)D#{ZJ`!*4oK>;Fi3_|S#aIpO2vplw#;?Ok
z4u93u??sYrz(b{B`$&zeHe1HkHy`ZYP&LOd9?NFg&m)|5k-D`(G0f4EPpBT*FY+n-
z0gXR?W0zeJh29r?nzZ4FH3Lgdc5ichJ}IsbzeDI8t+@p!#XYK@Jji3%k0KL<Q<VDC
z+*#G<+^1EO_*mw5u;o`4_sACYfz-q&fF2FZ{Gwjl#d{D&=aG#*S->3JQE}T@(MK-R
zrXxn}BeWU3=i35Z7w~$7>(5<TK^XDP;c6tK5)(n4P8v3&PQTl|!-49HPyJZX;|i}#
zt!cPB893ERh6bRxb@!sQhtNIeVWLMfzk(o<a})1o)S0VKT`hul@z~cjo_zc2{j3Fi
z#4eo{=9-Kn7dZ@>^KseFrH#g_X<QFKl{Rvzp>C>kb)k*7h%+TSypND8w?*j!eMnXF
zM8}Em3enKlk$-btUrpKRpm~~_6%G^o!d&dM9-~Ae%<XUhf`U%MbAd;*cb4?feWb*8
z@;IuDk%T74Y|34NzYfAevO}-p8=R#x32nzf?F<4TQGPC*=ZV~9Z%jDw{=pv`JKyI0
zh)ei95$pzO*Fe&_J+2ucr(SA`KKSropy(PqCLe5OhP|8V(0UP061+cm3Cp<G(E7AL
z&M;fO`X2Ts#66%0Q(O0_4+SXCehmssaq|LcIwAcAUi^8G7V=hSu)^b3Ms)pi9vQ|k
zPO1oPwS-EeThf%gv=?a}PQz^{&`vrDw;{uC$!((<@f5tpR_EUO%<NA-K9%ElwQate
zO!$7_cT;_kI<L6Z$T5g~gcumk_?6EK`HpOAWOMK2em;K<d1g97PRtW=imP%N9`eS$
zx4XW6Y`gdABs#s?r9}#MP-`j@@tk<#BWz$#c?Qh!docY1lEa>KNB_5ftsuwKS$OvL
zRJkytTr$6$Me$h?0zKfe`wG#NR<JLg>)rKPR1zH`Vc(W1Jy=CN^X2}1MzF=(_GLnn
zT&)oC+%FBmOa#^lu4r?QmjrG1b&HYDK6kW9=k!W{mK<{Als!e5DxF~-q?MGaW6k3p
zyV`fIu$VGbRa~^Ux){FXWja`3IiNX}pEm+~)}2rpb^KbXzQ#<kwGKapxSOWV@9Q^O
zy#MRksz2Anz?7*$SxDHNSE<g8uL<9p$(`_$jw+g40>~i|8eZp-a)~2c7%`UzA&FY0
z(dxEG7H&o=T)SdZpne;+zWpWHnvv1OG-YHA)darv#*xq3iTl3jBMQxifkEa&L|L6*
zJnWa{V*c$k!24=W1LbNidMpi10Pmhuz9Lt7Q|Y8X&=|j(j(t1=ob)QbIS;1D1}wMv
zI@luH7i5t2?NThj)eD=j4{Gs#<M(aPB=RNakVvk2Lbkf}90qtb(zn}o&|1@uL=~L9
zSb?F{7WSElJW9B}kU?{Ip$BAo0Yt;|D&^j}CL;q!zGf#)UROjTI2!wfn4gLFzbDE3
z-rlvIRBANF_n%{Q5OKiH-kL^IJ%~YPJYdhcndi;@`)JX@rI^LbcUwUp@*lPbwy;4}
zN4MX*?0u`D_Mqk7x=*K{uLt_uxV%v1<BtsC)G&g5>4O`b;adm}Wx+?zc@^Ja=(5?9
zr0^gxE7EE8C-l<KBQ<L&NN_yrJnAH2hI3-y6OgInp2W^TzHA&{w+KajIRV5^a^zbz
zO$v`C+4oeA^QDt?OYP|))V4<^uwnZt{`+RbW2a^}PtWurjg6(+GeD1)9rnZb+R&Nr
z;{323O}J~^_0~$8ZMj3>=RR^eDG%CrYj@-TwRn3xC2&T*wu}bp`9e4SJahrx3_9!J
z<V5sp=Xy&-x}9jacAoOZnzQWx<h_p$T<3GfwuL0uS{A}lOW;(h5PNUEu^~^o#{+S{
zCjQumyyH|(eH!|k*f-8SmmgINpPT$$WWCL#L*l-Vd@cJ;$uW-ne8~`aDEkcUk&IW*
z>QOa8k)hd0a~7l`lo<uuQhYBCNKA3=2&oFE;z6h`E~PmIsr#Tg9U%D*c+i!4FL$0y
zt()gFp1hcM?5N{+^PF`)9xu4823BXU->b+3(A@Wnd?YO^s+>Hh{BXc!PD1mj^}PW_
z<tP(J#*pc|k7A-Az7~3%M6wKVEA4oKA7gp%Y4XNHdHVB0JJVqdP@*Elr)ncqqwkfd
z_rSXdWX6`5kH)_e{3zSRV;kjz8_H6z!r~Q}tcp4j?$yb8f?b~!1r1<hFV}IO-Fwr|
zIk=z?%KhM@K9}Z%^_llNX^2`Gk0G!d5$&km6tnM09vmFeR$=K$=t`hSW1jDrK3Fwo
z&7_RW;y}6Ch=prf7Cr7_()@sv_q$4je&z|qr+W+@P1n<r`V{IH`~sxoMlpxqN9wtN
z#e4>N<}P6`V0o}J#@Bm;=MZ_F3?IE$W|IvotY#2Tl!`rR3c3qgbeJL1Z^q#ht5D8%
zK@i_F4o?Me<$^89xdc8~Hrxjf@~QkXN%pwO!8f(M=!=og!JdfwsOAj#Q^Zex33uxy
zfiIpggbz-_a<<=1b$?Qn@6(0CjbcIB1%+P*TT{rg;ML0esl%V<HN-y;*A&ZdmG{u@
zl#u7ar@fRg_6j^CEPrcU?aITlFTdUZqHdGlSHj^iAF#b=8NRtC5dcIN0#TKPa(T=8
zDw|W5Z)tHpxisQ6xR;a2qjMs4uVJGwuU}R$*ZbXjVHfMXo$7)N3rGM!(#8T=U%Sz|
zED?*@S(Z5fXO^ap1o1U0Mgd=`6kAMuQVUIRLhjR*UV6sG>Y)?X>|uKoV}ii-Z2t3@
zttk+=MxXf6IMY@!sXQhAp!{HOMaJs46bP_J7I^zBbQz;T`Iuo_pS{wRygIyuDo0Ve
zHpD?K?j}tSk>Gb9Ro^c+7Q8bhAr9V7gPD1}dM|Mrz149jahB;SDw@7(5TWOI-W#!c
z9^;o%9u#xmXxZK4=i8=FxA9~Uyu1Z7=S`Zp5FH@zQQlH<{|>O}0g4<aI~(ydb*-b|
z5~9B~GTkksRyz)TDYFS8Ex#ZFaS?~q^UziXEeO*iw@LSw_o9W+(N<vVqxT5{kGixs
z>1k4aH6NmOJA*i!$;VEW@y58F5_$#T?<NLInORF55NTpV*GJ~yOD<h9s;PZyBYXvi
zgWlWiz9k?D7p$aij|(Aj+qPHe;d5_nJWcQg3%1=^K5>^yWCVtrH0_>|6JA)?*tW^7
zzbhwj{=7)ud`R+d-$t{T@XkriQ@w;o<V=>#!MS@u!(37(x^<%=7>}Lr4wzqf#3$}X
zu;JOnyMAQpeqDO$vjkOOLXNLAHiVo9g2b;_^}XEL(sC>e@PhL7IZhs$yT`6da8{nH
z`q3v--JS4r$@jCaUSJA0x#8<!`}u436)1^TsEa~TJ(_te#r<=^b-3uCHx0Ti&Euw1
zUU%x&1y>N1(PgSu!sWolASaZSt1gxTssScf&ZvZ36%kq&lv;Y_!VU($=_K}Wi|bs*
zbUL^8N!J8JeGFPo*tsWu+S-u(M{k;*a}Teo;RIn_z!WDAtESyAok?=8!TrJzLNdqY
z1~>wpKv*3L+jxVZ*q8h!c;S?A(7H-r?4xAi!Fk~j!G2C?0_<?*NKK(5$@?A4?Kg2c
z^8GPl+++IXV`&ddoN{tU>y@W+{q{|Ii}uTO4Lt-%%6la4J;HB-<{1v9y7=DYJ8jnQ
zT47P}O#mD0${XB`Oox(DZ>cIXXdA`7a1h1x{B!dG@;j@tIWy3YVC+yG!tYSPQM5ud
z#?X&2PN3+03_NM}YDMsq@%}l1eKRynEBe~8qgzFVEjhSdfM1Gt2(51Mq`>X<M%$&M
zMQ_!h?yGxyCl5DzDMO1>83FK{R~t9p1Ql?OnM6E>>tvrIT&*14`NG>MzdUeEJm`0c
z-+->%>6;@us6+zr$hfM7_hpt6--=QdlYD@=u5-T7XnmiggzL)}h{b!qTPUaOK>Onq
zYvam*O;V{WAnyF|{?NoHGQGP8>+whVHqbLmrTB}sR<EN0oyCz~{I1?P7?P_`SMb^L
zwYeQ(e&AxKJk7L0!alP@hBM;qDmvxtXBSSrqQak7#_{(;ix`PVWBlWpO`t+Dl8g;e
z8F<!$+*Cf}X~oZ#OlSi$i}U2%O~?0hHJc);vX6om_%KlQErhf8$(nLyVahfIdXT(l
zTBY_T_V77sC<tZrYG>>{M2WTa^e#)xJ&Q#`cOT8GG)uRJ{?biP_j*u(;zEW#;dT*9
zZvC~yc)Djj0Rxk`3pDLiX*H#y#CPPNc`bamsGy%9g`V_)Q{8dipY1(qZL0TNT(G7t
zymV2KVr!Znt&H3JMrYo;o}=Qd6e`9;ulkZDf;+GVs`Uv5*mT$$Y67_Rge)xMd3uGg
zI*Bt)Rj!%>x7x&&lp-;f$hbMS7xD9rG~-6(;ziwg6${Mz)bjDuReY;cIOR70|2A)|
zIkigG=W6=rT7NI%tZ^Mb7c5Lq`vSenSCf*9hBq|D=myLae(>eDqiKUn3ul`l2QYq#
z7<2V>$4HA}Ogyyw+kWe;HLKm=dGjv-B~*dI8R010Z%c!oDC5NGiSyXhXAm%4Ws{NK
zuw~bnX_#OfADybtyFZPFY6oJWJMZB!thuH4+cdXyihRSn-~;M*F-{+<JzE5~Q%*Kr
zK2HKThYtPI3WvO~xsv?0eC{&GKtBdKu!gXE;FJViLhgr9XJNk{vO~V`AofyQ*89fQ
zHvXB+u8-j66L<G9L><Blq6Zxw_8ism(PNo_9jk=o6B_pP-)9bXFfSJ7tbdl)7d~Pc
z*n4ck9_9bi(1hGmr9|(r8Rr2j)u*;eDN?o51|5!!Ubx1~bmT^@+@+gJLdSZ0a@zLu
zdhpsjR1A>VQt3l)LE5ym?;K?uzlWaWC>i=v44Jwi0tK+uIU^pQqEot>+PNT7kbd}4
zMo@4rJojs?y+M?H7t_q8AIkJ2dsMk@XJ6I7&bT~rYy6Q1x*`NI_BfK@e%5^l=IlOg
z{eIZ0ebHdw)vOW5ySK0B-0oWgGLzSCzu}zI3dp#_UgqF)HxlSoj8k2(uLv^Z=c)p4
zF7UmY_vy_y?~+P16=A1YAF)R)+FG!(FX#F(h68mWi=w@Adn-kl5U7*EoB);iKDH<K
zv%cnsOwyfgQ6#bO-a#K9Vt_a5>7QE%a)|)e<7ODf>K+Cihe+ubqq|JawWrH4W+9Oj
zqN-3!@HQ;XXvTrhW4P$T+EC25gD_F1Y=ByBoCb+`?7Pg6Zyn=<lZ2`KvIT**@Fwob
zL_4#R+I^4t1Y&LQC8wxYy|kB7ciMme+1tK0nI)VYyYw_IsAQq)*+YUeRHnUbdBC0E
zalD>K+jC1tStc*j(`A}R{LLsS0us0vw*`Jeu>L%HdqaHr4cE~ObPF<c01F9oRq@Lc
zt6$d<?8!Y~4dXouC1QYKPd18ro+m5DpJu+87SRsL;%wOQ9u)4iOr^s%-;LEstS>4M
z+d+l^#V(uW6o+!nJ$FvcTbXvUBXg2HA7?>6iHYe~+a(M%;|r`i9(LY*xQ^FQQ*RQ>
zu~%9U^Gyq~BCt(J_v15u2hq>dP;?(Fyglo#O*<%>H?1D6=wh;3lYfRt7HsQeBj=6e
zZaH;q@Sdk~d&D$mv)lQ|9Xy$y6y0@)pQt9l`?x|$(<1r(VyX3u3`hlCr+%Uf%_9c_
z2l;$PL-php-i5vw<Z2#3ZOBL8^&vT&d(L@-=uE<9vqYa7CwJSEPpgn|52FTOh({gj
zJP;#br0fL#^7}a|jr#Q2gaZ5a9=l=tb`D-aVdAB0ax&&@Kx_fs+Al?p_Oi9fbT`O>
z^95C0YGCsOJNKFl-Mu^4pU4)xR3WWpY3D189KwCd7v)Qy0{$#e9SZ9(oiAQT6W>Zh
zz*9DWx3KNcHvJUAw2Y#DUbA8op><Bf@E2C%BpcPMcJTsS%!dW{)lfes<4+31quiqI
zH@)YTvCE!s^{}YL@r`=aDNh<)q%&V{9(2-L)rNjem)4gTB~0eK;CB)$TfP8x^Qp4_
z6B3qIP8R6;mYNVfG_(B<zB%UFraUDTou9W!E3?8DA_YyHE10aa#rS|9qiSU+dPd#-
zL>(tfav;%V-Av`1q_^vgd`6^nL*Bo`#pBC%t%N7I+0cu!4`m*9J5LhDQIiY%CN*iO
zm-Vc@VzqcU^FAQa)%Drydm{?-F%*E6?^;!=9C67|68J7m7b@N(*hfx{AS$LK!+kXQ
z3wd~y?dFj1<QupzYBahpXsSG&GG@hB75sW2y0c)wbyK_U=AQJmk-_aJpDpl6oQ8{F
z^^H`k91tT#wEyD4_VW;K-7569xx9L*Z^j>n2Uz#BBY9k53jiH$fi80q8Z>nTH6whU
zs_Itws3Oe9dd$Y96;l95IQiJ;J`Qrm@0Xe0M-NQoeiwy1PCwmG9LUk4!Q3ahCB^Zn
zme0QVOPqMa&%FT&P5MRn&ecfjV<G{z?^WbYBsPlqY$M9JpqRhpykUIBl%!Cs?Sg=T
zsy$Y-dJOJ&4oF>M=RQU1`)$RxiX>(q+@t^W-}SQEODC{D|G1M#a48N$H=oKc=-Fx{
zgGkQVs}GU9o|cbWDY%pd4U55)Iq*mphm@+mqF#eO*n!PtPl@lY4pV&wen~?}Sm1Pk
z>e9CLfPM}$wRFkxAboO#bq~+RV|%HlLiwmA9Zj+h9jV-?P?2~u;lY9{UjgmY1C;w9
zgYipyi@Zn)UYGBefnDvnZ?(apOWb}%bfXAw>FJX;fv?2p-Z^-(RAC<I3mo%H$1Z<1
zjp1cu^b|6t=^G?;&szrNox!W#x;u#%@3Go5MF*w(kzJ#VGOSQSynv8fkvn%{@|ZY(
zrr#%~JZS+yLTkt7Gr$_UxA6dudmG&1v{$M1GpKbc=#<K`&vN+D+hv|G-7kdvyHJk;
ze0HAhy~~ffA3+v@Wb~j{_XW;p90K^IeLql@vnfgq#G8I5+Y>QG;|o|u9^dS|dUdY6
zVvCzqa?e^))8mnG<?b6GDg9#l#6-)k?rayU?qb}EtQ#4+U!Eq;*3_}3$CAXE=gjcJ
z+$S$`&+*4Jmg#nWmS{K3^ejDmkMFwe4H|o#4UW`z*OTxVty`Z(8t0P=hIuQHK)6m_
zz@1Yv`mlA*Fv$5(a6zwV_Sc)>b&7onMG)8ZskfmyJt$8jq-+*czjX)L<q1lsQ3yxN
z3G>u`p4e#8)`o|+IGX76L;8nXd9NLk?nnVNqg&{F{p+8H2j~Y>UE=dc@F3{l`@#P6
zIF7X9OI@Z(t2a@3x5F{Eic*17CS(2aGDJ6wvv!0*7IrNr-o(b^6?~4m%9$nMRPwV;
zCRSG(;FMjQJGJyAJw9Sr(&s!LfVWR&99(q>KiPdXtuUT;K5yAV#^u=0;`ub*r&6Ln
zo~Yfc^~7gvFmp5A@$kSB427j{-Dy9W)s3Xd0j+ZNsoTqSABQM?l?c%wVw7JU3@$*!
zq13qG9t#HvEVHiWKN~UZGCD8gD+qfG_lcyo@5oZ8o$%UQ@RtU$@jRg|i3bd(bWHAz
z%_eBKjB^9AhYYR*!F-;t-5yhX`ye`Y)rG)#>_)Dmlgn*<TvKx;>f%8w5P_1Kw2>=8
z{N|-+s`~Ac`&sklb$J!xJ#M{~;lY5#g;(A*r-Ea>dSB@b#5-fV?8>0p?pxGypw`dO
zcfI7wq0v)%UHn8M9KCP7@w_7a|M^3DFNdg{lPXVmoV<^iV})pemKHxv!iqhBQwVi1
zE*`pQpaGO-;NPw<oFMtUKU~2=Gur%=ipQyGczm%oU{v1hs=078ZmT<Q5w`RaKMiGE
z4A&k5jY^R9w%XCm{2IQMGGy=~h3eE6)m@Qh$s1yH_}fA)(2L$rB>+7c=dR0ekvHf(
zg@1P=-kLzNU{SRFt`&uR7cJ&W%Ys<(>4aKZ^n`FLecI`<q_@oUaoAID(KM{p^2MRB
z@?=SU1#hKX_2d*W!#(ooR3p^tMG~JWq!LxMCJMji91x&(cD^3^r<r^K9Gr!sU!luB
zF1PN9LH2RSZC{y-<$jv`Yg(gZOYN*&gzk2sd+<Oqc_j1w8WDi}iH&)ZJshmQ9d14_
zU~_<vwe<TNFc)vw7h8`Pyws0uele+iBuSLqP6rck(bFusC%gmSl6ia`6FViIScW1!
z2OGvP*zyjzeaCYcN(oF!#Kku*QePFB3rTzYI%_@xkth2n5C{AY_36D$>3`A5{CBi5
z`xewl<R_u~i2+`20vLF8;EReL?CLyh^f;}|A>bo95)WZHwO$q7>R1@%Wf-EPmN%>E
zbGGs=Hyjk7&+pD$nQz%BbR=#ZVT3#~-!AyQ(P{5J1sgW~N#U`!9Mi?<!%wT6vC&fH
zTKz6i4NX9v2&&6Zy6R5XgD(+JZW*yA)K~DnlU}1$!mRVyQ#w@~KkuWTDssjX<%NCz
znXd-kHwN~>-zC#@iHymvHv>TQ0?6i<5T0LmD1EL5jBLIOoxaBRyN?EC-U2#}_9!0F
z7<{RYQ77vj+(%3)=M-!v$q|u4BKkrYTp@)D_n_IT#N*y!Rx{spwZK=4uHj6oH%&;!
zM%M|lA;?RG!tTY$L|O`oB`0@3v%Zr#M3-xFE(*1VGMYVhk2j)Kg635ZV)qAlwB+~6
zxM8>#k3L@UP&wC%z@3!Z9q@|F#!W#vS)%uiM$ehXUihwoSr&57Q?etViFdA^uh-b(
zvf;_eLmp@1DWds;XlVs#@15r1QP8bSK2}|Jw>1n$j?b#w<Ef~xW^lD!{f^}FF{W}e
zPbM@J<x`J$)?Po$)d%Kj6$qKgv_5$o-|(V?j0{bMpIdS*J<SOFIL)Z^Xwb3%w?8D^
zG03|p_kAYeK(XmV=3H{=@i1MiRMZY*(QXRZYnA|(94_%S&ak%@FliB1*%_nb#-t}g
z<}?#fK1eMken|J$PFA0S!zyMA?Ff<}Cmsovh?(2jdFCxT;9(}-D-bq#K=>A}zt3}W
zbNg77Gro6nP;>5P<nZ&9+2ilIC~zsW`m+h&<2GHCwstRG7}I;t@ePx=9_xI$3q7@i
zuVNiV+4yFf+=bFvK0X@a(54nA-e;o$!f1z{tnN7iq|Hx49jwM`w+SkIT*d1=QBA2n
zN4YB?3)RWojf48DL8Y5-5!r7j{&_?vBTDrJzxeGwYO}JjtoK@U5$Tq5X|)eNVihN<
zk`AL9kIR0h!RCyzBseW+B^~V5{|khi6J(Xe0gH<dbSesF@4dPgtK_hAC?~`|Ld928
zwY#bUmA}AKSvvjspUi^b5sLx6S5eiwJD?#ykE^PFe9)(N3ES*(lQ7Y9g?vw#AZ!F@
zKx%b=2NetAQFZcoBH6a?QBfR$r9&x(au_bCbSP$Dz|;Q@2tw=31Jocwa`ihmDb9P7
zg~?vsGrGnq!?Q{Nx54vop#Vs4HNVCAxn3qy)wRg)!i~pXw?GX%l20ZULVl5QXYx#3
zAhSpN$+5~y50Q0D=2_G|Uwq=X*K*@?(Bf5?Tv+rQ8V`=&L=3QHERF1Dn<u_2)Oyf4
z9K@CL3v1jUstFz$h^6H3tckAFE2al--UIm%?YpD!*8Fja<5x+SJ_)uLQ%%cF5O0*n
zeU;-?f*B5ebtZWt@1<LBb{u-dh3+DSpgsQPQ!*1r6LMc6z1PX-9?PD*;?c2EC+FUM
zvi`xq)2s&YrYn3sqJEz4r8-0<y~}Ha+<KiGu6uM#oqlkFd=KciDNS8G#ANiw)AxSP
zV@#jl+=S}h<(uNw`P2#F$wNvS*NVgFYlwx&V&KQH*;&ARE=KGiQEQVQN0^xVCTfqY
z@Y<pKKE%CTZzQDEyeO1rlZ<i;&dM2uid*C{mtJ`pTv*|$sJYs__~lF<96Z>UtsXH|
zGN8~k^Cpl%J>vvUgQlXM=&(%bJ9Nwh6kl0Otfud(^<rl{4u6iG_gNzqsmwzC#OR#w
zo=3^)laGnSj+Cj0e12|Ss^`dC&OA8VCe+@JL0AoT^?kn#=r<Z^!a}{-1Fa5@Mt<P4
zU8aOAPKG!QwsH1pu;Rf-$>!4LeFB1)pO$Q`gVf7N@hDj^Xt{UC`c+vLK3^ze&t-?(
zhX*?Q`~>4;zXRJJ8O6JP^S;Ni-I?RbS?3%y$5o?)M_&mHkhgR^%+p%L$^gPQzl;Lf
z?ienTIX*%xT8B%&$e@Ek=kiAPl`4J<twOhnDW;$myBHPMAzt}s66*mYeu6QIAIu+(
z4Lh(g90ub!^~jo^)Smo~OKSFpXXh##3G3watMJQV=+*Y7a@&xd$%|Xp&K$ujc?pni
zQh$u0xAw%ycP)o<ae3dOVtxYgNk6>(&-M-c45%#KED<0@o@P~xw`^RwA;xVK^|q&c
zH^RC`+0Jn9=i&?xPU>`-9f3RUhs;19438D?8MhU&hq@7I#iI5wBNp>J7ULSUUYokM
z>+2DFE34rcq6QNVOOw&l_JfH;<9v0Gxh8EFjl`3iAmN|q<Eig6PSxHT|4f^?(yC~v
zd&Mp`-aWUi!QICbPY^d=)qH#=#OJ%0PxlFSV@f+rJQ|T*h)i+F;3<X)O(7Q>BM2`|
zrn`X@=uaRDoaV0)4-V3mtbi-te#du*Y!C`Nz8(NR<Z`!Dk6gj%H^DxSL#0@m6yx4f
zSwF9QQiDQcvnirQ-P;|`a|6`b$%Q{-FE(}KM<}=Wez_I0x6nM@zOY)qvgBTqz*t9K
znFOF)$nbO`al+gd6}bs~&zBL|H;(-uVb_u*Nv;B~#2>NbBkq5sF-6TX&3g0RSa(-e
zWC($~1nzzU>Eor5X*IVy0k3TB<+mf+zeF;nB1ls~K1=UMhfd^i4dfR+e5ZP8C@+EJ
zwVOu^GjgaY>FbD19=o<#Miz8ldLOk={$zwC*6_YZKc8l?q@B4(W?H^cfx(uphmf=N
zG|#~kmcnQ75svrf%Y#23%<AAc(}YESZND3`kPW<b2N1aEo=$l*$K*r}<khiq2W3NJ
z*4yplgr~4*)*;E?8zVajb~7}>v=cL5G)zC1`|@??r~@-(PNvZXY5x3LPG5etA-tvq
zZ+wDOk4Jcg$zGbXHXC*qQ{PkZSulTC%Nc*p&N2L!qYOCWdCkMO8p?`o?Cphybm4JQ
zKc`cnY~C^|-8>YsT4^eY%4T&g7M(LkR?!a$oL9UxUud>ydx0?Ald3T*a*l#tfN0~%
z2zji8SHMFL0r#!4%RVPMB=u&m0Y@_VC(BmVo|Fte;r6)Y70fkdC*f_vGn<wrGY21y
z<@n~M(*nUWFpfvup;u|Kj7z9Xnxb~*d-x8!vrR79pUb|uv;m7J_~|Q6de1)-vL5+-
z)5)O`VdX}giCeKzorSJf27ReH&pGjcX!om%C!9{buyBg(<jfSZZ{{B{I|d1hi6b62
zeL#%;v%GTLm*kl<RNex=mEHwbMnudL#fm{SMv}T0&ifSFZ+upr@FJY>y&T@(2|S&q
zZz2m0t4L;H`=;i0d693ke}~+A5BWK~34Ef?^;h++gE*}DV&nbJ;oVL7^ap@0f$77N
zfBr`CX$k-ZSwn5vL^B@ss=BM#`5DxtrFZnJKQlpi=n`grc)0`4K8B9IaRcGr+NHW|
zVP#b#Ctidj9DxPbOVS6|zWWZRI;G3>Qs_E_mfUfs)lWdhK7odhsqq7uYx-$eIUq*L
z;zJo>nAd~GA5Xu1P9;)ZluwZ0o5A-p&To5Yxega*8lwg_)+;tsdEwSg&x<qinVKr(
z@p`zkoOYmkQO|mB$~ic9*@_|AgtUd?@<`=9c>5tqJ!SV|>sIvFL>=6(+z1AthkN*N
zbSv>N#qnD(t_|Oy<wM)Jui`X9;%C)Gh>k>nkm(dmmaXJm_j9frkP3PmsOLLKlK<^7
zJC|Q67=1-BdTxgO4S^Jao*_M_<~%&(<A81`94&z#^I>0qOLfn-A9VIOrl39D8axd~
z-mv??N4~$$&5I$I<ebCq`Jm`9XPyL6?Mf8H6c`+{tN~t{lxUXzypsDcRNHv~;Jo-!
zKj8FoX&N-~%RR6__h&O3<IfAceej;jUTsp@HgbE!8d^FdefSPik)!iMQAfd*)Zkal
z(oC=UwU|fIw*1Q1Ys&Y);laM;j|_t^KrDn@p{21Uq>vN$h~3-;e-vXxl<$gi@||fs
zD{wwn118tEud-Tha?;_?T|mCxy0GuTJ%-PH&{;Xs;l1;2Rs7PJdfOuuyn_Ky-_Y=E
z9oE4eeu>R152!?epOlvo4k{gs3_PFql9s+*`7p_Fwl<jm+d6(efgXhvZ={<5TR^10
z(q|OyrGAvpYHI66c7c#FeqINAr<mqGcILNO1!(Jj$5dccZTG~5ew*yP(7=FF+{G2W
zm)<uxc8{|5#E{d2=5d?XzjO9RB!~wu=#-zEAA0R<s0%7DMI+w%ge@52(;7X<Fys>u
zs(<p7Ij?kwRJJnlw%YyFb#<-|TH`e#PoV3~ym{J1H1b6T=i3fGIst6C*O&gzBOdZx
zaie>zIP1c`B*pIE@bI-Ga#-0#S@u|i)c@vP?|lt{(Q#Vt^LQH_vVtt*jMTdpVaFfG
z16spcyphYm8}7Bu#6+wUT3VL3lmr1`0jIw!yR8wPBj(zAIMObSa~XUCC2?uuEazfG
z7o98j@s_$3a}T5g^(lY<I*O@$jQa$oO<~zyeV<`3qFLn1ZMyFKst~ZVwi95Q+Ad`1
z#m8>XXr9j;Nb{jHVy$$-lyq6IzR^vuGz?bI3N_s_(-gc5QHQVVVDSfI@0P<yXF)(J
zeax!?X6mS5NEmY>SW=~HFf7Bqomf+VYUhdxKNM7Zpl>cO%<+?IuUZA!cSwC6b_FO$
zw&>8~4~uCv*OoNPqZ$55Ii-w+I^=yJB+=M)q*Hu}OdN%HAxlNkL{Af6##z_{8_D-=
zbGR;(HB#g?I8zFy(D7;;=Hy)A5YYsc5#!|oI~Vo@H1m8`#?p+58lrH((YqUZ$`K>V
zAA<DUS-n3~GX1>D>pf~zSa(jGpfR7xT%LQ24vC4{4S%42s;9J<w;ucXxYFa@IvOYJ
zavGYlo&v{Wkg+Tt!1E~IRgf6HaH;BGJjnZs2^iwTV%OXpnZ{|}TD+88MPnjiQ}FUu
zsAfqU@dF??NtQ-Y4liATxS}U&Loqg6v1GvT9zZ0$2D;}{tG35K8jVL4HEi$S+*jVS
z6&bJ=2jqniG*RrJxe7$hLw+ig%V;DoZ+=Dk{!?F=V)4-f%;u}BW6O4w9wP+H>jV`X
z%lD!@Ajc{lkI<%kpcG#zF(sEz5AYQOel*_?eR!rn4WRSQ5W#I&+=R2oQz>o{C6V}b
z{4_PC@QxsPUBbA|b<`g|zJ#ncr#~rH&XKvyk1i>H`fc>+HfiY4<9YXJ&?&=D_3Ead
zu>m5xK935r=4bm-8bGL5&|W6dGZBzS4w901Vt#|S44=fEukK3k*YWrGQv*B()Zr%m
zDk&9gc7{I!v1b*|`{b{c163k-6hgCMX<P(ME1;q~{h$dDa&Zt89r-SUZya|v%N7eQ
zjB1~I&hj<<?wlm>`h!N&vo6CI9mY9eqCkKjE<g3s!Yv)+xS#a}H``-IeAfH{tQ3K<
z({$nt;-VYiGT%JGtyfBDD7~%@xC9Nspej^8Ue1G{B_~djgJ13NG6X~iXV=kO*t;n1
zd(&w6a1;6c<he$pj$Y9`n4(74RUUmmC`(_W1UmiT;*Cb(V`*|&K2M3S|DEncL!>~`
zC;y+Vf^{LQvW^tZSkg{*+^nk8$5+q168AFuWBc$muo1bi`DY-gh%xE6>QsyECol!=
zD*E1@HM_(BTi}|5UWXh<gU~JpCVRD-PQj&^hkPHQQAyi|0k>!wNHzCJJbvb(1amBV
z2+X84V|$KGrhkXV+6E%opWM|gS#ZuxQlMVub0}cd^gzh$GH$e;yXo0D{^&|y2>P9r
zf6v`zU;bJ<k}i{ZhzzakeHkQ<PWj6Y_N6pD(?=X$A?oDsG!7?<xh3WO_y>+NFMdxC
zUrSf`x#D8A(0&<uzV7K7y-n}WDUR_iUj)82X(;_EXCHVFMIO%*Vo;OMI-%O}@qv0M
zp4c%+X<ynHlcC2?DRWz2ZV%vn7y!dgE9~f}eGz1{o}iags2BV*=-7A+oeTK$ImI|}
z8oF3iy`hns=G2iJhzE1!;Re@?`Dfc(JI~q7(t(mOd#?ZvU6JO_4u9}c&I@gjLNq72
zwpONY506Pn!3~&)5v<|pdtZmW=8!~A&4X!)Ik>&&QKxfhHPd%7Jo)kG`{0i-m*LB_
zd0WO*%d5xzC|O-IKjPU#_r3QC>#Hcxfvmnc_cPw;5)l2ASNbLS&9^da*CQTVFW~#O
zZhJ&^29iB~bYB*Fz+`KU&z3-<dWrTY0-LTpFa$b##L-e6AKlLq*_YLKUGqIf<yI<)
zzn{ItSFXV$Z;yx@QQmP*d^ti)Yead5`=Q67p5?{iV7D}Xh)PvgKmW$+i&u3SoW8b~
zY-&i3K1bWHybLB?hp=JTlV~od<8op^6k<6ZZ26{J{batCLlu!_1^`!;>g|R(JICiU
zOQ_)XZa!|Fs>3j>qWa>64@{kwhC3M?v3B;Tm<X9QmWQ4qhwEA%$dV5``SjwoowA91
znV!1u>3gmm5Z4>_P@Yf*Hk^r<X%zwM<Rbx+Q`Ba0e1%dERDE5r#q!+`=k$CE&@ciN
z;;(uh#sMqshmKJyP~`i^6u6R23h!CVy0{s{Nju`@A<>K5KnXoFaUEY+EV0mp9NKfg
ztCgb(UtuJjtVcv_z6h~OaShT<j_sIxgQCF(AOx);r*YzVkC7%pcBS;I9sY<D9P{S%
z3_8h=nS{CBvzOEnJd5_>BB&ub@CxNIeiaUPz+YJdX1)`nGn)Fd?Tz{8^&ZR_h`fWb
z2*_d4SFhhkZ4M{BzjUk1_$t;BxfzJow>XmMRv7>TdVO;0FR0Uu1drnJsk1MssY#u}
z2CKEBBfd<>?j%7SW<9GBLm*PMpocf>jDI2b;HZY-VPa^#d#=7H^sg&`y5$u{t{Gsz
z&N9dN;i>QwB~8NLyzf~zrzR#wxx2G%iu`qrPr3!#XXO*j@B7k&J9DMi;ec$Bz7X9y
zG<pUOx@X&ps{#7%>OY0y6Lje=X3oQc3?>vGt_=|RfSyV1#pzc<T$&d|Z)7yjmE_W}
z&(qMcKmy;^FZo2#p|JAEeHh_hCRNAmW%0}SkXYjg;S!D+gK5j;Obvdvm6HvlDt)IO
zgi5CS(39RcE1zS}(PEy9(#$sBwEFFSZ`aD>9z))}RSxuW%{T8%3Nw5(tMsL=ucE;j
zw6cY>pJ?1t>y4{@Jh~pnRTfmd+>wknV4snC`2v3aIqX_$veypB;NZeT7Do0B^<=o5
z>gj{R&K??@Rh{<*CLv#Y*s$(S%E9;bEOS2#9Wi`V&3q6&Yz>{8Ut;3`_F}xZBaeX0
zg6rd5WH#LX-4UdB*1E+0N&Jk94cwS5?NfD&^zx#8W1qvfpiyP+qtb9%_T&kF8{BbS
zMDgV9mtukL&9@le^{I6P%BxrBj1}}f?#CWbLdciyF-$%Snd6fHN{5!W4{fYMrXAb|
zCimij=(zNGEyPu9x+i2E&u87giEk5&XYmRz_~SQzIBqbrMVb4j%!_WaO0AEyU4G<&
z)cmZ|r&hrI7*5+~SPOctLo*7(r)lE%ah@21u=*2`KJ=)E9oc(h`;;0s@BPg64-W(t
zzS7qyeuk{%G`C$1Pp=1ifWA(#Bt}2Ox!vY3AmI_o_WSbV#hkn@ccE@P@OT3si~1Df
zyNmekPTC{KurF#5#NPF{T#1&)F*D*Cr{cqX^vP!X73!C^e<o)6dC}KQp99<6ax<#s
z<;m2u_(D+6r_=q-2Ka-FM>AeD7qBLn-2eyKpr{Eu(RZOQ*W|+-A_uB(ebTZB1#xnY
z!sC1fpMNPQemasLftiDsGtUu;$5`s7typ~Hav0J<$4-x~qKUorj<X9w5-N{wNzLAg
z%`Ofo@L{1F@y%t!o>Mz;&yj?gGLHcj@1EPnN9bsZ3dJC5whytUqmvL24o<%sgR2WE
z=N=KAN<G)QsL%bUhTBA3LbL1iz>bu=_GuC8IuMHz5IRf5erB>9vCcz(oiBm%!>C-b
zJ^@>a{6g++Zw%DX9QitC(LmbseN+qjqO6u?V_AT5*qxBk_kY2c1oYSq{SHEh#Tc4t
z8y(}itJKOOeI2)fcc({aIv?4eRNHX9Rd7aQUx~xpxAj4)>%cINTH5Usz4LIG&|<lQ
zac(K>dI_s>Lfr4H`@D?qWqyy|;~BBL>92wkJ@C-6%E0#%%6b4|#ro5>Mts#>Z?)!q
zTb*b%2q%w|X=Cj1#mnB^geSWKzT?Yzpt0Ud3nA5w13{7?kIY8qjn*@@Gr1++k>iI+
zhFn5#&R#RUr#^x7tCaJ_Eg_)n4bjZgv|L|%T*P+>LW35K+%VW9=UXF8bcfj&$G5vm
zVB0+4TC`!uZM*RYYt`>f%ABuH=H#K>8QNiL<Ebl0&xEIj>USkdu!)qbJ%ccFI_6at
zVjw3x@2zXazPM1n-#vcBg5$z%KllxMH@&P(=Pc2F_>9E0FPh?TmpLXFYi07}-Ex-W
zd5{xC&dm>{^mjuo?x9t%vU)sby|hD<W;nI)`=g_eT;N3HjpK4aDaqd+darCZ3P|8W
zHIzrN=0=>Vp8fdDd0dS$R&gKDVpO`_!>Z>z_7qlyA%clA-o@p&XvKSXt>)}H*KABQ
zr6J$i*0Fd*G?2bAq7s~<4?5<a6C?iM_N}m=5}K?(ul$N*Zyh>(bK3YGJW`6YnwNJ3
zGy7y1S3zCuf%7uA`J4%a$8L!5emV$jU}9^k-+>0`LvUvr=7N?9#%-49{5lNbb7IH-
z8Z-CnAL_dWC%0|LLcFGG=O_lRaw!<RxD*J`R!*~HrRORqW2Ab85i{Po@qo~GPR@uY
z55}a7n}g*`<s}z~;?;{gWVwce3itDA($IO-FrmiR^pj2*XkYZ`q@$t$K0)^g#>m;(
z8W-t*4v%zs;-2M_3{p7vWfwYrmj%3aF%_2#V0e+6P?Bv`_R$eO{*r@zO>_?BbmzOT
zzkpRCXW)(-(2Y+rVsBE-NQbu<Q8v@tsb~`mFW4@MaJxgCBg}FoZ|OI@GH==1Xsc3I
zTWhF0detogKXu9rc*vJ;I_P)Af3XT&9y)vQ+&Nk9+f6}PyOPXz_Zl{}XU{;Hva5F-
zpT^Zk!|~wt_^!n$`9#6YH9Rv{zoyOinv_ikJ_%W_U4B?9mWXOA2@E5+U5zr`4bgQ+
zapcs^mntt>Hp^SphrT^<H^&}{J4c)T6beQ^;}N0qx%XwcI~v-n_&Mk*sCJPAe1V){
z0g0zWH0Bev!8#|Cze#yMl3w#xh`8w+0Dc@TZJA!Vc+Yx9*W0l(UKziLLBQ_)z|p-i
z8FLmfWu!CPy3F#*lA;hH$W>;j1#1BDczDo!?0AA0fkP?wCrpC5{(!ihy?G1OQ&L1u
zS>#1DQ$Gh}_=poERi^5KWufndlGOW<rk<D4(DysGVvQbr_5K2sF27w%yF!fFH!jwD
z=p(FpXFW)&Zz$PgirXfr=j<b8?wYGt*|6T?hwjmhG^ED_w1}2Q1ZL;J4P=U>eH4R0
z+<K27fwAm226OEIN6<kJ@w*e%YXmC=d|o0?>`{#a*w<~h_W?-G_rG+6f*&7OIgC<N
z=QPdCTf`2!a*fJCFNXEjCs96cd6)NRa<-qBe;J48?R($@d{28kICrP&9{Sqn_ARz>
z2EX4w{Sle^TnZ$8`C*y?f4D2eP3R28cf`>67zNd4Aq(|;mD}RS_v>;QPeT`wxG7xf
z9-ml~i_^=?6N1xqXxllnMf2oC&r3Bd?rXTi^;joRVjVI`LTTHZF7N$d5m`GCM7)ZB
zIK`+Am*vg~JY;n0B(bl7?$v~|*XNWd(>MNJmF6`L3H9AYZ%Ad9FKdhr-kS)zbf)*8
z*MI?M+a4o}i#Q_JtH05{$8jy*<_;bNB-1^lb*vG*Kg%M-Tgm;XOB}9_O3s5b^{SW;
zT}F=Z?1z_9JU?f3uEtcmw`sHKK!;7_l&TlLq}<l3y6lp<v7rVB^_J5s2YoR8T%Hyb
zsh7tvnm@yg^UXWB45$tj%$fJ*qQ&DroM@BH_`bzWwzTg#?cygy4GWN13?)(<$BUC!
zoL*oYXSsIth{)$Cfe`0Gl5>Dxx@h(DcB_zF+$KJ@g>U=Ot)%k;RQ=B_axqk-CxNM1
zgD&y~C&9dY7HZ4A9{h7IdSuVoOLAVGagWn$pW^@|-{e;k{X5;nlQZG<opDHBxqAD&
z7qV}^f_+--b7gxwE7XEOuan`n(@6(>^qxJilus4rJr{*FkFMXdUZI(yLoZRe!%plT
zwKX&Aqj8L^OGQAolJ)DDR=pjL>u?b+#AZRBb2&QkIvyxF6px$G&7On(3h*)4JvH)Z
zQooN2qBF9W)V{NhN}ObT)tL!I(HEjivPQ+?ECRyC!}bl`ezVZK5NMUX4uFvGxqiU)
zxS=WMr9giv8qB35w->*Dq+x7(<%aYzC(&c|Qi9d3J4CLOpf#8?iejHG&<*P;kwG-X
zO*0(0*$4-whICdjsa-#vp!;%ZT`l<LPaJL?aLor{cxSCYi$iemSFG-EqRqJ=hZXup
zQ9K?BkY)G)eBO);-p9@Ko07h?TKPLY|GWmgGT3;+6Y`k#Rg*_VT!?7H!fL5~O<=~)
z_@(SLyIA&K8CAi9P0E&e^|P_KQTyP5DBlNNH@w7B7w&r@;Fwe#cxKTGl@uc{f2w1P
z_XT`YKA^x9bi)MBOM`64M`ZLC2Lk}T(vrghn2e{8c2HdE7}8QbzFhWsjsbD1jL%#;
zEj%{osPvid1Ve)#-Te%~YWw(&3*fIl-8#n(cDqtI%AT!H<LG^WdCpe2+)JPtwQrC9
zv!59bGzZ-ak}z`j!Xuj21jKf|kpkeH+E=!zx7TT~(30>)0Bn1Li3FaAn#3GA`nkKF
z$oA^*GCNFJ4*UH)So9&f<lCeBS;gYO!xsU{NO6{gL5`%E&jlpBFi;$19yx(_9{FDw
zAh>=T^EQCh{Pm?{mEV1Z8wbF34Yh&Xwd3%L64I6Bkn46}Vh@svFxFOFce+cRDvvkN
z;>r}#*px(7<ScMKbb@pt&nx=`4J*SB7-|Nb_uGj2gh}=VUF1&*qx{pBK6}l0ON!(e
zbEs-2HtQswIVS=om}BwNRZ@lXHNSpm{5lV$RDton-`Qms06$;CRwH+}&jW|At@tgC
zhZudkaj}fNlpqsN5fu^wFJCr%7|m{-M}_coMho8^yeC0IPR7@|T(6>hw;aR0n}mLm
z`;mUQujCu*XSeyu^KU7@HGHV`IO5vpWn}kjK3e0kLyv0CdFbGUUC`zC!$AcpaIUt#
zg6i$565#sHniI9pH|u|hDIIQOjk(U<8-MLUUB*0*ZbfuTe1n-P$6*WNYmq((`Dx)(
zCe5Jfg9Pz;>)8MW-`ZO>i})~bZ~$UJz3AVKKHgEXHxO+GFZxTf$KCGUa$LhW<ay$8
zQ#?H5-a_Mn*Sq9?x7@hYx4&+fIgg^><xkHyXS?!_9685QrgsI8NLFo%0b0V={tfJ4
z#UWNJMx92V*fLV|%V-bYW-e$V{Z7#S^Fpu?TEmGSGRhen*V*IWee!|pjLaG31JD(E
z8)H?)AI2cA>yO|S;vT41Dyc2~DC0Rc0pj(RS@F7FBl`&JQ8pU~k{a)cUM8BT>!ZG9
zhG4NI2fqpUN0J;%ia%r0rdb<Krn7l#Dnc_nB+oeEV@j%+xX1fIJy0AayzM4m8}mtQ
z62Wyj?!u4yTs8eXyl3e4wX*IGd0-?S3&>pM8)RGea&70StLNNyUy4tz_MVvg>V&TS
zD@C6Nj5`<e)rvaT+j=D0!lxNu@lAi*d+#H!gu7zKaj*9DXWne=F>mMb0l}q!$F#>l
zA6ngcTO|@6b;4tZcCi~STQXoI8SEtN6^4RCBKoz;tXe8ui#%js7qe5nxO0SLO-)Lo
z&Hda(uUvkxC=z!>nq-*oUiE;DO$VQa3)UqMzkXD@=pm5XeCnv_uspP58Xw$6n8W9w
zTV~nvJi=dwj$G(E%EF;XFxH#qvqvtk+c}L{XZFgmyA@~n0S9~q3J%Y`NZ*t=6_c=!
z>vj$ES@$Yb`9v-u;5+e{BGRu}T01E3gC6(*YZ}QaLs0nACePxdB`23HaVZfYctk}m
zq<J5*7wUP!8GvylS=*#uo~clzeoHO7Fh-}r)!EP2fmD1Rsw_<w90t*nO{r7qLiIJf
zn`LAmVLme0`v{_72c)MtrPSvfGMG&C@b)6#7Mqnhz(*R<Q(vjzI74Ko4?y(lv8*Z=
zr9j+q?)d!N0VEM$`oc%Tl6m}mqb%y$t_>#0!7SFUTqvmX=tUDrAI8P=%~G(olod9g
z!(aO`O&di*z&4D$=kLCEgm=Q!Z!sSQbleyln#aHS_-BLQKAmVi{hsHc2xc9c<R;cY
zVbuI&I-9Z%Ua$$D$|SuF6lt`25~ux)9%~{4vGe|mlPB!p*iqmUyeH#Mq?U3LC9>!@
z+*w!S>yx6;65JLOejncD{BtCm&(EvDsjs$1Wu+H%8cUEB&L~HpuAC$Z^YNUKiQ~5Z
zw#NB`FMYS>v#EGsjrEX&cE2Ce8cJbD+iS00*?>lGsaY|b)JWV5j$Siy5N1&3Y|djL
zHJ=_-v3J|6yn87RY>5iiLmHzoeMQ~*WDL()6U;r$J2r_%(`eg(`As9GB#>&!5Mx7K
zg_Q>i>uYw;g>MD+`oh|StB0gNwK*kIm9w|TGDlnQowb*aJXlUNN1Yvt`GiCNDRK|q
zc?-V|qXTz>NL?!DYY*2jx}AkbTn6(H{Sl5Cn7rD3Q2=mXC|uHg_(Qt6$*#^hN&5B&
z@UHlSaPp`@%Ah@b#G3NrZHE5TU~)?AK%d=57jx;X=w}eL@#zBdCG*m&N80mi((C;s
zReN8F3OzFq#MX)7T@r_$D+=y&U0IJnLG35(nycH%J@M%0&BLwhrKcZMWuP=il}Cxx
zIB%3jVRGHz`YLs*9H}Jf7Kjsu5IySocD=K|buZHtQ?OSCx)U8H9lMogS2kIyrNSeT
zAICG}?xwRf58amaATS|iSRF?wiCdGs@{M++9s~UDres|g-2KzcLWhiVZ@4<K-$%!e
z1zpLp#{6vaM$H>Rwmv1VDy>$khzyod@>lj8WUi?^unWesq*sbDPZ-6;_42#}SK=id
z8~$`?wY`lqKf+>t4lL*LTIV_`);w}q4axnoDAlX&G9_}4f}KZ)7ZetR>QgT5BRGB5
zZ&CWhP$S%81Kv=&3{EE+jpgfKF*(gvuFH5cupLR~)<f334*QDl3(`m2UJY_qV!(&J
z!7pxqdO~u>;^;abvpe{=pi5Z&s<2j*kXp+IV)IB}VfQ$~xOT4Jj5YYY9pjA8o*+F~
z-xwQMzKZgAMKdE>d6UH}qJXfk?A?MwF#AqLZw;Q@*j2|*@Sfw!()9!MsP^2(J9d2^
zD_8fgCz|^(e>Tbwo8fO99ltLLZ;dSGk?n^7uZX_ruK^nSBu&eg$?#>Sd6d}WK^@C0
zm(JXnlUYE6QO%cjE{-Yc%N=2FZ_8AMutTCuRng$cB_Lv;FM0_+*@o>oN+;*U6`MXB
zH)GcDyj>iUR=fOOx06*~==WPk>MBhd>A7@QZdfKEi3oj?EvsE}Y<!osv$3+vZ>S@N
zNOc!wu{gj84c_8YUt{!xDJ&;N&z(m$tj2Duc;PE*S05;>hfd#;T?B(hhyAx7A6D{J
zJM<}vHYqTh_XcePRodQ7>j(6mbmBs4df0}<M-Ms#aEw?Rf=n9#a$nqUK5kO@!1?{U
zP8Fxx-fB_>*oofdKXJx_JcEi&+uwKqis#ADyyq}JzF%lX@<}Fzz@u3c9-C&Lmk4CL
z*Ok6qJT<TOU3O}HpzjjzT<=c?;8+5HkNDgJqmeZA-4DFLShsSyeoOhD4vMT#1-1&l
zRwuys?2~;Lz3$CPV8o?04GE%q59<s>8kXSWKOWS^ecPkuadNUx;GqES?X=9BBQL>Z
zn_fr2dS!^WzRru!7lp1cQ(R}8_bLPKiULy~y7Z-T!oTaNfKrw0XxrU;aOhyyQq(G_
zHCSKj$-q;^9eY+HL3D<?W$ZxZNg_2`oK`+BJ*gAiHh9#fy4(Pz4C7vsN5G4YLGfoU
za+G|+^_3pFXBUH*5SPuI3+kTI^GzV^-GUy4q?3HCuT73OL!Gtc2ea-mc>q-S8lP>G
zPnz?5`q#&3S6U=+XY}z<I4np9*#U9H?tKVw4Y7zlM^URAamycKFohkv_P%!6i&LDd
zy{>82yl8KU@a}iFA@s_hd`i~HO1aY7gw6^_AO~2D@MbN&0HIWLQW#FlIiEfrr8pIh
zPA4CV{^n}l_ku?>ZdG^gFxvgbkfS;>&wQdbj#?BBRF#pJnA#86)rJPjn|2InrS!29
zEAooBB+1jaZeJEX^s~)Q;OBLrW~W*LC$b-@>Cc8Z*yNMV&7+M(ZY5FQm_bgaEP;&z
zoh9ToKh2785g-3(X>8n6mR;!iSWhN>^VO}WZIsS@&?`T0+ir7tB@f1qQ^%2U;*KgV
zM89>y7?1KNBUPKG52S^TzeR45^B|3GcRl=TO(oiQ!+7{}D5@I{Ru3=J*W%UEqX~e$
zw@Gm;@mwcryV&1Uh`oIzYbz(?lu2=eZy!thzSw{q$nqGuCa9$Zi!DdSUT*uRQ2w5Q
zECz$pw3l0zC=X|23e(KPZDZe2UMEVo%HDnv_sLmjH-AWmP@46gCbg<Z1ri$((llRH
z*GB=InH8q1@+gvH!V4)$$W36nkHRZr=}r)H#B8vdPgLQ(?ef`MWUDC7!M%6;0;GdW
z;xb8`ymt7&H@pmx!;`M}ty<5TRV+WS(*}l`C6<Q~_EF#Tjr5llF2;rGQh|Lyh+cTM
z$fc=T^#+YmT92K?sgpcf@_5hb)9ny|gkST1udYpnQBKuE5Jg(LeXysKu>AAe#@5x=
zm(?hb@r{MJLH;P3)z=c(&b^=IV>tpCtGxV`uc(7{`$+@2|2sy`XOedARqfcB!&v+2
zWGho%{S(T>noAYNMkAL2Q7=+Xx@9Nm4AR*yCF%SM=aOio@`T@N&ekMV^d*&i>C{qy
zQsDu<uQBygc0Mai6m?aSMYtZ?NC>v$#r;0+ajk>^kgiM%j(e=fbro4BwjP>PJJ%Es
zSgrs<XtO<J5qh>fVTIg0Ugb!udg(Sq?)?tkyCT2o_HzO)QB%TZ&!ZuG@AuOdnr(C`
z7TGWBD>!A}bokYgE5h3RNa#I=&Z|)mvw6Vh<h0Cts_x#M%bF)&p+}yHVX_;i!x?IT
zxr-(*K`pr58-3m6GbBF=>-ESkUW0Rj;=}X!DoGX}BqD;O?#zy`Ep&(8sg`eO@zFj;
zq6?j@xH%6JpU>%Bekbam7l)~tk1m;5K5U@9o$b6p+b=OL#-YuJbqHVTJ`8+C{HQ=k
z&-QtI3|=)^g9z@st1>TJl^7FGFnnCT(KVu2OF`c*c(tKZ<LCwS$NE13CS{Yj^bM2W
z9kgR_RZ5#j5&1!Z$DaEH!Dh`QJhZIr_dD^9fj_s~fewS?yr{N0T0Hz}@oY~=UCULB
zDKbj(6*ys8q}?1F_G-qXScnay$?z~>abhhV%Nn6j({t)QR8PnWhoLy`1_u9Z!86j^
z&etXsUqyO5<GmlGJ5EILf}f5;dUPEk%pv+r9nD|e^1q8$o88k}>q&5ocL4ExJ~+XB
zpnFgdOvu#Z(<+NlKgzUGGUp=J#YkAl!))8NScPK~NaEASON|>jViizi)p(B{o@#=F
zrj1}~ep_)r>5_@1tn{y0cd7BSVw4*|KF%ihrLX?(6VMw94j0`^E%)p2GCo~Z;n>|@
zH$gwR66ix`STH5}WxC_!=+UP%tU;6yUAz7rChCZv10^XwJniwd*ae1gc=K(5iA-X;
zW>!g(m>gaAh!;ITDSmQkHP-pjucZg;4hqBjlm~(_e9EqUe%9=V>hbJPfy4LEBEMH<
zZ(-|U4G3~y`ed<iSETU)ldqviZ^vdOWQdjd4B2U}@V88-hD!11EpYa;^+*PlRCu4c
z)SwUF4<38yia+hjNq0a~xrKw91b~5kGi+di`dDYaXS%I%v4i2;kOL!Z0QVD%ex&+*
zy_4FV#iIgxbxQrMSaU*6F$lj3Gi;a1ODELhfwrEO2|hIdZ_68xZt_bbvEmqWFsL3v
zq?t|TV@Uaauu8fDFH&3)z>AjVJhr#cD1=3~2X0jMdB77Mgl&GWy?2&0r~0#`^t49=
zKuhDGI_7>7{c(NxPrYSNtiCFds&2S-Y388~W`;xXjTteGr`nW9ruW0<EKs5E<%#ku
zm?Tge`5t0m7S4RaVn0(g{+=ncuDa$oB*PB@-yCbuum7|lj`%5g@8_;&_<j5S3a#qf
z8mzAS=Tf7L<3{wpp9dd*&?65l!d>{LrRJ<ZfL)IVY_q!gsh2PsZmoT)EN*X;z~a8t
z8#kuw{Q|8S3JuVE4>X{iG|JHMLHN3LhUWCWVkX*tHBoTw!X?g>Ls?hNu+gr?U3`Vd
z@zN!>W{pa@K@XRbrI+tM#&A>e#%F@P7wtPRz^M0pkYW9({#M7sI9K2HAhg^LVB&us
zfarE5G4SL|&Zj*2J3rv@QLkF|hXGw{4>JshzRFKF=WBFX-C;wZ`UpReDib@Vk(i)w
zNGdrIV93((%5OfG?XcxNGRGgOFqg%8AGNu9hZ~49EE_MJ0EPB&9oe#(L}bu$UYe){
z-ky@2W^84(ON@FTH!g9VY>%QN@F>@PnPgfgPMa&7JCE-lcGtrf>=Q!4&_ZZ~O~Xor
z^i<E2N<hJmok$(~h}jIibank)eU$pM0#9ALU9#Tf1*&iJf46s7$@ulIwhzM%GT>gS
z#fRFZ_Z)-dl2YL-N8r_*X{$4zVMVIOXW)PK^4QF!J&BeY`C#&catxoTGnF6t^l0~@
zoWiU<)<F)|+MkP<ikjV8SXtjsJ$iC2EB7t?+%)jAmr4D^^_veI1OKms50x&uYWNB!
z;M5g&$-LY>KFQZwjI_W-iuszo0)?iq8}dN0_SSJA`IKvD9^v57Id3nv8r^db`siGT
z8-Z7fvlaq1&@JwJUxW{re}?Dcy4<@Z{;5_oZGlsXAD-TqXT^jjf?*+&F1N(_kFaaW
zk}OA+TjC>rLlCh4CB35?^=95DPY*gPD=OTtt^hL$%uW*2pXON8^dmZB0tM^9eLOIc
z-1w1|UbePjnB=oI?WhkVa8E16wLJ{CcyZc}BFqC`EIlAoIwk~#cU3>zLe{=9pFd@K
zO=)N@C0~?#Xmnqo%-{rkPF}+}9=N)p4^Is}ivKqLaXR<5*4Sg2x?4V}_l%UM-o?wz
zcrNhIWKF+)0Pza>T{8~1V_<#SAN~wqyJo1-10{y;y~JG9*HemdI;HDSV0Y}}M3v1}
z-nM$<0=$h;Yp3eI)PweU(zro<(u8B5+#lb2`(hDXLpyawgR<KR9#nX=Q10DFQOw3a
zM;bnc>Y$LQG;eV)`^Co(AD~vQ5)OQ?5McXccT0TNZo+Jx30l{c#W(9!qTZ6a?(z1L
zAHLw3ef6HzPc&E_G#?lIw5$VdPO@4_c5u5LM@sC`&l};kaQ3G%^>1&KJ;A(`b}8H|
z9z&o57pH2HeL^x3C<L5B>uXT!<+`ZHIj(63h=fj}@cmR!&dz6MN@;#NZr%qUl1^o|
zHleKZ8ufQk3Xh%wsPZ}6pj7BA@`?9e+*WLPaVEP`0cWKP_@3F)ZzP)@UUv?v7$u2q
ze|z6TNU!JvP!$|9Oo+;c#SagX<U?Cut67%p20U8b<EiNCMj(g1BgzKr6DTDrJWvCj
zTXu*cXjy56?dEkd%9LI_MZK5m@#8%Rr(POW-~q_>Irhn}Oo+5tPg~IC8!Y&c#n~*Q
zBp_P!FyqY;J1u-@riva~wG*}s2*elh@GU-$a|>pSsqvVN*1FLoG<@=woN^&YUdeTr
zE^NMd6H<_y=6%K>*R~UWO3P_UwF+>WAaIl{=%K3yDSWj=nWeuYnu@fQ%Xbe)z<4i^
z#%5F%?nm(TYNgBD`MfcA+%x!o7<7HrZ=Qx6$FQ5nVs?PZj&hcixw=%I&nS^Z{LU3=
zui#^(<ph&wGmc@-QYfVj-a17dc%kHo97{ZUlRTRz?$xZ-XzN!wio$P_5WBhi5Ihur
zW8&+PdsLW96W7H?13r1?mmiOu&jr7ycP{6y)sW9&!TZT+vIA2&Uf4y-eP|Tx8+iX@
z04eLB*e$!X@6T=#hZ9VQ`ObRkk@x;#`0A=&nR)b}D}soM@<HzSL`?I#+CWi*hR7|4
zS8xX(Sp9uo%|EXdqhmR3ZVT1}qVj3UHn`(3a6oUF!#8O**2Q&9@g+h-AKh?sgposv
z(VJ-{AlI~v1+E^Z_Sy$as~16|0+MAP8NTnY7z*AlbCW%JM(K9>2uWtQ-SI<0@L}VN
zz7Xe7n={CcOWK)FjQ;%u+i`jn|FCuABh(k+Q10F6xqW%uY#yXI2%3$M@-_tY-*^|D
zbc8saj6GR;OfwHH!S(af_+Gr?az2R9Le<T7K3i~93(BE(T}1tK*3s@i6SfU+Wz#uP
zw5W$v1wZXRJ+$TDSa3baxU~pZQZJ7cW>X*Ji|c8AZ@)Dxc;F0<P|Vaz$))l#IWXLQ
z&n907V%t5($S>S^ug5ke4D3Hk1FcM9l0d&$nU~9ZtUoJJ;>WW+Snu}m0!JL&7ad`r
z01Q70Bl{Ng0`7zG1GW}_3TrKQzLIwjd@XwP=_8hYE<f<HY~AyI4Go(t8n(|>x`#NC
zw2r(K$ECxwaku_@Z=^QuBwFyRc8KZ*QkJB%NS6+s3H5lWuHKg;dnt|YplWy7b@m?A
z^MGj9V;%eulZGBCJSX{759a|x`t(PE=EcQ<2CL-0X9YVwj**@7YRr3GBqG6&(2I#|
zhr4A=UcYf-3};vl9u)YDhJlXV?Ax7jX^W27@xFp_Ip(^XT~{!Q4yc+fk4IYY>^C#c
zMlyj1aBhyS##OsHa6ft2<<@#jZ2UR>a7iE3)}+&)stw>(J`Xs`BXz!ylU?Fhr@yfS
znm_+k;fv=5wmO`@gIam1c0nGdJVF_S54m#dac6%O&2+z!IML5P0bAfal$YvD#^1e_
z?!6s!n#kVozngz%_=m8z1^M7)Wq7C9L(+*AWp%{;E+;g;Qi1xQTLoP1VUFH<gg}*8
zkAqd<S`&h_1n@~+anx^2^PZxU{R*sH{49^vCQku_#R18~+IdLNy#htWkY5sgUpq12
z^fgAj$zi$15ymG!anhg7dguJUV0@U@-RL+zUfG<RLDu}aovSL0rau(k;S-<WAGYL4
zXJT4i6aPAkAk%pt`Gu5ER&HLDpAd=$(5WE4k|S_@K2yYd?9mi_ta6XCGCMn+4HVNT
z9(9K}SDgw71xIE8M-b{TUU!w;_0rPsNb#2T!y{=iVON{VH}z^KuL5I4Q)AsMIi^nU
z*;?;|&nkjQ$boHM_Y#*>KdMY~^_88l8$zE$1bNN|L_S_U{V73^Z|!9+GvM11N+^j)
z{Lc}XQrB2Sj}@BSdx3@5a=RStvE~8gq22>$xsmbY=@EMo9%K`H?kALX>N>rr=cLuE
z7T1w(bn2_Cjz_Wb6YS<`gtn$DhUET<1g}1j*1Mj`w+@i|^>brd?xw-Y2b3Z1^6eI{
z)08Ucc9-4BD;%e!($_`;!C*hxP|?rcrO!PgJ2!Cdr5jE$0LoFTcd$EW&P(ahk?6cI
z!OGySD~L#v8id}iR{-1;#%JI*MZl~1n4k?!DFc>}44u})AdJXbpLV?*rGWFGCl<Ph
z4Hq)%wC`fwILJ8hs?1(U`tz~tB)X$Lz~V@ro4cQ8t{zoF$gh7rnq0F~8O~VT2|_zr
zw;S$xWyu%#QoS$kkCbvWY|^YPcl9B_I(c*t`hDb$k&^btI*kH&EhroUftw6;BiS{x
zB02q~RG+L#HN&fW8D37Bl#AT?*&6P_$3Z6Fx53$5JNy_aPj#@ty?os$58hLKV7m8Z
z9$I<m6TGUg)jb*Pa2lbQOe2|jye<hC9uA~Crvv>_j5@7HX~6;(p|<<BZ5!g?`%aj8
zN4y2bU><m3Ju+dX7v&6BC1<_OkHYqtF~i*25Uz5<(;G6nC7D%sz}FklLfnrB>JFUZ
zrk023UvfG`(8=sR%r5s<0LBRkAcNqHho_G(%Wz7;mjd#S=M){fUnkkt*xCSGfYz+u
z9MbL^@`y?rA@hd48l*<?-pucm{qw3(OlMgLnxQO@N0eV^8J2iK^KevlBfuQ4ITQ)B
z#XYj0Q(?ncbf|LPn?^5aZX9tc3<^pSyYk{dD6CO^tK>`!&240dxKy%tB7FL)7(4)r
zC!*iOmz_TLUMPzb7a<i$Ew7}-&3sFJwp$IFS@sr!uJog~@wWT<RIn<C=3rit(>`hv
z%S>fj<B=b{PNdJTv~iN>n`!A2tjog}91iOWzW`?&J6D_8qk1KefSr4+t`$K+96w;G
z+AcEmPoKh>UO#y9R&p@j`zrfq7dr+Xr1z>{L1ue|OJ3a8l<9p@t9U;vKG$^&A=Id^
z4;AI$a2N*Ntf11b8Ri?obVNXV$WYi7S2ROEGg91QsKyDzX54;nbyVF+=sP^4lX?jC
zBInHeO%=*>Z^UPHMHku6Esi2vnsO;Y^WaYl07+MDf_r+d`E4@rp=;><cPeE=Ti1)X
zuNo<QgAeqIIYQGM4&u7y?$nH)S03t$sF4vS1pMR{<&or4nMp=C%(gGZ?qf2g*)0nX
z3{f7v!YcRD0{0%ioXHIv8TXjA%E;6xpX;D>RL-fe$%_^@_|bvSHcLjXpDv~&uw1bz
z=Xz`d?})o%`FQH}%Wd?L0F?x)fPsT_&s(Xw@0ka`OUyNw0-8NkP*c@%7-uA25*31a
z$p)&~wEnJY+i>y1jhyp9`XFg%KeVkjbjL|<BBHO9)7K2ME!FSwa8q{@AGVoo@HUxq
z59&73k%9{*>b)-lPuH3%o`LU#Nc|APoM>?M%lVkL2lx>LRjR&sg9%MLH#i=r$g{nl
za+g=)8OH)WKJrM_OV{@mm;g%QhDswimqdHiUS6Sx!RaA_E_j?c@tc8Vffwk|JrnVG
z-$3_0qZPdwupKo}V^F)bx{<X5bB~7;Rh-`G48+YeB_%`B^YSA7sc2U)-I}0>z-z^t
zz9vZ!P3>Na`o=xik(~n`+U%HnO{?xt)7T^bL&$Uqg*ML~7Q1feCD(4V`A#LJxlJde
za+699C0*u+^cv9`<;CdZ(!>ZXx-;hnWQ=^G-0MrnB~+9@2l`;gO*%5AZ^J4tL-4}&
zs4yDU5^jkDpKuW7B-na!Day@zW=?~w92#rr&(B%y-g}!<LGS0yjg$CLAxI?{nvTAo
zwKiY%?<UlB4=wme$ijR*n?@BL4_+wKgZnS}5Bu7q{CR*YJ5i1|fm}YE7oz8;E0eJC
z<$C|sG6DHc`V^DkKV?o8O9uj%(`z1J)#Jw)lp>i#xNz2HABu|{y)QIq-#Xv@<ogs#
z^&D>&fuo!DK%kiUPI);!)((U?QuyG=>dX5}({=<VW*{*h8d&A3Ps1nAC}OcGRam_g
zI)pSmxNe`QDeIrOFLGrBj#r4h7vFf{fq2G3k-j+HI^pMjnnrcyOR?Z5$K$%?rT=e{
z?s<WB&SNxw<!z&zFJHXGZE(Fl$465Uaz1zQIQrp?;Uo}5@a8TpCzUnUZ`{#88%h%?
zfwQMV{QX0s6ZFi)WHX){f>IHh6?%R7L|r6B-#p_9q_bB9+`zu`E4jIYv&dq41ZB@1
z>S3`C&X>D;$A{Af5DySiKB}K{>x4cw9+@BuSH3$47>0B4&(RT1$Qe5Dz&K#y+NJ&U
z3muVQKS>bXqWIKGu?p3c-5+^aCfjD+#nWCM4UduJM4zHMD<>%UfJLLl5k<}fHbVs|
zk~l|I&t?x%5U|co@i_O)<yJM`3Q;sO$d&W{EmmJGAqWfpx?!hBZz@>^6ZP5sJQF^D
zl%xCk8Y!oLH@Mbk9%AXBDVcm*LdZ6yE+08Zq}1F32TWX%_|7BWheN+s8LE63l4Z2H
zlGcj083h?HEPyv08-1+$2usJY1@(vA{DU)xfmtO2MyZY;Nglf$pLIURrB89Bob?|1
z9DoT*PVXzcN==2ZJJgDGL>B@+1K%q=xPtwb^8uruX<L6@Kk}fkz$ZyQRdPK$qR&e+
zcLyyTg85qdYI#*Hq_UCU+02)@NQp00OE5YIBIPHwu*H`E&VZdSAP*L4dL54=!qK>U
zFi(-jqe_htwR8Ij+cD7<`NXa#=#i5faRhU=C^xp5T0c{dy0(_`AR~lb2%WlI{D_Dg
z>;dD%dx6%rU<+See19yY$2-qs2X0xyq52Jt=E%_-mesRbqU_L*Q6i<Y9|$Z}(S|HC
zYF57Uxq$Gl>8BsbS!nDP2O9O}zvmmzh!RD(K+KE6X>SA`5=S>Hh!%s{5%IggO1izA
zbiZ@Ji^ABvK?(FZH}Za#%^fgJpJ*iS!%i#u?P?mg<}<!uYbkxRwbT>euDyKTj-!j{
z_t-i5%HU(XYZitr@i??Ne$B+^^9sBVwI4j42fDWzgym6H)Z8ib=6lB<WX?U8$UEiz
z0Nr!Kx3|Yxq3bT-DOOMSE7O*SGgAOO?i|U6<?Z?nL3Xn6^yegmwUUqEJ{Uam>e5_1
zhqf(BlksyaF`!=kw0A(@41KnxC>JiK(5nky?oq>S0%M^1#!WN!V1=DZMT<#P!#S#O
zudgJ_8m3oN=I0dq^&OFNfl`-(#MU8`Cg-;a3r^9{SsX6zd+tn-K9G&Uhg--_>$!tC
zaLHU>-sBrt6K?t{7aqFCu&<QLd9dUIKDT;c<kZ@+f%Xx&{&|sJx9znlZR87@{z=5_
z)p@+xtg++MsDwx5bxIcd8$=K-Dz%PF+|9vB(!faX$=c)eeQcHb6AZ1%?_jTc_7%D-
zE>MgyaC)WnRK?Q6rA2AAS)<3TP`eWD9+dT-@Vws2C;Yv+?mt;vVhX#j<bc-<n`n5n
z33lK%gq*aMLREyvmGN5csX{Le*;PbPiD6TJ@ly$W>3sgY+U}#9uf881bIH>umW|F^
zTqi}P_g1oydZr9TXbZC+Q~sO|*O}TGoAS|pO-^{R#CGv~Q?c_?1oasG)~Eg?$IImN
zKc|`labWHMK+HarFTwDByP&!*CXoRJkpr}N-LX{Gi$*ph$1Y$I9<vw^-wPuO>p8ZH
zHG3Y{%GA&b!tL+QvcG8pnV4?UPgABM+~K-Km>~iXz^C5qY2VP*%Vu!$U_QwC$uiHw
z3EfQqj`1NEdrT;K=KwqcpZHynVbZ3jcEStATW6@H;gg=~dmO+6U&uKoWL~=gR-&zp
zdsFUs(d|)!M(l?(K4okL{;Gw=>3+b@_qJ@d`Tb{q_HuS-9(GE_yPpHGGCw+QL8Ol#
zzwl+P(}&J0eYb#e$8xG}I`@hPf$w$lS#buK&^)isJ`&gBdf;}R8wP{<-eVqwy!V>i
z)h78)5D@xBHhdb&qgCS}JmN@qYW<9kMTL+$)VXi7d>YAW2QMFI_IPkTDWLHt9yFI%
z@b1^Vb<OQDS`_ib<w#nN4Io^cL$G2u18?JOKhV<9ew$Ce!f&Hs@OF~9rQj`7Kke|z
zIjbRD<#tKIuZT3S0*Hd(0UcXHTO?O|=`-wM-0?}~(O_ZFGR<~WIQ-rtkw}<sXy9ec
zEml+{cQx@E&w1G8ARW;<90F+hR-YTuhXrS-(Y7+QIM+zCuxNGx_i}l?oOcxS2rZ1d
z%ghP3;#1YlV(Faf8PZ6#aeMGeR<^;5$IoB9UV*^!DPeB0Ih`foA$kt%CQR}ynQ@+@
zL$?qYoJiRv4LkUz+FiZ(`jpS{b50BRB(OY0kh>NGrn~C`w@;XTP7`&Nd0u_{I^RBZ
zjc<gq?iTGPX9NYrKms0rafWq)cX)fFtRf5vd83l~<A}t<ua++w_wl++Cnk<6+4=#4
z{0x`G2K^Mgce(Icn!1azb6vb-cY_1QB55F!OGGFwGwv112jO0wYZJrf>99Ww<{LxJ
z7e7q{Ka;ugau-RyPq>h>d3wn}8RoMkgPrBHcuQGD<WU8Dn>a3>MM;4J{5J6KmOuY_
zCFxCH2SD-5zb-F5aX3ifLsz!&q6V%d)JGl<ENM!b)Z5)hzaG(ZO<87|QTNdhpJ?wv
zzV@B{B%H+KtS+)F^T~pHnLW^o<4IgE>w9@?LccP4us^kkkFDLCpAj}UKnhA<ilAGz
z*A8~xM8m__8FBCEnt3cz4CSNcDs`X@7+7u-x>N=0bpoKy^;?(ho5d121&Z-qB^^y&
zNIaFFdK77gR4Z8-fm|?Zpn3=qwrxI}Tk%T+mGu4Ug`US}|9qzYiMvbh&Fq*3DHSVq
z78UuV)Nz<e;GS0^p!hIOC<qs1Yxb=5*P}e0B-)|3?i%u7gcrs-FxT77H;Ph}A&SvN
zy4+Ll->_$%$UPBpMR4vM8jY@d`unIN1EF{nK3LC7SSRFKa2e-4E13zHma2Q?P@a^c
z$Rt%1Z)S_EI+s*J@8vNJ`TT@Pz}|*=T)%xb#au{^Iu5=%wJQ0Fc|=1WkK5lVU$5dq
zCzl=w@m-#4k8w=H`v8);dK%xW_Ud~4U2X4hZls~D1a`kCzwBENaa*AD1AaK_0GHb@
zOlB!Q5&-gPY!$%RE0+&Wy&89@Lh=$=l7*xCNlVg-YXh*B6^{V<_YnuuP@`^yr|3X3
zYA_$kE4)W4(i(&*?{ydmRytSsAmcZoG@s>AfgueQ;&(m0auXjpi&&0xU0@2>YaYnP
zuYHTlZWsj_(}wPO%=-3LwmxjTB}SNX4nD4Id-v8iB|+MgchNE;$>wuh_V;_u1pV@%
z@(B;Ra}FKcIOXoZZL>y0I{x7DH*lOQUOw=R?BA3+0)ci4?1txb6<v12o%j@=7<+T?
z!yAvH2As~kS$L7osDvn$8M&2q^xKx~Ntz8~N6S9<P+iSD!$I)fIl{SJS0jQiz3|>g
znEG?nIQ<z>G2J$bdBhWEso8a2woE{L42#D(ZMG3%oApN8R(CneCOj;IyM*_Y@?rIT
z1-~OuPvr068vl7YdCy}iolPcJpl^qBsbnKy)F+|)3E^G`TP8Sf6@#!Z<JN7zviFGV
z101t1r8mmCK3~doA_AON7uUI;bK+yPVkwPD4bc#YvPAvO9?qlNUuW*Fj@QXs=W3@N
zud(F?=P(YAvum3^9BXUiCz&t1s+&CUe+x<Z#sTTT0G}8rd2jE}zv)4;t5x-&;yjdi
zA)-X;GVDUou6n(s*xTRj6pO))6+!W1%Q|!_p$tUCkm1f1o65$1gfQ8B0zJ;W?fUk|
zKW%XRi<i$_v>xzEj>ZvO^j)!a_JXwyLD0d6?b^_W>m`N{gl+L;^7}jJEpRBz7hBq3
zbuR1H*rSBL^+}WSBQqz@+mjMp?@NGFt~%>%p$hoPlKz_V{!|DK12+ab-&%O+d!ltE
zAmUa0M?-m?F3$t&smAM**Z|jMwq5NJ>Wze<5apM&i2ZV;5l%B;A5<^mqlG9DP8OBm
z(A>&t>nSyZFFZb89p5ox!Bs&_&Z3)kXHGHTgJ1AsGDE215rXLYCUGaF-H#sak$4q|
z^ETfNlUp8cfIgo^f9W+ir{gFhHVG8W$R1#d*12?u8(jK&`aTk$>@#P1PTLS@X=8<Z
zW{psR9X0;^P_K3|#l2x(?gjVj^r;GLIaqm`vzC25XabaDZn0epG-9EB-1srLb+6Xj
znx@4d1AzNBWb37P!Ee?h(;C~*9G@zmU+4IaQbMj^v*dDKx3e*ik$@v-_}QJI2su{0
z3}T`gYoc&IBe^;zZqS~0Obsst4<R&H*ZaS3oFCG>v1547!H2z0lr?1lEkM%04BbZ#
zd}<n+RJJ}o@@Njv2+FpxS6-(GhPbX}mR*xBcFzr(_JL&wWBvvX_>M3@U}_scoyMsf
z&T#3o;plI_!knY`8ufVuG39dBCrWHMd0rI>t_QI1XCWLgGz8Ww(SSI_W{+L*CsxN^
z{Fo$&IQsn@Q)8h|gPMN!&QafORR2uh@$;JU!@6GOY4XbNkddQ2N`^PCWHQ#lo<|ab
z=Y5jA%!J&`cdBDvuBi&?B1H|;^iP&!58}#dU0wS|cJh8r#$*Ah8!sYUJa1f!mmhXt
z-BdLb#+Q}Fs7Bgx>hs2=gN`rRGnoU4)mG%p)%?2V$w%C7UU(0X6vB_%wL0v%bfjo_
zUh<NN1I;$r+{He~(?wBo;X9bqUAJ}E`>I9~y>CZb71v82#9)Ri<_DTiU6TT>ms6m>
z4^(*!6Cqdc+cx9G`SwNqvpEna{9!E_?;ybRv9r<&JB)%^a_M{~2J{l$&<#){SP$>d
z#0479#K~^(L){%Gb`{UXUVALsEsFKTy_@FHM9A2;1P9N}wTR=71vlg=zppqDi{Mpn
z_kJl^KUYk4g6&TnF7$++&02-p0Ei%4lIE#9!^f_i;<1X1N9}GSWTQ0XL!+5@)KHW;
z;{bHJ6SIxW*CUH0Sesak5DIWc=e@6mPkPNGV_Ukb)*dL;MUrTerHiI@9_ae|w59@G
zc43ZyZ#N8x<(@rFy__h$DF-#{=7Q^|3s8fZ_Da)tppO-b<ajPe=~&lP<f|cl#`5~|
zz|n;olDg0!iOzX;_nvSBxbzoJhSauoT-A=8$5u{Vz4O)_jMRpXs0je&^>1W|US6Ir
zpRQjeRD#Qvz*}4W0<Zc}s*cc?(-8ONS57*vq%<$6_LFY#Jy4%Z>4pG%m-<eh6v8+a
z<Kifz_7UBg(E@Yl!x3?W$4xw6K7CsQE5Kb8U(pDP1SG%OL}7<T?V7th7V~v=r0Y35
z-Y=U5y6qli_b$08&b>PZ{Yi_?&4=6hRo!?`bMYD-5j~s%bW|@LLj#T32ff%Y@+0*p
zVsA!7mI|+w^sLgEiGV$d-vGY}u88yFYuFDkX}y9aa;f1S<tCZX6z;+^dh76kPssTO
zom+O#^u}>~JcR_wsbr64cVt*!55dwLqX$7(XNRisGZp`-Ln83=!cq&+4dEPJ)|V#;
z7wf{kD@q*~{jeXc>mA;Bqt^O?tXs!xFV{L3YoGHdeehw(x2lZ+)t}(q2Cb{Dcsg(Z
z^g5v9+b5@8+6kE!i2*b(<$Pv`KnZL+np>?h4@I35X8lP?oIU=6CcifPdr#k208R@{
zQ1v+?etb@RZu5D)?3nKGy};v2nWuNpG3eT9?Rh_rup|(A+~)3ON;0yC`~`@Mj3oQv
zfWptvEksVbKbmw`xZ2*M8e5B?pP9rgUg7D6FulkB*>fW34zzt^Qz$77wreRD>wLZt
zM@OQ*K2wZa^494%d^(zf?E3z9`?HHV+$!IITzFEtMPhP?@jaRd6H*O3<Ulb}*K>h^
zqV1eLMg5q4JKymTMXy)3NAJ1R6q4k!BzWmX=q*%z-#O2?K2RjUH{(7Av@Tpp_`bzK
z1PMf!(Ccm?kI3&M8KPjdPURQLKkN5{<N6BEDVFIORM@=@%6J5!@5z0X@d`#nKc19t
zXUCOND)FQEslqYU7{UnDp}ZM~u3cj@oh-rnPAYBX92>tw7*48V+c<3g@HZ{R+m~hv
zP<qsC6S=BBn>kW)-$OiC6|EX0&764wZ%XMW&L));k7-0H0T<DpEwVi|K~u|Y8z_96
z+q@G(E{y37H%rV{cXLj!-4T62-*lM<k<Y*t93cy5kIzt4n^C1N>bbIJ(}KZA`qdDT
zWTthyx6+ztF=|2}%-(8+fo6jZLy#-SH>pprp6D)d!Aa0jdH^lJC>dk?ZPami3@hn<
zky8#8$zk_MUEEJxfZ%*`A8<-*`tijoEOWL80<O%#E%|zsUXCgpKPt$S%>A~VU6(NE
z4QfM)c_{6(o4qWE<>$J%${#!3;z!E~f%cnI&2w=|6XpiIj2&&xk45?Mdb`Pq;MxM6
zJnZfjajbD-gz`PW{fxJcsjL8}yG_2@bzf2T0K`Z9z&>9}i>q6Talvcp7M%gosjDbI
zuPz0DUtNaq$yc#X^{HWdbd5V7eV+d8n;Yd^hG?s=hx*<Q$rP5ae~3XmDb@lQAA8J<
zRg*?SoM4HX7XfdlUKg44_UKm_>6&6c_;cY-Oqje1O%sVVIp1tW8%}R;A3gZ(s?lil
zw6txz1CN#I!u5izJ%;kQ*YVldBd0F`-%u4*;W9FC7JOv>J3e?Z{({fMiwop2k*_OO
zs+cbuK306M<6_Qg_S<_f{@GhF?8uS3VhthUKo`-P_}+R?OTI7g+Ar;6HFT($|Jm>T
zaO49xE^@AFW^{<gXSGns-+awyBZ~R(??eA@%bMDNe(k&lc5v0RFQwXP)j|K%PCxPC
z?6)Q(b6Z6o^G)-qSo8K*wlRV4W18r!Mb@34vF5Z&*{~2W9KgKyz2JR8mS>1h6Uhuy
z?IIn}wSDNY_&+&Bo8>Hx_t7Swk0k+o>g!s{pDm@HC7c&QuT&<>;GUf0Su_rZ&PAxv
zD$6uq?~VKNoo#-n4Ru=lkgxW9b8-}f2Pe{Yr-K)@v03jUlP46$Zu#E!3Y^_XtLS9|
zaqasaRZv6+-!p%PYUyzFp>#5_)`)t!h3$}r^W|7RpS#qiUhwm3@>S;2OlG_?0_4@`
zlINxDDY$v=<*+`Ej}4v!d$Q<zZS$&DuykM_w2sr^;_K1mbpl|NPs+{Ap3kcJ>VwRW
z)L->;H@O%NZ6p&2pb(W3VyCQ#$bFFRu@KvD#<jWfrFUb;rq6#&3^8jy^?SkPaG5)4
zLmXQP;|U56@qz?c$aG@{>qVDZwy)O8CXZ5_j{@G$JGreNBmtmCw>Z1dDc>x7$8h#T
z71ec<56^0xyUon&M&|Q=@*LS37$tJCWjnIleghH}*Y?Dun^fT~;`51&!xb4}NTYg)
z$P9KK7oZG0k7DA@5`vi^x>UL)amz<gF9Ywnc3j9l;UjbV{9GxTxo9tBU-TjdKE}Fv
zB{m+F@LsZZL<!u_i5dcfe;%X={k+5k3()IEVdZKs2a4&$^1Yve8Bw8}+)p2v>#gu&
zf%xgvJaEa1>E)8L{bmam%jr0bK?boD(%gp^Az!6OlcXy0e%a;oQ{G`-bKrfT$3l(p
zZJ7lcwd6YMC%<t6A@Z+7r^AqqS67Xc&fZrXFk@ZNV6z!Ep{hxM<#HWNMUy^i5if8E
zWp&wASJ;nj+*P0Dp>K|;Zp7&!1}dkxGL!0a&%wR*C}ZPid^&Ich1UW+5KGx|x&wD(
zJ5RS+J#>6BFhu(0y6k`UqI}g_ug_aewS^5`KvBF6pD%V5<4)T{V=YTg4?e>=Uxv^m
zSUgK|zRr(Feh-l{vD-;}%K|Gz<mdCa!ljrwTol-J0PvnXZ<l-KNP57L`|==aiPB#5
z;N`e`qUvRPo2|QfKI59J&<eK;neHs8f5yzXDfcBh;~jp<|7N1P+m&o2_i9irJJ`f$
z_eI%+>0^m2eRmb%zBK6cxgzPv2&p`(l5hZQmlxImU7&~O&te4!0FZjZ=>gke$A>x>
zB22d*cR?hPL!5T|=I5Sy9xyyU1Je{{dof6imzMP^r3l9z2fI{&j~x?SMUH+2ZeAK?
zTe_hiz$Q6XSA)n-i&)mhu@=H_Q{F2|3Juq0&*hm-Z8_+)gYhB<Ew+z<e+HJ8FMRru
z{9e<nl@~nf(O8v(Ytx*bOWf*qS%br`q3nwy>kLXkpB%?);^wAbU#I`MW1Vl>hj;lC
zCW~>KS?j`+J9lKo=7=3d<9Yb?@#-MTlH49+FfFw?M-vu8r>U;n;AigfRw)-JkZz5~
zaV{CC%knq|`&umHMbR(lm@w$m0U2FZwxX+&*OZ7uhz@h6;M9YtiFR&qYVbw32`jG6
zbNzlEaDtR}mUPz6%+P7xL$Yu$$U<@|gM)5`!eLvTF1m~b2wWV@;g98h+9aeUa<(Gh
z3dxa^=;<vq>9547pHpdUD2TW5Yz-P#oflt^4~p>E?==2<*3y0ARDhhUOX$(7QC_ds
z9W1lkE#zaaFw(O(ANzY$^$2C3a>``T8b881Wq114fOuQ^NzK^@u^#B~eBh=u^0I<t
zD9dE5%p)`g@X&}kOI<mNSV0te7~qkH*|8HitY(+))PNIBh~7p$%msAS?@3}3y1X$c
zm<RPiEhe$|%Lmw3KShn$M{(Rxg|4NZNUQJr-+Ohb!APnC_+AXHG`;q4@ggJ!6gHyz
zCybHtV3H=P2%(zs5wH17LWbkU(#20ldME3Q=|6P@UHzJ<POo7!oVFuY_hGH5Q%cJa
zZxg`LG=7Qryv3&>qBDH%B_4W2bDYZy-imCC$&L_70ynzG{h*JLJ4vbm_^rlA9)$&5
zdmK1<M7pxEIwE{(@=n|u<$DC6WSZFlh4bKLj^pDr)NC>aL+O_nFXp^t*8nhkt8Jr`
zci<4^R3t(<7TDZ7uWZw2di_FfsK_iG4BrRU$^)-aJSkuA$(385ZtJ1@sT`So)>Wd{
z-fIwTh|LA$JwR=G=Cd#aGB|P1tN!gX-ew&yeLSuTU0!6TaNW(b?UNK-!mKOwp1DZX
z%VM40n|g=_IaQNPcHOD;Se)Va-Ra7tz71m-J6HC0KYA?|baXcF;)BelJ%o9u2$6Ln
zGi!;_;B7`r)uV6Yn@%3R2H)v>+D3ro@l&m!XR!7q*BM0N&*h0lbxj|TEQ);WQC%Ls
ze-+b~nm+%ahEGw*F*o{PeB+=uOkcV2@0=@Cx+LnYCc4_jQk~kX_wn2deovPlj?Y$t
z_Te{O7~oUlJvz6`Fl8PW-@u#B;d9BA%<2;i5_EXkT(ewH7+yM$NZn-<Nu%6*(e=vL
zNNhYsR$!pOsXHf5_RZ_TsC0Kr&Uwf>z+Y|41J)gM>#P<QADo&K4^@)*T>1Q>MQafr
zlo_qi^NJla1owN$q1#|`Ww=bCS(hs)$#q|86#MK-fF6JjqG>_^9gw7lRliR6_xV5l
zZiIi&UwTNS&8f_BJ3;QqtOq_Pn4#b>qb2CF%P0os@sN|)qv|bLqp#M$%)SQ+)S$s3
ztlRF8J@w7<9YX%vQEd}INc7KgP6O6_h5Qk^&ptL!sp{ULPO2l?mNs_LvSjHI*9j<#
z(QreW&{y2Tc^ga*=A1eceT@lt^JNaiO<cbg4^LmG$)aP~{ay$u`#Cnz3NeaM3U|O&
zMKh-sJNbGN<0F1&Xd80pXz@edc+zNciuauC)9d1@J$ty%*Hd0B<`3jQ0u%-hrv59H
zpJ>|;56qw<PRyN6_jTyK+1{3|F`6Ec{pn1QyX4@(Sf3buOOCC<hGv7+eiPxOy#!g_
zx3iCNLsDI&i%H~G(pMjPa_|PaN2q#hCGXk8#f~5)8T+xObM-pzNcX*%{iz3&)Td3l
zEsL}0dol-Q=6=Lf@-XX24L^FrVbB7kxT_mMBk%LkYxqzFLXmz$!tnW6<A4&ESaAOz
zVb_u*yA8vxBz{FM`Mv*<QgUZGRd1Kdo9SuWA^}(;z`*+0a|S7WW;ejSBvqR;qnJx`
z4t>)C3h+(#c__oQa3KWHDN7ny4|Z3XFOWYSIN~#gyN`j|r2sQjl-EJJp-7eVq;-}O
zbUNqL43ZV;=Y6N7ddjGlL%+FmI`Jr<eC;|hN!_Q{u25Z;^|mgg*j#3hBRgMEh|#8g
zy(A>(Q7Rp|O~WVz^X@$*#C%>5!u38=Rhaw|)C>c^|5;}&YJCP{@o8{xd=eY=5hbfV
zE&ilKk>64XyAxJtR@vfmB@C5JW9jR_s*fp@8v5(~ZT2LXB$Mhf<11{yumhcRzH=#b
z?-yb7xedEMSuO`3#lOK9jb=16!<2;6ENm0x5$Y3VTyw^s0D1fv3m%CG4&6BS*gA9|
z_(8Qgj?^&fn)0-mK<E<<uYqKs5owVRUbT~Hnp5ZwZ8)2JYG0obXP%}68;q(u0-4Bt
zKG*r|u?L42w&Q(m>Cxnaha%r|n20?6ot^V;V>sscd5y@KMao*3>wbLj0e^Rn{LRVv
z&n?bMj3-}NK06XIC36WDXfh8{k4X30dC#^U?F<+lrHAGDg!ZO?p1eS1^F8cIigG!p
zR<@n4LtgXI&nV*cK(cxIvdZRc`9pJ9qJUvPx0J&Xy8~&;4KKm@l4IQD+r7WG=aoEm
z$`daM;`176S3FrjoOY3z(iltb#MX8gADQV)w%G^$uC5IvejQ1Q;s_}ZJ+SYq`<B8&
z8@)cU&MtLAOK#tMb#U*udvoo^4Bni#R#B_VXYFBp+^)=`Co9hm&kuzdCr}<S{3kC5
zc`GIm@9s%wzBUD?HF={5s71HEr-8;f<eGY0mW(hC-)g_jxIlKVT%k`+l@uR#?6BZg
z0Y5RMxj3NCteGP<=Q0L_n+l*#oEuGcrTM->mNhB(oVBY+&Lb926~G?B_Fazeh=6=~
zc6FqvZl{HZ);Tellq}zoKPx)^6staE<a#WER1QciIPGIS*vB|A?sw?F>VU;z321XS
z-w4?RT@z-Z_D~{CKWC~Q)r?v1;nG06#oTAuRNq46wdxUqJ2MC1+k*)Gnh3D^Q;Hc!
z?$t8|eW;b%EBHiI-`X~XFGPpDx-XUoJYn(f$;jy<)8?jYqsR}Tu<1R<&k-G>v3$KT
zEQ{lAJ|=jb&bZZnLxKo-%Uju4DXlOTy1^w3ZoMDWc?7or=t88?nY~;k^NK>Wv<?u-
zdHN9j03qg9p6c!eB4)lc<Z_CfShe?+=kEH5;rJ6B;$+`uUJsybk?#8|hiV_IuRNZ+
zT(7m@#rA{@4HP|ejDNFf{QxD^l%g5)_F+HAp^n65sgOmp*ZAXXAIsgFfvA#NfQe#!
zNNz`6lA35AJ$9Qc{4zo{kFbFCty6nk&Ge)aTZ0gkXu-$6rSAP+GClgb$m6iy-s_4&
zY3Ce&{2UG-7H~Uw9J*zA3||W!zKV~n_33yb5Ml^@-6yM1x7sSb^b+xYHxIZmueS7=
zP!I*X<p=Iu<(PQrX!&O|mp?Z<8#E_+4@N?Bm#$e_u?Uwu<)pnvC(Y~VT+@(89`2YQ
zCpfVJW&B#W^>;NyuuLLtXD^|PUsic^NbxP1;Y(*z%lb5S<zwFM*u42D@~smzrr8h{
z*CiHpbJ3q#Q*nkTMUS7|Ta9$01l1y0k8V|lPtV6PrOzW^r-=9D(;QLfJL5edUjq9~
zYPH9W>tBfDF48v=43O_htXTCaF<(5{kCghJLE9@sb9f}FCu{V{S=au;P4C7{b|9<^
zY1g(z<jye+u&IE}4(I0lCpW(VQOoDChfoaUy@3P3cjcmYnkkXjt+}sF&ef-C^%P&Z
z$Ss#fdH6il?0S&CV7b7vPdcU6C17m&ZT>w8{W=%$CAeniiB352=)#j^c&;uoI1>(Q
znb@f3-CGywJ0uEc&s_w+w<i>@0DsvCN!<NeK1!SBfgI{!dny&BMbCZwaS#~8{i&kl
zt4E*6A$bHN?MVgbrKS2t4d9nESpWvi(tG=S1Ed|-A8x#!Vy>2YUz4;lkXs$Nd6{oi
zVYA8TBN2x4bg*k(J^TLYwozzs3i3JM9HDaH6SVE^CGK?Odb5Bk*pB=4gd>VcvZyuF
z)<XT33qA--UPw2eSOS3?ZLT#ma@Vf6_IPs`-{HOGGf%<aXf|x)cD@yPQWd<-T=u()
zu#7tP^g1U^O<q*<UU_8~Is)s4M-nz9$~)FDu9@CcktF|IX&!n%J#>&m)~}4;I0&n}
zb>#pn$zwg<Rpx?=DSW<!MUmY+?4qzVc)sicE_?E#nchu8uqqu^T15d#eqUFt6kyR0
zrZ+%FGnpd$6~bQQo=b7?Jg|PaQt6^!XcVH4ZI)GuSgY#5(I=N~dLAR_z3A0;1Mv&v
zacHketXDacumq~-F(yJ{ZP-G98gN!;U7`%}))d-r5ZV?tj1&c#*=oNC8mO3a`&5nT
zh;zzB)t>jr&suSRu65w-=MiPWM<?!94UlQw6`|X3NO0xPcCLTVZhk(hS>j=Gj~vj!
zjJZ2<-M%4oyd&T4{96(Ipykq<9)hD&Btqxi1)IfgeRYkTbMgXEuEy1qq2o1BZ0iH2
z2e8&PpxM~_O0Q%ZfsozpYvTj*n$B9rou}dLJ8!$6(?q@}beO>K(e}H5{>^@?F7pwe
zhjEDGS~(1+?yt4iqnA*==a3~FbT{M9DFXM*BhlqNE)pO_2wvZT_31OR2#A*F!t&{s
z`x)D`Thq-;!+<+ygYO~0^HBo5esLO!MtYLYdGz84-?yZKo{aqGK+qm7qn66LSIY;V
zh<SDGnAz5ZdG5O&o5L!G-Edu?fT}m})=>#GgwGI_Zq4i5t3GXE^PXeKx2NfecJHxs
zLN%<a&btw%oF^WD!*aOK_`{{9@3l0AIrxJRGWO6tk5=I;qXXwr<1^$6+plNVve_Yc
zKZS&8J3VT6>lX565d~`44Nt}Q`+Ues?@aA^^cuXV%XaWb^_hJ^Egp$2@V7L!b#Rv+
z^Cl5da2)am)dxha&a^%u$$F*b^Tj#??6<)0DRjJYG$k+G#?IX;U&T04L`HndiZ8tm
zm~IC69uI!8^^6+z%_9XIQoD@OzSoHW<(^%w>@Nd?YA(44nUL9auz1R@zlcu>I+Q-D
z_4)G(rag_+VIu=#j2QZ)m-%DnMQ6QjfInBqx*Z{T09jB~6)<WB%(#yFx;;|)e)oQ-
zI@kFeyv%Sc&djEV`@?efO9Sw5Jm&0!U59iwo%`0;mDhV;pFMoX?xxE!#UOlJ^Fz*d
zSrmC~VmJ(Hw~{l+{0YMH6xkl-&LSB7JbSp09h#y&BVpR}<(yUi+^SFCZ|kv6R#|Kh
z`y&SN1qaWpLu2e~!)|95!idg6BMSuaI^W@h@9TN$e3pS7G@)Ieh3T*ai^&Cmz)AKU
zimn!%jbY%_8Af70uY3s3Q0*01_8UFz*^h2G+(+Yg%dYiPu6l?j%8P5R`h84v_UVVK
zDm58dOn>up{c{8Kv&tR8IgeTx5W=Zf3-o|G4u$58$I=q<iRvu8r#GCn_&Z`4m6_iG
z@o#-SO+09I(I2%4U=Yk!x=DQ&lPoz~a=orYiP_Q5_LSaT%#7)gxd0>dy$?>TMZdKq
zQ0H3mhV5OF`ixm}&46=}Exzf$F)g_u6MRZ(FMY9V@r@u~Tl_NJk{_qP#u1TE4HL&x
zme8vkAOfFL{6(3@w?f@6-KxB)?+4$bRKEAEo5Py>%_`Y#_-0moZ{ina*NLxjkDOb*
zz_q>dT12I6`f%hwTY6Ngl9kZG+(zd0;)Upm!%wMUb(W*vvskAbNHXjS=kD~XB5bnd
zJ$N1W!WYnRPDV8ayhfso_KlY1l|H6123iAmwV$%m@74NthSz1<@*#Z8--sJwzY`$o
z_X}0=qhADmzaGB)o>Rm0p$ba9{hCTVTw{NahgJG2u&g|?Fx|MeRL9>X0(sFluv5xx
z*A<6m$Oblj(KBUhvF~xGnB_a7fm-)8p7Yt=iv=ffwiDjYsP{y#aNCipl*Z-9cn8UP
zF6!v+HKbScI0qk=4L7e=J&3$~r-E+sUJQ85BJHg^>OAi+MCKW>^W?$luDtVPT%rpC
zMBbYH#%!o_>GklzyNYk|eGUoqMNb^L`h|aqqwRM@)EzDS-N@wKIN+Vp>k${4?mVe*
zj=(pL*MTj1hlcGQC4O?LBUp~c`8<T5Jh^JS>u>{LxZv^nr`bThF&*=*RnxL8I0~V(
zj{se|c#c{5cEvTCXxJn_@%iPYW>?)S6&^(xP?@coZQnsd5G=ogE|DbNllQQtUwOnO
zuCqIt;1a|Gq9bUHuOqOqxCQN(>+F}(YlK?{!w%qM-t$C`ZyUOIv}B5^qVMa$)8A2N
z?PG=bRyQnLrX4=6kC%Qo@1~t7oanuIlf2NEI!8ofRaxmiI()yF33)Uk!a$VIE6Fb|
zrsq3s#S*s|SeRO*Hjs!;ei487+hf+@qr6=wlci33F#c&pEBDW>(CxnAOt0r~Y-Hb{
zkRg^=6g|1u#yD@BJQZiGw1u+IlXpXqc+V*Xw8!3=+@6R|1bY250IbF9j;69xn69Y?
zC`kdDeAz0|a9K~>n=FVS1!h##8davFps0H1-HiF>J|fKV2nD{sf}j#6^4gPatR3Qz
zZqEz4eB&5c9naK^MU0R`bu_sG6;|Y41vh_ao^AG;_O<VvT)bs`5uS!x_!6t6;y!Wd
z=r;)+6Ai{GpT1Sd*AEbiLgb!DrOKEuR(C}hPc70#syhBUuau&le-G}99>REZE?)%(
zH&frPCyIj(pJ}-8<TO8shTx-=s!zD-B=-c%cAj&i&L|wF00=ps;j%NIg8TWreK|YQ
z6eJ~1198AiOAlY{&!Q3H2;h8f<}GVY5(t+ZTB3nF;ZA-A-<SK|185o`mWRUe*1q=6
zM{(+b(po*<&1pU7b9gG5JYaO?2~oT@?bD>%!rJEAZ6+P3NPtQr@9f}I7~5Nx)lt;A
za|d|o$pE&U1FhV~u;5lEHF5_ukM1(;_EY~_4=3LOY9V_+g5D(|@pNT>d%I1`RbK`=
z-veVNPfcoBzbpCQ@x%LwqFw>yGcd0ycflOxh~-<V@4E8L0B|UX3|cN<^)>qx63}(5
z_DpP7yCW`5_(&AiCgZ;9@D3fi-|I9Oek_IxG1<@<5RqaU%~`K;t=`lccL$sAb^3i0
z9a-Fm=lb|LpplI#gWtKqBZi!JGyQY1`wV!_`sYArYcv-gEmQ5n0<B1Wg~pj?Wh&cr
zCh`^O96=|*eDdJcZWos`mwMVG)N|+DBm5cDSwuUmkQk;z<!ck4{~Ck4&7-{upci7x
zdr?#H5k8rT7L}aG1MCK$5IiT2i2~B}ZDeDD*{SP&osiFs+wV5go!N&?b4rU1D{G!;
z53jr^tiV0OLkjgYG*8r_EB6y<!{M6Ew~hGDL!0t(?WKKna24IG-`9@&g;P_?7}1k)
z@Y$pmAqnE2P2K+76ul?-<mRj+exqd37gzIoAGjC%7Ed-4J~ZE{BYoVXDpla<$HW#y
z>m*(x)hCxZUlaD)ZtvI|jfaVz+9+;d06s(^g(%qoi*QqxFJT8fflce=Uq<F<H0PD!
z_?i6VH#0i{_ym%&iTCnn9x`)MY{<VL!34A9V^Pin=p6Q0(aF3gFnUH0%&u5JZlmP;
z7-LS^nM|JT&r<O+>A9*%TPh5)BhZis?YtHP_{*8l$6cu?RW1&nLyydyiwXq%`DHv*
zqs{Ty4nKQiA?Ct;)bOAF<F6RbvgG&TN{Mg?qrt$pC6Ib&2J7zdJqA%G;s+W#XvNQ_
z@_w&w6?7wBzZmwQJSOJ5*lTHznZ)4x#0{ql=MXM-Pw{&&=ktUqx?di=_j`!Aip12v
zbJ0efw{;lrtk6|C{&0;RG3uRG^3R5hPrjy$ub7EWZOmQ`uOfFVNG-B>-0wo3D+{Ai
zj>mKQ)he(9-QXN3<+D6x8X}tTs%e2&ibxr(E8zW&9JmI(mA!@E$@zm)-s#^6kl0f|
z&Nm=|F1G=G5!w)GeO{pn-aT??!He|>E7br!nm<q%O?Bx`;KGq+4q7~Rx*0p<_*5r+
z=S8BwvwNpGYqv`3GupFi%b9+QnMLpSo|^@3H5g4XsUrI~XMJ`!0I)L|ED2*4nNh1;
z1~41n!p!Em%zW-rvO?amy1U195wE*q>zR9Pphz)ZJq}0398qxQFH)jxnv64^mR>8Q
zZ3k|_M*?=k;d^5sSV^f55YC}~tk<Y+5kco!`8;pAPjcMO&+YQHM&2*qR!dDCP<JRE
zh}5~^Sn-`r`RsTqA?#J-!qZLGz=oT7<DTBn&q^Xh;ur&{+)D>09`Cc<6`;@ZsZVB%
z$PkR2%|&y;x#xm7ZyUUe*!W)7`IY;S?e(kab5Hu6_fV~Fd)Hh#jh}&5uJLvB-7^S&
z_z@9Yr}o194j3D$0rbEt*VCSHN%dm#xg+EVuEa~|qEq!}TlYV=M?Y_bVfN+R&lBO^
z1YT~v^@Nibti+H!;A%;OPuXIsl&Y9iEPk)B*yOWah;I~7n@RnND|+(MPK%lkeH*CX
z&Q$3fYg+uqDhJQeb6PR`JCD9>)@vHf_sr*=dlU?Z*^Zy%rdC||#O<T3$|0z>aly}J
z*K_P9g+`XqHN!Q-?>|3-ct<Dm08FfFV0Uoh+<AR%X7P5JoP$O0>i1FFoY8>d?+rg(
zSt3xq56}ETF-B-8%=8I03i27kZvf#7gXQqO%m6X+NYbGvCD$X_>-zrl5TlOweM`_1
z#qijU7L=SC_LKV{$a)f!`GB4CxjK#W_4vY)lZ!602X>vafT!#6FyQF#6)YX5+nNXb
z?36^r%59#<$*!g8P4w5QZ1l2?Np<GyZ!YhCCcWz6QT(Oe7%~0gV?p<f`-M&oxSjxy
zNK|64rl$Cz$)yMK?VNCmqEAjQM%QIiM=vX;+B08JK`B47p`PqiK2aDwCz9MQTz^{0
zG|=jNsbFQ4kB^2mi>saOMn)_wKEV&PM&$F9=bGpzg{k~o$JaSe8KYbpoLii`Z{2=|
z?@43J-hSZAM=S3x1vuk2#BdaD2l8%)#2qODrvlBVDYVwXyLCZ2NbxRXD&kiNxnKez
z_sntMp|rVuS?ft^ip!U|8G(f8^R)5!j%LU=E5sX{j~VZs%krR@k?XO~1Sbq1_S*;m
zQQ~*+$oV4XL~jWo7z<2M11t1n3BoI5SGY{Lnp=-w%sS3*S#qSQ^mZI*sQXPOv*%`a
zgJ)K|jKybbCFrb{#l`pCJ_!I%FS^}W-!Q9;mb<!_dQolgk@tVk2n2~qlT7qIu#@t{
zP+jcHW4EzXzL5L^NF>><9&!<X%GC_I5+7hpyCg;GeD<@i^&rV$8{K1vKlkmc7P#Lu
zwjdGNRp|Vv#~k1z*x9Uco)VjbPlIfR#wpwU&OjzZzxMZy*yy#ZWa;PgD#yMpCr&Ax
zb6_)d0o4ySZvVMas^{;G(xU4&0$ER?Vqc=$6q#4Px!W;47dSlnk_ZgoIpU_Ld+<HM
zOL!5#aIn3vZ%N#<7r8#0-hRcxw>!>Fh4NX9_eskVpOK0lWZTFdy*f~RWtBuCXksFV
zQlQI#+Bb0`c+WyVz~jCZ?R86CVvLhs!<MX*v*wb%U#KU?c?zH5RN>DpI2DJNSVP9T
zO`y=^x=VMiB=&_Hlg5|e46Fw0C+k1!nPhg8SQTx|Th2$v!e4>k&+mLSjVhwn<I8^s
z%dOozkNd1T-O27U2U8=@d;giwxq?w~wUMDx)SG+~+f=<FQ5ox0rzJ3q-J*o-gvEo(
z5N{zwlbIdO@Rd$Eacg(|RwB*#y>*(*eHnOHUd5@o@%d~7=62$AJH{?;l5WG(%(>EE
z*3<Q0cw=gMoil#<sMtY2)WxTY20?c(-nh7^SCP$m0l4(b6h2Q01UdY|ed;DV=HtND
zMjDS+T-Q^X!>_U~t=$RO$NVG|>x8sqe7nQZ+l*Puk4J(W)Eg5qa-J?fo?%^kPXNWv
zt9C$;L$y2CzUWMfa65gr`j#K#quW^R6~of+GJ%zE&*45)fWYN?1Ne#>o!HPdigu__
zZSRruL>L>byIc%3&V8NkF_KAs?BR9ya}DdTDD{40MJ}4ba=&+ty#Z%%wZEw+2Kj~`
z^Z^KBdVO(5{1n5fFG=Vr@U4y`H{`8Pv17n*C5$m`7(qPHwyUgJIrkuX(9Eq&I?f{w
z`@JQ#v*<RjNXV!ul)gzV+7`NxUpw+Qo#()A*TW@1IV>r=$t3h)QHe!V9o5ZwpI>)%
zK;If-$u96I)Vo)W?~$4%?ssFW>X0GMju#}oKgM_K$%m~QH^q?8Re7WhE-~ykZvD;F
z%28~4DCb~rxo_kMyTvtD#8+4yr*n_?mp83|N7rq#6Xj;&7MJO)&Mkf9|6b9u+D8G5
zu{zwYwW8eVzKe(B91kA|c3g@4mMEJzAps#@w6zd8?<)!D;NPwN&n?pp(cDX?c#Xc)
zD=@G3VVfwRN3PtkohpL$OLwSH4&^~TkGK(xN#7tNr_$RaplL#f4LSG0+Ysd<CIwRZ
z?`TZDh8SrAZuv-aVpj9F<v|2iQAxP1sGrII+|`oTFyjUWmoH7F!RIn3&HHq%YBv`g
z3qSN3F&zf?*Wyr!C0vD;%0oXB3P^|6@J0mXr<Ae$Qe~^j%vGk`z7M|w_r`c78Y!MQ
zkB9aqD~=Sj3KLd%i-w;u0A{L&_a*oAd=ZYHaar){PLZBcT@+j$<>_+$=K;rKb2*=O
zwnsVg7MOjJ?|stCS1cRPwY7(F;LCdC^VmLz9?7v;E~ow89&0Z^FB-X;z5CV=majH^
z+yA{p?seoXVCWRacHD1ouf)Ug?)i>RT6COkmrid&fqHV;;j#SI2aaFf!wq~q6eMu?
zT8>bW^Wy`!hX>^XP2u1`3$&8jJ<7Oxkm4c6G4Y^p%iHDPyP&BB&-Lp^2i_NUVP!oh
zPk!%I?BtW=Vx{HQ@EP;$jTB|q3E<i%7*2#Yk*Oc`fOP~3-S#gM8FgkQ@M4~~zHj%O
zfrQ-0=pWGNJrxU@V0=oS9+mqYnw;h*EyOLIET#tRGy8Mp!*)#{N~BK%cRcEHdtn}Z
z<pZbfJL0IIRh_Hf;C$ce{ZbDy(=5NNMT+Sxp{H9d*ta0x?fg99=FB-OXQ&*ptm2_P
z!+s%$vgdoj2m3C51_m5`<+AQh+PBHIPYJ;Uu|5{)cD@v-GL&mV-+tezb8j<>bTn-E
zNSjKzK?Vqt8rs}pl$DMu&P&z<Hd+ta%2D!BZ5}#|4hnF`p;G-lCxhWJmOQT4D~_I<
z`3;Q{!z<E^7FJQBb7`bw<`pUAFGYy%bl`rm+fdtfL7I;8qxhVH&DJ~@t|UjFIPp!$
zqA{|IeJ7;s{Si%x#;fjN`4n5+NEj<$GZRnhNP@E&xU2WU+16(iF#RPOf|_5%6M01e
z{M%Eyor2QCtTOfOt@NMfTnc|~o~8ovdeJy^+d1d*>2til_*Fgzuf!rjSi>)8eTiPo
z%9!zx{R!z<<NgL_GvF!mmZ`IkB=?cy59zn*x805nPO)dN;cILSL{=A{s60;%At~aO
zMC=2_MP$C8UVRM3#U=-B2;z$?OIfh6YXr4<kIQG|c*{2sI=?W#N0L3U3+a*j4i~EH
zC|6;p3HkNwnqZO<Oh%4-k@k~imo9_cAg(qPq{s0kp29;zt=WNWntOH&Bpz(nlQ#(7
zulq46IyZp%XM5u}>so}6k~zj(ExlGS^H19@%FiTv&gPR+Y6k*Q&ca+Re#JyjU#-s&
zvnijv)Dqj;*t$_&kf%0;_Q@7?q<Z~Gv+K1xU5W!oh8d^tnALeeDafAhLzS9I3b+Np
z;?6<qBH2f60dVcK!K0ps_Y%v5$UMR&=q_7_Z|oB`UnXlI$Ej=EzRkzJXF&M~^Cdu~
z<NlR{)Kj(hu(43#5wkNh6FBVwZc)G@baMg=K|{~ITzn2Q*SWPStROxye7Cjgbq1!-
zK)bGY11<Sw3w2#EaO0G;iD^T>TArtr%HcEd!7nYCT*0Eg7lzj+P#+V5X2ep*Xn308
z@gHsXRjIO(8a&nhnQ;`u)l{_x1A3yhjVnhjt=uqd%~&r~HG1ANn{ibtIlnwxAiw@(
zKQZ@hF!ZJP9bF?4OD-4tyq1Q?HPLcVlmYNH{I`g&Jx+GG{k&i6hE7HFI>49cHT)}^
zQ+hP$%f;@e;GVY7Y+6u_2Ew&M#9;|L(xAGJAc{7d1xBiVJQ3-8u?PO030LWk<~9T-
z=im;AIsSzpzvhC+3+x<TKF1=zxqxBO%ynPb_9Phfbm9zkj*9LU;^9o@i*TI}<@x~*
zpCW(+tw2AIYI)fI$3G<O!F=vppkE@dHnratPS0Vc^*sAv!|#)G9$QYgVM*&Xii&_q
z3=_nNfGfK=9E2vuk1@GBz~!8R3?0UKOo}5<h-z-u@!BsWG?x*`&fjNa6#t$r{f2we
z3+;X8b=XHlZ7fsJo?g-a&!OZL#T`VoCmNm-PuL*Zy68d%By94zAdi+!y+%UFQaX>4
zgKppo6u+k(DUUPWcd3i5hweSa$L+52W6^9kmc3ev+@Z$g)lGb9%Ni;{%<$#g68WVl
zWVy$DNF4O!t)4E%MISif;0V`bH7_F1oFw)qIDSr00x2iy-qzzH?nr&yxcaf1W9W~G
zMyk20(-RR0?n#BXw@c)l07*kJ#xn%`mUz}VCyPfIXtdj~Ub8Zyvr^iS!&%q&SU{X$
z{db_VY%W7zFrGcrkA$8)*Yj#{++0j}&-0Omu|^!+6PAj0MEvOy9$vM%-*y#$=eXrn
z({#z<r>>6PJHTY#jt-=H=8As#K~JqV%M%YV{PR)Zz0rB@g|Oq<$vh6Wx7FYROw4^v
z>++Y0@|w?{N5m8}H^=XL)EuM6R1;6h#W@qgof0Au_GJM~ndR43eZCG+_K3$-V%)F{
z2xg1Dm7#qW%9Ur_AZGD=<7-*)?WOER8n(wdusVU$MbW$7Px<1+y<fJPaIVA2BiYlA
zt!WwSdf?ar(b?0W=gh;lBPZRFsgx06JT1oF=al9=>gRZ9b4Dws_o3eL*1!(AhwxM=
zfA8ys<i5rJ0NZ1(4&HhAY>tWLgl#AK3*&gY|NZgZ9&qh~1@-rDEwE@C^YG2=!gt67
z-SUer9=@2nZA!*7kk^t^RCuY2Y=`-rnw3Lj3w^(l^3rQC6$o@{DW3iS<RZAjZXSqx
z5LK);6pg4_79|cs9*QrNDQM07I6fG>-eNwiDI|GD4^bHz)w|(`kmqwvr7W%VTFE&1
z1ucL{8cpXHr?z;*{aX;X;bKTRI%g}9>y!<I)O~%RZwJ8fP@hK>&<?(jGAeoPtEW%q
zTWbTKH?DoLNhHTMqw;o?Jd7l~i@>&nm*w>Na;Gm~upEGL>6-`Zku#9|fuOvfg?a@P
zc~9*ZLWHtbF4Yb`PWM&!l5+W<<^f87Zm2T5&+bNX*2Mc$UoO({;`wH7?29{ekTMI{
zokzf4GdW^(gEevSgjZ7O=)*)RQT~Qv7V5#dzxGXEbhqRVgl*|#%7tJuuL6Nf&REiL
z-D%f68i&-t%UNmc^`N(WP4}8S0cnquQHaK#<X(*|xzkeko^|((vH5&iHjm}$=V@9v
z`oxmr1Do>zE7gz<Vco3=K?#(<SBV?j1R0s1{f~1wn0;Xaey+ElyPZrnZ7%4o?TUcg
zB9VjN8={<TVnjAMm+6Vi>es(qCv`aNkXTe*Q@(we{%I+2nB;QAp}wX31nM0bxxU}=
zEC&D^1cgFi<<l3X$vCK;!Q`@A)fKiQm)CQ7uL2<h80F1}*Ufz_JQ}`qMLJ3v@N`zt
ziHErj-Cnsn3<qHNJl#oMFjZ+pmlqh1Pa0)|K2;A2W?1_jX(7VgZwP#ho2*iIRCaBO
z%HqIebkyfu=AW(HX9bLQ?WyIY&y~XX$e|WbRg~m!3g|w*n~ZwDJP=8dD^Ez_NgZ|S
zgXCX^8#)WDA4%Z8yT85sU!2b)`LEoM7WmSaS#sst-G_6S{uDQ@=))?Rw#Cx{1bUZy
z;|qej+IO&@hFPA_?t9P0okfkJsJkjpb$mWx=C^sz`K%W*Eb^fsWDyAT&$cBPzX+mr
z0g3b54!)Z_6)~u*$2K(1d?SP_@tuGyIMMlZ9}&|y*?dP6$!C3k@2O9E@8>M^x;q-E
zmc<hFnCO`ve~;%r<>>SzEfa3Yy`aVC!~Ncb?z?jARzC?hk_*8PR}U3<Rf?S{K<xd@
zOc9O-kA(7lk^{NFHzqZ>6-T~+D|a}DrWEj=#m8z2d-Oh#KCh3nm7{p`cxOjqJHI6f
zd`SJWyD$gr*VVt7X2cFQONH<|PP9|s_A<be=Hhz$i8(qI<h=bla0U_o($-*lD$l_T
z(XN_WKg_QnfvJmc&Y^R$okY*=fhSzbMM57?R7x|(zII}V#g_xgyRH?%@jDmls3RZ8
zKdru$|J+)gsZ86q3_BFzp6#O-@2cN6SfkYgkKztrgCk9qR}L<gc`l8u=ybDsA9g!8
z$jmVA%x0Nvc|3X|IKE+=7CYZi)-`PI5Vv#C@Fq<9``rn6gmb?r);U0-<5{e@`5hnT
z0P8^D^B#Z`iB1A8U6j;LP~$~9C*0EGQ9WtAyZ3PHrh?5|A2#=njw~^dhXex<Y{SEO
zExb<{*SBZBhoSEGYHvm(MNTCLo>#1?VRO*^QRhd<>6CC<LP4?J<i{PVwkd>!Bpxsl
zh(D_Fo$}t#KG)XIqjBe-2O}{u3{GBwSNfE2-CbS-F{WJdolZ$tN4+g8ETKmtGig7o
zT^Bj}sM=6b+8h^ed7x#M2FySq?VRTTY*`kw9M>lr*&ARJgC}4X7Qy#+PaR6q`*fL0
zw{3Rb0DU+9w1s?>kOt+3a0N}usV7(|OXPh^(tXRQUZwjthos&lbe5ht2TyD1N;~G~
zkfJ-Q6qOgt7JJ+$pC7YV2cW1!UD6Q%nx$veZtv|RVLZ^$UTqAlxA2bciR_i>fVI5J
zN-E)$abaFD)VIGIDHC-3i;%+5fKYN3l-DNWfu?$iCJ9~xIIQ~6^ouvY*JDUXAJxTx
zQ;7Lhcn=?_hg*-s2z`%L(30G`djtr#o@NlS8y=L@52Mz4xkScvUyGu1&D!RiUUjXi
z?|s~>jQbSJAOy?PL?HbdNl#ON!kiVCS-xxk_i0GEpEW&c!;yvPN3YA_?t%6)+c*ag
zu~&uVfxb6(2dRSJZ%2M%-WT<A#F~3|&yGP@;Hjfg)~W9C`DN^pDjCnb&Upvc_<p%)
zuMq$mG|ENrd%VdqkYMi72kf%5tI0Vly?k#VPhX|MY<5R~i=&LD?tPNVEbQH4*d%?5
zpl?<`0ka-ZJ22U@`j)xyf=I&Z)JELV&xi)w^H{0*XI`DcC5pB*OW~^Fyx|{Fy_}8P
zu_~cTmub(PJgrGdjJKP?%jVUoUJ<8@W+p-1pT`>a-%b9{P1eyb`S2A~8H2UTPGOcb
z1|9me_|Mq=7g>41kN=|Ej`qaL6RcrKpcUUx>Y5;30ki7CB(HLgV0O6{cQ9;dCA`(f
zK+_(*GvBN;`IP&Ei&Z*A@sue(D8BT_25M_I$_(q7fmyN56B~|ILcUg4oB9L3&`_F8
zPcggGOSR|fK`Y5@N$({5`6V^&0K$X*TxLXH9++B*^Et(2aLZ@I@d#uhexuJRp(unD
zrMmYhEPoc_WyE}8PQ7MI3&;4%4*F@P(KsS8^e$vmFC(r2hgxwCjnzNnq)7~WR_Z*$
zdj&4u%HEZBQ5bq(eD)DVt8W|;e!2F6fQl*`W(ATyLD5p%hIDPOMY&~!OzU-ZzBKJ{
z?=0{#XCRz>SiKcq)*W}g_&ha(h_RVdhMeEnX^~Cb{9IL$>W=G!DClvtI8hnmPY+t&
z*v~6bCLK$1vV8X2160T1ysxF7;A5&W<yw!Y;CU4ER^_Hqn6L>bU32@5xjzW|HfTX=
zgEN7S`%*>vqgrcuo&tY0g%gEMez(8VTyu1z<$PfiTZj)6@&QD@N|5U(`5@Gd9i2sK
zL=rfv+*3+T0%Go7UR@<XW$!M0Sp#}+&_Ve&?@v^aJtA%HH&rRnCw~cJBzybG`N-CL
zPi|8hFVrF6(YwHNH$2RqdVA$0h4BqsCGhN*o)%4pd*5{(bK=>nm<*3{Rg9-Hvqi>y
zn>SQt=Q!s>C!<QoR`{$NMyyUFU(~U4smP1i&L(E~nqE&IQ}`^**by#6(#*xct4~R&
z5%DM-^P0eWYflqT5Y55kl0$?Cr=D^lV8FN9T4~RLUb5r)&Hqry#goKibzj*Z?O^a=
z0~@xa)0QU&2cP7V#|h?Y6iW%t>t%{`QO|-opD(HaP#)ZJ&SmbxI2RQISSu+X6sGtj
zyEAz^uK`KV{cg>^F2p>U={LW#9|hO^@Cw#tgXFejqe}gSD-x0zb4}3eOq5wua77=#
z`sSObPXP~b)1Pf#{@iYDto+VK9-{SeAQu9(^Sz5I-c#Y<LDDZt<(w}oPLuv4>`am-
zTWu)3CDcnp)a`#s4sM2L|BJFGuPU;#;ezxX5ITD`oNtMD+&)46DC36FIo=Ll98Z-*
z52Ev!f-j`sX(z+Y_eL!&p9du3*(b>R!9LRg(1;A{m*)Hd@|`6in@pCjiUI0PCTH{+
zcq@Ollj=^|QV;=HuF}me8?l@>m7!idYSeS{h}%=(+(4E}peg5OMb(_%rCYZzTmCwE
z+QWXZd<)xmSs<LbU+$lCLrd)d#u?MkofUP@`r-1+iv~8gc&sNDYxg}ukqb6vTBpzd
zFQe+uq7$9|>09b`q(Vu8v5qPfM)f^pLf-_G>n}FKtXrGfyuUbA8YbVUu3MU}MvuI7
z`0c-&P~q%sr9Ev4y;8~Dcjd{4^tknPB(s1Qjm<AD?gzH<Vu|=m<01Y%U4QtsFKq~p
z%2yd2P&9=ln*z)h&PT$qUQ%fm4PBdf;Nf`CIN#_sj3JE6jJl7_+GujQ)eWxH+k^-y
zdBCG_pFm^B-J5=2Qt=%wcrnd}Xreq1au&(Zxxpqaj6n;bkM*W0S-fr3^s+Z*;heY~
z3U5F~_Z*8DeZl*v`n_auOrunY?(!aXP!h@Ialbg37m^us_GEn`$mPObMq}}yYFIag
z-}Mw64|9afo)eW9NFJGe?P1#DMqHw>#>~{M?2;pI9$@biMFja!1l;XD9n0gaL-QE!
ziMgBc)V%gr5wM_B-_OwGQ{5oJb&6qUu(!%pcN6wIWOyN*Nxq_FZKJ`x_v!p~*##~j
zGK_p#7X=0{R+2wKwlTWCXJ%3N!UemIkALC=xXXDX`#rWE)@jL8`#`L+@MQOWZwt7W
zInRYR61s3|&uDfKq~0CGyBN++o7^l}HL-0`a-#+(iC&`3WHp+zlh~kUd-Q@l^z`G}
z_eS+%9^YA@lVw3bOd8F^-2Ai}Jy|*FW_^0z7haMleC2We=gh^AdPuNt02PfHryUi!
z&7QNV!_C20Uk<E}N5oYML=<fv1={;(pw~YSUKb-gL=+yn16Kij>-wAaAx|;kpq@NK
zb|s;MaVHKKT)u^?+8p@x2`97f6k53Q$w#Edr)^}(qIEeRN_S->n0QlCs1h>nQl(Ch
zUec?3q?583=Cms$Ij8oNc;*T1a~}Y|HQ5U$134fDn}T;#7u)sXsw3Y=6OS2-uW{h*
z!$dO)pOwk_5@1r|6*H4FG@DI!#;?~c5Jz!{_wJYSa`tJ{G4Q^%&O}XgB^uq<s{)bu
z>!t*UAq92FV>Zw5Nxk4n_X)PogrcF$m0%kwxjt)vqP<hD|MoZiQmFW{z8@PPRrQ2)
z(%L<+;1lCc)%P=AbJ4-3G%KNui6Up1HN<!ioxurWpzkiO_`RoU-@Jlj#S-}$Kx^+0
zAx{dtyih}Sz!8i04(#!{@mBWx)Ai4(O127Y#hzRqV#ebaBO)F(()8DPLbSnp)6OGQ
zG)1_2pD+p3`CJPse_f_F)4BH~mVh3Ng9W$(F&C*QIXx2-kio*&@EUvR9UlH%p0@UE
zUNAn^-@!6l^7XGnGWCl)QuP({PWYkzCUcoyqsN$B%_X8;VPCbvNZvj>@&GzO#lM|X
z4(oRxdlSkM{D!S~->)%X+;KbS(qIFjO!j=;V#4;`2I_QeUnUp#+c2Rze64Tx$;+4G
zd`{Pmi4tMp=`Qx-543T>Jum38`WNMBa%4oF#+-dC(?!%<uUWc)%rbtC6DP&$Wsp4Q
zupxH?*g=1Md2hem+$?RnHD-HrufF`5ao=dA(^<3n4vEyRL92d-$BRp8D;s<F-VlR=
z#e2vDN3+CKBmAgP+&xfmolk4R&xlv{xN+vC>ETFFFo;0Q&!K}CA{<+r@E#WO7p%P`
zaI)6!C8Q@<Rc9P(1jB~X;U1W;$7Qha=5&D+(4|<t<(Y9$&67o6Z#P&&gIGdIpV5<4
zD_Xx65xa3}VJqC0Z?)|aTp$y}uO^|lv|k*1Uk^82eTf4Dc|9YqbRbtKT+Tqp7o`Fe
z&biYkR0XO2uCcNIID$0`8}x`Yyd;|UV~>7FTMsbv1*}On%LXUDv2iPl_*@Kb!&uy~
z_b(Jq&e;W-&M0l^WKiY||8D#PpDlgT<=#Vk(6#(3AGLGTuJatQK)rUDyc04>p=W1|
z-gE;-S$BMYhuSdPW?L@rdAYEBX1iU1&K5f2RHmal#`R{RxZTTozml}Wk400Qw2G5%
zzW+O8TrsBsYl)}v5gF&nw53xot=)WS)v&YkgelTttMKqx_XeK32d^Pu&VwZEW8rY`
zjR=nJ^_c27MD!M0@xZrFh&R{D>MmjYyTAMUl9g|LFwOl;ycRH+1n4FY2Ou6gsLLue
zt6#geP_J#QdRp^JzA0?Ss*P~vyJpA0PwdLc?WQ#Zk;k5hL0Xtip8Wz15U@<kcU59>
z4nd?I#PLM{8QmK(-ht!a4cF^mV|Q(_&y@=uPei9|X5FJ99+#%*_|r&-%2$g@Y95N5
z79}x0<a`k~-q;JSmnhr^Z+qUfRcp^Vm$RNWdo#@#{JfAwGa3MFY1}2Yy`nGuu=i9i
zZOJ{V>;=Vm4;bz}*c(UI3H*r#f7(IlCA{y_d4DHr@POlTvFN6?e6MG$TWrCCZZQU1
z_U2@E>|7Q-x6;h@#f-1#Ns~L|-0*W0K95$(+RtW`{Z_8V-iAZx9M8Rm@#t46l*sk2
z6eiM{7*b2~;snEd-^FH`4&np!c^c0E&<&y=FRM~}U_Hs}?xRn$_UE5_R}cv@sBg>z
zOi9iI($UWPlI%I|1{p$*Q|7)Yjt>O7-HDIzC*BZ|eP8-I*K9Z&uN1>q;fGOYa4M#0
z4vodoI&xv@z)Y3l1$un4tV{DgR+295=U2KCC0YY=gly<Yk)hI^{*Em+a!>U}Jl4|h
zBff@aKr9{1Xej!kf09o>)}V*NwHbT|1YgD-`y`&ftWcj}_kP=wS#@#+4rZ}x6Z_~v
zTlt#7Y;=)y6k2h?NH@isp0&uRG0J3n0l17)3-oY)Hl{1@{qG!2$c{gQz5jU_`?<RL
z?TI8mWzGY3Hce^bUOckObm*u}!prJG{as$*T)8;sq&b9q?mUb9pl47kEr;MMp+3%B
zkCa3$^J2Jo?N-<(#(_hhp<wH!O#+E3$S~^fBE=WOi0`?46zXQ@d-}G>kZ(y);b}tS
z&ks#g;&N5di%N80o$BPz?(Qu1f&06h!~g&TXK{IegDlWQBCcT9@ko;G79@VEF)g+I
zPQEx(A0^8RJ_n(<btUkOF1$6jom08z<~it3bWO|o^;Q**g7WoJYE#r=C&UR0XxWdj
z`EWeSgE88FZsUC00C?|BWAkgvsYCVkRJ&o3oi|QRz-2VYF_-(8Lf3Kj9IzBFK3;8a
zIwl>loSV=W66B091ZU4vrC(LZOBurVJL#L3B{zH;M>$<S;7k%~bp;lXix(T<To^+B
z?Ci~$wS?$p<$PS9x!%su9GCdzyQm<!8c%SbXbc#&Tkr8C!euGOiX`yTJnt{$9Pz<9
z8n!Snrd_AYe4*#AJ*A&14uYZF7nN3t_QcK(mg4edM?CSSC`g`SWJFlYawxTj+Wj84
zb<`|%e9lT2?WPQnGDTl1c^aPUz-Sz0&^PN`O-ulc_e57Cyr+R*aXJYwa7Ky*jGU7g
z_huc|J?xn+X4>~V3w%=2&Y~s-&8_^}zI~R~#P_>nm&NjOv?a!4q6<A$i6@Vqdh75@
zjG_i}@V=LKZHS_Lmqw%!u0$NX^q#<XLy%hZD_TD*tz^}M3n!+uW1C7C?IAj{`ZcIs
zEitwyZ?4PfrNhcnXOuTIt}rOTSKpQp8!}hXgRJoOz6H0JPB{4t+u6$whrqzB6{ejd
zU&0h-IOS#uB_*LKcjPHhN2;fGsGnLXNagVP3ZX#=eNv>4Bi#$JClGV^t!kF^izqq+
z3^NaSw;#Wf`W@~bIP5rX;=``81<q0_2VTOl7g6m}p3AJH;0Nk~=uYRMC+D(G*;Q)<
zy*&5Y9CpRlI?>dJ^+nw`{y4PXiPLRAHxRJ@uD$U;k7ZwqihZL=`dNnG_n>OLGP|wO
zN2a3{gjhm~E0(GF;Em69neuB1w9S{Ph6}k`Dx9NAQDW-G`TBm&f!(}yEbkd$+smk?
z_o+Pp+HpK6aZAa1Og;WpL{3Bcg@BUFCTy!fMh9Qa?YUhkLQ0K9g`e3wmQiO4#D3SL
z<a#L1wydIH9X_@Yr+4<Y9a}0p$68~TG@U)Jq~>QRI2PT!a_Xo6tVBG?=AlXQ?V2d%
zB`MwY6JHHQgNi?mTOsXNFVjrE#lJ7OeEKrbjB~zS65xJtT<7bPe2Ke|{o<baXFa_m
zqrr93oscki0@fHOI^+q8!rH5b9$bFib;Z^~k9X@+`UGd|h@+qnNZk`<H?ZOOQ|$Ad
z(&M>te{~`xvi-E_<h^i?<#}-p>cacbggjD*KrN60?H201w5RtiJ$vsg7rzo@3DoRq
zpO>nmvaR$efaZ#xz4bz9*@)|R4Fc50nU8BLdsaSC0PJ;NMjEV(jYT{!X+A+x6}3-0
zAeu}23ZdO)$Qy5kcS~H9{cZ+q>*P}%yZW7^Kf&5Pl?__sd_t>B@5t4(z5T?`>Ug~b
z!Fe1n?I~?9Nfi97lfE8}hgrv%Ed<sc2sSQ*Ew2bI8c}2Lw+)~eGv9v4Ns6wh;<=h~
zn#oB&m(`=01ujk2eQ_2_$Bspwcr%N>jz)@wJc^<91}Ore3mg}z4qBxNA$%>E8Hx|Q
zb%=N$LisuMghXGy3gN>iP4}$Un3Hf;RuLWeK%t1*Zk)TKx|~f}SeeJi&l6R)bfS%a
zHdOT0te|s|_%6bUY%Hvq(s6kTI-Rb4{v6_1H1uKc4J-(~0GGn>&_0w0dUBvVzYdg$
zv5#&Jp9{v1{5$VcqauZNZsON9ps$~a7`PTW2g>jb8Cdsd^iemVjbVOqo8(Q2w0q^d
zN!NB^Dufujznk;j6XKLk?CpdZrim{|A@V5+v_`(?961|yi1=PUTtd)6iXfnU(_zlG
zhXNFmw+la2)Mg7er7f`}|LhO1@#g_8rB7JNZei=?v)6iTYqsJnC13@gu_wXbq?k7g
zHL&-VMdUeA@i?W^j&F@zFfS>R8BA9&V4AK6kjYIzs<0e4yW{JY84d82?Hu9I9lf;}
zSX_8vze6IrZ&-`sbDNQ5z5S$!J}y#gb$Zy8JztGvoR;RtRRvGeCZUDh)l3waNNnG+
z2ernI`Se&)@Z2;FP{7ahe%>^bd8$=nCAs7lpS7YS8(Y%g#o#9}`L37mnWrH;I-lnD
zIZr`+9zttxtwHmz{HLvF_}Y=UIT7G!z~Pip(adct$|Rx9`_KA%GWBB5J=mu+?(Ms~
z*@%7_AZ}^e^{2SYxD0rnM&rDEkK)=yC}wzl-7-@`{qxv>3h{VJVH|Hr>B$(+Yi=O!
z#|!J6oJ%=<ZnCp(i;a?ZV<b+q^-48_Mi7Rgu71s`IMYrr*bT!we(>~>dwU1)5Z~|(
zKzQjsP(`&kqJ-Z1IdUg6tfDx~&&Zr}Y(^y1z{Ya;>wWxLCiO_#Hlig+JgkT)gN4O2
z={bhjoiFw4=LGUl`Ah;(NY37ag%Wb)<?G}#1ekIc1R_)W#tRw;zl(Al7sgA7+aBjW
zS-PxY=PH+utntSaN9|NSHc+XrtuE@)6`Jqbk#9%@liXX8p%)L;SJvze9Wszo7^{R+
zt%`@!GBIt<bboc`m1}#h!|sJ@@Rulj-!#o^5+16i&+dDADlShFM49U3rGatLr*xj2
z`8-B(AdUkYp2K&CeA^RjwBgF#X~7xhh$G=OU~{6URYK*GpCJ~k8twBk9qt>g7X?kr
zc=c+CoFYvok5e{Cq2g(MwXdnWKKKnKq8wwyn^sSh#7Qg)qn9L-haxVP>;V?lp?uKr
zUGw1!?0xYKfoX!hkmmT5!cDDv^4=5P$B2(ZSqr`|;2`Jo%1!@{G?>BdB}P4@LjgW=
z@vHr`Xu}XZD4T*4#4aa(R!$6fy}STk*l4j!*Q|sUQK;M=aF7SU%TmXUu(P{LTQ9tk
z@t2wH&(cdfe;(Bm6HgH&oNp&$XX<oocJTOF%NzZ;ZT6U~O`aE?@vgp4<*bip^B#w|
z;DJ}ka3e{w%Ib}d%s`AYdKO|MJQX=DUmsg8s`Ig!h90a!2(?(13y%`Y2z0rMQa@9G
zO=gb0diR1}>U`4m5z4Mmlv*t~s~<-d67jdN0oo{cYnUMU=RG>6)PWYF=iW;`iCw_=
zNhL$t2)?kRqPzSelnB)DSSdo{y`qQj*FP@5icAl?==b;uDZ&Q>7q#)JS(DsW{<;I5
z$P~HEi<D3Hv<T>hQn#jLn8nT9sPEdi(LW0@=LYwELUB0}Lmg>SY#$^5t1t6+juD6C
zFs*am_{{w8y3cz(A;i42+<xLl0$n>aqZ3g`XJ8Ilo7r}0a@NqkID%srUMjooy6o^4
ze(za%q^&c!Q>Y}w%(KN{d2>LEC3{XK<<XlBu_U~onNfH(yLMlG!>!GZS~LlX2rtR%
zTkBmWuzpim{G3zYW`LidZ*z|W&xy|w3%(op{p648?AItq;VdGs@a^spfj9=`R}JRg
z&1<Ra!I#kZOA?xULfH@OB~Lx@f)Cf>nb^|%)CebEZ5PA<Tv=MYR$4iQZ>hn6z7^X+
zSb};?iNzXCp3d@|uOac?3)chl^GWX;TTn@@Cm~(>k!4LJnE^a~p8oZw(OP5+5Xr|U
z=zgeS9(d23J%~uTpbyJwbPVDJpbH2+@@<fW#n(tN3lq}pc1ICtn_OG&C#>+vitcD6
z(b9X(F4R;C(YaaVzteG#uME$eK)Uh1!CoS1@Ro|F+m&H8<z{iof-0)C2636WJ;BX&
zyV0&++gJy?l|aX?d)R4=?!aitL)X6kxk@*}%DE4uc;|fqqE<C1^}H#8hL$MYi0mg@
zPRTs||9Lyd6aWr%?K;qRuCexAU&MpAkKv;~%3h9y8EPKn4#viL*?JguIW*(RxUa%3
zz7FO4<b*29v3d*e-Y+lqx7YMt*^$T8b2Ypy{c_|JTnM#afQXkCiisW4>d(G627fmq
zE(@V{C~rKz4Hc#i&0ky9K8IMeM-Q8%^RY9_&Q>qG8jDH7zJGk*)K_MgOK-S&=U$SK
z`{pe!zyGw>RCvFgdWPV|J7y}sL^G}Zm5Sf+uamE8p`fM6nF%>4r#CfVZe>f0-T}_A
zqv|<eTps;Z1Tx+E4#a^`DaxI<6)&k%ogxd|v&c7rz_Su<5SEQ>Zz`7AycJ#FkSxPm
z-&8K3og4$fTzTRy<(jV$Yco|DL#3`^T6*|dR8RF>#hbkeVs-_YeBXDMuYq4x$Q}bk
zXFX*lUu8evr(DE+Y!T{TVc%%fa99(Kn@)JdE|!DqUB0o5ZeP3F6Xl`^#8x8H>rL;6
zbPD7_Mg_n5*7un;sddmox~F?D!tIJMtz~;SW)r}9Zyp>j?D7+J8dvS9shGev6R8Q6
zxtx4hTETGOp07nMe{Bq9i%jlS4+iiHIp_#aQh1}Rgeg%ykT*?gknhUQ6a8!_ZeKh@
zRp8ik4ksMUt`$-Jjv7k@;Bf3zt)J$rh0s<{fhBT(|GTGep2A%|bL6X{_?j7YlRO}4
zzFgO{8w`Wiww36?z9ir5hr-`+^pz%Mma)&3cW%B9|GdrYYm7v}(bw6J9MUvXQh%(Y
zh`nUn)Qq!zbP`(Xw+C!sE6_-9(t&Zf0DsWGEN-e%;}AW_F<IV6T4b<DI&+umfR$Zu
zk%WZL$;NQeJzik3!CP24D&Kh)Fxi01b@#b)#}Fc)02`+7esfY7ypZt1eFB5uJuYL(
zxXDHNC6$mY75^UEv|qL}SW`%LfO?}cU6q9wO_e>N>*U86Pctd88;L0|#2$|$3k|m2
zpV!Mkp7GxIvPd4Y6Iu5#-+s!AH)g^B{bgZ1wMu5C>=W%G5f2L;H7tE65uCvjW=~iI
z$(;QS0X99g6e2?S-7~&^3+837_wee*;(Yh-?`7z;$FGDgaZ-aN?6W($8K*52gCZiY
zU;IiWpD=i|IC7pwKUv!{-3o>J`SldZx4$Xz2nNodVITiIzO}2Dm$yseLL(A6+>yH+
z-o|MtIJFXAX(0#DQ(AXMQOB~w!yYyT9<YbxJ*s(_4=YwrZ<Am<2z}KH-k)<5t{tc{
zvJ@~c{OXt=lH)m(iq=^eQTN)nmn6O<L4pyV4XQv)<RMV)r&%T7(C#G}7qhiG*YyFZ
z?tCR~gY~GSHm^(e6G?NfT^|s6#A<-;6FbT;H8nN9m<ibw`*mig2bt8(N(X`=zb^LM
z=VdKSrQ6vdNRf4bK#Fxc)!a>z%3+Ss<+I{Y`?&83%om^3;6l1z?W2GPG34o*hud8D
z+>$&0Y+~Fir0t150eemwoStfUIl%HWlXJYYM~Q65DUZ<H!c!&u)zPvRLq!h(h}-$-
zF%u^-VV)XWyF7X<zw01%_q!W}WW8nB%vS3q%qt89DKuspd8&1B>ZKF)fZmsq=&OJj
z_#A!qO|X@C_!d44{*^c;n2y=Xt}mR&)7@DTFQWNN-tnk&B#mr@Oi$$36BzmvetC#g
zsl~OXVR>9T0_Zc#yI&c)Lu1d2p@)Wu?qZRi^@s2saY1!y)Ay8|@65dS5s8A-@o~rZ
zqNVCyjB_a~=5gUt2es*x^s*wDOqcX9!u`4p>s%|wskz8AWqbgDu+X-Y_Mu%Q8#8@1
zFV;h3iYqT_L0I?1-5UWI=j@`8(QMKET0+bTAUR)8x5&y}<yn%!fq|m)ZAy`TcWmor
zK`S@dukEQu64&Z@p6>?NnjKCSSpXl(CcD3bDH3ik@BNy(>^(1>-vLWIa{cjZO-wrs
zZ<6t(GJTb0I@9b)VnHBTNm!%b_CHQbR;w?96ToAUT|Ia9g~Uz&&Z<@Gd?g%RWRt@k
z_GK9U^6Laf`gPiNGVhoZcDM3n^*6@)a3aQ6gw?}~QxH(O?mb77w(32<-P;9$VuG`5
zed#=j+D`~5-8-!J<R-c7=75kgh{nhu;*#<D;FAWk-i)gBROwS2G#09hdoIkihgw>J
zcaeh1_iMr19s*o=Qo&BwW%g~fzXSiD2e}<jMsiI~r1gkEY8_MI^Ihhk$At$z>#F%w
z{{6gp)+nOS)oTWu4n=h%oAQO&c-WX<A4!yp!IKTgNx#16I}d<hUYh2imkrM;e?wl&
zmz3&GC)`RAA8OHu?gx|F-v_u(qowH~vhcTjZyrfTF!CqPujK`qay*$*@B4#xE1$Vj
za?$$8_SSumEa?gX0;_+{fd}nPv~S}lzl=t#VbWg<$jI-i*76J-W&U~{Ue%tdE5tZR
z${|Ic`=6laHsQp%%b(L*9ADxCn1adqYyVf}-+p@DJWmAp+-&%e_(I`;o%whFddaC5
zhdT}}w%bc|as8A)^F2nS#$`V1l8L1AW)tVnZ@3S1LL3>^WrUNdlKaAi%Dr^^>!(l0
z?QV)b;&Lj(HT`<leFexI8>(KT??J(vq~|^I6Z;^5w};Mzl2Ehv9z4$Qh8N~a1HPr`
z*cB{ZZ1A+W(5?Hp755Q+8rA)r7_)Y{DfKcG%kii1tRu;9N%_!$vdhP8y869NAD#xF
zFP?<sXU){73swah8W1;3@#Nymm)m&2Ba;Yr<DkB5(ck&u7RSVa?F=MBk)_9$aqoPP
z|AHJ9%iJj8WvBr~sq^KIBs*~;IPwX?JNN04p`pq&9`N(|^j|#ZTq+aFCkXNJED8t@
zmg|~`ve4nh2A@8o_>`-^K-$^2rJ?E(wKCIra(Q#Cx$O8<1kQaJMD-wL4lxy-JG3X}
z(zMj6AbJu__iTahHs{@-+>peAgVg2L+{!RnI#6?UOmtbcam1g5!e#n=e-8WgEWq-l
zgqS1XN5WF-T0H##rRiJuVNt=ItF9cJ@q#B*n0$W5AhzMMC<*Erv~wL1{Nh{f>5;Q>
z<jMlgOFHCEP+0v^T>GW3Y6j6i$C^Ye{hW1E&lC)UEUWP9rAPd=#=Q*tomfyf32e^{
zM^uOR`$)ob#UCfHf0bwF+q3kHR8Tw<EpUmck3Na-{9*{+y}k<!m#6)a8M>V|Tp2hn
zaLgX43?nAJz?18~e|k<C{duJO79tuG^(p<#ezbP{)T0bSRJjm9Dn+UALSbuH9g5Yw
zcw6v(M*sAt!dW{qPq7|>_xx-xhZelabw8^@<Tp8Ci%$TIF+)Sjm}SUkWSDOeNhf^m
zC_&`~^;{1>UkgyxQ+J<OjvYaahWmzD>qNw~$_VvS6j_{42~*WZVA2H^*Z0jCS9U(L
z2*1PU!5GHNwn40YWgmSk=!G7-sXb@eti4_J1o+W2{+?h=)KgA)>=32fb->OC4%`&O
z?s(v=V`|MgvOd16J5=;iP2me;m`-=o4in20eup>KmBbCc)<Z*e>7U#`W%tBAJcXy{
zyPZnk<{g5WfqWNmK3WB{$^pdg%_tdv7{bvsc)<-d2Zt5iOro{XDcl97@l8(iOwO0O
zUo5b5zUFoA*4T#*qfhJ9T2JM?FnS{45<-S5=*CCiRdKR#ryqR2sD3XJi_oECyl`$_
z$xaDf%9JelZgq;s4ZJtrY>Dq88tfD?p4Q7(#=?&ucqk9aPh?)Ro1y+)%xxG)yhlgF
z;lS8%4?Hq?Q|3JNjdfCyA+G8fxWzkj68aPy34<26*wJ7A@y@I(iXMe*GGMoKug8Sm
zd#|@F7`Jx3XqtRAXE^m}pEQpR#tZ8$U&{c$tE;`4-<1m8)vwQ`(7_-mdNMkWXXe-1
zGj3PNd(3fAf}HPJ_td->w(lEAdE#jjcg`D%muc_$tTq7pMN@3EDptwV0jGE{1ho(H
zQN`ao!Q!%z=h}CD)p@u8?}Xe(duolJ=l^5gvp4|ME{qx1>h_6`<n+FY8A@34VEDYy
zDfiYDjP|dWB~_~^IXnApF{{x-O^{#L+$#?n3|zfnCGF;=S{JH3)9RQ#p<Hz2J>s_(
zSU8S;Z9<jft36vgMxU4RlNDJ|O%g{%69}Qb)m{4OyIkj!$*0a<Za{PM7lj{7T2bcs
z197$%#LqXEg(~<QET)xqoA6My^{<Pk9<d&6*T(BO9gc_Ov!5_O?-!RscXfcC-P4_v
zJIANvX&oo9;mJRJsf_<T+?9cNvdC@g-a6zqFW;>nD&k9ht5FYwArtL)v~mTtE?>NW
z22=Ymq%B8oop$L!I3Z79ZmC3AGgBdypWr!{cD6ATvc7u`eFy{Y(AN<EnzY~gx&pVy
zSkuVM0w?=Qt9p9M$t@o}KH&Vg@5aT?VR%>e*ql09{_VD%#QT-#w0~`ikMCFBF53oo
z@iKBwy;<4cjJwU{69fSuDtg_(no^Li`mUeDD4r2<rb&^Gvw|PaOGDQtuzhj&juh^9
z<L%0&LaTFe4YHqd!yT}Q!rMuZ5A8_UVPZy#Z!g}AH^<~8Qkc{~``?dB)BClYK>g6K
z*Pr6ii(u6pf;n*_2LK|^lYLr#4Mfg_P|mqEWP}8v+zRP&#pJFyK8a(QzzlPr`ja<s
z;?kyXlC<(Nmr!@4@A#6~eKK5i4kt*)Zl5hHNS;2{Utd%|mjq1@_E#{Fus-c_9pQ*>
z*bW9D1FY3*cE+(2VRgBGwSFg2L1JyG_LiX_GSsn9qH0HfVGTBEtx~~dt7c$`)h3R;
zgg(JkL62JeyIhu%a^Ws*X&yKn5))4dXP*6C+S)7jqTz`LM1_;*rgP1ZsKOH0o*sUQ
zM)J<?U18}L(Dvw~(F`;^;r)V6Unx&@zn{y<y~gc)x})GbBYUt{4EFhCVzJzK*=fI%
zAr&}L-dEq3qL!lrHhJM@7D~5smBr<{=Y?mWjy}MBt7J9w+WUk8w>{Sq-<!nK(_iMK
z>9V(=jTUE4-Rt$_-XXj*+Ob(6ISn#y(Pud<(|cGw`N-Ms7fQqKG6NOY>T!v=hvCo#
zvcpx8c1%fP&@W`1;P|?ICcqI%{`7su6~WIknjcaKAG#~^)r%`Oe3w`4&Y>r@PVbfj
zVerdgidr^u9%O!JS?LE34I|~Ab4yGhn4fkys4rSHe63oxtIvVQ0?PZ94C;42Fy}o~
z+9U0o8nqrkY`uH#XO){N%}-ArsK@ScPRj8M^i9j|vn#x_S*3OKGq55u#ufmK3n`+N
z)#=y1iz!Sgf7b7t{CUj#f}H71R`SO>ZZ(wNJOZZ(>5OQcc{xi?P(tGq%;(KKhY_8*
zXEAic$)dO7__?bwMlWDRLjhCH__+gLt5vLly!J4LjMX9^epHj6Ngf6Idc;S#9d1QC
zaQ6oA#zi|)okzu8R!$%P3O>Hpe&-aq0r-nfxHQ@qCfs|I;Fd`nsRzNZG*H0B&k1Us
zYVv$lNpDr1L{N3fM>Vl>Ug(8`oZ#jck1)T;vN6}%E$lKJy!3RS9Wr%%B2ealm490q
z=dymMmzP9^$Ldln6`7>ZdgYi9cb4+kO=LD1UYt8qfveOpV-)u93tZZgWPMrj9y!6<
z%tj`2xu=3o%+qVBW&1MPTN!B&^#b7<?~+Uth@R09j##{Mw}#$49VlIhAfqSQ_~`Y0
z_|pBtKt|&sAA7-8_@$uic&P{3rh}*lvh~})Jm0axXNXif=ATLAxE(s0etPOQc0S7U
z!ab;TzW#@JA?T^ARw98J`7C2~=N`pI6jJ*N;~}90-s%j#--eS*B<cmI@i>=89{Ygg
zEvzc0d&`do!&k_8sx)g1cO_O&xul%XY@6tZ?v3<Dx+$56E^3}iO^v7ciN<Zdt30Ck
zV1^#EP<+mp!DsMdfWK)pNgE6lHg~t4I5P4sWg0_!qD2)~!?Rls&eOiwft+>P{M^H_
z*74B&CFQefe2?y&htlA8MAPnEJ3{EkKF<x~w2ZGr7qgAN`wyX_Q^zP(s8EmJ^Rm$W
zJll??Vsgsi`T9R@G>b@(3^mgem5bDI@0ME`Q$eoZfVr#&_s|F{)B=s^P=Q%g$D6uG
zWN!M{5fPm<As31*-7U~Jy$;rAh_OeGYETPblC>w8=9tk{Gc{L9+Bc+XJiGM%>>P~>
zgOQ-8x?V_jk8m~h7>T$pV#vzd9#VNRH~Hq}r$XatOF46t>&l6n-p&D;5Tx&&<t$0d
z;9bCh4TrEpabCs=q3gT7hPe^mXWJ;Kh_>?99Hly~v;kub8}jv?DJ?m1NF6!RoR@+J
zZQlfSPxz0`AN~8l7g+WJavHykvV};1^k!w`H9U}C-2^tFVb3{|>PYXmXrZi)RN<n>
z<}x!pc!)~dQ4_O(M~d{qBk`T1FujWOCG_MWEQnlpmh(-S19h)Vej6`E=1T!}WvF;$
zN!0Mo{pN2c-pb?j_00N+hIWyeg8MZ43ti@>GJIcp4O%;kb&sRkTc_|{)y|sz46xDL
zt39%?By0i>*0dfttFqVR0#6RBJ>YxkvN`yHnpzv*=wGKxU7=I?;7FlH_h^<cx^nM|
zIGJe@^nPysk3|{%=Ovj<2JXpM04a0nbB4UjI(=RKeWhzW1=P-*M(bD$4`#bzb*#PL
zXB}QQotIrXM(c&f0gfPdhd4*cZW&?BJQjzKow^W$6B*1!`M}XLcMrsE{;XuP?7R?i
za%4L?D$;fNFyDF;<l8p0I|xHXvk#Jn-Y|F`^QNm>x)17ni01lj=!3yTkJRQ4vii^=
zu4E?E@@Ttn(5~QTF0D=WlpN^Y@Vs>F+zPE@!xG=qro-%Xk%FCU1}>a~=US`_goSv>
zQ{P{2c>&^X=6%U5zqTM}a^?lBfOBB0Qg7gJ91BWaP`2+eKx=G#zVLVo#)p!Hs=q!n
z@g|+XNpFO&2QkHQpQG~DWeK2|=}Wl-mJ~*cFORd($|3ZU0e<j$DD<977jB3pMkSQ*
zJrdbNkrC1?A8YDhc{MJN=c6Nil6}ZAs9}ehls!5U$-kYiCYdL{`XHQ#??vqqtRxQt
zjj!^(vVn=meQ7NDtLtT#4tk@#q5BnZRxB|J&r=<p_v^w^B6C&_MBdn^|19C~oB+h@
zC*Okm{BgOsP_KQ3?hmfzxOH5;IOgsK=SpI_F?%|!dpMmz9d#gb$<Ny^Y{)QfAI{q2
zE2I|$55*oXbm}I}5a#06${RMQsc$_nO4Pmgc8we-roNl~C@yPILX3|l;#YK%nc!OB
zUD=X;FL=3r`^g%97d65Rb<^G-io%|DKW@iwORFHC1797mTwHjQT4wDF&l6Av&dGmk
z0R8jm*S7a|RWwH4$1!urOG~9bf3Y<&L`ZkTX=;;Q@3nrIWsRzX$m4)TU!<X75zp;&
zVKLtVpA^me9^(1>xCU58J;k9G?80_u!u6bn({A}>k$&a!jriclJXeX=*52%`L*bgo
zEKjbdJv>BaONETs`N}>@CRP0b^w67-C%aFH`u`ZamMl4XR=FkKf*}vF|0Ug{tZ&%&
z_@CLw<?hN9f(QvBoCSFd8d=Y9JK`(m>YrjJJoeY|UNn}&hg>XOsa`ynL31VH^2c$V
zorF)Ci^>Bq%ROgf1G?Mqk`H`(daQ+45d6IlI-h#z!RP`p=g7zFu^&gD{shq;q_h)<
zx>(a5RKX&hTJeAK03_%<_Z!gCgm6`3K<auVjT}L<UZg7ace#`(XhsE%F5lRj&GzKn
zIdi%me%FVkG-FXUZ0JE13`L;#L`o3d;SW5WHX@nz8yKSgFkiBEwU1efKY)FJyK3%D
zn`5V&KXWfd-&2r)Dk8o<r`10B2(-hH=dqHeS0p{~^K2c#qPuggKl$<Exl!GuNg046
z{g|3wCq5689S*1WLhX@s(Yg23cZ5)aP;61}t0};U`o?<l<1SpCQ{ApNLGzn^%#-J(
zg-d>&rclpq?0Q7D={yclSY)os-19hTP1$vY8t#J^)Fbhc1Y%3mS8=C~Lh?={2j$oG
zgd$(>&m|ZSvHbkS?tYqN5O{pehzZ6ZVO;ob_X|9=UK`)^GKp8o{RO;pzU*Jr_f_$P
z3#Zu6c%@hmZ?2qDqB&-9u+o6r#ayZ&<g$;`tu6%b3#@$k)tvmKyJSzD%1_gt@8^;P
z#JHAUSm^HQi+x_<^b=JgS8_}bp3s-wp>F2I9q7+S>|9%9*ax=3HuS1&2Fay?7K*QT
zHy?e;dmvf;EYjoRi&wf13?6v!>h7g8I};dv_8!=<(|bUqjm92>p)ZNh@f#ApBqt|m
z^!*j5U;##*8!%8P{g$yEr_W~e@IsPt>v?zva!p~A;EWWZDF~jKDFJ6#kBj<3D_FLV
zXy(g@$vTbSOeS^53Ht87yK!&H9r^OIqGx{tRN#LLFQ4=0C2+VKJ7MfFgbLw0*{WSx
zh|6jeRz}|3*MgyA=^pic^b^|OW721_GMU%(bNPYcdphB*L!TkJEDh6A`Mp{AdgX6$
z@rwginWMs8DwLS1Vn>FL!Z}OB2I(s!v^<53&2_R4gOQy|gku_Rk^$}gS#&}^tb~KB
z6T>^9bqgP)nZmA5>v$^zhd&`pit-wN3zmtMrIwPr`B_gJ%|h7tybV<@dYAEGb-oCT
zxsI5~i)wZ2B)Ml^4Zbxf2g^t@F;8300$w73;yE<#$$5tnp#2LT!Mn}J0&JnwVfq15
zaM(#bg5M+js|+k0)Ol+dv~vK7r@tHFfp3`4zGnMg&neKC7gWVhVfx4*A>X)Jxq^#7
z;llyb`AjVo)}<~}GO?75vWdZ{64-;|c_Q(oRC@UNh)zB5kX|aMRvY`Wz4v^W^i0)$
zhGZs75;cA6TitedK9FHNJ64vIbE)qRN;Byzl1E($7TR=0A5D0qPCks97n21Y0G%@p
z?!(21{%OPEk(a3w3X+3-<}{G;4w=;HIYpN)#5Wwgebet95ITBZP@R5x;3D$d3<m}j
zM}aKVKlQX%Dv;dwru9VLSXn-OVLkhLE#JC02R^}^SKp3dFb=oS9iu&qeX&Bc=XOIL
z;g^=zWDG!d3C#s17|vH5#jmI^%XtBt$S4KybzdleN5<fugV3-3e$CyV=V6JTfd_tN
z-ut;*3T7>&Fq&iG7j-J#Z;)P@8&MY3?40c&T4xc6a)x6>SjF-}kSy|whrNxo^Ikz7
zA~@lvCC>rPlXVYColS(dlb3^3Bo+|H@DhB}X8PIGVfMXKQ89goDdQrs8jgX}yx+Td
z;W4}#WICpouOhdZ0={CGMfZM96M2m<se>z?+?#w~kXZB%?XI`F`lSgY_Bb8)eNwYE
z-8iHNk|`mL(pSg2yH<iHQ+SWFQB|iv&K~CV&wc|S!Y69S9x_rhvlnz%_Qt1^hts3|
z5V~HWbMC!flKX)B!z!t221$4jY1b}`TKzrt<$qrXXVyb;HVh}tVo)qAA6yAI(vJp5
zeJ*LJn2u41rxSNg<E)|Ded%e)JDMNqU`2abeDbrIoRCkje9nO~PrKmQ59Q~32~vAc
z4>{Kgr@BuDu0j-@H1$t}Ath<~-WSPg-`RGMKx!6leZ!|IQ4G3pD&2mMwH0?uwu!X;
z;r0Es@Cm`O3QVY`o<X*Yk9cU*qj3`tDhbX?(;6_t+Zg>p#>IprdFkffZu4EryIKoi
z@#5noV%t@Wx!-a5r-I|`eAs=@U3CplcCnQhiTJrTa({9QC4?HXxz)(d9m18)HFrM&
z-Cq13{I>4r;WUqoQmZEpD0gpWk|USVr=cxx;d%)?OnMXjv$#4WBe#klVdn6@L4cji
zt!o(qv1F9{Sl2=vs0)UE`#k9R$=Vhze8MT3p=_J;is&txV5#_ZjLX>`oZ1rD2@}`N
zd6cv58l{1oEvf|I6`^m6{~BoYd6eS;X{*ahc32pWKzx^Z^uEFgHO#BShGpmTRp@;G
zmAU)tcECGyytL0)^6@#y)hco6#OZv<?2!|=CXvl4^*AYB9l!YA@=LjQO#9f%-j)JA
z0U9$hFEZ;sfOuk+rCgHyLBH9Wgt!n5hi@Y0cJ8RT=D}|c|N6R>#8Ah%uLzozEM*>>
zn5Ci9`(U7a@?$PRmsajuqxCpwbew~aGMp7nFEV7_#Q|CbxC=Uq=1Fyd78*}K*0{t8
zTdk{XEeJtesE_=osh(iHpQDxOBc8D)tLIXA-|?ZI#}n_2&Ley^+3jvn^Du~p-@7P=
zF;b0KmN#$dAk;2zj21zir7S0vc}(?~CPE_V4WDD=iVI4H^C?);qXlpbk@D@N=H*m_
zBlo*_ombzxaHZ7m+q&41-EvIQ+#FJ1JG&1CxtYt}S9xiXOW!kiW^J}P9_e#Y`GhqI
z(20WI|3vlgOl^<f=8<#L%ZC$-(_APH><C9gKzzd$Oji}BW(V%NO@e;?=7+v2;`NE(
zP94_Vz3E{5V7T9kA#3k#ChXHJwtvq9#NVRLr<~C8t#;|>u4GHs=|uvZeE9u4akA}k
zzC8CZKLq`<@`+Csq4w*-?#BZ4t-m0F_9xHwjr~95vDt-_VyP8HT`h56VRWk=cU(T0
zp__PKxm*KNjJyfECq@%d=%ZHmEOKgpC)bx;1z9W*G@Jto_hw|>7lzeUwR9fv&3$a`
zg4P!Hqj+&{!mBL%xk_$bHxWZL*ET%K1lA|dW3!U&XeVOr)%bm1BbI^t%B_SL!bf`%
z2(b2Hjyfa&sd5r8z-H8W8P4T_X_mZ;_(`K5nfK?4$1w&kZk&lkY6fJwP2ZwNO-}YC
z?RcGkYJ48c$7CImicKy|5p>Btc{4x1@J}KhZ{cS==cWX&8a<wSwG*M_+(X)IWMK<A
zS9gwretmLO!s-&h@G7kvqhB?vt5`PiGMW{?KaB?`$lE6m-@MF1Rnk2TQ#M%0-EeSg
z+xc@-J~Uh^UA^~}CdSXsBTs{Y*CTK8FoW=tDfMc%uv@RZO+}&lB1;1s-tVrRq{Ehq
za?jz?d%b^VV~|IMy3&+B1<bhiwH|1_c)Zo$uqupq=mWfpX(q?N9eP6Po`H#-?qt0e
z(W?PP%>A*`E&lp{8|M+`Q+*zJ;Gkol^=IexycB*epnu(#(8jd%f(Vd53xbM=B=1!Q
z=i_E^6Jg*+o(k2v*jN?!?3(Loj$2j_*n#1a&-=E;oaIC72*;VUW8eOFu%Rxa0N%$2
z8!7v-S$(J+SinIK*1d7vxUtKl3-BA=eSCW`?bAA9$rBS6hStp+57tom<J9~)XHd@)
zQ~`I{naS;q9;Y+M63nn%ualWPiuf`l%lp!g7=+p(x%tw`!|qJ4THaW{vU9#;nNi1=
z1UQaUeJ8&Z^a&A8eBY5&*Fjsmk7rok>v9L&GK1H*_K?#YpG>G|BqOw%ptvb1S0CI5
z_s&-&BaI(<JV|;$m1!-)!0tVqx_#|h$G78|9+|svXU*XpfVo2p{+P!(b=Km+54$H1
zcY^M%B4ZghdR!IrQuba>tw;FpARH`MzIy*E1rC2+5qt0AH?ptX5bj|U$i^Nu?vDPJ
zFpI?>udxTx?ect|T<&YT5A+<4qYkk>8)kM4#;zK+DzO)Vj>D&BeCOWfBZG%^GL;$S
z)MgkIbzezYQo&<YGWd0Ihp7lt`P9Wk))qq4;*bIo*9VoHr~TElx8zbHLi~cI`(ZTv
z#45#aUf%C~l9q)jsFLpEbW0C0VmH~rxaBV)jG%6LoNSu>OkM&%?|tc*vv|x>1P>0H
zA^`Sho);97{Rl(fQv2FA30+i%E72k^sHZbBd*k`+4R{^z#ly7?K}SqBY7Y6_8`2Ll
z)yceeFQ?JD|3fi=nPXSsA@uKhPwvEg`+wnT#kS6d67OlsdrQzenf!trIOs|b_BZVV
zKFF_9<Y{w;xBLh4I7z?;Ino75X5k8bc}wazrZ_-)kcZk$(Ubg>K{u`vfukhTJ!Qz&
zUsH8skC5%xWDmHIbw1++hZ9$h;da0O^!W;u)ORqG=a!{jj?nyW{(QWY)e>Cl^AkoC
zI9@QqZF-V;A>PiXF|hP}oaB!At*SOoB-_fGWy6=clcV0kGZjzR3FjT7``P`A0PIP7
zDBOVQQ@(we=`7#r`wh8*eS^9Fe&AHrF`?FRn*VNvI=GyzR3#+p^S`W5e^@RYeT*`v
zPNinY>Z9u3oN2}Y*&9jb5@zZTl>>k%1+$<9AsW44GG>M1ptWf``Za+9f37bO4)?-6
zLhO$#%yt@ve#R|E3JwsjTxn+oKJvJQL`;udoVrkALXT?O@kbcsas6|2GhURpj-E&9
zH@~;4QYYs6y^+BubAM97Co>OOFJQ*hOQd=d&iX)jk&E2E9j-P!Ug$A^RxB;~O*JtF
zeoe?!B5T#(GF^jsWZ|2IhwaV5cvS^Svi3V)jFmOhhmK_slD>86d>F=t9GcAGhFDq$
zkxtphNw-ZF)N~o8T~0{U`6i;zVK4Y8jWN`yRUORoxEH}6>!|Y(Xkd)qw$tKgqJ1`P
zh#w~p5=W3_ex=$d71ff{%tHJnhe_mt`MVhW?ZcZraN<+pj*8%TV89#4``6D}SSp^b
zFNpvj#Sb$Y$UT0RDS~PVAErIodOd@km{sX8GNBS>>2-BhLo#?l&A0B|<66WixZ`^4
zC+sKbcWj(!BtA=S9VL<T>56AMT+AF9+-QO!jd>Xq@lv<%05V!^oo?yNUTlv;L9pcw
z46k#Yefp;Cc|1iZJ`3`yUYZV4)5~_OvGv;hSY^UKq(FRUc)$Y}<A@v!Iw8fg`H(Z>
z=e=~OK9xBt*>9L>d52%7EkOkn((gp?{+dNvRi`}(10<v1=V!f}pTS3dwTKJD6wZxh
ze$dl|&cDk+)mxZDui}=5(#U>gsHr_d7wZ@mxav)E!SfLGELKMz0(L-I8O-G~#_X5y
zOuhgP?rkDcgmeo5o)#;e6K?Y2+_F{xY#Hk^%dGd~z9-Aut|{@ne8P6F)sbTWU*Bj#
z4U0p<R|Swk0OLEB-+-bt1&t^uK{M67SUCO|=v(%I$<nkhX61bT4(ECsmSi}^>Erj>
zc4C0y^cs}h!nJLU*=nu9qB~ac7|JRAoZ@|uANBc6Ir;G%l$&Ebr1ujU3QKKLpG!PW
z*So0lCESi`4NsK~!p<N$3MtCUH6j{c7RecU#0unBI&*o_92>S)_{y@Q<joJi9!fcW
z0%hm1r9&qzI@QFo4@AX<SuM5pU8g&BxrqrqA2V^vJ8!Ghs@&Q%Ky7w!zd@tldC}SH
z_|W#y2VD^7^YBs8Qo(zcq`Na(O9}RNlFGSb7u_R4ZzX<{P2-h;MqlG5lAn69(sQGR
z@R9#Xea~W%&MJKHYZQ|4_vii0;=gfUxD14_Q%(L8%|73)p6<b9`D~Zr;?8`d4hNEA
z<5E0=wjtI-ZtA9aV6utQv6}tVBPK5JYQ_4CAgjeto^q$jUwat%fyWgvmn2Qt3P0U}
z;%jq`$7keaj_mV|HZZ^MOeNnSaEXEH!<H)cH7n-VHmK)Zv}99d6qc><9p{LdDfQ20
z`I@z-#~1zINb%LT7s=ePoizXS_Hz7tc9^ptuMujyE85I#eQmaB_sn&7>3JJAkoGRT
z;{LNCU~TkR&fz4sI9ZeaT`IU^LVI^^heH<i0aAO_`J(QXmWoA~Eh2e47rN+@``MAV
zTW}<M(&L0k(r&B6ZqRuMOnWI)Xj)zDNS9`OCU9CYHnV#Cb5KEDp9#`Tq}uNU{u(%)
zl7Ol+%P&xt5{27q!?HSn$A1GeftSYUZ9b23a7c16Q1gBP;E>l4PwZotu$u$G?s)vg
zi{TkQcSofgFb+IsiQmLC&-CX*T9uM@I^dJd;qc*OD~#yT*Bf6JLZ-cWExiX%8n%7b
z(f{ltx~JzFLk88Ld|q%4aJc&d1LmWAHlLup0HB<F+3*HoEq{YL)zMHV$9hZQxVHVQ
zr%){<6uz_7>Kl0(xcEH4Dk*1f`X)x_FrW?-w7r)zR7c$JL3DT^`_-)nLEY{yJYI3{
z(2;!~Z(%3BC)$xLHe#@x<dNC+>`Ix3=|nK!UcbkpM5=CtN*)oZO<})_l~kXuEaF8(
z#l*u_5B3pB$Vl=$O7LFQ=Rot8SbEI*{mcgnFEe;TeNrnyuXb2)Wf;pPj0^XE3V%L}
z@r^Fx*_eZ=zBnOzfwxIN1kHwYS5O~Q)PNxBvGloi4u@MndVXZx60p!{A532O##>NY
zg|^guk@}%i?GIl)G^8quZ15liHRvET1*a!J79N3jZ<tovYL$!Djq44BMJ2hESAhWf
zp}BANzH}a`H&o`>IiGE<5d<vV^G#q5WWyba=KWkr5#IwTj-YdQ$8wYaj=TW<?3Zua
zdnf1}cIWQFfFz|rGGoriu<jK?IsR7Tp|+i!w2ZXR*S^TTP3-ZRC79ad`2bzq!-L89
zgJw>WY-oq*UMN2qmxDV!P~)bfeY(it>zDR^ULSnuHdi3heLU^E0OmM#)D^xy-&cdn
zMH<dL_^@gMeBX~OTeYJx3N7cHm<a%v$0?^LvoTi@<WaNQ(1eORN&I<jz>C;%dqEd{
zFM$)?or<Z)8V=>@(SC&`{PF`~r2MD<m(!mY$bg^6GZQ&=jJTUcv%a4eL<U_q@Jqne
zc=_vvkb>JtQKCyi*%x9_Y1@e9V%_TxJNBquFLAp#T^S83aGExB(#IDYavw;eJ5I@Y
z;x=@_f#9%vjWVZP)>Gb3Jr90x<9D*hKnZW<fant`?*)N4*UrHDV=6<Yh-3}<-Pay)
zyh4NadG>oAjEBuhNaM;SP`S!l=Y*Z_l>VyOUeyEO>V|%etR!Lc^Q`W^0f-8c5*Kvm
zv7mGF^5A;lr??}2JLi?m?^*$IZ^zrkf-LWw85Fn)s6-NV5%*!tzDJmp(uq#Oka>)>
z0ic1|@!1OcrzK?QF=ML_<#Xz>q8ZsLhM;{5eqM2qo=I8fd~pBmc`dycSX3CoClZV|
zJHB)O6mveUU3SCv{M-!S+_atXTrYiC%*_xN6=ih3x+3%vTU4|wn}J5%;hWkIrY72z
zu@LRkp&S>C<|=N|<AQBwk8`21#io6uR7s9_=Y?OE;oGI2vAIOD^>bJCi9Qdta6cY9
z@%_`iK*tGxq9G5RZ#+uX%cETfj@H$*5roCh3aP_td6!fisl|nO+4;&G*)6^EIbBQJ
zg|Szb&We(IO03R}Y?Ng@HR47Wm-I4w0z({*_L=!Ee#^7C;324oWwdYR!<3T+6&Cc^
z8Eoe#Ufd!&^0*)=wgi5v_OJBLrwd3f;A9sbTXAEEudVeq>^ye&(9diYj5~B4hjS={
z8%mmq&uMP&``8r=(rWX?&v@}xgTmn>p?zM=L<KRvZGTQr<abMLw7Tui8CXL1XPtVj
z3-2|Ry|4Oy-tjkpwTHh>551rdHmbUb=F1SRY)N;yw4Id?Mf1JH-rDX{M_=_TtC!I4
zmjpJx2Bv%*c_lOvy7(pedsI>n)aGN;T;9-)a2D?D9_tGysh9IRelC%V50r6Dt;bab
zoVPUzY(!7I^hK+uqiK12<}vZ?OF@TxKhNr!98rBxu~3<6_=>%^g$9pmXs^`82dXq@
zVG2~M>ILlkSix4yk-kIa$IoHfejj)hTbJTbt9R!=uaeo1R**n1-!BP7o4N|@=fR7;
z=q_RRv&{K!%|1gF3IQ6+qoQ0dPbj$zxU;SRC?;i?KXO6273>c*VjwYoQ@HW)h~%`R
z?d>YqXc4R9TB`&n%muHypHE0kefU;Eoc<jj&riH$E-mB3w7GbMdT#L}QPIa88PiVi
z#ZM;B4Eb0)_6;?kPXWw=wB+n(n<v~S;U4woGw+`yAa-GE1oeIw_<X8IVgtW{`H1sD
zf_99ovBRNLa6$bg2<Mr}@=zAZ8hEG}i)Q1h&#`gM2}iI8=t7;WF31S0p=zjsUMZ=E
ziR(MS-&=am+qxJV@K1k%M<IQs$j!ftsNG?4-jvK}0x03Ventb~RJMtmsUbVOl3CbQ
zGDXL5r0b?KpQ{%RfY#?A+z#LQQq0^w#-WwrU-vGt5?OeMm%}h}o-#y8s0R;6Z_qb%
ztXe+Z)W;tA-33;#Y3%d|`}xqq8MsV({PR&)ConyJ4d4a@XS#^_0w&Fp`n3b05oRU$
zIca~IKHL%K0j-zG@Th5j+JWcM^$(1V&7n1|;_f{68%kJGv$F~4M&NtG-4OFwwai1p
z#Ub)dhdBARZZDpk&4>w&RY2Y%MN1l<237DIO`fG27tVo!DcaiTc@^wy@lh?Y$A`}&
zN6@4f?_I}oj*Nq!c7%)}T!1^S-pA{~HI&n3Z~NN&BCUIS@@HmLjCon>z8c$nodT{c
zJ@C6ztW~42P<zo(?4?D`qZDt~=m42(bKD6I$=TsP{hevK-7=*?r8;@Tp_qL6qOJS;
zn9Z6Ux{3E|06Rd$zc_3|1-&m1Q9cribNlnXXE!);@!Ugq{pa5hxABvK3NRv6NbRq?
zp+A4wwa2qx6nmI*UK8aZSuvTgj2h^DY@}bw3>vZPDq|wy^s+tNuZ5WX&Wc42H{8mr
z5?{M99n^r!o);}~AM%sPvD%j|(RboiYf_+-#d!QwEc>HAYKWXp=??<b5cNK!TAcOv
z3B`kgH*y0oMHuuvs4<N%A&)(L_vx~nv03$|pnUXLC2kigdIJ4f6y)!@V>#WJ8hf`g
zB%_a3x>++!YhxGm1Kq)f6D}^HHlu?nu!b(Vb$PO5-&ga&&fC4U78udimr5Ffl2?XO
zAM8%%1UPzDK1VH`t(SWkG2`R~Gfz43SxX<YOKUUY&8x=+H*i4`AV+T=SQ<HzWb}RQ
zIsVWTCl?^TSA6dAdD&_YObGD_&pk)++-g-0+8)4t7<_!h>>-DIsIr#%^LLR?-g^AV
z%#K0$BM39OK4))b3LjbUL!a{4@MoyXh?iDPl}&SGKDGo`8)ROxAfo%;LZ4{OLc~`m
z4sBo$*u!Cc`i}BpdmQ}iycNH7U*Lh$_53GSNbY$!2;<QfOY`w~C3H4S^*rL5P0_FN
zDbr)k#Kbs2WCL^72!!T9eVw~ic*g^1{94_kMa4%!B0vuAd!5pzc5UsWUf4%DkHZA+
z1%9|KX><+h94eMTpK`XLelU4Uu!uNqUMlXulnO8V6rPGd5%Ot$uShFV>@2;?W_`ou
zc-?yg!OvvpTZRico$N0mMIN?@?C{4&^-*9yUq?ZnqXk)o1y{36_Qb*-oi4iPlJ+BX
zV1-66F?EJV4leFv4(f1)=M@Snbrvl{a8-RN;8enJs1(%QPUnz{!2qIRp0zlR;`FvZ
zS|53(S`{DDCBv5_e6LX3LuURpp(Qh%T;@aKF@E;~w&v9n8N?CgB4jo%M@qRLWuF5>
zDUaB;>Erw_rp`h9H1~u?0_45WCffCWl(x^1;z@bT<KwkOSyp$Cte?KfvhN8H^?bHx
zOLjU0>6L?rqx)iBpW||RV~cn^5d)CofpOc4qdUuz34IaD6)&RQdyt~QhVSCT^7#<v
zF}#-+AAE|h$9+5by2wkon1&QnTD)$|#~&#2eoF~Xf+1GfbR}~;kh;YlI~0A8Iw^(m
z*ae$<n=gh>q{X!b2gfydr5YY>9u5@Ii!cw>P(?hpc&IVDCRTU*quDv3Y;l;)^T^9L
zw8WWn9aH$e7kr~1eO{AJk_P;^3WK%4eQ(NzALG0}6b_%1z3st!ZqTbcQqb~uS@`pM
zSx;^p+<vJ%j<8OD_WTP%QGKVaOwOUWiRP}JcI9zjIG=smN`9}d6CYSSM{G<L(Fn|`
zKY#mjyB&bbGj{~-6fZ!5_1DLn_wpeJ#p0{G2qhbLyaviALm0T7`KT86H?}nkrSh9?
zWkUASA+0Rn!BZ^i8FQQv9N;@9J@ZnRHdMMw$qU3PhxZ_OBc?yIoYAPpK8W;)5Xdm!
zWMegsEeGnadGO%qCm`|I0T%jRmOFI$mv`ul@lN5$K76DC3Lr0cUNUe@-v#fn|3>QX
zsdEF8^5xr;f`tP}u0&1iwX2q&&_`GZQQr?Cju`mDKTRlUZetlH#W|_6i`;h`eB-t)
zVqJ%OR_mOW?j;Kng}!bbqn}iN7fTjJXc`6w>&$hj9V2p1e?)9*A9_r(^gQ&*!V&k_
z<2Rn%uOOEn!aHb#1o1E(@HswvPFn)##RSc)_zIF<XlyIySRZGx^si-R-0o*mP`3W*
zPKUwdR6decZm?oQ2fYu!eXC`fFQYis=a73=t&BPGQ4S?9Cqz>DJni^lAGnw8lcM2=
zStaDMoEwJoBEEZ;Mu!NqKdoX~Yq?oQbxQS;VNlW~;wt!D@Y0%1j8)&>wiz5gNCIZ(
zEIQwiUMCvJ%@8z4ZIsG7tNr+y$g+vZ1KDE22d+U1n<*E4hv)`sbdZoO1ZE{KhT%C!
z&as8#vgdj}KvccX8W*VGK!Z5!cU?Ocv(e1AUpf^#{;4FKK9ghea(yu+@F7OeT{QF6
zgo00ov)ScUrjS*!z4yJqJFw;1qyaz!(Ts1u+HR@Imqh#6lDDsuPeI=1NIjhK5@0ku
zKzbGwq@um+zA9TboF|vW824OxsX0pMUIOe%$j03|kxjC!XmiX8UOL6Qcl}z|Wp9#k
zD`$2e8*bXDvD}dQw!fA3DCY_|pS=%1I&S3RUP5!FCdUhpyn0}OKb+vArJm9yXpyj#
zS=4Mh=u)W7R{;F7Ux0?PDN-wsmgd9P`GN3P_h3v7v_<j)o`-F$OS3-l+=-W*lmGM`
zcK!3B8Qy}<okpS)K$Q<}(66tC*Z^zh8#dw1#Cio01HB)aEW8M)IC=f(Bz(F`t<gLK
z3jKDie;ykJ=t7v=V)WP%J33?0B&Amhb=Z|X;P$E6Tm;*A^x;#Ml|HAD0&8{ZJ88C1
zJGGzK*jg}ERSxs|EBvdD(qIpFqcIPrA}a!LJX9JSwIfuIWfMA`epy-<2jXGGV>*32
zkzXlEnXLo|tj?KDJZi-Kfa|&0pEIVEf4-83J;2}$*eIOuoIcpp&v$LJc30+>`hd4W
zCmglWODi#$C+F~mh2r7Tg@EieqE95RHIVsAy7&b}WevLN*tYdg4by4*L`aZR*V$_L
z6(DzfII4CT=wVzMQodM9@E%yv=%VB2l|>^!N_B5IJ;;uddEiy*3~e0*#<>sglD!~-
zIJ6z-oRK_&CX?o=^Qjb^^m{&kHuCXYJ?B%XyVS3^*aHN@*e&hhGpW!a_Yo#iVS1R*
z(ir5#*ORk%^WIA*8nC=9ABUx*m%HS8EuL|Q|Jv>8)TU{^dj5W^zjexxP+i+bS<r+{
zQnh%wz>umQQkIe#FYd2F>q@ONkJLW6?JdJK?b{EJ+q|MbxsZEl!@gN@m-d7Go&HJ%
z@$m{Li33;QB`^I9m0hwG*)#EOiZzx(Kg^<aHGscD+8!5&`z6CgHaa2K5l)@1JmQ~F
z%lk#3z4fxZ;#oOV*=VHU5GT&kckI7gGmoX-&m+kLD-h3Io#_YFDK^z^8J;D*aSO}r
zC1Jax(m2A|aOB{yww`*0x%$-$L;8liAJ)0wv1ZDa<E6VWU#HHa23L4LLGNI-<3l@N
z|D%E7Bv+off?C0?=~HORz2I}v%~qR-`8P#hKCeO-$BiS}cHR3pEfF-^*${R5Wamj?
z?!oI1?6%9Py0@t?#jUU5VeGqvCCO>5+|&p3Xl!mOe0iuWtBJqcSHJfhwpm+^mt%c2
z+)?Gwk$y#ldS9^M?VNSYI&|5yx`!NRLv86qWjCI%M@$38f+5u@szPr_x;dp{+7Zqh
zSk_1leo^di4O2Jy+p5yP&NI39!jk*#OXm?6r35r!q*L&A8JrimZ|7g@7YH`khxHI=
zSIwid*%A+pQ>n#>oJWgSpsL)RLXAY5&8AtM=Aeb;r`(94damGAnR~@4QHTOSH#m2w
zCC|9w*C!lblT5<d(-UHwqGSyAK;k2e4+XPKJ?xlF=CS~XZc>Jj-M+P{^f-W>rD*i7
zOv<(UcDK-%&iy?co&Yr2+bVi8-ahMNr&EK2CZw~Dh_Avemao4$9f01h=&Nzq79!f+
z<|byz*D>RdQ})SAOZY<Itl^6dF|wiopC)3b8`OBWXf5}pn`s`xLk6-6tSwfKaps@A
zA@Fu7GArq&z{A$-D<`<708(x;?RRKL(lt!%*93g;Y<?p%3Ieeh2jm;bz=QzPSoafM
zWPwy-3HMyNCva<j0vc>@tEH+uB<<%nX%r%T551?xB?I<CGc&(d=Vn1EVtmpz>iAgn
z<Cl+ZdGYbc=CcuW>(!r%i`cLj$&)YV`Y=4eG1p!uryhIX_HExw-zXlg74!wW4PpG~
zn;>nE%jHRSJN@|GI%VQ%;l`+0u7)9@os{o@@iu#?35(_+CfRwl*DUDmoOn6L>=aN;
zLO9iD+b75+2G}p!5~yDS#SJ?13f)Y>=hD8j4>8wal>^rwvs$N{^I$nXLQhF?&vNiG
zOsKR|uw7J7HrYasU5YET{Ge!jmIf%dPAY3^;b3vGr5jy-wSI6tHMj1ahl%k&c~3ex
z8N20o+YGgZ3OMy7&9N5+qd(DtGr3piB;D1|GlOPw8rS*e)FDN<=fHb5V+k!FJmuAa
zQyRydAB(g5wKl~k%5(<^?RFSC9xgQQ;`j8ZBo<`epjMa!qIPcG^Xh;bSK>=XRqyY~
z4R}>;jJDd@vFqzgs5=2?#IYfGQ9c2r8pg~N+&s#C8Mif#Kz_0;;jo@?nQrzs@#1<Y
zIX}sxlcdeU3|(jPT-a~+M6mf2H9ikITv3DcQI}UFqb*-?J{xeFWeKt8c!0=3jM#n)
zF6f_|=Bb$m4*J^WC8sdV=kI%l^XKLBr5Jta)2C*F&%}LcN7Ozyp4E6Hc>7^8Sp%Qw
zDUpQ0(Rw(_uj6LR&T31@Z}2-1Th-mf!YEV`J#OwAiTh&8i8@n=`6*uF!-U=4tAH91
zETsD>x|DxTQ(^<3SgC-Y`OXCO09ir6+d<y9b&1Mes@2GTbn39%YPs|2w8Zz%wW=(S
z+t@eD-+3J2;k*!@DI(aLx4+KeYeBy)NJ&|dwAX+Y=IA|j(RN8c`F>$Pq>mWmzPI3>
zbqCUJq^<72VBa%(R6BO_5!hTPf||#o!7mu9S-?1EJK{OspUng{eN#*TpVM03;Hz*h
zKN^+25%D#~{d0anCAoR!n;J?ahUjh_s}raf$-0pFU{WYA^Oz!$U}`xlfaZC?^5yEQ
z)extmbsqEenbK5U;Q)O}njK!|z<If&&e7nh%`Gd+PuJlkyT=y5?jQzVH|X1+BGos?
z#$oU>=5k&b(1QRyvsb*vUsO(kaV7)eT~Es#4msoNFI!rYUsBJAIdtQ*$`qgWa~@h0
zfe<8}qPk!euHXmcascMgC(ZC}FAB_cVVjm7kBI{Yv$3Zy9QHffZ};@xxBf<x^<Y1E
z64f%oUOFsc0%#bEFTvelM2n-3XT5h;g)omSoc~P10=tAu=0xj)k%?~hjQE{3h{Na8
z$tAM;an#~?IQG#%>qo&Q`m@Q1i@w;_BQ!&F6C@>19?pJ6n%}yH_;z==o_lMFI*wtM
z=k8&48#$1lK<QDazUNN6r`W1wnXDSs%|{8`*Tw9h0$;rhy4-C@NH=sq)fH1lGG4--
zReChtW#|mJgwmdil*=ub!0qMWK(!L@G0nGdSLIV)0O(7gm#<i}PD?2eXd|MZ+y3B}
z*5&%V2JyfsUo$=-M-C8uvoLomy<y-!991t>3!ZB?VJE!aW2%E>metlFFQU`|tlTev
z4?E%Ng`){q>X^jk@4TDB!XMmoXF8*W$?2VkkfP#z!!kQ9dYcDp2XGJ^Wr?({9@aEk
zkihez?QN0aIMO6LX)|lr4<O&xE_%PH22%f@aW?<+8hZRo;bE)CuIcRrR9y~T=of#^
z%a##{ct?-<tNDmFgoKxg^;F8LydbBu=&|%bY{u8bd?R7C1jpZYnzNSx)jrdgI`7p+
zhkn;`c8nhttX8BrkIt2{DU}2T^e(oa`%T8TROoo-y%5#DwQ25rjposF*O&1FYa0O<
z$J^L058S!Vo&(zSe~ev8axA%yyb?&vON{qFQX50P%(C~*YEw^AW&{VgI|;x+Kg)uR
zRw2HwKI!iTVq<E$PstOck6@!3F~#{xyp>L=MoCKIIxj8U6za%2OlWd&f?OGT>CQNO
zk8wD{Bhz<<@IJQb9hnISm_Ad0q^vG|dXcCu0<`HvumbT*4R|qH&7OWQhp~Ek3ZmL)
z`ksIKqg{DAOizZ5sJ^hk@whX}kv)eL=}gb(mU2|b_<BOmf){@2HRq9E)xz~PX0Z4=
zbsYV2U#t6O(QH{>&AkS5<YSd!S08=~x5K&Mo;LMl*3+Kr-!k~PI3IXyjWoJNh~e!~
zBoePt>t)w?)Cui8PMbBOzCBJemmqF_ZSo-R!@?`Uk9TWQ((v44juo4cQ$o3nD}aQw
zM{Fxa)ULgcB+A2A#!Y#B%H6JzrI&1-XyL1^+c%;?=w59P<5^e4yh%nE?mUX&*T2fH
z&y6|#7DiY;eLT^Zd*AQf(y_WiDLMrjNgCSD4!j~zC3<gET)T(k#YNmyXIQvEYV<<5
zqEgxyk3-b=-nS8jJy3Awe2zMjFQ%W#Yt4i2Z*SfzJG<~T6E-&=C7NSuV6CwL=fu|&
zbRGDi+!1TpOA=g~_gq6u!!vqXkH8~rLC_W+v+pYo35$7Zjf-~OVO$em_^7gXms|(2
zI#I3jFk4=v+%uQ*goCb5KZ0U7sR_X)LHsCI*F8D6P9`%*=1tf3&pbkV(wiE+*;2K4
zq~164=C%^EgWcrWLh(C#<FT@n5+XjW0H1-<PAux<>8RM89o8w`_r<S#0S9p@{mJj7
zgT$X(-BByHt=%xFB$sXD&vOlF6&v7gQHWkPvYN|uOm1Q^i-aGxF9|O(sm`n}99mes
zL~`BCPoUunvRD~;e}?`x$`gY+ZNCBH=Y=%Jx%=2s5)|H2B7ZZF7g4!uhx{0o+A1D>
zg8Zo~A3;<}ixR`-;IoI3vh_uhn?T=-GFP^ZZF%z4nUKtpc&My|hmXx?2>#>&Ag?!e
zeOa`rxrY$KS6By<CVVeUUMMvQwqqyGTnLvva&1ko#lh^=prpjRWf2NYRb+NzbmP3}
zFI-Y@pCm>P9>1}4fhjEfoENl?T`}P%=_e{ji|3}=!SWjnGK^-j_?XnmbnF{qC;GFd
zB6grmlgBt?K}b>t-4iY45b$ZF6{E|70gEphKz){hyv3~~MQ+;jmG<g60A?6Byfkj^
ze97km*gkQoOY4ag$$vsbnN}(7sA}FW4@6RYtKG17YVIWp1Ksueg6NwMu=kLW?f9a#
z<2@LHLB{8Snvm6<#FNe7MieZmX%4D)fM7%$ZxFbBwoebOr7!0bW;5H6!jq}eOwjNi
zr0xS^w}T#ID+-r;N@G-v;cL+0#;kp3wH=Q?j7Isc^KYQaK1v*C@Akf6HpvbranAX?
zxXM`Y@ytD&uyP*#f1DId@I`m6J#nD<JU09`33dV_s%ZfW)ggc^mg>~P8?s-+kA)HA
z!?HJ1-e9HZN)tq~QVmS;WABXUZ289Wip&7oa2t>4Vg~&sgy?DW0K+7ZV6gyoE|xEW
z<Sp<N72(S^J)N#!+kXy(r|onWdcGTzc>2S3NXJgxDhe+#<7tDEl}62kukjtQ@`Y0{
zh2y&jtMCYcq)7zMCW7z5jpmA5cB$@GBgLMcr@>(;tojAq6h?%j_c-bRPSuTOp&RJ;
zKDi`9WXkSxO4<;rlKB05igNjds7oe!0G?hwq4Km6De~j(>-(@a55Z@`)0~fr?^}23
zJ{nlpC+~NOW)&XNw~iGH%3|V+!MIj>N&(nhWy~JL!COtRcTdFweHxI*LqxF_TrBQj
zaX<Rv!jHV36+z#TuSJP`4sQ4;3EQEdmSej3wYgdSI)P4_`_nLFeC4mD+MDq!3&S&n
z*p-+MkGI@G4e14^=?Z7KEvsKiex$_1GQla2&;4Wer-i2Z&#UQUa^|bU-Qeh>bM~9n
z0i&L;?%1^<<gxPJF{Jd~&%+v2lx~gB73Fj5A%*mE5c88+ye*OI6g6=G15u%niHt*y
zWYcIdO6$IO%3nJ7y$Wz^_}qh-sdI{k0a$bU3{fXyX?41IxX-n({n0YSp#-rwTMY2I
zf4Fsy-;2(AL*;5j!F|eqaWFr^tc%jrmx238D(hFEB<1ZCS0Qfi5JQ7>*vf{pn0mlh
zk}_}I(VbxC2~y3#@g%Bh1}jvii*g=IzQc^fkLR$e=jVv$lR;j3nmm2yYr^dtmxe2F
z5N`urx;HHCe6=1W5(e<(mMos#-mhnDdGS9%LJm4CHu$NHd*P7gDdS?_@4TsfO*=8n
z513I*_wA%v;cV6K7XMKtWq_*(@!mI?a_n4b(k_|+0wTD(I|se&2-cdC07Bkj&Ag%H
z!iOJSHyRA8ufc+m=Z@*^N0@Zd&rtaTngWl6C(*aZ!aw`7=!$bL+GC7grt|Vwtk|EQ
z`{N^ni0Iv9r!Q103F&9+*N5au)vh_44wAyeZ6s}eYWyHu`UG6xYiFv9Su0h1%05r$
z_%avgU>c}^evT787<g4Gh(GJ>qQM7y!DNVqXC7G=8Gq0>F|kT-d%Y)Bh(@|<3GXAA
zPR&xkFB03lUPl)YfUm+6<)&?{OLFN@Zl&*o7|of5bcB9NP#;-CmJ72+SpL5M(w)4C
zFbMVarai-=XYX4pvi|75DgsyfS8PYfys4r5xSG5TUF5d~6yU9Av3%@U=o;L<UpKp2
zhUvQH$Ql$_aiNSpzlM7&xovvwHXhSMmsok>-nM+ttr<Zpc%?>JqxoW5_DKrW7oBBv
z=4*Q)_!#SXf@77+kxsi%D|CdG&zZ`4G0Bl<K#$+Ow+^@X(_iNsFWRtFs!v~Oy6C=z
zriqc<xQsL7nLbqU0?4NZNgk~|bh<hm-&WUhAyx{Qa|Rh$K?>$=dCa+TLr2)WHT%g?
zslr3D5PI#rwbDqEemc%fO5z|*aLh44m$}E2cT@I_oqerKGwPmE0h5#Tu=J;naQIyp
zZ4J9`8OwaTU%;L&y+aSZ&vnAq^H}G1M@LSlwhj&xFXmfq%`=&E6OPc6)l#v>T(=aL
zt<KOOzSpw3E%+w!@V1dNen!Nfp>YC43ouk`#CAmaV|9Wt5|Ll+V8b%{d7DK+o74em
z6hop7I0nBg42cD`J?M|JJlZFM-Fnv0#4E05Jo%*KXY9<mR!5I?;n$oHjPga!0jf0s
zk)t!UCxw8NzU-UY9$#vleH){JIUU^m9;ddjdp_}L7ch*jyubvlhZI}MY~S{$BTvsu
z9n>b~y?8)RMP-@%)#;{LOxd@>Um%F3Gr*Z7U*B%xudAED6XGh+!~e`>LZ3qJr=gII
zHd`_DFdVK~;B?~P*uGB~jov|)>>OCd>J^a)O*o_a#B@Osxchng=TX3w>{h+eqZ6*N
z@ZQ5r`8XsoiqKomv_%_*bq?60c=ztbJU8`W*%Ji#$UEuDpwGHJ=<UV%+%92vxi|BU
zvN&3zh2tY+HM|ZG>?6Jj2pq?U-rvMLYE7Y6%kGvQv^47koz9~-(OIPX-i0x~t6#-*
zW8ngr&sP?4cLfBIwZ}t=p4dGdD7sfmB4x|_;$!3z>LK^69R^kG)7yMa%r4Au*0sJS
z^F(A$>|4Y4Ad~gNmqZN%XE?vXJ>_sFtkln_A9*p|%dDx5D^FB~VBK>@@39@3r`fh|
zMrYzVr03!N#qD!W#?#xd=U$qIv-sC9;02{gWx17J2;hmL;%>2#*4+1NklzoCbiZ3_
z$6Mx{0^u7<3`BYjjK1@TyX}5BZ5rwv0U85ht#9$_TZP9%;EM%AWLsdF$C!_fL~A!9
z1j(CX!T?g6Q%N~~jE|`REkYc5(nuQvI^Qc+0r!&_5w<1Le$3y5rhbNR0lX2`pXE9e
zZI4)}W1zG#DL)|DIFE6Z9R3_IY+B8Y?EU*yc%qM+2c>B1J~GBh>F8%|E+1@45y*2L
z)St41erq1L;-0UStGo3djGz{pw#ePjgctc<dqR`50W|a|W`hjZ<JENF#Z5B8TwH$W
zNi-)=w(p$6pZ*JeeqL9%+Ko)T-~A2xRn{E1jYFIxbHTl30pL;DvS7lG3dmP1&!PJW
zKXlu87LqZ_(>yVE&Ye0oW~jXyC$UVYNSdK8ou07^+iY@NnQwn1Fu|}y9H4>r!k-2D
z+`PNM-95d^=V_jmbNddpoiAxApvr;x$a)aQiU1x)<D(XQefX?J%%Njo^(AL%3RKjU
zOgD;pYo>uvX4QbM6qAnAi-}+PZRHll*WD)uX!$}o9ND{RxqO7D&;3f+^bAVSSAg~4
z!RHC|G9-BFGYR(K8;(ay%(&o|5Tvil3m3fZeBZp+R;$Yn)nzF^ipQkxl_S1;S)FOJ
z!%o2qkN>Qn_N<K63&u+?NZq`s?{!?Yv>uN)$d;QB83*ggX&9XZl*p^&2}YpV3@0zy
zt!v=^7_k>6>v>BBJ<bEh);M!7Tje4f=Cx6@%|nql1xEIK2lk9#9V<R$wVU?21QG5?
zX_XLVT)?mDHj4(pYzVGl$_vByf^eJ@M;`B<xAEzI=Ku26)|A_$xC{3&6&jhq3t#IR
zexZBd8uyttf#4%gE5Z%n;|Yc5ILXcOO6;lcfJE)$Ji*kt^PTu}$fpW=Ux>VDXg-jD
zX7aU4Yi+aJaG;LU($^#CY1KN;d_73n@eXYswOTwDZF?Wj&rFAc1dD!Ck;6e&Zb0A7
z6w8a5H+S-)pqU>fHUg{1+9i2UV>WZt6AC99B=Rc{gXPP~LS3R+l6h+ztUCF?k+WYi
zLrgiBDBg!Abq`gc6P!mfza;1pR(UZ3#1hPq%#Q>YX&-zeCf!TQium~oAG$~SMt#Lc
zdYuozqypL*!TV<*3ysXK=tR>7k$$4k_qO*wPHF`g>@vLlWYfJSIs#F%o54=@`HW-6
z!~qt*86|zaXBAv-zG#4h?R1|+X*`W^VKXrYb<}}FP@q1KExfud5A&{|$4#cq*zPwW
zTiXILbrXo{vpm<l{NC%<$_G8mfDO<d)~Se<avoM@^eH2)lbKIfj$Be`>D5O7jtBD5
zuY_Aytoo9qJ#aX41-YY0pwn=xxS$*8J>gG(2ERWqu6b+h!22rWFA3WX=NzM9I)?aG
zqo273`}X&KCd{S@+{a-EPv!B9r$H1mpxEL8I)cqHqOOL=J?tsPyNJAZ1Ne#tT!O^X
zV{hti;!{w$;TBJha2ygDYYhR^zbegKz<4NMt>2N;KKA_tBL{HD+`6~XHQQN`pP(TN
z(RG-UiV<6lYxg|0enf=z6B!49^H_)Mlcq8bUuWn<enNa>h#SeS)4Z@Kc=`4mQi6T4
zEQYUt{Uq?{?Xi@GjC(vT#Kp{~VRs3?YqNY}3lVsHxd6T0SbR`5l|v!&A?)eB;%Pz2
zB3}lvpJdf1Js!9HK!Y|w(nD)5mEzHO&+sp(c(5K)mmMjHc3lfT=a?(=2)&n`DnnLd
z&xdyT^{l;~$8K_e=Hr^id;u!Gg?2~~&s)X#Fe7`99mqu;fM!``^@GaA8%A9ls8h#Z
zMC!&8sq@Gp(&M*Tx)XbNUBBJ|=M3q&QKpVG7lf|icLM)dc5Y&_6jqOTYCnv2N$+C0
z7<lkLS`>S3ph+MA&8%A!nWh|KdV15RBNOt$PX&6gGp}D><oGN~p_)ZeT>0R+AtBhX
zWcM`Dtrt4)S5=`S__(hqu?W@^hHyY=1vY{*+%8+b5B0Y!Na);q&wGrE%~xcjtw5~G
z$@}Ovxl;&}-4plBsqKCcFcixo@dS9&*>b!#;fLGOweqwBW)TE|;flL{sc4);A<o1A
z=v4rYrxvq(KhU6~VG&p1>&Qn3vWDUwJbY2f!&&<})}bfs{A+wqCww1NLm~#(S`r~K
zW1f$Yh^G_Clls2L@?6V!GKzV@Lj3NF<CqH@=k}BFPhjbH2u=5%F*sIq?ebHPyLS?9
zRg{LN;k?BZ+RRjl3tSm9Mc%+i@<0zrR!<jrLs9r!w4kmjw{}B$3m&#UzJ?E~&sV&k
zOd<&5nNJWkTzV+k(&`B42SkeP+Ea)nS6ik6JZYu3s=my4^ZX8y%pnGf18Nyhd!4?B
zkY(t)@EsYg`*C;1D_@^AQfDt5sTV;$)gdmnH2x(DNZn0mYW0r$LLVy5{ST=4d4(-U
z?;h6^GUrjNqY#_X&dodJo-3Z0Qk1fecB{cTa(EbSk1R`?<Ow~EFA5siQ@K%^+TaM+
z9doYUp<q8Q7PH6VT)F*q_<=s4Fyk*OJ<&dAjZTP%hS)7O7(;P7ecvMYz}Pwq>4J0W
zvvzZwb16<R_MT!>QW!Qnn@k;Z650qB%GUcNPziCy0Xn5^oqI1JgnZsuENF@C9=8Z!
zSLG@33+l0EeG_#bM!mom-?+rJ#zwO!Vo2BKg;gJ7I?9YJiFtzM1&aG<RHR1o*T|DD
zTt~@zYzfof{ybdyb&NdO8W42oiEE8VqGH9Cq1C@j3B^OB4Et8=MzH1nvjK-*I9oSX
z-fVI3Je(8%KFEdB@<HF3j(#|L3AwN7EdUmIaQjxf!NZCJ>n_8I^tmNG9Dm|LflR`R
zvG0Y}2Jqc_6T4TU=wuA=eC->X;@Bu{KY?5mLNM0!_;+zLNU=U5H4&soqUpO&2nOTW
zCSiTp4P;lSDIWo)<wyv-dRq8;`rJK&lw4|&kzZr;rKcGmD@E1yIh*Ix`tPj=Vq5Ox
z9Jk^reZKOvM=n=-62c8UH*?4eQ!J=M#^|QD=_8|%VYfWh`H@CU9Uc1&bj|n)`niv(
zs|1NPv!v>p-p@{E2Z7I!<8?E*-e!28ph|_ZN7~r80QWB5T%@I|Bq8IXx9*wv(tG3S
z`uvV2mIPvj*7m8Sx3eEVUD4U_x8)`|ku4sv`TSM<_IH!3!63~DEkwxjmF}hbYHUCK
zRa+p8uH|n<W0<z|c!BY~Ir$<%BKDn#_niDCne-LiBR2IukFu8-;{ZHLLD=3Em<<Kc
zt$-MFCRs64z2t@1Otga#`&Cc|tR1)FLmb>2ct5Y5BeRdV=NIj3_%Q~>5i6>jr=jqk
zfJYTH`{cOwRx%V=?}bNB8@UJpfO_l&Ydk2H{Fu=TMcAlP5o=7>P53FOoF|ij-<*hN
zIVjSphi-lujpLig7kBt`9+dBJ7d?x7b-1E4#kP44o7bL40lc2d3F;mprCs!Nsk%!g
zZV1r%<qL>q9bfu+neF)VGW-42RQuPy`5rDh$Ivax%O97ELx>xnIai~Lfspb|x%?GD
zDV|ksvbfqn+M-Olhq_^3z~T*_`>h}7Bd3igwrF2uOg&nDY$Cl8h#v=m><m3@DF*jx
z?4SXCBg)BHumwcne$(lDFw7Qdn8@VLjC7!uI{?bJXfOf%v?^vT)uAL*?ZDYxyOd9<
zZ@@{seg4u+edNmY?HIqXRN6Ty$XUv?QQ6kyZ^7eUtW$KVa;sqm>KqzzMct>A3%(3F
zenDMD=NQ0^u|co<m5^=E^$U$pi7bqRoF{gqb~ttLrT{E)FGd8q<6R8x{Z4{6>=Es^
z{<mV$&#BSmbMl|PT}u<53O^@vZlBX@$k-qu(R@@o3g^*$FS#cKdCs{sy_YUWn`JQH
zmXs$227@=dp4ua{N1pw1Zc8N(jy}xLNB49o_rWU)Uy`#-;1$;k1ftx}VueGz=)R&1
zH~2mhwFf~6VMkp)(-gupUa4P1%sF48`HNyO4{yk25duGBrkl4|6guuw&l9|APq3qv
zi-gdn&yu?<7`zTqvJWf;K^;E@@7;ogB2$*~{m`S@BsDvLj4yue8LlIhM%0%WYdQl5
zi)6?)g=`d~TgRqC@`i08O+ZbOB-Gpd0zipGfH6-@5{FtcKd`%WD+e@W^SrI9_sqIV
z;^SO*mpVb#<a-&Ux4-vv8J<#*W1DEYkO$i+%R)d#-*g(gpP<&mXKs5^@_;r1em9QZ
z_pyh;BPsQyOTt;c#g{g;Ra9{L>pDIqcBvI-he?=J{cERdc|V6{@fldX$!KLq@*<F(
zdkEa4R@shY#DJK69sK9K9g7MSsd{O6PZ2WLIWx)5PwQR2s_K;PQu1PCsV=-Zs>ZWr
z@t{^yQWAP+dB3AB@2agOxem5KvGwE-j2CTA(tQ{mEPT$S<`LjWi!Z0%njt?ZqI5&`
z@YnViHj4YoDL9dj0t()1zE6C%Tw}L7>nZU#WudHJiJLANt4F>*;TJ<f6}u08eYq6&
zoNT*~3zP_0**ync;C-0eebk}uDGf}fH_mZGhH8Gp1^vF(#+J)uhD^N(gKNqmHodh-
zAElSD`4aEen~NV!bg}!TKmn^=`!bGi$kR7Z3)8VAOoy*$+GF=6F?N8<%*Lnso|w<5
z_489k>+PqFY^U|~3#RlrZM0TbyRDKK^S$cwWOO9yp(|$wbK>cm&WCl^8z*Nei!4mJ
zj%TQ#i*&%`gaHhkyvvXP<K0wIAzg`w8sHes>Y2FsU`C*vK@W6ND6HS}8B&nRS?_wF
zG{;OdEuMn4{_2Tl_2L<g7n>F)nZX|p-N`hmy!a&^I(%LZ5{<NHX|8!CUb``mL4P-A
z)0g^|-;Ci<VY_^TvB*;sZogf){nZSCQc5izh!XiHV0<ZRrPjPFqA~NZ{INTHVV8C6
z&eyOEpO!--6Lt`Wrvef~Qa)>#>Xx;yg!QiFH0qTuK6%09D*MH`8O17cc`G0e)KiCv
z$6^c&#IH~B?19BAcfZ3{Y4n!PqdO?1exq(JCy0La+9KO=k!HYEj<E$6PrtBbWtloI
zmaFFXR=hx`0xkn`g!;UNochFBWPQA$P5*iW<}r&ellYOJhca8}Sh@if?^TcqGn9Al
zp@1h)28lVmh$&N4QSa&fvdY(QQc0(8({#1L9fUV}ZehZ8-OuHt1AUwy$>l;nIY4^g
zynQd!%ZImNs=r<qM*y>KVEQ_6a%){a4~unE)SrgZb9^^54WBMjd3<*Y?5m8g>@R`Y
zPBD4n9T~f2Wv+N^W**(v3o(x}LJ&ljX<d_p5f|^BZbLd>Gb6lB_Qp(nXe>zPus7$r
ze`%kj_Nap9(|#9?WCCsRo*6~JI2{`+r(FB%3V#3(?USv|y>CF@==DB5sRQ>?pF9VM
z(cyk^fdiEG?t30%`N{|oltJr`=b-bQtm^l09vGg8XTSWA>+fy1{UGJn=mV=a1jbWe
z9N9fQ2m81hLbl_mG1<)w?wW_?u1bi}CYP_lLPveo9xjh-8d2%II3Z<!j(2v<^C~s@
zanh^jSj#Ay8yjWVPSpF+Ktfd7>C)u);j%9<D19vi#z17HRFdIfhd6;=LSnGGZ|vYF
zVDQfi?mJ!gagcOK|DLMh5m>-H#EbIP)naAe=C?G(zy1OXFRXG2pT=>0v+vNTic@FE
z_`uN3qe?d+0aZtPByE`oAf8fBQi7V1PA~+%-u?9+V>n%B9N8nDDmZUsK7-<q43Hbu
zd8F6pX`W2v5yPkWu7aZ|JUWkG0(5DUV^)S_o}0YF^Ytg>3T`PUYmsSeMaV0i===!X
z+vjy<qrp4^qG1qTsJC2*+Vhy3$D$H1OzCY#a<Qsl!s=UpjfdWF%IEb!gKTy1&$$~k
z_a;mQp~c^$?_)9^toN<?ub1@HHe=eXv%Oe4^Z6?4cMjqgqg{dD)))P1f|R7r)%YOw
zUyu>gp~I9!MN{Xkia_AV7stvs^JM#1y4E4UY*A%}n@CSG?&0sI7s0^<1`Qu4%?2<a
z%KH_a!_z0yM<(t)(Y*lq#BGS*8uby6GR8kY<pxy~D5hO~u*)vD7Wy$vtAX&Zw4&bD
z9veWRc#Eb!2Lrhon{u8qB>p;PEbQB;s-l}vp8dY9j9$#;)qDG~y3>b`9ld<mK8rDH
zI}oeaW$MYEDYe^Z3BZCwOi_N_(>iWZ-yQRUx+Mcnaj3tG6nY#zOssOO1n}Cq^|cB=
z^N6Yrd%=AR`^n2&1CEuezCx$=BzwE2SsX$3j*ryM#W`4-wq8{Q?vJKcLELNi;$}Br
zx(9vnt44b&E)IW>4@B31@8F&0mC2G5J3<!;<UR~LO4Ba4WrEvU5~L#pt8+xDLL%29
zs#mXOtz7kf<UcQ;(`vWw`8-hX+Z^{Qx<b`?`$1Z%g$?zA7ZKeXx4-)4bd9}17xqb`
z@1`2|#nJTR`WU(sCO^j4-+^*FhJ4=8IOhrXC!56V@!-fUoSI>eElng}e%eCLJV8Y~
z_o+7E7W|qcND!pkTEB3Qr!Sj*&D!Cq-@S0a^zfAL4DZh2lNt0rkS<f|e5l7sU-5rF
zygDb2`q$U>>vOQ<LfBnb_@<`n#??+b$*^j6FMTe_t3CbRR|2zjlJD0})sy-@jWUe`
zs)z8ag*=yllI!Ww7hE=d4&oLo!i>t#{!T7Gueu%bek~8q4kP;EthBK+Efv*uzWf0F
zPHvReh-cEoRRy3{Awe^2@H-iJ(TSc=sWH0oG&#iP_-AB>*;VXk?`V4u<B&67W`Xo4
zqx=%OJH)NHqW-n;-t83>RgLyKZ*v=Xb@*6UC-I3)AFrdcL8u<tm%h8$b~_cHAGFY;
z#F%o#3E?zQaXt>;;uMliRUot9{cT)K+Naxy*^56zVRZyh@5}Irb1lH!JQ7mm=S>kN
zMD#w^i03J7fixhtZdEW(jgwjB^R=m5volc-wQdm}!!Pr0=`-|w%!1?87Wa|XZ6{|c
zWW2LcZ<rD;AHci~w`89{3;Ygyj<z~pF*f@j8j0^Letq+19h1+cE+}Z+>ic<A%ZkDB
zIVEpo=?uEggdb9(Gvf9Z^o80RM>r2hpqO)x#k^N)#w~Y-JztgGE(23RD;_oPa|Qf-
zmx^54gLRG6#$<p?Lx5@==*^JM0-i2!XC*j!nEM=f;EiAF9#W<tPJQo04fnwsqvQrm
z^9b`L95LT@@V5`i$pX=<nbTYw4(F1OIUK(YeBxkT$!#7RJu%lb<i%k7daJl=X3+_4
z^f=aIiLmdX@O?osIDc171Po{Hfn)Gu3gWU$L$simVXgw|T&?dsQ<JiM@d+9{sIvri
z20!zN^FSxTvlJ-5`@5%BJJuQQbqK!<r&<Gs7a|UbQf_(P^15Z`E<FLkkIcGqoIQ3j
z1d+Ut&3=}CS=8EcMMsN_IW~EzgYpfFk{ZY3d)kj~_qZPY5}51+shBWvXxh`~k`>3Q
z5WsQ}ppXte;gw#drqGs2{eCIh>Usr|qu*`21DO>ZAOVDS<v0c3XoES085`I1$t=r`
zx*~0tcz~Hn<eYkX&p(DC9S<KgL?TV6?ybdSYI__?tLLpr9+<*pd}<32Vi5dbof{FM
zheiLqz^uIDT>U((Hmc$RGX;Z)96{KdlCFL`m&>-9xUOMu36Hn3CFSRsu`C{I#||38
zcg@`TCch27qK2c+bXRtl&VwuCHOkw4Z0n6%>Svis%zVqKzO%{0*?#8a{0C_Ky!5^<
zPNaR5$-h>%o(arwsB`v?7*jc~wSY6^juqrs&t<Bwbse7cp&l=>^60n4XvXu@H3t8h
z?kzW%qLE?J(M*^8tR|o=Dg<vbUwGl!BMMi}Y7&==r1GA2$FobrE(C&VHRI>c&^$2g
z%X&Z^|5(qJWTmf-v4BumShEac#2&bPvD<qgaC<cb-;;)@oIu>5yJ6kgHb)M7`M0VW
zRTz#JE{yMiJVZ4&igmg5x~`Y|8-ZQ1ROqkm^%G7t#{AhREZ&k1i@x<@2821cCD_K9
ziPl1uBv1ucz~TdsYM74V{0UAZThl_r8%#QTGl$hZa=Mo1Eb5&w@Qb(r@-Nt!$Ki)4
zzqZD5Hs))3Fd_;pS#V!e-uvdQvG+3X6Cm`0*k%-V*3%6Z^kirnuwTum7=u*hx&fP1
zfLRM=WIavYWLCUjX?4HE>NuZSyAv7X%}+?lcdIM%=46w7Z}NbjeX{TLTI-AbDP9!h
z;ZskX2?4gO8-<$|JU%lrO$Fl>({qaN9a=r~7CO7{HKBUM`%U~&J@NIWm77rC#pH17
zXST0QBQG}Tuvi;y0-b8)LlE@YJmCfUjJQ3y$nN{V6HHh3I926>lAnUEyY`iNCw=X)
z?JmXJEqcI)gxh1zew}XUDal7w`*S*&Fhd?#|C%Wn)L%(o3KL3zF0edebu6A_rV}tk
zf@C*2A2_)vN?+lMsU;N}+52VJ>ZCpRA4G#r)|+dGSKr#N&ruea8kG9c0ZiwZK1F(L
zLbV^Z2^ayq2Q69N4KSMT6jWx)`to;WbJ(=I*nrx^&z;ZbvrYF_K4p(og?GtsKFM(N
z0kF*A&f|`rfc<rnr4x(=gDLc#uv55eT<b?`K&}x;F~U(kkIf>4>r)waugnulj*V{M
z30**rHB)4WN@9j5cxD06Vz-Wf;w^Bkb@?)#mjmGv$bOM?&t@w#)hUoiKVy&k@S9qR
zV)@$ju9DS4cAExtobVn!aG`_0Jf!HyJ2$l@Ezr)vLR5%z!47xFgRLQ-CPgcZ&!+*P
zM@#Zv^>}esG#sI#tA4_U{=ELydxTgJgD7sP<#D)gGHcmbzeC2ldK?TN#WLkCSZIbM
zi3u;H&%iyjA9H7zuRxx-<Z#EtgwPA^@D?s8t8_KGw4IxPo5Flb=qWs7X<*0$BSFoq
zns&o2HqC3s*r~kh_~@g@3ut$1`&``@s4ytqNtUAg2@jhyU$I*rG!Mo>VyMR3-q-0Q
zR7Q3(blAk@^O))pDvXq@?9T|2tZ#p|H4h|$y`B<m7J3^c=p(P7)2_~b56N!ABk<UX
zV4Fy{mnYdT1=(fUQo%zfu9_XHFBk9aWL9Nj(??~(u=FkHf*a=%^f~H(T>I@~4ik<W
z15Tdzya-6PX~AcSlwt0{u+4u02Q#yfdF?XCc<+gP_#`lP3MZZ4`}zG^Y?hL49}?{^
z<7$CULt^Wly<hcPIgTJnCEWPZlHRYSS4u4Nd5WA1{1Q!w4%|7KFPxr5KM(c2fV!IZ
z@rd*i&veDv;3G+~3u{i=0d(h{Ttf^0tV!HP0%5}tHeHqaP)(!2x!mEzOT^c{L$V9b
z#m7WdnvjAb?}Zyy%|y8S)ojQ)=U&S_p9jR(*-fq*yD6foWU~21XeB%ZhUtd&1c=H|
z`Pb_$;B*f>O+lxF>Y`o0xVd=aL_PsOpI8aBWjahnv|q_)o3T#uuHDM{d`YP#9`SLt
z9o?@d;AOyAaXZXM4~Rpj!(EaHjznXb%&^H4qWa3mWv<QSjY(<#l9qr-D<=qjs?3!z
zw>Qkz1><qFy>=dX;#zwDUl&~hS;OWlcoC|=Tl|-cdbG~K${K9k2O4jaE@0uUR>763
zeVTOr@aGpee%OyviZgQGd;PB<Y}{`ojJ=V6T3c-r^=r*x)8t|M9`Motme;vt3kR_k
zVu_=4p|5^WRpmZzH*T<D42xX3i?!M5Cll)KWjXR$_rKx4cMm>(=4%{I8+yO9y?iY2
zDm`IQJLWE5Z#|E^2T;b2%Z>d^jU_QDoVOP;_&5PDE}WUI7jvr5DJp>$=~2d|6GyFz
zB^)jE2B;s?&-SF_z4<;Guq6QqM;77)IXp_$K%D;d7uj<h_owf*+s}(|c_OIM^(%fz
za(mo{SShJLe^^t3rz}^fge)I2Co;x&C0qAHvI&Q;H49xtl&?F>9l@zfc=_vvcQM6;
zG8LXW)zUa?Q{FE+vQdO|%bhsxT5WjpQPTFH4hF~DG~4ktmp?-X!5rqW#EhJS`U3bm
ztI)kS{2bHHJG&F)%?<4G#D*Ntz7ldIb2|)?8TfPibx5jX&?hb;rys^AI>gr3h3?aO
zG|cN22|G8tuOm0SDHeLGB9e*q|BpU*FHD=VE!Bk`WuHxah*1k;e%W-#j_L4bv8qYx
zJOSczUhtLP0_>}^nWJT*xJN*;`Mj8l_MlQDzZ?es926(d{i>}scl0R!yOfU$t2Ji3
z8*IQA3FDEk!<<j{JG;AG_jsIrXpBpg%@D;n*oG?&;BJtbO{FM~9VoZ#)f2~7<92T$
zA9zeb(6a>K>AY;fJb1W@Ua*0%meXV>>+8R)<+D8@Tj>7&t0^<Gvz3oS7ay<9WK9y@
zM|Jy6u(oxm;yv}?m5oMJ7el1c%7?r?oQWTYqu9W|9Kf2qx9+sJwW~OW_(a@3yr?p7
z8*9Rhly+U)Jaw{?9xK<UJYeFILYnSzLkO8b>;ONv%bd(_NnN_*UsrQ9LjNS!B@7PX
za|g*p43^f9d`_T`O623gOEzWDSNwC;MdHKr0+BWujt;@el_xO(dArk604kL92|a?C
zIx4CD1jHGKiWu%Q1w3z+jm~;o(k><@9&h`4J%(Xm-zP;UsT<R5BM%bi^+>+D*77#Y
z*v@Am_w~vWOnkBfzvH?fXnN6HyT4SEB)h^6r#*n@=-6ITlX|c;47G7i^Zya{?zpz(
zOmnDzNAckw0rSngUOpi}rc6QepN7ENf~+N+2HNP|=d8V|iWwPEWJWxMwDv3ZnbawN
z+wcADw4B>TIHpCeFvpHE=*{bQJ0y9h;E3=NGHUmQn>KiCX``Y^@Z+zqGQk&W`}2Ha
zp?p0-u~;<kc2dNbgfQ>lh1|VQsmHi)pDNEB(kVGlM$bj^d@>=yj<j~DTp&f5+w=`k
zR%+%vu3U9qr<d|tp=&11c=Wcb3X%_O^qIL^Ve@#Y*Ue$4D16c@iO<2?35&Kq%yyb)
zo}9eNpf#jFTZjML5`WC+t>mS9{n719$lOyY=Vm`*MlJ6@BH6#VR*ubO{1O(%&UGG7
zQB1tIPka$+8@0f3y5r0HG|-Va=i(F4Uu+;*Bel$7nSn=9FYQ~-k1IHENjozrTG%Vx
z@9d!9pu9WtR)jtc!sHakP#Qkd_e1=JRiFqzSrc#zT>)4K1n3Am0c<_(PJo-Ap`#fQ
z@3o1zMmcjMT+|;+m_#6x$tQ_dsDSwZ9_vXKz2tYK+v5pToA1yj&Fi6@{G|3?Vty)V
zYj0tO?s*+`pVpY8nELolA5-1ZPHrp>aJ+grpN{Tp_!(RIdGzown8N4SVpjyUFz6cX
zL{TVXCiw~ph@4nAJ4JY7?Vq~iQk!r+QjZTc<HVg=u0;Aq7T0d&z4Z!(<&Kquq|{~j
z&KVx6g!?Y5v9D`O?v8asQ3Z}XDh*B|91p4{v6M72_1avuSWTZ-sv)*yP@q<ea9p(H
zioCU-bN$%4ftL_67aN+n%N}R&qg8x_TM15e7mLy4maie&A(%N6(-ap@1YCN`X}@`+
z*Yn;Y#e4msoZbCKicKGHVLct@KxACsYi9-#$LsL9WD;J@-Gg05HczE?J{d4(0rwUj
zt<UJ?K5>CZ*xJ?LSUi&WfDduTNV!u|pMt&e<*(ajVV}stI9OCQ=h!Kv#eV9m?mn%r
zRB1J5oKBjQ9gVzjPd>8AgT+rHAy_inTblHi)YEnK)HHd42?kXd&EfBYZz=@0-`+3O
zjS>Ut3oLHchv>D=XWF&(g7r83We@+6`G)#s9`Vn1ma091R$}Iey@KXm<u7XY#v#Wi
zMySWKRGuVPNrGZLy!w@YcWq4iYpu&MQ7VQ{JL)~ihZ^*)q{LLO9opXN0ngXJ?-vvI
z*sScq?261)))HsA?kjldJTCQ!F*B8GuXe$^Rc2qRfQcfQNVC2A?G^2qj)#-fnoyQH
zN6u=~K`wcSruZbp`^+0R9-@@27$ThOl(EZckCt(LVbXDYzU2J#xX1TS2WXMm1Z4(E
z5s&-a{*pf{uEUceX0or6h<D^M)hegQ5D@h0Qz@i1dE|+gd^PY(ci=fcH^-Ao=97R<
zR47Dnv_vVn0uRz%OdU0us~3hi==$}y^s=KzTm_rMsP74>_hS}*Y|nQ)9%NkjhT-ow
zlSmj*kKXdm<x@p=YOl)u-f@E2&76)EfDlO0rvN4&NOJ_bKh6>!9UAxzuWanvX0VuE
zPcMi^6fj_(n&^Gi6DO3v_u-HfBzhhXJH0%QylsiE%2WPwWl9k_6V2<vTcE4Xy%$?A
zy_F8>*I4gZOv9|7$v%E!?&sW5T>;5^Jlwo)Zy^NVz9CediCPaD*!J6yA6&n3rW+r9
zXH}?V2Ut*PPNi9tyw)fD+htgdJoZ+(08>D$zeh9z_pxkVAPP0&&x}WQ*w_G4J-(M*
z_|NuH+VmY8dcd@<bH8JaTgRX3itQ3uZj~p&tVb0vgtXxs39u)8VujMWcKw0s-eQQA
z$J((ZUEW`vY<pe!VRD8$Qjzi;M!dQv3`~g&b55}}_kn4RbGIlJ9d2{k)|bmO(QA1r
z4n{pS*>niou=LDRW{fdTruEswoVSKg`<|y@c9hultpn8)L<0b@%M96%pC?%mp=i)6
zg-T?pxleKmj3$?rYhBTgR`9_FCO^363OJn0GvsqO+0a#1pmapEmM2D}gimx$Px_dt
zdx1jS+kNb*Zh_9_Lt}yZbk{m1&L_g9j?k?_Z}pygwB6+qUGe-P{6itVBZ3lPi%?>0
zpv95;3k68tCpQYld!8(I&^?}rL0n;H8xO;o=|ubvgdV+i;NHyidk(WCknYYt3PPR+
zhi95}z66OBPzzD^{5}nckwGXOa|O?3al-=Ey#u0la`@EZEX<=b-^s596S_o^lK?>Y
zHy(N3GYD5-xp<PHl%IU8(bwh;6;DB)Uc)*}1v#rpGzs>=;cO1y*2gB-9|cx*1YTD=
zf3aGDc2i}+%|(fYT+ZjoKUziI%hXGn<e#&*8zDUg_M}+j=H2x51q2^|WmK(#5qJx#
z4+W|Bm9lw6tmuH&^?QYkq8@4Z5)&slYr~TLo4<TSU+r~+*VA7EzrH)~gX;3s$|`d$
zECmxcCVa8$<aCIHuAijh5+VNGK7MYKUy9Ef&#O|t>8bo2_b<4drn8)?%lGkz*coHd
zJ;xrh4`h~z*h#5(y}C~4k(OM^*={S%Z!Gmb>UaZ_I9qBRE%LGs-Qbhi7fgJ7i0Hxr
z4HH>)?<Hx~bB?7vfI!Ec*)$S7Ho5P&XM<hhweQdjyy6Cr=2$_Fgb8}uB0`l(Mw<Mg
zb{zfY8z-}du#ivsVS6mWYVN_Qiv`7=Z><&IdTe6~Lra&YX(WxIftc*L*s&7*94~L+
z$wxF<@2(5*))FKmd-cVx8M$==AJpDNhqyLGe%i>uA&$NEFHQSoS=|MxIie%;c~j@e
zz@~Vs@$q{i9<9A`3eSoGCRdO2AsolZ`_OX!InObc_+3FUx#Uy5;YT&-;e$Aa)KT_k
zo4Vw9K|`eur5M=mG&0%>&=he~r$md#Dtw0Cy{`Hhj`PR~g3^Z>=KgVe8493Nms4>1
zNi9AR4RK>T3$ZUKk+(zxYAI-n(7~E8zGKX#i|@V;;uWE*ZqtxBpx&NDk_yf#ZYG}<
z4)9<|zMjl>WFEH7qjqqS>;2H1;4KX1W;1cG($GgIxVI<bwXW|7Hl#fz37xM}UnyAQ
z(~2;NF75azJdZ>(p4$m#U_hC%M5DBzp!8=-En3#ew^3z;j$Bd-N6Hq+B0ZRJd1CP!
zFz-!}NIxJg8;0)w9U17yfYt>C?-jq_Y_cz?YV-Knx7stH(B`4(9$WV;4&n62M{=a-
zUM%ugpD|?eSlg;p+{#0f_!s9^wXf&0iSaeYC?`w>5wf)1&h~k7IUyT8?jcVgguQ92
zkJ)Dp3nCczccM$jW#M+%#A)srZs6D+mAx5;s)|o|AxaOPK)8;tInJz!QS2pn%aKk$
zTK-fzZd!7;f;LKLl`b=dXF25eZu`oOzG!*aL&ZUB`@}^Gd~J!TFF6hJ{bt=%<A{+Q
zIMxSV!{LWbG`fhvg{mxRg;j6;*j!(Xd-W(GqE_pMhTcwde~NTJ^HVUnpf}JZ<gHIQ
z#RnJjV_{!va>i4!VD>)4UaNYyqR-_@R?0nPoZhsn)6TDOAg-KqF29vBKN|@A+%OND
zzHIDOC7O?)XNUoKe@C$a^M+r&SNp=*qxL$E&ozF4|2YEaH?F~`q{Yfx@bnZ#m0&%Y
z=)mfj%5;2sUmIA6bigT^+Yc$578(fzV8vdWN}Y+OxgHw#?hu`Tvr&U;x%(Z<rsJn<
zzsQ;+3j2zyO(yPzF=XC*c17;NmRSo39(!0?8}~aUy21_lkoi%SQP;l#;BEL|=JRLm
zL_77p+CTxmLVSn)0wq7n*ns$roKNtB%Ykt8UWJxAOJg>$T_l=H_tG~+RGI!R<D9}J
z>}*!oSKPGfr_>CGNLInJ=mVD4RlkgaGk~MtDEWyJB$!kF#C{GU_3drvl5;rV%O~2_
zI{)4}zumA`3eLN^M^ZdIPS}+TDZ(%{8hq5SJr-$v?}@i8%avFM@+@`H@l1d-w7#!5
zoJ$7nq@XBwOCC9*FD_{DRGZ6t#1$ERD3=rnd603B-yH*)C$<_NsQ|=0Fl<P7UX@pS
z;ai?_LCft)pU98`zUhrmvUf=X(dBNrYHFTx5#k}6rPMd=N9z~+d&g-*pHJZ{@w^7w
zR~e_%O5n9LW^{|dXvAsg*`3V%PBiKHj5?<=3$AnYok8m>!w>J-TA7?5{~(l$lP;kb
zqvk=(k>#K&SEpg7w#tNgzl70`C}PwZz&^s119r85!hxEll&Woy&iQf#lenAt9IG#;
zI{12DC%I@E)Z#Yaang-m(In^0RWtY|Fd(}w7`yZXx-VZj&#}vGwS6hGzN|gm>a$PG
z)Y(3VlKM^=KVYC-8-IlL%iN5V8e%Z=N0R*YwXjR+Q-=tuU*FBXiLyDKY!IfmO7kw3
zAN2dGv{bHw+AUMUGzV@{d5tfz)?XKj#~TklO@8i|)Z^g=<UlB*vtJZ>pg&#Wc{N%x
z5W%&V9~)$MiaWORWb3>qCPDET1PhHU<t!_9-=~9?uGqcM@}-5GeGm2#Xed0lsO5XR
zi3b+s@0^a`#pt<EL$~I%F*qJlE-`tx2X|l(x`(2EX_;Yn4$(Pe*km3Y9wMKA^Sd5P
zI!WkE5;t+E08R8J--Iw>#TC<z?Oy%aLh$F-dFT$EuB{FTLZ6F~a)vPFi=#%VYgE$s
z$d8`5B=Pi>qH+XjurazL7UxZhw_rLz56Pu7o!9LW)Whv_77J<XB*=r)(^od_6rJKn
zMd`J0loY6U!@vDwIca-6_d6!<dlt`oeoL+7k;N#IboFkrbl(RllYo)@9X~E3>6L~q
zh<3M{E$&N?U2x5K)ImSzkS<-dozq{E*^*_y-t`?K)lw`rCNeqBaPBoLqr8?VtUE_0
zfGnrCjs}`5+Gm+?TI6pmp$(COKi^kK>!}Estef!Y91W=v=q*S{19{rkeX76oSh{)i
z@Kd!@(N1iIOxnAIWlzF#(3NY!92ZNP8pz^MMWBsp-Q9m4+=WMmn$CH0QbVhcSphA4
z4$}cp@eTMLX}g0JG>^a2)jCmy)F%<d2#^Nyi}|mDM~SlPODak!`1~HplIUsr>xO<X
zgTOfa5<G<YCba!=xmuo;%7z-q&z9tj^Xh<<bu>`Cbr`#m1Pp{4bHuJ-M}E87q8#=O
z@AExkY{61zTnFcTr~Y>zFYeUQ_uEcBO2V!3WobP~_Cp=<<Qd@{u#&icxp46fD#`2L
z2;t5)%HIg$;T?_J=TQsW&zLP?Dv9ttTe2yZ1AI<V!JI=9d{v$X+>>?amY<U3Eo@g$
zaDg7-Ki2~-Qz!#;1DIM`2G+v7t%~Iu^hJ6abTq=8c2(Q=gn+Gu63EQm_n>hjd32n?
z!ONtkQ&Xn}?>DbHT08*&QS}6vH=JzRZ>9)8hU5$LL{2|0dPuEH_)rUl_Q}&*6lC~~
z@|UgF!1X}i2R84c2Fw>t=CLavQ5!fnl*$efUM*f#(%5jQ*Xy5*#M}e!0z~_zsJmu7
zgc{BjaEv3Q%Zqf^>*?~>{8i$Kq9sSti^`9*1Lqyb@si2gtV2GZlNLF*z4p=v0&XH5
z?<xOg3LcU1r)!Q;A_e$#WmLs&N3^*+NKNp_L!`FXJyy3U>%O}Hasw_1!wKh#!pFNn
z^kfXh4j*s!!$sH}A!WPDPqf}*!gZV7zJT4C-!R=%Pom|8v4+u!Whq%OTU&RQcW;1T
zOx~YOgz)!^EKu7OviEJ`U8`>r9g;65xLCXSID}w#jK`y3=cYQ5`1MhE_qp&yavwna
za&Z}ESIXtlMDx$9*wnag8|V%*jJ$e1sR$qhHC21Rl)1Vi0R8BVjF{a!?ExjP86fYs
z@8388e9N)VbiKNvp?oy5U#;kC_5IqKcXR9YGoO#5JFR0LBH<@*1W}-bb(ER7y{L_a
z-xAw&8VPJ%c<>`E$pfTTZbXs?9h|vt8l7lrwx^tFgL%_$+YQp9B2$i>iLw%X{ER6`
za3sGSZaKWyj-Q?{7Z{4`N}VFF&+@yg6l8sNwesN+>wWrS>QSFFFjd-#_}V0S<~N*B
zu7XcpF2{T$E6JL5j{Y;I2^dMoB>mCM<rQ<1bruq>9J;h4K+|;a>N*@fCZ3gNmNTNR
z+^HBV9h+|U&v*V@Or;I6Mif3zKH)sJ@<qNSExJ(1s<9l5R1$nOt$EqsousZ7yFRbz
zp^Z4}?#SAHNrnl>71D!XSKmGTrgpN_FV5z<!s3^64fdN$sQyC!fs+fKM4j139658y
zaN$0pMFCgE_RAhQ>mGLZJ9tXf^+fq2OKqYqr1w&)R$m)0JjeAl$cX?A;ZBVcQia<0
z%cHIH?XaDcOx~wCM;=W|UC**_-XwHy`Q9G0gL)pC*z%mcxNs2sP6pZv6ADJ%?!K>!
z-){&SqEwV<8}QN8$#Gq$2(`o0;ztUJH?$x1bvTuMum@C&i|9KO4zre*V}M0=2yV(Y
z*t`47o`H*u*Ne>q%Y=Z>L-Ol6F-u{-D*hG@<M=Db{UTOhr=qa%{oVqyz*e%=g+UmH
z#*>a*ntk~5IYonq24bfgIiGHL(qq^o?n#Yqkz>j455XZjWwCLA+Xli0?T$QsSIbXq
zU)2hV2e4@{ON{bGvdknpurGprqkg2{gpeGK<E*uM-F(kqgjVc5c-=Jjwf-(dz_~@r
za;YEEKBfJX;fzdiZQSWwBadc4A2@eoP3t<J!PmHDuZmnQ;y|JT-gAUdjkaG=-YOfv
zA$ipjN*w4|_yGaHl!y2F))!m=27oR9QaV11#FO^!>NS*~ZG_M7xL1k`UVLYJ9s&Vx
z?l}YZ8-Cyg7NAJ9J_Ys~<d;@TFt(ydm8ywEtY*@5^+_4OSnL#?xh4Dxx|%N0MIsG|
zkEfmhA-PNR_-G8=Rn;;vYLVh?xKQY$AKg)!AlVbWa<A0Z33{3V6NkHz*|qb*iz<Pg
znl(1R@y&NPi}A$C3_efAn{wh_is({J;F}z$+6DitJzB28y9K~-)lW$G9zfPObx-i4
zMCZF7mz2C~I~Y*1;hVT%pTQ4jb>nk!D%w0xor`|qonTui#38tnOumN0$US7bT%z*$
z3(~P}pM8Q;(uyZ-&J{2m!uxp4d8Fv^=+EOv$Znf=q3UW#&KL2+;rNtf#{6Gn#Q*O<
z|M_2Uas1c+_;2yw-#7cO|NlS#^Z(UcSkt>PPsY6sg!FKK(wJVAF>STrJjlC{7gJ85
zDeIRekJ~0){IIQ_rabkuCU~o*IIeD8gkpdAll(XfI!;v5yXqWZ7*~bQ?9b)fp0C%V
zPO`*M*Lhm69)a|y3ioo>naHbng@}F1<S9qFn^tHhMVA#z4m=I21y|}-9gMgLVrW)_
z)_&=}fC$HjzKsrNN{uPj8`z2vR!_8si<RQ%(!51E*F>$=3?BiNRbWG>)LRp2;d4sv
zV`=jhBhTxD{2KNZw#Qv?r6OVoc-qgUj^sS<dxy^119?@>!g502eR6~<h4%63Nt`dV
zq`$X(a$-anZ#b;2&^L>ncp1FNUZu-6^6e)Rd+d8_uo4jQo#+6XsJecfw7^~??emSN
zV6oV1FG=y8%wn@$SMrnVq1vCDES@_EYXzqd2X!_NeVJDyot*j_B@}SYQ;(h0wT7tl
zp1ECt%6_mFdx9vAB^fbGFZ-#w`{)|z*#)>{cLDaWS<jI_^*9}0o*>q%%S(>l1jhl_
z(5JNa@j#8zFu7#FbXeLxUvGJ2IT4)j=^BNsMGE=y2Gl0jGGflkTdnF3oc5_@*<1YC
z+(BP4lIrd}-k9H+CD=NuyBwfciAqli0~*KRR$YAy=th1<1o&7`9{Z9*LFqs`T$793
z$NeGf<Mn8q9r=lwZ#(h&yO<%lW_ju@g}0_3VKCS9DwG@F)b+}1w~N1K(tmcAbN)qB
zyK_Z4ADu888Vpk7CK@(hyP(wKsH*v(b0=lE`0#{`5PDHCXpYI%YdsJmPvQCS4ePh~
zNBcgiagK(Q+;gVF%eVYcU)`hfDhuJLsodl?HkuZ`=QOx(KKbhxpxcve5r))nf*7e#
zJYi2z<gZnxTy3ob^gx(Ff$lIPt;JeL?T)M1(V${K$md`RWt`V+hW7Cj=L99Cljn2P
zWY}P7CiqSZGXg*UO*hEG>ryK|3KlvV6&sqlBeA}8UH!C#4_dBUK{~b5)Y5mhFdn%9
zOl1DFujn}IH6l&z@OQaa0MnPa6ckj2zfm<(cnIB2XB{!9yBqh~W1x10fms(3X~oG2
zvLWN(pdYItKCB3fnto0ni7!pYhn+a=QTyBNNX9I=a@Zsez{Hc7cJDo(dHznN1!kf@
z_9)sLudu4vkdM$ePjLXxK3*dNeedVth}@U<nB^wQJk7qGht%$a>Um<V-xqal0lME>
zu#2C;#fjL5ubg>}=Jm62!fxZsc8I2Ak9~$@2Q5z&V5hY<t)CR?$M#w&-HURc0=~%~
zrA@&8Tm%0G2WIY#HON#wnkUVnXA9dD>ncO$CGZ_ELYT*K>~&>U_jXK@$ToipD6a6i
z<<tsDv{R#W57IS>IG8@258C-03cOW;EuSeMwvueeeZoilvjBjCQO47+v!dX;r#ueQ
z4@&3;JK_^L+egUkfL<5+HKzRY%udz6kR+9-qFUD2J*v)?@^hP{s~(oZBh9*aoAijk
z^{#Tv*D+)-b8)Ul$Z5YVXn5@JT)pEyny2w-y2}%ET#bexb{V6;2?p@96~teHT%T`P
z?@`61?lpV(*3<fW)9}f;*n1nbQ_%yPj?MTE-o_mf8*+myx3txYF$ZgzyG`r}Ld{Wr
zPuCbF?PCSr>Bm_zn(jTvALRlmy`0J4*6U0V^3<xz<>+(U|H34>YZXKsu2`1Q;~`-M
z^z>4Eo?91h*;73-Z~Ysf>0CC;D=70t3BT_9dZP|~{FzS|=26elFYUe8r65u;P1j66
z>rcY#`goo_{9!#wb$EBaQ|tCwRg94lUKz&EfL8c(472{6RKwTZC<ym9qkzG{$2jT&
zmd|i=<lXT2+{?mGaD7{<%59eUWaN8PpB)E0ieD^O-g<Qnf_-S_<PhML_ulGPYxv4u
z?|wqTWe1Rfp$;DqA*9C_Do+3fcl$Zk_T>PBY1})q1wzeHPi3|;6rW;L$P7CJc@2OM
zon5s`#HcAhQTT8y#TzBhIgiHPWV;7Hi*}v`xl{N!d7Vf{u$hMG6Ec=>-P3o@_#zJ`
zT7*1iU@9#nnBSirFH71)<pu_0Q1P|C+h=CV*FmWmV>^XU%VJ%7dheb%<%}_0kH+mT
zE|>Yu8?nemj~pN2r^Mw;K`}h1MIKp420I>br}o|&r&p5154{gwanSg6e&hG)4TgX3
z<nL4c<kq>F_!QI7*%NF#Zdwh;lOm4i8TuS?^bAiEQJp@Q2sIC_PE3BZ$zC^xsxPtA
zo#}O*Tgi1l;)Zd}{49qWSR(dYXZXFvDaI2JkQ<M!N?rlb3}_#)UC`C6Q9JxeQs4G?
zYv=kSl%L~w6Mm%Pn3eVbp7RZ7S~I(O&8;epun{_UGL)m%cXtJvG>iGbUI1%OSK?EO
z4X+V}GRq$DYwN{zg7FN5KZPmISqa&Xjd<!&nRKX}L_szx`+L*KCIfY0E~AtU7TD3^
z;>af=9=Z`Bn}6oLz2Q`PruZBSfs*dyln=R;L1YmR&Z7rUCZV-K=xRCkB_ExzM*fy-
z@nc#GU&tvYOX7Qu(RQ*QBOxX98|fyz53|qbHssWXexaL{-j~9wgeTB=g&!#JIbAwd
zPl}5Wmr3kf9Dc=hX5{d7@ca(zuv+0$q-a_9x^v>a;1{GXLKj*_f5vrU%O?Tjh7%cj
zoYjmm?re}lC=Fb6@V>_H(vdya;vvU4vFY(pFzHO8yS<5ab52sr9!1l;K4%i5yhxMh
z$WZiF82N>ojMX`8@%rDpqxZ75hh0n^s2Mz@SGBXgxPIm_o|Rys+Z>zkDJSV!Bfh`{
z)ZcP1Ma|FQ_w2k5Wz9EB&IOHfV+w_NP@kw3y4-bP$CgBH1nz5|+SlVrV>?%GnI^xb
z_Pu0<W7yU4u9vL^zZ?USpF8<K_wiw`*+02Sjcpc)yoatsd0FV&>HdORm<U5BUdI=H
zmwJSA3nT7zSm)&JX52=!a!#W4_%g!DFCzI~*etA!vU_|F3>3a<r)X`w2nBelq!?`(
zwpm$Z){-YqYs(;e?01mpp15kaAcWvD(<lLA_fDfYY^fhXTempwcs>giWb#<bAWg7s
zxp&~&Ru=5S@kkDz+EN2Yojp}v7iW%6smaqPa^qg{uSs_=e^QG5X@r&QOS_`w4BonY
zLvQNc**^NTa3OyQ3$L9Xv~QE%bL}=ri+4s~CD;gF937uF=F6}goS9~~b|MekXYzFt
z1K0U>lB2E>y_@!^L*$(&#O(H;os>GPbOTKQsGhikoAU5IjDuePed{0LFNO*|^?mj<
z>bsDGp3bSf)Vv5zVeeK?6Nfy>$Oe13*!3IE$dn6_Ro-&uDd(`BOuVx7=xOeg3Y|cX
zVG9bL#1`Dg8tHT#y8z#N-}wxD?R+V(m!TAV4RH3W!>MAp6mTBiJ|ecYx{>pxUve6>
zD2H1u)xEF!zU|fI2ZL*@^+=sG#%l}O&>?~*eg{6st<!Ye?w#WfC!cibwWgwKp3-~H
zrIpLF9Pl2noe_KO>p))bwfr^$Wr8nQ)_J=8%PFtCcGrMl53VD~U`xSgCdiGP=!&QA
zm;WDib9AVu&ZYOAtmjNz&HMhpc)H%r7`XYwB65$76~xTeyC!9>f!+JlQ{(rJZo$;{
z{#)$ijmvBTmf;n)K|JLi_ngCvcq8#58(xM<Y6??CDeoM!wc!&-Ka(56GIj=h_hmVP
zsR8RdXS8qGk$>slurk04BkJ-U;I_N;o^})%vU-nN-gAH(;*o?KqI*R$mL$+5@03}3
zg*c#C1kN75U&!Q<Hcfj^B)l<`IYBr<$7S-SLiS~l2Tr86=MdzsG&_=kSb-ZG(edqw
zNBUVKed~z<ej?>Okf)=WVlowa?X~QbW!i&UnDcbVT(OqJ3`A$@;A$k7{$+_a#h!p^
z@3gbT2Xx|8?82Veb2C2kHPv3N8V?p5@N+hUh;Ep{Hzkzha$!Lac+2P9^q9fB=b?)g
zh*RqzH(if%omY-GUJ1%g*^@zVjTl49LqvVF&wXtk?aRSEjNfRLA&Yq#Qk;#8>dBw`
zxyHGDuh9ijXIkieef^QYVRZ#|CarceLPmaq5VgiqE$9n|JHy}kv1_lstwwz8_!D~0
zbI#6O1n}TTkT@McZl}uk&O*NIIB%L*s@yA14bY`FbL&)F1#gUc`?7|O9k?1qy%8;N
z`u6O_2r)Q$BGbN;F0QYrh*oq}T|PH4#MAHvTY~BulH4#j-)y)SxWa>B)S$MA%|qY2
zQTtx$Db6M3ejkZR$Q3v_D>p6fp6dwoVDvr;*(m|{AcAo1fm5HcfO(9b2><5Crc@Yb
zAo2^Yzb(SD%QE&sya7whm&3=u0Oj}I9>M}~l-R!@MZe7KTxc$vkaKeMEoHS!U3s1Y
zqvU<vj2K21htHCa5h8sf^q`A+jS4QFEYilak6OIGP%=t-Md(On(Q*!lf2kX5zG>=V
z&ged|ap%Hr2xM~WLB1!SCSITMoH<}EZL2+c>xR9bW8g{ekZkG$`R$!`(}-Q&;^x-_
zUc2~`=PI^Z&RPDF?#~&$4sdX{;4F~yQ1A)J7N!eklF8@H=)B(~jAtvcu4Zm6-IL|=
zxit}G-Jbh-#=j=PVKJ}Q=0)?RSsLDc6l43zt~||kA5DLy|C%Zwg!xXJ_l*No-V1Oj
za?b^H-pVYATzo)qzqmKhzvH>JyUy_$RtM{~R~ezNn685q(RF-OskPh!%J{NIcU-oW
z8(ni}?diO44^(z<x~=DTYG)wsw}DhAee_eLkD_n%mz?a7Dua@TLWXaBDO{b!YMEIu
zhs>DVA<8g0QM^?SP@p{(dQp12RE|^d^2+#QT%Ymb0lKW#*Ux#HWMI+wT&3IfReGaU
znsH|Ao}8XJt0G@aMY$mdp1ISfMibYRhxhaYGeNL>L#pmAYSIOFlqh`syjCY|wDsOQ
zkA3E_XWiVsao_zo(q#galVLf6{fMY%V?Nb!XuIy-vGo(*J|0G2d2;*k$v6vj!n^3(
z#|$~0w(fy?NfmJPK<O~Cj?8tL<*N5I-?t{SM}lFWlK0mO8tdDULa&4yHtvHJ$LQ2A
z$-}>2#p=q*G#>n?BUBv}eafS%8`LWN%T*Aqvg534J0ClKx^lXhsHs@m(LZmm9iKZW
z4*}|1J-}1(<o_o|dj9aOPjPP@jGW!=HdPBIc2W>%K@X=&RE2ZW`H5(DaZ3<?x-1~R
z*H_9;SCVTZ?sw+$kj+`QoL3lfLa*Qf{=91(3*{<{Do=`4#(|;)ASSp25ODdn1NP~s
z&?Z|v3{sF?)S!f~ATFN=I6F^ku)Am-I?NTD&4&zTRcs;R>aeRn8k*S%Jt0aVz!!rJ
z*k-TrwYLyDO9-<b!!N=wl_mSW0)30T+P~9uMhzxgwG!_pKK0*&edh`^Z#@Ba2roJV
z^t+Rn&bdMvvNscUyXMI=2e)jvM2(S~x4yj((nN6ewIMBfQhOuASvb0<I^Hj#{sao=
zX;OB#@X_;7WvTHT2J*)h&yn=(yHm$U+;k${ETz9pNqTMQw9jDUUtT+reuv^`De^No
zo(j(;n%grT5Z_3nLEsK!P@dAKkjevF44&AlvPxnPN*zOibR8btC_S1i{+PmiBR^j<
z1m37V&>ZJ7XsQAC-HUuBptOZvTk2xJ5D&!dwbhO+zi<$XtBF|XQr~(k9(_M)hx)mB
zvHQ&;Uf1hn(noh)`muD5Dl-QqN<@rrCn-?(eg?*J-z|n+v-2eBJzv802%$udkH{9<
z#GU@!i4mOhl=QvFzV`A&v7zZvsW`U?>B(wF_yH>N^QA0+8&K7ync061TE#uQ^*X|g
z)~w!h%S7X8zFy78=gwuPExTiG2Sz-6Jk(mxo<-3J^?n$21LezjCXE@)%08>+>bgw6
zWV!zLs;Zge@z&Z`j|*H=FpAvNccI@uG(?P$Fpuh(bKw)j75#Y^3asET3FdlvU6*+J
zV1?P|;wI@}=u=UlZr?GsR+Bw`=!A>DrC^bdcXfnqO_8bqi6qLg?`CQs+^3z+V<BDY
z4&PBsaN4^_@D_K5EoJu!1WukhAkuUMZ1uu+VO($e4n3TlGbgpnM&QcR60BSmuVM%x
z_Opa%{A>|-sG+6>9x+KhO5Oc_DLl6D0Ms6ye9o_*G^7x`=TIDW;57ZR#)z!%(F!~z
zmlHEpA9n+01{-Q8e6r=rx1kn(Cdg5|Y?1PYGFrs_RPdsieiLG>w07eZTz^~*ON3(Z
zn0@=Nyf&y`@CP1FGQswm?nS@s=9kTbvrk(MH)6e~doQ3dNj4}vRhe)B!jQ(Uc0$*I
zb%dQ``o)H9xcV&Yb*DMOn_6JvUw%8?Zi_|nAw(0XIsx@$$FTERehr|;!Q2^YpJqeR
z>cf#&2vr+!Y}B00T6pjg8NP&WTw(-{-MHP{A+v1=z;GP-=Ak_?hX4r$_t8qTzn95-
z`~E?cK!<)|6c#ztVPT)8-}yggI5NRCSymOfWY^Mj{0{JNpplZS`p|HO$TxI~4f%eS
zP2zc7o_PELEBf>GEXNnI%$EgF@SnpsmLiIgufaa4uTEdkV!Wc#Sf^;bIozLroN8F2
zS$(lnSU&1ET2}jBRHPGhx8}aa(S0fL?h)Cr`0_C2fRS<7L`kMy<O1RI9{UhK_^s<a
z@!&=vx25Nx2UL7nV(!gE8Flz`)OqD3=KY0Hg)}HC&*q9u0@?YT0y>IQ6h&C?xAORr
zqi=!xszZCcW|cw#vI-jksCVc_Ofn^Hb?zgnhXx-(O2NA0PSEM4=P9U$tr=6Lh6CTY
zMHQqY8^*msEqY@mcAdUqkc=?_6RKR?&rA9C<fA-@JNO;=P(4Nju8K@Iwc;C{e;R3k
z_shLJYkq0P0Km*t+FAx?Q{ilEd5_VPQ%T#nP$Z1dj~l!0=hWUXm!iR=x~wqQJ`259
zW8pg54mm{}5eqjWEeYc!nTMVQjID>?cB=G{AA$l(=~kUbZ>}D1I&h<E^Rqp5qwKI_
z)p1<g05?|r-SweanZMm3p;LZ8(%|4C=1;)Ly(A8R>0_c=VOOfYvqnWk4+OBk6GQgo
zyt?o?_jMZabEhd|jp7WHNNDzX!iO05PN{)7rKgDWY(_px^<^S4xwZ~I4YT0_p@B*f
z9opCY^Zlf=j|!vstz@{L<}Ia6fU!WflK9fgq%epZ$?#pAs137VudfWkxdl6M9|<yK
z#7xT1H|Ejsbhu4R%1q>>R<k*JJUq`Slmh_wvGgUC4ExdyU$6NAEQY`LeN^LJf=qiV
znfy}<IX=Y_jy5x61d7Gqu|nE(Lx-Xd6W0o>@9C-4bGQyu7R&L#+9=qZ$&>Yv^r3gc
zt0F>&o`G2Gb5Wh7!@T5u;8GyKenX4FtaQ2x&$#kX&ZmP-HE>D}!C6jlKS6$N`@TNg
z^cKHE>01hEiAUX!gau^H{bD-Id>rV@+eO%7*6V9mA+3z$!v7}h+H&RCaoCn*JuK-{
z&;2jy!gcOv0|6!jOeQ($uCgf7mPuhYH|}fTkL}y^<zOi$gaOaxN7PJ$PXlrn*Fd{m
zJ6%rdTii2LfXsA9!`a0=l#_|~rnD%(x7=q~?-}SdU*6+P_i)KI1iMY=sd&sQ0U%p}
zo@}bBY=<z8WQ{VSjZ{~<6g+*d1W%Oed_fK^hT#%ls?xmWr`D#Je!g^!qcTP7*b-5P
zvt}Q?d=hMMj`#4@5`yiq8?kpoVgQ9F;Ix8Wc)|lYM^{VmUXPh6!KXQP?&a2aQcWi>
z|3z(5*ZF+0h=LDvB~9M5y?6W~=Dq3Z%R&Acf?8M;Ux(X=pA4eLr}H``O=244*sV%5
z@FdGjDqr_6%2q$N4eg34XYsgS<x%4PuIP?UUKLf1^7;Gsw1>MkzhEkTECJvulBS!0
zK;LU7Ykzm$fv=`iyq4*Yl6}`LIyl&gchumD@F}4NJ&$w4?jf9shgTgX<Mv${`!eII
zld#pV+)3tjDYeXwjS$bLQ#-&yUVU}UxC`Ccl>7P*(=H>v&rf{>CkVb^I$N=nNnb2G
zMW=olRN2oh+nIh#4pHv|=oPAe?z5~a_SEbGLZ2Ko7+t4c0lA_&YJGq!&tPmn$OJrf
z5pFxjz6an8ypN7E&`}zW>t7Y<%_>$g$XkO|28pnnsJu~dbOR)*4LEMKjVafn*hurO
z+JW2pb$@$Z>*?84VREH;{Qhb**~nQ4zUkPkaqV?RJHFTsiag;f`x*H$1CWX);Ohc@
zSNJ@}_Jv+O#;fl~Tcy^P0g2k{qX>r0nHKxh2%LS09RBz=hSK2p4&C>_kmMW_Ik(Oe
z=5IA0{}L0eKWpA||89$RuA{m>P{JpviURUVL0tzPJ1#+WMW7GW_IJPF3yZ)@V^|}X
zO;kMh8?n;2yf4aPvQeQ5Y(lbv2EyT8(R}=vRFX8AIl;~oTU_bXQY`WrZ=bSWgsf_3
zdfJ}JkKAsL=5`Qriq}|(pQe1W=A3%VC`yZki&LLqGs&ID|8KE_lt>%Zk)rT;nkqXU
zJg37HM?86(^c{p7<>(<*qByMTdYaXN9j`^V@<16L$P>Pgf%Covxfk;sr>8KB{+2h?
z9R4nkh!x)~660H-aiC+ofQqJzkSeR}HL>2aiIIKylonj)iyU#S*Nfmbes`X~vxX=4
z%6)>amqQ)B>~etj0hTIG==+!nPcdJuK!o-Bj$TdI7SwK1vzB)(?aaKIsqgMhOv0{>
z6*#kXwBD8X)B3vWWFGR?4e7Ol+=H0|@wuAPdmUiDglQ${e1E#%+0V_}iJ6w_-8O%S
z!6N%lZ#00V&p^wQXp`z;y+6Hv7l%$7atJ;07dNrv?nVom4(R%NJY9*4Kp2I9=XeDK
zJXYX!dlX;a-7QmY8F@&4gLC*R^1}86kI+{Q%094WVp!`{?>VOhgj*{_sT1MdlBYSp
zxU_jJJvWl%*e;J-s>{=8r!Y%1HOe0BTVLp<1;wq1mGj>Ew$Bdc*=l+UA#@eOl<7L6
z7^l;$awZT8pF6WthiCf;Fd^Mrr_RW#vlog|^_&~X#pn+gk4Ltft+^ZoJ?v{rtJe6M
zYhT8tq;Ud1pY2&%)m{wT8<_T9XqN)lUMIMorRL2FTkK@<d7nQ4^6H3&{#^FY{USi-
zda=LX?v1l&goEIC7!l>YY*+m8`f)PDEna&xg?Rh0AEf^BF4^!r>1AVnPd8{yud{<j
zMz7Acu>g#~$=4=qD38c!BioS<7h`dmC(Y{a`7%W0J-<9K0O%sbYaZ4;-lUJ2>F}&i
zAl<x2)-bn0NB8dJ>vp}>%`0D=L{eqKXDjO86(zx#Blq<-c+4=t{GislEwE&N6ZvUe
zIKyfHHFP5n>^FvWc9d@uZV3P?z<g#cahdS*lg{PkSUzJoD7UElc26gA(glSh)xBz2
zCra)bNdvW^Yxa!jn$B)E-1oP?`^{)FiKDF~evPvc6cZdW)rw~H1WQ1D+HsQMo86=8
zG_Q>BLK{chjrX>JzmZici?k&A0Wbb@8&_Vzmc!zAS(<lj8vCEg=%@DF_mCCvmFzXX
z6h5;Da7@g$W%QiojB|(dm3pZXJZ(O=u1t`zS66t0y+$_!PkXc=xqe;)3lQJ1)Hn;g
zRZ5R)hRSsv+sy8Yt5uo0mROMo!O1mvI!=a1o_xaN4zC6@cCvm~g^=|)H{0z?{qSR_
zCd$6pp!ed8o2wiTC)r1rXR=&_D7|~iF9;i#-%Qnt;V;bMTtx2{(EItNmE8kOgwS4a
zNooFUMcCUV8N(eOU0{vgY=S?J7Uv@9g98V?eX6pkQgjEd>ZgF7EF~<Nkt<B+&Vg^U
zz;OyGA0+zY0|!+fJnY<=<P>(GKAB3lS?v{U=R?7KBJ7&fHR_aGAPtMJtQ`(izDA8(
zmLAOA97iz+5v^`QfT|~aCUYr0z~6?>`%Jpy{8nvD`xl?sjj#XSqX(+ON|sE3Ltx<$
zaEdq|U$`j?OuggA$vuIc7hby$qr3PR1sbpwv^m33#B|X|r}rEM_)gw$=AJ^TYnsVw
z=U{&k6oPf8FJc3tlHux|j*-)e-_ZfMWsEgSU<maSJ=Wn??lIM!I?><n#PGw)^K=RA
za6aUC`X-Mc<1B&P%~j=#&AV3zl9+P<s}^X}ZEt_ulLR-oFp=d<S$x)ANAa3xpA$Od
z=OohgFI>cGP65HFa6qzCZAQ=o{e*r55lq&1#LW_zH5G0x;+<~dyv$iCegXgktTKRL
zZyrbeHM|eMjkDg@Q$n<Zxb(zT@+-xEk{CX8=tMVk1||d>Gc}RB`HjAkE6a?xkvImS
z{1rE~_eR>`C&d-f_)7)*@-=j{=e$m9fGbv7<3Z6!fyPUZLZ5F_6OaxoU#_+5EJq?`
zzO(#vl4<q_0{6BfdM4z(drG1dPg_i#HKU#)Y9NCQ^_=7X=fq>Jh}f|fu0|`khM%ep
z*kcEt77SYe5z+Dt!3AuES-n1w*K(R*IL}u;SH%c)cZR^r){MJBT;bqVUoF>K@wMQS
zaKl*Yo6VQX4!mY2fof-G*mihoxk1G3+68^Ik|R+1gw$uWN`E^AHmrFS1c92pVswwP
zcd%C$Ur#fII@Q{MzL(r;H3FK>;g!4k{&{c;@q(wfq9Yhwuc5{q0LcEv`ZVwew?Wij
zo&-|#ED;5kkR5px4_Lx<oG}fEN}is(*>pVGy*>+kk-fv}>MN43Bpx+b4<h?&Mxe!D
zP+cg)`%r#+(D^#ZS1lN}wsK1aj_Bc#GoSYo?QYbiE_$>mtpz-bAx-nK-i_}-FqqGK
zQN|f^)lLjb)8{;FNdR;6^%9?vZ0sRw%AC91dEJMk2zfid0fE^Xf_@+7%L*`{gcJ^~
z6U)hR@bEohY^+-6tdOJvT%tCMC-Lx0W7`G~?yi#~a!$$@v^0Y9)MngjExhyDOkcT&
z@o^C3b`8B7={(&Qi>Kn1SGYZe`K`DkjxtwEO4R8+DBkM|<-Z&;&iT2yOZ9m^^gUkJ
z<5CL4q{PL4Zu8<!EcxljtJ5yw!~ugR+?ucKYXaI;6OY9UVDJ+$+a{~kd~;!*Lc^jH
zOm!oA5{j>VE(`Ky4HO(^(FS1*ivkz)I-dpBshNbCy(MuPZFT#Mx|@);T6)(+e-mes
z_(%5mb3;=E8J1J?&G=uI*Hi1}gZVgp7C&{wM1D<d^d3(O{;oVGR&PEMIA2O$)>Rl>
z>5voWf#_L%fD~`}+m?ej9b+xNSE%e5pTh!Da*Dl-dFoh<)SXpBV1NdDZO{;Q`X(Ut
z31X4L>^mp4QO@<0FOo0}59lLYsN>EVz@^>@kN4}4cmt;U83wHVhK%x_=GVZTPO{)5
zb@Tb(>qbbHQ6R}9Ot2~G<MH5VS%hw^@W|Db_AENbUt1}$g3?DQ`LVt^XG55S)cvFs
z+_cseZ359TDw^1%Vv`Lk*GIx!y@^2?!Z%LzNIc^A7}Xbd)-W5UXC7~`mZcUY+Fqc?
zrS1J;o?CdeF4N-?YOR6D{U_1xT$ZWpf=}*x-%aLI-IpOnZ({kA&Lx}Y)accO1Ja`o
z+6C~GmMuz`NxtR)Mgp+(s3X`^9TbQ-()2X4-pdVrr|+3Z6(^q%zEDT`7A#ywDo*1a
zl~BRa1>$_@><DN!b6p*8dY0)n*hP0NYIkDO8?L6zkNKIiqf(F<g_d+@p>)4jl;3vo
zS%O<WtAUGWjtJ9a%Y1R|Zinm3>A#Smt^mJK27m7JZXlX+)@#(JJ~n$!TwhSce`YP}
zIbJNF>nhPOKEZp=y(8->4!L;sd<V9t4?$yzLdMn?b(cQHCRIu|;6Zn0ncd0=_1$W?
zT5~xm`GE3?gmX%m5#<^@PAs`+th;?EYxb4iq3$?Vg{ibXFpuDGs2uA-11nRBTMz$F
z4h>Wz+)Js>z_zl>e97KZKAQpi6nFFaJV!qB%g_9u<bCTCPh}j56O=8V6Y*P}fTv0o
zlehzqpCe^^K{3D=Q;!YasYW3i*@JLxMRgvfpuo&3t<X+8f0KKQQMN>RNJQO4Z#4<a
zLsWI#&h)ZAb&zI&LF*FQfFGcZTXT}Td^aISk#0v)WTTG)Hxvn$AaB&+Ik<U`qqkc>
zsG`;}HF=P~g7H`aoSKW#PWM86ZZfom2xhGWxQY!=c06E8D4N@$#cnxYnA#m>aaE6#
zFlY0)$PGQ0BpJ9MGnbZFo-WeYh7TfKIkcH)F&+T;HR216sA_gKGL#-bLfg?)grv5x
zV#Du>iA`W|hPmJVjBC$vE{G;Kn}#TPSWst0ZxEHACtBty`<X`|Ol>fk9z%K*TMk?s
zDp-B87LWOtzjk9?y*eht(jMZ^%}bb(u|tBUO7&^a@38W<MZ$Av@f%9!$5}(~BiBma
zh0C$156)7a&S84JVwGB`V*dg%R;sQ}t*yJT7x<~T*Yyi_1<SoLo;T+~f$Dd+RG?9o
zZLWrMw}J?sN7kvbW&7t1#e+Y$d<ElzMZRiy#Ocw7FYjp7@aR8hVoVo9z{i_0Va4TM
zta1Y9r{W*)zpZbLlH0e>F@u@1?-?3DRY<F$7*D?A`Fxz7#8$fJDGX$6At$Y?^%VP;
zg@WrxI}ZlaWu=>7R}a13Tuq-5iNZi8+}kv!{<%aWU9gonf>XJ^m5hu#pCh&&CL>uW
zxP)+&=R1(k`^2b(b$P_NP6a!+`sd%!o#Uqoou6Q!d~f0qpNY@fm1y%&9Lf0N7Z+OG
zPWhJr80Yn^Bd>PmNRmG7f;?T2?UhQkA&n0DMc|=%Jz5@mA_ID(hEi|uBc}N!d=nm3
zBvCOPDx~9eq+jLfT`A3#3S2?LE6wNFMC<y^Bp~*cVtVU!cq19~)~l4XI&ZDSO-03n
zC(c=bz1rFmLuc$xN3vK}e{@vr3(CFLuc>55Hbc<9pYdv%Uez@L-cgt;pVGc?L4eok
zL}b{xEfF&18(QB6I@0JVIV49Pm%yhe^~h%(&I9e`@)**2Dmb0)Lh|KE_)KYI(X08-
z!WCBmDh?md3Y<R3v^Ecv8LRWGpdg~S@S!_62BDj=4lW1mvVOU3^td5c1ju(i+9C4v
ziF!{defb=K8~k3GRPvW(ay}z!C7@~2&oJS@<>AH!`F01!ZRx$C6A%Eev%*tYcA4b6
z=$u=6o$ATS$1)9RSHp8YPfo?bJ(=i+9V9m_slgtVbrRXWvq{p|lHyTqPIf)-c|z_z
z4HY0G2+Vq|`WMpB&)r|cIgayjtFAscuSfayhBeTc{-=5ZxyRoJfirx-^0lcBPFn|f
zy5W_MLVqO+^kr+inLgac$55V((aO^hPk)Z^J^h)=l4<cdmr(mO4XDUly%6*ibjsG|
zqtfrM&XXe$qm`r&?O}KYZfCGE>7V0;Aw{+M(!@Mr7n9^owq^hw!s@VeF{qAFJyyyH
zz&c|$X$o;Lak&6}_Hqb5WH>0&^c1W)$IRu=>xk*r(*k_pEP_9^yoYx5ebFkZHYq<w
z^Hk6Y3Ox42g=@@u$9=pP4lV<3=9<lIh<Vzl__8dWV>=6bZ)@3?e}&c;anAVcqo_mv
z1qH(ZOQyVc08iffG{Qp7H37N^@#MO;l+*Vd!9W^2v|$gYMA9o-(p5d>bE%)Yh?pUv
z*u9G4_o+juB&W~r`@jXLaXPM5H{jy&AXQ8Agx6C6C?64iucc~li<~sU0ljh6;sL)5
zgUxB~o5wG(*)E>E54VcI5M-UQy}v>IIQ^EL(xbzWtuctZU(&`G20zBWJD*?K$^K9V
ztoD@vtzNg{b))8VoWal1H!a((=)8AS`ME21e+OLhURfC@J@_zfeD4ERIG}W+FUF;G
zi&g&SX0EMTkXHta-?bBnL|6OiW4&fc$SFip8}SV~gn>&rwt@i$M(920{lrxI>7$Ze
z5d3Adm!C?TC44N~`m`aT6h{sRtX|%N6TT42G`i<A`ZDf9q}FI<J5d&?nW%)M)k^Zy
z#D#zE1FPKcTB6833?+!dlzGR&E%5}Ne|jV@I=Ie(9=S!qfvkLIcr>nnf<PY|hJD|-
z6i&*B`Q~K_9{w`{!Se5B;fQAXe0PrX%(^vX)+Lp~d-YMrJ+&9F;X>WGZ{3~2ftcVU
zL|soUA9~A~9~0N_o=%W7r9B->-vub~zq@l|On&Bb-FRvOs^pA@h#v&0&y~^geXV<L
zVi;c4KRF@~Bx_%1%wViUyibljT8B>K17B=;_KF_8L~}I7nFCNjs-B)WpU+6E`W1AU
zxcS+?9`rA-b`{NDOZ*&MY2|913F@Pyo_)HDM1lPErQ6P;{`%G&_92KzJ~4PrI%g1!
z;^IB9z}sjcam?Tt(Y<&MevZwZ^Sb4k*Yq^V_D*3R+Uic}b`Wt-;p-^6v^Yiw<q4(z
z=KE9*w+Qk%c-rrGHgh(g!dxO3f?(3@%mFUOyou=dUcJQdiqvW78y|;z;%Zba9~Ul+
zc*NqhczxXsElzCK#f(R_A94rt28Z%}tOrwf$;#_o$6TY$h&Z~0uTUFBj%|SA;Y&ok
z(Ob74LxFmlZdmomBS4?g^l%@aiaB2d82}klE^ym=vwb%-zALA}x(g|vf>qeh`y1Ns
zSnfRPbx3%@9a#XFP4miVu?#p|g71#dcF9egotwnhv*|Pv8CP={!IPXV@I`6&w^1yi
zzO1d3N!W)o$D}spW=0h26UA{KY1%@XZdDFC58$@;LpO{^k+B}DQ?pm|z{Wp!gyrXs
zFx=tUVF8l)#^IOIG`Zi3I9TC2|J)nS<(U!6m<sYiGggCm<XThU`e-=piOk2IR<%@v
zfviIA1#iLhoH>Vt?sxZ18!s<DcB;71x!CksD_@7{_l-js3a}k0>8j{cN*=`=m|a&~
z-&;YKn{*kHRL^uC^T$W?%YUuzvbubtOF^6UJ20K2_uRLdD>>F$kL$%Nsv(h&tH<i=
zK&U&fk+Wjb;@J#j<Z}b>&9+PVWVy9yw;zaa5<vQBXv%r5aGsiDV2_+2t!SdOzp*0T
zmTy!98JIU0!-tjeY~MO;)@z#1SPSQ^mXA4oS1z=`Blfn^!znVo`9vb$scYC1arb^1
zg>c|pzS)Q6Rw0IFl)!Niwt0=@o8&rT;5j!>Ypt-^`<fR9!k{bcu|1LSOJi^-?x{iT
zK*BHLiJDJ&d91&WKYtgqm+o6LI0)+J+825G(C5OqJ29-ka<d1|Zp&8(;~?&AAE47$
z)qKq%$8T%irxdI@j?j8NxZf`uCPB}A(rk~y;m=Vl?-Tjme5Q9JYl*JYs)%*u^~V~$
zgudM9wl74TFe+{pza|}6ZV<CbprPREF6}z=C>=<pUy*}VCRKJqrD<`&Ro+AKnn9<m
z>jAgS@0Wp$bba6~tAJZwY*7yA8=@iGkpO>&)6{-rHXfNw8lEFa%=%>zkZZn`Vj&%O
z*wtd%T%RVuO|z1zwObV$SD7r`tbmv5aHu@Io~DK`O`;xQZWXMj?|xd;{hk5Fdz{?7
z;mWn0Yp)*(Kb`<rAMCBkKhM15y1pf27vY;i5h<!V#h^v|z8)P>9!?MS_s0LfR6g+K
zJDn%T-|GEL?3^mvVj18{oyWYip{uvDkK*p=cg?SLHvSR><U4o>d4MII4q!Mlkamz6
zhpuKdvz$GGTP^(g_<kqwt6LYg^6{cme0+M9@f%uT*3%@z6HN0(jLCr$6;WN#_9Y0D
z8^bFH(Nf4ctQxrITIIOzgvrD=jLX5<DMn8zHJ0Qx)Ng}G2fh_~6sgwF1yZNdN8UQF
z*!3I=d^GUX!y~)Obq1>a1YRY;DzL}A%Q%*v%4`zI{O0#49Z=^izUujYP7p_0Tb|3I
zmY;QlOC4h2ERHd)_x%r?)P5*X-?Zb+;^a(6T=IGpBifi0cn-=+ZEaheu`y>Ps4uIr
z_1m@aij16;jPWY=&MWtee99S)%^`D5SdGgdo=J3q^{N{&d|}e%$5lM~=6=Up2;$tZ
z`epZ!LkMEgh9(f3+BqWAjh-W9ev;2J&$(Gr=uqcz)v1TWcf>5ZTVd2U@y-mM-d=us
zUbt;ewfds5B_r8t8oVDo1?M6~JC4wI8yX+cUi8c>!ZBgB*y!^xPibF+gSvcGma=O=
zzr&_i=WbARADe<}-Yp|2OZ-joozX8uWNo7mpMuP@?T?;_iE1CZJLmC3v!zY1O@7VV
zXVVQ#b~f8ypLYvmEq}xk-iN>Z9!x%J@}2FFXU*Xw-I7&55$ESFaa)(|cS)kgn|Zi0
zcJ!55#!w2=J%I5~OYhKo0T3Ez7t|l-C~~byo_yaN)pi@FKm;)@OmC-S>AJfuETAVI
zxqS(G$suWNCFq2WaynB#vNES!vv}X)0_$NHz8E%7Pl&@K1zF@*;$B*MB!h5$<mQq-
zqG2N6kxcajj_L^+075{$zr^XeCmw&gN64@Dd3f@a9oXZZd+7_If6pD2bqcshMtfue
zqk!N7W5v{xCBOwY<_iq~-A!GQ)fH7ne0b!}U@`CQ+qG;eGhM|qt@q@`IYD2nGl-s<
zgWAS&35fS(I5mbb9q`9P2p6W9A8UpaeLSZFq4e-UIr=0KVEA`Bag@aMp@DZV&^K%$
zC**wB<x8s19Zl^`aHeWOhRX*y`&5l<5F?OmupY9)N8~mE_9++!p9A?7p8)02Yg+d%
z1^_7LMV2YJ=aIk=g{7OmWBWZ<8heeP;)Jyy+KI<dp<as~MV(7^!6c=Q-!aTwQ}jm@
z4l_)B5GskN2Tks|55P|;;CBxWA5$S7eR8B_MXuG8plOGkPXY41X-6v`Yv`*-M=W`&
zvRXMDADz2x7)yfWvWS9r;D#PCNj-A?a~JLtv19eE3j~Hwf)Af@JV%G|@>C;w=;B9c
zk68%eeIiotRZu2KCfp*zIj{5D4d){Pc%irbuwh=Kn1Z>O&?ng7KB0CdwYqk@{KAPO
zp?<(!apVG%oGrwgk4_ckz26iyYHID{_`Prh0S|}Y&$s5+u<+5})571(VCx*l^Nmqs
z8y!uk{4CP!zVan(`==$unrXl>H>t~?qvw4D91osRT8&g_4u@QR05#u)6809v=|z}=
zhf{Vjv-^~Cr`~|+gPE_Vqfvxx+#|7sFsF{tdGtZgBqAT<>!%Mj*(`mECGev6elS1E
zubtk5hMm^A4HZR@PtegfF@bWKQ)$OgZ{15M8Dds?)S7&vsjO3S^M>pf&I!j(8P|Or
z_3<{29>Ki5sr*E08%`qJ&9$r6F3j&k{GF0c5PK7mlm$PwXWv%k$%EApv=8?P)E@pk
z$g&J)it79Rt2gWt@3ay5#fwDu@HaW;eW4p4k=dJNs_w<9lbPC&ips_Fq*LO&Z}{!f
zw#WrxUOSNQ4SfHzYXg){cwU98j}}_7%Xht}FF%=V9Y^b_{VXwhf-OoZKX+ew{J*P2
z4LIS<E9mK1|3U^8Z2_p!Zo1sdbd>Iyg_QWFTIziby7u(4++K{Q)C3-r?S3!IIx%l*
z%;Y)uY{R4SI3$^`h@Z~?x^%{)%?|f9caR*LIpZA?E0h$qo6P*V8+M^e<Lf&NSfHf}
zZ&j;Tna5@vJAl5QN7uq<7M7d?3kmQ=!w(r$8V5sUxBB3>B``zkuf&xDB?#s(m?9y+
zRCce_NWb?UwKG}^^5;^vPZVEC@%pAB+mu3Hp9RhLykD8Si_2>${a~yvoGq1c?O1%W
zTqt*306&B42Y4<;LaHN2s0VjEwv06l&1{?>koN18^K*jOeoqjCFmUhZdaTz!qv^YW
z-cJ_V1HlWgM(@Ty15Caxki7c^%aq)RN?8v*ad494TxVQtmTJCegMB+Af-4>hTn2+%
zj#^Gn=iEN^-9@o2e00oDt14w@;Y}QQobQsEFW74m&^)iR`C{o8ps~%s#(Qpj#(7Wk
zYZ;K2sMLv5npFY*YAuufi@+@pZ<0h{Dh-LAGml{1=39MP?TGU^m$TaXbtx$}#|K0q
zM<n6ithir}JB`Al^Z-5Yi{gGJSg}=m!N|`dUr{tVfJHERR5dky$rrAtLo&x5<F*Ie
zeX`cYG*BkR*ACZi*q5N)I#KTn=$L};m6cT6{1Rg7tz0zGw8|SFvE6TEPo35%Z=)M>
zQjy4Oy}*~w?3trCh2o~+_7iW2Y_B<L7VJ&?l2xVQ_2ML!tHG8dA5bVZ!oh+?zl5B@
zlFDRz=xHR56Z_OPGM6Ob?OT7wQ4+K@`wj5cOp&$S+sfJ(D?Mec^3hAyBj-5oGVjhw
zl9UD;7h)dpY&~D1DfhjK_^8d5rGnIC+kyDD{aGKQxn*<nEz0F{Ni$*l3y((r^Vog$
z98YrcL+x4hg{Q#$&P5J$;e;3`@%J^;Hf}$p{bDmhP7F+5Z`U4uZ(?~vUEiNOp9jRf
z6qexk3SUwM0Klh5CGblfTcf61`ppoIJ*g(xRdDgqa=u{qJJG#tNbjM}<^l(u6CU7D
zig82zoI9Dp8MUL!Hy^LwSC+mg`b6cWw9Ec&Iu>2U_{nzs=N@uQWdf@BDiihHO1OTh
zl;NIgqm-oGxO=GnIhP~OC_9oUj}qtrBYk=E_f<yZXNi}0eSqp1JKC74fuxU4J$Yqy
zvS9{wc*E%!Ve+e!ek?;9DJQNyI)rlaOvwocP$judB^4N`>e+LbCFe#L!p`l6eBhAO
zcbIyLckd7da$S5R1tCotGR_>zzRddYv1&RhuYX<@R_3;Lq}MDhp7dqNhezM6*(ZVS
zBhLqY?V?VGkU==1zhA2G?G0Q$?3N5`t@2h8ukXcqQgw{ZWH?S-_*^`XVA8yTM|%s4
z4WNz`qFlWO?imslt>Q{7^dt(Wl%gl&K4rI`xq5xBbkW~oRYRX6Mo-+b-bpG4dVO@a
z*vc>O^+Xq)@8s#rrk1BZt5-@56^`dVxxq*C40ADaTk7E%lOvoT8A3WLM`}-AgNUw*
zrlnVQ3Z?=G8>$en`dLtMo~zgu3RRDz>Ol-0i&3r60XyEeW)yDgSy0066SH#Q)|F^`
zvaU&>4()gQiL@~}J&L}IQA4U{M_8%&@t9ouVo_$v4se_3hk5(asGI1hU<>J2!`<Sx
z?R)E9r|i^70U492#&F5q!#lk47MraTDAuSC1?89F?0{w`mD;nLBA{$K%ogOFahr5X
z)Uzv#%#RJ`>9EqUCDm_h4L+N*(+Vx3Dy5s@x5}*m-91=mww*`N&e>Rk0(Vd=ty2Q3
z2%<Yz#^pP?uqr-W`5^Gi(;vG5ez3_725|KD&xFsPyU7tx-yu^|bAVqF3%XE+TCbnr
zLXJ|Wj9G;I^CXMy9!v@*WkAjqa0cJ3n+FHj7gyj)Kz;5PKGQ9_+sF6RiM@C!dX$n2
zJ>v1a0?B%-l%X8>z>VW!+ajH89;NEQ@&rgjU)*CEh4u;*-DhvT|0ju2FGR*jkOa=v
zH5rq~`=lhlYG<%IJl|z7D%kBsZ%f|^Wt~oY{Qiocq$<5l`weL-4B0*oL(42up7JVE
z+XBnUi6N&1Ss(qaCxYw-i)A-w2!J+FmSHX(NRBT?$l~JQ#u?ifVN$wv;1VU(>t`q3
zO0P#Rs9Y`DFW&;-=I|3hcrH`U(<vW!+gGy{N;K73LnW5{h{DK<fAa=XF4>@9Sl@jG
zj}vi@5DWp%*|NTkTa>V2#4(gO4@%KYs4Px8-W!ve#&m@#cVn;feXMM1SQk4>9k%x2
zEvg?p^leY@A+r`s0TxvzFtynuY%)yxDAM9iR=ab785*@?Ik-x>UZT?=X95c+>=8tG
zXz4J#r5a8O1osGTW5un@2R2*KbG-sFA5v^HGtWH1{zTvX0<IVn8W?%M*$wnl8VVd0
zev?FEI=IQ6mPm@v@~UoLv*U`+2z2lHas%hVPA=n>x(~7Gq;#S06U^Yyij)C%6A9!b
zK<e1}E{f8T;@5%a8}As4Qxf`QGNy{*<Me&cmTWw=;DP1{BS1+Q#>++r;XL7$-%fYB
z4G^zJUb-T46`n45RWQ_@({LudD_n?<@lWjexv#8Q#&&fd5Ap4yIl#AKC<IG&noaCJ
z4szde%kxk4(bu+Q&YXcbWmg7Mo@`*6zPby5y{J797o(2qU2~q(*{_v6ksSMln!rJ~
zYH2y?fq$odN9S4`gUKgOT{sN%UL9`a&y|Ye!uyYXXHsZ?f!-5Ba^2Qb9-%V?I3)aS
z6C3NSFUuvTbI8=sQ#YULIFH;ekcT_b?sp$4^4<_Vjs2O;fWCL|rJLvR1A}+I07g?e
zPfOm)XytY9NibZEc0GgRPvFO@ra@xpr5@1sgXm)^0pq!dkdNc^LopP}UY3gGu%j5;
zAq{?$Rh{^rSLl4c>sX!}GwheHxAYxSxwsxt^xEK|U2|OT0{skAJ0njiZop!n2)8L_
z%zX8s7aWx5p6PQNg|6E5kQE-H6zrMDUmmL%?j1Qtrhz?f&HWsd?#b@y&Q*;%{g96<
zmAJhk>k>QIt}xVFC{I&G<Q1u>-N`C@?bHe#8%H^J%8P43=CH6<bRPpJ6=AW9r@(=B
zzGz90KFY^*;XRY2!}XdHKMi}~b#%X(b-nGxy^czP;mZ$C=TwY;zC;X1O!sxz_Kgja
zsXBSp8X5#v9kQ*K^G?vWSxeRWouC4Lh9hVwckv>~1fN+A#@E^8;Y+sWXDws)&32FV
zCCqzY;Wvv(*Ir^PD{1Vya)P6d!Ci{iqeouf`od^1pKN+>9H84QBTD@1x1esvIUO#a
z%b1KpN3+MBq7PsF(#bH-<RURc!>aj&gwapt^E>NpqvV^A5C3jEp?YYrd~+@9aQs-X
z3J??OY>F8F)2-q&1ygu>m>#|yw3ag6>-J|`VZBd<$((g9c8RMpZ75XH!>isb?L)8S
zR8vd51yB4G@csPy{oD}p=BxV{3Ep0KSlt!C;1|#jv@W{!9j6O0@uay{<MeRo6})hG
zQ!KJM*dmjxpKPfh_B{-hNq*ugd}qn8oog7B)A+&igX!g3X`Tnp+<X*E$!pE~SPEjC
z-88W@`YseALs!|F2nl>aXPp6P_&_ieIi*ql&#Y_erCEj%KG0BC`K~{P4gIa*>vN0G
z7eldI<+D_GJ+UJ$Kdq_XR<niQ$E*-30x=e@UZ>N%-O~8waxX6T`#lr>vetRxuumVw
z+#^`sU`-S&W@>4J*XsQ_L%wt&nh)sR;_>_fNuXAu@hxvz9>N)n<vc4l%?^qCB6WA@
zX8UmohLUUa3hsP{SNl|F(>)Y<_emmBjNpLJrqFiRlQjB7u9>2IBj)qSvn=65fZXeW
zbCg$)<bnPikE}v*anR$D)%8%W=I-5a7sNhKeBR@E?jzVMA}b?^r-@6GZhfbUMH3W7
zfOTBIsAP$=Pp}4g3|X5l%UQccsCl){jngMbpjc?B;*sVo`L3N7fBskBHH>;ZNj%on
z--AN0n}A}@c`x2egrH{ki&>2Kekg6a2bBPlkLr8up)iXgdJpXJ#BJ;4>$o9o0q6bV
z70JiAbecrnG=ON@#%Mr8TAJ=BcT9Nl0MoBKp7=W+4%QOC5cc-IR=ahyYV#ab@Dyr%
zDm`e4@1~Y|n*4Ke`LPiB0!}1pb78Z1?rP(r`DZ&d`bf0OwWW?naOJ%YLAlW7>ru{8
z2o#Ayh8~1~b6;(kG#+_WzAvZX(?4i=&Nm!~Y{^yEv3a$-`4+v8|5UoO>Ek{^?JP`|
zyFjX>^8kftUwif1FNgp=zo@LkC(ejHm4hl@adE82;r-4mA7Hb7uA0j$gr1V?gm;I$
zB_}*@bA89$GZr^(=hVLC`gtwsoVejn|2ff(vTBUIO;V~iMJ~yuDshJ!xhHBvL1XmH
z9l^e#S{XimA#1RyKI_^Wjijc$m(FcBM9^xfo`|H9i9rkcMm8>9^CKdPXYIhXrzGLz
zXPx{M`3}GnIzEf;hDuq}3kT!dpcZE|I<d`;=wKIlxv;7KBkW4DBw0@2l^C39$>7}o
zNO~Uim#NpAmY&pInH2$;nLA*F{v-^j&`PYZuGdq4?%jN2%JT^FEq8|sdH7-4$Bw11
z^E?J%Q4}mNUD{dagr(oYllv`sU}A*Ntl_h7QJ)isdXlN+>MZF{?4c*ve6O_{5I7um
z7?`*xgYiCkh-m9ZZ4J3gR~GRI=Gv<@Pp6-&a8+@13USl?%IAjIF?)h175qKwQH=|E
zPxhGFIlZY4?uTHLP984(&sa1OrjGh}TIogatKR44Vi#77#S6eAFRGg&Vj7*<gfXX6
z>LStm(@7q&djul!)Dt5B4QPj%yM{&hg5=;mm+Zl0r~Y@PubO@{^_$7Ly|~P7%a;$t
zaJasrT`$du!<jm^epR5~j&d3L3bu#rN<!V^bPj-^kK;jFH`x>r!lx!&ZgxP!`S;D&
z(J?Q2V5Z+%8<Vgz)H?-v$u7X={WjJZv~)e?8MiLT?ZcjsK*W!uG;@v;qf&VlDy)pJ
zv<Fq?QP9C)OT1?T>?N4=+MT;#4R^BdOvt`sE%tS5U0~p00E&J($>Sivwb0<@YjGsB
zZ$wVz(&agI@@bsI6~;366dfVB8SQYevu}E~N@&Ea6SvikyiOxjT@)|M(gf3R^+LsG
z`?K&xG6QK+5QvwOqix6i_B{^hx14j+n9mc%@O7W+-r(=1^(o$OZpf{hyQI&Kp}|4!
z^Qwgm=qtx(Z$S3Bb@LwNw5Mut=ZVV7-E-)o$c=OB#F*TjnfNBXwehxQ>j}jpZ6fAA
zd&^WifkbDcRlKZP6&(D%`x}?N_)?f0e#r?;b>yJpMt>VHAs?AN0UY-EoFn0(n?!x=
z>n|vk;NF3|vh0bMV((!PPh)u`a=y7)ga&$Qha_{I2^iipa3noN$eEs~wT}X^v?Obk
zYu8^NzRzkzF;IaJqhy_siuwjf+_^wn={ulg+I|Gab!hfDt{fJb<a}{--#=|Upf1++
zHJ)87EWauBVo|2bcFa5<8#ky+Pln33#zx}todAA3*<qb6O3+3V*49RlByA3x)CAyr
zU!NxZu8O=M2&38$2))mtY8(+2-3KZAbWVgBTI;1u*jM_5p~(;rDPKU_D-(#qJCl$0
zjq>7?j+YO|1zDMy;_T4h9=SiypMeuy-3y^#rml0&ek&)yGYp-b`+z}ff3pk_t`XVv
zZzoKiK71;N%<osib+)qcymx<Wi%pMY>(#P*X2;_5A-$KW!b0wQvCiA|d6vN?VuQ1b
z1h9Z|bL%syMaLUA3+r>5k@54SMt)ABd?K*p>+~8gg4Nse)IHf=L%EYRz1ZhsvYq;3
zZcJ}#wm1ZwFQE|n5h&_hR+)5wIC~V|Bic<q={jp5^-95a2L>40uC4G2>h;T+eX*`B
zAZtUo?*rSU-N3wY&^}c>H}uA$+CAXjPOsv2ADvAmn>9k{D8`I62F?3GP$>PoUA$eu
zJGbnh^jA#vJAzDmT=H?Ndv)t-0Q%FdwB7my<<^mW{0CJotGmn`P{VuKh(0redU!;2
zQVx+*A=iC`?7_lCvaoqf=N{7&NtTPKld%WC#uu$nTKn4Jl2$Y_?1jbw$#eTW0m<rc
zIe@#Zxs#UTX=>fRoeqqX9`_t8w&ij#jh%*bf&w=etNfL@zK;}|fYRhO=M_{od7*=h
zaN6MUA}0U3y$w6_alvaZBp*tz$lr|uF5f@*<OYr!{;X}*04#IvXuvMZ`1sj@j5%aQ
zXx}gp-VuE4B3>y3)xG<)XrPeFICPTp3uh25txgCYh1yHsO4b01E14Y9@hC~)gGi#v
zNis-s+I8+wzF~{|Dt~5B$sUX_{$3?;S`2bfAGlYHRCXT03$u=e8{YKrd;Zqj*FmB@
zSJ24e>*Sh^*ewPPy2B9^oA|p5{XB_&`daWStKVX*?veqb^(CK#D150ihnQf$w!^yp
z2&mM*o$hKa&+dL#z3joYl_4M!XLgs-5`xT|Q-TP~XY0|90l$~n_9ZgiE^JeKkDz>R
z+sLW#PjID5FNIwkIg=`hrYsNXJ>u!`xKE;;EWT$R0lqnCCbI$cL=qTMjhwqjr^!Ox
z<mHf_$FE-q4>as!8VGD80=L&raTh}$<t2fDe3Z2O4ATl;&wGu+`-H+Pvpi!_!N)K2
zWA&akFs2-*;r)`KhkB_Q%sRooF*e*ip59}`9l~UqPSK6m%EIe*GG8y)hMIGTPG@;k
zGM`VP#o@%;*+!k;C7aYJPM^+uzrHLGzRQRxM|AS=r+(5$=k67~EPK^Pt|_|XsAG=b
z9nO({9|5~27H9LO$ivLQS54N8;a(?@%uJYycpR8oNCGuf@Z=q|wemRh2;oH?HF3{4
zd}WY7=t5b{Bfg+_ob$LIjDz#|2END|pjO8aC_jeYc^9st+Y-0Gs;GHj<e}7KW(jh=
z6uC&x5FF-H_eEst+}V{1^A~{350iqV)o9P2f-+;$lp^OYoF%lH+1XnB*8Nr<y2OpH
zCKt9ANaNB7C(x-wuAA|QQq%ZVyPOJjVGN9#bG+_nN%6p;axVt<djPv33X&ept?G}_
zn#wmZNnBbM_&NCCF*RfDQnXq;j(uM&t6xb^W<Oz1boq)tX8j^}l)=LI4n~my9dorS
zuK1Z-n-hK;yXd~^Y4vb)W)*~he$A57Z>zi5hkn)p^Ii7o!|<{Dcu?a_?IJ|<Z5o*y
z8+K(%v++jbzdI6d9_Un6dR3Q%^Y9e;`Oad)*Y}JC-XnJvp^k09z>+h>Z8-0#wWzE`
zknm+nZef42VEoVlop`U@x<&KWcWZOXw@N0TWQa#Spb3!917Kh}32w#75d4X@+4Bge
zH07z6PcV8K6|o;trOzBpsQZBDUP9Vt;KtBBL<ufwq<$LVC|vqn9H4J3ja+)X`kuwh
zo8@W;R`Fh%e%SN*B6u~0?}3VVQXSIoH_v^`4W%^2hx+yqZa;wruX<EI$;9P%A2pdm
zF>+s1UMLJW>hRe{XvPs>`tTh?h)ITF-j}$Pfr1(>IMC;%_Zjm?R^?SVK>kkNLfuav
zoVhtspS#WD9?0_@Z(GC8)ub85+{@VA8{<+(-v{c$R);dUZD?dZ29Gx%69e~0TE(pC
z7BH;mP@yL#hR!9`^Bq`y%e{OJzENQ^IC@9<rdGM~T3F9T!~`mg)ICwtPahFnI1udh
zbjS#wngM*thGLGy()8%tx$R75@ZDa(O2d_XaIN=oUa_5PG1qdupPqI>DJR7<@VK%c
zfEGJfGMol_<0#h9=LbLtdQfQEYMDYLo<u`E2!ON&n0L<|y}d+D5Zf0J-ThLOH?N<k
z^Y>6b@{4_1=QNOFJe<wUN13B8EFpyvKNx1dU;oqy9P_z+bOYc)*Bu!gIHJ6IE+@bE
zrSB@vaFS<TCO|uKJ07qp<2g>1N-bi2t*?jw^su7e?s#*3v3N62863FtzCgdQmhkUR
z&aXc(hxg#`*`=kqGv7%P9Q}8nP$W$PyXM5Yp?lwbqN#|`bw3rP_~&muH~cnX006&0
z37Oox7hS$Kj9z+AF|r%*&{QVx;>6LQhskP9h2s$Ut)1mEz5rFD=EFvh4f`~v3GRq<
zyd=)SJzYnh&_aAHsNx*Twy+Yp=wt<@JFiyZjRo_a!xJLR5fv$q!K?N3=VqwKoM8Mo
zFDgG(chbK7ffA?3TvssvZk^8I>g*F2_Y~7TH&F7GB+EwMtFK^J)Uqt&d@Vu;@IE0a
zeya+*w9k$2!i2H4H5@0NY`TpZxpM8rDZYxwSxTP~q(51xyP<ty^geBK2>da`-pBnj
zd$axs$Of0pHw9volTx*gVFxi(QMDdh5W0*4dmX4l`&jO1#_CxUIeU48%AzJe`*Asd
z9cjM!m<=DhW@}{GBNvdd*T3~StWyPQ_k!Hd0B|!6#><T0RvaTg2k?B}&abYO^mgx!
zjN42Ij&mq>-M_UpKy7uC3ZWFQ5W2^e?xr{f^FWE|e0r53sJ^A39fH<94FygoLj-W_
z)H$M{N_Y_QEZowzggP4CS;OLTv=?XD=H_ETaWs1jQeK$2Wv^?&<J7_KuaMRIoz+Go
z{rwmyXL(wVU+_qpHeH<x@tu4mMN~Bg5hT^z<7u_;(woC;C?2f@Oek5{_PjeI1Y*HC
z<?<NuO_biM$HP(hUVSX2se`)MpE$p8?XiU8Aw&@eLKl2~_6hwq)KglNbDQG~RGZi<
zhi&2Q<(2>!RAk`zx7~MQOMHU!POE9jzh^bXylA+dw29^u)0d%h6sekaUI`st;Ip+)
z+4!{-gU>yTH<Zpp5W$TgWO|SytX!kQNHjuX0JIJ|eS-&H1Y+#Q{ge*39shIb^!Mm4
z7qO0DX%yZ}WWY4w^3t1I+5})nMhZN^QlpgM)a5DGUPZDi>l|?<UY__j`h%~~1_5>r
zzu+CWzRHk#1pQ^qp{En6^(+T5X7gP8HmpPs=a~S6uM=6eu1T`*k#7Mnwq3kTOZ4^d
zSJ-OinIqrgH$jKoHCJx5z1U^5%WRXM?Yk6A-F4(TFr&8N(qUe4`_W353lb~xwXR9s
zpko?|`0&8^(Oi86n$Bb5I!Bn#pS|*&!I7Iuev!YkjK1|0@n@M~^oSGOT}Lrh@y{v0
zk=10ng_q$bs=~B40Y3)33v%fiWIKJ6{Unc}rNnffJ&;xH=Bxpaan_gy*COck^|sWJ
zI3ZicfE?f$?bfa}an2!hnfpn7^OG7db|??W8t1j^B=opJ!#xcLVQ*mcSPHMp3Q;3_
z@~E777-pedy%b!x`Kf`aEZ^bC<H_f-y`8UzQZQ=w$V)V+M-Cd>nvb-{olH;BMe<yl
z^y^=HuAVs6%#(BQ)t{N`$d{RYQ2R8WIq*u;#ZJY|+ZFGByaQE`7{giaH<{Khecj+f
zm}$&obb#X+b8_O2De+Nuv5U&Qu-VtEoDbV{Gx$BL7C3GJDQDL&==!f}^xK24XdYVZ
zVq7ZXzBWmD2yFPuZEHoO^n9|qLrv0M**-60sjZyz&s+Sgr|KWZ@p4-lrvW_Oh59!w
za)F2JTTMZ++0MnT9(hls(ZPrL+bN^0x6)e_`rEd7Y|`zVr=qL{G6<zU{r4yi+;7p%
zx{ps`AO991Jm}oRMKbX@vPG3ZtM(>IDs8R2kGed5?HUTjZTXxMoOte`7FeKzrz3h>
zvG7`*wx^-pjuUFF79JIE#M6%mq;S9BUaw+-^IqpG(^44wlD=2Q+%y*L#o79n6k`Lv
zmqHBjKFQIK3EctJ$YQ@9Fg)fCX;|=x=LvZK2j;@*mu=mZe%yd8!29c7|4i5A@ob!`
zC=VadGLl!a#BQX<eD`^_GJCvgY44@_<SxuP-(chJad{t0P7aEFOTK+dXzg>)lY`gw
z5AWcGo1gR1xPpU%b@Pa|C;Ie$cLAZnD)}8C13w)ibea;PG}f?&?;gGGhMB`9{%vbN
zrEzLxj-{tVr++(<Rs7rsGH0|z4cm#Yu04sY->MrSey`2s5k|D8_0FzSGN=}TFH(_P
z9*GuAx#r;dgmj}1TvAsih1I|akCj{KaP#;RuWSMpmm1d`h~WYlTtXeT7o2d1ClglH
z(;Z>bBzhN5oXa(6#Tqva=Nk9IwObrWf^v@>Ij62Unok|v*!MiH@!)6D1Slu8z@3B7
znRsH};L4*#wG=fVT2CfdxRd7Pu-g|5a5_En2pw6{G4!u1tOJ(McXVhFMo-29)XKdX
zKkL!Yv+H9k8c#el<AG>!btmIvsmRIlI03dY_u}HZx=M=a1#*@<^wjk~x5{VC@t(N>
z5WMR!4~ew$_MW!UbyI_HIo%^6AiziJYdng59EtlP(`CPP6EI5yD?8TXa2IptHFvvV
z&KDB#R?;9x>Nnz*O81_uxMJ1!^NV<Nt@sfP_mX1^HIn^zQ&)lqkKltypL<JJK|3Fz
zl#V@z#?P>VL#5y`iOUUx!}__9ds&mu_<@rt7oOmO{B}B7(3n3xqJ$cq87!Cb4wIh5
zh6IpiiQ><0LY{U^eJF9|N!*yGCvYe!yi7ljJs$!KukEkN>a$9MOq{2K5Ub~v-Qk#T
zt=+zKO~1jP_b;?7xDw~%XDD*o4=jGI`|}`|UqZZ4KjhZDU&Cv^JiDJ8N5iXtPe>v*
zGw<;nRX(3xS05qdCC-KxbL$FK87{{A%FJ%GgymtQS?c@X{BXLKL!eQ>i9Yv=-}4mi
z{U+pDzx~$nZAazz;E1hXJ}Ze|wcdC|T@f=dOUz=FoN~JCgm~E;X;8<w<~QKfX%Va2
zhw;0$ZBc&umhkFH>pr4{SkmE76^Gl=*uDsuj$k^Ib%_r6{W=Krh^hDmTg8>STHERs
zUkB!eb826;s|kEO7bFkt)i3n}YzX8#MsOIub>fH$Z9^lHkX(3zIHcjJeYLvo`cVEV
zT1}chY#gh5tEfd!mg?4q>F}dQ>s&tTk_3$L5<>IAHxKtdF?r9ln?0I`j^Ck{e5*fL
z<iX^Xi=*rqIO8ZO=jTR5`ae#8NU1|XSM7Gu-s4((gH$1e)8zQsJ$;sLe=}AKcY5Y9
zKWuwhe&x`=eY<)N=hETtGFu!n>T&;+uxk|JL+74Hf0OR#kk-P|1a`Np<6)SjsC9x&
z9)Tm?Pc?}5)6!gkik79b7<rogP@GJ(Ge-V7>gqUEBg^feMfR6!BcfA}x;OS?3l4nm
zm0MH2c#3l@?$o)U6rcY_eJlS)=AP_a5K6sZ1;kR&n~xk^ymFco`nFv^fZu%4MZ(}~
zU873KWo-rJaFhskbFb@5>?c3>@#4=xPH{rJCHc-AC#a@Y`uqUqoY)%`?29QvO4qtc
zYVMPTa+zZMDa~0!J#jB&CWrIZ2|uM5kqjS&kL5Wa0poIB?udaL&YAJc3{^>R0%I%?
zuc!gttq1593~t|?>&^Hm^^}3`lfLPRuY9l35CctN0@k8z_t&fQIML(J(D^i=oCp}P
z`4&S5d}eC{UZV59|EA(CdVJdEaA=W7?CO(s8&o($*>$J7Uzx|xI0z<>eT#in;uFXa
zyAltb&c5KMRU`I*0MUyH_q%Ek?BS?ni_;lou9@|i5jS#gA6)Q9b&yQPWLrGr(NE^9
z)Oaq)dFduj5o#{#XxDOGrXl_7M)HqnAY8*SCb7>~?2=#{LAr7(3SGmR%b-FZ2^6Cj
zBqV6wmGL()<|i0x4NvCw4eZ+;Aw^2u%8Qb?umXN!#a7_+-E0KWIr!ONdduH*xR5S0
z&Z3nhA2b^)5Ck@sqwfKc+}q5w7bsl{f7K-Z?F|@@^iiEhl55kyOLUCW1yXe`swpJ;
zfqCkJ0Ubz8@v*q4^b$|-_@1qQG9@UXm|?-sY(zL}^CcJqt=zvm6^i>{GnYXO&#~s|
zYt?hpfiCMQm11BE;FdczNl!+DpRS&>f_Z>GkF?J}z@U#gPH%r68t|CLUwh=|VO@7%
z6t-B)&x+H{&m;1?M|C)Z^j?_;)4|7QnZL2jiw_y1&Y+QA4sN1vLKW|IVWVC+DRBV3
zl@sXB*2@|qLN{4@bdi}~oxc}e(3aRx<>7CtHP><$#nQqRw~pUA(P0Rubv%XwK#?d$
zux9hS;CQ6_TYfi&t7L3M=Nut9F=rp1XJ5Qei*j6r>!LioTiGe^w^mhXYZM8$r|ca*
zC&u$gBevfq@j6(9b^HM2?BPh$hMIZGx0)1eT=q~%Cb-GB$fmKmt}vF6-T_B+pJXq%
z2iA7aSRU-tHMKs)Pa6OXO~!o70r^Pm`-%r6Tc1ce#>jg6jx`^8R6>$t74hDwf|=rP
zK77;`>uRWl)Kg!^;Ipz*pYwVxmI^fXds$7SW_gP3?uG6PFHzYvV*7oSWF&S_TW2};
znLfqQ&6h?`3C$dc^#nBS>-N&Qs#&<#lW!SaY0K2mLMqgY)ZhAT2^-gAhJD!VfgAHH
zy<gkz3?ZU9$BP@n>#|E1ViWEdcjS_yaXn4o*;2TDYOUQqSJzxq(oU3n*J6a?$jKh!
zG(Eh5j>sx_bPK%)W}4?{8?_DIuzL<3BFS$oATf$aN78HyOMaeg^KUmnhezXj=<<5L
z8vFn^Lb1ab^XhkJ^i2*C^yP}oQ`L~R_H96aa#U^d)W6TTZ-rBm$=Q2!Fvh#qwa!SK
z!BdZ`coye9Pt=@aH`YAJa3v8<I-|4|&fZ5XGSd4o^4(xL-%6sI1$pXj6Cd)OfqN*v
zMMEq662$XE&Z|gyqK@9HdI&C`C1Spw<MK5vWxS_T?+G1@$0eM3v}V^GFe;@qoIYDH
zQa39eRwYwwy@3V!gciAb-6W18c_E*4JhkVW0hTZg@y$>=cRn+Jete;f6=>)TvMD!>
zS^_GA*Pa%hXseSUS#n;{iF3+M(k+JlT3ffDsw=TA(<~;)wwmKc_O$aoHGIAi`lj1(
zLtYlaeek&kJA7LE(FUh5SL7jN+U{kOgK%EG-g&HXSv?7CB<N8cxOl!pV1%j~Hh&QD
z3PpWiSGM&VZq{@5aqr0P%?R|b8~?E08y5rPXm0f5Re)F}+<iyD`}A$7J{RTDs814S
zzUTm2LcOD6c12%(I0x@uW9-$2d-Ge6CHcZaS5j#nn=3N&MbK?+zFSL2sO=H-5%Xpz
zqKk))O&!`)*wk-1D&%d5JG&dueXy7^j2_V5gS(H43hYzy04|8~K;P!}^^>qXGW$&~
za}Cee=w2aL@0?=YZ^cQe=N_`=c3{_V4g!Yvg!?hjmNBPC!P=v}zGK@dB6~Fnji$ci
z+^EE!u?!n6s-^*5f*LrC`bv^Om=Y#`qmE(j^Qle=k^3D>*rQCU1s;$0@8lgn{^0aQ
zKu`XvOTYaGEh`i0$$8^rYUiF;^&l_oM{dC{w(8uT?;h|5$>u9ye`}){{8F5wpS9CJ
zr}n*VU|^?Yw|cKgHt53DE8Y&WwWj;oGz4O4DZ4wkKNc=)m%wnXs*&IuV0Ym-seyAZ
z#0*Z}Z@u(PoWLe7h!gDw2z2w_ud$clMPTGhLO7%in;>$eVUc`G_(FNz&knqup1#(3
zFx~^J4~1MVnx7NyLQJ84BG(XP{m6xH&Ki;w0_pwGYfGfkaSx8|6}P%Q@;=DERl`R<
z|7c|Ckib_DLS6T8iuURgiZk>Iw5I!mur>eoqB^QypYa`YFqQ>3dRi2dp(K&#Tc*=D
z`E)<cJIq=HKG~m<o=YvBCnwJ}7`L_ejE`G&Zt0z92B1r`qDv_CUMdhIR>vNGfm~_Z
zaq9GCwYWD##(|X&fvI=2U2fIT8{g(sNISlbi+g}>-3Ik<#*-G`hqd>-xZu4ApVQy$
z<$286EPAdxoq8fNOL^}eJENcBboxev^G8Q}eOFC=o;+MeHjq8ZV^2y2O?<5#2mJc2
zLcniHcuwq^CN3Y_Z%_G=i6Y2bHlJFCWA}XBxJ)6uE#1=h$f!Q<aS_{W^XpNXe!6v$
zm{q1<p?X@|+0pn`*Q14rvdQuarJie5hQeXs;|_{P5<O^Z4%)ZrBNzow-A3C<=^3X-
zY-9D-xsO>7yv&l3!W##!Tj=HsnuBDU!V#bxiwwqe>v*rgXXG@~TYx(nCm_89L7ogr
zzDaffbOniC)`=35IBubaej_qJE7Q-@?slJhBOba(ef5{Jy0Vv?E8y%hUVJ*=+Z@9o
zR%OJ&<~;TNO<!20A~co#)8mk-?&j?bc;SO$rYB1II69f|t$Uensyl;D-Mjvzo$iA!
zNz&UIx4i=rzOC}dgB$vM9_Z6~^0QdyweNoG{SM{dkzD&(5Sd%ph-+FezH&lPJwik>
z-;dNp`c72`=e#Gca2`?;AwhqaoN5-V=Lj<aecb}i^|h5p-r*?}=dh;(ra9vUSGtqP
z!AhCWqubVLsuiBX*Lsp8(zy+p62^1vTR-ERc~Yp9hz0E1OTMvLAq=LJ7|^jTp$;92
z1>Va#x70H77(G&{;rlg{_j2$0d8BTRJDjXrnt3coX*!N_BV+AOy^xJnerfGKadU3B
z7F>W<vA*&WXC0s-S<ra4RW+*QBxp?Bt5mr+irWHb1d}l0JO#^}{JA}ksGz5oiWoH(
zC)!=1)kAGX?{BM+(_TAtW#e<$2jB<)j}d|$j_%%F8~eN*{al`i%_Mzg$D~Vc+7!v~
z=X1(hpT$LqOK7&aw|tQ^S;<0(a}4|zu9<i8qur-b(iz81BNG)7X0{J#fmAO^9Z^Ka
zP~b+(14*ZgnjI{zsGmB<Q?nKBX1m`BrZ+RQF=;pDVCB85=1<t}cvRtKak9P?dI<`^
z&%K$Dk0tA|yWK#Hvr$p<4YEuYpEkMLbqRFt{RT8M4++55I9uszCZJTE4tnqXWlI!1
z6!u{LOkC;IqvWvWmh^b~ppZ$<*Nwp1^Hkh?COD6J{OXzH-yVm6_we3FEc^Bmxcv=|
zfbi9NadII%^f8bLu(KE0uL3(EkU=}2zIt<-s$6UT*+mImp7n&(i9I+JXgF2poPtNh
zZ12t$o#>j!BexHK^*%1F+-ZUJxM|&RQ#&s4w+=J2jjEUlQ!uxSX(Q{Qj^G_S=TiEE
zn8WDGdO{<>>;(y`+hfWm9U-G>U$0i&IFX`By-xv3-|b9o>JnU#^La2!BR$O4Z$J~c
z`0o9h9lws=&!`I@ffg<Ap#J9Fb7U?Z(_Szx+d5@4<y+L}qX5vt$Bv6F?jGymLQqho
zwHAHB@}wd@{5;<CxY46Uwg~rI(nS#zM+N!Nt*Jy6b0r4#_ekuF)hkESI`KHA<kCtF
zU?Fc?Tkif@@ti5;+wx$UNpO%Fp=7nurpqH>i=!8FxKx(*iC#JqSpL49jw)urIUqBR
zC-WZWlYZ}7KUV(U!D+sX6#}*mmp*q(OvpV?i&sxA2XkOc-j2(4hTE^KTZ~_m_npnJ
zKCr17xys`GkTq3fJvP35!^K#}p$#ZBGPMs5$*U!ptZHu^)x~RKaFp(Ncrspgoh!mV
zC6DtDRscbVpFC0h?Gs3ik>X1g8Ks|Zk&f_*dB1lv9BN>+q~t?<u6OCF?*#F3dg&uK
z;Y2G>y=fc28c)hyr^xv!Z<pYQV`mT_!+}?KwA;h<B`H=9oFn)!<?iM4c<k(LbM+jd
zTP=d~h!Bujp_I!}JewoOnQaM<+I&O1JXOfD&BkgKsGTg=@Kn6gD)MOhc?9eI4w0wq
zXLb7RipXq0?~goQ-#t3Z(M9WXmuh|N_9G8}ed?uf$~nH?EUC|-7KWmdEXyy$_XYk{
zpJMYwBj7{;f^eHh0j7X_+X2~NX8_jrHgeW(2euXH#fM-`!P_uGf!K|d8GYyB9*2{k
zWjDB=37+IeGlh?E^)@HZJ^pR}AB1C!{+S_HT*`Jaq2hu{Y82ca@Q%2Mrr+qbhz+Om
zp8fVsZ8COm<hRhokogJhzPk^9aMw|(uqO^rd|j)>`W|7oUV2$#M+*;8z!Mie!Hj$l
ze5b0V_tiC2Ew;1idHo#7muGm>>bp7KnVKuc2G06f0(_SCVaFc9wBW=s+e24%Xf&i6
zCq(TP5-dC1%=f*;t`nlQeMk#*?>FIi!_#Pcau{#R+()5~%!$(;dBv={EJCeIzG><1
z#*c1LUcb)J*$~3b=f3Q};eI_LsAHjhTYN{Z@zE(-I`yqx2mNpG9>y~7Q)4G+_A%N(
z&4p9^0)~!55mj*Zv3=i?y5|;I9&3_sAE@Mw<@aNX4CDcg<H0~jkjGmPMR&igxKC59
zRA<72pHWM6WLW%WH20;3n?f3p=@V3<v8ARGwJ<%nTsFu=l+3>I-jmLw><awZDd35r
z2VI|=Jf*zyJt-z*1S{IC($Zc7uXdxC)uX3*RH$*p;Qj2B!l9%A$ir@mJcyMkh6*Xj
zdrHp)8pj2uI}gxldULNn1;o0=jxGj<B+#$KKkXL#T}R?8fy1BcRr@f1&9qO@(Y<_}
z>AZv{AoF>3g4DdR&(4AOpnlb--#&`!LGpRjo%Xg<LsLKvIqpXgy4WAepZ6d99jcOv
z?xO~+#Z=<Anthv6E07;6_J5x}q2Kn4iTo`@!Fbi~1Nn>RAr_11@Dr6FHxa>c$3XSH
zoX)`vGB_bu1ZMc8;pk{R<<#`~-<TFdEp*`{Pmpds5XRECs=hr4e#;X_={9V=@G74N
zZwGzjapL>v9NmmC>^Yiv^&!pBVV>O^J|l6Tuwu#wnw;<RuNF-l&A*ve%ER|_(8LoG
zxx|YDzS1pH-0+kTg9Bj$oQ2%tFEtR-79;J>Q?7U@jQrt72o0ze#L4r>Q1Ja`vkx#R
z=Kxq=?`wML{d=H&m?ZDJ@QvQvH;w|bMZ)nkR^^O((&QMNk=UuH5c7mZ3}1g4jZY!)
zXHQHVRKh7+A;*;b&Us=$?Aur!-`*wTuT7sQOuntj^pwJbSM*C3QlD>jaI9Cy60+gJ
zNs?X&St^sWI?y}*kO&?H<8!1e4HZc^_Uz03ZJaZS73sa{wkTgyR64SQckiW+j5LJz
z*GvdiBlJEp1Q$=qD<DGAo)J~Cm(;zNdMOT_FM*{`+}t>i$wTcD*`0Ibuv}KsW$cmb
z{$St)WIPQNf;o@NrWBoescobia`ACJntrcO!@1q31BLao7@rXZR-=x3zs@8Y@V=TW
zPl*MR?^?q*qkm`3=)OR(+kUKGJgSy{BjN4ox48uD$gcT8M*lQR<#*ts)DacNd#*KU
z7b=`NV0lCOhS~wW2K=qD?vJTV;HF_f%D|p{-~|SI<Zmb8uPp)m+j(&%6laGDcXubx
zZY_f-H0leP$@0EXS4jNG-12EffTu%>{o7tCE7MzilCnSF(|_OGtqRAhJb>}-b-ggV
z1$ao@=iKkIJn2<LM)E!#=X9$8U)eeMt(70Ot({Z!lGp$4_grS+5#Pz^{;Uz{Go1ZY
z{=qyg_EZM_6}azW8^R~z>&%^PM$wTKz2rN-Tyrc~0l$Td5m6hg5~I9a@%iX4u3WSe
zvw~s$fco33<2=1=54Dx1a7K@qU%wOm=ocjC1YeDE+I$5ntLQvtX?*(hclDdWsND>E
zPWGX|lUGAE+?9g;ar!DA-_#TyT!SG=H0gDOoPZ~(r@y`M_q@6%{4(}s&7QA+?djg5
z6R{GnBtFWDEi;b_T6>RFeNJWRtDp&YrH*3U{I<yZ^fcW#d_)$_?<j5BdGJdpW7@u^
zV75UJ@Avu|dC#}}<)tO1Q(es1M7vjGaIQq=gYS%Zg*NsT8N6FxSBE2b+7RWi2cMw`
zNlqDgU#R>Egl~OqOw=o=(OKvf52P;^O+|H>`e%;P1b^G;F5fa6uxWkdTfOfcm-957
zPMl<aKrlv4K|9|%pRI3$J}}&;0py5o&t~37?gd}P$3vY$K7j+!7mu5G$yuNm4*leX
z94HZTXQFylNI~trjD{{lY~?WMMy=cohxF$0NqO~>_5IhcO@bavqS!Vfv7B#q?E{GO
zw2MD=nsKupP=;B<lOzKK>DnaXx-N9SyU!;ij7fcnq@R9r4;sF<@bE-E!~4l*k&?@d
zqw!r4?>+moM*Th?Pf$#{rQbt$$G!yeT{gPL7$=6{RUR=?WIyHbO&thcd$Ow+RuaD1
zz6`K?u|MC8fA3pDf)><k`HFDa`cS%mJE70!qrT-|??T}+57ybt96KW?F5#;%rF^6?
zavzmX&K}9RMgRg(UD0ty{Wyz_Zay3gB)Jj;U47m3+sg4GGw-=1j}*n36I#}K79KX8
zy4ehT{HB(J1Mkzr;72chTQKiE$QSH>8&|^t8yP3pl6C3fGxo+1e%q^*0iIaW(sOky
zmNF_J=GFlXV;_aljn!^}u@jkgm-Jk!8l6@LC+;JeKAcbbh&b`xy05S)H4OV>{9d^C
z>9d`d8XhGwd>Rh89tT^(<%NUz?K4V;8?@a0H&61Uo8{8CRxsxMA}QB$_GzBLTP$`v
z8s<^ea`nA5k7yvBSHsWy+B*4|AuDXIrjecFBi})G7PWn=z!T!qnmqM_!09*S6OulF
zPYm}a%*uOkyMV7g2&t}Jp?W2(_~1ETV<UsgJ@EK%`1s64_ZX=6;ed~+1B+F^GIV;K
zAHfA4bt*E-a1Kd@3?a7Tw4d*$(6{!4;@Ed|K2fe=8-0Z$XIUcp9Jo}6Wj_kYQ7pJs
z7+%W?^T_;B)N&Q$YnKU;3-eK`5=tDDx>et9KKSl0obLU6`k(gdbsHF8$YTA*{B8@s
z+V%+Ax0$bm<PL?Bev9h|nR&&c&_h#MY~LdhtRZK^myC}Q`LemD%~A;x803cxC49t|
zthHPssr5S<Sb<Cn(2=99X0D}v8)x|jcPq4p{+glV-|miRhtrJYRXI9j0)6(2Ql=hm
z=8cl>Sra_h#UH<vjjb_;>h&`)$4FVf(f5$7_w%Cu*`K-ct<jGg+s6(cDyuH9GozJO
zK)IjYaHG>HBCDFG)5+}#TsXq#;q^_862l0%`R)Ii9MH~asQnzIaoNqC{+!v*8M6a+
z`8q$wM3%TxJ5Tc3Hh2r#qZ*Ii;(3(peU@gEiJKFj@62(h3j*l&w-dgdzzyR&=fX(8
zQo#3w<{?ws>8{k<V&9CY9pFF>n~>nM@iGMOgdR$0P1>Lr&nML0>tEAGLs{<sF?KFV
zlB75ozLJFAOZ2+`k;d?x*@an6_ol5YD>B>x>H9(aa!~eB&<v~nI{4|$c+0TtEr))O
z%{|=bjJ`Q)7I53BW3o<SmI$F_DontXy=)uT;+(y5KQHb4PRn{3HE1Q|vqK}Axw|~u
z`*LtW#%FJUaPy2l?q9+k9k}xZ0e9-DA&SDUY*S?W!b-4`h*1fC?MW*o_T;R{**~Xh
z!n<EH6M3@*MlDP1$<ViOSd|3PANzlH!o?>6Zb56X+r3$(?Ah%H@NXgC!MGs?J!_J+
zd$j=|^h^-mrZc2B5WS7d9`s#p7vj(fB_}#XqiqRS76|erWB8v9pPw2;V?2fYm}$(p
zpSpc>{L<%Oc24o~vLm#(OIa^9>?}d@(~aj49P?5DCq|;;LA;}qb?3n6aEIke)op;C
zCeU}dddcn~<e})i8ZVSLUjVms5Suyn-Pl^>TX2n!AKkfqy(FdOh*-$!dv=Fq>~q8e
zE~-|%pZn_|Cf!O^wF@sf-vRNn0|Sa62v{|xkN9?}dY+oJ_!*~u_k(=OAm0MT;Ns3l
z=emzi*X2d7Sv_{izK!D*(XaorFAg1Ut0(pCgwM_5uCex)N>C3+>_463q*K(=Lr__d
z;8zyFVaG2#>0I3}pEa2uzspEMy>j;=^v2fv=R4rN1csM{FlGh(U@cl`N)bl$euqZm
z_q^zM<SmM#0ver6D};Gy|1i-+O}?(V7!#n%&^uKR1MIsK-fiKxY);yYQ-ybb4F)l?
z5FaQ4e@*rEjeZ^a+T0ZbfaxhbqOupu2(K6mK_5SL1P+N_d-GmhE^mW3PLOBSX&svx
z<M;b0Fyt}H-PX_T<x!@G?6;S=)+dgJMX(&`L4-9w3AJpw30AvVb+y^FS^Y}|#GuPu
zxl}r<aUf67-qMI;U3nUXNT94d?{~wH5r^s;O!pIY-$iV@+MCYjV4y(o%)mW%_NaB?
zQ+Ylw=eD0}&F~;PiYeC}c6$5J&9nA+pE%58dcxkvbAP@{J~Wgj9fEDW@Z=BZiKn05
zW1cx?XRbrJ`e&r=_7;`WyoDn^#y43E&q5ZyOeKQdp=;;r2`HIRi_5ZPK|J<dzw~=D
z`2wMw-e!Ree{%K^4T6;zzU+IR0u=x|a2~X6WTT%;z~gyD_Bcy)sJelZJ^Is)<V@tw
zBIC@@^5(nwD|Rc7I^WPe7C4yR34uW>exUkgA0wFk>;drbSD-2vU;6qg2o(LKyWHNV
z-Oq_{7jcUf!cJ?pS_^sQeT26G-!XXs?AJHcUREX~g}j<J)l%HbM&x^FaK)T821R^1
z_KCfn<Mp+4@A<hm^}B;)PN=_>3B=$EWK>a~36!9X$3q0n`;~P{X`3Ajlg4Ju>p5%g
z)hV^CpcQYNSMkovc47U0xa}I6XSrvKS-lx|)e;eerTo_V>ZWMQSHLFr&`3tV`=4w9
zl5xE2o-wFLTqDMg*q!CUv$o$RA+wfwSboPD>Q~W}uE)_oKf2OOrhH$TH#M}|_u=Fv
z$XlPs8$JX=jn8=4$B&&<lY=MDe*02zbZ_@uV<K@rI5z<i+!~?zfbX5Bbo8lYXpgWL
zlP&J&*xsI4(tsWbbEYLBDYRVjm?>rF%2&h?X8@%Z9D2V1IY7q0Z6yba&j-|q1Y;>s
z`iYp+0IJPLW@88MrMvYIxqQD${+rjoV}UW;Yvw^mwYU_XF7Uu&ylN53SBCB^eon#K
zB+Up@S5b7mb{gpgc87Cr1-{9ERP5w;@UGF+QQv6F1sA30uiJ157R6i%4)(1+<PAaB
zBKGOJ?0^K@ZzqiS%y+zl=C1s8=)=FmNsbY80?F^LZ$A;L6X!JEyf4_&X@r4$^9`&o
z)YsU2-kh$i<ny%k2sn+{0_t*!T1>RS8%hXF+EEl1cfI;jD2JiWdZk<~_)LZGq3@3a
zv!;{e4dS(hu{gEI`-o+K1H|vm-tq5F;7btkbY>kbv&X_O20;sTEM6c0B|Ilkw_k3*
z?+t3y+!3O+i=uHULrAMhKy4D^B}P1xr@l_&G}sxwr+4J4Q>-L#>U3Q-dP=YlZMY0p
z1@mJt?)@66f0aXX_`6(wmf70QZU&@Hl=@|*6W>lp^_^e?GhjZysEU90oU}pdlkpZ-
zU4>OG@4ZQ89Zz&v;#UTEF)z%eddvuX_C27vj#<=x)dXfP_r_?P^@9&7Z3X|?r-|`i
zDL0wqx2nc_j(=4N?ka9DdTw0aWqDf8GT0h&@T=~56HHzbP9fBif_yL3`W|jCukVsm
zU%tU0f#=Wqh)@-AlHpB^8$brMYE6!oX>`l#6mvAUwvkm1=tKE?U?Y0B@I1tPgBHW=
zH?)VmUsT_x4tSI9(W6=MwTB%Ew0&u_W6yCnGdo9f{KV7NI<P9t-!mN9p!hDWXx=mM
z^vvpvEYA(=2{Mw?@xc8YRqL>)CKz_+O$Zh1JMv)oQ8U|Ql>4ExPivPh?({WPfW1d0
z*2W3(MADFp-iKZ018pUKT#f);H8*v$E|rM-qHt$Aj^6DP821s=6yOt;K<Cz;>vW*x
z4zc&~x=AkvS0B-r@m^BEbq@rP(eJF)5-Q;qvuThu8vCAGUt2-Ja~r;`3Br27*v2$c
zCzPm;vff7bgQj`$37B#|w)e5(3BgBTcy$23D}a0K>MbzUjXF<~kMdWaqx*QTrd$P%
zXG2@p-A-x^JSFBzb_R!UmsWW<4P4k0kt#X2WbbH<9}IK5KD)D(0>e=Ln2s8Vj8BK}
z60~yLc@gE#%yIUxz*UH-rvk{O)9Hw!z{QQ!Dr06<$qdo&tYvhcjF^GqIPOW4gd1fI
zoYZ*qqR_V&01wNLA=GNkL*w_OU$^-ZlJ#J<8eAQhi*WA>yI#5)LN6d<yUIHHPDqT7
z@t)6h2)A_(#)~QNqK*EHRzG*t<9>FXOosHp#sOvG3(*C8+Nti>{@YA%#*!}$ug#wG
z@)r{UZ+?c1n<qQlrY0y59#g7375z`Ty2qfoZzH%$uNp0MX0)A;-PA*k5cSEZ&j#=<
zxfpG4LF^}5buamxIARs|fv`D3FaZ=i{Ofxz+TC1KZlocFDd2r7YQifw<1xQC$>`3!
z9H&@y-U6{UR$L<#=9mN62DV-e^K}5`jsy4^e431!J;d(-8WFwHxU+X1%|6Z>0j2j*
zTCG7}cbz;Z2O_UwvOTtpCxf+R2B#@Zj`&Lq3U;Kim|q&FrF_cN4+0atMCblu*F7jt
zpjn(twkNHmTzc2Qvd;B*0#e>k2fWzg+&DlSdTklbPTp9vBW$0&i8wszh+`M7H~U*2
zx3%NH@12EZ`;u<$i?CPM2GI~6iWiZo5zvl16ULixXo+cZSwGwDp*IJ6>h{%ZV<ytq
zjE}IVg{hwJjw1#SSj`!r_f>aU4M*$qx;u<Ui@b6bnweHnAIP*`dVlBIo~tj8-<p!;
zWNN;*9Rh&tP2sa;_hsKZjQp1M10PLm7Xe}XZZZS6W5?j}^ClIIGn1>%y$)B1uY{90
zF81BB#lsJJ`E1<7?smZHoUf16Mte`wrQ4O<`~d50w}RqQ?D@Pq_^k@98XHi6-aCiw
z>X~@i?<(EQFuS}j#*ktfmWz3QElx-pt>z*t-2sC)3zt=m)E4$a>ic&l_X0<bB0cTD
zh7(noC^n5=(E%6lTU9(S;;9Hnp#$)-xOt&?Zp#v%DiEOPJ6KVBf1LpG@4lAhds2hG
zMDgBJ)Sc`)=k_wV-;hhfXJ6I;n&XsN-_==%F}Kz)OBQ(;%UQkW-0NagHQzPN7Xtnj
zvFZe(sTYgI*BUPM=ECJmpsel3a4VO()K9S&!Z2PpR|o=J1Tb2f>z3O=?83;_cwQvG
zfrqy=Qs=~%I`mX|(iL-g<I_{*r%C0}6pW411V7B*U{8^;A-quc>p7Wot-8uj`}<UY
zI$rifh$h!lkE~%&3NXqRdPk;0@j70Dw{|zrcd<V-y>$b5uPqX*a{4^YwsoIaKcRiz
z(gML;mZj-bzx6a@SroV(&a%0+2IrwgM6q=)5BOcC%YFs#5j{}2sF^!lgICT~_>MGy
z<nSZJTXk|&4#Nr#X{ivk%e90}c*0}&z_oEM*3YBvVNLNZesEk1e5S@XlkbxSsA+fU
z_Rt(&H|%@b)sZd&l%LVF!BHdzUw1=>Z}0G`LM9*Qi^z$qj;04^b`EP5e4biX5Ig#9
z<`_igqbVtfOOo6&2r)?1hiY~o5|iiXK{31WMu;O}35?$iARvFpvtZ+XD@|?V>;49P
z$t@MFb$9)GyEzL|E5|Hd<a6^DWVJsj%$q8mhhNk@viT+?X=`BzcbeEJTM*|pt2d3(
z8W8SCJ-QVXd(0H@UF-u=0*BBSN!Awn7y#Tr(L4<gy5d&6|Fhh<C#2szGIJVrJA13r
zpt7nDbFLm};Ry2c-R`d>KQSgc`eyOn2do=%grbo%b40&l2J!EhH;k^mOsQ#m%*VcZ
zA_Hs<{W`^EFSya?Vu3t2fA*o{-<>e0p0F`QKrOxJg1z+8sNcz;*61>SMX7x>m`~n&
zkC)a3vOH(z7Dr3_*Fa=d55}GXpJ*7rd9X*$zhl<j5_$_ThgHK?xg|Bpa<S98`#T4n
ziN5Cc6le$bus!vf^_^bi^+Imh!}nx28}$fnVpiUP+Z&HYjuc$8#?Ju`^V{%}n{lsu
zT#UCi;oO&4n-3^b=A>nxYd{Cd7DER_wT^Q&qMtJx<b{Ezl#>)^?$EaGZTnj6%2(rO
z;Umd}9*VPSBVXks<N#^0dAX-U2^6hm0~@F=KTS$_T}_$g#NEtMu+qJcyPi(kxJuGP
ziJPqz`c~G1Vd%H^ITm+C!at8_z3aEegF(08>~Zv2uM>NBaapg(cSfBxrwB%099=!V
zl-)g|yB~4z`;K1lX7gl{>q_3Pd-yY5pH0<Ur-|YU--}<zpE98Y$A#22Kjc1^e#-12
zJi)+cZ=PENizz7nwJ^NN_ENbKNY|d1QF!iQ(&a-d*U^g=C!kfPuSR!ChgrUfs>2nX
z{shZ=d-R!O-Sm<&s5h-_B-g}%%+v=%Ps1$@Q<i*hk+qegKA#lA{Cdf{4;xGFF;juB
zcI|xk2f%sN6g{0ASn%e#mxUh`95%jrFPJ~znKAFD;qyaDW!0wjaVpGXvs(ztJAm%+
z=4OlG4UztAilmjWH<Kzw;OR#^!UfIn5_-Hp`mPxSuHPL=WnS%#ecFUf93<!I#mP_)
z%DQP=a!aailZ3VxARc-8>&1zy3HQxn(q^@MOO`{Lk&{h2-q$cr(g_n4sh@jTzk6pw
z7YjNPSzS8U&pA7GDVNWFmX^kRJ`YkA5_tR}xZ_{{;oUw^$=0l)H3y%j(#*(->o@U@
zZ0e)%f4V2+i{>lMX}p^+>{o}V_PU}RP3ifzdFXsLmybT?Ry1=37Ib~SVb=Gln};h3
zed4$_v9Fje&)ExfOLBaVO>6|7TmfjPmtpn=uLun*eZn2SjgaCz9j^TZ=-Aozy2=z=
zfQ@TNe&fU&CT?+UwIYD`JL(L*M~g?TlIF$%96UKtd>ViO@5{(a#+5Wr*R_#73|ohp
z^OS+hY9l_Z*y)^2a%-N)QFm||V$>GFFqVzNLj5Z*5=`j(=Ka&_I}5b2mi52d%mYHM
zALR9r0owE?^p2Nca?uO%llo|4^kHahe*JPfSEV)%9eFCtVH`ASW9zfyM97B2l@E#E
zD?fGj9QMOVrNJAEw?`$_)(4x;a7qjAgPgNB+G9IU7QVPgV<}u;b8k4fT%LDV(M>!e
zEoS*?9Zz5;4GhP<Ss@KiPeW#l2h83X48F?FBhIA!xCkE6(-UbfzQ%(WaIVi}b9CI#
zFli;eQ*AFv!<QyMM?xMsHJsc4ZN+EA+py5y>pxm@2Ztdy+q3DV+X>PDJ^0=eKj}gb
z$K>)Jj|DmF@i2xV=X}?Y7=YtOXW7>w8v*D^LCkoXkog!~r>+B+y!DiXVM8>$1XHvg
zWN{<n(4L(0(up90&5$i;IT#Ivx*MwA<|lgwMa#|;l5+kgpPtoozrv+?vneX6E$*qL
z>swhEYUhEF`nRj-G^4;rx}O?eqn~$d_;<I>p5vPLk;HhyXFRw5sJxys&Yr+NvCaxK
zd}*?P)pa8-YsGwhp|!-=zp}(}$8(R4Jb}1dDi%*!^4WjIt;xevsTEb#p9frG-J|N1
zN|&jwE6<^OO&u@CvHK#N-=6Vfz<D_7;NuI3i<Mi+Lbt$K#9q98uXljiU8Wrb@6&I|
zVjX_I##wX@!S1o*Jr;sYr!S*)K))Dn$SxX{kH+@J`{guy@`F|Fj>LD-ht2d(-cv6J
zu9}yebAghN-h4~_>&c*(LCnc&XO6-f%bqLW*;*^-G{o3mJA~}FF4D?5DgJdnCmrK)
zeJa!nl*_~fP1*e`aG25i8NLbH`P#W#E`+MzcrULoLgJ*^Io5g(h>NAk0FIuaJ|?#C
zba|W`6LoH&+uBn1pX}?Wj)_*j_96CE-n^WPBRfoZsSq)+uQndbEsv;vSYearb4U+e
z!X<I&`0hl52JMOS^&=K$=J&e%w3Z`bRL3Lz&hu%}IQ-}LCoTOVOFc60g&gyjEVk=r
z*|{?mPl#8xiuPemJq#D?k$39=9<4hUD+od_W394h!L&V*K0sY5IPb08p;PYYuEcQg
zaw^|``L1qULG<QS4Ij6{q2@aJUF%sl;rG3fm-0cDmVZ9uZ`wb)d^1M5m74Xo&;qf1
zo*et#F=Lwet{!@wyqTxqNITP7i+ay!mg#9q?sQ1Mgc$u<eW2CK4nA7E^xa5*I579~
zr@nPYzNY=%RwquzR|^_-!>f_$vBJsvn#A^eb=<5M6#~`02IJ%cT^l0K2BLnvO)bpV
zchLH*)K7)@yFcelR-uDD<x;t{QDCrm?TH`~?T0^waqC=0obu|KuSE;anFDiIaT|*0
z!tUe=>rS&9_M$TivAyq^b^jT;Oc2fuQQ>xf?3jTtYUb<LP9A+q;?3SKvUq!(H?kF{
zBrAMI_KdgC3{KkGb-5;bHsb-~T`ltk4xB_x&N)?vk9L8-{#JZWI&Y#*%lR6Jid|v4
zlpY9;cIf1Jpv>u*b49OC#42BbZlhcMf;Z@ND_nCI_Wmw;U)5Y~#`3yQr9h9}1ZC-s
z{sZ+nWAid%O_t~dR6nD7!H=_!PdC&&8LKU~?|a{(#)r%3Jzc-a+i!43`~6%SwI0qL
zguGBg3SovLkn&xnYCUk`ND#o#n|`igm%4$$o2+DxNtIvz40zh*;iyW|<zss=_py^I
z^lgh~iu!Koy2zOL3(l5$AJ(sazKFGAqIm6V;EB3X)$NI}q%3len$-rG=%pc;GiU~%
zDbE9mulWWlhH%`QMk(**2{Gh%`EJOb;_eT`z7_;`t$XN8w*r-7K|_WWK-1&MZy{WI
z!Q&jlTv@_+iBcVBd|Al29j`rxS}&cqxaBJ=tQst{@#9fn$B>KVD-0(<fuDG-yYu<#
zUl}jkEFr`vVTwP8c?Py1xySOf$5#<B_k87%h>N2gU!`^9olAgM&wDyp!S0*-RRF))
zh+k*7<s&X$52Dq+LW4DK-DRCe7-?Tuq^E?x=Bl_J9p4rZTImIW6;0M`;5QRr+L{VG
z1HpD9FyZjsgB=?u71{7{=`8qs8)loSQUu{j_q_Su*fG_P{?zNQ$o0FUC!?lRSL}pf
zHYsM?%`H6dsfA5^@_v{4)wlgCo27&o%7nw3G?^;L@~xsvHQCoYdA<V#ni0&@t-n5?
z|B77-RGTtF?NrrMc}~gauk-aPxzK6t#-n{4dH`8O66w2r*pa5ee%w3+ZgoBl;8sVM
zKD&Vgj(rL!j>SvjJA~f`%>~6d>u|pkuvEEFLEj!rz~qdNnvxNNWMS6kgt3KH-W%ax
zF=2Ild*-S!0E*}ice+1U#Q46YH@n!;Wb@BZ_<j}CbpRjt#nCuD-b*M`G|8hS;OPQz
zwrsS`@%t}0vUTGu^2~Q5W(8~tWYb?p>^xulY)Utmx17%2yn++@7|VnUz(4y6p&qXF
zmtYSHyj-zQC1H%9*xVBNY-Sjl;VrpT;LCjWt011Jh-PiWHSZ@|2!ZG>c`&qr3c7Qe
zs_9XXxr4}JS7DiRrDi$`CT^4h^fgGg6npZqo)V>dMLkQ0;#>dzl`Mqkr&vRr_65yZ
zrWg@SMb*A9{up$xWop`hdfyQ!l(vgW%@6kM24>Iw`eUg+{;cy=vwF@VZbUa*x^-SJ
z1qn|f1SD2}po}t|FlYIFB+p(o8uxp9S?pYaI+BzYLdCmK*OyL{JtU+;f~r-UkegpE
z){fEReN<RY0$ck0=&ejwqiWGnaO6#CISY7uu|;yf%9Ms%yUcGI$=Np+H}GEC>sPY8
z%1-asg#IoJMxoj&5O$eEufNxN0>0*EH>Whv)@Fr?LdYLA60<xFo5S>o4C-n%&eN!5
zXU{nyfosZ!d<v=La|LzKrJri?cMni0*}JMsXJDNWiypJwm)kE-D|q0QYa_7vHGZYH
zOf9xl>np)jn3uFs7;x*P3wkLFoJF^}$hlwrr%4#dKgsLx9KB5n>O+2H-eh??>Zw8m
z49?IootH_niR}pIVr06WZsr(3KNIP5;6b-A!w^>*1qMm#N^>j`#*G(|@sT%A8^TL`
zZS<89W*=x<7QSlmB-MND3@>hwg(l47h?ifC=ic`-qzR=HPDLWtwc8I9-5&u~UL@1%
z+bCIQ=d($Irwi#mLA*WuR@<I@aTSp8UU^iaU#Xv9b8o@I6ZE%|^m^*e(6)BWa}TZ!
zyyY9<TetR_Qcp9z`213xt4Q=3UO%RKzC!mFpt2Kg^<v<SZH<k4i$DB0Hg9lm&v$<d
zcdeJrBt!M;i;DUr?luN)q(%4ps%E4#Pk1`Q#^+6WF4X%4EEz{F(IULgrj6slkh+_2
z!JV)!n~Tlk!4pqSlO^5It~c$sQw~{-J<MzvXa6c_&AtsX(G9-dt_2D}a4y6VStp;p
znGL?z@-zIZ&pzSne_;=`wUAelT(e@YsGhZZhGL)^RR#uDN!Wby_`#<J!{+nG(AH68
z3iNuD_{5<{=!lI_ChCS`9CPa0!7g5G=(~vzS^}5st!-q8D{Oeg{qASwx_ufNw1A$j
z<uy%rS%IV-#7nURTw!n?Iv(zpdjND|M{ggxQz79)oSeW9OHSQspi{J$4}pTRgN)G*
zkSN^x`U`zEf#sVaeWBC`=80pLa*p>-HG?l<90)-+uv}p_M4F*QzFQacYA%6y4$%F%
zL;t&LsG-{6z;`d+>T0yPtLplDE}mKXe9ftjUa9xa=0V4GLPb#RI&;vH=!NEk2xJkx
z+V;}nOq0@6{5K<(9x?y3DxzWI)QjbHG;|B;>}AhOI%#6s#3lKbBu{j#_FUhu!*Ckw
z>RLPw@r*h$SvRm1aO^GZj}2blIgjPlAkgF3Wyy0Fbs`s_Ca#;!TkRIMA&40lQE%Eg
z5N+d~3v(hKFr(3M>5~R1X!qND=E@y?+A`@8l%OG#9E>SwhkUF=0q||pp08;BLm0?v
zI)x{;r6sF`i}Nx1>eIj$%BmY#Wfalr%v@*2L#O(>4{S`^iExQH3)u!XO;ZyF%Isgu
zEQIDvd<k4SiH==Z;-)G($Z$g>_~}xx6&2^`w}#$xxD;kQ&^`3BNwG;20K>hTbjYqr
zAmj8Hfx&o$^x3sjb}VuIp6`Tx1d$#TOcp${qdI-|p!4I3m80=c(!G$aA22&pV+d?L
zkrjDiWc!qe+9RazPPRKj93D|ts*%((CPSst19;=e>Eh2Rf`IncLTdtWm5XNS-wCF0
zC>%_(t7-{nWo_)ShVuijeJ|HOe==jMl@QV={lER6&v{b#@OAMOxJqwefo3N?goxjG
z7A0U`J*-z8Frz`iuubKvjPibaVnL}3cK&SH+YmKu_6)Mpz`<I20K1hV*KvgVP26ZX
zdzK(_YE5{k`9MAP1BJ327LT`l)A{QTZ+9&YnVJ*1_$A4s2{)zWi$bHG`JSncUwU&^
z?|^HrIVm3F=(}7yZewz}JbE_VL3!x(OV#*!qc#7mJN?~f^lV>3?96+N4wleYIQ&)e
zvM<m<NYiGT@4`K*#|0%fOKs%(E~n4Ep@jk<NKY|*eVq_vt*;b64M?MQr~o(rea~kJ
zd%SL&-Op{29Xe<z37okXzY99oo4LA=Spr1taR59Nlh9XER3C;rJrEYNN8;Tl3l_1T
z6s57t9af?hOPR2h+%){su`TtJ=$m~yl&e{m^g)m!tNH^u;Y*YYXmH<C@>gOuBnC6<
z+)Hl3e3c(0A%6{im8Ahgy?C-Q8?xJ81{Vhh$-R9ml)ugl!g<fPOR?)~H%}ZtH*c^e
z-Wd2y#q??ueP)3VVmL)ldc^8cM$c57<c*1J%M)BSbxm%{IjwwZI7Aud#j`mtKO)#?
zpxHHYyR2=fAW#nEcLUPz33SGq8krRx42?k9<gid^K)n9dRwVdWDnjS;za)AXlhD4M
z{RQy@fKKR|LwI#|ZDqOoSmDW>r^pQD!su70O=3bjwiKadUjcrf@ki%O%Q4w4AU&fh
zq$7KX&Rb41{FHOb;id27KPZc(zg)HTHNPe93omcddg;l8(L+EO6yszp#=O=!K`$4z
z%G^Rg9sV|bQuvP3=cZmyG=Nx}6*(e5whAanp8HbRLo++qm1vF@LLm+Tj#xM$L;!W>
zzUj%tSC3nIuc~C{CQ!)ZGW&xM0lkTz8YJ;a_OacqP|!N6Uxn_&Z81A@#(kdbbm<8|
z#Crs0^lag2ladmzv;wNA_YwD2Oy^F*xp=_t$i|J+bh<|6_>&sv3F$Gh7dM&XGQ4c<
zO786iv5}i^uw>KE?+Et0a$XwQ_{#mNEBTyTSBD+ZU%0(`@Vw;<8_0rJt=n9CE3kK3
zFzLHIf<5WiZ*oSZS{k55)l)n|cPvFCG-^;V{hu-H(vvt-7wEp}a9vpMdyAGN2&d&{
z0vz0wJ&7xn5~zn~VYTqvL+`AmBj2I#B}G!NRanZtv4~mwH7H8FT#z8FDdXV>c&-d1
z+R6*XFKtN=0$QHD19qqbFMpT&sW9BO`|vI_ELP89r+dy8*`ClE)F+VeMDVxA_udxA
zi#kO4Mw$I~;#3^HFE&djaviXz85U)($+?8rFWoB=mmXgRz}CbYHoR+c&fV<KEg4i2
zL+dke?YvL;U57rM2*)scUvOJkN82ZBra+{gUV9pL@UG_Qu2SetU_*5XCdzs;Mo0rV
zMnMV-;P{0mgRyEToD{=NviK@3J^SFjiVxiPBsBD!Uq-j`bc6d#_AmE?MV9gE=Uj3S
z{k`Yjrk&uXYdY!KZ$xh}(04;l7z2Uz3EGwUZb<6D?Be-)KFl#8xeyb35y*j3PpP)u
zfmk1k`xKZg<;DwQGlPjLtQ&S06g8XU5TCyWdUH|bA=H)QC4E`L1uh&h4lO@$zsoO2
zXZj{<Tyn$j`ZAL!%6KJ~mtzyJ2XL>gW3%t}L_lgRDEMfC+`@;m(bRimykm(;&v{ay
z)O8$^7yL85>PQ^87|>iqh4}dHVOO58!DCw_akrl;$NOR`L&qTOV~Ev`EtY%S%<!q&
z@`NDvJV09<7ayM!G#=1ypp2KyDc~!*u45khVc#dv8?W6SZ$r27)s1T^hd!H>`Mn4B
zyO(LbNo>LR5O;z3o+qb#SLCfPwIXWp*azeH9-%(Lw>vxO2tobb6i$SWr=<@q6f79A
zzKN*47HbgU2CKP3=OyKTM={nV=^Eap`x(;kEy4U+!a{!z98jljl)P^$Z4!gya-1X{
zCeC3iIPx9{4!<mVisM}1bSt^10yIxym2cFZ`I6iKt1?d?U9vonluo0jh_|0Pml$B~
z$(cxQxTK6}pt6-ke6!W&X0P0|q&?=v)`#cK7{TvXb3T1`0WXB-Y)TwO@bfsq9{}(8
zIpAWPA*Qr-73qA9RF#<(6We^Le1O{(HX-C}T%v0uT6m|hnx2rRx_TbeZPu=y1favt
z(_lBF1fj$qw1rBmDfyYQ5gC%$hlYlSuW&lmVX-5(Ei~L_c>?_@wDH6gs)ZLXh!~G~
z!qwD+ZC^uS5nV_cydi{Vd7Id97IUenWNQ4$#uH!TYPg@{A1%rr1xOd4yPlc|L7#<u
zq9jZ&=>PynoSfDdf86paJpCN!3ZLs_LW4X|*X2SlGk&H*Um5<(X=BKWQdaWP7Z(|2
z$;}}?csT0@L^iK#Xb23jQ<jB;#0{?Yb~&vjBcb;tv9k+8ZoDip>Y%4Y1*R&9XL@k#
zfac4VTuW3TJNN-%Ab2VygL!AjIeTjIc$)RB506AWVQ})HO+mlGxKl}~C6EJ!hh7+=
zV1oe9wBtT3Sc0o-DBmTgGH+Qao@O`)?NWZqqsF1?p7XI}XGWy{`Q>PJ-QdXDW06nF
zJbG0Bn!WkU^Cg29EHTn$OJO8P0ob5uUuH-1yx{e#YmWTxe!60%U#y9_rs(msv{Xbd
z=3!-Ur@j^)({l8<L|0!gDmnvi+&i2XZ}L3^htEw-^CtB!x%c8|6Mx?8WH`<Vh0Xu=
z4K&M_$fm)If+$~{a;ldnf<N;lJsfmD8{DocWmKCNKnhkz3G9B&B#4$m$(SFa-#4V(
z6qGdMs50D7bx`Uk#{p9zU|&x^XV;y(jN^R(B^F<IFT18*N-Ym#<Ed?Rdr~Q*?TYS|
zjtTf&3tU?aeTbF)U|LMFHfkW_E-D_#{W@+w@t!o2v|6LMlbr)`r)|07+k_0DyE>vm
zIKJQf3wiT=_(0v#oZf-TxuaR<IGbj9y#PE+%}{>ou~@P~k!f2YDu4UY-zn_VB46|E
zJfHt3%VW9=8AEd2=LkNz&iz?NsYIj2%2RMa_I0nos}%f}@Yne|Ky~mt)u=q#lX*c&
zO`Zz!Hw><^RJX_-patukRMk7jo~&}Pcpuq&;VcJ2uI$$uSttY#5h>3@jlLvz^Cq+8
z*s7~C`2(~g6r5wpseLNY8&GgrH{;IuwY;Ydo-(O~EIyH-eDu^;D@ad-F0#^DL1!^3
zl+_3Q%sN4pJg%uX2=kto*Q16YSwgnY3wOuRDJk!FPB=d7$5mU(`deP<4^}xN`n^}3
z`KrWY@UW0H3TOC61h(^M{9#HZNYso|b%=r>#JVOQ5#2RdBe`d#a4gv2Zp#DgECJ-K
zg=-}IIlLjE($~{;7_%E>Gj9}jo_Zio(=l^-?-x9vD*1XB<K3I+s0`>MTx_=_Tf<>r
z{`)o_JNc9WpUZ9!*N1ve{EB10`=!p4F7q<wTM>k&oxAn<y}OrYn||g6O^xO^vgf<E
zb&;?Xhp=$?RPS9*?)u{IB^wl&{k-2E*cDbXFhx7b{SF=X&cAzwofEmG@9$`|tI88L
zX?AFn^}S73H#~c+$SjW3)g<wBiigqdMbOu9%NGnaGvro6Uw~3vx|Zd=NGOK#HD1Jd
z5<R8uRMJ5BV@&)EKix0$A?&{RttB7&qZNg@@&edE<0xO>Hypf=>xL%$1ourRf8(FD
zcPl@e;6l5rrW*I~=9@Wwh_0V5&mb<>7j=8h`AQ~nO;pnMSiFzf@BX|!qCXYFFCz5q
zdO1V#T0E5Ez$h%;-OhC4<5n)`X;76r^qJ+6)yYLIN||$-#cU-(7SrvZ3mst0&^QTG
zqUernQE?t&o_R}4?BWX{dXQIr8`K&hZk!tlk4o<&w67VWgCBKKt8BbS-*0&F=*0oZ
zM<bIVXzUmJI|cx8(fgvlyup+4!Lkpc<tXya_o`R$9y)Nt`$(*x5dKVISb4Amy&}_B
zjvoTdkqzuB0b68fS3YT1x5?;OE%^$9S~!0VSM~zMerGqv(d<B{RRyx_*2$?mTcURA
zS}9)NuiKAC)4@Ksa1=t4?iwPlJlO@H$G{Y=^z?m!xd>eAWt6UrzP5*QjLz)mm8FO2
z2-I+s>v!$dYrYa7E2agr-qVXO-YBuK83*i;*^#MAZ(g>1(_9jobZ2fiUpUa0x-VaL
z59z*_C1ut*VuGweb4PpKJ?#4NE{u-bK~Dn>9HlY-+$7>)@d0qrim7PQs`%~~Wy@!>
zH+E{Me?_w29ad4tKj-mqpU4FM>UwmK9&`NqKi53TAD?^jsY~;nrodG>*?Zor|Fk2W
z&hy<%p^tS=i*;N$VQcs78H?J!6niPC7jMBoJ?B;N=p1_xh)++bH+);Dv24YtviCj^
z=1I(m-RUl(QT$rFVWL7g8$-gz=cU~j_l?6If3MpM*dA%rej7WXt~~Pcs(v;~1td}?
zWj0du2Iv6Ii;l-!u2Y|v7KM&k9z8Sg!i_c5;c2nG)4ZLbE!+0=zs}C2+?eQnnir$k
z?bK2pLG8@r@RkqF(IEM{dSUCrD(86DA)V^K<`{21HR-wjUIwYZ2iM9v48|dY9zeqy
z4CG)tdT2@6*CG~uvlVvtKZIRLk|a3}`w}VcM=s+3pEM@VKE_xbX4<-~Dl@`e1ObTx
z%s>Y0Rl39L1@DueeN?0(Pk)@O15Qa4J~&SZdSs-L(4-U{0?XY`!c$3duTsW$B3s`^
z7A3-*i4=GYv1FK@$X&I&FmiHgV^yL`&*l?~YF@9{m_t7ohK#tkKkNJ^#}bTqv;qQ8
zZoU$t)H*Z(1IeiT05vNp?@S=dQK?JG%rH+s#jbrhjV7XpuGt0?yjC)K<$U+zzM-tb
zI&re(3#dL^$PzBX#oc-|7^4mFNeAmn`FwKrNv{!f+yS~^>|ciQh0LenT2HgNStGc(
zQ3LAT!`Cj$>&HV=@d~Z*FZenmBR`X3Z~1iJo^S*RzhRF}s{Mr}tW%yjJ&DQonN|n%
z1#T9#-HN{v8jo`(#_LF~dXuu!P(A?k=rMas<{Hz5sz-F>>ac8>PuIyicxIo-WDOCO
z@5E=140k-`>*lh>_H@~xnhe#e&|{B@R&wp0qzybjvFztQ|27}Kw~jS>A~xVR8z?ef
z=IJ2iK9x9qlFuEvr{T7d?W)&d(Q&xt@|mFUCar(B$OCk!(L%Y4SFUNDXf&1iG%404
z+y3WWqs@DPqJi;jUtf{cYxcx_+<vM+fw$0sVH&TPlZ5v8f#QP+)A?<|dg>{(JO`DT
zK<!NGHyeEJ7s%?@LRC`NSL|T&MceCpCq*#315x)&XAkk$koWMhX`FB`I2ullaD;7m
zSR20+cK>qlT@Z1EmO$~bB>VPAELt7=ysk8C$$dV1^Xf-%;FaK#BdrX}cRs5o-UlE5
zxRiR|JLtXZc$tCt!k&S%J&;%Km&W*TH6bc^>MI#~>KLZA_uC+j*QnWrAr5zm4T+zz
z^2_qsZ?qVmI4&jZ+wFu!mk@h*lTa}j)#HA5p`vNoCKSjVc%bzu5O0V=OdCm()#faZ
zQf?zbAwDPRA;-n2$g#C<V%-1^JQq_N!e1p*-G@6!mPZ4u_x<U-g(*fEhRrFa&|e60
z*Hu0X2+CoZIHWw&kH0-Q7Pgux1;jmCqVF^J@&%D;aE<EY@c6zo93TLhIEVFdn`u!P
z)TIn@2X!_o<h`HgPxKK4zj^F6(8mJ;&eaE_w}6i7^+yEib-)=SP>n!xZ6<uO8pHN*
zuEQn@yx#!kUpDix8vw*00@wU#J;@8%D#LZ~29YX4uq52~zxL06QG@9lN%TC}eOL~(
z9^kt`iuiueRZWYoI&fCy;?rm+FG9CHDvLAB_R45)%sCIorGhK!wG&H<BUfbd1h|Q~
zx8EsGbk)s{yJh?O!)m0*oyVM7{U<Z~o#Og!U)m|*YsZLdDs2K^Q&3hug3Wudh_<TZ
zjJ@BS^x6o~IlF*!$e}Bf@A?+l9L$5q%PLk%zay24-w?I!_PKU0o4ZRy<v-_O_u(Oh
z8lbt9vZ)O(etT8-;?r)H##aUvZPz%74mHFF6mTpq34SD{%3pioyoO#7S!sxSDI4E^
z9GeSZ=Xw>CChj+07W5Ro&h^0F!hPI_uehw*sdPgHypC2qO2?jd-L$#i^`?YipI(|f
z)t-jJeO*ofJwCFnq8qZqRtopK)Z!txF8JYDf!8E}9ZKL99p%H6?)5tH%JNnMo^nl@
z?Qjsz<w5zPU30z!DGZuxpx)Q;mg%LFk7~^X?^}1D)5FA7x^=_}4~D6;aC^o#<!`=>
zcXd^`^Xc_{9A!q4YoTg_&Ro!K!m;o2QapyVUgFAh&aE@P6bW`EY3Xn&yFDUamlK<<
zK-XHT92qs{aUAb^PTsP^PeJ5~egdIH1lnFPbm+~vqXw`t^d#R&#~$@Nl<yU8=LT8a
zfeGp0>H_c+D7!W#U*PExWw}cwtZB#d&l(w8*N^)y?0#8S-{>qR-A9cm%e~u=4bT_p
zUloTfK7XF~AhIEzHbklQx)$CjICRb^B0RVpmtrxOap5Os(jOiFd<maIi5k1OEoUAj
zk7#hN)hG?UI>vTgV&;tA)=eaeq!1TpvucjRSoB@~;Lpk;&zI09U_=;)n#8jB-l0|A
z&46ziy=D#+k93_A8>t5jECP-~*lk-$!?b;>NZ9B)kPJCh>>=H=nQ%e>B49Hp?nW13
zF5d6-$67n;exfhw*A#~QpWIj7*e4qIbaMC@z2?oMcb6vRR;AdriDs1WJO!7@VX2pk
zEp8v;Z`*XAco99X#Uj3HdZLNzt??LbHs+my)iWkwG0b3JviLu}cgAII#iTgqsx}ni
zk<u_ST-1As6*R>xN9Qw`=gS%FpP?u7?YQZ33)RO`5^r&Reua{sc77j9iVt*@P=(SX
z7HjoI+uc#ZHey8X<8|(V{me|`h~}qh^U2(digno`7??{HK1H4tFjoOsob+Mh>F?C+
zX&9>@D<x~hJ8Wxn51(7Hc7~2n%eYgWLqz+e%H}BKXP^hJfEKt7>l4fGdzZ-jL~c>0
z+ovoD^DGnK;Kw`F6<6AMw+oPBo9w8UtS2|^aDYSf@>3brcvYoHV|a{bpysCG9T4Ou
zOEx^*7vE~PV>}_C)(${=KQCh`NQBo-u9GFi)a7XspZ)LXWFqQhU$2{!p`vOg=ns&s
z{UVhu3j);k-NfNbUQu=8KHNmB=vG|=B}r`|tQ%b(kk^TN>~ku86ff4X#gu~rsdC(e
zPQ51g=(HQ%_~v7rO6#;di5Qwh>xcI~Y1szn`sur0<b06tM%~rN$l>C5uEa!+`WWGU
z$zJl-Qk?FR^n$TrqSsJJge{{VG;AK%jhlV+#?^e?)OCtpuUV6PNRo8TS8JpAiI%tG
zv8WaKgQlDAqb)1K9O-l`VIO!GFBmu<cw#Z2*3lZ@*CGjFJwTTGa56IR-d7f%jZ98q
zsqpKa2?h0p>xrU~n$ehp;z2QLR`A-l$lP97qT}+^weih8wRG$0B<{jxwSg-XxZwi0
zx6iL6Yx$iNo7HZn)OoQpyq*9rKb@7r*-r0yy4_F&Jf4^5s%MAH%B2%c3Wiog9FL;A
z9XZbN?RkDq4tVjdXc^CU7xZM4d~PUHgag`U$^V=)3jm??HS$z%^e(rpOecdH<YP~e
z4ghk?TnBi~(fBF``bl6ujo*Ep^IoeIU`#__iO-VEhOY7;`j<lZc(<o3+o3e-#)mO$
z=-;lQoU`tby+ZIrH%Sc&Y`><hNJ?`K7{3Rz!cRf%o~PIB1VS1Sg~WLGiPv0(;mYmK
zZ!^*&4k`U-GAk+?1os@ZNJ{bd^dA>E#&YVK)LbL;DE_v6G-S&dd|J>0M<A)zzdLo_
zvbt6H{>0p}eUQ)zvY1p=f_mfOGbH2sH?_uyUC!gRBX~E^&^c9G^z~PKZ~>1auAZJe
z`<MdW27()Wr{r_rh9ilUQ5Gi!<(u?`GelL&g8r1rNw@ke!<hSC`U1a0_sbW|mN<kT
zo%|awAEx`7J#*1%Niq;(x%XjK%aQ09`s_dvMim~~jvim^FX4V4Y#l!WFwzu$`p@|l
z_6wMVeuPP{V6<+dDI|e5@sofT0NW7hu&>ZfOs<V7GB_^xGUMf9Vu{jq4d_Lvev$*p
z*Ii`RC8`(m_3bH6y<1}XA!Hw;Yx5avWPNv8bM#Ez!M&%6_M1M)O^=wn@5|)-a(m-E
zb$h4~o^Z7W#l^OJ+YYsKZ8{-;<106{OR3>hjBZjLi}S_Oo>wI<j<k0#9*$KhJ2L!D
z%v>-`UQLF~{5E`-=k9FM)BNFG*FoM2zf}Z?7eF5ys_P8!`h0289Ml8Iqb9R_eop(#
z?`+xNwa!PGg%5G-2=!wkRrKWqv{$|YaEF`abL5L=u=wV2@YbaR0`Z`4{POwIq$Z-n
zCwbPcL0)F7EbrZkLw?5db4t!5vCUg!|8z+_R(sI%b6XSSuOj`5pUgqE14oUFs*df3
zraYOlPv+x5QqZOetpJm?2LTG7zbWztTA^Jt?15P>@?|ImE45z6fCEF^=qoi;!(Uv%
zvON%N=M+jMxoD)a&YM6C@A=??SIi<i=h#rmc`e*TzNJdXtz_<P_`>zu**U8c>S{OB
zgy@sljJ=N2SFZUha-v=cI)7tTg?3B{JW_&Ys~QtRAyM~yi5L9Z{mI=YdJgyvgA0%e
zwRnyz@eKz;6e-2ed>=yDhYM=Ox1;BgGd8G@guLVVU3t89*0xur@9PCe3E+zePIUx~
zmh^i^_1cc?LO8(_I>i^!{hJJbdXbLeBWne#7l|@LohE0p=~0l^uIlcMFSgPS)bb&`
z?%xedXur#O!U$N$ufh1eKF(p^2ewDu(Iw65ke8@HM?lE9!8s5O{csM=0Ql^snm*!Z
zWy=|FNxph1?s(jK>-Euz4LC=p_&bl}151Pcy34r*aw%!l)YfRH+AH|+KN0E6Jy(F`
z8^x3|KNtFS(W0JX6G|C(U!_ka7by65ZnvFP=gx{ja^wh^6;>MtO>}o3dIDVfOi2tp
z_#95Zg8bdC*IO6o9;rm|m^RkCceS3%FQ%=Cd$VRT?a^kIv%-8c{e5<ks8pxKbNbrH
z(fJ|6)*-D)2xNyWtjI6F-AgGpT$65)J~gOP!fVG8{;t);?2(H6W=DUb+Ru{#d^FPW
zt=~DN3%pAnl6~)3-Sz3=r`OKYHq{uMunu}aYqzQ5IQA(5FHAep7r+r?hCuZOnP-0o
z;2CeR-vjo|6P5N%UD+EN`~>4aac%n^6w;G&=!-Aia?)EYu4)j`;?;s<_v*e<3lFX*
z6iiGDCO7iSNA#vS<ff-A&$Ysn+4EWE3fjGo{AJ3tBpBO*U%B)do$Ht^hjl$k{TidL
z)Sk@jK#$a{)@yDB6D`N7{qZpLekzrMdKHL_G>+hGkR+VBz)Dk_JUxwb1L%?aKDb*k
zHTEU@@a)p#&NZ@<(X&&A6irRCq7a`aGR>474+KV9Jo+eUEsAT)7ek$Mw1iMNh)tgW
zaA@KY#F__Lf$NWS^2Yi;0fv(atSx-1%@>7|^3Jh~M;*jhL(UPOW4ws%uO>O4DB-Ko
z3e)=;!#o1vH)kJGccscn5k}XE>jc(jMt061a5OoJ99{XY_En9qwzv(5mp|P{jz}SP
z6%HOV%h=D^_E9_W$1zGxh#DS_YA+c+de86{a56pB4|3(k8GS<kq|*H+*BKm@h2?$j
zFOK+7e7B=+<^gjU1e#!YG{EZ#_83RG+l#sq7skbNiT3gww>;%nvGvv-y{JzU7u{7d
z<9h+~DS0g9_mdV7Qbm?tQ&N3ke6jBKH*fe_GgB=a<)(S&Tj+YLu8}<Lym2aHz|zQH
zJM1VvwXZqx_?9+#CTS6!2h;Jn(9%}P0Sq0OJMA#7l`zF)CtHPC1iQ)WQ11P6#a@I*
z97X3fcMcZ*LhEE~@KHc~Pffo`#)IDs;={x%Vn~Uj51R_{36Wp70_6YX*M9yfm1vOw
z@#JfZfZLbq1j1&Wh<0^E<Eoada%;7+1NJ?V&WHPQ9vv|$Pu;>VMs^1y&YgKw<lMT3
z0@LC9T{ovgc2}$dDJ;|TpL1#N$2sARTG@%<G+H!`=!ERNt8)E((Qup`A`hjw<TFmF
z&kPjHo&Y3%t5SHGpKg#x_|x40ABXoS#Aa!s`gW`n-OjeUj55!C{OS;cAnu6)J^KZY
z(_=f;L<Ic$uM+~HNOG*%e(5i1wgqwKi>^djI4A55uNEZJ5q2eIZ0^H6^@XQ@eXY#r
z@jdIlpmt7oz4m^)+x4U$Q9bgoQ}mUNeYR8WYYt>Jm%gaKNk1oVAY(bahErl=ynQpl
zj<G&%<IUeh4i?SziZY@B?cO}w=*A`i9og_@_CLYkU4rr`yst-m$<Pv~kLc5~XYZvt
zYOjXO60=;0>A1iKlz$uFeh($aIhu+W#KS+o{$dAt`1-VSj40jHDyIyZk5*uL!Ns_H
ziZJ$!&GwOnF+6G78AM-o7kNKuy%P?n%5vl_mP2B6qzij>v15yr?=s$RWYa5GcH_D~
zwV;nW-J6%3YZgvi4#Zi%&MPGb20TKgHd=*wm!7))Qv@=RH`Q8G=Rr8!_nzMCVr9uF
zWe~MPs`I2{EjizU8`p?cA4tGAPM30Kj-KhTFzDj)ELL;2J~RohGI1rX;#LY~Uu{5)
zJ3wvu=T)Jmb%#05xzm+hZBaUP2)~vzPfgS&G*UwrjXLD*G`|(Ku!eorU2|8PAS5_n
z6B|H{)1pTu^~Mox`Xc?_^J&<Ji+UIREj}@v;Cqi<7Z~ne$o4z&wo*#1<TfSk<~{wm
zmZNE&yCx0awbV~OOGlRhL<T@ZL8s*jwG7Ft{+V!3t+Q%dsWU&!1<zK+wYv)-<d+Uj
z$(~l`GOsi2b1}j5pSK6tx;}{EyhUpY{yiq*o5Y%@*y8EB*JYx{5@i--<dVqgWAbOV
z-KT}lJw@q3T#-E<E^5dEQ!1m&JYU|3g`KSn0#_dor^o2%#ukcm+)-?*vw8{A<vZxR
zA+>oagQ^JhRWF{!KK@9B1oJV8c4>M~FJ6Cng4i|x93N{rg5iYCr9IJ)eB68F-sPxh
zE3#?kh>SrUDms%VivqvN%}QO0M^Mft`V}a=az=-49p*1+@5zX`6ZVS#5{*M1xIwh=
zs+6C69~2456NO?#TOD-Jimgap@TpnC5jZi0x?}eQwP1@};fumz8v$>X!(DGHtBVLM
zR7S-QpUy@DdyVb6c_d)yq4w*xHG1mOQ#9UaJdd9T#oimu{=jql99W4xzG7xJGfa<1
z*Bna4bT%69UO@7=pWTNYKi4(*3mK+c#mt~>;Rsx@bPg5F3f%szN`&Lwdmrzuxg(Y)
zi)MQA1dsx+<AEKV@b3u8M)Rh`K2bb<jXW7wXce*I*zLz9vg~?%d++oG&gV(v&C_ro
zoTqPn?g>TL{t~*%aj7TF;k{Yrn!B6(FmJN$t)-~;I3WkPV5_1%&q>(>=em#zpVvdX
zmL7+LZtN;(zMrW;_m`YpaK-bx3TAl`3WsjTx!<9ka_7^Z(R@F*ojKN^SLuBWh2yi9
zl3~2wVY$-w7EMW&EG|!-t5oj=#j11Q32<(+oX@oX)XzP(-x;}ZH;-nE8ll>BcGj0Q
zbY8ulRoPcY4x5ozg;lP+CsBI9WENZU%9rLg<zV%MIv4=a``L$TM&3i{;MR))(Qw}1
z9xg0O?bthq$G|ug{&|AH;=8EVQ19htTPlU3$56gON;CaJbK+7SfSXW>UQb?q+&c-e
zZG_M97@!5q*;GV$tfPx*Wc;>9!@aBdtrXrsyMX&7`db!sJ%r&_s50z2*d2v2#pa=j
z^TnTkMttloos~#n^try3kRa<_z4={N{U+00*=`?catpP`i|W<*6R|~DoDKnXQ!*b1
zfG0iKI&V%|eE~qS_Y3^yYPhE3H?^F*`6(q5$0ta-KII5sl<P%ggSa+nrdp<0x&vQK
zB$b~szHY<kJ@@R#Y_9|?FDQUNu(!AejsRHiS-Cy%?ebmZmaeCvD<*FXU{APoxIBj4
z_f%vZK4*39Ubx`6li`*bkUD}hjcC+e_kzT^kCqJ0q#Pz}vCSs~#Iqs!vJHFzMJ;#`
zlQ-y_>LWa*?}r7Ej@7N&$I(vn9Jcc?83M$GsV;*`i!Z;`w6t)?y}T(-*D8WK;Gu&s
za*$OXY|mxHvV9`3_soQ>?adxA&J%)9INq&Gk4?pm%)ENx;>A`hMz39gM>QWaWfO}u
z$<FTt2)pD&#8X#~)PV03xq_#iHSauzm1keuK!m-AO<YdL*~Kbiiiy#EGC+&t9*X^r
zPzTg%W3cu+S5o!SZ}b>~p<;l~L#)|+l&ds1lWYS$Bj`25%io(J<0(n9dIgmV>SrI^
zzt@kqHf}%|?nOn@*_{;Er|h<z_SiRadG5$*oHgH5E5D|2^>?aneGzFixMQ`CIJPa5
z9J6V(@sX7B%Y!tbb5{A9VOEV`N_yTj#=6}#Q)pIw6W)ruH2~B*H?Ny@Cr<_|JhG^P
zfiYe{v}Qxjoq!V5SpUK|IJmE~BKfM4oKroY=X+S6GGA^djrJ#+5?|j30J#vU-kL_u
z>w|3#?n6C~@%hqQq-3~6T748XO!&N}!@e8mak4RQ1n6<`ZP~%)Ku7+V5aMxk$B8}<
zJsjX`T%!TZ%<|cHlgv@7^OZ3hbX*rRQMqgDEl){$-iM*DksqNveox%T@OO^xZm8MS
zSG*-?;^zzmpMj|_T2fh%w}O;3)}Hjfz9CTCjd7A7-jigJb6D=R=-MO<(C?OU<CnO9
zTMG`rc^%-^W1i&<JokOg6r@ettKWq`tmd55*_qEvq@?p+9P3_rOp+lfa^q1mJ?DIC
zV|g>cV(kmt2W5uxP^C7IJZyTR{T{z&J7`0ZT~EE`nY*9t!ZWt$kZRTDZXu5_1-ji=
z^NY&&_-VYRbWZx~C!(zr@&)vN^VW}>!+WQQ48UsFF5FDXu^TP>ICk-0ZXkcVUR|kX
z*jY@x4A!aLNrtIygw)v}l1L+Mfgw{99QkdeqG=z!I&yo7sW9TQc^-M_Eqj}H7@vdy
z&jr9L&n7dv=7+1Yu|Y*cD4ZXp#p1qS1DSJQ52Lzf*S*szUF9>+bOXd|=udZ}R?-#D
z^YCrg6qC<=e+*&<^R*Fs9gq32;$*;mN`8C9(T~;EY2Wu-fpsB<!0hpSWXDewSDe(`
z0i()LN6gQ4e=;YxueHJDzOV4GU2eQyTE{*kkBhGP6W@Nj2?3Z##11t{d2TI(euSGy
zJdjitwoMw3YtOiE3T{^LM)_M?9ogb1WvVB{zpz^ye2}4Jz!#%WW%4YsE&FilC=ej^
zp~V}DI1+N}y|#beJeX=Af$q$EUz<di&;Lp~x2;>{Ry)?Q$+PI`{^grse4SC32aCYJ
z6IQMVlW;sWfP|MbJ_jV~>8k}H=_KE&%81DsJ69vJ7YOCV7!mtHzklPY8?WWbB>*`<
z#=mlh)oU@ZMQMJWX^&n&Utw}PNl2ow4u?~}t1UD|SxDdMlHwC*`((vU{nm{M3)d?w
zjYGg}0C4A|TO=0oSy4#OIZO81tAncF00109sXVIlefDd}uO<st&i(ebN$$!tA36Dr
z1)WnG2NE>C4by1l+9oW#NCP+nuca~I@Hz)0B0ly0xt?7=eGbar6ei%N6Ay4O-S4Xc
z0C3KEoJlYvn7~mb^I>(UxXf_-QTc|MVW<I!85!n1LpnzV*2PG`@w7HyRroI4UYXlQ
zb1aobM$tetzAvnVl=3iHcmDj|@%>9W!P0Ry5V+aIf*0le+WPM9j`v-{@Zc%*8HYv0
zb4B4E5}F%*rnGkWI33HZROUYDo3%71-F)g{)YQTE93S`eT*Ae|Jvd;x$De9@>-q}e
zxz=Yp!E(>ly`+M9Hv{YDF^1g1KG|k>fvUQ1k_JO&q`j4TJT}DS#zj`N%xetiHEuRU
z?k~Te>Fo9y8mJLPw2kAc5YvG-IzNB}<%QUz^56>OiGubloi7a^s37+$(P_T157f9+
z&L_aaB(@A5M9O!&rS0~<hBG#3Epsx8rN8{;+wK_GQ+^@b@8n)(1i78ABq)90T5n}S
zLitldtf;(?YHDCljS6_ag^!N0k?mY^Dz~v<uk}o|2$zC4V0!?!YK%`2YQn<~ZuQ&u
zQHuWd+jmOhyYrhTPA2>_Q@~zJw1%1V7)k)lif_h<;k!;hkBMMlQwmT-MshsTgk7g;
z4os<{r{!%v>wh^jARx$c6-F-(i^N`9)|E`8S48I)sA9gaNZ%G;^Vk<yJ}R#J#OGFy
zg!gxyglV*M47~k`S&P?`G}xN&!a0rAcGQaTHFU1SkFZ$Lm!bqZiyVFlyW{Q=@eSSY
z&JZ0MO?_;u_7LHtC~==$(l6Be(Gzw%R*J6;eK)s5;ymsYDQClhRXyt!{1=eLanl@Q
zAn3XzBoaw~;fnkj59?Z!&B8bKA!n^9p4fThiZU}{FVTX~O+zHX+S}%d_sMDr;dy9N
zMh^U0R~(c3<(_0CJxxb+$`r<HET}K9yCOl;WpPZ2kp0r>PpfyGZNL)o2utBCPyP1x
zN6kgzb1SG3&d~F1e!u1(3%f_59J-Ku?<16>DE_(H)ps4@G`DiQ4DQjP0%gfo0F`|d
zybatRQCiT7FHqgqiIC>j?aZb{WG#4jT%?eST-tVS2PR$S!caq6G2#829Gkwk@}_?o
z7jzzFe6%?l`k`ruBR5>N&QZ=MK#m^fcwBkbH>w}|ZbIojq6CC|LiBZJAYUACtqT>&
zmD3Z=3C=+5HEh}dX+1mcdcI40kxo=|szk@VOXQ)UG94}7_qR9B()1bc*+&j3;nJ=6
zzUSQwqE!9uTt*scx}`^=q&l8YS;xs*DPOaj?tKoJp#4fG*WX#c!zx_&>5f<`L+mqf
zo?J9f?-paj5p_s-;3LFqWTy@LW|kdE@+bOwdHl<eu<fLNUtkGODBkWz`1C7NtdzQ=
zSyKGU7FXL}=gs@NC_770`#(<_7Mh==#DTt8l%JDNzWTTKDC2V!dW*%L_^<ocyM9@Q
znGxi3{I<HC!R<h<^(uHE(F}Hcs9xj5cwp35nP&#s2kr_tn2qS4TMuV27P#djT_aYW
zSI7@f`gkvB4ED+_>m>*TALAwTA>WIkzE4f(SR9-%y(3wzuP0poNPRwHxk(Qtp5)%9
z>MrU_tdT-`H)-Qay96x8ZF@SzpC-)cd?fca+GCQ(d6M8NQf`sqm!YEA^4|I9v&T;`
z5~GY?X3)D7C~yV3?xDv@@w%%i#S902&YTBr=ezpz1hQdcX%JqpP@QWagZhQHEOp2$
zO@=INa7J?2$Uv2ra}Gb<SYbDkUJC~v>wBZ<dvls_djUUt4zIWb4o>Aq9~Rt;c27!d
zpC>mv{c%YMkxut?+!9Uefa*90Nwc76=>l=-QQ~bUaI!tGz}3PNv4~`3KP%|)D{!di
z>LM{5MuE6-T9fO9KTIWp+jYL%Z%;ek`KDBSgdjFCzr0~lQ5?OFs+t^6U-DeTxR_jm
zk+(0@Jf57S9Opt=blKgzIm>rilbD+y0z;xLTw8<t1f|VfhV;W?^OWU#zo^9zk-Zkg
z3nVYaK$|>~P;u%%FTrIx0CU%|yY)-1(C!<7wLu}ouPwx(<F%FQnclI2O9}isuEaM9
z5~}90UFmW!9%$9{r6%x4?}g|bxSZsD@be3K-AizbzfeKvqF*TYI~^F$1O>Z0fn<kX
zl|8la%_{eaj)$gW$TJeFf-9%oivYaEok@hB6uNn~xe*Z2J8<cU==nSbVXoeN94}Ak
zUEF$N16S(1RPn$~Yw8HTHIXBtJ^!BXr8T)vAip(7Cl>Is2%J)lklu=v1!I4_yt;_F
zl){aw(qazYB`xp98h<j)#%Dj{!c(cQS6&a&txzX_gcRvD6sTCSQycxIm<P5#zGml3
zB>7w;yJ_Hdu$<Px1oOzDZ(2Hz;*)A$)X*avuNi;#Y<7B1BDD0T*PVt+S<2RL@FI`s
zo(dLm4aaqOtKE;C;4Nnj*CBUV@~6Urr2^nqeH%`EPi*$wEUal9+l#I3bVbiVTyVm;
zr}~kCTf^z6;&zQ+E%E>zSG?zf0pI&2XW!v#X}suu5bpi5Lg-1$eIi;C*JR=D{Ov*A
z55E@ONI|1I;T)q~;geIP_cjuq$1{xEZM3ym?C9#bDRzg04%XF8K`qQY#PNEhr0jPc
z{(k0Dm2-3FT+f5w{I%nW-p6Bk$Hjqe6)BF<!uUYih}ghIYagdRHq)1l0z9!dzWYNC
zF5mWG(zM4@)DWp`_sDMgoNZSOu9J_8TG1(P4?>ii6=}fW0{pb#k^F*H`YnzHv>XmQ
zs@N8qbj076<{%-eyOEz^+jR9Ra^B26P<K%@=P1_Zp{;w*IFD&Q&^u@pxo~C;;jx-7
zhwCA=2h?RKui`w3cZT@D6MAltS=IMJdXlJ3WA47?k5TpA8=t4@a^ehV<m2J*$Mb<5
z;;UQwUJIO#TxvJVnn;Up55TSkLt!_d!I^Wp?@dg~vj;8}!?Buay=U*QIXL~DC+vm^
zW3P;~X%c7qKD{uW<?PnScyqozcqF^^7vv{i!qzyC&#NquWr{D!UDVv=tZP=OxGJx?
zT3vN4DIH0C^xNg0ywM}Q5P@!A#%T#h>S*qve|j82?kkN$p98{o^|+Ue5IEBGvp}8l
z=)}CI@;e>8D>K(y?ssA7grAnfKr#$EmE&9f9cPbCg`&zy7+q=f`7B%)zgwN~85w-$
znR9ebGpSD6Wi-bo-egGHwj20G?m+K8bz~1m%y8z!QN5>?BZK$zf2}r5(MR$wq=^g<
zWScNlTs0PoOdgaudmZzJ#=RV;?>Ei65&R{H+^n;jc61`koh>dMHjml?pqtevUi+tN
zQ2g$jmCZcx3x9HSKIKgm{6&|WERUhh&1+ss^F+V9;em-Sgh3qZ#z=f79tA{+X4=%2
z`Z(n9JP3S^Jllu}s2T9_8|*ZFL;-Sn7xwZu32~&DzVnHY`eNDa*woc~ywt3{Z6<5)
zlV|zZlHVS$i^UQ(qh5UCS{*4ZNH{aEr)S@7c~Ehs2do|WyZQyk?ko7y6!3ln!nMac
z>|xgXdF^}s&L(i*(+=O+?A`(@X(#6+u26?lA1QjgCuQ}OdeUlshr-%He=~|VSmWs`
zV#4tgv=;PKBKbL9^WTM<b7Jq|S7mHisEJ?HPL)+&%}36BE)4PGdSWMrKi_vckI?ts
zZ9Zl7@Q4eAkLz+zvY<U)27NZI!mpjY3-^?dU#QZQO+U9B{-&?+h&Ga(Ixy!-3=ECF
zmUWv*4K~kTg40=X^{4kA2tfD~$DMHquW<$5h`2k6XO%V`Oq1Dzi=TqtspdKIEzh-|
zNcTH|IH34}G7pP=rH2ou(#|35{2ZIU`{KF}NF>HhygZ&#Cq<CQ!^j78(y4M}RjCs3
zz0p<ti~vUVarBn!vFP-4Z7WI%w6!{3Ga7{0wWoii`<xTn|4z=^#<lJ9KC!8`FB8I(
zkkrE80q_^k`QE~lQLkR9N>AGaK!iG1Eva{DmEn7TdO98@^@!8ZVIgArjS>|~=hJR^
z)B~@P1>B@rb_qXGyz11p-*p(+3x0b|D~9g_&~gxhiN(Rgr}&^jV|bg(5!LyUSi~4c
zG37M7pC@=v<lgh3L0S?~?0(|#wdM57a$=l6<Pd&Z=A4-@u`l2*)pC+=)aje$*;3@R
z=i8B=*Im&1fnRJ?P{fWlcBLM^7Kn3ic$^{}Rw_#7VBOlo-?XZpxXI2v2MQhpHlK$F
zdEL4l{Y>ckoC9fuXQmbdm&G~AH1s`Dap@joXo9^qN(cytT&*MNQIUwKh8z_t!|6yx
ztS^C{hiA{!lV~TQtaMD7OH6nKrX5#e3vI2*uO2>@&OF7S&RT6e`QGe3yz8I>($Y-w
z8eC=^==@Gy##2HeFETBgDtPLYqWX@E9TvI?2!%+&Xvgeo3!)Cr(}A80{RGmZJ92Lf
zuWV!%Dtl1`tW?Ypxs$R2n3PuwaPd6G2z*;?s+Hy;8AXHLw$I-pSz_ltEm#E0@A>mn
z+G_QknnHfTjjn8;-MuB{!|mwyCrGy3idE0fJV_D(#Hrj;3~NeXV3+%s9maa=J7n=4
zt<hI#7e>CL)4dC|P*V<=4zZ?V@k9tHI)PdVh|2ND2Pi9f;WkXi(cRuYWCkSdC5tff
z6YG9w7GFC)_jB-YQ32?0;_g8_o*oBYf~NOlpMpCW{VF|^z>a2Nz?G#v78i_Y%&r}^
zMyq>l4yr)L;~$sKDu*6Z@<*LA3{G1o0UeDy$be6aQ}07lzS%DF&$+oL!I-Ih@oKWQ
z*oOn3D|W}#0QS1)WP@5y;~_%B)OZM6`nWgLUO0{momD)a)M|1199lK?k*AsWAl~yZ
ze|?!m4}PiIwiinL5e4$^Xa%V3aSG`C(y$IW*_oD^G{E<WZNPBz)Cn_O17YvW^k*q_
z-%t6A?AKel*URMM!G#n2Xd@lE{ZwCUKB0tr=VY3FXOxd7;yf~a_@*n?NFVOr$;RE;
zY}R8<;gXE^$}O>bPFzf^AUv%*$tO@j=4d4|JWdNbTT=IPc&cLpu=rhkMZ0gE)==b)
zC&uqJdS8Gs@1rd4!Iu7dzSiFRG|&70IBz}3hO*E!<pjw!Sv)Oi3s)P@L8|wq0$~iE
z{B=F-Or2&YB>v1IPh^r=S}{M2(G0ut{*fTH_^6v>2S?Or=boz8J)g@4j~ZV}vCzj#
zR!1-A$@_FKk1^N1@7I}8>Nn|1NR;>9X8T5+<GzoKCp^um=>+jSDt1}!0d_hkleV7P
z+?dzw#uFY7P=ZU>sO#Lqet)xgIuO23+^mfuJRylzHl(NAw&hXjz2RG?g;BOQ2FDbE
zhlXR*7CX0(oIPKf$Z6_i%0t0+?+lmwO=Y<9L4$Nb#zlPZsd1|ge_O**pxFWO$mGni
z5OY<%JovQI>vjiQ9%|U5g7z8c?sz{^2w4dt>$nK?F}A12-QzxPu&+Gs#g_jOb}dPI
z^dRg?fC0mj=lzeAa?kdw%IdGmpUm{b7E&9e)9Jo?jqcOh4Yf}$=u-9jpTE%VcgnFI
z{s{5h#NLzlLftFOBd9uHXaXDGryN7|&dYE2ea=00HY(|Av<5Uj$}7-kPU==)_bI=8
z!CxJZoaWn~QI^>m;tImLYk-=5GT*{`O0?52oTj|?C2Rlx1lB%I{px1DXUSOc-tNIU
zJ^`g+Cd>?!QqjJ9+N!n7?DMH=H;);x+mY-APT}lVW=>1m1#MVdp@%|s1P*8dCMQ1G
zcJ5WZNl*kxj0dGofrRg6<H@`**TrlmTH15+{h&HSq+d5RD>}7uP^Fm;ry&~N+Pj4A
zhhO!UE^2tYVdy-v;;E@aEr+#_U9HY@g&xMK@Zm9Qc`#{Aek&gOxl3Z6s~4ZZmpgX#
z>zta$#`LhLpSCZ#U;v`d?NP-`#|b26MYT}Tm*Hujw=3_xu~cwZ{mhYJGLOo3Eb)D%
zMu7OOQ>;J*YJ~bCY8tI8flqPrfcm8`=_9!uK<O~;K3Y>#_JprgBM<t;rzEDHhVTxU
zM-|K4UpX~c$RvaX=WjNqdXJr_Q|g;vzDlQBpWMbhfNh=r+4#r#2Ft#yK7)K;K|;1r
zNM@+eoEzwTR+!I~#~JzQoQ!>XpYb~sdbfK67kEE2UGa2b8^DQu$e=AGU-qcnC-MwB
zwevVG-FQrWz97h31F;n+tKx=VJ-U0YXzBN9U%I7~L@q!2SfN4a0(38kJxqS^<}4Af
zsL5=m$_kS8K|+3N!8#zgS=&JBQ`!5(3?{sFyoPu$WVc;EQr!d0OjoNcmB%>k-gp8W
z@3^?0JxUl~SnkMef9(1_OvmbP6u%Uo{>WN5la)n9-+@zpEt6R#4X>)gXFe*f%#Ez)
zluDBPnu5^ZxyYPIcYCDgo)f4BMc3izQM#ii%Hk|0U%2h|1b>j2%G<Mxw)Vu8Fw$kC
z48Q?17I99!ct8V4%0o(0*H1zm7osk^m(R_4oa5-<a7oRL)XUcoKjM1e``oJkos2-9
z=u$hhjsg6T8%EV4*xrqFf}r4#&*DXUI(E5qy0Od>#1WRB`ZD2ku8X3@gh)!4rt_8Z
zL9rt+b>p}jbf6#92R69pW5RD6^-V6;R94R$Uxdd~CZ3r$3kEJ1K%kJ|RpKQI4lx5@
zzH<enMON)D*gjd=7@@s3_hgjTn6chG;8#&Vk0Ps(!oiI4Rn;4DQBc=Q_CEDZeH+cx
zR=baQTLWnTL+q(YIcGw`rTbPAfQry{Eg77oI?3AEzQnI8CqK>6jbxYH=hj8?JonCV
z;TV{4T^Gr_aD)}%=@y~4l0lpc_*I6^#uVk8;`6l}k)^{ET#1hvCbPZbrLP#JN=43P
zDeTDcBh(;^Dw)%$&_(qwoZnVixQ&Chd@G%o)-O8vBWYm886)S4<bejI&m#P(|7g+e
zudS>ZYQKpEXWW}0Bmgr~acerl-w(9+D;`@#{bP)$u1ga+)i`MjzeR$TyW#J0@%@>*
z_m(^2!AD(`+ZGofo!+yKf{1ee+(ly!zDpwzvH9XP24wdwO9WBYZ`!w{mOsXgb9SIw
zC&*yv+A;Gd3ifWkvd;$$+=gZ@29HmXSi?cIg{)VJOLc_y$YMm(x%O4Vu;{!32hRm*
zM$%JD+mnIOGLNs<)h;Edu9Ip!)lW&C^|-Ab#(Gk0zaa%l9NM#DP;r;hY!5xYafx!i
znSL8^raY*w@Eu0|LcHHe%3!ST*=p@_m2zI8a=B!8Bw!=5K+1F1yy<NF(`>|bpN3Di
zt+ch}1l%*+ooq+^G|2+MF;%yf=(!uw<BGCfj|$Q?nGkIDCtq1I;&fejs*2UDl)+Lh
z5&wH$QR@+~z}J{hzxq7AU(g(Y?-{WKolT;~C8G}h0!5TgkU)#^(j97k@L>HUPIy+4
z&XF&FOcFKRPmDiK$hP|pQQMRFppG&l7pd{wS0&j>j&^#GWUtx2b<3!B<}jtmr}7Nn
zw${%h;6{CZ{^F<P9QMMzty{LGs&s=k_H(R*g<x+7Cf0NrPt~^zzND%rd>zCX^Crc6
zxAbM(<agQLuMTr!)7$|}XhQHONVtf-Kl?LQX5YFuV}^SlW#lTfFw|%-H^_$e1}u)|
zS*Q#2RLeCGgyRTfSbbJ&zX=;WZgam;*9$`@>hUE(s1V-`NTCznclU<0$!1J`esG1@
z{skyKRSukx_YTM0N43<|*n45u4-UN&n&7@)qr_+F7Z%GYXG`n!v5a$2EO1@aVXQ<H
z3KSBC?b?aOp>GxexRQ^1HC?hV&iPTwxG`5aE%2<dqkgFocK`a}Qa-mgK1`^0HiF)Z
zF1A{yRr_G=Lv_VZQRh0h;^R53aMW&(DYN2Hkex@Cb$F|7_ezItmY1H#!_mkJ@5$n*
zui{rf?f8I?+2dyMzSk5QX)OtHq3TQdN-Z_Qd$A|JlILIQ^fEd1zA|>RXO4euRiN?U
z?{o-05Wq$pK26&>msWjUuwmN??=maZBRCgucM(Vg#mMXP9%(k)BE4=o<I!JHe=LF=
z6dxOyZ}1B1N$Sbt=at>_L?HfTdB3xl)yme4J@HFCfpS+5G1XXc3?omcJ*V1(<Djd{
z4P+~JJT?!LrLLlfw#-vOU-DBMPFa4#=3bxefi)OT_>jbvKHdpDXw6rgpvGQl=eb0T
zOWb)$Sn~)4%zwY-QQ8XA3C7!=Mvs<8VG~Z?!s_Ku#M|ye(gi){!&P(;OD>_nyLYo*
zID3~ryDzF#-IMkJ+7b`=;drl%2=3QEcZ5E3-fMeaZJ)roN>LMXS+(BIv2SAhQlYll
zTe!IpaR~9k7DgCTGM?P^jYC^Fps=PE=K>!t_Z=}E>&H<0Ei=82ul&x<bUUqT^qpKu
z01#s!2wb3$nzc%qSJU!dZ>_*@Vp=R}lE>)|0ta@9myAOmTn-(2`tMOZhUQDH&8ZV_
zU1snl42i4qm$u2%29`Y8_k7mGdh}d+!i?^@2%~4yf?8CH-RKyd$DRO(xlEqiHi;-6
z<TVwna``Ng^N4%4iJO-nTvN?k`uXeb;(5|?2NQ2g?;_u)u0S^`V25ZVx6Jy%B*^V_
zoP=m7VaHTWn)-5@A4wvVWpJWpoaSj|{rCl4QoMVpm6pu>X25yUP~|3eb964OjU0Az
zH-B9IW>R1CD?snv-eQ%q_{h3BD1A+sfXaIBAP%k`#~ZwKK3Kl@u&x>8-|;gjLn9~=
z9=r!@nXf9vPG-{iivuES<ELHsOu)gI8&7S^qX8%8)`&fc%u|eFT_N;<07_sL9!Qid
z3*EKz{r)HRv$YJqE(TB7gZCSs*3&27(;+#E6NZdZEwQ5C0T+1-Vi-&{sz*FE@Jf<B
zz7V3$E)S5e){Y%ky65DICB?04aVKyaL=n4xb{GFnYkpX-e9499;HL19ZN=qRwA#83
zn`1rQ@wfum-n^(sd$N@)-ZJcryCrpo0oZHYC^M|?z=Z>c=Nvr7`shf{{p$J?8Cfhx
zrgA3hoGiLaU&NC>)@4uIz-H=-p8rmcmAsNX?@magKO~R7>OOP63_k1o?lR#XBzF-?
zxxEy;LKr|;B~NcGC7(v?dr3FG>Bu6&RYT7w)%={Cp(*8)dI$9*g>kzu6FW{aEbRa(
zOYNh22N}jZGCr*{7a`uhfJ-3c80RS3jhKq|bKg%9)B9OK8q2^VYWF+mac<z`FGaUl
zA(zn?Pc*Gc>oH;jnI`4ft?;>1e(yu2qv~RyrUd~sRqaOi9u;R;uAGp5JRr+>-LOzM
zw3b>IgZ$xwXnm(ITx##lYTPnoyk}IYMmiDDHU+8X-ZQVjQElWpu#mbx-u-=RkW1nG
zSRYOoaLp5b=bKYVMpfg-7~Y0>l}mhXgR8<SLC3!0ML-?|W*Q>Y<W+Ux)w1J^#+R5C
zo{IdUZe54A9p&q9Jh$&8V>2A!qxJ}WUG92Jo9_iMtuMeH0msd^HKY{gFxvTMVQj+G
zcPJKiWcC7vhVl$Ftl<gdk;^T>L+DTUA{>6SC=h$DfE_BzCjb?{(R^*Gzc+s?*dK&^
z&42sE6MZ@4_u-;ffw!Mw2b|Wk$RYRP_dfOgnG)SBxa&w&O5J$K5)P&LQ6@y2JxrPy
z_8Fzl(WmC(Ub#S`pyR_PDLTdtqmJ|x_N8d$O&dFkXnGhfZ`)B~kj^P?i$EG5V^I4X
zx;*d7JvEp@%3c9oxL2&Od1WXsg(<ck(gg(L{A>yM+9p@qym~Fa`ta`WeCMa@9ua<T
z{&Db8sM&`c`P6+>Cpaw<^_JQJhkIlCiCOuqaqO+Y_aJIEIWE~a>mhc!saLA`iFM;u
z?mQh2xdjTl(Jpgcu5a7za2Fwi34$#HPo%cJ>XO3z>g0c&IFD(a#1P`8spECd=E3Sd
zp9g!(-Orf_c%y`$9uQup*{jDy^AZ7F_vS|rV`|}^wDgHOzOd@T!jh}dEmA`p$s*QM
zedqBWhO`^xr;i-x4&~rgP!}aU@AWM|B>Q65{TjxG_t$R$^Q5^5qB31+-a^!4u_tO>
z%G8~UZsetfk$EUq@s_I>0H|ViFC7t#IBI+N=0h32%&s-a9~zt@!6SeS?C)J@pr4K*
zD9-cNbi0!paz=#dIRyU1^p!{A7qiS^&5X1|e1L3~v9|XTolb&0oR3u}@Mke3#gDqb
z9aB<5j7=RAVKfd-52w{HZlg(`R7JmtPjyOhGG#o8VXwH2m=$D%VNfms-o$})&pHYl
zi%-8krBtJGiXguxy|8J(GikmdU%+LtxBHy>oVkdQD4(P|*{{M~DmhMxDx)CBGIhv%
z4um*gkkenj`LT%E#MAkB@a9{ND#@4IdAQb1k{I3vQ^no9bh^6jWZ0G7Qwm2OdROF^
zp$cz_9a`)PsA{{OM-W{H*Rtx!!6=oZz<wyz=hd*ZR2-3qoq59^=k^97H|Euprs6#q
znnAT3^!-JYcL^YkAf%mz%=lj6<@+?MO)o9KVrsDK9-Mv4s^(-x9gUENzFm}bFeJ?k
z-J&l7Q+4=b#q&sC?b)3B=;4k+ekHFiuzkY&bEy4tTviU>c;cEt-nvZv@@#ALYb6&w
zKauZuA~ar+q4&=k3lmV3MN^L7&#M$w1)Evj#x4MLt$uySluwW@DYr+9V=r#c++_Sr
zqJiwYyUfFghaN4WiTF;5kOb|I^}(Ja2An{LB(*106wV&@<^Bsnr0!P~tNx39nu%6l
zjQNud{Mjd>fa3HuTF#U&zrjy_S-{`tR<CFvDg9jA^eG#%cZvFtf=FGxWk3h@k>LzK
zEBe_VfNSKk_V+os&m+5Wjwo3%F76&MMibEzoUa2{kLS1LG?4vjZx`Uhs@3zb@zRNK
zk+*meb3vS0ZfKHO0-}l24K_vs^e27^?P<AiwF=Usnr2)~rf~Z)wO44Jc(m>D;CO#J
z4(Re~%naMRm8gU0+bA>oUes13_AxP`J2X1@)D=iR0qPTn<;zHjp6+{n7@7nuOD9S<
z<zNp=?R_Y0!DQAe@~P$W?vlk+xVZCnKCg!>B-+~ff&!DDv?ADt8TvRTz`T8zl*E~y
zmQQnKyuTlXo1+->nIo+~NvVp6X^&AtuU>rj8M=t-x7&*NVe5l-`@%7`;Lak~BkWs;
z>}!{Cwq`uH^)t)#ao55&u2a~VR$C)Zgcn7+Y<(X5Sf!ZycNcP3)=;i3C?uW0xDq)A
z2wQSYh@W&2;nT(|OIAG`A>e5NhlOZq71!p3+L`FXQv*C>te+E9Kknc82#9VDAU?wG
z&V4oKh$`?ycEoC6ggyyG-@R6uK;Nt<U|eHZ#*)iNj>98znU=7DkHw{DPG-O*?hFm8
zi%SpdK;FB^Z5P{NKT&-9Lg1^f+4oopK8@S!?=2lDH9Hu$FI(O`MnK09Or_f0{2rMH
zA*%ka!0y=BIDdb2uH4@l(uoE=7;jl1&Rj8m1>hkOh+DN>{@fKF3$xF%F%YnHC1|7!
zuy31mxsYj~0he9K^aa@Fu7nd|hm5YEJoN91z9eVQoThVM(Z7Bl!HB1jO260v|Jo|$
z`hCzJTeyz@cPbX#^Qy5NJVz3!Agnrs?7fBcSVbE?2l?@Czj%(B0zGD;;eO%fFhNYD
zoQL!kYE@dL@qQ{?2|??xk4gX*qG%v39QzzN;+%PG_o1*sJPANje1OA*3?8cRUrV!Z
zdA|kBk?o&}Z1OqqMVJuHHRhXVL$BT&Rqy^jMKSaA;RLs$;-N43fXv=II8`Bw4^dr-
z2i=rU3l)>Ul1}>=ka;XT?ymsh;x`*9j>kDMHIt|~Bj3zuK4BQSkBzbpm#f6R<EV21
z>dz440ujXtODpMlRP{=D0H{0y>38YIj3(}9R~8qsMw3{avh<s=&v<&QKf@`AJ8)|J
zAa9cL$ZppW<pcL9*||j)n?vQC{Wr_k9BhU0*uR0p*M3~dcp2Gizmu%bvi&XL4jjQ=
z+e4@of#~6Lh`b^|368&~AzwWnwXM85{kYhmBdX@usYh{nr}!;5v$i;B7T$5QaKC?A
zOzlH{xC#NG>-*$m*MJS70NjmoR9W+sKv(3Q*r&X&slZwC$+IY8aS!9e6t=yGug80C
zqiIoaHCLkXo-1v*KHQm)5WeNNc#A)ifOjFQ{ml?_8pdf}ds;gq)5RW8?Tr382ygLG
zw<8x?O7V;AlaMc|+#EeDpAbCvD^J2tz`q5u{xvH!epY7ASAghaSoaEkEo8U%ag;;%
zv68enV5O(?y<``U_O{Wc8}B#bs7b0Gf4W85f1=;d6OP&=@0Im7R~BB-lQ_2>5}u;c
zM`u9Rz3(03d8Ewgy)C{2Uk8rdbu~P~9C(4%k=JLxKvfDlwKv#zgaU%=f#-pzeJ|ZK
z{Gz+fcW)IwS}%AH$Q@w3X*)OGPYZ3A5|RCXR}1o~L6`gv59mzG=^JAeihKN4XMV&L
zuRz>v(%OBBl%j4XCRzg!`&mXqlc>6IdYQiys(k+=t{V4gwY3GNxTlUWrlxEFTt_|4
zW?09wrXqwb1nAs3YyGvTnu?HLiw-ZIq>&3so%Y~HIfEztt@(U<=0W&rv)M;D-!nZk
zHInB6rBlCWG*vDaIk2QK39yoB5I#@Gko~?_Re$H3@oDvj*4e2w%(yD{IG)!U%!Lsu
zIL4oq<~Jlr=QCC)Y60vi$i*eSpo^uk9NM*mbBU#I?&A*~`q`u3<Z8V_H(OH>@9=z2
zA)POWWcA~muusOqqHArqOrIJ>7K<v8swaUT5xK4r-51BNH7m-fn7Q!YX8ZDEK$86q
z+|xT0*+RtEY3fU{ZpDubmhdZGhmy)0nVZ-J_5@v%o4y{6o!p!Lx&CJj6%o(ZB>cIu
zoGP!n+z)?Jy5vgo6Ez#+p}jSFcpkI8RGE<_5g{jLrIMQpJrqv^2+z~y!a4Wr<e@tD
zp2yzH>Wo8qZ%^tOrSRP;@kTl1)%Ob@fAvWjbRVs+mFt763xUg9m*3(>^LMk5l2sn}
zfL`HPPd>e$Wn|q{`ZCKd$9TPs@Br{@wQ{IP#;x<%Fjd1E@cjlq6Oa2wY-#IOt!mN&
zy?-f(%)M$b!p4YZoZUii9lykId&kYy*L%I@kOij)b_}XuenWLJ<hiQ9PI&L{oNBnV
z1#}o@-SHd7zO+sSI9%W-UEEje@tDeEFr%iGGWisjfj-vTBJXuZB1F7bAP7~Um#WWn
zr<m96rPRCCUuuVb-xZ%Ut*{&Cl&weyZ)UtlN=a{n*tng{FOxKS>I$9zPi{aT<{pVx
z>J>(xQsF*;4*1BE7s+JrW#@j+a(9|}q}A*T*phQ9y1}<Bo5?=P;pFo9u!`czHn8hA
zcUJJgepZ@Wmr|_#>n$KhGDeh^NxqJ_SrAXe*f&s-I)k4D0zH(wXeYjm_!z^tJvBzI
z_uF=t_R>nA%gsP|(u2oUb>}k`d<^y;peq5(t<AP>{W(;-A1zPD#&52ezMu_1U|-j>
zUG@4xDV_j*)L`4B0R6LbGGaU5316PJoS>p{m|2=+^HettbIiwDedZ21pCd9%bcz_6
zZn5_b^II-@US)bWaTyOW`=*|Y;knz9)`(9v0BS7mCvVi?eop3W;GZjE#+WW&-Mc#g
zln*8jBo}A`%tcyk;c?-XM|bUXAbp2$_oSO}vW#cZY`(&1boq3NGv%I3?aYVH^~nhi
z6@41vBQhaHG20qkqdU$;0b2H%hp>M!JWT3y9*}pTare1X!!xXKK5JSyxa$youHADm
zQZunKB5wdXZ$7fLrEHR)k*M+9!K&r)<)%w07DrRWS#aJHl00u0lXa$0T@|l8s7HXs
zt}C_OkWt7y#imx1MZk1E$EWlgd$GqO=PrXsLzD9(dQaf<IchRH5mWWVH7g}vh5Z7^
zYM5(72UCiy>!StmnFptC%(=IQGwRkT$NPP1GmfXuLAb-AG>@OXo!`+($L>wx>k@q8
z#+vvUFkyoatbb)y+~3L8S7&NnG`@qDwR?pOS$oduCH86q7(zR+D&w%QBo*E&4BNw?
zaOl8%=^e0$UmicH^<)qz=)tGdC~<cmn>^bhU-$$0D@FBcbe*u)db=q!N$31!@#a#2
z0dvd*UkKaB-2VFw(COkF&~t0#=wsVqAVzEB?KlwVu~;O*b5Mh$@&WzfzNwuenLTmt
zl8}y6z$-?d2^r{6Y^oe9B*}9e!W0J1IZv?yqwhWj$XTCnY<aZ7yjmg62l*a(j~dRG
zpfVY0@C2JD^>xi9%0~*goyfmzq5F87e2y*glv&pLJPgLtY}Q8={i5<WA|XZYC$T9s
ziixRl8NuG3<<4c>VmO<&M@~t_nJ(~>X7>YZZ;N1e@?|G`3W#p6#y$v~PmI1A(fLSH
zlnjzQR*l&wvKY(5aJ8h)@pz<#^r_Gwn<3q|0x<4!c^(13oRbg{txqNT;qlqMcN&l8
z+L!wzz?fcu3nHG0Zg(HEaKS?~9GpBOP&aNBpF?~c6&_pnZ1m_5cB6q4^hCcR1b9Bm
zR#1P#X;5+45TUJ0Izq~r(Cyu6ImLBwkN$cs0(v2jjM>F=PadRJ6nVe7vwW~*9pIMt
zx$Z^WpDms9;C-yW_cnZkvFcBRMaq5b7&!GQC1PjUlX1H5qT}E9MdkOxp&xf}Fb1%=
zKJk>Z<;q)yu^Be7II>2ALL$d)mCT|1>vfQehKCTgD#ggqLK`pNC*q0TmMBim#aDwL
zxxKB2-R>!~G0nEyU;`i)gmewc)KMx#e8h0-blsNRNH1YHs<_~6ybjiz)NZM=CVcj3
ze4wI|hBQx<kq1KwJaG3S;~YVt>;zE*M1Vy7dH(S`3;RYFq^h4$EK*;(HtNhFL2U=X
z4Tk}U){aLh^Rb&7<zT7;U{X|FVzLjU(wn|W82P49<93}3-;AfULcbz{>qF_VF^->4
z4RU^MrIN1z)$G@&CyNB<0EIW8(0km$oe1atzwhsl#jh-PUhTs)F=n+Un&*NW(I@S{
z&enm8lkh5)e#0t)_cQbEp3ikEI1W*t8_mHpuVyO@?VJ#`r`YETA9@l)ITO2YNT5m)
z?-x5|QuPJV9m$3v)q`%m-#2SDIDKVCrZVv%aVWl*!-o=f>vQ^_j~4Zv!$*sbabw&_
zyMJcc77})XxAoY;)-@X*gT^N<?=&Z)?O-PR-xrx0tB#r;CJ#9aI!{=A9k6`ApshjL
zc>r~r4-aYF$3;hE`LhttfbW}r&si*+uQ`}Ic~nLo2pQ$J-0->3XgSBh4u{vdj-!!!
z__IO!LQ+`=I}C%{^W0YwzMf3Si2yvq#6{^Uu3vhMwg8j1+ktUne+2?;TVD;1&xerL
z&%01A#9YSP0~j|UL(Bm$WkqD3rg~3TjuCx2;w=kHN>-OW7DOpmuiS#bFy?dTiNx#X
z!5}A*U3e<sOOhmPEgdrzp81k^zLC*vou#m1J$?NW(Ol}WujR3H-*adFzLz6>YvYxZ
zJv&sKl=WG`Q2~9<c3XZQbXu@6<0YW3OK4Xgp8<rCui=2^=z*uv2k0?F9JMP#v9yt)
z?vEY}d<QaZ&~@}~L&GJpew11>q-kI`Mj>RNo?bZD**~-U-a>8y_>xQl{DxP_?SltE
z=Rq6G7s%siNKeYUJ?&Hp;A7vcOWo}C729K~t94Gyy%!A(L-1buazSHeL+C2wFBJTp
zo;{D8h1=&2Xla`DA<%Umey^qaNddsK*Jx@Q=UgN8yg8INp9H*LGw65dM)0(Jj+!jZ
zcjT^|wK>OjOuyXndH>l#H+vHBJC*gP4B>jbO@fde3ZO71DJ!XauPz9=9&fKlpZ|Lz
z+^gHRJn!`%OsF9#bYGw;^3T)P2q5p|0UZM>>!njkcxs=fIad$FThVgC)ts&53uwC+
zl%8BKd%!^8woqA>_nfyjEa6B!&Y_h3>MI;-T9!_0Dreg~j8T+OQtDnxul@^)9B}{q
z;RG#q4WMkADWAr_bw0tVj)i=r=2E5JN6X<hCf0dE`g_XJrwPUf-(GVeUkf}OP!(l8
z-@-pzAWu3E&6B7-61@R=>+vXhpiOirko&}a>;fK&*5-oUoFbkh+S~Ss<}24q@MP^L
z^LWJa!JZIB;c5J4yi}?E71PB1vKT|Jk>{-@uq;oDlaJVsT*=LS8hf##?a(({GR-(5
zNKbj;*PefI18QZj&pEGZ$e_>cisF0lbj4U7rrN~O+gB~?YuhTPeXGQMXP4|tO6w;-
zG|Bj!>S{r;M`Cdc4A&AHAK^TyU&8EV^-0)n){A_K{H-k`szOD?r!Fa=e4-hWOz(lC
zrn{V;$vwqoDME9uYqcZuiM3*3GQU^fznz%x<VtlM`>`Zi&}tQV<z2r6DtBF3rFt67
zzgPrlM;iUqikciYgVBe@_&LuN!VNUY2ZNcf(tSRAeBL4kEVt4_-}#9cb>vNy?bf*x
zb)p_#Ue8BZ&uP09dE|jah%N+Ig*DKliMTE6#WI5zm$NQ4+FYB~eya0PvCoZzzHC4i
zbeGLK1a}Mez`HA-v7_tfVw|7f1b^pke_fZEp(0K*@O|p7N9HopA;GquwmS-R-{0Vl
zAU$wSi-V!qP4LWNZ%FoXBWWUguXb13>+R|FD{D*ju+gFJs~{W(3_HhHPiAZ~oc1BB
zI%zt<bNq3I@7tqfpEB9-g}V0i&42y+PMISyO#A8spwCILu+MPc>sN-QHW5COcHVA_
zr<XC$Ffwu%%*3&>P*V#Z_%qwkjIwhI`}=4Dxf73Fq!oQxpX{>MQ~no7oKjNnVPl<3
zYk9BdT*i7r`Vu{gBA?B86PA`wemTr+zAIuFy`loCj5;u8-^5fXRDDSR)C$<_2y*lD
zQ{}Fcl2<bpdU!6e1w(s|wn*H0SF3uAtijl&^PK(qknh}KkNce>2^nfzalz2pqw+Mr
z#b_6RZ{#`UETzM5?S3Pn%Ga*hlM)0S9$(-a$>X>b0Vf_e1gOc4;p0sZuYgv5mDvp0
z8J22E=I|BnZz89M*|xDU@>ph3qTKH&tIl`$>X>)*RqvAJ6LzJT-rqnNXxW830379Q
z2z|~u073U!fFAvDSdF7hW3v4AeG=T6sg8`QlVrkh0hi=yMAEyk$B;sD#s*F0eEKfs
zG1YsdxlcLGdHN(JN5CTwy^{aAvD__74JH%t3Af?3CsLU@50MYt!I=&<{`<r%^5E;s
zIq53!&n*TwE9CNqITmpqA;I#7{!A_Ouv+B;AtyDybsBj##%Sc$WkVu4_?gLdHrK1?
zk$cb|yWYLWvg4|q46g2L_mM#CisF5scCP2cF#1}0k&E}VT(&s1EEmsp>Vy3Gw=}Li
zMWQz#JOW7hoIM0`Ko5=V{rWTYL@nS_R&{tbZ^`x1?!t4ixAHq2|JfV!JE8kLsSrn~
zLSlNu2ED!&+%{e(u5|9hrOQvwljr+`LJ2*MPuZ$gW9VoT3$;8|cqgKtIw&`0|04MF
zpmK%e#T))H!-N#jn!He%mDZP%;*$GW2micW7nlc9g36=35;dTL-qU0MuQ~=4#l%)y
zj7>k_cJIyGE+d-Pzi-bh4?j){{I&BtA06S0@{n<sY^+SdsLg~{964WY9rMo^5}CAc
zgTYezDOXUI`}WOgz31LYGQ3DP>@gqKvjf^R+f4$fLb&K@Eh7xbAw1+4km*1fmcK`5
zXXgti<+~cJk7{y+1P{(3s=XZEv3=mFkEVk4$$sKZEe^mwGEfiY{bD|1zj#Uf)b0E{
zD)pLsdeE6ZLqyq%#FbwB4LU@j+<GrzKPpU^E{mYvSHWG664p_B*D(`o9C#O5J!ZON
ziXIm1ZdM(Sdm<>5<l4PoFs@Vd<?ec%tSjlpWeA;Huv}-34#$Wj@B-KOPU+&+tak2i
zXpz4U>om~{R!>jsbkIC<+YoDJaiSZkdLB$X-3n6*e9_&QK=d-_y&DFa`L)UMoqj;!
z)U3(3jclgVyP)z|KgoRLv-u}oqxV==tm5togRPjrihAH}q33uVxJ#$&!TyuL&h!|k
z=}lP3_C_(@+?5cTSLKwr%a93d*f^!(p}2+IJM~!^?{sG4@xr&f^SDH#R*4`Vptq%8
z(YzAKVis4wng9DuhH_&U>%u6{wZ|Li+|SRWiRnGGmCu^zYdY#Uuuro&9O=8?X_&^r
z$CRiW6xZZSe;EMb&ik$>ZHrwQzwS;rB5A_gN4Kz_+L=9{p-0h%Zr$_whhTn_cVFaQ
z16UoqtRXDd>NNVVT%r3r)B6>A9cItMqlXt!E_)GM;jKotyo7Rt>fBuO$H?s@w`SO5
zO!NhH*vuaf;sfmBDqmLgQTV!_H6Kh|a(a8|Xo5&(UTQherqD=N0|h7q8Rpbk;qaqh
zNFl-W)RUIRLn6wn#4eKZU(b4`5J#!P&M48{%a6Jy8^xwwA$Oc^Nn7cUsIugfR9IK=
zT1$(rh3<GF#>GMJckhg$qIhxgNj!|;FRXmwFmE=U33;o+gNkWuA3a<=?Sy0?d*t{b
zR1eU{%utkhngzzzUfKALwj~I+eeFF_VP_5Uii7>Qqa7FBDqmB|l=#5mMk4N&x1IV{
zCv12rYOgw8=hA-U3j-}!jPFid1-vb{Up>!l9I1IVjr4J-M`20cqFy;>TKulrE(m8o
zDSkZYG0u_;VN{Q6smRG08H77?(D}$hG+H`6_1B)fyUmxX*r@kvYDbLlp~hSEC?Rv^
z)#~d9&s&^IP}r1*?Y93NdEI!NQ3rcA?z_dJc~43Yf-b`J0}7weB3$cxzu1L13b-Rr
zI^;uOu)0${wkz&Qj|eMqMv@+6mP35QSze9Ur->iUa!ez>10(T7>Qk+(AhPF`!LAI$
z6o<_?TsDecwr92<D^B&Q&zk`sii22q&SO^mO}MCi)3zw*9wDtq9e1sJ&*QU5caV(?
zyaG?y<BBIR0qEdrs(+F5dudh-P$1Yq+;BZHE}KP}JyH*72=ZVBZa%KgqW(Clavd0b
zDi~tu>9wtipiX8W0Z}XUFTDNL%%{TEtk38IH9hbEXNAz*`}U(dPs%DMfE_Gj-)n+#
z=JM&7KBoF~fUxB`C*D3WWXQ)s17OgA$)_}TRtXZc+`6NGq2ccoaGkBJSQacK?;L>i
znuR)-{grfY#=6-8@YWermrB2ClhNP!x+HQQ3Mgo>Ya|3X2M)b5bB-}>+!6PJ66Aqv
z3sOe-1+cp%U@^d<@kP57SWdEmw}#|#uOq{C>LM8tQ{_cX0()!czfLjP;b&rdx`!x%
zd|A<w@W}Yy*bqBq8Cxfns#I_BeQcw;KVJ=kqZptLkv1luoiYl1Mj9JMMf+50D_@Ga
z3I#^@O3PdHQ!K!QEk_f>Iiy3{;CyE@;BoiSq|w8|2efYzc~ze<@7zaK%geC<0~=hq
zO?yl&c_&8ab8m18lcDS~s)tJCYGtyIOM*SD!oiJrg72I7ELNJhNnZnkK4}(nfMob2
zKZ$-5>9W&%kEH1NeWaq*0&X!q31{{yn!mmN_OA!utdb*u<63m|f?mM)92;)BM1jIn
zcBAn*vtzYk`%}C7D(l`?{i(|m`pb~Ku+xUyC#Ho-g@hQL__M_L?2@rhBx(W47ma`L
z0J=iRbvv)juIwXlQ=nE)veM!F=H3KT>>P;i^fOcU0w*C1mIUfmd;2}suj7?l2^}DK
zhl4KG=NdVa^PW1mkf-{1$f<|Mk>;^+8n#P}#_5bKk)O{FSAy#hBHqlYrN=OyjFuj&
zs7GzFzagCX%<k;7iso-V{~Eiw!Gl0=QRx7C^5z2U$+BMe?87RRTsUT?n*>LA@H|fL
zTdtf47kL5HuOZ?1J>P`Ky<PY0-fIVj`r&Nn7d3iRZhs?Xps@$-BAed8jFVkyM>rjq
z7sC=fR~`swz$3=+9)g=)LJ<2-S_BWI@>!Hfg%e$I+VSx{S(NcRMRz*{hes>#VR(Y2
z!SouvSE30+WWU_8?00TBpHp(+;6WuW0K)!^Nx(?>%2-480iggQG&pX{6>s^a8zHCW
zL=@qxDIbYEYvm`KDZ!}<A5c&4A>x*4oFc!*%)CSc79tU1!jwXfOIDvReMlW{?EGWw
zN|J87S>%@J1w%x$|0PxETo1pB_j_Q6pMAR{1ep?K9xUx6Mnsal(J{(%23)M`Ua5a7
zq>l7w!ACdm@oqLQKXOXlfR*(nXq@qQXq<{W^2(*fd*;y#IWMhqNh<hxC4e$|W(VCK
zMz?){VgnhoJ|m40?(exCM$0iSnbSxL?GST(Lz<4wev)`TE6FG86DGuN-S|%o#Vfp2
z&%tXwm}9=20jPzath}6k1-~AVdf!(EDD0lklV_k@(IfOe>Y~N@$xH>m7hO5`aVXA(
zs8t?Z)sGs4G5V`oeI>2VoajF2=2Gq4!o!n~b?FY-CV|`&r!>B)$j_Ec-b$T_(R4jo
z4;?;eu~-pF0-t6US-|7YU{H1DC9uc-UC13x&!{{4O$;6>zmCW+h4al|$lL09!gL=S
zw`!e4k@Jm=9E%5$>>S+;h=~419V9;CoDc@&jJk8|%PoCwpL&D>n-r6%t$mLj?DG*q
zeXK<tOVtmU){EfD$->Y0>)153zErookZ=G@0s55<uR{I$1jSnY^sc`jQ9fPlqPI!I
z_=TA{X#%hf?(7^G%FneG<LZd!S~iv#gV4+%$0d<GN3k=jrSg0N?MEN<<k)LD!>Zja
zJH?Ny)RC`!`4Jo9$HMQ!)C6&j5DZ`JJW`4=i^iX~9S?1Hn2=U{p$XIPM|tY_icu@!
z2&!A3a`Am@&#KX;m)-M|k&s<0NpXHF%x+NM7ZD5#3w~8HR`4*t-OG<-xhh_nCQsg`
zw_Q-0?so(&zIoe#9zK+*TmEN8{PPwi{qR89sWgs{*P1hc@5wYKY59CEVB*%mPc{bk
z#z}^Ya*||u&8#2~^+6V&o&#9>h|Ulx7t70od`(W@nx*v<D{~(z5NEh2kdIdY&OM})
zZ&MPZmGwh0kb8Qi_w2EefNF+IH~aA$|M#>>UN%a5$d6HY)cb1dpi_v5e${9%A${%d
z-(d5V2gy1WKHPL}L|(Xsb@upYq~DK@l|;fL-4N^Y&`O%{2mSPB*Nq9og2{yHfB>uS
zNbuk+DF#<d?A|f^+J#pSP(3VzmFXH+VKk;q;B<7JY-*87wp;6$S3L6`Eu35^N>9O0
zyXU3*d5ohJK&#gfr61y+q>D1NK4UjRD-UlU9dayA6lI8d<iqTs52z0wJOU;Uw90WC
zzs`k`S`9m&^WyLhy@zJhVZK86s@WB@2Ki+8>bxo=5Tkq5b}4n4B*R|*tlBa|zU2K7
z$w}+5&m!FXw6o|gJ~q*F>E*dHTfH9eF#W4j8q%%A<g0_t7j^9w^r(lVAy@hnObn7*
z+T!nOOw=DMgpou!9g=c8Xt?g0R8?ABmSb|xJ#qEmmTn*_#h_wwH*HR;;ly_D>5&Q^
zt>L?T1De!?9<MtBGmoHfU15F6Jba>7fH@vwHrw~%v&DKf0>*?|hxB-Ra6yVGXs!e~
zw2IW2+oLdrFDC9?{C<b!{q%PSmU;V*!;2EPSEGR}=`(jIq9YZFcc|c$e&WYG98NVV
zp?4EDt|mg$EwR<E<8vJCyZ^3{ugi0G3pP{hCe&WDeEe{%%ln(8ETpq>;PQ#_lk_%d
zLh7I$dLLo$+4&FvKS030M@8`{z8I-<4jVS;H+0^Ta1IAym-scl$@q<FI2Um1U%l4;
zw>SBN#(1vDqY=H>)PBm-@VpGRrhd?T96k&Gb!wM2;IHKuhmkt=))*~E+Fm&}k0+5X
z*{urfF+!2JV+v9VF9|+g76M`ATd$6rA}F$H%S^z5ZyGGF`9okd>FasV!v~X|9W1Ty
zzf&2cobyla+}Z@^AvIBf2XY#==6G>l$44{`FoF48G|o%&XiJqW%;8%wf?r2NU9F)D
z^34UE?oWw1Zf$Q|sm-X~)$Z+4zM!ux>hwz#h}Zd!-%lJtUqVlB<~rnLiE|4d@JnIN
z5P?h5FGU1)<njHc9&Y=+y|Vu0w9ZqBwMVvO9u<Vc5<N~F4jofY6v-ugCw1q-y}qP|
z-@#MkCLX~JsQu&!4>M|u0Js+`aYySNBw?KIdGV~SPSnMh8Nj<q^2`-_sr*Rskv&yi
z-SdjN9{Sqo2w_u#!QCq|XTgT8j=%4>fnhFQ7tUaZU>%IQ58$k)0?Ks8d)5Tn6`+@V
z)|O(ZKBr1OjGr{@WyxwEma?;ApNYbuxDP5ZIdh|&8hP>TuDayG)|@ie2G|KC3?;P(
zF6d=E^xf(}V9k2cL(s_NFhGrwW~{($%(EAGtM%lN9WQ$@&S(M6<dk8J_B5bkDAt+#
z7Gn6`Mh7Q^<R;3S;m(@o*2{*JW6IX_i3Lz!Mc|P;c&X3B*G{5v7jLX=2D+hwt{#px
z`2=CEmws-MZi0p{c0)xpan1a*AGd)bZM^-73cgy8B`tTRW0kK>pab~juG#P_{@yFS
zvykfL?+rR`fK~0V$K##@3p&mk659Q>An&Mvo734%pL6N<0w*)asU-hcX^$pbqh~SC
zU=_R^Um|Gf=BV}A)8%hKnfUX>jC1}vOZ30p%pY!!L#0%gA6t=L@`}&A8L<XDuA|B~
zU+(_EBhP)Din1@J;Hirs$lw~TU$ZC1xpA?s-lT_!TlGj|FX53~6n8<1n{jDH9vF;X
z5~$&att0f4k96>39SN@asB*x$rD1pp?&?~ldTZxp&%Xc4i=HoVp_nu!8c)`}VcV}<
z9(foG5*p=w_2|YI*rt8KU<nEVH7Le?;3lZYUe<3);qn62rLWd+Zk>ybdA>0acC@qa
zQ^^qb)Tf~~EyAI}o?4@TZM6?A-_TdPALvAwN`CP*Ef6Y`@K`n*^?=tRZmpbRNp7{J
z^YGnmqdoEyH@R3G>UXTa>8^GphXeI_`op#EK_Px$9u)-D_7;d9)xoQunp_wRrpTsB
zWnDa>**=duvu|cT#4^{#68#FLl6@W=1^M2z8wsEUE$|@($lBm<nCL-vJZ#{5;aYJy
zuNGWDmU#Sh8b<wV7a2pXx#p5w4<9n(gZcp8DW8@d`y)-C+6{5-%zgWwY3`!3W8?X>
zJ~n9kWqy<XCUR#z%*lnIg6&+CdJE-lD^&6d3=S+}G=9Z8<KwVEbKHJO=AHoR2ex+c
zev%Xq9$oE>8so_jzMkzz9?aYKJU4ABlI~v7S#w~21v9fs(U0mqNhL1|mW~a*0wr=5
zk+H!fwN#crirX?a$e&&dDc(nh>W(xo`eXBAbUB>!-m|1vIzH2kq2;RNI4C~%k$mYn
zeN$7M9;G~+-E}`N?X;5%U0^`fqc3%HojX9EaohA_psnKLP5zzGUU`YjisNJi*rkS}
z_W{cD3T`LDf@Hph7EL2IS!O#bByRBFuF;7I_pu9ou&D0_oFT*t<76jhrv7B1M4=fG
z{I97L|J(n3SdV{3ToKt)=jhif)z_SBU%6vD2bJm6N=d#Tjk*s2h})XQI-p0ZM8^9K
z>6D6ZU#LtSdKEkKhIY-BbW6+4V1GLzh!xKS`TH>5o1gWon!&8|XM2-Xx%p!7A#9b4
ze98s|lHN8O1PeiS@qga7*xQo4Mnef4azBY`C9AQ=*)@SzzHE1cPPS~3Gp-m^+FS^Y
z+oc_FFMpB-!`)?d`{6Ic4#In?B&-8CgV5~eefZDr9h)GA-vMOW^a*s2Yv<5m_DN$~
zmE0YTR;uhz58v{pCq)JMk*ocg@mXw%o}bzDD{}66^3p@uX#Q}H5#4F-O@fmT|Cj?|
zG|44bnOO#sWa;7U?_QZsEA7%^$`x3g&~v_vgZ1XzS$bf$V;&^h<T1O2FWHxn^+TYt
zop9yen`NNTb-q2^Lu~z6Tf>l`zv6z;Bl2297FxIg%e`3sId5g31&cXghe7o19c$gV
zTwtHA(1zD%BcoTe?ZWcZEbuuwgVE0MxowHKWW)EcPba<dG{f%ao7IC;+h0mfuIsn*
zg8nGKJDnnW;K$CRoK<6*z9xJ-8Isd>?$x;uvtSt4!dcs1f}G#{w@<Okr&MG%Gx^q*
z{I2kv?eZ)8shU(4SmP^6UiR?q?KCOd^I#I$(aE1TDI#4Pq!#V9=F`p#QuBCZ-&mEe
zm3FA!j#ACsi^;@T^qvr%yL5yae0TbR|K)}EP|M)q1WJE@TU5BbbsndV*^sNBULRy5
z#5oU@pPO)2gj#wZ+&VOxQ{Pn{ACK4vKDl~2P>#HO_%%(~PbK?nlNY!Z&Mb1T`r}a3
zc2u)i=*CNnP#0q(U-@HX9pEE14qTn`joeNqyk|4<=WWa1j_D>-Kv<!!1GqcZjQ76m
zBz59i1owFq0F8g6t8x;Q?TF#mC<SQQm*iD>Z-vaDRmjUWdSaLQRVIg|s}y{oGb!Q=
z!CT#&k)-fqAW9Z@_)!9UjP-H3FDP&hgAs3I$g80@NapHkYbcs7ndAM>S>}t{*e`Eg
z(o0jV_T{$~JN(iRZ>Yv>?ISZMxKk{(A5YFc#G@b=>7K%CI=MGYP8aJpAm#d2GJ1Y@
zf}bH5(b+>JwPOpGVYKX!^T4)P-y$L18SInqmwqaeB}4n@GrHe$KN0sZ<Xtv7FVU(R
zWp&awA#-~B#c@x1cV7Y#zCp@jHZp|D1}k9p-m`;!y9uPy$wrb{z0n>J7Qt7c*5~-!
zuP^hQjCu^v$7f7{%CFIRSfQl%n^2+e*6ks*x1+m1595qTF?dCglb{Qsm&e{dr>p3r
zKJln5iD`H|RCeU@J$+uXG7D_pO$(9`r&n0f(9mV@;dwrVB=}x;q8@GEZdbpDmwQDQ
zbcJs@4otTC=X#VNdvH<$W&QntZ-CFOdM%1^tFHJ}@~`W8y=&_rWC>xDPdp5$--T53
zC#rnP0k$r$<99sZ)^>Sby1tB$u+&NDO6iB?UnXH&IH&C3rw-V4Gtzp>7=3Tte7G-1
z;O>F1rO>XQj?IpAj+%!9NnY8OxDG@?He6=XW*SP2#A!3(a4qiS!>osiI<eb`HIJZi
zm={Dy78D_>$+4Gb>AJ;9e4PD+cChu`q8HS!4g%I3@H)z$Ggr^iaRuuOPTO($(%WTk
z@q~6)mf_B0$?a23>wd4U#7SRNdBO0q)7OItdlOf*k5!}qk!Nt*akjdrc4$dcSFH#Q
zT$Jz?!ME}L^XH?#bK{@)E*dH~KXvtGI&F5fV=3%AH~;}MlI&yje&kivnRIqiBYt~b
zl=h}1Awv%jnl_>{CLMVAGER*bHB*MIKJ;q<_ev$1*M?6(n}l6RGmO;y>6d-}N5;}y
zR%gm5qu{fX5w(4kx*B6X5oiKY`C6?0>D!r$)vSktKUc-|SA#!I!{do%_;9!eRDa<>
z12+s1^2#95Hw+!5T`rlBe(LN+Gc2tm7aURCn;)(Ql<^Psy}Tw033ecDorrrw@52xA
z>aZzT6@GW5*ED!BRcSsc(?LC!ee%>2eBy~4Fu4IJr$uJbfU!9s1Uj{kymU<#SMrr^
zGgcQ00yv%LoC{K@1-!>t@4TqON{7=}m(x4P3Ec_nmC7+X`rSXYljwVyT=^NExTB*H
zi^R(|XO#qAG3m>TSeOfR$ztK>H-F2g?Hk#@r(!)-AVs-w$~EuCd;{Y6O$2tCqT>vc
z1LggE;Zq$msT&X<=%YH^0w#tY)X)&0I0f&()UD(uU(*|)NuQqyjbUBz_cYy_OM>Qb
z!R&JGEk1-_LQ&@Xs2x~4oH)TeD$PZhWA_sR5{=zH*KgxoKeTOB1vhk+UCcc3KDr=B
z?%p`e+PA&r7%tx%Y(v1rru3;Q%eO-wlPQHOz#_+I-{zT^j=A9`Ao8|R&0A=ix-o8e
zN=EX|sVfnnpVA$_^vccglFA4@bXraCpAiO}JTf^Mx2d>I@;y7QIt915-A<jL2cd5H
zgC#=vz=>bdZ<gmwB+qyuaL!1!z13GhD@;6x+`pcI9fG7Gg!`qhyvEIYWz5es-=te;
zym%_WPQxj50%^z%OTp^ZJ5hE$KI6q&B<FFG&(~i0R0X35!?8A~KhGNfc4Y_d*q}?L
zrUxR`{E#H%Zoq!>@UPwiG5dxj@HErdWB+Em>Oh@Rj<;(bM{+BW+?MI0ef$6gi{j{g
z)zLUEMo7isj*Q$I?r1i3BLJ3gMZTM8)?^gJC>=)x&CUflf-;Ar&(2-g;bJO0ndqKw
z&i_`!#_O3S-{mraKcKt3an9uWQa`2&!~rvS?&2|=y62%G_a?Sf7UfrhDNZ)-H};CB
z(UMCLawZ|D!-I0-I~P7D7)-T})*fdm1YC=zVa^vfDINm?r7x*Cr@pP(dX6^-8bjj|
z&>48O=Iuik5#NFP9p{$<N?LAQSXZaxOmpOs)VS~#Hx4j6QL|vQFrUb|R*V9c+lY_b
z=G1bQ&u6L?hi$#&v8ZwjzjmZoYweEX<5x;u87G>_kpOP=dPm%AWt!*O8o_*BX3Cy{
zUhy!V)n&$Sk|^xnqe6I{Ofw&##scc#F_vS+iX1k2-MY*YUOmd8DL<3gc=Qt_rtC%E
zIG@>j58oID4`}x=hH%v1y$HL9W}Z3L{S63VEPyTs*Wu3{p_xn~eP8fS1LXBE{LWZp
zEn@NkuX9hbmk{5KmoxOCH<QOhDCjatqJfdJkC&;!E0RTp0*{&rY`|%4gsYzj$i1i>
z*J<>A-5#)K^P0`|2YdAr18Yz9r=N+~`{^Wn3ZweIX0o!~tI2~WqZ2PZDv!QvEoq~l
z0P>5?y9|uBU3Jgix4j`=PIG74$KKI2&fAQ*2-?%{!~H_bg{yK@MZRfxhEa_BX_;8q
zSbmpEyUHl<)1~>+gX8=Wn8(mrU3KLp4S1MUCLb!5I2zHA?|(^sd4Mwx)PvLq^z)cF
z3tJTX5|m8yD^({TjYqRipr;hSG9iEE$G?5tmvQ{c#(;f2$Jj*q_Wfu_-d5Y3Qm)%C
zHa6dSOxi)0_aO9Qql%u}^e`>KcO7;%#m6jO!MNguyM=FaD1D4c4xbo+6n5d-2eVQi
zVL+ThQg}ZrOTKDlZ%rxAJVxRGeRm#T4VvJyg!KjV5kxr*^3U7q2Vg!O86CJwee~0E
zLZt>lJk#C<-!K_+KD@{=f*DW-2LyGl&mPEluLr$wFEa>h-YfX&iGJ!m6Qef%4KuYJ
zY~Z8Axeoe*+$l#eaQ(qVVvbe?RkFN7cdc4wq1i|=A8w!{b?d}=!GEZdzCpYjpQV%d
z<@Yw;5{^!I;j;UH*Tf;^tK)T!O<c}N=H6mQy&4p6>EV8DxZFZtdj}SoTy)iJE&#gi
z(7+l@WZpYcZ3eJ(aS3(N4)jS;r12<jR0ulw9t{l{c%Lg700Zzz*(t=HdJp3QfM+_d
z`iW)e&}96iWjsE?=y^4OkXlf0!eEiWxsiFULx|Rj!5A3C;}d%Ov~g72sxWM;AC-CQ
zNPbO@oU3_5^~B@Zoj7;?E1;JnXlCgy`P(KOO5&eT*;y3?1Db~L(=O*#+C%=e=_ixj
zbDY)Q>U?K}VqErMyZ4om)xo?CYUW{fy%7ix4Kdw^;`+WcJtqaM*t*LE#ex-DgPHAx
zSouvZ5<`{ST(7d>TbEB{;*jiueg=W>`&@wJpNG}s3-W0~&;oYwkqAZ4uxOxc@b_rg
zH4SRD0ex0Ld!sUqZ%F{^TLF-qdk1I<tn=EL^Xd-}bwuk;S!+G^KEV7i9Xki)o7yMi
z&o`vP{houq53|R{!ux3Qfg`uZZ3|iQrquoEnnhO8=qK<aW;gE3xV&}H5$)ly&o~){
zA3&uze`UzOo!^gsp8k`E{Xx15*YA8&D)-KcV({U%v93NCI_a*TO?AKhX%s<6qbMN&
zD3JDo57Z}0uo7sLbG_Ej#q(%<HU^M#uOaO@7Z*yIhVS>zkBj3z8U%<In&2l{XJlq{
zn5EdFeMXyNE%c!QH|vb(<vk(rPZU{xpuVP;c(}*ucL2FQ*jd5((gQ-m&6Cmtg038>
zeNX!XMS#!`9upEEkbXl2yGV8>wYPj8MZcdJ#isgd>NrE0SRNU@>u@Br<8V+^Q_C?<
zFw_9L-up6kMw2Sv$`A|dOUX=AkA4|a4?^9hK|Fbh>{ukcokznC;{oDP@-<n1&6<lX
zo3x`k1brW4l)e`>oH?0I)<hijQ7Hil#nadO=$gS1JG0Z!9*^_a`SdZB&vzbh?A*2P
z^|S8Xcpm^OvB%INJ+!giTSO_b56#KGyH-H;DBwfP5hZgpL@4C$qIDgoRtgrpO&*<w
zYy&AoKMggv_H582Vq>=j^VPAoV^_fiT$1q<eMyGGzQrYmx$RfKW)RAR#=8xPS@XbG
z?D1A*q;FEhz7BnvRk&%XKt*%uerol24_=KpLO|)@FQr${tz7iHUg@JbLCz4fUvF*N
zqeJC<XFvP#ywU=^5AP98H`c8dcu10#nMhyS7{a1^C+6hilJ7@Sf9G*3pTiX%<CVRG
z3a1Mg>*n?aUy&dVYiXwK{rZ;RHaNBD9JpM)ejUzZZ+YPHs4bOzG*WK$S?$h8qJeHu
znqWU5j;Fnj&^=3^fm)znykCS<?a_~XA|bl4^AX$9y%%iggw2dUzTl_J5YA)aQfHU(
zYqzkoMr^~TB(+LvpE{83Ip<ZC@Mu4Kv#ad5+o0lpA}19nnCp1|M3H}c#mlL$lj$A_
z@!xT%n>)zDej|b1Osvi?L}ep9gR8Mp%4S_!u*<Qi1eWFMov{pdJC|?Y1W+nnjYrK*
z&o|-YH0NM5BLvddMSULwQ+`aYk*{!#JVv-WP;jCt`}E6}64ghKK@mO{az&1M%;zV3
z?BYaC)4$Im^W}fcmiG)J<>I*&&5yK63yYq5;B7*EMAlnp*<ilTozZCpryK0>i6>7n
z^kh-QOe&ej%M2ut1GNR$)$}_DKX+QLx_&CWxT%l&g=H&(X<CMU=UgJ6AkV()Dol#k
zq`o`e#J;0Ql7wj>bKq@RIo{VNc!{GLA2+zPX#NQl#^cl*-j-aG155`$$?NNQY;l?L
zEWRW>HN2&VA=VbU!jIixIwb{MLNC=9p$+sy57v!#W<vHcFJRiZ3H)hK*h>Lj-F3;m
zM%Np!^sPrA?ka8{QUW9AIzZkI$cYEuXMd9ICq<}2FAz$;2)ccePL+7&eTi`-HB&77
zk(#etU2kI9o;%iO#=Z((5@a<6Uw=1|s_eWnb<9kR21)lJv%M}8z67BcG4ea6T%Y^)
zdh&g%koH-K)Hd?bq{poe-0{R}qE8r*3}5E4r6F(?;k3+S6__lMrzC21<(w_Rll`(t
zlsfdyt&j;j9EYhpd&Ma>I(2KWxqfzx=I_m4LWS&zHQX?LYoh+1NjLTjW5P!ih`m8e
z9<Cj-ChV&6^5ZP>0Ff`!;Y0Mz(<5F79v+(nuI@{EWQ=XDKqU$7WwdY#m{0Zhyb77D
z?JntF;rB5M9yhi7GHM@wWo|xa;rS*?_9)@q$E}XjxqQ;pcplf>E<R!Hoze&{n_^Tg
zxnYqGuuAl}8r4zx92P+qIYYn8;!d?A`)8K?^QLAkAdxAr*d?FdG&!%%wTZ~^!7|Z6
z@Z662j+KcYL$zzWQZlJNM<2uoATbc;OFtnU95;W+?tBRj`UH*S-N)ru6kNGVpk2lF
z(skD}$#`|XxT^<vIL|CU7HHPz!I#+1GW5^S{|6x^W#N@qd01i;?0=Y=!3GHADgwJh
zjm2I>*Xl5RclBPLc^TaFj<WEbM}0Ewp7GqZNEIPHeR1rXoikR|*XFW%!ee1}D|Q$9
zuE%}FKos~q2F|pPA`<lbOVj;^a*eYrW_sLJdv%r`f!&Ht3J==dG3-Y<Fw_+)&0;^f
z836P1p2TvZUOFiw9x0iCIrfO$CLq<$=bQ<6S@>lE{cgmIt~e{zCDBp_OWOP_C@z!S
z&t*I9Q@KWrb4ljn6sgIO(viTc9ON;%8vOM-dOPdz`ic#xSKH<5+ThGR7MM8j{`d&Z
zxfFW3t6@M~ecL4bl-aeLn<v3(nLg=5r3uDlrxP!lcL&eqXn$3C7l7&l7SzST{k#$V
z0`-Q;QBvYD>9sm?U4#xsai6ZEHPJOHNAjgOR`LhkapA#AjImICgwrO(^Pu29wolBE
z5LOS{$EE1LUkjK4ob%oShCcxT4yOAVPba8e#ZOc!$MsdzPnp^766PFW^LeaIFUs<E
z3>)jRhCOIM$TD$J<ix=X575-Aii_qPsSe)5n>+EDh!#;}-*D8=7Zs)7T6}UAob!2z
zKEyqTjh2-&ge4_5Z}s;1=64RyH$m4^$uM#U@FKGA8UufpePB8(sCRZY-=pdk>UxZo
zpy(Vbp9e2rL?Q=99Q|yUn@;$*2_CkH{(S##rNnoGmObr67xm?M6FuV!C-c#q;Tigh
zf*eXe_b{xC7X6hc|MsKThbkiOONQ<w_rtGt4x|en5IBTYwJrD4Ja50I$;VEO-UqM+
zK`LDHF+i`1oZDzS|4F!IUu3wjOH5JaZHTXCbQYN>ZHzHjL=SVs*-61t%2PVXc>3GE
z)2wszJca@z+PHZp^A_uB(S`h)K7trSA1x{Q_slhUvwg;RH@+)4-2sTG-A{VDPgdRU
zf}f5M?%a*;W~5jdJIH+Ac0V%*K^SJ)u`bg6G(@1z#T$G~_k1Twc9`>M7L4!J=6WRj
zb6?|E*jXdca2jYO@73yykDzl0ci<os&Wq3}SmO$+$J0o;@Op_0ExcUY0L%iqIl5>=
zUHocU+C?)?H>b$Ed#LB@cE-Zm(NL|u>at#@H<(2ODoP$Ey|7t$zKoQpw5O*h^Rf6Z
z>!%1ZCZh13cwglV)z!@P$AhkA9b$l&?@xRe`m2c<NA!I>OC6+|W~XGd5`P>Y#umlO
zQ;o*1z^f)hP;4|3y5I3!`N8R?evBL+^!wS3lf5^*(h1^l<$(fQor5j1U-LhpL9h!B
zP_Y1@1C&;0Hf&VCuOkwOz@HUITd6!;i0vfs*w}ql`vQ+I)aL`{Ykb{91fBNr)rNDS
zfpG4l>gVOoF}t@QKM59BYIMF1w&1Ec7}5@Km>iZHPSNAgda$*uVZn~(w))gwLY$;?
z9%?&~Hf}kJ;O&LQN^&DiTm`RTupTi+*s_TT);SfajUoewb*YN!T9?pevA3#3z<JKe
zsU_<W!w|EGb(Rpg&9c6gb&6;xE?uapGWgv4AL=)T<4C6v3JV31h<>VFZ=cD@v$q9+
zvc;)-Ug<rZ&H32@-F%3RE^YGhCTpX(QX}Nck4Fseq>h$d5D)UHAc$Blo<A~W{Ow?W
zXY=Y24(qdi?R*`1detu#mJ{3u7kK4;=G)rUUpv%cnZeKeDQ_Ig>1GumRxul=hjM15
zKHbVVp?SBNml-;?&z=~gd#`cYq-)PBHaU~F-UO25p#~a5#?**z*q?}t-hz|mi5l$Q
zTKqW@&>^=q-PO^nIsaDdc^o46zOP$MLFP^s=T4$Qi)GFG=CCOz<DvZ8zC=A-rYn5#
zuzFEZjXAXSXUxPc$K`l3$U%HSR8Q#gT*z}5gewPZ{B5+k8qq}>muqkZ{Q++rJ0Yqz
zvEPhYe6}=w>r51t1I4lOv)yN4*j;WM%*)(q^|{Sd<!!5xpnSzx;})JKLSx5lXAh5_
z*l~IYa^TcU^&Fd;+-CCWx6!a56cB@1rknwWt;2U-4WrYKh^Qf$0N%;N!&U{cp2u&&
z%J%uB_hnAAtqfN&x}C-uf|DoM_HsWmsYqs#FVDmR&evQ1-6En;<(eMf<9?Nk`yrPi
zEfwt=Ubw(V)Q0Ey0S;PWP~1!7+hfM%zzQ3(C-p&7OtpFioLL*ENh(6TY(U6z`pyHr
zRIqT=jfcB{EbeGIXH8^yF3yP7iJN3^Ph$WL;<^KY-g9sDO_e=ns4z$5HqMK@F}aco
zi6?Fd6kwj5og^N5#qI@{sSe|AZra&W)kCMeUxI&+Z%$hw3%@K)d_C@|IJ%`bpdIe`
zYzy976R+S}CE)HI&dZSrD=Y@f+?x_~9`Qyzi1Tt4`{WHZQ{@M3wb_t>_-!5Wndwpq
zQiFi*8PEGTuvsAEtHS}W3f~$)ubJc;mPoJbJgn~zKZ~Kca6Sth19;T0&OT0oo%Bc-
z882|0^NqVkY>xHI%8UjWv3Ob{+oBckzRy=tT;ZwSzs@M*Z_j%lb(G)bbhNq2aU-e`
zg*xJ7P@#=Cg|Ba1jl5Io9W3shhsAhS0OQqbw7qcQz~_+g^G3A?(E8gvutL{!V-6-R
zKKSX!KS5OKuOna<;I3di#t96JpFjDhX7e(x$y$(8Pn4;^OGw?&si1k$ew`y97w=cy
z-2TnMk1xN9@sM=6&k|lsf<*Y*Hdt16M#C(>g9UT@L|0;`-_A+NK-7e*`yi=y%N?0T
zaOwwf@v%Ll1s5VU)pl1Kily^d&_i|id`5U$ELg(`S6?F60ymF6$42DHUhCWUe68(~
z)O*h@K9cJeE`x)R9WDM4OX|Mu3l|L!yFBt{GcwM0??Hd{@&VzzgFX?5cj0sm2EoPX
zK5^Eix=X2VOI%4Y+Qvl6S3JdEX$!cMmmwGUyuBCx^HM~?Mq^uh5XEAt<`D9ld<u`p
zK8t{UG*up<|EzA0+H7>Cz+0Sb`VOQ9uHorJr%x!>1KEbQWNOi2pG!mf3<BQTrV_3f
zTmIPm6tN8PhhkyPc<$5<ug^ZI2kX5qV*CYb`^+gNzi5gOp`v?k#VtlHcf&_OUlO=+
zQZa%tjR!7R9=<5m#HQ?gMUoKC4(1CJU(_QVo9^gcifuw9(6^xwWIXuQ@z1zIgdZj(
zKLlS}H#dJiWQ2D!qT|>nd2(6^rD|x4^w{GXq_g&b#Jy*}#u~nua84i%=i@uUDMQdQ
zp4~4y%O2FnN6K%Tj|Xx``*%@xmJV+T?tugfNS(V~BSsJq01y7+Tj>=k2h?%XK6*6j
zJlK26#^>7A&s98vE<6ldxcTC_9OIsx$0|(nDqy7OoV08`_b5B;Bk-)uvBbibpPhG{
zJ&80@JeS4aTV&qP65CYaL?I36{OySl|Bp+)Y9UMxOqomJ!$o4e6rbA;Svd`Df)Hgy
zolop)QM#kfGEb+{_TdIRRj|}|4of@ZOIQRA*18^@RpRf-y!`Bs*PjTYw{E)ukF|k5
zf(8^f4~~sK%;B1<5`o3u%N4W!H5o-7WB8l{9v9D-Mxi*OaPNCsjg+(XPghkeJ$Z6P
z9pd2yAo0gM((TrF)xm<)x8^D@f8DAK+uOyIp8X2)i>a1#e3Ci0!1xQ{Tk#_DE1t(6
z8qiIC04=yq_;Mg(qLZQ#`ogW_1q`Q-&V8vCroRJz1t7x#aN-r>cDY55lkAoi<$X+y
zq-uMiM_(yzoZP@T43DwF)M+ZHl4~QRN*Gc3{`DdCJ##=vyzVX?Dw8vzybrX#y`34w
z7+WPeve|Hy<_OwGFM#nU>-UN`qbYNNSjo~HQc0lqEarB#^kQ7VLciWSg-wCmcHpM9
zuw22p2Ik48?-%$>I1elL-j}h3{KiG+!L6-p`iZfn>J1z)R8v=qO<8+|F=e%8nSzhu
zL#`-%k<X3mc<KC{SjcMI`A|OSD+VyPE_Dr9=2@Zw{rW+P&es$$sCqD~4Equ0PEy$G
zW2_QNURN0um`DkNbmwgK=k_uCRwXjo_v=Vx@lP(}7-)suYK2~hv3Mj4Pa)rA{rvw#
zCcZ!W4y)&EvT~f>Qhy&po!Qk}uK;zf-cI(m`7}r(5gck+<?)wuVvUDx)l0RWb-1h@
zF^8^_(%AO<wnG!&-2pbvat!4o?JhG8e##DKz8(8kf2^>>na2E9?ze~E`lpIY^XIiB
zAm7iTJ1vZt_B1c6)dd4#{MxPXTJ5K07KbebeAa3fuc%I*ug?x*XO<XVRirS7^Uy7`
z0A~z8>Znjnxqs%%Kks&E9`OxcbzPaZwRL|0IY&-ffala>PZT3}>VdYwh6mf7HwiGI
z?ps-kd-`O-*nZ6<`3Yc5?8R5+d5A%Fj_y`>TWQfyO10>B_GZ-ZXq<xjs{#iFB(3Sn
z%Gbim(ytKuI15BEfo7tienQ21`bHozHq{j}5<Rji`cJis0WQ1Z_eI`aWs}<A7lb4a
z5c0KY_4}~4oD@59>(}3*POv+{pC1VL-Z^vgfQn==W4#byITv1J!w%cVJrQ9KcPdI=
z8as^4liE?s=#OXB`EJHE4u0(_@2UG@viUhdq~EB;QNmi9iW4N*KEa|l2$X~qtG~%U
z^v@9ers37|U0Qga`yP6@LsO}}y<RX}Sqas~H17By-fl3Pgb%hp2w-H<)M^TGr@r2v
zdi81{MqV&FPM$!x*Bc*SI=tyXD<4}8n7iIbO*1&p!Q3h@!87@FLY|eJ^zb@7RihWr
z+*+GiPaA%q6@cA9B;s;}>3gF7wI1WAZjY(}66daLNDNh#6blFAgDP1?0g~s%E+Xfv
zvGZ6=8)=?def1)?Uql>XfW)e=WXj8ANC?-v^=b{s#ej4YwFmy^)rXg<VE0vf3{>(A
ze5oco4(Q3;3#=#StU~Ob5feL#Bn?f>zp3`i=lWxvw=zfkx)Qj-Ju%ydI#gfiB98ZQ
zO7c1stJsW3Tw!F}Fonqv{2yW0k|WEGLbn7MFbw(be@Rb{dc&0Nq}AQJRh1dW=My#u
z?=ig4-{=epd%N@uY=bVr!m0W0iGAZj9rd1S8x`m09c4yC<l$vLB}_CI4oWgyz+|th
z8Gx><7EU4$zLd_$!KbgDKf8Mf89ciU?Nr2Wp_O(&RXiDd7j8<PX5b=%bDrn^g5pTq
zyti#7gZ2U_tH6ytwR$@JdHB81U5O+lzGU<j{xYVXMh3C^)wk%sC-HYAzAci#w-cBk
z9(IZrQ~SXyqGUo$#_p?6?xrDrkQa{ts&}7><TLUdB_iZ!ShH@b*$p`s&0HX`I81sl
zi>EAnDS$8PY5Oj`yZOu$&hL>IE-EH`!@^HuJ=<v82T+jr3)Dq<x?rBxs(bC^+W^)F
zTBTkogteL%{c}>Gu?%$It%+|?ophE~!)dXieEQ3<#^9;nh6gzL^l#`?m)B$k-W&OV
z{GPIjzG>wv7h4+}c^=iQ?!JQmOXnSx!+gf`S+s89Z?X#EfHP;}S{|;nT6CZGq$ehw
zpWRB`jQ0tlp^S^l`D^mRY@aDrVuBfdu31VJ?J0VvC{oWukcAFM1Pc3$ni(<Rr~h>I
zmRva(6=$Eu8kRY{kw)h+<808OSIO7mX)GK5rjEqk4hfp)f@xjDGz7F4=i(hb-)Q|X
z$%;eIpgkq@|1g8M7g*8#K9D(iFvm^up5aO8+@pQm=~RaMv#8KLDHK&e;kRN;%^pP`
z<rX~`FVrE!`#@%`iDW3z$vo(BOSpW|mb#rCH^1mRHn5~6{D#;LEq=o+9aMOrb=dSU
zuyX1KTe+-zFoKRtXq;;-mZo3-eO-XQUp|TYE$}dIn&R)pfha5l@|_xG0ELSuOa*nS
zl<Bw*YUm+2RfG5?F?V!6jml_;Z5-!7m&$yrKVPVMdQFM2HRtRZl+bGSbBmpl_Tl;I
zK2ftoJa4N9-AjrOVbP2p_}ydQBoXywZ^1^fgXFO>!|O;^B8CSA%_V?!xaE6Qjp~xn
ze6v*U?7c2uc=`9Pqk)b0u$C8lSkIu{dFGrfwB>G{?<JH2Q=Ur#-9TAx|G(mp+Y$#=
zxg7cxt}rE;tBipVu?nuM9mT&F?@;tzZ#@3<yyy4qex`8`T7#H@0YJJQ#E17D9Kb#t
z%!y$LcuAeGKpg789weBw1LAu~#+*Z<T%IVoSVM%*csnW+kBK+kzUF+s>DHGRa;=WU
zcaLnU4pFj25J-}rr#nqdg(9P}#q4Q}$~tBZ?q5dO+mzG7id-c5xIKivtCt^ZE#B_E
z|2+9w42HyKQ;MM2XK)YB(X_|iUN)}KfgxF@db#8h6zt<r1NSGGFE#jvq%9nYoRNKS
zN?+2v3k#m1FA64{;yJsgrzK%9h)&$<w;|E`Ox?1t^@lKtV|s!EYytD@t`{40x$qvQ
zs6HoVb|T4_o7c2Ex3T>$0vg@>#XRR1ONHP3bxO}mBC7X_<LG3Z9hSAL4qxL4E6@;8
z-TPR*3S7SC&ZL81kW4;idhC&xai1Uulj{5VJ3v)BxpbVqCcW=<K!3O4E$`y>d&2h1
zchkP-?Lq00l4K1fkU`nM7MM?Os<_E??r@p*vGZlmmisV25faaq+xaf<m!RtrVrYGy
zDhj;vwCF_;rYBKVdGe-a9lgaym83?AaX36ckT1-fjx~6T)w3}$&p|(d^pq#zUICUy
z@>@R3X_v<VxH;E!`(8++ZxA2ucWu&)P$CwfJ4)_)p7dJy4sr~Ko(x~ybFRHdQU2w%
zLF@rM;^Wo_CmIfSC7i>#EPZM!2Et`{VWAZgzAAjO7N)Rx0{ixpC0|>bdg^xrHjmL0
zyCgyAb$6^9`&#l<g@e!j2QZ`gg~^k$&sJL-Pd1<X>h^S!9;#GSJ=keft5(GUCz!9=
zmyls0n+m!)Jr;FT(;Ey=rWoJ_xA1%)GS*8Dp6_b(mV7Vx!hF7=)u-MwOt|0R^NhX&
z7Tjt*hZQLiH9+j%gUh{!e?g55`BQ2Bp7wvrlb;!WJOA<X9HX<Ao&0v#!Mw~hG>L!H
zn!2=ipHjHXzG+WvK-I}!8wi>pk3J#NgO5T8J$kxR9?i=cYGm{A)O}nrRHsjH3b(?X
z;QMvy+;4`3x_s55?*}e@^Sol8OJ6_BidQEWn2WD5>wRp__en2EhOz*&G8DsqCkuHX
z5^L+hxaE6}BNECUB||t6!7e`H-<h#0P_*jMci<acU%0X=ZKlit5!t&0Y)@_GMSM!p
zj=7L@VeSf0;Z@E3IygzytoFb}paz`=$Y!uXyrQ`<-gQVH9QVTo<wFn3VQ)SQ<#27f
z%2z4hqXu%7%cKmqb|eLP@G`=lBUlVL^VI&^0Ybuz{Yi?d6u(;dp6~&We9%>rDF63S
z3Tmcp$&)rdxh->Q>*jU2SohJVKhu681{_%U>b-fO`fb;5`umAd`KH|M*(drkpbfP4
zysC-HegBC)dm`+r4m)8o_1^S3(L(N*@6!(6@0;oq=F$~>L+_cVh=sch;NW%yJOJeU
z`o4NEB`}zO$TZ#Rh<&8b09+%RyzDv6gZgBW_c^9dt)P!KXS@aYjwp0bVwwPD7m0CJ
z_QmJNua=hOQj45E_JyfEr3}<KN?LqVX29gYE>XBW`HbI2cxrmp53Y_POPvvtmG^^B
zaBlUpbI)g}8J8L+W?yR#MuFpeJnLEOQmHzUEi`wiVF$`AshrB;JU@Bmfz;cYts!yf
z)TgXON^vZ+5b?zA_rM_GAP`jF5;&~ySIz7wJ^_Lp`TlI@&1cFFUTWDx*`znQ?~SW(
z(Ne$w#8z|!YkcpS+gHjtScAv$=E@bL+vnbUmewaF<QZa!iFWIK*7eRb;n#6bNw-&K
z2+c(CUdc8k2YOY89$r7sfb{1X&|5CyytfiXR_b2A7|OlRqaH5OI2HYOrhfqXcu%4u
zfU`Qrt3j6>&iMKd9bSPjnI35o(mms>d;4K4ch)s`|8u5@cEfNzx}Ll)SrX1N5>3GO
z{8;blDx^dEMI}#eX}yQ4_gP6`>Su#zigU*i=6kb$AKeXG<GH=OWc<(6p^5vvlht6>
zz3XKhD5$`DZcUr;*R5h-%AV=?EBEKq!EG`07|gakTo3Vtb0g8}uvtDY`)JmVg^!j(
zo?CuCeO+}1d;v9apXcaT@Q{9T+wsE*fViM$m;8of4ANj8lPCF)hFNTMhe31VHw)@B
zJdRpbnf!(4f7tMK1gx&uH;HHDL|ia*-OH}b{pvdo-n&c>r${*NzMU0PL5wY28aSdt
zZcX{5ed0ae%_ShlkcT~d#I_-Ym7#WhfXyL$>12m=-3!F9llcS-HYDdMw~8CvBuL^q
z*$cEbIP)bq#n&zJP5isYt7P2Jf1~2E)aC6#`kd$<XnW$;(9gA==OMu!u?d5wO{Qk1
z_2h~K**B+BU{+$$I_hG10L@kSG9AdC03h)hz3}A`$y<yZ7Itc#lO^DqLH_V5zt@<#
zGH8l6@Bi^T`kW`kci{0X`PJ1DsR{T3>f_v6y&A+lMoY)8iE6TuIx-gCx(B$G<ozWS
zgC`3OH<&II^(O>&J^(^%T<qnOZj6gyUw4$juo`qe-!N8O9s779*qp*1rQN7IJfTjd
zv$&(7NjrVY{&FqggLh8RefE7=!o`?}(BD3KKs-R3D;O800P!l_x^`ONR1#z9(S8Dv
zPxN-YwUc%tZFVQzRk&v45_}W-YAheWcPn<Dyu^+MA3A6gsB@^EY3BHv!->&PoqW)a
zARsp=V=nzf&Y!12O8SH|TBwJL1Ioi*)*Lu3uA)y|^<$p7*V8^c@?ye){bnbB<0{@W
zz$qM}nlq^^X~|1^RzVde4v@LwOtzNQiKCZHQXR`?M4kD0R3yCaU*dleDnZK8>}=^V
zC)vH&Q(p|XDsiMH;T&?q)8o)M&n$162O1L8_Zf~z(?8FJ6uj@y>fr{KI|tD(!SO+5
z8P(%dosEp#681`FEr}GrgT@@gxGd>IX~({UvitQNn<4sMR<2DtGNSE6d!6IaKLUK$
zisn7SF|-Re2La=xg$xqn`#c)o0PIIc9)OYF)qvN|H*@Ep&VJJ~tXjQpQNkQi*wk)O
zc5`Jo4R?W1-WP~oq6(fPN5XJc`9#ryfO2*`^LD_t#oqhuwnCG^P6d&jHSpVyGFre(
z=Gof~OQ6helG%MKYcE;MUXa6Z!=a09Q6}gu87^N-*W1AbRMx!YaMr_Z9V$@Fb4FgR
zx(uu)y-%l%MY~Ui2JlH1wzuJIVa4Exjyo$5C1`g-_OSD94w9=+gf&(GJvSuW&lfM;
zX)sd}DmwIZfr8$R>OD85SuHVS$&ob3K(aE_?q8xal$`Hnfn1+~KKQ`yVS$gFJOPs(
zSVMT~0s4chrytr&TY^h9B<0Y#aYx!<tgw^c&K$C&-e(tSo|ZHSr5PFB`%NK2K9Y|S
z3sUfrP*ov#e_`2g1?btC$CR7Q{as8@8w{`K{`92ro$$Ici`-8!;T*@dHE581CdgG^
ziF9at*-)8E0joU)G~~JI6$BRq?YjsZnkWY@omEn#`|MUDIU;-+1@J{K=|eYpR65^;
z7Hx5()dnPJkLRcgx_#nRG$R~limRgr9CA~5EAR=mzQ}SvH_1fVK~@xZ&5qUV+V!_W
zzp(TEJQq^I(9Khv26aoV6cF{wD15_kHF9O^fZRhoS<3es2`H{F-MQhc=R`I>on>)Z
z=Y8&5u|ixzQ+Unz;yR_(xnGx#yf4)v-ppFxaL}x-amec%_yohuH+3`;^D&a7a}kL~
zU&-^$+-&Je*Qnt9#%ywK@_4M9)l@FUh~G*Fzy5FKxzeBqTC)kS-QZU*M0Q0WdYbA{
zR6>Pg6IUuuRIQzauZ0*&!)26D+XNjuPTq8S<bk<QUb(n$&G4RYVsc)(a<9g{c<jsQ
zh5A}?Fnu;7Os?-dPfI&j(qOypi6*E^_i5o&G7QVvyn8E2Se8jlBkg+muFx}IwHKDy
zoe$Gw^ed&?2i4+=6!q3A_oJ}$y{`)NMOIlwxwU&Wu)pa_o9+nmsNp#<8uV$ggGUcR
zamROkax(ZY8Z@85B`5_Th1`U4*&DXOqL7#uzZ=>K9M<PDLPriomsBJ%tK?f`jK|jg
zm>x@DD)j1po88~qwc2Wa7o&CT`t}o1M`SLV+^;#Q;g-LBy-%y8c^Vzzg#fxIrUK97
zqwf%Yi-IMmj-N9YIyav4fPvYOMqCYoX*a~cst~wyPVG0-oV4#e=(X=_5li9|leSV~
z+%bMApQ<LADw$F2gNPWXpXgX3P?h=Ku#jb%q@PxlRGxUQdto&8l2piqv2e=8xW=<C
z0R$wtLq}bx@qjwD;RQ<6FUc5AwNV(j-J4+dvVJkv;)5Zm<HdO7Ex@DuBVM5$>ikq8
z9v_E=2Y2zTi>yh!EnI`bYnAmrOz$)3XP2$zeY<DJn{Jl}%j5b|Xs_iX&gE#7>O0;m
z49j0UyHlqc=&QTx2Q_n>=pGft4aNJpELoj64Y=R^s3-9JdZavC54)XL@@<r5k6-9%
zKTn7(V&T%(SUj%ELU?Wo%fM&+k;5i|RNO^~Y<nNms22DYda+O7=~s>R6!^Gb!=4kJ
zDa@w^%lwWAJ~WFZ!iYzUdaMT|p3@=nW6PQ~g2E@|PIYpTDqSM+#_ONi%2%!U%C)HB
zvT=J7#<6c~XZU~?eJQa}@97hOK^Q!+n?e0&@A;m*2M%o(3nXFZEiKX$8Q%d?CHc)u
zT<uaKPlDxL9{p?!8g91^Ah>cVZ3z}^3d41-J{eCGN`O%k0P0{4u5Fvoy%8O7`92G-
zQAz81p6AxZ6qNc#T-Qk4#4o3LC+$k^H{R2m)aZ-T-pHHR2;Sb^9e)Pz#_caM<=)3{
z{EWi!`i6@qe}f#(W}rxe;DHe6Z@}YI!>24*7B}q_O%`HMV0Jf4L}t|!{yu&bu{e<F
zi|(FS<{9*0yu_zKz1)q&#lg>8xslvO)4Fow(uFyvfxfG=*3N*ucxN}_B(>Ado(uD|
zp@q#-9+6wLejsmMA78D<{khvFCIIlHrIWHgCI97@gCu-;T_ARzRxe3PNQuCNc@p#9
zO?W@Vm-G_;<)1wJ$A-<{<iG*I!FlRb<Idm&r#+1Z`}W6%t5~#mD<3=_=jPeTWEGR3
zxSRu1l$JHQZL80rEfp@|5yW{<Rqw5KN@^`0KG&b)yWlZcQE?C+HIP2N5Ktke7CTD*
zwMipp=p~S6c{u5Qc^zjh&DMJ9o~N0M2`ULtI;ZMYG^@(3jyZLMntEhnEz2hx;%+4D
z`&z^Vnu=&uqF^^+-=D}C&xYcBN|Yw}8n;P*Cp}jNY)!wGKn^&~MSLsQV{Z{`%b`$d
zDD(53O;pOIx;KtgmX}Hn!}gt^W{k5BzGoo^u((&>|3C-4_;vT6`QpAW#W4i@g`fWO
ztVqr}+BQJq1<V$B{Lm8yC#r%l3avyr(xE8uc8F8mR#&rCF?goTMFhvH&zX+|twN{Y
zS~WK^<Qe9IL(f4kmK+r2zHi6BUvQWYOXxKm#A=!UPjOe)-sX6a437-`e9?jT36EQk
zawzGUSJu=1IZc07$~uTBB?$51U=|Dzv&}zKjy5w6uji|$auXa(4b#se2I;d$&iq6*
z`#fV_s(UCR!Hme|xrLj+24X>(dhwJooD+oi=AU!Qwev)PZidAJ!ZT1O%Jk5F7uvqr
zu}w@te1%)NEnuvZi2*>K_!V-SUK-J_t!<h7*4r7wR(9iSV<$tss;^>b6>onjaG49r
zv*7U-nCP0cNHL;c2*szlA8b6>o^!t#H0C@xgO~cA@eQusMgxTlb8Ff15_L_%6`jNh
z5FdMBGvC|JFMk>YYRK4P36nj=4?%yoiZ>r@gvvRfIS2RX;SsxtqQ%@OYjwQt3T#cL
zpHl4grz8yh3Dj{bh?uMWHTZ3PQ6ErYl?%7JJzWQvc<ikBy+I|4cA<5fuh4aMfGWla
zUivZ`?5!rKgqMJBTze82QqsjK7*V&sz`gO&x?6g8D+TFn%}KiP4CTjs-@v=DC5Xyz
z$PG2C>v4Sl*v@0$0nAuf+UX4&zj)<py6!dGwY7V=&Z+Z=-DQea=|YYZL{RXy=-M;5
z-|N!)t}+o620v-pao~yJG?qJBcBFXW$^`|%xYc<aknwDKGCkW2L20U-bJ-sQ1D~j9
zy;TNkrW5jAy|OkOfO*RN#-?N)9(>M$bhx#xWuYXFe%DZ6Rcjtc3GgF*gU-z)jzDY1
zPNDmxhw$<Wc9Fyyo$zb<{>8G!AQNARE`AV_q~K(Gk5MLA9fD;8x*)MS^DA*30e&7E
zg|fJ(eYc~lrry4f=?@-QysSU(P+GTc*`vs>RYQz7^nU%UHdFwc`Is7ys*a%kP21Bw
zpF2Bs>`<P>XRymFBV3vSc1UQMqf`wiwHYEE3meE@vFHV?FJGX)bEQlxje7t$S*|`c
zB8wsjo#vvu_wuzOja%UP4bgY2eH8&`<=8)iJ-T`8`kurV0{j9?JYdcHVR;;9&%UB+
zmpNU8jwn3|`T#_tH_t-^_r6|zDm!tNDBli*dPR4Gh4H%<7QH-ovv%m4`$_JSaeO;V
zG6wDBHNC)XdT@4e&8pHw&ps~Z?^R;kO@G+@2+h)*YrdKFr%bNWjmFt91pdZK%Ff)U
z<7%H8$R|P>FE^gk9v9?Zpt(py<SVBJPLtuiU)G1sGbU0@Cdqvx>X~l{JF)@J`fv%(
z_;X+o97h_4R~E3RA8eJ85AR#vYv*ZXwchfHI8~!Yb6V(qeQCTwtiB0h$hjA{2&peB
zO&i=V;6{+ECDkZh(%Hh|t;Ec8Md{JZeMUzoS)>--oGx5yTQZjiyO6S-N;ds$hPph<
zepJ8XUpik>&5@(m?^E>WplYn1rx#c2bBxy3M^EeCX+hhG@|nPI)Wn>xLsFL}zp$xT
z<;rXJz9r^8-(;oxu-x!_Xh)L8Qf?J|WA&=Ak)LS3SNo<UX2W;ix;GW*QM|S2-2+j3
z_%N0q`G&UME|YOaQJ_KZ1Ucg>3g1lL2ako}Z>b9D`4EA{V683`MtsZ^ILGSgUF1Oo
z$1i*BfUrM&`<nAfb_e6!`}PBN()Fg1th*DhAonDxA--~C`ny2z>07}%Yr-Hz4+*dY
zOfQp)&}hZ%oM#T=UXoze2Q6`z+6B97MM5=Fya(TZyW1$Jo^J!3<4ktI3i#fH-yr()
z1PSIu!hrBSo&eQPZQX37iYMAqxKc(0MvF;~LebbAd7f$?(LDuokWFOayH|hJrR9Cd
zM8>OrVkz*|q2uGwdAKSwEgYEmejyU+=B}=u=n-SbZ(y|Eu*nO4PS#mzlq`RcPs;qB
zkM^k(_Lg&oZ4fORnW=!!H(Dw~qU53B(YG}u9rT}PNju0ME?>lV_tlPiszv1z@ssJw
zdM=!!-&9%vIgc`|p%-VdW8SXVRW=j5%kC_J&fgTT_^wv4aZTAA1q-X&DB`?|8?R)Z
zcg#>e@m;@kepQaGI26VqY{B^rYiG{;^&2*P;}BJ!HW!oWZ)B#X?nRyI+ioMg!>&##
zyLT?XE%#;91YfeyCt1p5L$uiyp9o?s75&CH<Got<1Z$%YO~*r7O}VJgFh7@Wcv25m
z&uT`!Kg9->;+w+#_Bre>$no6^TexBm#PZtH<L4aFD^4;Lx_P(jJ32oEw8wQpdaEG_
z{p`l+aN$X2wrAeCZ(9}-Ix7<J-6!s4TbPajw+86KR`avRW>A;2?ERqBNqtZDcGdM+
znPFT%M0@)YS%fedA8#9(K18&1Sm!)z=E-WL1Mk}aML@d0#q%Oi7x@-NFoOc=tNH5*
z>i!=8v{wj!m~`gV9!V!13wfH@zJwBQsTtT4=$c%SLipsGggo7L-_EM+Io}{wLhiib
zhGp1{{y=yid>y!~`8Amzs5#e+&edMKCealzz~h6~Fm>f#`+C|0b%pTDPJU98i?1L!
z5Np_;xaiMb&B=q%uadjd5tF{V5MO`b*@OG_B}@C|JCj>x`1b!i!Q(5S1z>~?i{SUL
z@6?z4BwI|dkF{2g+wK@yrF)*4$uYbWsRU-PioC5Iq>N?D53}7B+^x=MJ=*4++wq;k
z$X(Mr`CE&k{??+jB`(R}I(m+doUPun#wxth_X{)cE6>=S({#|EMkq2PxXxVjWs@~s
z{kqPQ^*e7q9W>uTE<ipZmYGK)O=$L{$CN%j(N+4ED>C9lD@8$QNzYa3p*j~aulk(r
zVUEl2_Ual%v2NIR<GN2$T+&q6IXxkAfR9JboM5S^6SEFIhb$_P{|--j6*cWg?b$WP
z&D4<`Wk1LD*(STRH+Vj>XPC#BM8*oDBz>L>&zf(diSndiqVn5@d(fh`-JVAHu9Lgb
z6<~_^yWRu1-*zKr`^K;12=aZ(`}ryirze8WX9;jvVG1ySc+n0b)FsOV52WrfAKmvz
zlh+C#p5mPO?jVmg7dk&+4$UDmIk7>T4~F-CN36rc{fxCH43bw$$0IHdaZwLGUI;Fe
z0wq{&2SE}8DbHRob-v%Q0Ce@ZkN(%TJIa#!k&Q5f&8;Z&LlsvEaP0wjbc45@a}-Um
zCjE*(aXr)gjAEmgGG%E)Ov7QinyPJRW7nS}#bsJk;IY3HM?EqppE9a|O|rRyH&>N1
z-D6IiQn%+pf)<D$rfJCfiD#|ONmR$MCv_()-qV}Va~i%oHCYWO;c4T6<tDwzkEp=h
z`Yjxy9g6<yiQ_J``8nU@YI@-MpcwDv46xIueFtuj^V-1UYHeT4omW6(@kM)JhV9op
zvQ7iR6&im0nIl}08Sf0d8KtHEAf>0dhC25#I9oyKbEk3{qz50EJLWSsjPwlanD5Bb
zEuk$%bP`yRZ*I@<ky@UO*}fp>p7$MxAny~Dx6jw1b|5VefpDfzg+W7XWXhC)oOW)(
zyC^o{Vs%-pJ|7Y$`E`K{g~v%-UR0cuuY^}K6-_y#-zM<Cla`S86W@T2z<!LQDQNW#
z9DUv`4*vvF`gyKIsh!^)M^%{|@5x6RE`-LU*%7z2!=wA5`>X8U&4@2TkDj6EzOYAq
zp8j+)F|np^fROYPFSOs;*>}C=k}-&&Q9#Ae6*^q?P2B#1UN};94{$9gVYRTRtmG~$
z_IWU!&CpBsc=+5y0+?(H6W#J0r?!szIkr5&@^IQS_O#KBQIkz<!+&-osct%_lCrGp
zw#dX6$YJ3pBInv!d@6TeVUwJ|I?d9hvKrgty-075abV!7x8tSRN$;1-AWr&ZIp3Cp
z&+Qa^VNyI<m`QY0PagI@tDgqzxuL44bJsi}OHDk^q%qJp@zEg({d$hBLT#t77HyAQ
z=<5~U#PFaShR^ACm*FD1I7#Y$Ze_aK@qm+YV=rlZ7dY?3SJU&h**E#kL&P6u<Zk7j
z)Av;s*#p*vCs;S)ww}WucwR{{!^5S{=fo`RtHA;pzf%-XE<a*_=v{D$jlW3?bn2T}
zYyRNV%<ft9h#0>I5`+Az<-o8%YbEq#ZZue5fZ4Z^f?(yT%=*OMh}Ogjn8EezXTO%N
z)1yv>`{WHj!xi$B(T=0p{jLz9yQ}sNSsd8L%?XcZ-F$BLUOX}!5B=%zdf&)7xrzID
zl}_m64t+v~?swpv+0qMRUk8B(i+sVrr@4i!NQ`o95pi(85hTEA)C_N_DOSO~v$vId
zP0T%m0w_rB!knE7Ex6+z&1e05+3s{@Ft%~<Xw$MIQ}WyRQ>L<x{mh*aAzP^#=dC3B
z?wdr_W2RJnU+^hGCe|`AQBUfHc;J%FMPJCMkw+-SIJ<mv&yRKc8Oq)-a!Y*J1Yyf4
z<q`uOpwi=COE1b{4D6%tDJz{)W^k@HmIRBe8&=u8&sr?ox$>4oBunBNjyheM!aOlN
zr#7&ykLN;i;!h|&KaZFYIt4tbx+34>eP8XI95zG^@=3I(c?L71Ln<J?0Kd&@I((2B
z5LBGap9ZXNx(o>!=H4Ds5i@YrpmX7Sfs7(WD^=l3MaVS%Gz87nlNZ#qnh8@n4XLB1
zp|n-t$U}o~_VtqH8SNg)#^VO{#aL2aI)En|&LLwl{xX78u3b#1g&W4c9REISqVEP`
z?kP!mP9=%?80Pd6tYw{cl-l52f0m<j)ekLmSNPk6ZAkT??09&cK39vq=G5(Qcmk!b
zvw?(S6Er|wUw&#lzf42DCie@S8rIa-c*^uq4XEH8OfmpIiXg`E)+FHO^X3dsxR0K@
zx1H~G3VqgXPF@E+x`Wqw9K@|c4}%*`iS79sN3kxP&Gg5ei!l#@9-r^E;>_Gb<xofE
zl1{T70@RW~A7?d*TlMA5;rnoqkMle3kTwRB!tCaqFAF7}0q(n~k74x-LeYT5>BU{)
zm_+0UX*bXN$`5d2)+hR4aI?8qnu=(XqW3_2Nu>CsBLgU+XFm&H`y^d~SJSj(@(3{?
zJ-RHHbMs_z=|up9?;^?3A&L|sF2BCtFk-<cFDP=)!tAJ_WyjZxQQTVH<re-o9Vv>%
z^xTJx8L}6!2Xc9ymsUq)|2ot4-pqC*6vXb0C(Mh{lkaKzqBv?X{~{m0!5xE)LmS5y
z&Ns*G(OiX+gIYfU?o}(-5sh8LKcak&#opsJ&=~WK<CoLBAW8^`F=y!7)7*i1da-~s
zY-FKj$?8Z+0wYU4zNQ6jl4Z%seUj>$^p!{bzBsxblS5zbax)Pc)GR(3`SlUL3R8WC
zN^JA%^SX1%Xi%*yUwz%D1&wizaSHF(z}(l$zO+b%dg#p6spm5JIV7iVrctt-S|i_c
z(micN(?QD=4`zR3wSIyr|2%B+bGS#L+;4U$m?B{4!S{=XS!`w3`MEXt3n3dT;p=uv
z1uOhM+jJ!&14@pMQG?VMx6KBAr83VmF!=U9CQe52T6>(w4b-WLkH!XYY8~*#H+1=n
z51hJNIU0ArT;;tCUrauo7V2}8bD6%jC_JsnB-h^`rhuqO0sBm1;p5Or9`6HNjOT5c
zf5EALG5@vuAVjFI*fDjO3zwVf;z>mNI1l6AwJj^+;54t0x8cOpsU13zdvhy7X5pK?
z->7@Wcy#Z@=px;4Fnq-W0~BWl<Mi;Oz8<`L_3gql1S9hG{;Fmj$|rbgGOoBqFdLL<
zK=CxfQLw5>gcE@Wjh3x_^L)p`0Fa??=b4BKB~OtzXqG$jCofd%-W7}c#VXdxZ;Z{Z
z9oiV6uhZHGy%6yR!d(#ZiKnQa4dW-7pbkBHb!oFFg3}+r@RyopfCB4+?hm=I+DMR+
z-gr9qIsO<gncjnaOK2&<>k+>UepfS1k|0~8g740g&uP8p9$=kA<3)QZxA$ZkoLGdE
zz|88KJm@F`?$5BoMR^cgdgJ)Uy_ew0Tusx!X<l$iRpwZ~^t^{4%gLwMZsJB;G8sfE
z4bIm;gKqbvQ*H_<>)|iatxqw%dhmMBZZYC71ODveC4zO=yaj3pfYh;?tXcSp;KNUA
z-`?W$P2xVs0o1*0OXkE`W#<aW4A*(z`tH%&eNgFi7xMUDV$l|rN<R<Opl-Jl`^)=(
z49j2IN@-~e>6ue~?~QBeK+t(^pM!x~$NDn*v+75;{hK>{?qS8zw1<NfwXVbZjqpot
zKBY60tCTlK)@AMMs(E_{<g556yMs0`+P^yrN2wa^6hggPC)6Fbh@`~gFTv+LQ?}MO
zk)tHDtuC&}{rbaT!o*HgHM(g0hSQ(NPGc7NHOrtr+bTzDl3<kUM*6M$<;2^bYj0)D
zZ#;Q<91aS5g<U|^;d}2Bru)Q{CNo)^-($n150b}FN%7ppFRgzS^HM*;>mqRdUiv@3
zguRh6b1cyb&5#8K70!28jawwznzuq9XkvmoWz;jZ5}<?ki$pLeC_91=F%I7zUp_65
z-_sCoddl=a0TnI~U(~d5X#~D@;yiR8)#iO{8)N2oaaN0^pGXODlJmYZz_}Q_O`s1e
z&T6AQBaEQ$X(VDk{FOMk&!BNoVulyYBoyV`djPNP@DYD>l?LC~sHU4$dcN#Zggs9m
zk;wyz_Tqioa{8MS=Zs%YI>|B3yKmJBEdXcpd05jNqBGkK_UP@3Obgy<jWbMVoEZ6D
z#d68ZtNF!SfAM!;5>CXyj56N)4f*bh6_v|MnsmB|Z$r%3y#1%Ja^~(1>lNkq<Khtq
zAR5K-J;pB|K&V~56lE#HY1!C;N>I6Cd+Df-K=0krrF@D-&qW6NS~s4len3)wSfOD0
z;;~D6q@EzgykDM(0pWw7M5>DGm6^a#lxjbrG}l6pCD`?k-1!{O<jv#rT$Ht{aXgGN
zPXbI<K-jqFi|=^f{cf8#rxe2ix7XCOwApnUt{g8TIJo2Yu#wgt{YFh6VA4JmPb>?8
z7jf#rfQvgx;c15rVGL8(ZYYwiUPBp<)le~-INEQ+bY(s>(2yO}Uk~tV7RB@p`L0ui
zJ&fwdU`%_!ARBJYQ-R9&$t-Ke+tAYjgnd)pwKavY=SnwT86&u4aBj*$q3@lyUp~`t
z);gA)j5TQr(CK_VW1=&zFyMxr_nZCmotMHY!8zO4gPzqqT68n##>tzFV|exi&DR~4
zN$%I%@e(|+Bx!i8bHU6hAL>JsU*P+MEZ;z{1pf)B^78;{8+`!7&ZJHmLOP34rEPA|
z))xjXM~ycxTN5eoqo0$mP>HSiwTKs`aQN25rE{PtB0PwvI^lhAjjRiF6vHUfjO>d-
z^0c}%^`!&vfQnqyWBv^#o()#5FO2u_2|LbsLGE!6J#n1;>i~IXxwYnuG&H#0{laq8
zHAM9+SCr#@bRATaSA?J3Y_)$u>XXHEW8d!_V%DoSL24NEEg@)s`|2CBsC3aghD^Dd
zd2ZND9ENo3Xb^(7LM_b1NKq=-u7?8H!)x(ychcjY-OflOe!u6kUBc6NGY-zH0pF>M
zuTa1s1h8yS{7|%*eRt12(3o#NIV5#YP}p)fd)O}8mB*mr4ygP<wjUqnCf!S8V?(rk
z#n<e9ff!BPfCntUsQr2<n&YAthaY~JzF*3@-zD%Ed#HC>tDaK*<_>VRI;~%{O_@l#
z5R{iAl}-v_a)N!$VNrv4P;KRXP7XaT_+-@=)C}ag2oSpXjjJ|wO%n@9xTsg~Elu8B
zxcrRJEvgPc_$IGD2iwz^FWTkq1Zi^S+yrL3N*-<lTE*qY@B4g{sf5@Xux1eZN_-bv
zS!zx5>jt)X^v%yrLRem!YyM>sB*`hbQ?_~fWDj|FJN9$;+~?4a=jCI5E})GOpQ5HZ
zk3d{}f}2hpbQ9jBw^#W|V={f{Z|4y2gm8&<iiE49N<5ZqS1CpvY`v`CJI04$vX4;S
zXNd3)`+|ak6vZx5QMx@m<=}5VE<WZb*4|erfizKG2=^^{?)iGC@ap9w;P=dx>mDRH
zm*NOD-EZo6)p<(18KTQUAZOjaTTv6$hu}UpCtr??rHTNg`|X-Muef=u1@vow%0-Ep
zeFRc?r2AD9JfsF(Mie|T;YyxvcAK!e_*}IuEX=P>pn}CEn)UpIRQ-7rB_2bNx_2N?
z-Ei~RBs<Tt!d8&9J!`*zcU_O2S#4u}&o}}LxXzqhv&RTne^E1=U&DwiKEq5&K>M7_
zng1BOlI%!w*m@<*0GGsc|0DS^)ZV3Ed0X9*GK1tFg1`ryHqyPfgEZ@b&q*ySf(E*e
zC$~x?HJf)7{2Lca#>=3>fkzPvDT{chJD=6ThWMKGIx$(5k=giC&+|ud5J(5bKilg9
zShdeQ25K&soPXZ$t9N^^i-N3D17v_7V_X%wpBRO9e;+7!<Dh15*2!2>R=St_-1mcZ
zX;7YbUNcO7-h3Fcnp+YPZq%gd;1gVZ@M|}d*j>bGz_oj#00Ekqc$J2UhiT4^=a=d(
zh%@tCg98%v)!eDbL*s<_<PlarM@H5Km3}s5qz=cG>vgXmqXfB#bW$$dQ=-1hG11I^
zKx8CMGl<z7PM&9ttD&w*A*?phB{K84I9G;BMd3i`&91M6{`M2Re#Dj;1#bG|Ib2Tw
zTomkYfb9DzOvEj^HQEP-H!B?h-Lfj~%+nnhB!;)}%KM%7h({zVaz=FbYA58(Rx&@s
ztjdCR*}ztwY+N?RNAwD~mjHa-@+#PrA}B<XKT4?Wo`=->^r=2^PQuGWj;Z_bz*0Y6
zxsX971eBLb7>d8B-}A-tDLpGC^1kxTy{A-<7Wg;8d77;vy_%NJ-g}Vdxu3>T9BL@r
z_n9`U`#C}W^82?`3dYLzyUYTP$2ha|Xn-ceD>sBVcNVa0^U<buiFsXrr1YTto>s;{
zygG0B-or%RYwO&C?5e7`HjkA+eS4+e7suq}YtJ=Zbmnt|^*ZMgJ|W7pl9U^#@<Acn
zx#7g;s@Sza>&Wl1C-!55uL3^IOy2^o@M$w&-4h4;MxMd(!P^k)>Xk4&WgSl^w%lh~
z#OC2AxHSuHFXTw&Ltl%%t95wq=9R$b&inVJl>fYxa-Rv1Jj-<SCb4}}K%EjUCN<N+
zM+Je;^c$-Nf0NodnL-VfaUZy(pKEhYe7OV)VJ1M^g>D5J$A|S?d*|41g89Sel&4eZ
z`skNq!SPPDH8Ll8&_NgU;e*PWI+%)2NIlCq(gLJAC%VG(6dIA?gEVdgI%6^H)Z=&p
zIMnMZfq8Y`+ehOlRuWiL{WC$&%HZhpNpa0Mt)D8H$47SR#t!#=+Sz(dj~&uh^_@QN
zGs8gv@2?exfWFRHnvt?w#}nL*WN(qK4f4v9T*p%2O0Vl0R;v>B2`c+57!oS<`}}U%
zSLmn|`8?u2OrP`g=9#SeGS}8_H%w6815(aU1J*gW_A3Ov3ld&4DwUUAIqhn<E%c75
z;{u{iIKK~!UoIM_WkUOTs+=Dz+EZg>r)ItepQj=)WqS|q2{F0YgyZM*_fGif^#Jb~
zd-6ZYAARP~2|6bmDg6d)@|RUT)_CjvCgJdNRb}d09_#(;Z66JIorkf7)$@%uuUVsR
z3+sC@lM)w+{bY8Xy-e4hS&ej`n1obN@CQPB{e9La7Rd<?u43Kpz}u<ev*vlt4Wqtc
zu>6HdWYak}i|knm>Kl7m@-pYH05mRar129W>huhohI$l$(>>pmr48NF>~R39@v1iE
zlTOeXbS5RF<J9;Slv@wE9zwI+);;`1-VPrfKd9EOcn`z+Mrxmx)=PD+D?2d+mrhJs
zB}vEZ;fkH5#vJ+5X{c=M@!Gb9#NnE2TDh8VEV<(wzKm>0cKM;^v0P$=rNg=R5%=?6
z7WB;4`SQ5MWWEXjYwL~O%aB+PAUULbguX;3?sInE5i|}cEll%R7b^9H`brDrY@0Gb
zFS4A|9Y<!18PUcY+yzXSal7T2mxnWroOy*p-@>ga^z#IL^tq&;uo}O|DET)DbyoZ9
zCp+AzCftsJO_yfj#)S02Kw5%ndh)?@)|qno8qCVWDt49(&5CMq^ngY9;yCGGYCNJc
z_dEuKvHlJgFZuEN%<&O0MG89atFUK&Gf|FxgKum*;-Sn}n1CmR3HA1O8;s9_i~>`G
zDKQODA-TY5nidqx^NhaRcct}g_>t3`u+w$}ls5lak6J}fa>&ev_^G}VYBu>c0Y3jJ
z;OA)WIp@yt=}|HZ>|#0ajYbO*YJ$Fpkfa6zH6jD$;GKuab?-uxPtcWw!RND*IGCAY
zF{AI3I&mS~?1r(!-jKNdHD5(1*KULQ*C+Yl8)k{lm(9V2suFvG&jA8?%4S5el#0*Z
zF6@39@{4TevqVsr0nAVZdVRXj{Zd%;vH!_;IL69j<rFKk@Hc`F@gP$w;}hu;jQxb=
zxs2Ad-^fI%M{Sp|sMc?N_qsL*9Nx*yz5|BXjeLwIQn_vJkd-GqrHOslNMcT#27YaV
zAm2O<YJ?c+Z>;6$?Q(K1C%m!21XDYK-%OCF&f+SdJ&E89-{_<+9GUN)XDi-5@3&zy
z-nQZs?Rk5Uu<^v%E9%V8^v`j1hszh>0moY|FoYoc!Xj9D05<BDw`jAD-Up@E&Rg_L
z>wS|CKr0Spney}EU+y0`JV8gr#qi`zqt|VMMO0&i%cq(TyTRA8wzhG5gpiRUDBueq
z><ov%;5=AQrUm&NOIUZQ=PNh`{qBAl0_daXm|VbYx`wn{n-}B4;^F>+DxQ8SeAd2?
z-#f8!`C5|MQ*UO%SOhfqq~@2dPvRctR<pxHm_So9vHI}ao-;;D5%Adey=LB)&H3*|
zmT^5_r%_A$AVL>_h7t%5nbj6NvF#Gp<B$(MZ(N7{QeeN>7}Y-K-jyQd1MO_0H+iB1
z_IH0&{Jf}2raqdG=ia6pPjinoe6wl{AQUt^zS2{9oBg73>ZRMGy79FO7DvFWf&(-s
z=?GQ9UC{4+aE^|u=A%O&koMdY$VTJ=<&1pssO)p+X*1Nkj_Y5|2m14W5|qsszQ{GA
zl&>VY0ae74S;4y%mTwA)m-d_+H~V>>o|+3^rLTWB*dMn>PO_WJ^H1}*59FVd?8whO
zS{a^Ly|i)Tir0G@(3jnwXq<Wrd<X|Th4X3lZL0}|xCBwBZNE+!)B$3xqkQ~|_XAVp
z%j%sHLHo^qI0)Y$e%&Ap&#e;6miWfF_=97fqY`-8-;Uiqg=m?)9`Y29x@@+bd90+P
zLyfWOIo`K|?0!WS*XAj={QRilVdz!+#Hhyr!NuU7nGjKvn4&#8qYI}t@$0GxIH0U%
z&xJoNSzopSp=J%DCfpfSXTS2DbZY{QB`LO+XPQzp<^VR|0HcR;Bw*3!ybYO=UtP^;
z#OGkS9xth$IH(V!Z{vKUgDdFa-&`EMhgfl;^<HoBL3`(N`4}E~XgxU>H=Qx3keZyO
zXmP$|#7jHm3v9Vb@l@`yZ+O+*89y7gRHL)sTf(&H3(0R$H{!A{wmm=AD^p_%da~u_
z9=ts7V9>?YIbZP7V-jwt7~Rr>3UEB8L|BrK+s9jEi{8V7x;gxgqfsax{R(R9%$e{4
zy9u?C@x(;oGt#ByFqiZ=?=)K<5IUujsE#g|G<Z;G$o6TJL-*`;Sv;XTN>?5u?(sd6
z&QsnI?+HV~9tJVoe3A$QtQ>^FpLYlf{@xRC+V`fe8LusVqc2+UDXBU*dG#FDokY4g
z?hVTWx&a}SD9f_sxBH0Ca9tXGhzl5-QI~wTu}FwqovO%vomg2bFCg=C(uDrpAeozl
zV&HwC-C2wkXtL-b{u5fy&nqhsK^T5Kdc`#)1#Cf|@xOL+Tt@op$+Qifrx_<Mt}oSn
zN;|KLQBgJJ_C%U&61GD@@IDP4sdkkbI0NgJ&eSt8jM)GlX{hGUqH$YCF~gUxC7x-1
z%cK(pO`keX5f$lxuP${Zyp^8_+2e<b&Y5Fj>7&nRe4Rd`!KnGxPtCm#**DK2dFeSc
z=Q2P*yYSBePJXF(z>@D?m6RhWpP@YU{OW90d<lMUS<%0AO{(|FchO=guMJax%`+vZ
z*{r{S<&#Af8D9hZehL2+hE8<a?T#L~?O0!{FlHEhQzzPS=p1_VHDh0`IavMalrBfW
zV=@!P1=>*bcK_2H4_N4Atr2}!g5kq9Sft`INGF{Z_vGESf%Q6Xjk`tq6Sl`JLV%8x
zCZ7_Bd-1ClewJ7+@dLxgFVO)GU;A1!<ekbR$ux6t<2<D^e3@4{AA?^2`(AYPeL}Ag
z8kKZeFrY!oBX6!HRy^H)>uJU<^ded0y7DZ{vvYl2V(7wYeiDk1w3Wsj3j504QTuBz
zj$;t3Fb9RvC;KjvX4Q?aqS%*XW+%>x?{z{VRN+I}xs6*AoBNeV(1itilJQileb+Fl
z%Z>;n)pO{b-o<jRlUC7r9h2@Qj(f@SDbwRIn=ID61Hf2(@RM3bC8ayqPXL$me755X
zz|)n_kv|e5FR?0rg6?!u9i^rP_YnY0N=vbM`scB$dZc7@;oZwz{N00jjhvJY48)`0
zmWLzPK-cg=?I{H<lcMWt@GN}sJ(5JI&R>SL1gi4Q?RYHcnn6!wimx>j?vj3WzM^}Q
zA^D)=VC}L>o+W72$KGr22TJVl_L7`cii+nS$)9uExxgFu=rVSJ`bn&O2${r5Zli{A
z1l=I<iE`5nW|um6+FHKXb^3rvPwKsGmwq;+BK*$h%fLB#y9dY?rH>ZiIbX_ook8yO
ztJQ>i=4{Eqb~H4}yw&CKmhgETZ9x=%yA0Hd1*-SBd&JtHH)4D(DrBL$hsi;l8n-d>
zj87ot9R#1J?Z?5G9|quB?Z^;m-Q*;u1A70$eivef;$YrG)X$Ih-AUK=vf~Ps<{d<J
z><P%H_u|r7bU=3AuV3>aUO8&~JH0QjSg>3>M-TJ8-5Z*E*1lmj?y0vqvYzWS0zVy1
zL|%E4Yj|qn^nr57b71|+ZY{oQdR#;-Ra%%LZdVQE=8c0gDJQz@9g2%~KBx9r>DF3k
zSAM-9P|vjS!otlX&1XTcoz~udCU^x-kJ~=Rgl|CnH)J)bSDt#2DGJerg2tn#(-_`X
z9DzDwE5*s=e!(=v>kL<QJvQyB?~|<Fd$IIOx;X<nllH8>op^iP6X@YZ#_4*hoNO<Q
zCza8Yl!dOBa4yR#86*^3BYlQ^9#|(qikYX#J{n-<EXQ7}y24_UDh$@2nuE7FPsUi4
z_*i3f$mV?EZ-z{3TzJq}&llNx%!>vc)5TC%)S3nn$9G2ic~10{lPTwmaoW-Btw9MZ
z<a(-j7%x2>XZI2WCMk&fXrMtHp)Q$E=%p$g^xK!s3)b`&Ux#}ih6;N;Xl4R3w5OLF
z^GSFqJP`Lii#T$mc;fOm8eF=B8_yi3n1*LO1?LIl%z*5k#oVV0wR^4_kn$ISXW&DF
z6cW%g1i^Pz%6yJv)sre5Z_`RbW>W`H+1{^;m5h!aP4q{Fe1~A2ll2>(+N{<B$f5%m
zTG1s-)Jd%~J4E(8v0nq-63bfpuo86)AN!m~<$I0q=R*(;o>nl(mA-g@?spsKj|lxy
z)()OH4agx@dqUBq;L-JA7{hNu>Q~DS7RSY)_u>g}Np0t}sGn1q5%K3W)?S-wlCR>|
zE)hYXSmL?LR5W$+J_tLDZym<>Z5lr3N{ryGqWdTj&LKBC#_v%aBYnVM3G<W<X4B&o
zHnp^Yj_19qFN9onjzGI1Afa2!n+(40zHeLIlCYyicg5{I)2mVLM|e~8A-PeX${V=|
zd?ydE<h?QPpYoJ!jJeQTE2S^8HRiZ1KRZYh40FcsDf<5esz@3f1&H_PE9kk#i<xKg
z-gEu!NmccsV_9?Jd?mAX9~?VQ;;nO$56a5dD0AT=NF=uq<yU8raEom6!OonoCj<vo
z&as{{!t+EOcQ{ep=nr0Yjy!}?39VS-PI{+lT=?wW@QcZMYVMBE`9__IgQmO(2)B!*
zQ+6T%?!a^Q^~{3u4C1MkMRn@?g)mEW8mJx3zN5KMrf(X29R2*-y+`R_Bu7m5Ddn!%
zTZCbCVg0!i6~6Tx0N$E82f5m{ZVc?{IEL>a*HJ<H%G&N#i8=Rl#~xS{GJap_;pdv2
zgO!w#qWA8Xe)Y7iTtGN+5nA#hf|uI&epc^(!BlXWpH|~@o?uuIt3VN?eh`0qSC%*s
zpG37wD*P3ti7f!c8Z#OD2@rfHIB&)l;jp8oBj1#4>`rcl&Bu9mC-=y1U&ZEZ8PW<$
zI-0l3Hx{w3hj(3&FS0@D`XRELc|_NaGhJ+WWXnYH3`VSQe3j%HV_&`KN|5M*0>^WL
zsx#Su#I(M7RMk>XwYE)O)31Mk;#RY_*|Bd@?y+O1pKAcxwb{Zn61b`AOh`{@NS!9;
zU3q@!@H`7Z+P98yH|DuU@)rJ9;|+|ab-8&?QUosqKOAUjfaiV(4#}))xw0L!=S1nI
z?7gvgCc5T$!Dkg5b^+0g>GCQ-(f4Zowkh_~a8ayIm_M8S^&>YZ92eCmY@QjyOqU=C
zzY0OmOZ{vRK>FQpl__^IAB4UqUc+_w9vYc+u8C`_Us$&~vj{x1H}Ah<WqGRJLIr=|
zz9Zf_z*g@Q(zN*yuYBPL+Bd(JEzJ0uEKO9@gr3Ek663)Dd7F{Ny}rf@VAZFkzEU5&
zYj>rx=pvfkZzeNEsgHv%BuqGX-91<>lAT}E3>_Q51FhD~9o>VFng;A19LKq^k8lx9
zGwVO2|Fkme@J<t$xLia87(C7=q%}($?DnB^Y%2~$;aG0h-qv9<(-jw<JF$;`;&i{`
z0?6;ov`*)DxiZI<16zu#j)Li4slG+bmV8(!C&1w*<x`qByWBHeXe7D97H7^h6r}>g
z4&Kh8*dRy5O=K^OC#H|=phDs*ia_9PJ;-<s&}%X_!BM-Z$C5LrnzrxLOy_MErF=^*
z{j6O*a1-R<sKoO(C~EcG2V1H8EW9e&;hKIzDC{X{s_$AQ*^v=<_7LL^Ch_#+Ug|XY
zX5#AcxtrSHey7m_k1u`q#aPA9Egw;_bfT26dKfV!@X#KJ@$u{FKyV*AI$TKS0kL61
z>}7sOJF)eQ9Dxx<I!}@KqCvlXKIy=-$H;<JVECT$I&ux;F-5_tZx(#j^qDVv<Qt6o
zfSA_&Ud5QZ+{{sWt6GbCw7Az&E|K$v&G`Cgcmo^6Zby>LH@}s$y{>&`^A`0{xIX-K
zg)199BZ=Qj2ggs|-$t3`1faZYOx|*p4)>#{_?ml=jvRCC#n5#4`o`)J=u#Z<Sh#1`
z*~Z>aOzEfya$Q?rqE)=NuP@IjJ9)km>ysty_03GoJ3ZEgNt-7#ukaS<rq-rF+|x0I
zh25wWPt@H-k<C5uz3W!@D;I<=gdW#?@TA>Y?G*0;UOSb<H?r>ou|pzeH%?za_<6-H
z)d1KD<8#6vYdB@n3ATFxlUMeMnBN+feqL=6+BZK4qsj<`=fJ^h;`I(;A2r0QggekC
z6N<6;<tN;v<4&q4?h|VfaGy#AzkXu9xV9#spZ3Zri%>w_b8~&}%{yZ6{|u_sL-w}Q
z17x|pXOHrO2U`J6Ws~}@k@6dYA*cSvM@Eh0m5AeCvOx&R+r2&dm<~Qsqm4u7FZd_r
ziRH~Y)#3Z4{Ev%74}&}-L;IlapY^VFPd&cvX~Qd71bM+@0+bynzv@b<SvxmDBTvC<
z7=7L`YJu)$tF$vvS*5g3krOw09z9-%E#_+9DIt$>{or}C`nk5=nB|k)2m#RqBo2*%
z7?)6k<HB00cr!hoPd8kzs97<}uYR`WeChr&qP*vLF>W<E1x!3YqiX{DWj*JRL+_dQ
z&D5VHSzB`>cZYaB=JJ?#%zggl!n4>%Y!f1RyLs;jzhg3IDzea3$e(u+Fc`)!pm!nW
zyw9^K8=wYD@Zc@2%5&R_Jf23mc?DNk<?Cg?AmF3*jcgK5Tzs+|zj#Y!^0!;)3tt9(
zTk=thyUl$9?O3;7pm%722IlGeiJ^HyigZCkpP)PO%{Rxk{1UedZ2B@v2Rt*+N!NI$
z-u9iLTZvKki+0IgQt8edCljbBgR}nkTG^X&4j%Y2Pe&x+*=mBvRi#>cQ0b1Y*RA#w
zx9k|5ql#BsbQ+QCOB{Jt$DjF#x-CzALgdO`ETb=8{DGTtv_TA#73}6@`HHk)WQNbP
zW2#Wym!PP`muihw5HX&o{>BmK0oT2@poC2&yD-v^3&Co2<{~lP@CE`iVS6%JpN)Wg
zPfJs;zP}Lf5c_0QS9TZ6orbRf6J~^;bW@SjQdkS`tIKHMaK%NPyM1TzY)|t0j)o^^
zEYZKDH$#Ey$#rEJC~}`+E)~X;C~&`++O|Eo-h^gAR$qP6C8YRy$%Xv$lIuwNUdX}{
znIk8$-O!sc#R)3M>#EmR9VKw2#lJhL;W$%evUV&+z@*<k*@yY!4duvBXem%UZ_3bg
zCjI)Jt9Q?Bt>=?nH1E{O1eBWD)hqZOKGs0!KC=vY^P$?=haU4pgOBmh`I?gdUNp3<
z<G`v!`WB->=pFw0oOVw}Pw{(jx6fq3)wFuLAwPGir}>N1XN&sh``EMTwg>D%){XLe
zs(YAJ##%J69}Mdk4y9XJNIZ_V;Afs(Iv?OwpDw){aU`ja2Y<odS)hG%2n0`|w#z)p
zM$a-}ULjA(hwZ~rv=;caHTgA14k6ZFHjL}ah{S?~$gQ5I=sB*DyPc;BRKY<)FCBx4
z`7)aw(QysL1H;rv5?qVxE3EfDX+TA1NIeLr4<+mR5j6IqtmmC2uKF1cQD6-Eu8ZQ1
z%i(^i-_6M{-DW}${e}eXd5gGq>jv!g#ao3aGIzY-jz)1w)+LzfI$U4GhRV`oe5U8^
z<cl`cie<QXg_+qU<(gqckMp|ou3dGzaG{sW4piw;LiPtuiNx9VM5OF{{MLEel-uAw
zo_=s1+{ahjo^M;aHFO*96YAwy-#A?0GXr?3c-WH%3+2{`T)j4r5C)%8t+<;|fmjEh
zTvV>mMQAWmZaQq#5K0^@<a`W=y(AOnzC&>4OB9=I=n!@|iG&-^NEQhndz3^N-mCO%
z|I9rBT5`E$-RS^ud$#Z1ZQ~I4)0T$Dx4n$%%A-|MaEzEs)D}9R6`?ryl#P-05yM%q
zyJ0ei_oS%E0+0xqe37Pd4<3S@0wmyXwjRTCuy94Y<63<0ad6G{E4r<moG|n)u%rn1
zFTQu@Knq=t#uIqIjOS2ytvWP(uQAnE=__9w@_e~^Msc~WXMO`zFP~|3_8LejrfDhZ
zkUoQY#eTx9{Jid(D=@*2Xp=7q6+Y~&YDj;ZRQU8wDz#Hv*2UjkH?0G=a^3zyhTb0E
z<y4vV=4YR3WEbn)<gD*a-dfJ#0v>{RV8U8(Gmt$;6QR1ycE1=n{HFY0oN1R;kcaqm
zzz#eCuQ#0X4DV3=jjJ#(!Ooa%?=Y@K*bvw;jPb)?vBEe1*m@81(&GsI5-kDmGe*_X
zK4!gl{~g@YiZmOR_;l)h&ZZa6{RS(7PmrGKs$3}est~vTiuV+sQIN0RA3*zd01%Pi
z5+%7YPih=PGP8#`X5g|!PGeQ~`JQ;HOS?5ix>gVe`DqXn{VKVDJHCO58LY>po=}{Q
z<;6-C@G1%Wf^~1O(q5L5V(^SE;V_m5$a66K>7>%PS@XI;#vp_iN|yV%Kn4_%5*2VC
z{=bJ{qFdsw*w)(&d`Rr-_(o!z?Hw4(hv@V)r=C--!M1;KDdvv?SpuZc8WB_NdqF#I
z!N<M~sgrOEHu<<ddV9thK-fu{(c&9$GDKgg_!B_q{nnQGir?J2*TkTWZo;|8FA)I8
zQCbJmb9i~Vbnbni{>|XLU;CWe9<}=N=E@vOygv0l`4l0pvOhW2d^jv@Oh;o;odaw}
zsMCgMupiY0frsOXCC}%~;3V@~%&X5~8h69j+!L#GzKiE=XACr{uc<?DZ`yDY1*tei
zT(``td7KA1Mli^O_mRlkqF;De*HL)Ne8u2=%xmMbsZ4e55&1&4?#y@ZI`fpyUq0ob
zC7;Sj?@O9c-jmOrUDws;vA%gi5dOHVP<Oc>zwxO1!6kWEefGNrlgnRLLUdAbjeAVx
zE#*b>9)3;?$2xe!Q3~43jm6*s;?Y2Ox?;}T^7{;8I#0GN#1R+QF)Hgo%?7%hl}H&4
z8a?ax^hC;axBv}r>9FlBZ~^1{4rBCxyqDGAp@QnI=_3mMMde;H7q?~(#_>$IXnAg?
zSUCD3?EwTbo{z3K`{|j}No%RG2eI{VKVh>8y2E;Gc%L#^S~qM=7<C8$)q0Lbd6d84
zukSS-w%18YKG_e^zt9e-%x}DB$##TVXU(89GQE#|@I>DY2Jo-XR#6e}$Z@msL*LAF
z;0TeoQFh)&v`yv~G7vtM*S{Xh$DB~c|E@83k8TBNq~`%R{-vOmDsn$$g7x;z*^<>g
zi|^3hieSa6O)S#$;30Z<v{&KwbJ!2;Z*4z|EFsq@)}HK_;kU7I<$3ze1Nq&~gE|$G
zsNZH)!SWq=YlLby%~axg9}o>k-UpTAq@}J0;w`#`_Se(d7L*SqMA^Z2&=;EHG(0`(
zL;Cet90sFg99E9+CDXy0FDSK_R!%G+Tq^1T>9P}oaJj|o@YiCe@ea=&$-DG)d*&S1
zI(;v)Fq8<W@O{dNL;=5a;*tiW>HFxT*P^}U=(D<b>Om`Lt69d)lV4^2N=6^*vorNh
z-x(P8?J(g3-Z7rGJ^odbnt}$fbMro5{ygYAbp{3|6H-<-B8V|^2rqRuhK~0fP>9`m
za5{~34nDuj(L;|Y1lw*xL&{!4?)=Qc<?m@e@+z*SM}UH5_>B}&-!tHHsNVPBR$;c~
zg?mMWsO0MtPxvM?qeUE7rhtS%U_oDDv<LK)L*~RDK!cN8UkS`}7Uxdh-nX3BfKTv1
zzEufH?sIkHF;cD$#;7V4^p_yu`6U@V2OtV^?-D*>5eD;&xIJ`uHF=w#$kFHKZu=lh
zoz)qGwZ0y}bQ>$Q9U+VG@Bs)!G$0fo$i?=vzRExr=5$)*3&Ovqgc;<|ns|M~ebL+@
zui5m(-XPu!5&5{mXXXTy)sc5v6`>~&=R)cV2k-%b2;zI=^Vc=7@H27{?dKI(uq8_>
zs<^Eo?}+%7f#T(iB{&GT;#@xN4;ha^Q)^Q?Wyh^A(Bl9r)0gD|d<C)J(K2g|tH<q_
z)4c|_H6B?9_Q>N|rHdwy*gTE`PU+i1kOw3Pmnq@fz?vW<A+cwpcFttSLCiVof!Fo4
z-#$)q9f3MW-P|odpOeMsi^ReM>O<dHoU7+ZVP|q`Juz|daUeS&f=DU<J1kpclJ+lv
z<?N!<cZ);@A23aTA5j;q&+iz+#A=?3SQb@4&knr$<faJTZ3TJi6Q0L6A0_uN5G<K5
zN~mhF^D+4S`hd?`oQfx%r7FZ2W8sV1NhHcV!C@<rFm@RIaP+#>H$xsM_YQ7f_U^n0
zU*-xmc<rP@rk@UqZN27oirsPdUhwiOzSjaTvW6k%6Hwr1-&2sjc`h_x8Ev{HxU$GD
zjOTlqgMAznQA}3*o;#<Fk@m)eUfP<vl#)|;qa%F9195TuR$+wnjJUvkWdFb860icx
zM<55!9$4~ibfTL_^Ik&v=4hlO;>AbJ%Jr<O$GOwz?@w#o!DD=l9;ddeRKgbnJ+m<0
zRCG~{0q%k4{idT)PNo){npMVqwD~ASjjqHY@17FPafLNL5m;Hw&Ce4cMIS_nrK{>B
z*`;Wdrc?z_#puB~wvs7u)p0P1p7XnwY5m31U4N?LZFX#$MD2lQ4b4KSeoS7&_bYLT
zPu*-#>f&90TgdM@>F0YL9Q6c?6D)s%lk&p-X4pJZoMAL?8K=(y(NUwLz-{sb4j#+H
zGLB^|q_-U~2*%H|Bt+2n?IgPQ?q(?Y;R&L&^TfaW1!pjeWM-L_;-U1#oA%|y{l$J(
zee{DOSRg_%{mi^%()!#JXu#8g!28^V5d+HZ@oJ{NTsBx$L~|o^IW3gk<T~>h@^J>b
z$AsnP(gFQ_8D>8(!>Zgvt{kN6_bc->f_sxr-f(dLrr-q|+wD5bT}M`NdLMNV8qR+E
z0xw)Tq3S2_%ciTbFX%FRJ*aS&0Q&vrcgFfzHVr!_(>J~5<IZy3_CpHx6yc=|<)nl-
z8nGANQL-tM6Nyr){T7?GlJCK`^R-KUjn5Nv3xf3P9DJ4skM&cbpaqELGRi_$_liCk
z8>~$AZ^&)BV9USr3TnLrdOBhpzC<>Rqy>;8pm(l)a_^9&%!1Lg{S<P>FTjCk4EfUM
z=vyXRQ-g}%=~5{L8$rv{$OrhFadYU)s2jH7(lE+9`%D1O18^iYk74?L*&TSIjFp&L
zb5w3Q;kN4zqJ8P@g3l~K6Q3R=Fcrr;W3|Vj(k?8}?VfiscXs#SSkXw(+>=GBn*ddV
zJ5j@ZpFv0pw|LI5Xf}8S;Qg+e&?gc1%O7F&GX|$eVzH*V!tR;NKw{K$E_uR|qMz8u
zVwFT=U$X@+^xJ5N6K^jFUnbWiNt3rzzBlr_H)&4A(+qvla;ywC4Zi_S6Y0-l(4}5V
z(0smO?tF=jT{m$Ksc1s-H;{?+32#3@*zH|(B>TafYoW^pSz2>F7=i-<3{m=xFNwzd
z`~f|%DGsr7L}mro@S4<<lXjor&RTv7l1Hx1A(TDB-voX2bezzD`5N%b67-PNJ~?~b
zsXDI%%w_wg^Q7AHIs6<<M#pnk(KZ3Vi@;ho&ZiE}`-iPQW_0VEVW$+``ck0Dbd+J0
zcb#nYoMH}wn_@ARMbF$3JkR)C*of7G2-k~|RomfLzo|<zLvY@|L%yXdZ<AKvjoD}D
zSk5z=AxVziJIIp&hr<&=bva=?RjtMz%jD^bfVV~bm>Ei3E9v7&b)Sng*_G#Z9$!G-
z1ipKS>3gd{kAWXTNw9(z%Tmy@3&wd?4qiSD6s<qu)_-1$x$#Lc++A`=lCNB=@zI_K
z9g#a%=Ro+RTt1V>KHAQE7bYw!l&o3c?E%p7Gw!*!^wHGG#kVJvc+i^#+nKl+Xs$zW
zICblUgW8c>-IuNPV#fK(+imI^f>e-2C{sm#Y5I`*2tcNE=Lwc+{&+k*#}R~|0MdyW
z1kDn9|3kYZj_L`?#e%bA7xyB6GrVl?+-bXX@hDs*{I|Z{PN|%YP$hAMJ+_z<2hRDz
z+n+;P%6i1fY1i;%1@7tGeG7QY;ACrG*z0$1!I)<ryDHzxr{obHxN_)f?!H4)buMmq
zs)q~9Dm?K4b=|x=E@RpuH({-F%D(xi=9Blk0otr76{w_5bF9n3I@Lr`UT$&(0l}Nk
znQk-8is!Y2`#n>^2Vu+SePr`^=csS#gGjX#YhY-I^8BzlxPdi(sfsKj4ve*Pp9v4W
z6+w99DZYHHNu<t~{K*JR*Rlw22)&l#LpiNaiD{iQ=*y9H*6{rTw4{N@r1(Td-KIQR
z`URZAVAgZ5kkHRmJ}U|5YZE~XXFiHwhxEax4isnQ`+)_m4uS9elsS8xw*#T?gGyH+
zk$9YT&XsxlJAvUCoz^s#Y=@FMPuLP4rr9E?8&6_IHDf}U*~97HGe@p%+^z0M4)^`x
zXOQ0Je0!ocWhx7I?ss7#PkxuvH-dtK>Lj$kpM1brh-(q?bWB#89INY6dly#DwbfM{
zlu<mY>3og=D&srhEta)V7eYnA9lX$O*^2KxEL!sua+#NuGAzk8s?(b`+t}bOi|~3b
z96XhKylFTV@Yapw6D)*vpUL*fE2#Gy0uNu09v=+!Z@LmHb45GMv*G*Q=~aJkh|V`A
zcLV5)LyDqj;@R2o*uIT)O_L#lwZhILCol|CVdY?Qy6$|u+qRg#n3O@k$%20CbU(i{
zE+s$13^9IRkfkZ|mSHl~=GACvpMX8mDEcr1o^_4CH*sSD5nT@gkDk2nZD0-kJpE0$
zQ&4XSB!qQRY5Lrh%o@LXbIea2zw`V)>qHekaRT<hwpQ>Pu%uo&^W4L8tMZK=S(!1l
zog(%fnaR9+32dHv&W0Je<KL*@le8*(u<z}~o!oX{`d)Ukr8D;zpysxT--x5#w;iXs
zv)11+ejv5<PmSvmJ>SLajR>1lENy-@$w(QsBLURitcK##(hcI5Q{xIk5|fV_v8Yq0
z&yBD;@Qxj0`q4R$fb~i#8B_Z=vs%?Gp0rdc=t44?IdO)x8|J#-#{*d|a}nN22CQ>V
zL5^|1-P_CDX(X!xlPkt0`3)>UwuyuFwPUl7-G1tt3Svi*z7hU>s@Rq7GRbl%JcA%E
z%g81^rkhJ|p#!987F7<_z?l$1zGC{|zwU!FS=6On-qqY|_Y}uh6zBRNUo<Pb#Ax{1
zR%iP+7hm%9(ZRKLDtyERbG~_7sz=VzFAzN8`t+oYR+L^=wz_#C&DZeUWb}I<SzLG)
z4D?I?x;Ra++jy|nZ<D1lnbZK$U|pE0AZ+_OnQ)FvP!;n<$suT7n>}Bl&JBPXys>SE
z57_BdD1`U@W+?oejf>wL0<U}7{fPnnw7^(jT6F$Gh8pfw`|>iym~!yZSjHCDxsXz#
z*AMd}RbjgKLHgZ&XHkvX$=9FP1cUQzA{?h;eJp>Qyl-E-B=erfsl>@M;!l6OmFBt}
zIM^%S(Die6?RE|(&{5FL+wp)?VX|w#&Zxt_c>|ueyyw)F1MvM)uHt*N_NFfsZPNf7
z`m&$x&A12Ue+avlBuR3Xc_qY4u;h9FBmJhx|J&7A+ib?Vt1B}U0^B8VXS~8aiUxB1
z#)CZ_@2_vDKZa7{T|y8(Wp(+C`KthOusEU+OqBhRt8)(}d%A@8;*ssXybiiH5jPJ7
zOawFawO~V1j!ZMM^LNVi|F|l1eyDGydzcwjnhUtUgV3`}LtMFv*s;WC=aE}|`0*k1
zJ$n`U0dChxzwOrY9n+${)X4oR1M(uI@b>MM(+^(KebFoW7#_c*mn%p66%NCUa7RDz
zphX?a3rlP2hFAC1bsl)=Obd(r(UTcJK)mY&1Y*f3kBzQr8PepDT(&cs_oavc#AD);
zq+(-9pOjMzusxV7+ki#)@w`j_)ayE+pnhE+c7Jc~_zp$POF^F_4~{(wqW0NEMp9ng
zduooJiGGFHyg!2h_&T>Rl49wThis-<X@ojSnRc9!3Q%(v@|6~TA)IUD^O@Rt@Yf!5
z*{%ZQvYekcgNaxMUQ`Q#%dw!38!lFwLw5K*!I3J}MYkSM=zN4A!xb5FUha0;BUWol
z?;R2AtCfiIo!yOog2+4T{@{}sO^><eq*5L>e_$V9G&&Kq6umrnsTq%)X}2H~t}~A?
zo7&)QtE^6k&V5`@4?MyHLf4N^-8z0=1hEZh-!{*ol`<<Pcvz}Q+YmY>oR5CLJEh-V
zm>|4mINyC`p0?4EW2}OpTrpUBF46r2U9-<LWA)NB6rWQ$Cwv?S_M5z^HLlcx3r;Pk
znp@`9m6u6P9z8`sw)+hVROI+(+T9l!Duj}TFVqMJEzi8zG4uTtjKl6MoX^09W;Tn=
z&>qDByrmBlUa{`}U0@DIL;(p;e42PIRL~@-)3yc3nO3b=BGF-IT5CG|1bW=FQU{GM
zO*zkqzdt5BBfvU48<s<{cNgq^urR13pY0)8J%%JLh$kZFJC|3iGxyU*nP}&|*`4w7
zD&KS5ld`}cb#6NjfL?V4tmSGaoh8KtAE|R5MR=ISv^l=fS)xmip!a>>vA>qNf$NKL
z5|cvkks@b9yb~zrOf{3eZ~G1DfN2Tu@dK>c=Nit8E6R0+hdn9(Ou7hvUYb2daqyZ0
z0qUym^rykgFEHn%m^4sH$^XyO=|j8kk+R9_RvLU;Fi~&9En-zvW^bsHgl>Fg?d%;c
zV)o!1cQ<KldE|K)9f{<2PozZF&&ivDLT+NMqrDV4iC3?d*4O54uPSZ@H=hYDYzV&Q
zbroc9rjd1<QBpL`+l6zlWGyP19YzE9y1VO=hYMUL4#7aWf4-uK`#`0@il2WTFVK02
zFCIk@nRCe8>5h-sbsXwT>6QKk^cbkZ%@Zxu25%3zuiQI$?a=*nku@4)=dL|eQVXN7
zkoY17vi(!`K-<c24nO$mYoy1VdwuO@o``$6&sNFXg`4Ic`1!nv>DpN~lO9#4uDRBp
zs&riL9soi>y}z~3rmVhuA(raUbUf!%fSrflKG`%ibLjp2g&$L>+4wE{RMbf>a>H*{
zC(j*2jj%5YL2o%c<~*$1j^=(*^{vCFOT2;-19$>46poSS#7+aOK0dC9v?bv<pFR#;
z;*&}nII814gFAchd=ftXIo0q8Vx~L@<pKx!y^5ROS)h8YWYJ@9P5g$R>C>Zd|D?C}
zQ-W5cF*~zy*X4E|=Z~u6M2y>lqt8;W5{=$V(4cH|FC2d#*5}qOH?jzU7iihZS@H_K
zd9%=5^{a0Su}Nf7e<nR%RxKmYpOpH8fG0BJv-r6I8v~7Yv;s2D*ZcCI^ebqMNAzkB
zY^_LK*^vDN0v1?;Q$bF*lYHW$QKDO-#cmc{V7O_LmxIfK;Xc3)`r`Xx3nH}h$+qJn
zZCm)dYl+f$tX;-KSI;dN){>((kW6+jvkqL*SAVIm3im68Wig+ghLv2QCElJ^kYGnr
zB3($5N49&Ga^eQ*6}WqRc_6eK=(AUXLX*9EiY=(A<UUA^j}hLjP&0O!-Ot1pHV3XT
z6fFX_2{3O^7N6>eDj{OUGyhJze_o%xbR?CIwQ*e)zkyh%R@Z=AwU3K@k|(>Mb7`!7
zbsZeRNA(_Q9lv%Tn(*0lu$$+?)KY|LV{^Z^@}g(H*;QUrX}y|M>4Q1t$F^PjEq~7#
zUA*Ptl&|UsCceVj8ISa;u!bE0y<7KdBKc0t*xCBXotw~x+UJ2kJ4iPpFMZOR+Y#J?
z=Q6LGb?WxpZm(2qSI~R@S5v;YJ33yL8T?O^ngvdjv$iLE$L{!ALbiqS5!G|~a~r<V
zn}H(1-FXAx)mKlxp4aXzvSGWud)i*Co{n@i-os?Yb}(nH188dJJ@BMjs15II(?DEk
zg*$cc0Ti+pAt`hsav^k~uP#U>FFtev{(#H_sfu%_i}||Cj%3}Vb+aB>Zm2%A=SH$M
zQCV(;-bjt6PtQ_2Ekp8r>Jpk`=T&f~>(qSfG|b#A7b-hA$F7jP9pZ@<qd9!hn2%rP
z(#M9=M`*96uS0XZ$KOiecpL#YnO@;!9Z9#vqFnrdS<T-2_T?%coIDR44I6JP0#h*5
zzK<ztw5w;m@}5t(C|MC2JQ3j{T)i=TGQsadq8H(q)bZfU4_5Re$NGLff<Pc$)xup0
zJjLVPH&$_fdX)F<LyeehH}vJy{SH^BL1~EgyUm+d9v{Ida=4ieQ@ZR+#=SC58gqCn
z32ZH@&fZ|qjtAs<whJ3GFQ+5cP4;2GIAkWS$qTX>YSHU~`1tIlOU}J7UE@L%?m?po
zJD>Roffx3H<{@m(n?-HL#u-V<4S8Q#T~U5ar1BGC8=xDi#2zRd4|?0$sk)orJlNIt
zfU~aTJQM)TK(Dai)WS=JX(2Z-L;)h{#C}HO(yWYof^JX6TO^phj|AOlRm<DHm<8B_
zY;}**Ij<P$oTHzMM(;g~d)%4mRMuwtE+Rh;A&LMGJ9FV(-??~IvmbU#z(0k*@%(v_
zW{g#0B*5}=7xw)GxrdG^1*Vyl=qs6uom?2SxP5-tfzWjkq#o0NE(p7w+@(0fH~4gt
zzOtT#{#_SwM$GN~ZbuQ$XR`W&Sac44lZG$sT*2Z2Vj%Fj&DPk~!y95zRQn*$3|m3?
zOuZUqL$f7kg`41I-nW)j=?&kh@dui`Rw^Y?KtI!gw0Km;($Y)^)<5<B@!NjlHXOW<
zv)_B}zf!MVv~Wq0_KWxAg_9>23*Bzy!;DS71AeWXf5RHg1rG=5XPk3RT0!IEvmQ2&
z;l|{AK4#muNl31~lsE5ZRkFE6<et9Dqw6^6DdnV~cu5e$#byR7k&etaSt7;qxvHP<
z%3t-7x_gbso#tz6bl)f?6PFv|hjYtB$Er%Pn;v*v*pS9g4<kNtxTQF`z-tfVhXfrW
zWb#X*55U{yVjwzTIyd}+L|v`1m$+{NI$o>LQ+qijrqLjDu8V^f7d;$YQb~p*5(`mM
zKCxYbkPvlWof<%(J^0<2DxW^>_taIofR8U7&T0)qq#>xV^CEPdm!wNbiIw$}CAYEn
zID0?ix#6!ZRh>mY5llQNE5vanb+JFK4)C@$#?Iass{s!C;JnlASQ1`+9IIcs#d}T!
z)P4Wb+7Yfe`1Gxv)|=T<HNEkeqv$syNS9i53zrfluSIKoM;#mfxXuJJG8{b*BbzPq
z%Ng|zV79E<BH1OrDR1AiEW=4iz)xn)@6Hr7cNHIO6u%GknSbpYFjQt#@cn8PKaut+
z;HQiy3he;ugHNwQ#F;%gvd8r-dVRM$!H^w`SD|j^f}E*TB*aGwUS&>l#8|Fbh+TG(
zB7DfO(3*ld@1C(*ryUi(V@2I0M|?hAT`C=}#kf*_E2^L`VY+cx-q85^7R}AS%cIVm
zP$)`g2i_x`UABdO=JDr;q32<r2EDF-S}r2~d8MYs2?6)<N*cMyrg|PrnjFH<y~N|Z
z4M|Ne2I<70C7Z$`6$O3Tp@okraj3$4imFGOqKb3929K2Pkvs)kkMTD(-iJ<AA6J?w
zN3pfVTpz&XDE}~0>!1(8ogPw`fXCb_`~51_&3nNPO+J(o7=HBY+8uVl;#*&{xBBom
zmQlbpDS~(%<58&%L*EM*FCwbq*<1V#>iEln>Jg$R$CvIuac{y5z9j$lmN;>ve@6P$
zj|Ijap%?F1z$2d-2(h>><>L{2zC#X0@aDtWCtki}n#5!+I$S3pAdg5hq4TX*CmDC7
zBzapKh6_)4mpFGK2*FK0k3SuL{|V2CbhN16s>|{<z)*#%V6}kbtYwjWCjs4Xx20oR
zHMaCJWPEPzt(-<iYLECs*A7ZTv+fL}F@EBl;xltzE-n=IssZpKvy`xTNrjUh15P~*
zJ=1V!n-#ew?%L5~-alIz^pe#)>1;lD*)baSWP{0!`PUPTo>%5T27uN{)umO%BIvaT
z$z{%N5uBe^D7;dD6>+%l2Dp6_Ab!TtrrLbl=IW^DXVGFBM|!uW%cGD-2JITX<Vt5>
z0{Z+0v_lSNN(R&jC_|hOLfeM}SL|Y#pxF_tmQqcvS2X-X?)VS~r;J{S>Pz=%Oca@~
z7m|E(m8A42KpyDtCXIKdo#eBQDx67nuQ1x_alI>7f34N!?pwEBfcAWMRhw}Sv5>Ho
z#$3eZjS5*=RK9dA!wIYlA56(ULZ-<3?WU`~1QcV(s^tBPs3U_fzfCD$4J54dej?+&
zeJSs(rb|eDP!KJIUU`OBQr*gbEfyGT#`KuASImV^<Ljhg#|y0}Z!{^3L(vc80VDGs
zFM=eiYDJhe7GgLRurpcqY7a{0&#kAfnYr6NO%FdPwVXEh2U}9WzFt&8iTiS<B=!86
zeCf~2HF-ro^VZ<*B;yS~pYAjs+wYEM9(6#zqRlUtwTQlbYWc1CQ3h}#2i<<F{Q|t%
zz5&(-J4b{VV`)>Xh4f<N;}=QapxyAzIolNYL7lOXZ9R4PQLZKdy`N*H0bSOLu8_-z
zVBz2=*I!Bukx-vy3NIqDzIV^#06vTJ!W5~0V?N(VQn2o;!c%;d&lvZ;7jKHsWlejG
zFlU`~LGm*{7T@^iHJcClUS<vsm{S0xbQmcVPk~6oz+ISgW+mqsY2Kp_mC$oUMU9I@
zW_)pURNN@-yzO-W_QB2Do%YQm)g@J6b&4!e_ERr_9~Dw%x5FgD4K>8AaNxcQ*D%K>
zPQtOc-^`IrXG7XUa8rjOFUv)nrXYMj{An_9(s5a<w2XERzZZ_A^NxYQ(*2}5cplcS
zt1qpR#w(#2(Rhpb)LK0JPlw*?s^MEhn{*M~KhYgO%4#X_vV)$J=WDXDIC36|@*Czt
z-e<OPy>u_GXjtPnSCIJm1UO;n@JU*%b8p34)+&rM(F}UJw}2zhaqEP^50wDH8InBq
zC8O&^7_8?}{xvUnl%Dv~sXjhf)<N-b>d}W*F!*tQ2#y@Ua@tF9cj^e;_;mM8KUM%u
zHdX98!uG1sOCB}_5OU|pgCBK*qz{RtrQh+M8i}9KL6+YnSS;@kYxtGUc<6RM$QD+B
zBmHTt9RZEm8HHf>9)yw*cnrb7Z+1_wHhz=guXbFp458k=`GEEC0l5Q``N{BK(c{-A
z)gPtdZ*mqbH;fEdvaC~Sv%p5*$G1V&K;5(D??Yzd!Lu?CEQ@6Td>LKOHR5nMyTKTN
z?0e^HL)KkRJfD-N;Iw2vu+3O*m#02;r(;3)(4H;=RYr-NtHqCJFMp?YU8cb@XZ+K}
z`FXST#2v1rT0g+Iczxb-yT!QDmtx*0<@>TjyMG@$@PEvviF-S(h@LTg;Nb*cB-1S1
z<=Je0hzI&JLokk*%WZHEpxc3c<zCnJT$NK_^9kHMll<2G%4baMg8D!~G&mxx2%s_0
zg=XiRJog~Kzj@GV{7hNAA459pD#%15FN2up#e0v|a!khU`ZSFiJ;KAp5zZq!&erWr
zE|D+xP2S6VPttK?qzhOQjrw7uIhD~yRfo_q=t!rC5P_7Ub%US7D*n&IhhvXG?VRLS
zP58ni^9GAz8g!wYlp(9T=%I_zrHMnVDZ$e;L4y-adHB_(hw=qZw_xu@E*M)xB!lD(
z%R*Xoy$vBcg?s|!^59!?)&u@1Aqf$gw*aNIi9p#ZZ0n8-l_(u0Np%M%UMsb=@hG}*
zk`$n@4Oa4CAI4*B$ASC2_`X+b=WJY-1K&N~KBzS|SOJP9L3_5#*m7U3;ov(H9p{vs
zx=hvQ(aBuL^8hz8rqS2a3JQ|wTck1M58n&QN%rx3Z#YH!IoE3wM9!Q;U378XQ7=bl
z6}Cf6mRw9O!(@4Eh{zA5Lam)V86s9VaHdWhJ>pHArU!YB^v%h8L`GP&%ej&9?n8i@
zUoRmt9h^ix5d5$RA326VH+DX+iqE6B?_5Z<oZ>i3JJ}Z>02(8OF|zGz@4d#uFd=}g
zEKC%Wr*<E^9(_EGxEA6;=!_i?^JF5x2j#fT;-{c`aOv3FAL@8kA8S8l7v~YIBMv2y
zeq_ncMSDEO_{i50rl)s4D>D?rAQm~yr>_~x&UN7Y9>P{x@-tA|+f_QVUr!X6UORQJ
z9yxrPk9cbbLr_Q|DxK`ky8ytj(C^LMOj2#b%h%)x+tSze`54<{=`Tr__1!9X)Y?II
z8FQ)P1-~4Gd+6>R!+U1@!Z~+D`=Mb$=dt(H_L4@s1K{P(-~*O(#O1p_WZ-+ryB@Mz
zAA}5<P0UN$qrz5yC*Z%u8*@BYP|F{~lNOckhs%`GuQ$8`?R6JW>wS~p*!LPtg7pRC
zumHpOSw1QSUrTY6>LCL<C#-T>-dh|lmSbZtTh_H#?IKq-ca0{J!r<^r3<Q@BxIlkL
z8faQhaXw=N^ieV?8OqcNi(9a%twcD4F!xmPBr67n;$ZH8EmTE2jh>uN=}*;1<Ko+!
zstd22U+rUF{!+juLRawPl}-LAz$KHxf2H7fXjyKQOsH3#l*uS^$wv@SO`ym*_H#NA
zd0@codbARYdTv`o$r7&z<>xuNN?=&hScJIrjph2)2(zdSpEh!ugSvP5_NE{eh(d>u
zT&EkC`4RrJp;wIR#+`!%1xGezk!VozGB0kb5#W79o%U6c;#IgWZ@(Sx%BG1eJD+Ni
zwcI1He5+p60i3h#z9hXrL8gUux>vF69-(-V$TI!D%t^Ard^OhN_Qi*pt4=MB9Jg;=
zVh=3}b3~i~^%@I;O4T{(_FzaO>{TyV=lV=5*AF)#zo0rT#r?wE`*Tof!amXYs>s)^
zoN2ynrCGdY`KZ)zHacRB1|4Gs0U<(k!TH1zEs20k`eA1kyaXglUA^F*g$Ho`NcU0>
zxc$T{Cjq_Yfk%$w6R7>OXeI^;UJ5@1B~=r9&l=i;n=AGbNInkFib{<1wU`t!-uCdH
zSkd0%I;}SeY2O=AH|Ji`&%ld+8h*}A11XyKV!Vw|xmKg7ZzH`bka73H+HM?{8{;2-
z76UL2keAmT-mY`lh)I9%yp95jhpx$Yv3tMM=U8H1ewgB%VJ&qJ`y>ZVCLYDT1^^OE
zhc1XAw1K=_4+7eN0iN&;;kY$K6H;_WSW@TeiB)Ug_FnY3`U=O@YxVg89>5G&=!BF;
zNX_c#dj*=-s^_zhLA`Sv`tHMNTBNmC$Wv49!}-Y%zRp@VUD!vU{ZDB}ls~WDDy}xg
zL2(H?R}J-C05vwf@+q&5tw13jSdUN25a!khB(uUX-MR2yiH}{M>-+UMs99Zz$IxDN
z;+p~88lMKTPOQymA3wNKr!Mdy9M&e)m?RU*X@7)b9zs)(vWN+~;hXo6$B7fSr7oL-
z#A7{)eocLHy6<T{64HUhuCKJ56PbBX6G1m1?)5u!dmeT&g@X;G*xyaL6z&|B=+Nvq
zRY|D1%KtQxB+r98ig~3k+_E{g^WA<RHPx9Td6#v!68Wvw`COoRM>C5Q?Y$OajZcvf
z5(#7#>fxmC8>7&rmG|f0A>VKYoKt#)R|SuL5(6qGT6b2#58A!MJdJ|4Uec&Qz;F6#
z{N^hPnaaoS$JF>t96?X*E@emPm*_R_&MOTdT;M|oSS42_;=V{ecJF6w{B|zL%}bX6
zX%c+6;#`MTje99yp?MjR;T%F7u*~lb=ehDqK)n}Yrl^r0y*Hp&Y~_eD^g}Hg_iJt3
zwe4h<YL(V}7<YP&T61}c>{huA*(v?3kj?{7MXAA92(*pSFa0WCql8O!!kccLMqd-q
zGhU3^eO$t=_dQmj7~^q8lRInP%CwewtP}4NdB(Xm_Nl)!<lEVk=O~zA(JaO(b^*H-
z#Uo`x^QheYKqhpgSb+Y<-+>B8Z5P)1zBrYb6sv?*S((e5G6W}M5XI<lOBxOp^sRdh
zBTf>JL4F5yC^nEyh>ynjeGAGD?cQ?-7q*V7z5fp%<X4SGgFE$D>UY}k`PYR4_^}GG
z$t*;U@wj!W%KX|DUpd$}{LZ6LAm>sNtzLM*m0|GlY_z?<hCr7o3I+2cKh5RI#`BnY
z@B&BU={6+dlShJ$8|q*twV~&_&oSJ&_Z#b}i~5<ve$uWfcy<rZf&T0eH?u9TPnz<D
zj>AX~hTbX4ZXz8+=D7we+;PI@f*{B7{!@<(_0LPVy_zOndij-U=}!R@Uc%~oFmJ}*
zO@Q<1!eSF89{qHN-?lk0dnn{;o(C0S*7n+~3b?ESa1VGq^tqQSeQtlA>E+@uuNo%m
zE&Bvy6Y0fQ@x%P(R`q!5iEDrtX}%kF4il<1h_~xM3*Tw6z;b0a(0z}>H6t&NeZEsS
zl@gN3#_0^5v|Gq|Uj1$0mnB4R&8)oA_}v3yC95~rwYyvyR1bcgC_n4+Z~a~JW~QZx
zy#}A315PPGc%MhWq4>Cz&uNz$#C553i|`A}+x_bIl=tJ0aUQ~HHiAazEs5N4Tgz>(
zew%dwa`!y6P{A+aa&FYIAD}#PNjMSYrEJR+bCZA-=}Q<7=buFi!@@bGch70T>m~?R
z!p?`xjud^?lQ%SUqsj;447FI&r*O+hM$CM~=JeO4l|abZXQC8#t<y*^=M^;~wpRCR
z3#@+Q^l2Jx^ag~7>F%us;(lzti~EA~+C*MpEq=N5*y5Cf<|WC`l{JFsE4SqlpC2zg
z?v&;ONe)YQgwpX<bbXXzJP0Oe0i+MWr^y|=2!TBi{eHgkYqhz`x9mikewqTp+Yeq&
z2TbOQ#!T~mg01k-32IECXP?I)24DEXol_DGw04{$N#LbGxA;U;7i^ZO^niMw%G-F)
z-j_%H(|ppxs5(uLKDB<F;CqEqfiL@r9HmS+S#j4}XqC(_uw70X=^UNQ?Pt${S_|%n
zN9%?hUsWzw%yWY63yxK3?&RSSP?sZz+DO&wnr^RgT#wlYE`<+=RvAthPg0yqV|JSy
z2_7lYDvU-gk#e%qGCX!xt|9E0^@M9oU?L0=6ncS&vK(T*pP?rK<yrpDH5|@ohkjju
z=9$LBx+QFQzuy=f_^MRkEwNy_yx+-7dP&_EHiPi6sG3@U%ydzk-gSjjQZ^$dd-!es
z_hh)A1FC!cX_Jok&+9mpwDJPNi3i6o(e5LPwwV|L6g**jPfwh4^_Z_Z6Y#=5_G5}+
z$8Q?BzZ&JU$P_Pjw@^Pb?*e#O>P$~AK1zT5Mkbd#uIB0T&rfmX!XxEXE%ES_`U$7H
z4Pi~TE~(^oIwslbGq9GbmGl;{H6kj)o@>`m@-cx$J!vAvIazg3f(%Ny<*j8?Hr&xy
z4FP|^WaR7len{x(84R(8`*MUI1dYg+`1c^jz!(has1E1>v125ypR5_!zVv&-PLDqX
zmL+@OJ6Bo@vpciXW0?vM?&C~wChVc}5E2$`*VjLnPVveVXs%y8yblOC064?iQRM+{
zGdj9-36p%@ZZgTCdmn@BOH9t6f6Zf>H+$vEEwZ0^J_5-$gW;uDHg?Qyk7X~wQm<qm
zg}#oDV2O(H%sA$!Tpohch{xzS<Gkl!>xVf$**^tPZWy2QnTvweb-deq7F-m~_;><c
z?C(~nPoSWIV$*5AeeT|UNYJAO&O_q|#=EfkYq+!*x6o&Yn32(FYp#qkvnp7{T-Q1;
zMajDPmQ#MZAYG){A7G`trw=a*uq6&b$l~>5uuI$UonKctE%%v=dzYmy9g0*s@}OUy
zS3p~m?`0h4>3sN#iTtV_@)L$ec$sJ2D-xX+wQM|Ly|ugyA1a<t+F^A1!Rfi=va^hc
z@1=a@ZvyQ_?IYu4!_uU5y|<4&cC?1KO~H=x?Uc`oSU|5I>QU!?uhJx|@;pujxYuqC
zUWU7e>rttcBc6{d(yShrUR-<#sQ65ai@xN2)6X}@0vEiq48!y{3Mb|_>$8IKy8{Az
zLu>X?Hz(&xlj5&c?wAEU;!7nO-%&j<z=eBHyyD<M+Iz|qdA`9`c*%Bn*G_cZKF}i9
z5+JnGH$`hg`#lHbsSeMYF|BMvC6OBun|JN-OOoC-`8fWa(XXlf>T!hGYk!JHqQT#$
zKDAvKw<;fNI!TQ)yALL?Mf=99Z&tKa2rzIiwYw|LseHRl@nKpXM<C}IwwGZkB-3>_
z%N9mx2?o(cqazFNV@-GS>Y2lLD%V7>e2N1jP!?y+nGS@1tP-@_Dl}jYpMs5BzVXS8
zjLIG>r!YYu9Z3<&6<L%V9D{H(%%-<%WT$eHn)wFRtCQa)57(>4-HQ7#&_hX<aWT!W
zyB2%CoO0aq<|+TDzZw|DnGBdY%#N|-a1{si(qi(d?;^?cs9o5Qi0@t*NkeP*_!469
zrp08pihqhlvL{^VJ@+?Hi*<15Ztk`o<CijF=|mgs9ehiTFK?EQbc6(g!Z*6kXJf?Y
zs(qcW-;ArkS%@1}`mm1#-ljY5p9n86^mdSjX^nVUJYwFV(jixRLHIbnl5GoJuzWU&
zLHX^E;>X5clFKlVPa)~<jp=<<#D<#l5#Ly`%NIo!JUE3^tZ$6I%=?lJxgLEx5y7DA
zW?pj4_hA<EQedK^RPQ&4v6Q<(dl(81W5c|EJ=CWc^wnLt9+&OKq<Kq*8LRf=r{<^j
zb6I;loxiq|;&XN1_Mx+i`zWOJgCl+)WB6Rv^l%q*h5Nb~l;MlxHPboj0=kwtEovJR
zFTu%!c{*ErVf(wQ)F6<HnHS4$>D!l%(@CA5C&H{%uxiR-R(T73K6$5XYo8M-H5A9-
z^pSmuP4V0sZ!4G<(xk%qWZ3fV1in{}ucUvY-}}nvW5|Z66|E-KS1tIYRS%X_y^rP8
zOEpr=uc|TB2g>hK@?(JI==PFN(jd&spz)ZsV=tev0K2zA#8>yNXXiuq@_^wBO1^lk
zHrl@~V=~82O0m6Q$G>9=yjdu2;(TM@GpNvaFPBu;GvmB8H)M<Ew{ko({Ii@IZ@)N&
zugZ%R(ctLfOTY_XTkZufoIb}>K%8^jR-CIE^S0>1-=oO(=M^0f3uZ7Lyj|s@v%Iz>
z-D;JHvUw>b>&}^yFt^M=rz1*pd1IH}x<8P>XNr9}F6fzuHSti4p=Kl*?Ai1Ad|AS5
zcgyz4WT#6e6ktmrLM<Uum6>*g9x(@A^a{+LS>WTWHlHKI5xG@mP!O)iA+sKFy;Hk*
zN;P}gl*OCzuAB0KHKX{H2CE1QVIN+|{0s>WJ_fTcEN2)N{p(C(Cuk5ZlM~f&y#8$v
z6puSF&Ilv{ECMRq=3p1tOC`+wDwL71TzE($U4>2nJS6pK$gmKplRa9R5JES73M2wi
zua9fp&%jXR>#43wsYM$>0gVaN_jeg}wvz6RlVP{Ot$nLceMT=gGZYooZr_t96)Yce
zRcF2Aq24*~3(CS=IB<Ys&kao|fldPJ0r)&!PRc3yERN48o<lS#dJ0*;R#5T6mtZFN
z!f+!A39xRO9gw+S=a>=sxVOa>$gi33OhmHAc_@}<Bi<Hr2%m?x=WFtqgl|?lb*nof
zAiJdX=8SFk9;btF_E<x{nuK`!jD0XjKU3T96s0LH@`i4AP^@B0amhm_hkt4tG(czW
z3G2aIL*I?=C+AT5c3FR(>VwjmJt-F<4e8!%N2c)Jd|~V_(r>xBA=iV>pfC;1N%OVv
zsf5I5%yw|}d%AsKx0FyF@jd1zq72_5R&lf2**$L;D1YsW+-#%*a*xl~2HwaT^wR5z
zui1<?J`D5{%x9G|63}LIj>JnhCxKw%=21Dzw1|z3ArEpHo<%Y+x#LG2VI%!=yjQc`
zx9GciOV<4a=J~OMoRGu7XW*@gQ)nnrw(`A?=BAtx$E3FV^~@QapjR5BE?k0A(70s=
z-&)l<dGXWrXJ5=wF>S)yyL1NOanq_qNyP%H(<$+a?J0l+pwHDhH`o=_2p(7WbOfFg
za%MyB`G%MEa}rv<L~pa9OU&S(20`fhw_*DOqo?<F^ty-c&iD<AboZn8tSI_%0d_NB
zziij^u?A*M1+cqO9<aDoHuTtl-(e({bV~UwgZvo!cM)05nWTJ9nrtDV%?ssINk`6J
zF#T>nS!+O%!X68!m*!n;O&!*TOkwVs#5{aGq$VI~E$34Xtym#NCYhM36kIYrH%m(j
zO9#~_`fRqoAU@5}2nRc`B=KZzuG?_j8;P;!(a#_xT44Q#FS`CYzTwh%w0ZNKa)A0B
zk8ZVlb3noaE(A9a5HbN;TSFd2(tQBLn(o_ClHKj+I<gmC^+=ikZzs9T54Ns90{c?O
z=S@l1u0y4w7wZf4d5EBs<GV=j2Zq2g6(Q(TgVR3Vl`zdy+p*;ZpBAxAM?GGAf<9k3
zv0GxQJ`nZU$)D6i0@QE0Dj>$rwNFtsClFb0`p&I=Kv$BkX7v7C@v>t&>!n|8gP6xq
z{CFfb9c682)GF4FGeU0Nd}W-sH^c3qm$~0ao*oSZuJhST=QqKlu)(DG*89}SvBL=P
z*v|@p1Z_3yXZFz(tpchtJnhwpoma@P%?++(<ES+<%%Ln|C>;**7-x>JgTaI5)&DYF
z?$6B8sWKl^iU)!;<fZ5=K?l9^>3)(vN^J2BOv&DCusw%vRG!b*hOWL)yL1ij9{(Qu
zrKpH_z=pjFKCf7Q3rMHy&>onQ&-AP%4h7ku>R|$`Z%A;_J}v0S%mU7SfxQcfb6zT9
zGDT9J>t0HIxo&Qj?5*9oUdZoF7uFo$11$S74LWkmonOv-$h+x0sEbkwsm}1ywCzg}
z7eQ|k*lI33E-~Ls!HA#@%=*xM+?hs%w?ptTLNPc0uEk9Sqwi;OC#Q7ep=_@9yrdG@
zOsi+>Ce7w3+=u75AR4j~>a<Yj$~hP3?QW8M{FErDzAefFFO}5$TIaz`rPlM-)B?Z$
zp?tg$0@D6GFDCd~j?%&SvA*kfUqon<wvLz;#AWJ>a?L6pEa~e=f)j?$D;X*rM@Tho
zPNG>Gue<>K4i)`MT&1js@e-I|?4_ArW-|f##;24z-1#v_T88Ul2vn1)L$}S#Ib@<%
zfjkKBC(D-kso@jc{yMnGhfnNdBFOZ3qxFVHa<`rPIG%s=(xHCfh99@<K8+7JpHxc5
zN-p$#)%$(<a-H77%Tc1(z?Vyb_y%07;X)bvXF@J42|OZ^yxA1w{(=mq-(oJXBS`3g
zs&#-5bVRYU@!QT{f9Q?AX5YBL=i1g*e&_QW>@Su2?yH~HQ;%sJ<cK1+hg`dvBp}TC
zy($mhx-zytpDe15)v3BJN0H7woiF{ID(Us6PkKT&&*wN*N8;fMwwHxM^f2Og4|b-E
zY7F~c(9b9X`N|{s@?gCmLCj(uI4611Kc@%NPn03pCf1<OZm(Abpr(*Qloc-UctR0~
zp}uN94}GPLn>Ic!30XS^U3(6`iYd&?F}GA?SXH<`dnx2kBIT8#V)QFFzxzqJXTRCI
zx-^k{vX4H9DVd*1SaV6~qw0K?v!=P}Bz}(fIU3@E*`OU=j6ou+XnM5MzcuxmV&vRP
z^RLT&59#}oIp;GKrLgN8ba6KOF?HOc_h%VE-?@?VZP>;FWQ9I`N#;@0Ie`y`!iHbt
zF1-tT3m;1gVTC<O2hbnP?h_tr;K_?I=u4qi-`E&50Kmd^aJR2&Y`k)FLbRsc_X?_U
ztoGIzeJaiFc0}Lu0o=Mbm*Kp+o;;c*hN;zj?>_Q-guU#-w$7_yln&DeXgc}!WpCgj
zZ|sVoSAU&c?rb0IYk6tKn(3iJ{@wo)9^|2e&F=Slb<Ee<I@b0Q)II*){(LZ6!oR`O
z(v$kaYu#R0Lm1$LcicUu*naTkzo9^w7XWjN-FQvEtDqLzjkr(}nOX6uVc5W*{ugxq
zyue#+skcJ!DS1orDqsN=S9si}>4S;)TzYk~{ImELC#OeZR7UTpH{`+1J6w|}^dg1&
z)Z|5ug1Z2|;5>|rt^4`-f0|r6u?rU<teJ&oStw|_>)0|_-5W;uDAe6}#VIJzh$1fW
z*IVcMeevr}HV--rd0d#|-%0SHh+w&;?qsxm9A5Icn7wHvefIJAr2Cy?vL{>%_6e{f
zXzKBG=Ez-1;puyZw<$^r^#0pAKB<bh*l?Ty=R3E38E2*8VfJ%u^^9On&nWTs+tqq>
zG#+kbY`}$!Z)4AC%lb6yECF^2E_U_*3>7sn0S<~CC0ipIVLryFbo$`V|1oxDIhN%r
za7zX=elqTVNl!kvKU1nFb+^=&m3KHc5Me{aJ@?h!dmC{gwYE|Z4rK=)FT0qTTu4)b
zL1GnV9B+x|rZW^@JHJleh5IUSU)boL`dRj+O|nHyf4)$0S_EF~_@k(H;ju4fv6sWN
zvC}_a?&?}Mgnj`7;ZlN_ACS~SpsOq<qwr-~+FB0fkWOBkM5U2_ybJ?_0ZyG%4H$e(
z*QZZps)gT|pIqq`EZCyCb2FwskNwMb_MGPL$oWM$=1iv<P}y=bDAWqO^j!XikRFyp
z-fu=-b?I~zCHAKob;fP$Sm(JP?YKdK;nrtNxZG1kmidyWJiH>UpAJcW|H`XWlH*_F
zDrFnt*S83O-6uVeX9Ho~4z(fylNtD<@3{uNcw{L8K>3m(U@`HvoDsdr!iIbxg#A3U
z_c#}IjZq<rUm5pdKt}pfQSan=;ann|_J|8U%8%k|8yXtcuecL&%`iMP^}x~ljNZ%W
z0+f4v2=(#muQt?1dVEJxjCRUs`c{TCC0;ysvin?GF#i-UPR1+=9;Jtp$pfm{9AlQd
z67zV!p93E^Qc&l^ZYS`iAGUt*W5PGiR?dy~ez`RWmv)xIzXnbq=M2&lIBBQZ9Xr(e
zkrne>kb&jzD;ORNu(~iA_2-Dk#Xqm|YK;XGavl+LY|-wBy*-m?NJ1>*iWjA`I=S|4
zqIpytc$_V`+0A8c$YUpLc@**<YKgpkz?>+D4|((FV4DX1Ag_j;^Y+v+|6m|oY{hQl
zd?`5-TZmjbPnDy8D6<6LddvjUVl$B4#lg3-Y@YjR_dX7t)JI_K03eSXUORp><w4W}
zxy=mhvO`~1dbBA${H(lf{rTw?qHlvJ)A4*T^)hwr1wlHsb7K9@zx9RRGIHo#6sZTG
z#HEj6XEe93Ue%ZJojdw|$Bupl6&6qhckft3J9}hCiQk(E-WV_UMzfQu0Ia_ZvVOTm
zFnVNQ=n!D`Jm3=UbtK4-q#t9BmE+&ImjKWN*(-;kvbSt^w}+#UWM5h|Cc7}BN!BZI
zv8JZZ5Yi2Gthrl5Cz~S??LO2lz+48}sJJ&;4ldiQ>FEO~6JW95s2-|csEZKR(gC@0
zMEIeaXyDoRT1J87Q>%~V+AGU_w~psp-_7*K?}TC(Ze~+wh+SqsE&9-JY&urn$K7~Q
zMyF7Cb@2Qo72##&1|=O+==bj9js@Y5#=I(Z*V4lAlMUMovpPqiA19<kv{)<9-DIPw
z0336w9%k;;LAeKe&!=f6=d$&YsP~gTD)657Rg;W^=bQ(rC;OPa?_c4Y;|sLLW#)86
zp^?U`Pud2F94H(*eL;05`8=BXUH_2YuE$?L5o;wcG?;@a+P3G5T<jsImmhA)31sIn
z;tFCqXk<>HM%W%wq(=xJg*b8a=Jv5O{IXM3&A3-R9HW>gvxu~K?=rQi^7}3JdThsS
zE__3~=C3xtz`TIz1m83Zz9)hX$Kj+&gNtK*bNYN*?jS!#z{1=z<gxb{W@mn)7pF`5
zZF5`;&0_5|5J!JB)2?!Tf-kJ?mwkP!*WzyEy)iEs3FXz3IDR`TdjcJaPha9R07?6L
z=;9<L^8)^jlkxAlyQukeNnh%}DC$Iwt31H`i2$cwrjjqEfpr<_A-r30PwKtUp7$07
zy<h*pal}B<!@hFn^J5uO`i_Nk?x_|yU(8P7`*U=YJE{BlN_Gg)Ba`r5y-QFT0^vO@
z6o*-}6b^p9>C<=>92r;Xr6FpBGvCd8@yqRg?gqhtixr=3{<JR~rB~zd+;|-J=x5Ne
zjy-zwT&cALw@2A3FEMMK0xWDxqj3O(Sd#Z~IK2Pa_6Cnq_-3Am^W@AU>J6m_T3PtE
z|Hh?8^?a%mxOb)7Q|nfjK2mKsWt#H}NhCssme?yo`wGmhM77nhpf*UaQGZNyGxz}U
zOrHKktq;f*+!uH7_<NqXg;L4Qn~$uXQM;-S7dDo+`8ksb=k`aNA`kWn8#L5L`p!Fi
z9|9k4Z^6^laN8Vt;gu065fjf<nsrfpo5|)lJF3gq4TX<Sqe42WMt<s$_w>L{HI-!h
zH|J`(>c(g06Gj1qa<nMVku_*cf~z)<Tv7%(ft}VNuGGkU0Qce62ly##>2_4XiM;XH
zx1#apdp)olk2V#&R~t_{k3Js6rIQF(2r6;F=H7FM%8y!yUHMuwZ18i%!(qlVzAN&%
zO}LDTI|3RAAYHh_8FEP<lnjOAPUjd9_#;Stm!?tWwlK#zQ_^6!!qkt_;?<Y&yy-JR
z-o<QN(mpM|I0V;U1Seg$rX3=$ht6MRmJH;AKrjxtS;I`cefsUU1^}^q+se3t^YB4@
z!GBZ6<Ps^XP0Ajn8JyY7kz#yYAmNbg18aj7EA$Er(#sjGs!Dq{_Q6WMFofP2m8YHa
z(_U>ah3$UCSlGGZ$SozC+I7bxM6fn4<#Oa}wQHpZ%^uN`SqW(-O}!S0ntV1Ir?^Oc
z!j5=)iwb`YwAl7JD_FRe-B|Ef>y8hmtzc?L+)G`yC~+qQ!#|D8&3I^9(`$7r1p@y}
z%lFUgz0=mmV;X$nz;*E&9-VYtyN_eXsN`HIWip}(2auY)9*C1EpK8k63yZ?c8zPV2
zFxV?X`;r<9r6qjbv7hs~?nRU7z?1f<;<9_=A^Ifn>=h<!wTH|e9Ay`<i}w`I+T-FV
z%4cG+iUz&!$7yu*Qk&euY*+K7Lb}HVuC0n<;l&H|sXCW1T*8M;Ld8Lnk?duU`NRZ1
z1CrWD#%c4D!{SZDewfBUHA<G0<$&%k|I-8s53LE~UTr|m6-TD`Y~qv|drpkVP#%g7
z7UPnndc?@$8gl-|#6IUHy6@Xr^s-*FtzG)$w$c4kMXo7crlGj^K_2}?sA%A!j<3yc
z%o)rYze$cQ@g5D(ljYxB`$@NZ2D#VexaL*k!2Qs`^<ihFf%d|5m}$fd-z?^L6#7}K
z4)0@vr0C>*8oa~YPX3O|h8~!dbGlb;46omr;qZqm?M3>7pYj=-%fyRxWevtyH<T3~
ztyja*4H@qWfKfgIOTu~AFk{4a@KfT^x4kdl<I`h@9%-5(na$<$I~x9AWT;nrn23vH
zz}5-<oX(;_uTb5fbMM$;0oe#S%JRsbeDE$F?EEy1QmNY_9AwTnSgcpV^PJV&>nD%v
z#h}kwZSIt>?Mv>#_CPu4DG`s1b?2}DSzqCTB`L87?CLFPI(41QbN91NnS<Q~HQZ-y
z$%eM$yVX8%K67ef>9CWAOEepNJKfxuFylf^wYSztaL>J|r&|cMZ+KpK39Dyd=IEUx
zQ?JnO3{9MaZYn!6^?v&;cK>W?g=Q<_qQqVXpAM4AJ482(N9~n+X@mr}ixw>Lir{&i
z#r4vBuCpAxpOtCh+rgWq#ohh@=L*Qty|o>drP%k@Ar48i>x#9s4QTk8j$c=6uybeB
zvSei&U8j8RVf=Y{_QL`rbvd@P;B1(-ipNOMppi!d;B-#`T&|wNsZII&5QF}_=&OsL
z16xn32<G0s9l^G6H7{F+z&EtC`XHlmc+Pg7Psm%wj~?1b0NTa8W>3w{4vt!)Pl+jC
z@^5&X&!UabX-|2<wsiw2R!Wrt+F)*k8IhaR%?Vi&|HkFO>A@kfYF>W39a;1tf<s8o
zR6v)qclx2nyl=N_U&6;c{mPs*d(>*oC{A~ZdLJhJ+yUhpq4DEq=>6zsY2)QkP$WDE
z4PCFs!1A6T8zbV*U>m8#viYZmTioW_>Z)_^=Mi>LHy|N8T}$b#7x#T|RN6=^DP90*
z@JrgREj_BBDXVqI6uauX=Qr$bl{OXDZ^n{tPp|7@dd3yK^oSZ8$U~S&H(@U>R{&xp
zxsYy$JYaBR&WkS=<fK43QZ`qln$Lwe<=5zFl@kI1)sQ@LtaY2n>3s;0OoEcLbvS-Q
zIb(21l)WpyiSJgq`8653YpPPPAt^Vaz{-AG20tO82b%%#D$Atgr@G9GXOkWvM!#&W
zbca&##mk|_`^kHjPvtI<G3BCmhk@r^Mnbsgd03_Dy3fOG^hiN_rYSmz&E>(k<fk?F
zyIJNtOqV{1fT_pdZK>W<`;-g$!R4WT+yDaT$YkI#Lrfcy9)k0>19^~8zoj9TL-n)z
z-uW(it;BP{05G{8S3xF&qgD#&`dJ7Y;mZoxUkke*<VM@xm$|xS9_4u$|9x>p9d(4W
zg7Ql2BV#WU8FaG7vPK|dai(+N<wtA19?=P1D?f9h?{ZJmL-Y!I`$hC1$TZ|5DsPQZ
z_*O}6++vLTa7D$-3h1A804diYC$l}F{!m7A5yKfFu~DGRxLTiPg})c-PNXXr{luY+
z%?!uP-$bHR_hSosv{;tB4i}?J*~2|`^Ro`ePX<B&>b;;LpRv;IWyCpSG(j3Sjxba2
zt~_`Q_mT(imCuNj+>5w_iu`4>&w~d=zkWkLx_bjg=V;R1^glhAFaLSvm)CdFJ~jR>
zc~SGw2D}F}cbg!hEc_e0%z^4-FLOUI&<<Z6M}*Ofbgvwt2VwX-&^R1MV_lCr^QVX~
zb;&E-U(yD@eIEN{<h`4>Yc@aE9BC9M&Cc952EWTU`N;7SpyTgp-*~Jz+2#}O_FzpH
zyced&4Zee=o(o_v20N%#^hmr^o)74uzj`tK>b5`wpZR>6*trQs;$-UzL&oERr3>m6
zXiR*Lw&NIqH@z6hR-*dn@Ce@PTFWJeU@Lrq&rQG}-M6wu_3#`lC~31&lJz9&slsjb
z4py)}%~7cqy7%a(I}(9&K1XiRD}rYjFeHM8c`%*$(-69>!}awHOLi!dsOA<`Mcujm
zspBE^Cvn9*jk6=0d;$^iJ>BcQrPsIgL48)2+xDQ;Pm#rMEid8yZq(c^4(wzStN7&&
zu<<X-UQEp5;$+-gA`8Px01BD%cKrfcXrAyr&T)Ca9uRklyWSe|+5Mdd3u){DA$rdw
z?4Zci$K&<j=@A{U9{j9CnmtVvrQ8!9Ar0hLl3>eH3t75jtG>&H0yM3<k14_F>u6SU
zj@`G<AfO%?rgOvOf<nF6=vIteYO*TDSVY|M$2VKKS{M8q8nxQTq+jsp!sgX1TTf9n
z;W>?u6rz9gXP;i7UsKxrdi-x%6>AEj6dm((Sluab-~zr40k`k;g$cGp=g6}1J#W(i
zzIXbXt|CLh1Bg6tU>}UyZ*1e$(<7k19;u*FKlwiNbENe)y(0N){Ege!r_pcpiG7fz
zY^@3W(`htSHJkT9W%}|Sx%Y_OoqG>q2r}D4n@kZ$>ww7Rlg6-ai_sWI_L0g2I}4C5
z4+Q+@YKS|{S-3v4dPw4$GNl94ot$sNSow1a*zp>+9_otkBpK{7!4OsXg9TjC2OsyI
zFuicQ4o?KM-`g^HZQj#5FZ+Cqk7#TRk}rJ<I{8AwV0Y;6<Sc(){)O9Z{(RLRkhfBQ
zOlCTB48QidB}AYbejhCBqDOf1q_WUU3>xlz)IK#N6+&zD?}(wmH579r;eL~5akfZJ
zxAlO&r~;)!{z*x)s)P7L==wXVcY>}*v`TM85r@S?&x_fYR9E0_Om*3V0cj`{2vo8Y
zN~wn--+ooZ<36SK$xUL~O^NNMa~#Ri0<W$d-r+d5qisoi5eQ*2Lo{1YoP4}H*C``X
z_p&!P%mf@>w66W<HQ-gg_8BqsAwKLIj!b}kch4hO{2*;lU7K?jjz7{TeM042KlhmX
zIqO{OSv&PG+XPT*+o`-r#oyI{e3~M2miQZikTo4yFlN^SGZJ$~!vryjyGq<4U>CSY
zQZ2L6WnJZ%f5&My3w~x!$?;C6CA!NC2S^3?URl9OUai!G^N7nvw&`Ap>3i8H&!dJf
z#na4Zo=a>@Qs*>C6QB_QVN~NBtBB68Q_1K?H_+UEI8o491?Mqj*oTQnOF$oYPg&e3
z_1&=Q&f^=$!@Bjp$LnZ(t^^~|A?R#5FZHZ#zR##v&@(9vHI$7KKe-y0P1uvpC;OHu
zfIhZSIvuA#h*QeSpu<8wpLIj{qHT=sH>?|eaN#n@>1119&Ch!Mz^Sp8T!kyBKTo>r
zPA`E2X2JvV?q5gJB5sTjs!=NsRC3fOC3@mU0$I!61qC{I9RMMd4y`S#%xrm7gP)u0
z(O6BBfXDXnt}+t3!^nD?j$~X|>+-#5H&Gn+oBWK<Sh_HY3q3F<XFaJ7@GakSu<W=Y
zn({jE`*xp@Bnrl-<g*mq-tVim`K9|!q4$s}OIe>=P7RO1l2LbO@nf=b@_w3owzF-h
zYPJ4gD`N{|R<Bs$x#TOaGL_KV_DnC#;Ip6g!?N2xp`YmIEA%UTqv>TN>T@0;&5ha3
zI4?lloACxqNV$0iK)l8BuP1y%?jCyo4~l?86HE4Ydj9hoaHyfcT;qg^)Z689IrSTs
zcX7$Z()|Rs)LI9l;!`ydC?U)|cjB{Bk6~8>7=O=MUv`@ZUDq{9g7?fa#8C*$>tMYg
z`6<|X%vF{3h3WXYJAF1Zj^jedUK+dt*NB=YuitYHzS0tX=|Eht1l$JFpG@syCZA0S
zOP})|BDMD8Gex(h&6vviJHcSTT;Og1om-~kbB@0HG-)QEBNwA9yiJ{-#?gBL`HbuQ
zyYqOYD_7J0?Td%kAOhxIK6DFKubdVtJ$Gvb{CrJZAjSMm`_;X{dh@}77vh8({lLl*
zIDwmaUS#9YI$+)hjn6soSt4T9-GxFhtjD?PT(BGaY3V)yMYqjQEU|(B^a=-V@iFy2
zHr^ui)}J5qRdUw8_E2ZcFfl}$^_o2nOK~n8dF%!+Nzk6=mm^q-BZXY-)(#k#kk_ki
z*y?lq(C01cOupval`svTfzj8xc2AQ$7A3R3wbnPQzFu9p4-x5J+O_+@!Rg7vw@J2l
z9R(5m9CCqJ@6Rq`;DC(Y&zbh}^z@_U3`-HVJ13BD1i}I6dMSqM%t?sSBlFE2^!uE7
zunv&bjSX+{l-duSz^dQrC=d6ja$h%_ocV67;n*V@V>1mTo9*_^ym$h?syMy3kLFHE
zctIP{*EA;=6Grv6-*h=tDc^wT+*?PkJ2Zy$@2FeR?0z2cIG3gZ(Dges-M~qIZ{_Py
zN!ffW=se2!UfRebn~w*k)Pdtf=kQC)es}Mkv-WDXWv<$t)7y@4*zR%CdyTKwt3Q(1
z@Lg6r-Ul#ZKkZT^D>?8&`xSYC)spL*hrgB)MN5D2;O+LXO1!ixu+c`N=$I002<P}#
z-7};3IUyn4e5r#(`D-?UeYCAELF^=7RYJ);#Gno2U#A~_>h6AJH!}&zLchz7qj*iz
z9T4$=epVqyll0B%s=*>4L$$Tl15G@Eb+ydjf~Dx6{vcQXybw${#jf}<+US;6?)~(z
zf$hx0@;5xS&#82t0$*m*gL?7iC<9vpteunr!je$q3ue-ONb}e*!zcTK0;B$ZEb`bU
zWoxz9Uc~mC$K^NWlfPOdgHP6gy;>nD?`KR}*egH7ijB!mcMeyluvUae#hD)jG%Y*%
zK(Qy?EfxCOm@S}?2v*5d>GMY)7JkcZ-8eOpQdLe5RrzB95zBWRWpn1{R#*-{hNimc
zjQ~03J+Dsi%0DqQa){X-aj;KFxu|u-<Tld#3hu1V8vBS6`;<(@eZ|R+5M*CxKKOGX
z&1gM09`{Sq?$4@_#UT5Wcii*M`8UPskQ^TeD3r1D5Z>~Y19U#!gK<<*(t+rgptqG^
z7(@G0G?`oZY8lGDY;j!&_<S?bQ<v<X7ucVDgOW^tMr(Ljb-R)894b=8%LpP6_gF)@
zOMFh!;n83O27a6UjPjlZ-FbB+IpLoAoZEfn3||`ozX2|OuDsd_${?*fS-01@=jAk>
zDwOxx1Rff*WCR;F+!>!NTC^$xg%_7voU`XxYqUz}$+^{c&!c|+BJ*)BkfZ*2>dofP
zv}VC8X{G*(6|UcFkm=3q3J=10cE}Yt_pKQpd$14A&Zl<v`SG2gK6|C0;z;$eUkhm;
zVZPb&=!LyZaJ}cW_~&BOg{F&}(LJ3Jvj?2#@R{phlk|=al;Yal1z4o4DAET~BG4l7
zk*K=+xhC|vajos^{%KJY*SIUa(^AbC8}u>f3YM>u!kL=&lOgj`iT^}zP*n@);zceJ
zDzVSY5#5f}+;q5b>K<Uy6unJuL0^`?#9zB|+(%c0wk!|kj7>b02>8lED~$Vj#3Y^b
zJI-Qa+l^w)_Pb`dccPp08*yiciV)Gv(=p>_r|!cC<K3&}7wDRXao=MM4|(tUOTBys
z`Rkv8<KH#LV=yztq(wv+$G{G;xGXhg(41EEhClT&uKjs6*e|=v@r(@3Qz4feC83+I
zmsLgwl8e5b+SK0_tm@|^QD^BpGj0V0CcApsP!CtVU*c>GdfRwMXd0ytdu_5v-Yb+%
zK64Z_yWQYC>e}||;_1vTs@S|*C1>;OVA$Ct{)AD&o4sp@Rj-Bj{frAB*6Qxp8Y|cZ
zvUMP$7&RykGAA`&sFTBI>0!J)sc>V@ZGS{b_pHG5F{Jv`<`{*UY$sbHnu}+8<<5@!
zCG)zTw*6M%{2%AgXXv~8g;Gm)?GfF*XHO0^@+Wt>dm`Uc=8}ESYqqN;R67<uRdFlw
zelBVBU5D45e&8F<iq}%)%}aWGuM_NbhOK}A08~J$zr7V$tw;A0ni*n~OIMX$OkRTG
zDvMjoSZAt3tLnici?EtgtySQlp_v{x%a2j)5X<M#f-IhQgWA(O&VBEah<85~&RY<c
z*>Vo%{bqvBH@<<0aZjAFmnGKA7nz$L;HFuQO@_DX4y?4FC&bbD#Hh}kdmg)xgqd*o
zbTIAQ6W^)UT$ZZGzEHAbaF`RKX{hbIt-3%+nx*Yrm-a}<=Qq6lS%I$##GF^pXP_T8
z1I2<p^$o;AWw_Jq5oDK46)na<Wp!M#1c!v9=3)ivH@r~^L^|2=6HPZnHr`4I*ZTsT
zALt*bJjxXB^N?QlDu+2jQWQAvN9g=O_?@P*vh&UNHaxzBcpi!X8WE=BaK1e=8keMR
ze!?)1K`;-?gArK~skCS0G5A%Ew;M^22bW_2sitV+RWUTSxOr}6<;er|f|8(G<KaFm
z`KWos-iUSyLBB4q+(p1XV%o*b=NijF(2Pi7oiV+lbNCVu$g54bp3-&?-S^z=>b%d_
zhG{^a{z}l{9Jsj*gJ;2Nsy`5VL?4}(zH4%Nto&7khwB0!S@zM-Mk)#DeGp^yx<D)b
zidEbcz{Ktsw=$O$j6WMY5q0010TNX7JK@w&7u$g=4T}Hn-|)XL2`8Ht!oJc3JVcDa
zl>OG!=N?Mkivlk*wI9CfSK&wu4O)-Ckj?Yx%S#ZrJ<!6y?4Qgo-=Y3gn)C!vXFjUa
zG<Xp2dARKi9=iy$)y8Pi=0nnD*C)JJz$WZEh2%?QHmWEYbLzcoQx0Q?Alu+9&D#bD
z_{jq;`AauR_OR7nt|-W_)8APEoG7aj<I82I3H$La%dasyA5S9-Vw-+sL$c*7m5<w2
z3@5VYTnYV5fR3C3J^ODzz7r2DALP29AC-Q>l`k=SopemjlMKn;r*8Qnhy=v|F@EIw
zeuBkdvH*jvT`9(}W)?kShml;fL5ddIt&7Ck?j4E;YQyJtbZvuKd48sH;hVpc1}iHq
zrTaj15}tws-Z)yl2OlqGIWCvy1zZ*De%JERZi)Mr3i7kG3L>b?>Bn63CF6n?pi4}|
zQfGF;iq5siYhCN0Duqt#@gNc>2((YWK=IL)f{+66Nu+9c@qR1U!9Z%!5gNCIdp<$z
zJ7*SY{Q*9(26+UCi79?VT#3wd5Fe6H`1*YM)UWT9)l&iFnx|)k%v}49(>^!O0r?y!
zMVE%ZO90H{e#6d7GiMC?AQBw%pgLJL<*WzB>rw1*D7tjo>K@U@r$|k-Y1_XmMivpp
z4lDDwijP^Etu_zPd9@JYyC4ED*5>fv3Gk;68&?GRt@V}hsm%XwOnHwlJ=ziLS3iS`
zOq%1AX45RSe))4{e9x*89){uNnj?mG?V3bC;8P;>DjykKo5GKI9Ju^wOvrsqs5ad@
zA5+y+*?AG*tTWN88032TMr;Zu1AdZ=cW)XhS7XC>hGr%dP5~+RCF=`~Bb;9FSltEp
zHIZxfIGT37eeOU}Ut44K$O)MBPG5f{y3qF;6TD=`%gt36X-~r7`%6`h?5?oI8u-a$
zn;haf6gQOW%8`6Y0tbhDFz+6yNy_(tN1U%&%>8;5!TyvtqVwl<A;)7Wac+ElG1+y|
zy!{HT`opfD5w1$U;)I<iI)WCDG#|7@xGQRP8O{K_a#&PQu$B^)pdkd0NPY9w#lR&P
z`Z%Cw@Tfd`rDUUzwwYqNQ7hi^%$uL(jk#PfzUPFU+z_rFa&A5GPy`v99NwyY_*V*(
z_;D_|eJ?t7j_Z+pco}gawWylo9H^Z_hRpyQMJyR8`fTwXENNxQ!YzgJ*3m7KknfB2
zAv=-kO(O)H{OWa)QHyf^b5O<iVU*i4kd5UjAN!j<wrO&ZW@>Ldn1xNk5AA)o%*;a<
zFmOrigrgggLYncm-V?WOM94*d_*cfo=z&VQ^x#JA;DR0Xj*UDwJp!&+#5T%f3Vr)D
z$eF#Mxm<w&LbzHcO~uZK%0}Ae?Q1MmJ;GiNF#re?S?^<7vn>iyFMnQJ$ERGil^eB@
z8y%+fNL-IQ33tfFVWsXXAorXXsB@#guDfIQUNuOikBU6Z0FHI6=`Dv2--kD@*8~~s
zp;uO<$fH`PMH{K#F1)eoo^<j)!qsMW_1rzz#070_f#C|iwK6kdQNzO9^!{NNjDs(1
zeOq7ovm83Lmm)i%Pk)1*?@?dC>TS*gFQ<?Ay*;e-GKe7Qr>f;lN+&o_5Oh35-zqLC
zo|o9$GM48veZQ|lWSY+QRt1fJUCb5DH_=|9xV?i6QDa4(_+Y^}IwCY}4l%w0I=C|I
zt0uOlGI(N{*Alvt9(%0uJueoe8364?+SfR{iK3qZ)xqn=%gaN*D|kw|Mpx%3ZBVV<
zb592w$z#~(2Ht6$0h}Qel7^$4whn0mj}(8DE01nAOO)b{iSoHnP<;e3zIg^m)W`2L
zg%C*Aw9)TL<5#|GIa*s{tL*W=^Lf!|l%<7s==uDwD(4Q|0bo{CJALhu_D29DoaIwO
zfaB@PU%z4UD!{<Pl?&iGVJ|(K_esU~W>kHgSg2DjGSv3piTclr!{CTM^Xc+lEaTdW
z(z^$@USeE$OCOoI2rqTpHy=f6k2F#BmN8v8!*y03h^X0bQj=Pe<N*%9C*E@|P<GGD
z$>&w_d9|T}-FOZtBI_r>#8+NH`i9A88y*L*3tuxR1KecGJh^2*wZZN<4=wZ6`A)pO
z51&tJ@RZ9jy$dWG&3XG%i|wuc2F+p_yc6ZI(xqcA4_Z}SUzb-igpUB!X^wmByw?cG
z1(V4B^gP)t--oJpvIhy!O;wJZf2QgwZGORq`sr+sm;*kxU#&26Y=W|qgD9QxjL|B+
zItMR{awuW04H4Z(9ySND755xmLt^jdYpsPs2d;aX8IpX&bdmUzS3GM|b?~!aW6fB}
z$LcS*QDp9lL?6TY?g73*JYvq?jE%6HO4ZI}R&D$C(SXb&Prk>7DdQ5{w^Oap7PFp%
zWV$1J`ViQwwr&;S+w`@q?Sn*HCw!D4f5&Cv=YghAD+7GAPZiT$Prc`sQuZTC<XL=}
z?@1&HYkGM2;7z+}lryFNaBL&=b;HzQWqW~HjyYCga1kugw9rlv&Nn)6AOD1ddf+@f
z6Ik<#^|1DcOFzOGaQC<m4b)PWR!t0+1~I9!yiDiY^;mvMURx%9u-ULLlZ33i6vf&^
zKcW6p^gv@e)~BqRlBLICQmx{=44B$F7wm8(u^&3*)C+*;lRE6N``OKm9i;cG`N{j+
z-CA7t_GR(DbNAw&ihWc~4(o0T*lm2J#nYRTDklNC{2UAe`DiahJ~VuyJ(f<WT(`cE
zM_;O;mr<frewU%Q>J^QAJl^EwG&PUYVMBOOPm<KGA^A5c`>3J&sl4B5%YLfNXlE~v
zE#CKFu3osQy7-EUBEp_P7#(S9v^JBANz}Sf*I;dw2t%Px9@4w|9xYy!`#!OU(@lv}
zeZulpGlYJx9}scV-ny37Br9!Ue$owgMB8qB-67(=Tj9rS9)NK?fBO3o{5?}B^^IuF
zXB2OE?nFx+)_~yr6hth4OR^lU<F{-G_p3H=S$PY?jQB#UAnq&4{yTQ}u(NPx-?si@
zSRcU7YaCmbRn*d1t<K~M!R*oZ<?mV8mwJ7?E8iRN*B{D$c*ag05c@_e*|p)+0(N6t
z&CugurNaRPEAzld1Q|vSi$HxuWENiGQFvVCN?rDRpact9P(o8bJ5QOQ82?PLcR=nq
zD0sflcfzHzhd0alwhybk*nef)&&B)i0}$fDoW<|-RuK@k&_`?!ylraHIA@VA;|?>|
zLpFML^L`MxV<2(kP~9x-$XLp~8P%)8?=f8>*%qV2S6Fd&{rX*w6scn;#2UYA?@JLF
za8us4YwMDVsEUmFw6OFfwZq$=0x@$^KBokf+wWz1A59&V;cTbar1<=Fr_I$Yzkxz(
zS#Vb|s@>^_YE>ZAaPAcBuMrT}fMGso8;<jhKL%caqWjnb)WiJzQna!f%(5c!v2-}D
z(rw?w%BUykg2BxLX_(S4cSg4eaBbSdb%8piS9Q$+;`(?1&)e2F9M<f9RkAuv&Uwjw
zMi|vK*Fm++-#&MSw1QU`z$`m)<n%@IyEIPqn<2XKiE5~G%sFVE@68#n^M!Y*shY;U
z*iEIpQw6C}Fw$|)hzETh+huyi3W3i|UWHe5num=clf}6z31l9I65K;%b6NqC9><i8
zhyI(+xRj*$h-QKxO_I}f!Sij&2TnyxuROpV_^HQFAhCVHv8P!uudtnnEF0gd5$NO9
zcC)Cb45e(fvsJ!RZOih*sv0TD!JT6u!mg0`b>3x+B|lQ!+Iv#UF3BTFh+lSc`9k>M
zxg~q?_)C(EN(PwZqarsRLr(hSlOo|9!O04GkeTQ-%q#hrO9Ke0a`fx=pET^b=d+OB
zU6U%bS9n649|0_pubrV#J(o|-%Quxym1TV5-U~c5wZdn&P@&^*T#bMG075ZZt?G4C
z(xXjn4}ZF?mMVz%oMZ*FUc5K4%YyU5^n0d+4&A<DBN=@)t#zfm&LPU1tCU%{wL#qm
zuIceStvp)nw{KN-LE<R|{hV|hqucOA4L<76Rr^_T>6n_jTv8A_asmXWDy*&*gxP(7
zT5cv^hfAyHY*TbMJNqE>z1k5+vP>@9#%Jo*o1A4Yo!mCMbu8i~Dta_rR`@~lF@{ge
z+TpR?E1Debx9!^!0X;9x`>lSp^i!Go=UDi61L=C)zIf<pMtfDcMwdtZrhNvBf_!9^
z1Hd=$H%!@zQk^6Fc=X!Kr>F0U^FsQ{pm9u-pXz&d<i;zqk*AyVhK33Sc<9M&e@kD9
z`HjTN2Oy*EkVr%MGCbOUWo}F9`h8{bZrl^a!IUI;_#&ck-{~AGE4Jjem;hsG+%PDE
z0bJCH2Sxei0h)d<RYnxT7vXC!{qK(K_7xP=#mb_vOTh0hhk&G4>x5N<A}yi3S`IM;
zH3rIi*zHp?d1?Q?!Y*aPo=5I3m(Wf#S>cgKPfl^a8ogg94K+wWihivRM@MMSjT_!E
z?>keeeQo%JU*EtvS0+gwS+D%OfEW95>jqN!4%Iw91?MA32dlg@+%C#12Z$UZYK{8<
zz>%pDfy<8v{x_fgcD_H}O?0LYjm>qKF1R%Q5Q+PqzOV*c-?;FSJ>Xt&!*5_Gg1xNR
zLQ9E*gd`ZEJ2%`yjdLI2V>r=aNMlwUo$Y2mi^ke~NttNqf}A@FuinKA_j<2U_bo@f
zC3AilYA#&$M1sP73GG}<y!=g+x6^4;UJRB?m7nQNm*Xx#q;}MIyf|>-QX%bX9=3X%
zpxoH#JRX$yGrg;qc{qYU_2~!9d$+xv=PEm<oGU>!Q#_Yu%6jz6-)U#hz`3<AEq;BQ
zm&z{Gslt@GP(Yv3h*_(Ck>S2O;Rg@f+R{7{sj*pPk9vxljI?36nBR~;`={ytd9C<J
z&kdbwhI~Mj6}L|xGnjj>pWakE?$9yXd6QJ&B|-%oSvNH}!-N9f`}rmxF8z!%PYGRY
z%YCpkd*Kr*IdS=8zV-g-o;<w|M(|S52v(;JBR}AyHAcvIK5SfIdz=Vc?H=AS4yC!T
zZoa>9l?<nG>1sFJ#3?w0v9;b){moJ9yxK-^BpOaIGTzewj^`qU!Ex%i&=V=7^2rY3
zDWjLhw?4xU`XK&g%uoICvjqoH#~AGIrcVem6}0}DuxA7Pda`%fUPdjoxkd?(GnCHP
zyRUIxly3WOy1KUF!tJ#I_e2K?$uQj3a3DQbOlS0H$(kDRdvsI5-_Zm#_dKXkMK=>d
zNQs)d&-=C_f*ON>!@D%=E4P3e8*0A^i8+_`t~Y$$+K~+`$}~$5RAeJUbKz@g2-M6#
zX?&GNeOdLbEBJ|F{=zd>hHmwyDLt5IRpLj<gZPRfpCEd4n&~Y>*u4K%)q5Tc-zDXb
zmBc*OxJ<xt8HvJ?dGp{Mt+(so)g00ucLV}QU*x<&x5J^ncJQf31_(QDg4Uv5hL^??
z#K<2+5j#q}2c5$Be}r92awV${+>(&cZ>aD7m-K@29iA6G>#*JSDGHRCATk9`KM_#n
zcr*P?XG_r;5YgB(=h)!zx%Y9QfXxLe*E^L6xLa2r4Lin)l&p+LN#CH<xOeAM?bdcm
zPrW}J#hnJ{&H5{!@nWVEybl(5I^0&weFY6Z-=vewHAw@P5gW(|^y_()oA0e8(TSrN
zOjWZ-@0(X}WiJ|jtL18+q$ATy{^rX>4&ntH0I(&OfYGH_Ting6abMYT6W@V(3WCVK
z&}j$}`tn)yOC~)%jMtCLIoDkdAR@J(#nY9k%k-h6z>;#esQMSz5R+e1|7UX{E;u9y
zJ_p_Enw7RJdFrf=3XIyV{6dKDLDtDRciWj^UTK!^pGN+LW>h1+g`ield5!1R1rj}<
zIl<^-7y|`D_cq@--=)2M18ygxpx#2d8dWJ5N3Ax07VP``fbnr&GsSC<vPFOG`lwA$
zn7D|*$fHAy?KVz8C~rnSxJ1HzbkCe_Gej8e`XB^<wsMo7>pY`3fJ{14aSX$?M`rHS
z)ibT<(Sp4~LiFuVtshqLq!BalTVj}iPZjeFoQL;$>6Dpp>{`lq^^Cnz`k;5Hk88c+
zU>j0TI<5d6_g8N|H|?up_@1rh>5~=abMTO#)>p*dV#$Va#Hsh1*R`B+>~^EYtb<3!
zQyS?&iMF{#l&V10?t<rWVWfX&tmykIhI)k3OuRi*_{LoR(m5YAIt%h)goAso=A5x(
zy#^@e?UGl#EMXkZ14Mk42O?#rv5Yw2RNNwy5`sW%GfqCA;pt~zG2zmOHSQ%0LRfkw
zF*7CYi<_l!Z1+5m_?xFwtVShjYnSUQbl12?%J>2VcAG^7Uq~v)bL_jVbT#S50}<hd
zbNA}SFWE`%^5#wpqNCpop0M{nhnP^S^AXp1Y>_8zk?J14u~X19$85Zf?=(wR9KCN9
z&eqr5L7vtfML~G+^Du9J0Bg9G$`A*Ifys6HP4`zU$82qI@7ypDv=#{!eFCQMh!u@%
zTrIMDH$lW7(p{087Hky9NTS1I3j96t8}_7V5wnE%xlZbBII<`Es@8W2xV~N`UV^i?
zSsXqTz1%1cmI40Or&J(<TWWwo0<bJpnxA`4L&8%VfeP=<uY<@J+gQO5b?@!=n0WNb
zzzN4~5cttyrh|R_em3Bb1l=^gg(vIlhJ_1ytdYU_aQ5XCW(6Zrtz(9LA7tnROqe8a
z6)g|ZQ+fGH=WyQ7Ep4&ns?x&&xV&+#n7|&O&S&^)HyrqjrHV~D2ta3_?##C8cr0&3
z$mFTVV_$!@&A5U+Eh+kbX{H9PT67g2;DP<j#m~)?QtYKUyvpFi+$^W)v+pXaQwIfY
zM*fUgeYFW7ugCZ3C$Fh6C!X#4@}7i`%VVmCEYqH*)Pn{)d;ND$$o+ZL$SU(l-4oHN
zam~Mr{>?+|bGi7KNB04kOF0)k05_>W-nF(3^T17nqAC>YGa<Nam~W6Vn6)?$9Y)ta
zVw=f#d~m7{8F*px)?dtM2`fAT`;fJBbl)VtTCGcLNQnm%IG2_~y&~u$-hC(wP4xAo
zf-JXVkv~#!->a>R!MP`j`L>NH`x0TQ<e0}tuj6w$H|#S(^WACb>m*A<1qPR7nSA4r
zj^2`{SG9UME`#3s`f?K?!LMD=5NZ2NNB?<m(cZc%a=15ZxW<|g2BR)@uXW}P9uc=@
zk|DSkZ*_kiEt+49yhUHXMgp#A#I=FK<0)(pUi+qIJGR(&x1_^fsVo;SeRO{L=wqm<
zGt-u;Loo|7jM2H@B^Zf@^NM%z{Pj=@osjnzmgHu{QNHbHWO7~LJaIYf<S?&t6okA|
z`@RjPxthVj8s~_CW#2cU5bRulv@aqq>=9~p&V8EURfoLtO1xw!b~1B%6;M5<kZCQD
z(GLQO=e`=dw>YuCcAxVWDP$QOkoSarEdzbf+zaOGYUjO!UWs0|tQPi${0hc}V`Jti
z`t;Z<3&nQS+TqqE^w0loud6OpeV6Bk&ypstxqA82_vKjDFtBww0Is903(9w$Ko+&*
z@MFNs{9RtIYv-2ly;qP4<eKZonWI;C<d64#o)-R4W^%Z;hrWv_t$`q4pik4sb%NKo
zXo@ON5;qY&!mK=9gAC1nG>(Q;dLKS2cCX@AzmF#;8)$FlrJ@jGN0U){Lvuooy<fHE
zG58j5GCTpCl?NO0oE-#$jI!HP_mK_4`zXf!5~yWb{R?|ai}TiraNM(sF~px6T>B~C
zzI5!3PPW`t0us<_z!W)@qa^v1H$_;9*!o#=3tNtmTzfCwflWv^f)*C^z_dW&2CQ_A
zy}9xpDD?Ow&^{cD>=7tVvNL-DW$P8=D7<`)IxIaI`XK}zs6JeBMgw9Z<fp&%<^N-3
zx_B5j?p|Uo)BB2Rx9X^oBR93mIA?5N^2NX+TI$p1XdnK1jA#w%0I}?R?z-W_z@xCX
zc#U0HNIp(Lb~f<xq}2Q6v;<BI^+?;743<pIenHw7&I5m4OG-IhQFrDx@bc3Y4IO#8
zMXRcsLO|-v<~|c=LjgDg^r(!$ce_C!<bNlj_GI4Iz3_#g)+azQ-CUtc2p`?=&&J+X
ziyn^x%6QA@S|f1Lr6};83KK#mrJ{WQYY72uCv1`)KmO<OBhB@%S+j^K^x|c`>~>=2
zz{8@cR)oV_q=Kh$K<_yb$=neWqc-n*Phu~M?OY&7Qwj9EN2q9z5^nOBTq~qsXZ0mB
zK2$!!y$`?NLu4HCL=&ZnSLwiIicxw1>~0nxA^CHcEMp3BK)F*^GP(%RdXk+sVnmS&
z0xY$nP^fjai%BK<1eTUuAa=#G;S|mg8fQV5L=v`|OZ};{LDHwrNm9Rj==bUlY+CKy
z(}AX+(H3pycRKRwC3KuPo3Ma|NmtB6k@KucxZu^1y=JcS*}UHNlU2T8J+a4pHtfbe
z4bq|4;4x>zVf80H_bYun%{<o7H{vb(;Dl85S`g8x9A7rnZHQjk&$sHk@&rLk?+<f4
z1}`c#3N&XyU~b0Tf_6G<H&hB$zkpxBFH@cRX<E1?lSwES!zag^uE5z;i;>S~{L2Gx
z3=+&;fd@@biIj-i$@k}7WdW~mhig}X#9IgR^+^ZX^_0(>MThy7p<O;<Z(<T96><BD
z_x*G8#$-P7$UL4CqE~tQT9c>P=LbDEI>wv{5+0wBmIzO{%8%86-ABCy)YSOPVxy9K
zp>u{9)0@1{DJKA>FNhfLzR4;sPmt+KI6lq{#j5$J)ydC6qS*+t$?DKO(#O|Rrd$?@
zKQnqgE@zJwEQPD;h4&(>yhd=vc|Cm9HHZQ?@oETW3Gux?cOREuyy%vlhjCODA42=j
z>*iN}9zW6?CWbcc_nx^dzR=TGW@_iCKdD5eVJm5wxe)TDW6Vap%7yY4V>UY-``lpS
znh<SLA;5i=#mhAANtCd>=9l>m?|$2!iQ-pq`?%-l{Lb`VsVwtnc0G>Z6kk5&=WC3y
zzD?ND`h;}p>Qmp%;99S=WIaSxJbX_ND8(aqxcZiCo^-<Z&pddn;y!g?8p-4$h;b-}
zuatinx{@qp&>ac~!(N&2lOik)k*L@tR1<1PXjg@+`%vUjvh)jmq~f3V8>O7I1;9D=
z+l`Aa6}5YgBA=8km4}uOU<MTMg5|aa9)8nmkzZloNWTYi$)|v*#p-i%#?t+wdL5w@
z;Z=#dd&TseB~+%d5j)i07Fh&Q6g)vIpCJSeoFH@Z&-&=|<z+gOqrh-dp(dYl<{H**
z|7JW2Zyq@KWcRn;F4D~p^D-~zXR`7Is%g<Zus7raT7_m$x+b9>ry$rWzWaF}@o+vi
zJCNC5Tre%1e1b!xXuvOW>fGk$_~MT1X%i8n&o5LFQ<7*Ix%Y9H1HyWzDNd5PzacvI
z_z)k#Q_=#|Uo05rY4c?rgU2@3LJwl@ty`y;Y}fN#{jy@f?wlt-t-NmRd5hU0q7brA
zCy&@fD9I5xkIWzc;-paq32ndY-KKYB@jlFf&}KTF#XWu#TCj*qmZk5QfBsTAAc6Oh
z6Xi=!JJ7i;+HV0IoX_9+jAZ%sJCDc@kphpX#d=8By_qa}u8cIi<>64PQeVqn+<vdn
z7oJ{A1^rTtlONGD>#RL-{8frq?3Q2;Q_+0;z#iA`nX_;5*~Q~m9jLtX>y=&Qibhvu
zPK7(-#}|3>aZQA8lUmQ8^Jk-KL}F%{r27|S%I}4QrPcf2rFzep)f~4F2D`_fHq~LO
z#T)qMt?w%~>QN5;*S6y^kaX{pu5aSeN{7tyD|@pl+vH*MhQ_}{N8Hk=%lzfkxD^0F
z>08EXeWv?F9vr$(zYDkGZ+~iQ`AqY)k{NR@_=Twf0H39V$Cg0rTs~s5ClD3T5e=Z(
zvPMHl>L}`W08kIW&Q<j{b+%wwU@hhmpnN(+`RM|ebUfSNnPne+5Hdd9C|bwyJG_80
zbyqzH00A7F+d|{g7rlPq#y#<<J<q;rAcwje0qi^yU2hdi20i8p?zK;d55MQwu#o;N
zZoBdhHaC3MQ(e~p%uiibJMos6mV+is3!Sat8cVDm`Hp4!sOsm8EkGYysNe2lWqUMn
zqt)u4{n<zV+YOc|KL8+jZBNZ^Jw+eq!r@dWPXOWJ$MU}WOX<^}iF|xMopcU#gMB)(
zZ@pSAjZfY?NF5jZOV$52`=QSQ=2c7~p6tg&qV<Z4o(cORKGDLj*G)L%vE49gFm+%t
zWTyJn@l>79cI>g1Nu^@?`d}ElzRL(OE~#+%E(8eUIS;CGB~c(=O)=ia{>=N^CFu!h
zoLCoPpo^PCmCJLx4nE?ZQXBzm_=u|9AOn;Xa_spanY8IUTEY8RiiW-V0@r$L>U4$M
z`w8D=0d{+%_?{8bXCR)$Rt8A-2M)!nsGKbfJ$m6$#fxW7C=z_)g)#PC8$5pe{jsg(
zzQx;SmM-#iAm^8Pg2c4*6z;i5p%1{2UKv>-tOOrN6qc>WX9pNIBd>c?g2}z~xZazi
z>qb?gTlc9U)aY~5<{VseQ$2hc<a95iFm|6C0dx<k$`@h2UvS=51<ER<P?CQ3M7?@I
zOl9xH)I&Q{?k}DK2Rv<F^(B-HCx3+(;5?{Yczlgb8XmKi&2%;5ty@ZVxg%Z31CUOk
z4i(wqy!R1osFo{x4nHW2tH`PwVd!glXt1o~tcpEmyq5meAa<8-;67PTSGTP#0S?*R
z8?b!zZhf+tX8bWQqQh~zg?T(AlRYTq@x;TAZ`xd=wsKP<KO$t!W3xG7#hHNs(Ad31
zFtOD6R*it-aOQsQwFqY|4jI6x9{*Xo?dOrCHTL5vNw5AIzw$(Gz<CrNhXX&=P#Tcs
zeE2>E9vsR^^SCnonGEY&@zZo<`Ox`}gnAB@LSSUTjdP8}`13lu28@=fkF=h#K+0G3
zEv+TKKxw?EDaT3m2z(d1M4cKS_;44xKX~8Lr;IC(o=d00y=r71LheByjN)41ywC~+
z#MO9=Go7Ri0kC7OvQR_AhxsPRaS?+1-DrR~H{)}ULTP`i6*U!s3lzWoGw6ix(wk3w
z4M+p;<-K3M(BtRJm0SI1xb3o6NM!N3y$=jyJ^ffPF;|Rm^s6#l1|~8+N7(Q3x!Tiw
zJ>QS(ye~0v)65pavVW3$_H!xx{M*0FGH>ZVPzuV6`0ez-c)T~TV1;?!Y&A9&B0FWi
z7<q0?3G3+Gs_68Iak`c$_v<l^Tu;8i^0gpKV&8%rfl2vZnykHbVU=$UL${yZ^fR7E
zy;&UhyFF3&Eu<Qv!q2Uxub=OR0&v<gz!wVMN`c75tgWUQUua;n+nZRo{4ijl^Y&!k
z$3B?lpa}|gXsCthg4pK;U%7^KAH~g}vQ!AI7zd<GfLq7nUg@<<Smqp$09Qo*dAqY9
z37;Urx`RMB=-h>eS#j}ne7<=R$&we=m+<1)%Bk}3_&zhiWqZ`ufX|~c(Ye)%S_u7M
zySEE()#os=yGGSx>zCN0xQ|_HBICTrCpPx6GN7aDe!*7>Cu5aEw@Po^h13RmBLiw>
zp~`t?l-W;xF=8{Qd}n4tyL^)j7kQZ*2+*mSrg6Q!JEroU^ZD0p9#=X-o}@#863dof
zcn*UZ?7qdGQR$ag`(Ab<xVTM^XRksR=E69?H{$(X&w}54qLsxS2-#EK2Q_l<?ZXfy
zU62X}agW&p#-rFWlG1iO63i<237Zx_2*;9J_ZAd}JQmG_->Yi4fOQx-adgfJzZP6Z
zG~257gl)%VINfS?W1{*q;U_x807ZS{m51FD51fdZuHVJ`=iy{sxevn{m5ZUP-6&su
zIB@>L9y!kFDFa<XxS3dvr;E;JwbcVnHnA9=wMQX5jUMg<hkY)C(_(Bg^(7~6qOryo
zme=47ehx2Ue|HZ@&hnfL*p;!oQF%+gJ;fYdS}<}YC%?P8Ve{C=>evJRA`>y?NB%1h
z3YA~r_TymV1IaLY**Eg@1TV=<rM97KRN$V>Sp>V_kMUSa^z`;sZ6Q`DU*^Mhbx8(q
z#+wqK*%(1hu}(&xhNKf;kl!)CGblp=_n+A@R@9A^Sddl?r;r)q6as-I#YKaNHMm!=
z-L8J`Ke_PBOQZv+I0Eu@>d9$P``Qv=PXJ5MfJv;kUSm0@<@Tw^wHVTm<6{8^2Lg#4
zfT-*6kYX%+5xV8c;omNNHNKxM&+j_5<GIw202>y!?JI|=n0me&$B1#;9@9?%W8EHo
z<=X5momaI)->OT9>$0>_ifTSOjMG}VBw3nvWg&0BihUmW(zrP)afB^Cmp8&?y4#29
zisT*xszU(mv{p<{Y!V1zM;3e?@ZzmwTHSJ9T}pZ7A4+TiqQAHmhUCY0gOobv5ZXD#
z9h*5_fpkW%y!UXj9(5-Q_U37M0!8&pjsHw@6Cg^b_yOv7sf=<NL{N<1tMKrd3zpEC
zXJoWu9}TWhy>FFiskJ&$5>(f~TJqzSA`f_=@F9v+f}zMgp|=2s*Ly*Z6u?2HYkEx!
zC&g*Zjs@DOWa|S1>*u`X*1<hXHGzlZxQ==pUAAGVi-Jqp-KOo?7b5WJ!!Oz|D2QF0
z8gser4Z09c^c!GEnH;8x&;E}TA0gYhD)!24bO`yGolXgMRp_`N311w^!TWv(B~tTy
zLS`2&$}q)8fI;pa*hjBju^{d)=gIf!Egi4ERdP1Y+|{9MkUM&U_U?C2_tk7b&C8XW
zF<K@2U>rG3v}%dpWP^prd+O_4gk;w>xw(sUHEpUZ_r^R`bo_8|@T6NbouB2~e;!kQ
zT-P!!l$CG?742|{#VLO}luq8$(`DCbR2cbHrbA6slkI~izWAR`lq0SZ_StgmJ!g3(
zOIE)tJ5ixlh3XKpp5|{zqP*1e2=C$@5m9A2uPU=*4!528j$FQ+`tyoCy^4XXx#=-e
z5_>QfZP>J;;5|T~Kd|#?G1yypA5hX1$?{_zO**HklWY!6C%zg8d*QC^ny$gtLygDj
zb`hV>D@)1KO5aI`U1+>n$_bJNP0-&T6u!6lK&;eN<1wUf4>teV90($dM(6BI<7tpr
zN@iK4XX>okSi5)lN(|935T4D|IuA^rLW44{R|3XBijC+!w&3Shxb&uWC~}kL3Egu&
z31&v77wgK*tGs)XPjh4z_(Xd=?taW(S(q<(sMn+j?khT9fAsFB-CRQ_iLX!k=>4KL
z^YBAx&eDCH^N|jlC_W_XIuDk0z|Xq2);VqS?R|jDDTotbjiLPc{fc^-f~gnYxY4k$
zEbfyY0_ZBA!P18xi|v-iuf9#$#m|$dN>dG~ZHaJ~Bem{rUlV-DNB6z95FtmO3Cyc+
z!rDFv;#UIRnpW?-s__PqHY+TQvAJ>}!F#oz<a<2!GLXUw)We#cs%^?|1H06P&LwYC
zKj6e~ly3Bp8eu<u0pDmGm2H!Ye71yB-uhFsW#aEfpAM~fp2SSdMtN_rUzI+OZJ*;F
zY`_#2DQ_|R6Vz6Z>mmgaG*EG_1SZy8TKx05FSaj%F&>ZlYM7MEQv+Vd<5Rv53J#W%
zf;(<(jVoQ8b6K5Rs}UCu@zb%(*^IV9d`{Ar#E7q2A52?B&t$)2fO7buM&qgN06(cD
z9RYc)eN@Mz-R?b$<R~iz(o-S$B<ae1>Ko?~$athS4Gm#Q@a7PVMm{>i^SQnURR)Bk
z#9U-#nsbjvE384C+PPjzFelM;_OH7KnImS;1uKyi#OjlB?e5eO<$VwuTSeF3f4Y+Q
zigo0&{=D4I@bkb@5{~JCdu2&%^y1l*1yygcx7V>tb|uT&KO^H@ZExAiYq>?aMoH55
z*4=Qr1o2&OK3`xbN$5JR$wTNcczmwc;MidxyKUTthj0(lx8aL1U)UjF0KEZ;%@&@D
zx3*lho4WMwwUp5~xy@C#>jA)R#&OK2x!A7Fb+m+uCx5TX4pjk-2}a!By;q^X?%|&I
z;|CTQT(0TV7Ga>GKIYF)Hlrd(&y|yhn9ZE|h8anDEmO9>M^(~hK6Yo~MAAMf+2AU5
z?Vmj-T^PgyMe@dVTG;VIl_x5v9--wjOEe?j(E9{u0CS?e$!9(1DIQ|*FY@xd@#XaC
zcwCfczh23n-R(E8LYPe2;~`P^NS^4k3aU6&rl;;@^uC8mfLhyfv9`MuU#X>Zv0J@Y
z{1K@+VYW^l?hkKc=1M*|%vYkh?ic%UX%ZyPTkzsAJ!{)|)^8t~y4n|ySP`TJ6^7|2
zmKYHL?vp$!-~MU0NZ0_obo!;J#tgf7LmTK6M*|_2ABylir*54AkE+MO?%58k*^Qzl
z%YO7PX+#?U$NF-6fuBax;D^nr5Nrqi@vkepXWaS%B4D8om~}7+9ey-sZfF?_*`y%(
z)kn+^=aaK897=DFf8agK_$7th^_v=-@ZHPF(h?W^!iNflb&%*4r-DQX#hGtg>*$m{
zewsJFh_8i}d}PO~`s?4_D#aDtIB@y%N>VzSJ=Y&bk8j(9`yoWQWLlZrC?NNs-fNAE
z3Rp>6RPhND^U`!6<NLYBJoWrt{WK3aGaa%?dLN<<YYCtdU2+dKm-6#;<XYjBA6?uY
z@{297k8;d*$aV0b`|<dmN8@@r+UcoXFA4K2q-p1UiCw9<`^^SINp}4Do`j87>`ABy
zhoVgi<r`%&E9Z6*bO~5A%0%SFyykvL_x63O=(9mrkUuX>w|o?j=V6!8{UWAyx61cv
zXbp-Fu?q#G=Z$TM9xL@ne#?Glp7Z&Abm>et@annQ4}`SLf;tWuPKVZaFYXqBx8~PF
zUDeL<ZO8h(LckX2s}6Kp=CcA4<vw`MII-tE<>v7S6Z3?%c{e?Yp>nz#rl7{hm0d64
zc$}OV5Ug%J)7#ru?&qfEBi_eCL$|dC1`o(WSwiGqJv>-(ZPxel?Kf=YA}qp`iVF6G
z&f096JP_s2nTRbZfu9mNdkQ#{s7McbOO>7P5c+TDIAP3C!w7cxaxH6vGaI~erj1lj
zpHIA%!v+0a%KgsGFp2)z@6F9$sE;Z-@{$&}+EJOq^bm?^Q#jvubNP+vqpglJ_u!&k
zjhd4j_X&u@<p%;nuX^;YUG{5rLrG=<&w_k`Sw<78M&`M^M8(8fbH4N0(}SAbprQ!k
zsHDSYny@8l8&?)ZSr|a^At*|Jo6z4uH5$l$3o5*h;Cb_Ty#4eOlO3Nwd8nY)`TTt{
zRrgYl$a>42J*|}@f;fjZY9>qLW3W(q;%o%;qI_{B5ObpzE*&NHw9~mZjvy<dlhqj3
zN}?j4m+PIl7vsMAMRZ1+rXcdjv22I%bd4KdaQ8fZ9aPNc75yjqb8aR0jk<gnda{qp
zo!Z0a*ox|B@DB&<fzjgta0SIX@%$Iz`_OIAc`U*yuZL~S*o+iCi9-+G8p?s-e3rE7
ztWpk#i(tJ2F3~A>K5+JPpF^z?xs5H3R$sWcJa)h-au!YY;B~*K2}yk)qqeVW7K9nU
z)<?sQIe1hAm81S>eIC^JynQsY30Kv#x7i!<DIG^rxdBLhEuIWO_QJaDcxZ_4IiYhG
zsE(-(tE|V~v>X14?43TyJfjsJ-<i6g!f}RjUDCS<8nqW*WuA+|r-Y%1U@|aNm12!3
zJTy-^3FOqPB4(ZPeKW;<PDa7GVG`pid)UC|_Le=>iQEr&T&t=<jHV$cMN=6=vU&EP
zwP#5*T}rqyF;*(Afp-Xy`;ttxFVH3YlKH$(9=RC%Gv|@<=OHGjgOn+{rpdSA&nn|f
zRl0_YnBRr9%0;JiI=&}??RH39DAXhz$dkH{N!>kZcnwCM03ptUpV_WMa1b5kc-qd|
zUNuy%*&$jrc(^;LE{aFV&H|3;gRHN&^?W8PXaj}Ou7{LXRul#A)&qwVzQ#vkzb(ap
z%ti*{qP!>MDEAe0w|p4GEBi$*GTGJjTCrIg{O%EDx!)cnz%=yYnGl<LBCYcCx;al@
z?fCAx<pK=n`*3{!PUL($ZntVmJ!tpi%>6h<^gnx1lJ2-z_G6=B^}tLV0fVfV?;1V&
zME2$CJtFB$lF+ytT5F2@^;KYhk=G)8T~aQMeJQlER$s}fi=D#P&S!?{nM+S>%^v!k
z6|tk9h7^jT$Ma9b0A=Ted>mCx9)GTfPrfsH^pT?S&sy(DD9XqQnj86$NAEH5xMRD>
zw~4qu%acd^DmmW^d_+0@ykG4Z+=u->pw8OQaRt9!KDa=i&)63Pz3yGapNe@Z0PxWw
ze^dmv3>o2QPA$ker(-5cfwO9n$H2{<!&YZ2^T0ONy@W`Fyzy8e=2-I1*Rxtrppu-P
zl#?W9bN*8B5A9VtW6^h6G;<!baOkUB$LY`kd^LD@qYKq=4Dlk^q+2P;hR6F{K@Cu`
zuQpHG0^gf#iQe(5frX2oTXFj8Vkr9K-2%h1pToeHI92D>c8>d9CEv#z4{!#7=1sZk
z4PBWA@oD|zd}rYLxToJc_xxR5yI=aVsfh^0;Uhu0a#g)o@n##sWxV`UTN|1KU1<Cw
zVbu!&oIc;!ygMB@d8^gA7;TKc$VA8Tt1^U2-Q1U%)a`!$K07K09;)+`kpnz8$5k0w
z7S+Bt!i*@Qm$&frwzzllWAC@$+D#gybEQ-CagVcyABm9^eZtqDHsmRznFFr2)sY%c
zJ2=|k&+}hgDs^E!>F@XQQ<G=SZZP!PJi#GaNG_VFd5<qiI&c@ZKXQVaTYmGh7)kst
z<G=4(nvLK0%Wh=hG4B;m%b-j5q-u4)fmM4`qQ9Lg^@Q@cjL|m@BM2nNE|W}ZO;--E
zwLTz~m^G9Hw6ypRc*I{d0FFP4eP5n{2nAT0e7ZP`ue>#k=yD0*iH6zH>u0`8w^)+{
zhB(eredH1)U_E^vNXS^UK8H`-BY9m2S@TP)BU{PaT)yYPnjT>+eF7~szt3M)ve=-=
z`E+5`amn}^UZ2=F5XT`OJr#4Od|%x1?=X$=h$>yS2lbdR^yRVC!9!|0k#|)7=_81J
zts;PEpWLih9`Q@R<UW^5#}6Jk<YJF%RH*WT<(r2H-GCEjETY7$7f7g`A9<W@8eeN*
z<+$&I)tOfTz8wNQ*eyrP6XKq}CVEric*!dUNsBeQCtySTR@nPoaPWZYqMd4P3BGuv
zPSabJ;kssOq=+LH*-c_kZ?Dj+7Tmft2lze_koF`X0`yQG;=DNw@9TWQ?yw)+qj~OP
z)RBho8Vqjj6HV|`xzWNtjMshub{f&3HyzpnMA~YZ27}|g5i14&s~}~)RQE`c`gU<l
z)5CPUAGAkw5#_cExB_-uRWW;7;4P{-+in85X>`ikSSyt}9(DAnq}%n%<`Qn?;KPOF
z+u7IeBZ7FRzTBnz#dq~h4Y#oDfmhn@NMd%5=FCW3ew4!eYdkqD2OLuA>8RTTSYCNr
zXK2(KQmaF@57xdFVd*%;`xN&aksG{sm1kI<xUPHR(j|i4f=2<Q^spdUob$<aOT?w~
z3R~ZHU%r=5zrvO3#9K}pi8FYLI-K$Z_4@5@0ceS_y%fZ2tbT{G<3Yk3gU9C+vixgn
zEed4!y^hy;EFNoyIRd;X7gN${$gk#`S2k}p3T^m9{N8oCC7%<<m6%liJS%GfVm^ZH
zB-|%%YI_wMW4!U;g`-GiLoTNrmk{F86jB@dW3u<NXwz>W?~X9E-mI(hrLfy$V=RCm
z>0L+%%ACG9o>yd-+bJr4UYck6egD#&{fU{37}M)$c8KJ{mjpBD<f^y`omzBQLCsBz
zSqnp&BS)+mVP>i8`Vq%DgD0!aAbN6zGA|xVhVOzezyr<cdy>Ur)t1qiAGbMTai415
z8tlLaPpzS&bu^L}H_yzQq(0)N2gil<yn)y!_wV`K-Nw6=5T5e>to=96TB$!iU4|3i
z^{DP-85FX6b-V?9<Uk74fQhg~Oz!zQmmURd?Kd*p5Ia|r9`imo6elKW?~T5_#wOCU
zm->D^<w>meNd6N*u8`;79)q&V*PCtpwCh40yi|OAzT0!viZNf~EO%f@I$ror>JBR7
zf%#Hj`H=?$IGkDMj-ojRN#A}eA+B|H<LGyXMN-L^P5YJ6Z>w^bg)f4f$lC)T32(j>
zeFBuVJ2u!(y^k#Uv_Dd2U8)1uvcI6iuR*TNM~aU76nzoi_c7nBDGqKVi9|bx=FX*N
z^q#jS_8hA`ufil?hT_S%Pd4v9{w-t(=h^@Sh83jktv7XZ5b9i+n~Z+rA(R*P>V)9>
zd1}0QXA;g-7sy@obK;6*9l)C>b`C6ct6j>TG%+Od@b7Zo{GGW;naAi@h?%39-8FnF
z?V47iIG6C#@Cs9CGEdAujdHIuT-O{Tuu~PVeQsQ5i@Ectnp_-;@4j33weRG+X6UBW
zp(QxAv1WLH>wJMH>dB*XQK-J<yk8j4z2C7F%Tpa+31bF3J`mjpJB*z;7Q+jSNv8?u
zHn~46g{!CC@>TMTgXQTKR}h>=z42=9+!^-j^%W-S7%z-WkxTl4>E%39Ovf7f33sj`
zh!FaEEpCN>(dG0d=frUh`f`f*%2Q-9*P2g#77ukfIs2{;=YaIpQhyp)MjsqlKM09i
zH^hswa?;P;bTWD>E8HX=6DbP+HmsPirjtK6hJe`|-bb?!eOZQj?ew9WstE9frk%o5
zmqNE-7UAj5xR-1n>=fGh`0g&Z+%Y@Y_mDnlKahA0o6tO}e*1Ux{dvS$iJxEP<<E|U
zO~{<%At{*$iASV+?dQu|k9NkHH~m(H@|!N{pB4IfFlAo|RZ^5QKrL@Osh`xhe08GE
ztAS*Le6`93ww~DWvqW*`F|?8!j@TVYQ*Ph6dJ+h@@f()VCoTa6J30By2ljadwJW~c
zBsWcw?q@?*tP@+?k2ms6XI`5n9CvZ)L+t8E59WbM?vS3sR@vi#d)hwnwSJuoLW;FD
z*Jo76U|mgP1~upG9F*$vS#x?H^-0wt(Yf&E_8$seoIs9+^KV|xkG(m=Dam8&B6!dS
zzXGmpS-MXG_~o?kq%zlOJwbCb+U_3bs-0Nk-Ep0Bz(3v{%L*qK*G?!VpLig8*x#%)
zq@(DlSu{Zx!{0dMd$Z1;VG`UTwR1navwQ4%>xrn*LvW8#+^gDjNcfi0sf6%Y@`|#s
zxhZB8tKUJMeuihq3*Sq4n5?LHS3z*DDqj$Bm1LujSy|;hpSjw70-{u?E)#4Db|J=S
zQauTl?Bo|$&b=M#@f~AUGwtIADRe7R)TdG3iZlw^2O}yJ&|p+|;!aXp9dj2QafR=k
z4kc)@FZGG{Q5&V@2nn)wp37lAGn-aq@uj#g2tm5%-Hml}egd|i>>0JtwfanP?ar0=
zweqi>mQ;b3`;=1R*p-bpmx$3y_mvj4^3T-^9&tsr%e*0TQgeDQ(^QK=n1_|>rlLOZ
ziDISTskf}~*m8Fy!Tr2O1&?1oSM&zs;=&{zKG{y<dLJZ-KCn2uK8|tT8yQLox^q8k
zYaH^Yc&2P;=6*ol&L>vyUC(r+cp9-~5Bs{jvJa$RQ$g6ur7wTA{K<n@GH`1OW25dc
zS35w7e4TS6G0*+-Ls9h>NZtBV^c<WH*hPL)0EqWa_{SZBrSr_A>FH=Wu7xzxQKdeM
z1>9U<i<LALT&sezhaR}2BYBkVW$hYcJDg!({6?OxQ4hkBfr|!dH9IzihXzTRnHurj
zpZ?y=KMy<mNKW(uMxMT1vSw*@nQ!r#M=jUrGZca+86<d3S;ril4#e^)yRU>><Kv!0
zXD>0g!78D%>lLOap%AKju6|3c9u#9&KIYwyeK#LP)`Flh$v$DB{<wi`F8Y>~u-{YN
z2@bnjji0qNKD~YgWUDfKdKv=r^R=6SFY`5@=7@r?$9vusoVUJG>QT>7huEsGrL(oZ
zEn1&kwrVIgUxe&<C1+vKp7x}HJDk*$H3AyfrR`daZfIUVgrz4<ZJU{Oz%Y(Y#o6re
z+c*DJ&TqpoU&W2-(D4PwsT(Y3jCfFv6KC*9KXvPU>wXs*cpl0Yr|tn<>~sAl9DgM}
zml@d*>$=*TX2a)wJHgHSJ*&~Jd^p&2&~L}Eex_C|U&a@U*ph+^;qiWqaTspfI4OP?
za8mpBsjt86bG?0{_kV<4O_KDu3cQl|hb0KO|B)u-nq^0PtM|T%?yj;ek(m}`%HScZ
zL{>Y>-`PLlj+S&py~V+Sm&%2P9d5=YEE+w~1XoXM$&=#9r=Et~-upIoUQHcYcPRXF
z*68U3SN&3JrRx<cI_G2-s-vj8_oHxUtK^1cX0V(GEX?zrBWzZi5^7@~iyI4dd8wIl
zpbs4My<kVyzEI5XxxX92BovM5jJ;SIPgXS<2i(rD3D<__)seG)j~iL(y^oe&_HH?(
zk}mgH3d#k^RhdhLd0#ot)FLKgr<S>9(~o2tC7r8=6J2}EyzAnrlq7*ilBgI|QqQOx
zSZ3C=9EOe=W>J8t?&}h^om6=QSrEPLiazRcNBRjQNff2G98qGKmiT-Vo1x!iF_TAq
z1MRGkDuCbd(YopwO`{fE7M=sVap0}DcQuB<-yAqzHtj|q2EmybkEIi!@ako}?LDJF
zW%$LXht_v_k>rQf$uNqKI`&AP1<So>GcH=;4K0y8a)q?fAKI8xRnYaNIS5Io^$6T>
zioWb=Pb8ZHFoz@6(LLR)=O%PVoSeE#dozr%&-ea7PCSlvnGK^C9W95C$TtwnI!$fT
zmrA3%NcHd6Ec*BC=I5hYS0Y_L!wVg(9NQ5K|Ax@fMzYXk#i)sR?aNChIA4F8&;ixs
zv)HYpQOGr?41j7iO~0i6xC57cW5D$Q-hI!y`D1g^D^*S)<lkBH#DLJ4u2<Szz3v<i
zXC=0{D(W02c!ILX7BC)Jbk$`(5_7-?-wnJq-w|89(tdUFz>PhJyx?GjJ9o{e`m2s)
z-{1+61ff@??$@wBucj^nqQCO7e7eOhBcFb}z{==r8kw`nb_npa-M68_a2kn5dR`$(
zL_NRqOmCC8{;Qy0o6MZIPEO`yw}=vW(ihQv=AIGv$eKE#8BTD_u>+nUz2)~L!`JIM
z=koE8Gm{}b{;3(am2ovcTLBn!<tcm%@9ZeENlz&`19l;1$?{$S)ih2hG6TdockhPh
zDDeXXepSq~=Bkm*Z3_HiGr*BUsrhr^Jq+~pvG#jt+HyI3+W?+wFvm4<KbUxOG~p>m
zm0PD(`B3PD;}hbjmu%Gs;^x!CkwcFL(suybbhLfv`eE!2;B#n0kK&i01y5*b+_~qL
zH#yry?<2<#&Xmx79N62=+yGTTs=tF_aUkrR0mrhpw-tK*OQ*b`uii|Z2Y7nrXF2W<
z3AhLuspjZ!1aQ7gXUj#Vui5&<@a)>-S0X70$FIm+qAhuBnW$)rn<<)U(t^+95C9KK
zGV;r2M;~xUSn~4VReS)2e2x>YUw`1$XD2@g|G^Sb{(|mh3GyP~*d@O=R6VX?^2)<e
zQEPvn`>+_T^FAH78n-|-c%*rz-;Lnl#IWn8*9b*di_RmCI^bt~p2}8dc|<oE^m2Z)
zrS_=Z7x?xi-PN%i0WTE;Ro;pF%ka%?vFspnje9uZ>8um)`DVcd{?0f{<=~Rrllnn9
zoG$sk_h%Ax84qfY7zPxz3nv7u2zgLZ^VfjKb^OxP<rlJg4{erss4|?3<rQ-BRZMjk
z+;g<B$dhBf0jSK8O5+OR)G{C%CfEZfVuMb}W~0SfK%Kt}`kx1&&K@v=bD9Od7{7CA
zTS<x{5514eufY@%(y}hv>CND8bn9)cTUB3!_<%Tnt^rT<VL00)JV32hvZ6lwuB*6O
zYU5hKeLGdr0S+ZiR^{}_7{Ca{XnNt@w;YxP?lCXk^tC0qpD{~4GRC#Yo(Gzrs<>hx
zlYFkyQ>Q`}X;aYVi(jT&@#FO7{D?{N$h)__4WEx3hyW17Jd)cuZX1s~-TP$u`@tLr
zWivLc!{4wV0J!yI{+qE@SQ~k}@D=WnW49OhZm)nf-jb~t&iZ#rUlDQ1#=FW0HgXe*
zAg1!1%X5v(>dQT7c-x41ywo>+GC?2JCFcA>sb+3GEmi8U?fIlL>xqcRa*#bPtAW6z
z+y_h#tt&!eo4LWDg-$l7nC8>d1^g;nAUIfo+7{E1)3*3@!1_GqD4>wv_?<~amY==C
z`Z!=$-@|W1zxtadLH$_$T#qrj9Qc;fwT2RO&<GGtA{2Nf-NvXB0|i!3U3EKeKe6I@
zMH5xP=A1s*srd-i&0siF0eT^Ju4zwX9AmchzVNgu&s6D<_t9WSm^tM7g!=S6xpyGj
zIE%t^YgVt~mA(j&Y<2s|(r^Cai*hE?T_@<W*|=lM57y)<8;*C2n#Yw(cfL;cdAr-)
zU!n2{+ykFQiz?w73dObx8jOR`_Z?!)esAbA&m;3!d5XCDV<r%j2=>|X37)+@%z6=z
z-N>2X)XZI8Sc(jYSF*P+S>1FnI>afwEhM#v@MBbAf_#?FL1yiQ27r4$WBu<PONS2N
zsgUoL$t|8Mc(w5Y`)Hoz$7V@X<eV%3V}w`V@18s&eZ9CpS4!QxHebR$lmd&#ckh?g
zIsN2QCiM`@<w#Ue#C>YkN@Nbd=YyXEBb+w*V!P$BntD8Q7I|>L=z%!Rd-aGPsW^08
zAYNgT!-O3f!NR4Uv*$*ib_janu&sgb>AUOS4Ws7%UdAF}J!LXDOGJ!#){5di>@2($
zgKRTA?&r^vZhszyZntGHeLd^>Da)jkAr>3ao?7#9F3a<_z!|^VLe=MD=MWUyIadMw
zv3I6$sG&ljS3eWLTjJViDF>zN(^&~hasgf9ZbdfO=g?;LBwfk{|4ipJ?{yso#m~W$
zfhQ6UXL{ffN_?M!@TpR%yzQIo-+JpuE<u+qkAvUyw0z|vX3C*^wD>0KgJ3g-@TZNp
z`f-O;^K3xRRaZke_JrDAqboO!4@=-@wHH|EFhO;vOrd%V5iaFtdp|Pwvs=F1H`96U
zA{o-X=kXhntLXo1RCGa<A&*`b7I*)$BF$X9>FfU#L93bbxjDn^@0A8DTx5Ccrmo+)
zOLyy$ZbYS7-_IobzF(sc(6UJu=H?U*pGBOG<=dyBVheV^_|kbAlw-k3hfwlSW*BDX
z0LsY8yQD`gZFKUX;7Ws$FBjtqxa7WdGc)Mqo0E!%4&lE0OpWMD_n<j7h~fa&xkmj6
z@Vgp3UiUrww`JmM5J1S5g{>Na#K$~KpAh}rROB2-T&6CO;Qo{};nV6v$#gDi$4K4V
zVxL(F+@X{t=r10i9}3!M?FUEqn$4>by%5QIkV^WSVfa$p1TQPGiD?|Q?{#is!Z(t;
z7_EFx!%5<TE)FXxXm3wC`OQ&XK2zOLeIt<k9OJw<ZyfH6yokb<5o0S)JJHj-weg@D
zM_wt-623e(a|E+CWUuTBhT6?<co{A4+Bd8pm9~wV*YRBP1IOwNJ+-SDE9Qc|d>?zm
z@Yuu2XBYT9_0Xg_*2w8YW|@2{Ys=+eor(hNjbgl*5ssM{8kRWyzA-U7@JMt#$?;Gn
zA65xM6_+{Ox+Md0h=g}EQI25>Ug1Xe0a{0)y|3br^TV5qv>Jka9wYRI<gq@lWaKR6
zt-VYJX7RMOG~B#e-wZQvAzHqgoh5MD&t-vgV_{k84guVUF5?K%pEm<-i8Q58q+VBp
z)8HFBtNEV#mYW}q$By{3I-)xBxbbJv&|-$w9PxKi_dgFs?Y!IlxJ4kEC1mzfPi4^u
z%pmOYR5PKf-<^A;PsEoSBybc<dKX0RDKsKge<)F}2*=&-=v>Rj!$jU4mm3(qXP<Hr
zr5a!#XOLwh>;$zL+MxI{G7r<<xRrr)sH|i{a}qGSQ~6Q6<#L^vIVC<6Ct$R|z4&<E
z;DIj|D*#@78&ViOqX%YJyrIdIVjrQer^}~`XZy2MG$uW!inLdSL3RWh>YyJ|ZNOj7
zgc{S*ed5kuF+8O3*_$a4Fhk{sYV=rCZfBgeT*$G{OsM}kM)dV-d%s6LX9(LS=9{}-
z@tjFHaqqbCH^?;J6`559oNbPkMAtS_&M^zUiIs6YR#57$pStsQ>Uk7lynz=?H8U(7
z%a3hA_Np+Qs+D!iJ!!kBV*VNX$^rhY4a5L`<^!RaUU8`*E1&vjxKnUW?_2TW-aE9K
zBwEBi1bFj+-C*EXBo=H@q&NE;jf8?%>_zcy;jo<;u6RpkM`|_jl*QA1>!SBj|Gg%f
zW{cmTFy*1ovf95u0%&E}r<tV?9}2KY-J@jP9Qk<~^Y~4p>QXOvjz(a=2jSX>D|VU`
z)bbMUbq9REbVS{dtFV<|Y^OKBLGnXPjcT=&VpTWA9&U&ZQQQLRO&QUpw_px3bUgrW
zqkWYU9kW{I5Rmd0XpLq-tTgu(y0V;mQ$H{I6ZZI65omPZqsX+!OHn?NwX%JKzJ`Iq
z(KyulF6>0#w4+xZ?WT8AD{ALyVL6=CRTSrHG8i5Ti&qKky51ehraea12^GiIH~0(h
z`lcqVR3`o5%9CJ{H0=XxQ)llvLV7{Yk>S;jeE^XC&85_ir6xOaem!pUF6TT_ebohg
zoA28Uui#vU?9p5AQMPr?ynT&j010{m)awFBHm~C6Fjh|>4oUT8)^SySyNFrki)xB*
zqd3}wm9sQ-Jm{$oJP&Y(w5V8Mf+cGE<|x9aA`!iA$E8X9CUyEe4x@JM^NA!F^s#)b
z@%|YbA@S$&s4<BSb1XkdVqW_idb!nZX?0v!$sze-3ZxwPk$5bXt12!x7l#9iT`=-M
z5;vkYlZFHcJxS=NMLmYT15~lwd3BCAEq-H_gXer5s962=qc6X`?wZVY=JU=y3Xa3<
zC(a31zkKmQ<`X&kc!~O#z;TR2&v7gIYz3Xn9Y24k_kW3n9?>R$o3-$ogWKTbu~{#l
zS+u?`Pq)*%`h}G5045(wSK5Hd5`n5cJPRi_%+yqv>67Y|6f=Z${3xDD=8QFFfE>B=
zwM7Z~Mi$4l*nc)L5`Bs8Io-JDsxGoqR$tW{Pw1S-*9GYjbj!e3PAXXM69rW!nS~87
z%1WOtd-|O|lTOKKk7BtzN*)c3Gm*KaTd_Qr^(8LXjr}~PoH8E1eU2>nwUXo!XH@6$
zWHDMux>KxkAN5)@lz6%i<!j8wdr#+}ga};MF6()Zl=s#pA$0$SZQ@V``oY`Mc{fs*
zvu_=lD{~YhX)~gFpW3TV%zdP;fyo^q34)Ke+DL>DV{KG%r@u|R{5jlCcHH7GBZ+bH
z9_GIG8GkL*qhs>f<FayvCclCU<a-OX1Z6Zo!;|SFBbL4VzE~;1?Z?aJfbO(aEH3b+
zcYzAns($E|CE>Ry^{He#IaZ^0n7%S-!>0FS^RYb*IXQse%)>He>%9w$bFSkEh2$fk
zFvl~CNz;!W|6Wqxyeud{-*oJaVe8Rv5#@k$hkKu<dtn}Vd-(1}^Sv}M_pkfuYC!;_
zeyp0kK>7nztu~m+NBB0{L&Fn4lZ8QEXR33GSn>2s^t=z<ggHme+PA|%-(#7Csjk|m
z3U~_&t(iHO3j091GJIKragv2xGT;$>CZjzHC)fIk^L9~w%siXQ{n~-=P;YvXA0+`9
z*?XPiq<d`GV}$LW=j@lbH6n7(?OZ*(SazN!(P9VkxQK+?Gw&)NG9q};mfc4L{2paj
zF~}1Y872Kq=$)tp)jn5N+9xk5eP=FwRo+U-bNkOGMm>KYlwPv%5vZ%qj%`HNl&=Q#
zjoooQ2Aq*?Bmx6?j)d#!9^@=HLc>RJ_^!RWC2403`HOfuJ)hB8cOEN+8?%`2FD*-c
zMk;!ceZLeW(}CM2t0a<1lan=6U&|6u#}-Z|?^)<r|2kCOPPD5bInG6|U_YK!vmR2h
zKVFcBnv3Dwi<IBOQygAmO&RZYfr~B{A>Fl7*!IQkIvc?m*td)GK6;h*6eNd#O$gdp
zk69ia&lq2}&+mM-{7V$u$l15Ez4q?fFxRXG*{`u6z||?r?4K66H?DZ_iSrQ}&y0tQ
z?)G-(#-ZCRrz?2mdn4m{-!~r?O2Sk)SMkJy&t#sP)k@qfeR!pV^{K}PwZWgIaC_=y
zb?k6imbTEW$@dS4rifG3uP8oI6n3^5OZzA(4fw3xbMSK|&kWr)Iz8C&2w^qE#kr4r
znty&I4S4R{IdziR<J=4Ou?FG!qCHV+Elcat4G~s-k70-9RH0nr2<r?+@y84Z(EF7J
zovmc}+=o^pFV@$}1vIIGb0Kafoc+C<DPDp*U}s|&TCaV*>hl)T_Xc-`uX{dr{7wJk
z(Gj&GJAH@yrhGp8k4<9_J-K!3o}I(vRvB~kk#rbMs>krO2{c7EOYV5qDT6uV(;XJ4
zP>0wtL#`1f9lp@bo)jX}zXj}?X~m;_wBKU!kkGn*C1n*7vx#&lI(QX6H<`~M5bq5M
zn!q~kF@SF|>-KtFc@(srT6HC_R-M$O>#w52B>|)!Txx817fT2C*O9R5t8!x!=iyLJ
z>#f+8#~ZsZR5Z6#+mk8xYwlDEhMG&~+-q)|+I{LO*a~?}=@IWEweP{{=c4-A8upd9
z5I=lgjx~dk32L`FdU?Lw$t}E>RF>A_fRgB2Nr5wheZNc>X2-#M-{$T#fX7g;BooZe
zNjLQ`IQB@hsLQZnEk2qb^>&XlM*ALi0<JG=GZ&Q%j*l6)3`1*?Z-4WZiNI0^Nd~&|
zP+jj@`n$CMd1SgNT5qe}r-?$`1UxRhe-{eq5fe+_xtCzW$c8S;p*pC?N5A1_X-j(d
z^s4p9?||++eN<aOGDPoEixR2g*BWzQLCpFcK0MM~Sg$O->m&ldk00W;e!)!eC0AT|
z1v4!%`Nq=Ra=1ex(!7tzsCM&(;~9q{+Rpg`K`s>vv1F*w(r2^^kOdXcn$d`$%-D%H
zjBfRNM8DIlZF~5YxRw*Q&`I&+aRcowRvfv|D*SaHwCGoF0hsAFyf3+@2VV944$hKS
zcP{CVcMGnLepO5V+2FW_^te0OozL)UYG!DG>olCGV=_H1mp!J}!l523^T*u>AA$vc
zukk#9_-ipgQkM!eBiv$J=^;7r*5f1h$kR(ri5mukX>qyU_wc=egTSg6ttPABRV~T$
z3MA263tw(vyIqcRXut4rDuw2(9D&cI(U30A<1??69g1(F!0-ZxF$-YJCZ4WuCjQZf
zdrlz0cFk!+mRESR+dp3?>@+<O`uZag2WHb)&B`T>w9xgqX(2IwZI^7S=kS?;=$?n>
z-(Bc9n9%PbUyZU;Iq7jqG=LDVLm`~+{N!PI-D`G6y`U=P>zHU$)6a_E136vjEvr-b
z6qr9Sgt41?@8O6+R8}LLeykwa6y8%Zy_DkpWl}N4G*lhE({nBQ_L2`7O@mo@3X~sJ
zxd*i`Rwd0m?tUu{zS6meiwy2DM!JK23J25ADg4OPK)mJlNS=cq(U|H7)dBG;m%dUN
zPaQ>Jd5@`KgVFl?K?}~?bRtnPo}7JxmrGnp03^llWJ`St9*)dg1+Nr7=7Lo1ofYv#
zF11qCRk9hfx7*Q1Y(RQQZVGNWA2U7G@5X{!=>zRL*RbO2V)6v-FIO7vcHlz1-IJ32
zkm{tE$#9-8Tb(%@dzf!UyDA6++D#}(Wc)-kuwKJ>G*CvZC2X#)opYnFf-F{VKEWSZ
zhhDwQ_Z7akLAwWGK4-d0w#xH)w_VI*3UJW&YTPKLh(FD_6#hIsEd}C@OB2xT=N#kH
z=fwMmA|D56c|}lIGmPsNcoVZSR;JvRIF#$$;&Y`Ej1IKS{mkEPA31TWXq$F7;63@E
z-1DB@D{Ku!ehrzM&zxZ-MKmdVYU}bP^4PcC9?RPhpBnTbNZuVRS@86)GkeQU$Y<ne
zHy-?T8CK#W$x+xB>5==+5V{s9rm)k5PZ;K%WRelA&yvrORuf5#j6p1kZ#xRo<M@(L
zNa(0{cA%QZ&h7<CdK>l0o9`H9&tXyw?g#mw?M+zSN4kZSJTQ?%di}!8KW)3nQi$)>
zw~>7P6)OZ}WfwO;157D%`r2n`7E@ruGT?^b+UrMvgi>?u(0yAVkVpZi)hC1mzx?z_
z1={+&QSCaBxbK73UYu-@?8Me-yEiqjxf(+m%aiST<k~*no<5lAE$ZHe(;Le7xbWK_
zJ>t=PuoHaXjLofTAbbEZ<d`;jGWf>4KS^+{dJp(ASE&Zg)$ed;AZH;dgJB*oWsBJw
ztm|PnNK982>c-XP)d}{5Z#}y;jAL&%%-4VMZpN;Lmb6gd@)IyD-#KYZ)nb9TN{ov>
zUGRu><UP}dSS3?<QJQ4esXVZoPSyDmhaY`Izk;Rv^~3ClHkewRe8NVR{i+Umh(=v(
zw*J5RoYjSo9&JQ0NYTtU81G4?N>7ZO>5=Pj`y8NSyCpe^e&FWbhC0y%@Z}J!U{km}
zuDC|Ha2M4;$aBaHzc<FObUK})fa$6nJ0-ZV2%x5T)n(t3BxCG2$!IqM)*mn<4RL4$
ziz*z$W6af0L04Qp4P?+$Z}A=|T&dxQO$3c$JttaKLFGhMmkYOZ;@1Io#@WN2Ex1W7
zc72f7_VAa0`$`lYnTy~^S(5ztTJGoI{#e2<`P4eQnHP)|@zrXscGvJtlSL-ram<@~
zig8ufSr1+(*osY~iSHewzy^Uc>{BIUm-fjjbM>HN>0Z@GhH_MhGE?HbKMJx#fpx`Y
ziZ2C#+za|QcgMeHOTXcsii=PFr3LIGqCQ^VfyPnP|NBs$HcES>!jXXbQEu2I+J{?0
z4kTZJ5zo=<554lzqf|PdEt_uQ3S0)&r#Yb)4PAV(^^n=Qe8O#&AB$$UT#nmvDFVLv
ztVzr-ZCO(#i5WOlf+&o>7;8IEGf9Ach8EM8aWMwY*RuuYvRa17^F{Z?6C8ba6$DC7
zky+~rkqD$d@#t~tIma<7K(o~2D=4q>LqyR<{Nje?oCGOHamF(Qd=atkIj1g<Fwi_|
zi8q4QiO$N^h8nJGvBwkgB>%Jd@jD`d5i|;IeFOnUwhf$dP0!bwsR$Xb07Zpg>1BB(
zAA-pu9x=&aiZ5$DfO5bQP@?I0N?&fFr=R=Dt_LFeO?@ah*Jlnqgaask+x81D$c&OD
z69WdKkaD7XujsoS_7pq=V5m2@<u~1*s&kkx={$s?g*-7c>{DtFTps8?)~AmXeD9kY
zs}S!!P#%4R0xr~bXRh&DIKu3Kl8t24tW6BIf#<M}59j8&0O?1pI2kwj=FXMC^^5BZ
z^Q}sS&l;`wQa`$_K5GQ#=TZJK9Xn0OShjNSdA!zU*Nva{G=--hult~NO_$jHjvv*1
z&K~sx&UWFj-deW73pn>AAJG16^F2U2-K{6z^4d_@AiWl81j;JKo>*Qj?ooYM{CxfI
z0as4XyPGH1c#Nxf{r7t8HZ@%NY&aqMo~-K(ZS_bM=WstB?DA^bSA`F5t_)j0ncTQX
zi1vMtZFU+8l?k;Q7UcLfHFgTg<s8ZnxHAQATY6kC?3lWzY~x<IFi9dCJNK3%vD8qc
zHJm4@)2>|BMNsOxUl1F_nN|EXIhB7&IYtFO4vI(9UJ0<-V7*>+Fuy>&z@)K^Ot(S3
zPl2Mq9jNLrsVBeAnJIh_dKay_XdZmrxSuz@?>Y8eYV+3wobb>`v{YT_9<@={kT7qY
zM+#8R?&@vefVIkdqU^IwMC912R_duIjuJi(DIV0WX!9UEe;Rrz{du6uPYCXAUamVS
zXl%3ny?#62%*`v<H34$n6Lv>1qE4M7PL`~Niznk2T^;58-bpDZ+GFrnvmsvjrbGG&
z{tl$?)yI?{j>_~|0KRg@i-xaFht|<Nqz-X|mBy8yDphn{^H*Hb5A&m{nqN-Mevxc8
zEf))1p1gi|K6(7~%#3R07f`01Mc>2Z^8l;VksV<p{L))Ipp4-Io7)8Sc>!+8qmbb4
zR}tb^bR63*CZF~YjMffCz-^JN!S4-G%{F~PPL45Y5Zs<@4xQ5B^h4r#AOC#>jp?8M
z={_ql>^os~OgZ8Mpy0ZnTSEJs*#l==<q%x(;=A{rAOgW7oCEfD^U+IMmrQQKhPTt;
z6Lq~UT<!#zV-FF|kvM7Zqsv>60r@U}9X1bibnnc~x-mc`x)G1!6FiAn=iV5qlEc$|
z*P5I{04g72!8E*-emT}cIeBrW?K{QC&q!rx-sWWca+zIDJX%`Z_mvRZ44>n&aBP$5
z;VY<3_2Sz%l6N$q{UWt;kKjJEc1mh~`*!krW`S9-9Sapr7A~vzKVG-R6vG&muho-A
zeT(-S#l_FoN^R+I#8G%M&X!v~gV4fgh<mUF0=%V0Ki<FXedkUVPR9DjS|7Sv^A}%4
z2247;<lz%^AgCJ>;eO^BN3VWHSE|ydBLZt8Vxcb+SBhIF&mO75(Bt;#2lMee=TSsZ
zJ$*{PHe@86LlDI1ye?&#^hnF5PO%0UY-Wx7y4<(xZD-$4WG8G?W`0R;ZT1;Tt0yh2
zr`T=Wrh>TLJjy<gA`4zvP!?H2B}nRkxww}8Nvbmibh%vWB+?+8mC!uRGhn<&9MvD|
z;!3(7Dxar=^tcm6h`Evx4Rj(46J{L>p1en<9U1*HgLlt2Bl4YxgF#$t?89je>wUoO
z+9d+8q+Ma7YPo;_Y`Vo$%HLQ{#yoyB-ytzPFu8YUO_2vy-OKFOHIWJ_oyXGKC%R9m
z+}-zMk3Wj)o|5odoBn%bN%_yC)p?le+nd~}2zIuQ8ro`Dzbm5E1CQbko5PW&TP6n=
zuSYG7ujq8MMjsA8mgN4a>e;$3dm}?m2u^G|m*-A3-7&}JP6<B;9j#z0-tSJrp7gcM
zxO0F~C+f1|mg@E91n)%P0|OPWm`njK8A@pvsPiJ7li?K!5F?GYYln09@z4RZ?_6Va
zWQl<yB^iKV8(N9<qTxd$vg2nD!!;m=uXUzG&Mi(nsonJjFJQ!z?2nMsxvw}DT)6C3
z99;c{)jT>wk`EXOBu*_}K8o9zExvIyvClsnBg3CyNe8&4C4@le-&DF@{mucw#?%Uw
z*7LDXHO_m$6Fw7H?%;aDf5n%cvKK0NjO05x)vKWGlJB9^7w;Tkmh^q;38ocl6hJ~6
z8H-llSRjag6tB`BTqoJ*_YQ*iePn@l#GHY#cj0wuy6rl=?d723CR;b!m>4<Q<EbdD
zGP5DIwLpk32I=OZw*=Uo&f~b@ufU@CKCJs*x3W{}J^=0LDE#7|itNM?UYH5kp(FbZ
zpFt2^zd5@4pd3TRTb_uF0yw8NjO}P$gyeTsX5N6kl}fiJ5|Va8{Uos&bW{$-L!!74
z@Cf>xrxs=cb1@Iz5M;bn_~`c>HsdUYI<~j;ZNPgqZ{e_~*$8v?7hV6o5L)JQQOj>M
z%C)=9!MVo|UM_a*^n(Ix4PxJL3fbE)kzrrBbJ;05WJ^RXRF^IaW=AH_WZI3M&qfb<
zAEY!`vPa%%3jE$HpI5*v#^k2PH{tcg^DDOAwpsB&Q_|@Tnbkcacn-?ts!AkvNmpEC
z&Y~|l1=<<GIc48g<pu~EK#GX-YAw5enf&1kcI=YJJ(Bx$`^tsSm`eO8lbr0W5W=aG
zHvnKz9^ET|K8{`JkN7X<6?iz`A)23c2Zu}#PxwVKXSCway{{stFzW2BFHU;oTQ5bA
zwe|F+Q&rzo^bujC_Nr!~RLK$^mD_7Z@3sjY+HE$qhvh1Zk2>r$+$9;~bN?>#e;%@q
z^3rhLktfjn{lU3dR~nNJb-yJ?Y@|bVdJW>lFS_k$Pp;s%osmFqenYAIy@L~QzdcwK
z_XcM&KO{{XOdndwX#J#Ad4syg);&{uf*xF~(jm%;9IVc=uagP2wHjrH^~}IqG+XCA
zPJDYh_A{cVK4D)YtkP6PiMvfN-94rUzX0x*iZ84T$RL|`0HJxJmKiY~h|XQf^Et&-
za?71Ebn`64OYgr*DheUx)wfd=meXNB&lNU!EGa~2;W(S@V4P+e&9D88-i2(bG2%LK
zs$Z_5@%zs>X?%htcegK`7GC48<x7O_&C{KfBl(sk)zo8^e1RFVc?3#rGLepERei7d
zSZsSi_D<-rsrzKO4R2(k9cn~OEZNb6>$Y0L_gV&{J$#2VqBZgs{H4!ie!gU(hY;<y
zqExx^<+2jzc;zK&&Q(vOP`ZcDazai=(Fg$YTZud0%yMOswB1|%#IfTHf7Us5XRlD7
zMCrXLy`|?Cs$mn~W)OCxjW47mxBRGQ2+P;xtXia(!oGv`1c@&O;|qQe*_NTutk5_H
zj;gboqjp$uYv?lsWRp{CiE8E}@Apa~=PY|ap0@AOcCr?CZQ%}gJ?a{LA9JOf5sK~J
z6<5&Q_<JOlPpUu7341!eIX;udNcV@tN)v|_u12Z*;cvPM2w_`OA$1{x_J(}Pt+lSx
zrt?J3p4%FF+Hf!HF`=wHguK{x+sJSks5v>t6mItLN&qzY+BLvcxC1FS_Sp2pOKiFR
z`LBh|cV>`cgNt3^_ZA<91f9XJaq|v75`|Y=;Wk~yD)|ms+kUaOI|8^k%9jcptfQ_t
zpU+HqZDjC^0C1^wIF{Z0z%R-LPVWF9Vh_{+-Fq>m(uLIB5+F}Lre6*nWElNruY!uK
z5Y%$!C~|=FfmdVhiHDo}>Bwpq4VW`$X7X~1v%i}^-tVFinzn8wv1FOZ<#A@1HkY?H
z^k#mI--e!+mx4ntJ%*DR(KjC3jM?G8%e?$~-1?;!f6<ym8xuew1n9@f>0aJ*GmOXW
zsc}B%%Zk&YO%3N?G-37$dLl<MjLvz4>}hU2Uls$R^IICeP@dEN)=a%W)WRZ``;Fe_
zJ<*TsGaUeZ_-K#Ktv`aCv-B!X6-(dmZ9s4F6Oldx@z~LJ(akAaicd_{>en4^BTrc~
z7+f33Mm<^QJDk+Z4P>PRT5_^(+&iatDQ|YNRh4Va<B<whHDbQY0^!VEq-RcsUbO=l
zXH36zR@6P~hp#6u+Q%n&tS1)lE>&HTe1zNdo<8WJhcNXvoNRRZXKv|``qBK{vP}I|
zv-Xn>@VP$3fqg3(v`yH1XrCl42&IFRLBS7N!Bht=a!5{m4e(~v0DXM{^6?D0r<D(g
z$t@x$ISw3nu~ck{1$bH?6Sx<ZV!v!D+3r<xF-_%aVv}gaCpO+Adf5D!oLc*hc-272
zTMyoR0?ogSrdj7pfYQ#YYDB-}JGuj^Tk+^F&BrNED-2LVPgVtD=hwI>eLYNXGvgzY
z_Bp~?PkWHgNg6}wk;{*}jicM;I$x&OscO<YXXr~d{aWc|Z))X*n^|;Oo3A6w(06=X
z-PPwLRYZSdTVJLq$w9r45oh7PUAAvkiZE;YN<SO`t~iH<;iy!XLzY8@PqQWT5ednb
z0d<g=t9S}Jnd0ib^%k{!$KpklX8>sX>zJ)wxh7G&iBY8E3_6uizAWf6OUt3F!8!xo
zW8rswrOG_c83}WdFgVb8W3G&>+&Oz%>+6$Z@HDBRlg_|zce6)ap7QRyZuyyYBM#Er
zg>&5Cc1D<Xp3i6aa<<VXN7Ke*&yUPreN^3#R^g?GdS=Ys_es$dcpP&<+*da3Dk<ry
zM<&BNHw{c4yE~uaYADJR*fE~Ws`0t`jnonFaExqkDn7P!<x5z45Aewr_$(slY}|PC
z10RV|T*v=oI%9I+u@wwh*+UDwfPHp7yYm8ixTl1jr%P*)93B@z*82pf1)Ye|z83Zt
z{m<j~ajcT~v(W3G2d|3}9wG{lx&z+}0KGq#<cRld0|)ig8M2gu4#u50V33>_SG76N
z+p@`Q`K>~}wR{Ds5%zm2@+AFoJu2O|qQJgcdJ0uS#$CFl)1yh6Psw#reFGZp3PsMP
zJy*Qyg!aitfLj=Q!Q_KyG1wB!QC)1;#8pR5zngjM!K-m#_F<x#di<4heF?CrFvZN|
z49!-Po$>Vhi9HmDurErnlB>_-K?dG=*O{n)sqpBwes3TWKfz;g7)tQ#i<qr5d`c6%
zD05YO9N*G4SAuP%;!9I#mp13R{yX0^D3+5;=3$iy%Q62($3(bV6CGi$pSKTfn^*Fw
zaR+@=UKZ)`i2Qa2jp<41$)g{Md{t=WL34(sVsA9qW0EJt$CQKhY_a?4uZgMcp0i|>
z8GGPNHS|1iO`{c9=U#e}tnX-%eZCcM1z&x)$cXP9%mNg!%^}~jB!S5qgaWsC8FFnL
z&%)?3;jQ@mOL6at#e0_9XCkHOq6=eIXU0{5S;!+vE=S<;V?uINWRv{N!92Jejc3UU
zkybSc?`i5~Sy~8S;Js(u&4*gt1&eQ2JL+dJZwJmzj>~kuH^R3^4UU~BufC$mOWga#
z_6<55#>u6A3V4JrN-8YXc}y&Z=}1L_T{d$wwtljWb^OWe;D@8zpjFIstzA(L9kZt4
zp(|1e341#ctc6xC;+JXRwAJTxd0lceEn+aDb*!1U4dF>Az4SY(d|Dbg1ZwN884(@Q
z_<AafPdQl$@aCll)f8lN>wq%{LHxAyJ#!&S4vx>E2nt_%dYtvZDr8jB`Mva+X32=U
zAScsZpYA_(fVdN-(D=*<h~9lSQ(!ug6R(NWp_L=UDjTiICsd%>j-;QWUDbD&RkM#m
zyiIVmo+|ft0+nz&SCA=lP>DDmIXb(Ku!Y%H=Xdf5Wbz+jSCS;zZo{s`Q6!ff#QPt~
zp_hMIj^5ZE@w>CKG=P9a0le93moa+w?$7HVjB*V_)8MAb6v@>GG-uAH`S&In!FAxv
zBRh|_Nh}_K-&9jv5#Z^oa{=cq^gp5A{?8SxS=c3yDEm^8D^+XXhRp6qFzW%<EitP>
zXUW*eu4aLxkTHs-4SWCMAiNs4sP`$)Gdd-BL@NAy@&C$uA6cbL;05y2o=4yqz_E0>
zfEM)jim*>%)t5WA_Zp)Cp^$!A19O+o;N3CXcI9$(l{ZwM(IdH7ocr*~&OLigI<iUK
zGUa6YK83rqx77J`OFh9_SuPZ*=6v6th=^q(p<5bv8TysAtbSaXrluh55QA8Uhd<OA
zl$#5bMo4w>-2TjB9rH=BkeFGI+Y`XdX;v*4Ux9bZdSbY9nc|=R?%d|hUl32Q9w5dv
zOg~SHoO6^<5$T~t1tQT1yu3?(&+pnwiv7Ew#Erx=GLul8_IdQe7yWO2l~+=&ktu^<
zud%PA-*AJ_MtaQ1?fo)zk=CSE=w2kp74T`gW7YQ-ZJvEPw=4lOR9WA5c|@bAx9aGn
zQzjZ5k68ZFOz7xs&5@eixp-3`M?t<q8q0D~FDjivH(pX4eqjH2SAL!#A6N!yes|0@
z(#OJUIQU^BTI+BDpC=ZYKVSay=tJbv{hGDD<{Kxmef!Ssq~GMa_uLDQ>5Z<7eN7yc
z(E~f*jk`8(kf0Q?5dmoCK8X(aS*?6ot_fFUZdD}2u`nwTu!k@upQ!`PiD=&ln1?r-
zbRkYa9+Iht{Shu-S8#o~cs&gd_2$l*$`F3FH(_rzV7E>tLr70MdOcy8Pab*zA`7@4
zO+!)jIyL<^25Sv&$6lAulWWW`e2o-w9^Ez4J-*=YlgX^C><%+P;=ZM^M%j@TyFqqk
z?PM)f5_87=-sEaCje!c7=Sj)K`=(u`fBh7iL=m%Aw@Wt=o3zG6neMbZ?Fu6e<(D!d
z1A8pg^NC5s?|qJM47;2L1So05xcMsAp@;e*uck<E$Vy~IXp^56!EqAY18MA!(0h*O
z#cp%B8PRtarqPqfp9bp$Fg=HCPhy$MVGU8FH`<JRFY*!g3z$!sbDg_GC+Muau|%TY
zui^c)|9ybte_qCZscxQgqu8O%<$KgucKAjnf$k9ohGVy|`eyK~PPWu<kwKYb=sNf;
z$v$MI(`9uTr&$+Vq~{KPS&&KL>b=`xTNHr6j0HF+d5ck_8!L>5R42oQFH1rS9PF&A
zxWl$2Sex~T8w`^PufUfxp3>dy`j{)Ob3^^&?qI+7&cDY=f{1t#mR2rGumzcFL@G^#
zN3rgV5=%jES)DhJHF~%cH;-~_!!KTOH3;rm^xE8cD{mnSfE=0mjzYzQd6j5vU+=?X
zhfa$#(G3e6-8G^Rkf^zV*LeSVjDu;M&c1aiZ?*;rb6IEB4jLR+gu<g9X8{N;apMvM
zYhao&!##SwV{Rnk>JT}NI81SjOVCfcP9F$Ffd&H?wgY!J^#u9~$|KH8gW=Z(8sp2L
z!Wg_Bmz0n8eYhVGZf}0`;8BvC<7(0mm&Hj_{ENkb5+A|Gd!>}?J{4<odjsSV!oA4&
zfN=0tQo)BQF&k9ThIeng4}Gd}ohfR<5bxn&QCqMl#e4CQi|Z<r`^u4eGwzpO2RDvm
zaqKk4fB~ny&CUXNTHV6c_ObA<zJJzxj#mTf48;Lu#KoGrU&tO+Z2?j(0uM`5XDN^J
z#W+-XT%pXO{0)7QzlB>CZ%x}J)j-gh_g`H0N^rT}3kxPcM#X&xvagYYtK6tNo<iH<
z(~EguHTvahNI87F;%+F#?$*iPN)Qu@k-3bI;)X_YndIX<EccaC3GeRreK+sOF?QoK
zrB`d-vTR^H6vV^$Fh1TY9Ms+~lVL}zC-R<+(W9j5Yu~e7*AwTVe#PCp`qYo<Lb7<Q
zoX2LM>I30R-=l8#tTH%V5(&2V^2~Ra&<*0J)OV@ivrmv_Gfr&az7M4yBSN)2N%w2W
zKi?rF-fq6q3wZbQ48M8sO5Rr~`#dRqm)_0>6|y33>k2ZzWLfI1n>1RG^1U-R>cS>|
zAWG0dhfzYO8Ky4ea-9&_2Tu4<^XwZssf1Hb{Z!+Zq3uU@_-}6Se_qSxMUCZ6=7Rx1
zc~5m;@2VLa@~d}Z4l0X=wsfp;3s6QCKb^^dT|1J(eWgiyw8JI34{6-afbYHJ1>CJ{
zuu8ZnwkdS%B+hx;9iEyy>{f3PXvFoeBk~TGCkD2rn2PPeCz|MC?jucIs(g6p@i-BI
zr8b@_#n|tel%~g_yQ6zZsUKTf40t*#$G*cjdwS`_E}wGoNUc*}py0KbkyU6ointoF
zdfMX@YX@2#u4L`A>kw4AHg93yCp$vtqa}QANdqqP0=wB`G$wWZ^O%<zWo-C-l9NBv
zKu=n@|L&(ZVc{pCFnm6Pc!O9MB92Z}jr`)S#n<nhV&h{d#{INzM4DWJ?8C?F9IQkq
z$&FW=i?3~{ZFI1<q3TmvoTt1Lk&{2Q);4Rc;vVt!o!Q5)C%f=7muarAagGJ6`B4I)
z^~a{j;p>oZk?oStsPiluCLAeP<f3&hv?qn&$vR4QYo)$xi%;ZnI1+b0c~jpJ(-?R^
zYL?_r+!xCoJY4o=PSa%SF(q(liF4KuJF*;yt~f30sM*IH;cSuc9j@reM+=5sv6jc9
zzxK<+{i&*lSOd1uXI}vffmI&=yx4>8{hYa8B|@tpJ#n8jBHDZ1><zk|^F_95H0xpL
zV$~ISe|9<!77$h1)w0@tq57Ptd)nZASanfxsM5&qLQIC(He2hqp1U8&9;kFaIsTnh
z%+f1dxZb=v8@z7!4dxTEx26a_dxN)*kCEG5%)_c6&@z%IBv#x{n1m|@eNXe4QbZr=
z6FY9bnJ81?bYN~UVd8lz;Y&~&DlF(XQXEBDDgKzT44mW>Jrf0-kS^!GLVkPn4yn1F
z8vP<+*%5q;%TJwGN4!e(!Kj_hy66vBPbZ3aV*yP*N;~3u4WiS(`$@x4IzTrHYt(fQ
z2A}bnW8MJ|O#E@hli>DcA7P_PF^_ZgVA0b7i?eA@BeF7{x{-VdZr_qy#94MGZs?Kb
zW7T9rGI=@dvR2|r?~%$^FUuzGy;T19d)WB%f|ko~SnF=nccQgvb8Y)>2P_v-hrqQg
zL1n^AaqkJ5&9;aFh>n<^DFffWnrPnItlyV8X!!O?OAC~Ip=<{~Ni-AOH!TM7Yuf>p
zIC~$x_;O~O64y=%aE6UFN6hDVCvS<$#Y1xX*c|6$YBl%kkqj6e0lcS?{bVs&SnjDJ
z#T!NAdrhUq#Hoxf)Yn;Cb^;I5**SjG=IE{9(O4~M%@$Z|F1BmSCuAvvUYX1F_Jz9|
zJu$WT$|XDnVG()OymN5m*Zwm$_evT(FuoD!WGLYupp3}a>JipBBm2+(dJC*a{cwd&
z4=X&)P?!z(1W?3LIrH-Xj|)5x;<aZx2To7K7gwzgbneu31J6O93S>|-AW^7HQM+Fg
zr|kjPhsML2e&)^k6TkY_0G8tjL?gB5sF__7&2B!CReCeVCloEO?VDr1TUGri+Rpi0
zu@v1hJ;~biDt=dqa_0V=<|0f%(uo7^DR52EN2jjR_V;Gd&ZMPn0MY3?!!7qIOn+tK
zbLX1LX5#B=Y|EiC{YWU?@Kc2@FmMaxAW#Fc;}ivII2Q5TzVbmd)|V4J49%LzlZ1VS
z@)1!B#RYMY@H0(Fwzkaul;ymwZEf{s4zAs~A#!&BP>*BN?}68&<VPt#oXr7l*cKJ4
zoNGOaxRBdw<Cpr(!qqDM8ZnFSkb^Z@yrtM@*)VCICOcyBhz`B~&Bq)b0&B$ar<<~6
zE<yKWmYOU|6Xd5@6xgzc*cDzK)>D-RRygrC@>AnC3FEVgJ12~FPYmgjz`8xoC_NTW
zM;}%`j|7~|)*RDbIn_sws70-oy&`OaJ=p!$Zs)l^YO%EI9G4Dvd<niibi8o*EuUGf
zZ7)lY9i!gb_lW}VNeITL0YJhggyQhM({s`uEp=J`j(@!s){hNQBW%js$y2iW*&5?5
z6o0(<h;o?v=aP+W4t8EC(2G|jG)nvJLLaMc-jjW=T;<@@PqT#e)Wsso>&mU?iS_r_
zfP0F+C;E4f{%Kui@aI)63(IZBdS8COZvTdvQxkF>)+%E<G46ut=l%KMnR3s0C8GLc
zvz6d)k$6xZHrgoGdJ7~SRqw^PF67ljpE;|ZJGvSC>3E2m`>GO9H(?x$J({1IX=6Mq
z{U1R@-x877Jh`vv@f1}HA>Cc&=wrR;kEb~uWmSLT9&wCox34hPt3MKS?eGLy=z+{+
zzeUq1Nl0VF8}T*D9X-1;gQALk<ys%YqDK)y5&;0~>&W!5Bu{V%Z6>`4NoQya)3kPu
zeC|LWLDLlZ@}{$4RPiMCaT|UtcWJ9Oy7i10|FaR(8c3|368esGbX>R`4@$!$Vi{SO
zQ>V#KJoaz%s0|$=cmf3<MOA$I_RZf>PVh6y9N&Wnb;lKyYl){17C!FgPpU|Z-;D2}
z3IJqu6x>I)yzWv5`NNC-()bEij%GHJlwJ$jdEyw<r9j_IzcMs}y)mQ1!)1H1?;e)9
z-zoADx*Awb`)bI|d+@GK(w8twfkP<>=kvRev!%x5*U8#P?#1SFG}mI|^y3Nd7h&;c
zAkZ-_z%TVHV_pHV-kE#LF58i}tN{2@CeG}4y%(M{SM<?Z81P<)BZok5$M*S19oCVe
zo1+Iqt@)B6%&rmC*i{!4$BByx;)8AH{j&tG1q7i-Er#+Tb*JnDd+*0IoX$P7j|a^)
z8+GEJodcLgu77P#aYq`M-pAT~_{`H7=USkaT4l~fPRsXK@{#j%iLZ#t*U<zMH)l-V
zINC*5t1~pw448ZH(HC%y>=r)2ZIQHRPPiNHD7#Fqa6Mvw<@QCC2MKbqpCHRznh=J=
z&Ih8l=*)T3zW^A1VeqXrLcM7IIZ(xZ3}79mPZ`-wvyZXtX9_ljpCUYTQX>0YmgYQn
z4#Nf`tOszAfh6@@fbYC&*ZRi7#f2^@9B4e)`Suqve9uSY#(*J^%)zVlU3gr}M<0?$
z?8(X1!q~XTJ3T!t%X90gO-9ANj^6^1)$NPqpan-f^w|61Y{zmnc?ftQzOJV;lJsY=
zpW)v|#BK33C$<lP?_h_WN6~yGW&l|9%sn8cpJ5Q(6&Gt}E)z8^-1m<Y{lpP*ePeN0
z_GYqvv6q;%^8RRZ>YzTYI`=X@yc6N}<j*K&^n1V%{yF)c)1+jj3ipNrDa_UhyxBE6
zdh()F7@XsE(WE_|HoYnQaXn-dIvnjTJCB4O=YE41w6G*u$mmZ6+a+9iOfTzDo84ru
z{)S`)*Cy*oBk!$is8nB*MV6-dDnAy@{qc`FYgASq4*Ph<@!CUKvxRDwO2WRMwNv1C
z78<%>NaS*$t@Z2dmwd`a-LEZS{}c9k_0GC>-S}ebKa;Ub87I+^@D=zN?k@Wt{m01m
z+=aK*%P8%Mo)eEISzc%|<j$j3Pt3UDbO3*+qMmp{*%PMtw)#ERa&Kaz=XV6~z1(O2
zgtR{5)B6Q0U6>rRp<7>a8GI&^R0M@u-rkSZP-~szawO+*<D~aVdS#3Hi=wRc?|MPt
z5H*SV-W?1G@Pyc&$K~sM0U-8PP<-!U_df03PJJH+T-Yn;=!GB>c#CR%Sgx*FeW}h~
z((YIrYp2bVm_42rfG;E`&K?_NHDdX?&EFJLd?DDR4qFZY(DjPyy*>pra`%mYeW%Yd
z1w9p)@oRbsh9Or2n!vB2!{G~jZont(0V&efMhxj3f5^phD8J|C8Mmn=?Mh~k%&)oX
zF__SpitK@{v+&5shW5ODzXHEk!w2r0Be=om-e!?Ed?(dU#RyGB+;#G+KIDkxTX3@x
zUF#Z1cMP7(8uxNF^1(DabH#y?$%!^%?TVQl=@9S&Q4>XlEKhr-?+Js@?@e&0Wk}dc
zC%U-5pQ(3{tSlvU6PEbk7eDJ)=HfjVDKK(Xv!BZO-ZL)N2-PE_OB-|eFm$%-y`4;v
zkmzRD#kVMrpdCR>+isdUJm*niQ8I_BD>sWiWBasv3I-RyAlvV#6E#7$vyNNYNWBuM
zb~#4xHrnz@Ot?JvsY!FcuU_^W$x51O=B$-w*7!0-*#o!E^d*=9j{Nib*67dc+s~4J
zW#?@p9D2(c^J=byk4YIR-A5$8)<Suev+d@+ht9Q{@UXi(L4a>UdhR&|A|U6L%h_S2
zaa6u1rG38SCRzjRwy%H7yh-&u;6o&UTZe3_DWWs&J4;eu)?lTGF9uaHZWJ({GrNfz
z2)vuDPo~>iL;C4ca`qxmJ-Is*(_5e4_)PbOwDgOr>$rwAeq-;ESDJ?Bb1B3cjxPp|
zxro00)x&`Cw0uzT4!o*GbvUOclsKvZ89(QasblV@#qD@OIR#c7d+RnyqJR`0!^CpW
zGjNcADD>%?$GM~vp4PqpY|>l?p4;Co`w0PPW$sHC4>@}1V`h7_LGzdjNUtBZol;vS
z#hoS>`PTHEr!RrtKDu_~f{}(JoEsB1LI7^yHodx@y$E7yC5nEJ^VRG#i+Ax0<+T*_
zMY`-~_P1B>yfx&VS7nZ97GrQYt?=Q=W3af@_UHqKByg1-epu*}*RJfYG3VL$5BWw*
zx8CAa1s?wx-s9-NUZ6+6fTkXi0}!x%_;Sls+b1j#Z2bmk5q3w#U2bK~gz@{-t=nNV
zk#$JW&Q87xaXdlS^+p$rnNDuE;bR;V++K)q)i-i*9nAVmmNiA))`nhioU1$1d(X`?
zL(7~rOGts9ynd?6vr=>%ysD{ld<NoLMJ_gTy`NLzPRHkaL+ADCYQW9PxefJ*kn@@E
zuJHP$FW6`KiPi&8DNxA~ch|eBv%7Ro8y#sm_c6|{!|Fcxwwlvmh{S~so;ZFmI%Sxv
zbGiucF}Kt!xDSX!FO}F8qV2u<giiI*WFQs`X1L)|e5aiW-v6DqC5UFhTnq}>*qAQ5
zA;NGRsdLTrA@-sf!fC4S8sh<JBG2cD?K#?b&8XF9VVQPe5m@~A>4kG>X&L4V1oA?{
zi$B{+xCa?8GC1`3+xTVSCqBcWBNZOus{QH~tSK*1A6tC2h(y1D7m=O^y?5?t1U=E5
zp>M)Mua@hp?p7-|ayGuJna6<k(`HEodIZwhJYh%oZ{Yv)B6s4uQt4Ya%AS74It_MI
zAfCKu*F%6@dcQ;J`<Yq!tZ~FZo;1TP$L7wc;d&4oiUsxgNRlRn+!_Su<L+?w>V1QN
zwj-BQZ~)rl`u0ll;m$jS*`@mRJD*40f$F;$Dfe^d75M|q7LJUQ1zJLAk6&h{RifT@
zf-3Fz{qf8kft$BA$p&<1J7HOiQyB^6_?H|AWLiDn!B2e^jpc;tl%BIu-&3uXdl8OE
zQ_|!)^SFYt&?P<++We*eDS7QM-GE%_iK+l!7C@@Ex#~N|@ovvk8kGf41o+Jwq^Ir^
zn=TsMfBM&BH-p9}c|lsDVb9GqvvsNu6Qma&FCl1~pZh)seF^y><M>}wYTn~-U!5VL
zYXUx19;)Mu4TaKY?U;A=6It9%`3Qys^Yu2URuoM5-ez9Y$nkq;*F<Ll4>jF%v!?@%
zs}GMu!{U@3-B|6pMR%7_1aU)ithojE<leTY_5p`6FFl5xDwWgry?Hd`ddn%8j@9L!
z;l!DXsrRs>aMI@0NP5!rVpy+Sy*R-<IkEA^a`6#9zI<QxbX$x;qRhvOa!Dkt6Tenm
zz#{R_A1v;7=KhF_44_}~Lt<Zkww1Euxp9a`9p=R5-2(uz*Jw#g4#f4xyE)-Bz*|mt
z3Xm;HN97P7FZA+dQ_`k3+5Mzq2pxaYJ3G%7j@c`UL5%n{1V1KvPTzP12m2hn{hij|
z3&WZZj^Qq*+olbL+k<JD%9IZ1qsrptO%DUueCummqPx*0CDfxu2k?7Rw%J$~DX|Vj
ziJvpcdbpQ*s6VwO!}2K>qSRT>q04(*Fbm~~>;aQBnw})(u?``gjcwEkUx~{_iL(TV
zeKQYM+4L>;0~PhS;#={F*Ww!AJuO0!8OtI$eQhG2^2kSUpyMc4;3=SJ341k6&sLi0
zVxYZ+ewx3>oK5@X!7lqy9Rl^Y6>XBQf3FI}7Bg39q77mR>t;xOS!DuS<wb|)o|dl<
z?J5!F-fM*&kCG{!92tEogwHCGrPiN4JjQ=s>C(863G+Z7T$(t&*P$10FwxP(Kt9@B
z2Okv9nQq|NQ%O1cw5315*+y6cy{F7T@k5|ZiPP8yo?lcU34<(d3k2dd5gaVNW)=Dc
z85ZD<PT^-qiANu(*IOYVbUDs}e&U-f_6<oq$}#1qAtLS^y~^_xMYWVL8h3956(@@N
zdEZ=UbuU8zIY7q0ZhBsU)>(>pz|L|eb-h>@zd#z!I&)#gY<&D22y{5`H9}Y1=%<_r
z44BI;9cgM+MTX-(O$rDPc~4(>tnm8o*~`uT*|3yxQ#t28&CjBT;tf+gLauK3Sr1))
z-149OJQHW$CW1$+uix9`9<)QX?!K$S3b?eMSL@WRV}{>2xgWzT#SStj)EIUKx<Gcv
zjlbt)h`_UXeF0@ZiO){Ve3`>_5ZDA5C>Ht%F)=!4`#Bz9b1kr@pw<xI7i+K7;R<H5
zSEa$p5gvkTo1^h$1-Iq4ctP4375B2!30EhH=+rrpbT^-TOaj4f$peH`RPsFpG>IZa
z*W>)9mUTl0zvZ^Zpm)DF4zg`-p(mhDbln7eJXtfnxFwqg9Tn}A8XTGy6Pmku92}RB
zUAEnnIaVP2Y0<g0oHy>i9oA`b*i?cJ%EyOJ#<>dT^NXimtuEob=gK`{*AKB>C#@+w
z;C72?c&d9T_W_M$mt-8cV2;=N_$eq(Pq<RIa0BGRxD)`en|lKFlj@lochU9IG1qWF
z?gIpVwQnhu0oDwCZBgQEYkq<e$ntxXonON-l$vubMHa_w<n24q?G<zOrqW!#@mQ;U
z`7gQW(k!Yb!MN@6>g{O|wq8rmBc4z<+Hv7Fi(0*9qaltG&ATLspsW(vB(vK`OXV?^
zqBr+(S&7bmmnW{bR%c%Q`kIa2PT*SCS6?M`V;bE~pA^T(jUS^Q;p1UaqmN)(z5)&d
z<~2ugksg9)<AHk{wCi)H;=WgEpBAtv|E$<74JJeH(JPY?%y<2A1Z&J0jNq#irrbMN
z2*$Q27<Qp6S)b0SiKjzX*J9>R@RvU?clF}a?(Vjo+3<A)Q=fI<W=Wpxp#y?O!u-vG
zrPAq?q(m~jy{)5T_4GZA>jWW$vckOKkFXKpCTxe03(0$TC=OOvNPf;MfqD5e#81=l
z?9UZ=Jg&_f0XzydsdJ8(zlFH%_k4*vvND{J^f;gF>VjQpsP>Gd3q|?0=!}0h#o(Kd
zw0)kzxs*auw<E15#(8t3{RU$o>d}*KXv3w%d3@L5^XICFfIEDM!R4TXRPyDt8#KPO
zk5xA9_u?&|L?&xUTEiMc9NLQ((cjZ}EPC5fzm;~cw&W~jJ@TFkMI5I6PyhQ1%-Xe&
zQBT6mSb$NDt(=>OzgXLQm@BCXtZPn)6I*{TEn^DKzFLea6$KRth^Rj7!JgB2h2$0V
z@q7yBW~)6?Ng<4?hhz_b7Ik&))=B4Mq2Lz+Ve32!<PzZvTNh3}DBC`_1Mj_LR^me*
zGv^{b1vd~7m*AK}J4NWL`M`J$3kE>@dOTIK*5<Sb<$Xul;B&7v>ElF!P>;yf4AZNC
zDM2XaDQ}#-tvyQQTu|FHEhh;5bT&sX_$%8B9ip}?GWj!oy2zM#siePDgc&*VonsfA
z7><m4Db>v`JS0C+Fb6^L;b#G?UrM`82>lAcBRl?N4_yq-bJ)(nfM+ov=S`V6rq}(>
z@WGwbOu1;49&wnujEL^c=;t!9$4@&fnc0NwlRQHH8NEN!2`WQ#8(T<Eq~3c0O~d8v
zAmqkS4&{wKo3rbrgD&@b8=VznZG9v!SdV7tQjvTwXsq5MUTtuao7M^K(%lmWP#tbs
zN_(&Y_(7B76-ZQa&LJ6n+comyBkw59{1g&vJvn%Q=Yk~^>6?KAH?G00dAgh^yE@N-
z5z@JIMau3Wp>zhb8WJGQ8eLdg!q4snCi1+pM9raAL;(IcATD20r?+8ix<q_1ihC1Z
z;onbnwASPBd}I;esE$I!BkUl!h^)YQ+tI3kyDRcs_&QwRJO#j~$%QcYLKfLEBh;VC
zrDb0`sy7dz?7^Y@`<hq(yykr%XD3SzdqA*TUoQWAx1gCA?jt}Ks6`>TzL0@H$m)ku
zdhShFinHNtG1~$D7TMENZ?0poQMm4P$cs$=<o?A<+Xo6J$D#-_d)VQY+=Kji#7DS2
z4oU|2`QXV$l7aTaCw14=w--+HEw#7Hq1g@5t59h9o=LpnK3k00rem*iGhWd_4oosB
zqIK?D@O341Rzne<<61lBu?i1*5l9N%JPA~UlxX9ojayg>0wvE18n7Mz4$t*%oql|n
z08*Yv^Gw#Ga;=kNx!JV*u6JEimZ?5cO;C4B(0UKt4%)*L_Zr7P4}VO`?@6LB(?po2
z;PG}jn=oe&w`+n{Y;iG!w=ZSp1bg51bYjY;Zt1a`u1Qf<k~F|y2!7h)9Y?T9eVj;x
z)djo{6!zpjDV1j#0@WT9i|~&3TjLdk5@dQ9_DZBM*s1Kqcm=<7679ZGI!D^|OVYQw
z!nZi7--xl;O)m5dc?7OO<Y|}3n)!SU3JQzzJ=n}HYx>^u?`7*RtiC)i?COorj`qtb
zCz&h6QTYV?^)fXK0($(Je3bp|vS=3_xsrqj<PMEa`<2FrdSd$7+LuCK5~XB3u7K1U
z-<fzFelUXOnW<kdROaDFj{xHI<jxm_%)I>I^j-?pDTu|dpZHk9LXba!cubK;>sy2L
zhAk~_>ety^clCPdL@3{hH980lBda&(Sg{b^07F226}k#FG-hu+Y3y(NW$(TTngQpU
zRq*kxj5SU4Jw%b=3Um2<ongsu3qJ{xm)8U?^?euvAm3|iyu4nzJ{h-jZ$N9VJn|>8
zYq<|_Uv>YEGxG|eL%zE37D86WcMhes9C89I(Lb-4S#b<E$~U9;GZ|b<HvjT0dGxXL
zf#&Y4lkZQ$hE;YZlL;@MJ-flWqh1=|>gyp-PHa3@yI#h@5g55FG;bFy<JxH^#VmHD
zOSS;ZnU9kyYkJp4f021`>D+@c$K#EGryQm8g|Q?r?E{`ZaD}O_u&+Q<*L@`_$4I{|
zFv`s}z6k#J;m`T|!uRcuM3OS0&u*WHk@&k&uQURzZgiqyGMWpZb(}aH<232o)oxny
z*jf=m-4oGedylC-osS~?;E^9EICy6dF>5@g^x4-&t-B~Zs2ae|)LY-dOSAcMV5eSg
zx%$Mpk=M+~cM|`&8ccfC$0Y32fWjdIBOWSYZs!XlgL>0ru+#}o$2jSI9rvlei%4eV
z<2@eLZ>!o3e8PARAnei2x7Ov>m1CRwmCKP3uj9wYBx4@ExqVg{x|Z%e*!L`)dNAwf
zVWFzC*(t_ZZ`<uU_-NRdC0WCU?j@;6T($fqL+0b}^F-@EpL8L7q0D;m1~%)XQ33mP
zf;|X#cIYSITZN}AKy&<6op@~bfrrA{-dAqn3mNU*c+mQ_o!xT@Scg}R)EV+GXq||g
z>BfQj9Bc?N_`xB|@)4rOxt|do+7}x6u(uvpZR*6Ow``U+q?LpGi>zlcEWKDjPqIBh
z@-?i~+bOVoUDYqJkk#@l|8Oh21D8Lm42k;sFqm5@0M5NYpiioninB;VbX%T2EwFvH
zza#C7b;|+8sh&<h-I^rD1s%yx0YZEYf`VI5bgsf@QuCB5m?4HrJMUItKOXF4quYHZ
zufeQ-ce2r6HoHbfiJlNqAK3DIYPAreZu)UNu>IMzE4*>jd-ddf;_~9x)-{c)x8*dv
zEyO6UU!0_zY^p`WiP-Azb@y!LmHZw}3hfnaz4wWbLI0xJ9ICM7HqDoZHE^0bOd$`z
zy+4-$0*|75HEznm3)3ra34aH(?NC7R<qy~`;81?*VjhTh_StQgD=x{3WOYD0Yg5CJ
zP_ShaTwqHH5(m<!q$vEW*OW$bmfj*brHE637IIn3bn;f$6KKp9Qg&p64*^^=7nY|0
zp+fm^1KDz}s~uW?G-??ibr`Qfca$$>6Xq(~T5<4Kq$GJuS81*%!efYf{g#m9@T0~y
z`$bC3D4o+f!tZa+mC6CQ@<^u=BJ}cc1Iwhn_E;|ZgIJzaB0Mbh{+_e=65}f?h7X$K
zj6n(q#os01&#PbC*_`eeipn9*3+#RRXis9^H8mnEccVKzrn^3ClW@p}&bdT#9iKp2
z3+MZ}c<jKprSJ0I(o+fXHTBt{K&$AdIF5z5KJ|IS55ORdTM;0fuU&qK`UsoX9+tH=
z4S)s?KlNlA)T_e+=_F!xupY^~%63|Bo#T%{Uk3Munt|5i&VoD#8d+_){cTma>YrmK
z00MWsvBq*}6Yi6)R95oY^>QWQay4o>I|*AJ7ZtPU<sRGEfbRCYk7$&^c|!Fgzy8L9
z>~jw_jDFnQIr82|t`pxrcE-35rH+MB7i*rv16ZU}EB;R%aDqXO8KWA(sGkF>gqP$q
zxX{@w_})u4@uR5Pg5ivfA;<IS+%U>MMq`y(0S2H6c{%VANH`1CnzJW!<Kioy*5x|$
zMd)vZ0rwZSsFR=bBIrRvwh<%P;_VwSC;W&2-_xRJYuvssPxlu-pX6&9Zpw6&LROr<
zlQBQudlS`erNXq@;Y-BCzD4j9P@n0i4-KJC*jYTluUxxg4_40HK4926i_pIDh!O7t
zQpZP6r9TsJr96$hml+08#-7ffOI`&+<f@r??K*n~D>0+iz&g9|!Bkg@BswzZ%+W7i
zHd><WJ8n=hNsFTi#ymVJdl{`Y??DHXQ{&SH>ak&kdg0a07?wG8Met-7Z`{hKgIU(^
z;qz7y;_N(%UDPob6f1=80%4n9coNDCLA|B)ePjgA(A_@q_Q3_z(+!vR<{-rJuOU_@
zoho+tb3qrr<nf)s-hwaW-#2g3{#qGA3e|BB6OE(gF3q+1qU#^b>a7~@*p7D8hx#|(
z`XOC1UnB&VobcSISTKlncRy!Fe5Bq%Hy!p1QF3b9(faI>w$sm<drI#PpL>EBKc~R-
zne!lanzkQjILGZN@$V)bjvW+E(SYLucmigFkT3cH0rhJFh;O791wp^g-C@#WPlEts
zl%}MitvU>T&vsexny;Z<GEz_fUKmtWbRzn`6@+^HeAh{6C(%?MHr3CF(Wbt)SA$<b
zqWoC|?9WT!cq-Bf-|RuC5U$f%Jy#auvL1?4hrGG(!<CMuYwG(dJhYQNv2yUrd{K=p
z`*mPl>x8$I+nz3cGJRU=dqueL^~&GiV)aMuWlV*;R46f1<(LfHqf$%52hvwYUM(!-
zr-SXSH8^yv62Xo>5Xpe{4hZ>NlMdnF>csF)Xx+jndLPmCc^y9$i^InQm7@H!Q{>LX
z%F>gP`}vVb9GZP~*5@I4x#(TS$JO~FEap05;^T6sZdsCh=GEX^gOA7_l1xnNle2)A
z2%vb3#yvUjFn)P?^c|DjZMG91%D$!29=hPL->D0Jzrw%DKs`pT{%EB#6#{yJR?JS(
zm$@oHYJOIY-%l$E<hO-kn^loV8a6R86)>iB+rhGOdPF@+TF+atD%*j9p!vS0MXYrt
zm(SiOA6<Z~Sg`Arn0aFxU~e&erSv3#!<Q_kASQMyV!kNetQ&3W#ZPD2nY|D5E}wJI
z5(Uha3kJx1R%purxC#%#{2CR6DB*UuiKE{tnSC$}ITeSv;$CQF!|ySV@z@SyQVDKM
zdPk@-0-m#-_j`n&_H>Z7^3MRTZua&#COoP(l5R&VwVr-@C|?Vz2`kmSs=9X-#j32L
z=BZ|K^PTD4`Ojn~^57ge*03z$ck9hV86QV}wCmD$jc~=1XAb76jhG^5nL1o|C(osT
zo1vUuaW>hGJ{^JpP88yS?Z<-%)fJK@7w?6m@pK8}<l)ot7>Y_(__oFAr^yc)b+pdn
zU_{?o)he~Ox^DFx*UzKb;_ZSh1d_n|OoLc4cj&xIWNo7R_@FgL_CD}Aw>NvF6{)%-
z{T_(9y4!PM-h`PQ82_Sai2<3vMl0p6C-Xy`(T)xh5q1E5YU6QoiF=v}NiKA%s`{H@
z2Vn@S$jcMe>k*qzLB4u~b{q1G+`nwSZ?08)r6X=E!U;S;f;40s<x|?ybVRnD=sp(D
z#e~PRJ(flTO?<wVK-<x$TPbh}P%TnCGnx&;Vw&h^xpB^UqT<H?2s@LcNpchlUx`Tw
zmW=m5Qky(_`IqIUtgWju!v_T4a|xd9exq<aVTG>L<^5X=*x%d15vg>)p7a~4-Y6Ow
z{y-3})cO1-xW^723`0-E`=tBo@w<vg=cT76E3fyojSuR};vKgGv0Vl{`m^p=3mq`5
zNBIE-Ah~m^$=)*OIA$IG^sXn}&|}{ahLDeI1{U|I$mJJO5GN8h@7=BtPlmH_GfaQC
zwdu1dTSVtYxts;ki6aCr)nGstRX4H@KH+ivr6O;)uj{f`idMfVGV)M&=H@=0A(2Be
zQ>Aag#_Y)jP%od)vY~Vie(pm8O7Rf$2}3s9&r|5Q1)J!Kx48dY8@c4EtQ5lIvhlJc
z8<z`b7-zrCab|1r-+o)8ncZ~~-@=VFvy}lT$}O}YfKKgcoBW!5YJi^}L*hErk_Snu
zw}<+K0jK4-mC8#itFn~c=ZMo`OuB;gkZ9}kY+5t~ZU4L}7M&p@Nw*K`eg7yKiANxO
zT4TE#v?Go`^*Fp}R$2Ipw1cl!fZ}Ip$>NFWXoWQ+FNgJY*F{L6fdD%-*FnYVnBFH|
z95oIZyKNK>Zd~+>Q+A$cNaITw0q}G+>07tA=H+>RK|aHqsc8n;<l6db>h=oMIegE-
zN$4K?HoGrvlYyBPSnE?V>=TOL_o=%H2uC0z@Eiv5Q)Rg>55-cF5oI+7&Z(zF!LLn4
zynC^jnnapw#q6JofnysIho2ZX_r5sITJ%=qd~?E(7H;h~pP1?~x!t{@6#aFM@Ubp0
zck(ELv#h#vR0{Hu#7OIz7egs0DPlsyA2E|ozsKM=j|9P$rE|8lnD_QPC44||nZOQR
zne6etQR68Oq32e~{dqKo+2x~8xWBZXz;UVFA1dYL?IIz@U@xMZaFpK#n#y7E0ig4$
z3IG+$Xxv%2QD^Uvd+mHo@MsKs^A)Jf@{=#;OdL4<nEr)@=XWl|S$TOuiJoM{5-DUF
zd{2mxc)l5tboeQn#4ZXjv2RwqN=ETk`^4As)F~7p%}(9><R6ma6J3?GW^wN4KkhlV
ztj)%sir<^-_b{Hbx*Yd>)zQn5ubs+W!>ia&(OgdZvk>^-Lz{0Jp+>;NjMnR_OJh`c
z>-#j-%5=x|kq*zhPv%F^FDqaFrXu9Z0i%+BV(yh?BslerXWLUOPiSt`XBDB3kG>90
z@rmARn$>3b4IS~bfw%YaD(FFv3D~{fClG~hy3O20j#B{2cgT()i#{5COAQHk!XH{b
zy<eHRA81r8>r=ibH?ds4CbocAS@v_4+#FL8MN~WWXp;%FZd_m;i89p3y6W7q?=rsD
zs~VXM@FpB!MIgZ3QayP|0OH6E9Doha8*Oc}Cdm@B-`LnQSNi?$m)b1*B`Lq{fm9D~
zXo?J!*|VdgI%wPS{&U9X3Z#U_Z8I^dlku?V0$Z!0$zVk5)n)+(V89#Sx6(Ttx$~XH
zoz>I+>Su`Fig30I1Q#7m4w;KYG#_(?R1J6vmqrSGNu-P_p%JoQW%b%LFOtm~i^VQY
z<SxZ0cu}XhF%PCe)Pltge<DN~t>d0asmNTpZcg0#5<+o(_J*ne=4{f#yfDA1bakyI
z*ZRr~4o{rnZy*nx&*jC*4fWfQ-GO=;O5;G|IhYI^Z12AM6hX)TN7N2==iLQ{_bLmP
zrV<Jr&pC35y8C>->i5_%A&6~>3U6=hk(hIAJq0G&I_IF$W2^Ri0f8PJ3@*5Fp!DsW
z&Ep+);8Vn}?zrWomrKV$h`&-Bs<=;2nd~5#P0GN!iXT=wVQ%@&#h*$Nn@6FlY@m9J
zrqRyUQHwb?c=E)#k=rJ&3NABWfihVpv2q&ZM-~RvuYQ^8hs1yfxF7c5Rwv9_#l1W)
zlIIAgJyqXBGMjV`+8iJHre0&)V-=1f(`<~4!!7nrp;K;gUO#E32$i+kPaZ+E^5zp3
zVeG~0w&$s02cpv$9erOpwms!-timU}ykK&Od_!FFti0SFPIcKRlFdpM4mm#QxMWqr
zg6BI-0eXb_;bNrYp(<o_T)gB@i>Y%;=45dKFFkdq$(KEz*o*VIJMEr+B<K`jtpP$8
zMfsHsl=C!4edEaPRaA%a%ZhFiFXO<AP}B$B(|?Y9Gx&3h*lHJ7@6O=@H*;-ARyNNz
zGc?qyNETDd)CcMM)YAJemuqylzcX@vkA3a;>#F*cn$A(IbBHbJm09?v8BfnFUunF2
z9sn{wdA#w`2vyBzoqYtaJ_(Qc4FuLB!t_MeU?86oLOjVX2_$wjD2$(MZM{Z0k|ILv
zM{m`XB$~7wvG2UXYM|5d*RP*J!xXTjcNwclFZ!e%lGB3cWv&}V9iPdIWB51c&HFB1
z)eympjrxQ(7JsUlT%w*}sL7*xnw4JSl;({0t_F^UF)~}>{f6=K8qVP5+ybX7D(l&o
ztY=(GV<PWE>=_QFJO3;OPJVDAE}_3i9o4OTE`2U^PgzR}S75&Nc<Lqhj-#KM0{d`m
z+qG99KkF3(yq0j6t`%e-I!5&bk+iAzy>nGqNDsc1PEW*j=3&%etsH9IkaGk$Y`-yR
zae4uWUDHP7bEG=q;kOx{BG|JrdvC!O$XiKRx5U3mt=H)~{95dS)(!+*z2jIX?`;dg
zimfMKs;=4)!I;Q31%H*C&bN!WTFX0LRk<3c^2LnC^h>pHJqi|S)r>VRw!IMGm&)h7
zSBd04Qxszwd9O6Iv7FM48!Sk~A>5gEq8}O?Xc7l!4kKOSoIYYJ^^z0Mklhm^VZj$)
zTH2?|#&tGAfaZo;R)9~3#g+GT(zZIL`%WFHCrUNdQ;aNjl<cHBc)m+@tyWr&w^H3M
zUEfDQbezAg66q7~m72tPJi1E`-+*plyLGdlWZ1sqllV%{lf>5{wz_%i(#CLRzI1T>
z>HG&tI`=kQq@xrQyI5b8s9UE;@FD4vScwotud`m6BN%~ChC@apE#9fU<uJNg1e0HW
zQRXvCa&kp{c;?uBe0l6%y3HqZTE*;yeM8}d>#@PGTXCNr;~FPEQegA0EJ{5VVK$~{
zfz&GRclvEoPN$nCI+rz{F%P!e^K=;n^%K^<JH`E-nWI*9r}LfJ8<`9DGGwQ!Ut>OZ
z&NQ$^eMb=qg^{;_?q%+SN&OA5QPqyr(&af2@5YVmQe^*K4F2}vjcT}lztbS;&h9TG
z)r<2d6r>aLh=rX78Q^<R;utH)T)WHUPPv4SX`cogd(=qG=g?(j!b22!#*XpRdkT3Q
zd2(j&Q|8}ki~f1|bzGIOX>B8F@pE6b>_Z~=XrV<Id@w7G>krcCc)tvaI8<fZfQ;X8
z?kcHa%g;4!z*%D)-SXSZ>za6Rd(wqGlUFlqsq4L;Gptt&>x@ov_p27B5yaEY4fYDY
zUy-XX8A)<)kh<d6UHFX#@}od0+likkQS+o=3La2-_{Va_+Uk7Eq|1WPLBbOjqrdU_
z`CvD`TEvO22k!VXe-?&9|J*iqgqw9_J%&7+jEZlq<lt$VF3A%FPx(ENQG%M$awd(X
z2m9G{&VedU(L&EW)<!2Te%mQg5Ocr54}cNhknWQ1I@cQI#8^PAj50V%%A*GM5_FP4
zpGOWfg%8BDH+SgbO;6F*9M4w1b`=-(7UHYPjBdD|YS?;ZNN;igCaj#Z9#E!vM>BbP
zx~SW<9*eE!Ue*k+EeV3rx4?X%N=XNn53<26%er_(znN-t2q84Gv-1J5!^Gsq_<hgp
z0Yn{(v+zP=C;3NrGltT8+TQKp3P)eN^H5V83$RvXIhhWTf>#}My&K*nc*D|Bz5%0g
z*daS+_$m*cmu2!h*=j;@d2!$boV{@yeamdm)dcZ<Klzs7gmg}$VANZpDL1Bb`>PVa
zHavWqc*OV|k5~Tb^m}^&vIv)T9#6pzvFNdv96z_T{myacw9f?3Ir!dH%2}wG0S~O;
z?ysO_3fPne<M#<?3P`|j5xg9zot7sM*uPA7nA(z$W~)kgalHabB(~mm>^5OEM<+pp
z77*--34vGh?o|ScM_#bUGYTIfrTCynrhT1Q8IbQuOGz1bU%9eLNT1;<o(4c~W;&2*
z4sgF={y=vD9TUT8O8`LNK*^XjR<o$5p3hG3>6>rd4qBpJzzsWb62<T0HZ+&}1KD+N
zIMucUodt)P_sBhNif89LjckgsP(5^`O8P3pm2Y<r;LmMi!@qlnIZDPusB~6NF|*ca
zZ_)1UF*B(q?sBA^g}pB=!+Rd5(0utleq!|-*<s(Nf*HQWSdYluAd>0=9hIV&gLb4O
zeGz)|y~~D%N*Xe|+ww`umZ%Q%>motBbqqceAoTK6OA$g{$3(AGp75-5^`y6U@45Cl
zsNh-ab~+JAx!)J~Q82nG4w<)?yF-@(g})EB8d(n9_QY*m$A`0IC}Exk20;c2N3E75
z3}W=L&^NyvcB5Y`8(yo_P`u6eiEya`^a~*&_#Ld{?i$hQ%#g^(H_=BA`-2r-VMOy9
zD=g+grk$8?3OL?SEM)+se-#9H2$8lkl6gF(+1sqwpCUL{Nd?@cIT+w+k>kPhbF*c{
zZ~Kecw`7mk6GR<3-&XgG1GbUBLdHT^(ni*cBo=C`k>4l+yRrS4tc$K{4_rjxL=g~J
zpCvj@$Dd{nt@(~`w8!U>u%;hdVcF1OYwW4H=Arj!;5x7r_^*ldsdESveD78k@Pv7f
z3V*HTQxZvs0WP~ah2fL^Tw-l;jMxddUb?n1(@P8^nrS)v4S?`?&<Kh{83C_)rxko{
z6@7rDN{^97yjuG0+Tv8+hQ4=4&r_ghiWCY<aG#3UFmmOfnOTT}QY3D_r11%-0L7R1
zL#xHjzE9S-;vpOO#Ve^<aoy@Bd~@#bp5QpS@hS`V)}Hx3Ip0@hLs#<2b|t%6y;ymG
zW!Ggd_z@YywxiV+UxmC<hZQe^DD<J~7nA-7etEoOUj^3dq51LvUkjuoJs07yYv(s-
zgD(q1ePc<!BiMB26`_sQgI6x$oh=!XxQdnXbu35nKnjP2RL7Zo`i$I@?xeouKy~M(
zO!y2h4t7$Uu;t0)L4{YoFBtKO?u9HG7eTxC44`R0opjgq$aRA<cT1)P*3+M(W;2J=
zH{U7n$>Uc6YPoImA@o38dJwHkAEdsJ1KV$Yai^WqM_pxkE`oyJ_;$!`{T64B)pof8
z2tFp7uT|TdZk#K*$|yJdCZ$--VCi-+EvL&P*)8CS6gw$@_7fQWxq%FLsrNEHX!I5{
zRWCj^EdEHP@@ejufV1#BL8c`MQ%L@5J_$t)_~M~0C6>XQv52(lqhl$igIy2CKGU|M
z_0wU$c{H)tW@y?dIId5@&(DNiXOtp3P1Zu*-+HSmxNu(XWuT{#!+;1Rc530l#pr#Q
z@{~%G9z@cD`1Wfr7>-b*TEe5&i~iW0gpQ94!I5vX>t5IUeWjoCZK9nEV8;|~lr-gK
ztu;Sc^->}pkPsg@+fN1EiQ&dI#~b@3)>QN>ncubo;!Zg~20@m0WeN$V0!KWE>a!7I
zjG8MC8pDWgK$Duc)C+tC)oZ=!^iNC3tB#%uO%~_gC$G_A>uZQ+f=9^0`ZBpgThL0}
zcuEv4WY1#7Jse#L5rEJF%+ff=((*U+0}qZeIvqG?#Q?ehTT~ly%wk;5k;8gEcY#aE
zI`|D*#nYh~oQDTVF28yMUMGU?sp#uxfQ{_|`IXSbV7{OK6AmLt^>AG^cp{B^D5}i)
z>_Mf*_qVxfo*nXU#4GU_z&+;$CSQDI@yRkNZU>NFGb9b-bvURDJ-!t$TyiDwaeVEm
zzI**rs_Y{Zn-lkCgBhb2I{Y2PJyMM{b??w{6?nw&o3e6;NRw~f^#{_okl=o2c5KJe
zubqiJCv}EdkxY4O8&%)iO5}@YuYbooFW3@=$9EohO=g9V&cU{=gyT+nAs(*Ho+_3F
z6DCm-ES~{Hxld;gjONkz-)X?G3GsKB;Q&o}gMEj{;rh+Cv)WE@)dYwty2xlARd9ZG
zQ3pg0+ylsq$#g-UfYK49s<H9*uQxE*AmzPy=f}S=%lmyZ**)m~&0>QGAj*kPl_#v*
zqpJtbF;sn}orZcDf_ninGblzl^zOl_SI&~}0JLBKwu+WxgC$;E*A_g0;d0v?i8E-2
zy@8`P&|cD$YNpCIiTcdYzajD2=gyK{Sk}6T4p2pW_}djm?|LQo$hq0OWa)W&?P{KL
zwTka1Ly}{EAG<)3^#!J0xn1oP_$2!}6EA<RYI1SEiJkQ>OA^2Ft+*L~mIVHDE1B({
zbP}lLfv`OO;N}SI=fR7$XeO>hMXzw1<!7iuE<mmEZt96F<wGV7W_(rv4hDs*J#j&?
z>1=$_(UBOxF5DlWM3<rNRK8bQBAVAu?jg9YCNJmMwY*%%nkVxK%8{$MJ@I|@7+OZ}
z%~-rb)st-gR{AwV#?b3L_>IX^MZQ{wHQ)HYK#x$TlX7?a-Vm-EF!xyT?f0+5!FOS^
z1<$NaIzONi-zVfP#r?{Qp0X!BTQB?Rgn?sMcAxO<NPE#P@wsY$Mz_5_$NFm9iT<W_
zCM)@)%N&pvK8ok~Q8*(hnMRV#^$K8~xtY-D>+o-X0SXrG&jR$k7o;!wPJKqQZ(Tl0
zzZ<opy_Y=N5jHq1jURzF(XVHEs=slE<CoBH*?UvlaQb+i3(6AwwbD)CaU#E>;d+Bi
z?!w9s$Fq}gazg+HEtkxL5=HN^Z*Hwb5CGZTyXVZg_I`apE)<``*nDz~B>Ee>GdFN6
z;Ik{H)1yPTwKNy?<*@J6AKrP;-~L%TwH`Jzbf@jCaSj>$x}T4(G|@gCnld2Sc*bM=
zIMid%xiKu7rqGy@Xc(?s*ww7jVkbgO-t`EwUGpNl5_!xlFAQB9hVz;9?w6S?<TGZ)
zc9EN>-*Q7@5d{uXf21=Yd>Ld99^Rb1nI~|BZz==IwC=0NtH@^-&F4E^%20Hk{8G-_
zR*OFV3a(Gm>UYXOXueU8A$CPDz3_gMlOU8!5Eq+wrT8q4`3p;E{YE<^MqeB~#_Vqy
zv9sLc-+6I05IBkDsl$#>&6ga6uP@Z~9N!@YDPW7!tID>o;+nyL$xSmTRI-(uv*Hht
zpcqTO4e8bQ{%t4B4UTptUetO^52NDq-fGX}OX1wKHU6G*MP9gbMHbIy+98IWrxfC?
zjA8}#C&2m|Hdb9l=N4ijpMy0|!3DLV8oa!`{k?p;>>{)-{rOT5806FqI{uyUZco{(
zOK}hJXQ1)r5Zks34rhZfKljs<P>%y|=lM+9bx#X7Na5G<G`x8+Id6<0#8cHh!2D-X
zkiYwm<yK+5cd;2R;dM`jsTM=mDXfHg(Cw_)Zerp`yH8^XtfEP54tJFARUm7un5xZv
zZ0e=;O=1D3;J3!!QkxUZpF8s1&xdDDZ^9vA#Q0|0KmL*H7t_yG9a`;{&(Q9g;5sfy
zz`N~<3rj86gOt9@?rRf~9Grl7(euu=M(^GW?Lz!k-`;!hPS!d6q+bK>WAL^|x9M}^
z#;Z}xpTCQI<E`7SbZ;xTJ%P|2YkhYzLij%By6-m0n$ZA&5r_8Zd59b>{i!9GQx8V*
z1`*AB3UwbDCnCN&acLc^K?keq{wC-=O=x<z#iu4ma}A8f;$LOq{cyWST<m-Wb&0la
z8D$#30tZ1fQlAwcUi${h?zhW0nM_zB^mGXrmwdY{dO%A6bkWB0A!+zGpQC3+B1hLh
z`_tKdf3Z~FbZHAqgj*+z(T(m~;&#igLJWOvwowO)JybOkeCaKmji(Fp<g3}y#VO@I
zlKqX3mt9Hsd(cuo7u|%Gku|OzAEepK=1MQB;>i0Y>g3IH-w((wLCfy51ZCe~VW+ON
z5vm)x;LM+SD5H^{d$lt0!Bj?RmxLPo(Sk!UrzU_N)=sFy!+_>o4$!!y3$v*mdHC@&
z?>>E2a_=|t;Yd9;U2m1?S-^7}7jWZ#RrEp0qV)A*7dTCM^2@3-h<f>n;G(Ai%t}u1
z9Bp3zCLt>$8|Iniau47`g_=%=6k_IuX>qAc=yEu`pz*pBZL~DEv`6n;R__AZ&sI)f
zKsCt$hR`M*XLuNQAIdKOtn#w@2rWqYO$fU0j|}C`dtl%j#{KwWN6*w-i{~7;_dST-
zjnBlt>pZ52IoqnP`<B&~#wMOUQkMjRq!#g!!RPBZdUailL7Lw};8*KUUgF*C(RRkE
z<s2>bwkmtz*|_4K8Ew(=S@ZD&yq6)gu+6CZ0_<H(jLc<|J?1WbPWjkV{_)ke)guWP
zR_JrjwS&N!%pOuN&%X<F8ONtTqY_U<>3IuZg=Bkya&EW|>eJc*zz<Km%h6W%#lb7P
zpWn6rebz|+++IF6)-P_oRPI;!VZ?g}3qqbXU79NQJ2!=DcI;_Ak3zUO7as1P&?odz
z#_C?t)^iY*K#j^l%hGhp;rqNhEvPs7$vM!<jnZ$kj0_GY&)G#tS)aCSNb7K6;4<cW
zPI7&1TfLA+vaD5^kS$Ns$w=VFn=HrT)pbI!m$y#l?YSpUL53YkA#TewcsGLM-u0Q~
z^zkfwnvb3kda=V3tbCMx(}3z59(u9QH$dW5c1*M#mT4O93O0L~%G>#fEtwvo9{@>8
zen4dS9ksD)ZA!4Uxp~JSC=#b{2qrcl*&!-g%iW{#4f=3(A*wNc=qL)d@NW}JC64zV
zKX-A9C64QeIe@1{)_IwqOuzyl&TlrB*b9L6+QV?a&Oy50na}MAxxAxLU30vijA`t2
z1~^yPDk{IZsPwh_y!W2KobwjU!krWdk(h68Yxs33^77?yT)jRk>QI70l<4gAmSY37
zNP|AqOFna6HaSI5FFQ4Y#FeYEoViPv!4!zUuinW)zP@g(^>z80ac;ntv~88!qs?ri
zUbDTu#e4CTCEQM2N<{&#)Rn#O&70fK`V|~Nt$<1nN!ufPZYM2eDnB(8{GFqHKQK&S
z{#4-g_khu4Z{t^(RIGOHC|uv$h4s*!Xc$KcF34s5N*@k~-dnNz6tsWc_M@wnbd5{`
zPVQr~_B5s*`g#?Tp9ZBm=dBr%lP~r;O$9{+0paS6oFKp<UAmy+6MPaLgsDcS3qOSz
zpGiyJBXNhx<{LAqXrFo)k6DOCRQa82N)i?x6#SZ1G<}z^27{X?z5uK6E{d9LS)#W2
zy5~n}cin62oQgBIBuy2Wk1p1J$JBV9$Z#ayL|3|Tk0JC60U_kxj`IlSY!ao|*woo$
zGuQ|7QB6O^p1pUh(PEOX`{}1TalY9-r=jJxew<@Tmp80R#S8F;^0E{P1hxS#on!U&
z6X!%!W4od`4<gEewDY;I-%3tZpnL4@3vh4c(|{$#>c>32zq!6g!oQA;xsSWrw?#NV
z<LV{fp6#1F7jK?F3&Z(yqZwpSd%BS5I#5Qu)bKl3L#*FST79w28-baZ03Bb*qUPs(
zf3Rcho(?Ez<$C#{``dCa4f{211O8_1mAvGXz=p<{)InhxLghNL7wi?sr=sDNbVh`O
zbEWPrB*)y->4$yPkKSAj#9DQxe1)8O%|&yMp%m!jZdB&RILHS9*z=WD_S_aqJ643B
zHQ_Ft#RgAIxO%#-1@bE;A-x%3fLYPKf%hnJz4d!1>T|}Fw9i-a@hB+V2JHhk9;`a+
zvHNY?tj<bL9_!D<v;ywYK0_<s_;~U1z(R6!o&|@f)t49TS{+B`kub4=gNKjPgkkCC
zKWCT*Rp0nVo(&b%b`@WVb|29fNi}e3sKCy<1|q|duoFfUBqT>v5JZ*StKtA=oG>jU
zu)_pR4Ty@a)h~(N!FzHezbT{FO|)#^m4w`<ioF%Yg<6?ud0KP~`;}KSICOh5a?Z($
zAu6{iAtTCudFLoTtv`?I;Gw-Jo_qJfy4W$;h&&$KJGp$^<Ws10v1t5KAvLm)#DVbS
zF77!S`gsPzau+CwA)>|cS4WOdb(Gb)o2c8LYx*OG{6^fX1%zXTDS0=9Z6@i9q51aW
zzn%bH)q-U1@6(QYU(Wn|hcDPSTzgf!(_^CK_=|NnrOKmM%#NZr3B1R{2ANBIR94$X
z8#v;K3_tMX$NvS}M4YUhC!bWwIVFR1xOn$z9E*6j2u|k^U-4`rYx7+9JymK*d|%{P
z*`?J(9it2y^ht3tw6Gr9P^%NnGCM{V1R?foMM~{=o7WSd_h}`Rcg;W7M_h2-IuO8N
zC2-SNsRmg6Mc7gIy1>XOOAjj0KL2i;x!l9XU|ks%^wD`e7Kf93$}N>3>^)407?C`^
zL2IhAsn<R`2k!oC59ogRrPKR74Ix@jAzUiv;cQslEkFb-izgr{Y74n%V+qewG3Dt8
zX}`4oVBW6YSIC7mO7B!~51rOJ@qKjtW=M)k$fKlVd<9CFrVTW=Q74jazo;O;r*DJr
zovPOR896fZhM)8PZvyYFKRwG#<!`G>!&7WBGq7YfHFT?{4+WqCBi)4S1#tOV)@dBA
zGd|i__jBiq%Isr+QR0urDPNq6Tza`$AT!O3{3yvOR_)?r)ECt?{DutrId=r-NY98-
zJW6zcv(B;o8Sk|zN+Y~K;=KWPZ@p!(A%|XczV}JqY3uWK?!z~bP)!zI&I<|`(y7Uf
zL$7-4eexKsGJ;}tT5^THbZ+nF@H(K%P8~TnyfSWGy%py%Y`awC6|p@q$ub_!VE}aH
z;$!K{y5L@B+7lQll_71uXX~ZvC9G<?tB6w}N}AL!xQW<koC;@Oriksbec6lfl7j33
zJ|&ule*2%gA+Dr-R)T>m#Bzn=ltpVIf7XLX$zBR-KYR5vYlIjEf7zPo9^v(vxrlEe
z6Q=pn@dhCL+M@4y@1cYR`nNVk<irNR4V(iM=x@=V`(oZT6Y2MPPV$svsz1ObhNasZ
zr-{C!K6mT!mqOPvY7x!39em6;;fau1z1UBBgCp0Nf_8WfdmKCWn>b~M;plsRuylr1
zF5t;~lX}IEFv{Xu;#0vrkkt=vDw=aE_B<Z?<~3h(ctM9qk)W_A0k1L?qXh={p29P_
z7QtdOyj*y(WGvk(CEm)|Ac09T|7u+Y!%T$N-fy2SZ&1E9nw*%+kbOcwq^h#)D~<bV
z9KOQuxAaMem!mleYB1zs@Mk_TM{X41>i2PwDiF|+(d%l=F}mCO`J3IkW|jO+6C5GW
z)0x$NKs@(1lbd`uK=9s6otU{%G*2Q>`b7$O@%t1m4BjMq%Rb%(4p`QOGjaERW6Pv3
zfaVK2yqOV+t%#4;9xF3_-gH_<CHFBuxh<i7-I(k)EntSi#Lep2i1hMUe{<9V71n`|
z!w~`Kmw=n}w$MHqk$DkR_!8R1Zs|Gn+1p7hK*l*2w48Hd0oVFoRf(k=(RxZ-abrkE
z&rS*>#Ew=RCVFq6DL$>UedlZ9v1Y`tY<G+#jgTotRJBzT^0$t<uYPu5Xd#M;Iu)4;
zX!;(_^o-86cs2eWILG})h85Jgb}b&l{b^or_s`AeA@B3((>lAIZ~MHoBS)XK(mn1J
zv~?X;R>9h<QzXE#Pr9Vp7;cp8TLtp%vmmD<);VS>>iWVJ(R`lfB{5qJxt>p*W8hI3
zbnC9~d<Woha27hdcd^nM8|hKSH>^~^Zfi!-xj>rWUo(l-Q-nmRFV!B8w;<}WJ^nM}
zTcLsPU+12~^0bY@ESzs-BuMj9$K6Q;J2Cat{~2`(fc>~R(t~ys_(0z?HwSf>4r!MP
z+oc1KoA*5hdnnToI{qMZ8yahFpL<Td^`x2*3rUcV1{Q2U@#teCdtrlkuhnNWK}F)}
z3h+6t)i}?AJN#r+)VjM$n*6hW;bCF`yPvC825&8?$0<4aoiE@C+B_qLhl2|68{hbH
zp;})lPvg^GQfG@n@{C%oM_ek3-l85?tnzU91o{akmdxuN*k^+o>ZPe&(Pof^1-`~4
zIj;`WS2&V-_?ped>1sHyGO5<Zyv9M=2q(lc_h8AZOD`Yv=cRaWKhbcG`U#K(4e$%;
zmLoQcWBU2c`VkoAJ(BO~Z;|^e&Q$T4q7Br~ee)_N`wo}`UM6~=o;Oc-2Fgn~Xu`So
z1&HlANQjp&&|&)KQ7%JQecxs<Z4C>-p~|LBm6SIRMC)<@-P!Djmw#YlYYLp6%znQf
z2TC86<~<S8m)!J;@XAo^=niE6wTYVW<%2J$cEO+&O;(mqB0{K9<-Kufu0yE}qKUl{
zDY$!~GV36RH`_PzE|gy`3>OQb?(1(&pR2v+eqWM!ch4U6n)9@cVz6maoRq}v(P2Jb
zBS?n?l`K8XsA`*KNj1M-eb7f>hq~-ht3e%_N@c=_@m!AB1Zv<LYumx=XzRRBkAS^c
z$X2=0l1DyEjjg&zdFOQAtXAYSnO=FSN!FTtIC7xa%i`+G8>jPNCwLHsSo0Iu*EBVd
z`QZJI!&lImN7^N-{LQ00C$8MLV2}5!P^!58ork`KDSd-5599i0ZW?G$<mkS)pY_c*
zDi81;B8(30v5e_`g+jh#8Ap-t<_eo@rD6@+?8|?t*5@!{DgUh<?9XlJwl9Ud?z#GH
z_XOZM%ip27jcVg%4R=JGehH-?prAG(;V|*J8L~&F$LTIUj(iXsemDAo^usB^e$ur2
z?hxS7&-5j4YOa^RzXV$ETcgD<6v?mL%si}zQk)!W7t8KYJ=~G>(-vQcOqOjv5o<h3
zO)sOIm+>8Q3jr6~N?C^+roX|I4W|h1XIZe(S09C3pY(SFv7cX4zXzJuthIbijs$)!
z-d7$~MrmsD`dL|^RO!gVBW#L1A$||^3Vo;i-(}#5@W}LC6@I)t-jVqmelwV@DOp|D
z8A7Cp0ov}XU<K+V4NPA*l-&_6hp~Ek3ZmL)n(&|gXqJhCg!>&pf#tqFVZ?1$C!V~}
zs*OjCbLUlz%4)uVcF$tY@r1P$D>`=P0$}RgX*9wi6$kY(d9T_y=_t+dCm&AjWf@v1
z1&1ypLszfzQ>ITj&D7_haBXY{zjL+;r;dn8M)|?K_bq0ivuW3c{K<FJdeNMAk|e)r
z!aI{woOV@T2H%l817k0LswJ^G9KJWUv(FhpRtY3DY|*BnOPPyr-C-CP`Lr1;3Lkb=
zlpwwgZSugE_k30>#Jr2q=NNBXxSaqtJkuxqq7wS|mFwar*0>3^#Ag8RS8rZ+S^z`m
z{`O6w8l9@Op;iyhoHb@laQg=D#qBCmDHJ_;Z#-pE#~~{W#|@)t+(vHGTlocX#r*h%
zaCMgp5HFWiW=xP=D#0heVV2{qaJ%6SdR|%R$A5DxJ^YY7r3p1X@1LJ#dsSYydCV`k
zY$b_YWJz=Co9P<2mdh_sGCSsllRiFI&0iR;U1Qgm@`{}&#pgn6P$q<i(;93)cG?TE
z`7^x4DN&Xz_}Ty(i5-o4YquG|br82Cm@-9b55C3Le5SZ^i;oOEWs`@Usi8-Djl-4O
zf&3yn<(2kRa!-?@$vM8dzUL)*pnwaA-^k##@tm`#agMvP3};Q>qahx3E58mQ-5b@r
z$vHS8IMy}|$E?8_`8$Zxh3#YJdLR#Q$ae1Oy?HKJ3!w=JgC-1O1Q@)C>Kx^<|0ocD
zZb)<BH!Z+YpqT24IHf8R^F3WV;%HLW_A*{yW|X`>%6v5~O6@I)gNuhHAH*b3f;0f_
z3$=dBygbhoPH5(6K*L;N{EX8-Yi}e0KKp&Y_)gL0%|&4dUp;pqWx|)9{D!)waSZLV
zqk6%;-+4B>WPzN$HzXyQwk+bpkt#96n7e^5`#%*}JcG&6!{`(%1V_Tc5!0s7NKMa6
z6VChe{u#<^$mJ9VbPk*8a?1tGbZ!cLs}SMyPjQgUuNTo`K}Ek4d!B6He&)f4Noqnz
z`K9SQ1yIRt`WT|GXo=hHq0sa7gMmG24zC-OJ2=#>!0m52cinm-Mf0B}0?qEDVe#X#
zcdO~5oIHE@5PD__<EyrFpMquQR=_hha#Ab^k)Nny;7!lv3p)^qx8GBH`T5(N&3e+<
z?kg0R2EPGN_(Fj;CXH+l;nYhCb7qqad!MLld;B;Fd9YUMy#|?q*t*m~UflQ21B5$Y
z^n}`V8k@-X%dTWJ*nSezo1f5psbyfg`F@ksntXl4zvDG{w6_M&kx>uvy!y3(SXJuA
ztbb?oj)p@Roq!h;1DC-`Yu@ec=N!rTgiV`ynT1v0d%$0NA8Zx$Lyvgea83i&+AE0r
zkQE?>l}bHI84oeb>BweRJ`(+&?y;9AFlS4$_{_?^XMq;*X3#tWStoMx&o4TU0%s7g
z&?wzz10#V0yNX4eXRdiKjeU+VTHm*k2EZA0eT$A#>8?Xuusgpo>)#}Vz6N2A=yH}X
zdYzg{uM00M6OjtGx-Su55U4Y*QgQCg0WtAmz(;IQA{88;v!vhLi?-^=OPYuMW#Oyq
z)_Jx~7I31nFe%SX731>ZJ~n%G(Dq|T793^w;C54c2^vq({czGdQyZUHQ^=4RzjBD1
zrf&E`;6?eWKX@Mp^sP({F^HVp0u92h6W^~rC16I^YM%zfIm+b!BkW3&EXh^il|al(
z5ODt^eN()@%(hzeqRpx*BNYtpA#hLKOW&t$LA!LXI9|U#*@;(0N7QQ(d{vLzmTEG{
z6oE~r5M1=G^Qm%r`@@#Ed|q`5Sz&NpHwlt8BfWNACi5cb!VBb96LS6!4iSG|P2)pt
z-yZI!WTOr4Vowe@_k4TDVGXGdmG_PlSM=t^956LLFT0PL;JL3;JdT+xk_)e1Y1Rhk
zokXA{`UcaPUDBL&%X#Uw(DUl4)Y;l|4B*^(^qi>51}~2Qh}AZJ=G{csZdYhz#2o+R
zk5(X&3-lA^5`gIVd^T$0915|MrpGcboUHMsp<*LOThit}0@C<6yV<fFz0tvW4D$32
z3w)xUzPcImDpJBHnmZ9=d?rO?lFce<;=z;K0)EMa4=G}9oDq3he-DaT)M>$oCzInE
zHb=$IC&C?@hacRcp$BC6(}4E!&&_hKYC6E9Te^h1y`N_6jVu3b5|eVE>`ubxNV%B9
zZ6nuVLXhEMU58d*b_W|^@Px)!=A6X@<JEdgZz*caSGbHX3*ljb$Qf5fr{0^Uq-{*4
zB^HnN=n27ZQd=1smszddfL`n&9{aSS=`iLa%KP5R0xZmEs$QeBNPdFBwCBizBaRPN
zuELpku=SmHXx>$VM<;IUxyQ-+!jj?zWDPI6cg6Mfjw+DA%pLVc^7;I6qz_0c9<Fb4
zlAWrGPfTI;%X*90>Qj*@57pVKTQ_}nAQsdiee%xTTkMbTA1gX;9DtAitR#V-f_ti{
z?6u!h{Xm-x-V1gW2eUsRZK+SQ;Kt`=c&Az~o(AY>qAQ&jKWQk0BiV;7yyy5QMYoxH
z=jI8yjdX-bZGmrIJFnTpj@v=T_Yi$Ma%p==PixtQ2rJk7?d=>s2>ohIPuVp|nu=4y
zD9ZxhnP=j@2+Qa^<0ZD|5=O*2-t;^tNYxpM`cdnxxpK~p^Uc-<o&#gDzJ1`HNbJ<t
zE@j6mKJVrOpdhD6xQiDa(9K&a@aXt<PKDV`A4fv(GoJ%&INmYsejQc6Yt{uJ!9K;G
zWC8SCwa0n)o9MNU-}t&=eL(d*<}nN3_ieiopCT)QLRP<L@21^+RPYqTX_TwY<Lh!b
zB}YHmfKoR{`xtuKqbM!~{7F0M5W@p94)x9g{9E;Qz~z)>P2-*+qO%3r3y%ffmN<1-
z&*Z#{d0%$_)g%J`-i!8zeeXVXKG{qKpHw@;{@T_FrZ#lDcNcs)7{9yuk%t%_QplE>
zsyPLye2QIf?xV5i8m;)n;dwN&(*cDzddKJVV`@71fq)SDjEFx&;{wQ5crj&}+nF~C
zR+VxzvseV9VTA%y7$13O3m_h&)NBXIAqj`jTrgjxAOhrvf|a@r*U2@$i_?7c$tG|d
z2ajJg)V`E=hrqec0UY4F4xoxQa~De)*f^zG?!H)l_~sMDY7nV_@HqGz=|A|XLHYqo
z=cCvMpbgomjop{{7^9YY=>42$MD`GVO3Amb>j0x<x#wJG?9j6E+y~O7iuKd&W~ook
z5AYElg&z6$EK`!_$wxq(E`Z1dNpAmU#~(@Rp4(kl-LxGw0G1yjlF<gpBZYiZk1pLn
z7YRrd9RB<|4fQcgB&k)%E%VH8M%8z!6!aTVVGdFVITv4@V-<GbSJ@5{%CJ~&Z@z#3
z({(MaLy%mg16_Mi3ga_itD^gmiQjvMvsyoMhz|3qk|x2mRA~yAZ=X%9jhM!FZAy16
zj4g0_kv}tCNIw2*!{+y;=<?;ot5@!xNYFMjmdLr6EZ&P4j}$Hw+WQT?tJ6c)-w;3F
zI>9-l5gwF%t>?>%#kE@sMlsfEC!-BsAb)aZUkqkDJ@CfHho`zcDiX}}Q<<UUJ6@Jf
zv0rM>`D_w<<D}8J>?eHkx%tx710XtKLrik-MLS~;W`(>ASvcg`lx)1+**dphlpj54
z&<#iZ=xW?=2K9CQ_zW-?`5IkaM4pzBHPN5ifaRHczl-F$l@WA#@MgC5E589=qJs?l
zXoiC_Cilx9_J>bif3TKMXSQ~t>(J0`t~pe`>3o9#F~nO;+}~^RUZzjCJCW|ZAiu<(
zat6Rulo$Fs2Z*NvBH80q0c>9UkifT+(NQw*!Ga+nl&W~!@~k*o%{PAWehr0vY{ot5
zp#;ebEGO@yEb}_2%)u9AKSy=*3a6<TJ-o-$P_ycq>Sy?ZF0TBjM<peCJw)o9xP8w$
zq~aybNYUGHJdW5+U^vqeFN-0wU+^6_#6SHP0{^_OZu65>c2eq<@?&B(aGHjtKGVgB
zeq;q6l)aw9v;xyQbwMO;AK-^iF00<D3+eRDoHKalqK`l1ww73Q-R82kz&(sT;|I3I
z6~p9nK!Tci;mQ2ie3HNN=SeZA&OS)jJ-sIQIM3<}`Qdi_hL#fU4PZgtNTys>AQW;z
zd+`t>xSl!4=-~Go&azUtd5>0w^Fv_qep}L6bKs*_*d{owz!xxYecv+u$Rl06av%dx
z_iTBspvp9!Z-vcp==<hqq^~{1WYSzG293gESfqCxMXwpig>#jmVohDAWh3O+eC@d{
zbcgQ|y@5vPde2eR*gaw)uW+Q}g?WGPpBLAs3oU~`JrB%yFH)RV(I^6soa0(oAbgOt
zk71~W<%<qCw{M0uA2d7Kx92@jo9=<bqh==`2;<A?U4|ji_Ndpw9=LUHzp^D+5(*dY
z?UY5XeDx{BO-=#_H<!Sid)2N8V|*i4imQUm@Qq&H6~a)84eG@m!A3#s)%^T?RLJ+!
zrg=S%5>~m6+#56B{nXGw<p{S+N^WzSUO}?y`#FLuoi>{}{VE?voW~+KAc^}irM`1T
zttZ4<<fEqT-ApgNAohHgYRBXNRfjPx!Lf=ZF5)f|;CtG(F*BlqbnKJzn<J<9e3!iK
z>KCq47V>xf3|Rayb4Ps3dBRyF-F^g7C*yIIarblTJmhz_CW@Bs*7OXXn8(KW!KFN4
zd*jm>n6fi{AA-A&e4`M58bFjO0(JfFde5UThH@7Dr8z2g!rlN0M#Tjx*o}?pW?WL}
zGGZ%u9C8OgWiInH`z{n7ww#9;yIJYJzNsUh8AF`<#F$_E4%e3?gkeNfJN0GsH-x2R
zU}bZG&d|zzoJJE)kQ357I{i2npXIyy%3C7mz&ku4ha+)d2@NPvLrIrp;iS(y4(37O
zIFs-~=jx$21s3ueTC8QM=M9abg3x>L?x2MeRmzr&nc!tZ+8f7<^-z}t-C*%d`b1?&
zg9hx<mFvs~YmfF<?<ddhW(g6|cYPOgj;&y+WX^^Oe?mb<kr$u__Wj%QH=j6vUR=xG
zafC<`7lUDVEe+9mgg;ZE2as`&!yfUwp9!;Dy$lE#rq6+^@^KKOO1SdPB_n|kI&<HK
zqDSO1`7Dv_*#tRi35TKR+Bas-r>I^aZieThBa+Cf<87%x_Nfn5El_R>zk(DQu@8Nd
z%t(TC&bj9_g;j?r$s;uEskQ-wWt6$MY5gGD0;;OmM=}sV3cXX87+WV`FWxSCEEe`v
z$0qg@JOWrsFLMXk81|G)j+}@G!U;c<veJgigOLaFP?ZeAF4L!cSC4EFflRDipy+VX
z7&0r9G{|}#7JH9Id2)&BH$fa&@*u2i)1|Lz@Fr+Q+MV-o99q6-_~#Y&S^wN9*=+#)
zI7|3W$E$a6U3W;X_oQH6i6*ym{KO50;HvZB&ZmJ!NRcSrCod4h5t@sMQYSRl*&~#!
zY0h^$I*sEd`pBW?NxK*T;Pox8-b0_)UAM^LS2^=i$~jj7b@Zq`t~p(L0&>Rzm0(WY
zn^i0@+{_u({t5XP@WdX6JPBdvGsGgn09{!+J@&AjjW2K?)5rJDH`sQ%y!0VaW8gHh
zL-~CTm4jfZoeB%rW-~*m%RnhSUpC3ebVpFU0+6U@heni7IEC!(%<)Yd%K*pn`QGM4
z3=<7BGrcx^CWeU2Ck^8RF`vbe$3iMOV@XRJ&(%3qU{oT<EtT=%$y}3Yr1k4=a_P4U
zLUBHWW(8+FQ<0B(xB`1^q%Ke+UiRhB>aE7Bl1@A(!RNg_x*UagvhBOl<CBrL$Ih!7
z7y>bJEfG3y>^I>wKo9<>N6zs;y9>xDdJylcw9z_S=j$S;E_+F)sonLXkvha-fMYhR
zu|QiTdVNm9jZcgMw^KRFUJKK!_H887xk`l;h}VH$)b?^&eqQ9)#7<R7#Hfzlj=RjZ
zydO3#rBxR2dDMYjx@bNt2-^pQdtNYP((6R9#g$?Ncld!Pu;RiOO3HTXTIqGvORElw
z-wl7LP?Te@pWFDthmRi6C8dmEw;P+ErDxaYTEC}_CK#@uq!sTb7&A4=eI(vv=AmS4
z)qAe*oJTkRZWVuCVJq5M48zpH;Zgi11+qh0c5XziMjb9Su8Y=f{w+qy2%H{W(Q++J
z!=_gS9o!CjUMp(|f)hbC$Ifs{V5sLTdg9U3s-g&uU@#MSuXmCTt}~`a+Bcpj4&$W3
z*atgaYs<a3P@(ilt7Kt(Vs42k4^m!nV}lWQ+!F2_ENJJK)4tJIz*ku+5g4zvckMZ!
zJiwt$6eTZu80}mJ*frhP9l#>jy-$(t>rtu~^E;P3-qhrtmjx=UWnnFb9|RI1(W1f>
z4J|md6j_!fdp=jn2X?e>7zI^O-9Wj85|dbM3CYN}URdL+oU6V9{b^0dYY;ppu-0%k
zQ@r+{0vrZ<69v@-tywSIYw+;?+Z%lIN*}8DbmjTZcU1#&vdC_zjaahj=Ap|?7ZolW
z8Q#jiV9DMO;lV)p9WNrgdG(C(Ae8#mt<T0DNZ9T?Q14I*!spcs0!1Re2B!}Cec|pp
zG=6RGJ(v5TMy}XVe~HdA;ys~?2ema1okmKS?oJkulb_3-s@{_08r&oBdH0ZdO++8D
zhnEk($Jh~h#F}p0>xw&Zj*m`lS@#vfSIb_n+8q=sUj_i1{v@&a^F?dv0eD#b!JEQ}
zY_ZjQ_^jPB`)G55HoUA5&3?oH=9@g0AQutS!fVN-U<R4~O#o}X3L}L|Y&Z;JeXJx(
z<g*^^$nrhBEH(^)0$0{wKWPKf1Fb&yg&F2!8;|{anOs<}ssbl>LT`a4uep7jU|pH>
zyta<pKG^ucoNSbG$Emr>+daG2UOLfn!+RV1>JgNM*<^AGLWry6D;JSLw&PHna~-sY
z->l}kNZQSxg~aU+I1Xp(J8qPFPp-1&tdcrs6-8BeexjUZYI#46*4wLu4FXVCv9F)A
z=L)wy26W?mU*`xRKXD^tf6!b+dF!D8irY=erxcJVYLu%wxo8bM!T`29MH-20Wr$Y3
zRl%^)n+Ltm>&|94cjs6gl~3V4Z}i7AbB}%Y--P~xEjjFt*&(`lIRjbeH{TSbc2b0r
zz7IDKKb39JzTZM|D{!T5dUSEip38p<a0LB%nJxOoM?`PULAi|R4-wtCF}aw?M4QF;
z9ZbCD$0n!r$Yd}Z;o4(cd8~mSOBA+6?uLB@OEzWBqhbsFNU6)@Ufx$3%g}D1PgXPm
z3)A_kQW}bvIvlv)1Oixm7JX7bzZcHO{)4{<qiWTL$@(^ZvI4mE`}!#7@=yT;wi(r3
zzR1O7)=9Iwez@?~BRg2Hru@cCV?I;E(>afV^0lsqDWt9mZ{BKej+)B%GCo=6duwmQ
z47^|;4SOLXVHaxOZ~lt<_tC}yPL2=7J$e*(drll^dQ4<t;uT2O(7PjLLoXs>S$Zim
z>E+x~T5m`_9OH&3&oSJa`$49$62$tawrhUc*KxV59tv~!4Y2bWTg9jQ;4$a12(W+%
ziTen|E+AY*@WX4#kxe%rU;>W`$~G{$7^*;&B{Ff8z7?ew4W<_L9dNaC@Dr8cGEUl8
z5}6-jB&0ksTS;pB*a}mZC&95P?i4a)io5S9aZ1b&4US%;3-&0dmbxF$y!zRH$eweS
zue`=}Coxm$G2j>J?j0#L_a3FPTMGazWFGi^o-w=U93J^>vHINV%irZ5Ko1NMXmLc+
zJ4hip#_$amHwQf+&-%Kr5%cYfSoG)v#Upc@?;mnA;N4cLc|m;YK~*`rC8x8y80XU)
zN6mZEq8=LijquFz!-L&W_XN|%p&${+)V?N*H%w%tef@<=*F8w#@W@`o=Zvb&E1KEl
z6S(i^MzSB+qtGUw(4E!1etOpA5N|3<UOTz-3E9o}hYj14ZouLeyYfR&FT#gkGiWHz
zgaJE%6(f7h#;Dn+w_a^ozqFW2l13!)km{v4_c3sC7wnfyY*!yCD(S$!oi-u#aNyPZ
zO@fUo@OX}xXpek`p*!!#`$Lzj3s*kIc-Far!jc|A%1_<BuAMq$1MTH_1E<jk;@As(
zC{t?UviCkLIv#c7$V~ed7-`$~Zjs`gra=PrhyN80UL>Ojl)4kTHwgRGbVEqeh74mu
z!6W<)c!c(Zh||Mj4_XI!e4^H&X$jv-g;`41gV4!*rY{BK(R)^{usES-{%jZg_q8^)
z9$|M9?j;ynH%Wc(>MrpI={0>YOKqd&3cF^gpKk;TUV3_fpE~&%qz&F>^x}s{2eR)&
z_g8ZqL9V+`%<Y3Yi8u1|Qzq|iG&0|5!+yn-<A7V+gD~N1tS)knh1xC5VnaTPGgOn0
z*L1yJccN)(mLGFX{|Z*6DTQh$Oien#0M=Q70+{H25c*|P5pn~d^Q__Iq1R><ZU`7c
z7pK9-!OxK5yY`HigXa#qtCeTNW$$%XowY+amRHmkrbOV8+jFMM^}g7X0~p_xls+K&
zxGq0hev6Ku9GX|=P|oz>{w6_kBu&MSoD}*Q(!=SUZ{p@m0DKz|`@tgBe>RN0k4P@`
zV<uN?Oi}8V3#jSDyi<)U=Tu+ht-Ppb<5)o^PinX6Fck{GOR9m_5Ja`aK)8Y!4(e;;
zf)Ak7k$KEYj|ZODu;5#%IuBf2*rM<2bM;~R))VeF!(RMm^~h$*u7+teW#J+Vi^5Iw
zt=DAnGqaubF<G&DUcQ`LIlOX}T~%wZZAz!x*oAI()Dx$-MeEcpaw^&l!=DlZGr@+0
zE(yf1^-K777gg9imu1t%b?$kj!U9FXTt<fOAZ5$=;49w`8lg$vJ#Buw@iDMGAk%h{
zLhD5rI5VnOQmPi;0=(zwiR&O{J?d>|x|oYG>NVId?XT^0+zSZ@@FI7%#-5jiml!_=
zJPB>tDV}iZ@g%s%v^VPnDu3USD?7e>Iwj*QlljC(&%Wwi=lUXIvVvZ}a@wW%g3)%>
z9@*<?;s^OA+S%H{tA)&_@?ei_I9|eI6nB_pEgy0+m%gp+^CCU4l;udexhxGRvtF%>
z15uk8*Y3zs`IJ!e42j%#lsE3Q3PTg&HzkFyUb(4{5gYI+QCRijIcHvJ^%cD2WU{fz
za*-$lnpYR?w$y&2-Ge|6+WXpT?Z$|;4cmEW)E*!7hmVC_YLDTAEcH1hp7PIyPW!&o
z@}f*&%5Tr#_eJ=QYdZ5@`}|#-;=If{pA&B)*6nXcmuh^hZowx`r|#(f$j=;egB`mu
z2DD<O_a&&3ojr8UpZ*Xbe_n9Eo^$-{RzQ7e(VzTFeoij3q!jQ%z52Ak+}1cn_Mt9x
zxhmK+VMnh9^y~O@ao7c6_!OG)DJY-^8+x>SMFt=}xr>cIv$B3n7vw}YhN1~zUz{L`
z%*P6lZ6HmHvJ5VV^F<n>n8$glNJgD<U5>${W$@rUwI}Sg2kq)seyR{9t1_QHq1=?#
z8?Q-!cE(0fN4p-aCuTFUdvvqGBNMV=2wti8TFAQyx*qwc>SNW{P786U-<!g8``i?`
z!S6Wr^LpSR`Hb2==WejtQ!w}O@%%md=3b8!JM^gbUfH?(X|K(O_$)pWqwu(<+=@7q
z9R}iaLCpZ}HP(yA@@uL8Y8lNJmjc2Y&u?DA<zZaS;=@C@(qu<xYh7Pkn0Hh;ZgbTh
zW?fT%#gwkUq!F8M<L4FyFHyPbdkeLf7W^gQxQUB@_R`2bRiE;)9gcl;?xSa`cI2*U
zpA;y<=<j;FUl>v9#Cu=_pwX5vP1Q^}0++~cT)qsa!icV~9yO1xL%Rq}9Gpg>aKdf|
zBJ`o2#kTJo!|LU8KOrs$prWL2M0EN=hdLZ4H^e2(gSU0gWjwd94xLF`3P1eeRbH-U
zjh=~YgvYL@GLP<I$8&hu@Y`oOuXx5Kbu|-AHqBMY%elTNxCD6fuC#eT>-hx7m>*HR
z#vtb>1ohbdiwU&+tgv1|n>quZWL+j2iG5N?ofYSZjR)Pm6<FOyy-Vw(_xSdb_w|6_
zYxqg2f#+J*Cj-Jj1K;c+yV6M(1J6%vi20SOmU2nQ$3mtj<}mx?9d2THZ;}#LXKXZl
z;#mN%bg;nIwf>Zvd7)nQz^b14iQYNAKPLk(P;$)=*I`xFDIvtzyN@hg%beMPW1J#c
z7cgHUlcUG5-ljXE3$Hl&L~;1cRUe=(+rEKjhoC=;RF-5+1Lftjbmdse2piQ|^~US<
znItzAi`Sf*J(u)Qk*DfWoxGEDZ_tHUzAO4!`J2yu?NfwbJw-k{OAfj6p{BU6;`1iz
zr!H#`vEZ#o#;(hO<F_KcaT&2SFJcUS>X2t1mg6ACX6XNziPAr>x&!KX>Noo=MDc@`
z<2bE1A7h5lQ}%tiF<xhxDc3MlfV&0-R_Q|)iu|e*KcaHS`6PJ?e1^F|fJxQ&O5mQc
zj>pl4L*$4kRDfTP!xRya=jKt1Pr`e*S4qt*J1*Xyb%@&;<9)kWFsowXqJ3XNE%IU0
zLO<0HyyWKxtqh4yrKrIK*uYonVffbI)M~yLzK?<Fn}>=wPb!PVl~4cKf&eV~)g!^W
z3oxfpQ!fV^GSNfbz3uR2y}n<~fyKMcz@zNN`n})obH%#j<b7T1Tqb-BGm(}9dFmLV
zB;LK!sBPQ9A$&>b%;tT^RB%3#;nQ%g?jvYPX|{~k7If6b{og|3t$T6w@!)&xb<&o+
zeFE-r`tFxhFZlxXd6|RGnK3!JKzV!sA~6TAnJgdUq8u&Zz#9eEzikKjEbb@x@~8Kj
zm6dv0r*TC-zvjozu2z_NygHJNsre8a(4z!l%EO;5mqX}K6WU(OT_}sfd(8FI)uENK
zpYz+<CjCwx06HClSdZgOCC)?@=!*q>@b%o~Pwb}-;v6QMKFDO7WB$1C@j^!DPic4@
z##x*!+3CX7UZ3-Lj;-OshOxA`eC`WCB${wvO2r|6#g-u+%B6hhA0z0<q|UdYMfe%e
zd~WgOl<)2HZ~)7|9paR$2uHq8mHzWMN*unQ&bjBrVrB>*k`fer^-GpPxjsd3PD-aN
ziTf=P%3}uxODRj$HLk|O+WPv&>%t!mb8ULB9oY@*q7O3nA>xn6oJIatuJS{08M_a?
zg;vvMC7cKg9#`!08c#ax=iFERw%%V`?|6NX`oib>D%#hWZ}{HFbFaTj<f7GRpHs!M
zTC1X8CN@&N1KgkqGrUug$6lDcepB<_-!QtwMFI_q7AcsAP5KNBJm7%Fq<CL0-=@4o
zpBug>wx7qGkH|W1CRE=OIffb}t~cDiaS<GP$L#C{bk~Z$1=5o*_TO_3?ty%;t#hv8
z$r-d0Oh}!mEYuc&cm2WO6QSq8=TdUMk0m|}{fWSv(>bCeWzOU2(c9hRtDob}CrEt;
zBTs@fqy619{=D=)p}}m8CLFLQ^W}~RAopvDqb__y)>|P2YR50sc+U~OpL88z#c)qt
z^&8pCG5nGc?{R_nME6!2+}?>%F<Mo85-_@OJ#Q+V5;^e7b7Wpx#kFGjtiwzeJA!bR
zM?x8t%<oKKX4=sg@qCGvY~pr(R&io12?Ywu>FNCrkun$IJTTeO4`FPtrP6!SR8vf%
zO+K66UG0O468CirFCkL_jE9t89>OEncTQfh2l-Ce#*KI<u#e{2qr$QNh|?Vxf$w6I
z&ecxOK6eg2(iPHP@TlfYwp}tU1~Ui)x`I#w>o!Ki5BC|duiInJCm)vFQ#E1{S<`oA
zaLLYm!k<J7p#S_lrHG${*S0VpH*4@uO3!+|Ib{*8<q<D;{kHK^d4v7zgO4`Q)H{qB
zcb5p4TZRrpC;2dym0KLyA#-_f+zIXMrF%c;P0!o40th$7RDr~?)_S!~&gTmPQ3PF%
zdZ1!ep(I}l<V#Q$?N=1oAUa)|l;?gs!ISwSyr=VAV5scPLS4HjhoVyxH4wxIu<X*2
z^BMET4A^6|F4o#qw)|bTC^B??erO9Z;pLFd=LkR&N6Cfu-8#ZV$#}3#{jAF)(+~vT
zr+d|_Zq6z~pHWK>`B&ud{SW1*qgNqjTrE?^w#qE+@W_SDkQW~FILifvL5B^Bg&#4g
z(y%<MDv^b>GzWlgSf6hi%6#zLVap8taQPghZ}S`s;gg-{<yWkvv&AX`_zbUbP6pAL
zmIq>dw?{B!IzdRi-ob2(7-8oDz?0TTBr}QHc+Ls55w8~3na5)+QGp*j@7>LBP4Z!u
z)3`uhN`3Y`G7=ZjuG`_q4JZuCZsGTp^qd9+cid4`VuUXGNdZ#nNgadUX1{00j6Q80
z4i4s0cvy|<IuIOtee8_pXGO$#lN(+p>+wEder{V2Pk5eJSe$lN9vIM>eJ8wL@T%h2
zb>|8^C(MLSwc(Z$9{9Opi3(~TeR(1hg&rys>J?S3LhS6S&Nik;Ps6=6<6H3hl3#}M
zOJYa92@}r4C~=1EQN3_%I(V+09Gmk3kmFC8@vuLyzwNvhrZ1v7&owU$I6OIb#l<A+
z&^?9$PW0-9NncoKfnt3DbBU>6(!NKc5twTL!VmpO=L4h4pC#{tD43Y`Z3=D2Q$SlP
zf>#;A%|#mo3Sl()g_@P0e7v+g?u<+DjlLLTv9m9R&gbKJ?BOt=<ceTj&Kr+-_~3lY
zZiVELLPOtrDV>f!!B}uBt4kgLojihsEU0`bOY2r2!OQG@nhV@slSqksj!TR3qIQ0(
zND4L`77_<pck6Rqq%H#AB0jw`CGkSskLX@gLdHDij(q*Jwi16++28(V&clHBG2(9n
z9fjdHz`ZuFQV~hIN}e1DjygEJ#=hk#xXdQ-DnR<yzZwTsEy3o-&&87F*xYl`vJPjG
z8d(Gx%Ex^@wW9(@gydBS5RkUpDgk7cB|OsC+O8cSA%M@VI147_eA`@u%>grVLkd~(
z0V3QGyK?7xvl5}n=bHl(&|Ts7U?3e~>xip?Mc<65QJha5H(!nbl_Yoyv#?jqWvLK{
z9=!88BrRzACsCY<kI)@}z8~FQx^^Y)D_}^Un#+5sn<Rs(zwu)PmQJ(YIG@BffIl2Y
zYxn@q>rYqjMUF$P57Hi_npyNK^r-Xf*=5x{i|U8kRAPWX;-mE-&P}f+$@Mt(-fhU~
z<>@25n^(?#oQ7ZhoJE;M+?;rz?fT+9=%4j<3i%1r<y+PJIBDj|Ls550cODI~Hp7~`
zUy12_Kn~ZKAK9f)J#>qzOc*`(lM3k$M#FE{GMhp^oA~C=+f-srR#^5p2K2cPluOZS
zo*PStmn-N7o_GNT>uw+IRTd2W+$kb+9>g$wFHrF~lIB3;QEvpTdKfObPZwO7E;Q`#
zLu4<1JZA@9mpS0njT8G(4Ua1FI}mu!IhPVVeDS+S#^yRsaP2{fOLn&RBtL{|#p(zq
zNUcNJpI@lzIp}GmoJNmDzG|j%?ou!_9iaZr4GK`s=*1&Z-zy-&+@M)NQ?6lGGKp!(
zx)~#JQvrC-h>_<j1lMYOAH76)<+RLlwsxayBBmv)@Eowa<ZD||FJ{ej6MCsO^G^|w
z@INoYfA)+N_ANgYhgTW07#BBv@^!|*roPHo*$YjuNGQK6+567;_+&tAFYqBEWx#|p
zO7l5s$)|;PsMM9K3~=L>lEn4TJ2!{KIa9m!Ok#w6NVND>^hoX$2s+KPo%Z#lVI=T?
zLD6^eh-9yTzlx)L&dES@>pHVL$<fjv@u++&M)lED)T-@tA`y_Sf(|IY=+KylNGeds
ze`O*zl#jhXF(Ml`3wBO*pCI|aq7GwZy^1O34h>zq2d3S`m+yg{7X@4NI>ucXkMsGH
zIJ%8&T`_Yln@2!G@!TNoy+Hj5kJbY$YP6`J)q*YisY!BvdqUGIvE(v^C-9Mk+WGc&
z{<+FWXSXgWoxtjIL#%IKQ>D|5b-#t`n^!o_Lt19-SejKCpDQa7%sMy@>SqI#D+dNo
zkv|~xDq~10HK~+Xng%ytfrld^zLj=TL{0eiWw;F7AJcPhu3Q}0+t>NyY#k3|zpAUC
zi!(>=7%Oh7yojuxx`*>2io8^CiZxzqkQM4+$F4cdebvhAj`O|t;vA{Dtqvn8-~=+1
zIh>9y!xQ8aSAh7=qzRQ>vkP7q-`f(zX((<1uzEk-XG}{?$|z_372u3}TP)^y<ydP-
zJq%b~?<LbqCX<#&`;ZS1r`3!IPZQj03v{bU=_2H#7wAEj!|E%}lAXMfC$U!D4ME)E
z%cIPBFUj`kvPbIwWt`sMc`wLa!@7KdABH2ng0EEEm)=~as~O|oS6fcM*ZN&D=Ib7A
zuNXbdZzToktzdMV9;^@@^H)IqoXIs%RdmSSt~~FAc(V1i%~?PClE$mrFNSEMTy*6=
z9Hbs!ec|vEc4^EKV`>g0A~w>?o%>D15uFW;NzO*8Z*tMH5|Zasx-4x<L`;d0`Gd%3
zN!m2^yFOC}-AlzHuP(|bey04Gt{cEH=g3aj7rE@^6m$E%=G@7ip;gM%o1j-oA|TF*
z&lI^TA~`RYEq!MP8cRr^3OTS~yp{QzV+Plf$QkY=biX(098-gBCV9WtUVJ3;ZmNBP
zLO)Gwexy6@_^973;_sM%mH%uV@#mGeCZH4Kl6yS3?evmpZV7n(M!Q<x|73AM6CTd3
z<?}f#jKQ}YQ=+GidqbWF=r`{oCv@lM_i3mj3E<}vh2tua^`VvlmKmHq$7#QfDf0~E
zD;>=EnN^+hySHaKb0lq2!CM~(VG2sHBaIeHpNqOW?-AigYZCpQP(&6&!AC}e5cj^i
zM0mE$A5}0SUbo5g&#wP7c+v0(ojOP+Q>S=V=pr-V0qZFibqXKpj<maB<2O`kUJvD0
zr0}eNzWy<L*YBy+h1XH{ag6~zk2Q-onCf2b;yzas<G2DBph>%(PuMEJr!Fv>;-}bR
zE^_pqBsbd0OR0RSC{{?mS)C0txO5&o`6utFJoWH6Ru$`ff{d1~v3>0!O$#*ep6wNa
zzVQ+*1YvK%$yqThx-xde+qJL5biKlg%8UpV<L4fVU9?&GKJbs`a!b5c#LXjf&t&+p
z-~}OchSO5JI{LttsAMU_0MzRGC1rgeRz-pBD$MI-LAkc4z1IUJVRiZ8za0$f7Dd~k
zsD5>Cxcd<ZEEqE+^c2dM4-W!>wcc+=lhesw&(KL2gX??00V{Ukd2j%h9&thd%d;L<
zOABxgmeM43dq-n8DY(R^FMyBRw`h}2MI6<2DtmDP4r?h4a(i3>Ext`Vv&Uy1SAT?m
zt{4>QUeHhIK0<H_Z?;14p3r^3#l>qaGfsG&hsIYfq1r{3xp?$4tUkVY+aE+{k8elG
zE4~|~7`7wv>ita9*42IOOseRZP8-5aJf3vVW|Y%w=9^S_UW2(@Ij;l+x^7;7KoB?l
zI`(UqDoBGAtHQdVGM=l084~gkJsfF2anN)<@8!G?LlXD}?~;SE7eKk~SnMjQ0MVo7
zx@8xkR(kH~qajcy9|yynQ&L$jO0KUaq8;QGCn#%~Bk(u}z`Zi_s+uVK=E*Fbxun#|
znA`r^%5;X<BxTvv7ZA(oV3;>`(F03ZrR=ia??d6ax4=#4Rk+J_H#(w*z8R1ayH0x@
z0w{Nm%-ur`sCQq*nog+zc;!ao%8Bh0aTi4r384<fZBiz{hwB>k8qcwZbpL1`2jI`k
z@n4p6X#~+dLWH1Kl!|X2IOKauM@`1naX#Dp@L+SP&K?Ps(~p+5Lw-tG&BFU}!R>6k
z<R~lfK-w(Rc@6c_<sE0ZmkjQ@io>VnV&+xTxq_I2CHfe^)GN}Qc_QX$=j-i{;8Rp=
z?xSGIV(L+GF~zLTXR{;QYjQ0i^}BL&EJ_juz*=~uAI>LM_`(!#w7AUG^GRS^T&<}*
zq57#Uv^trBV}%>5kL5JZ223>s<oKuDar-6~FGPmL_1^oF#DCT3cGb(zE@9j6LVnJM
z3rzP>mt<AE#euk}()<d}9x1nm3~lOf)Co*HA~O4hH&`_<5~UjP_Atv18yjM2<oA*5
z{Ih+q<6YA^)0jAA3<48MC#ml6x24d6IuC51=IPH6hLBs?sY2d^7NpJq(w=XCvRKf{
z0p`&4Y?nBCN$1ft{H9FwNCU@tSo*Pb7&4TpbjW;NScV4E0=;oQ<2Bp<)V9y(_>x_x
z+CN9vJGyXoK4E2HH*?&h*RFMK10z!zw3420+UQ#+Cgt*%$U#?`iM#RMl0zf6?sYtf
zsl2lp%edP`uMPMELK!1iL*Dm}oFn>u`j>oMtRL&>Mw5#3$SDRpoCq{+!*lNY-IRzW
zAuy->O0R!gl>I;U&K&i(B)Ru~t)l4_#GDb&iz#{V;5lsySwf!B4tnn*&qb<6{ONLJ
z2qd$Ls^7imoEW~J%ot?Cnu%e3)8#Y{dAQ9}W3%aSsl}fn7BD5L9&v@~Zv<4yf$TGv
z4j-COCpz&0GL7T6Xy?!;HxO<D-nr0ObH>HPz<|r2xjor^zcOcQ^C`J=1scWp>9nD+
z9!#w{jf=P$cIt(1O3vq|9pItvFXgD}MWTE1emyS9#Vx$glzATNZ#WQg<B{Pr6}Q@-
zl1J|*cpiVu@@1?SsI362AT_Bk$klp$HgReXtzHjd@?E!lzWy-VwBrukePHUQ1DoF=
z^j<r?I5t8M+So4s+&_iMIP5NqxVRh@RIV2YLt2Dt_Vl&0UJ*}Ts}FbM87;VTQZ4}l
z$u`BeUmi*&E(Ke+HHKw5Z+nZn4*4<;Z(pqk8%0voZBI)oW>k+>_06CLTEhbGJj<E6
zbGStzAo}J0DIx04hl19cFBl`Fu@oL=`Z<04cunq{-)OveE+PzfYa32}t^dPtrR)){
zI9cA^BWf33;#6F$YJHKTwEJw^4Tfkub+z`+oVH5aFz@@+0u@V*_6<5&F1G9`@MsjD
zB>KiAI09N8)oT&+kkJet_v_|d3c9<u4lBXgy6;b~!Q(9V)J<5lF2cx>yh@UVoBY@!
z(@a=bhvR%3;q2>g+^SxtCV`5_qQh`{9cbIBu_dap_IW3~Oxl#zc6o<a>&Qc6;RB%u
zPOIr6j3+^P6NveJDpYP?#uAd~ahl#$Z%E3k>_vg;XPE=$@WH@@BQB}K_hDK4MeTjW
zug?+Qx6;L18e>NwUXTUr^n@mO4Djt(UL9cCpsa7=#QtGFhn%43Gw?Fpxv}+-Vl%j^
zPmyZ-lEgke&!neMKCx`wzMF-Q%0&sTjF27_>CudIh2%pu0P`rDqvbftiH&1*6x_Z;
z5I+7$|JQWsatu3!U!!*3t9652MR}uK6YsfwG=X9vMl=wn>19%o!ByNoKzrih6P6)?
zhSlZymKDK04<RKRszPoA32(Ls0-(<OHN&r6=A7}T>sr1u$4g?^0^S%E$LCvO_M95E
zq2W|~)9q69f@nTVS0T^7ih_WwUj-fcwjEM1GW)hurj>8ya5)a!IZ)7p!oU?|GNf~N
zQHst9U!oGrb8_x;(aF2@RVUxC3y?BLU|-fcdmKDv#jfz8KW;(qeL2j)2q@sa=Y_qH
z=e}=ok7}HAy%2WW)HACIioRtc^Z4xWQhsHm(%andB;F$mdL($9*wr6k<fIsk!6bcq
zGwaM$+8M;Ngx{%S^$Wm#^f2pJBOoR`Hqo&i=i5qm4K=cbT~1V+%BciVr6Z5zuH<GW
z?S+}M-6dI5v~aSN?E*S0TH$nESfu-0`NmT><tllf5I|{crGdJ*i>s9HzkJH$yEVO7
z$M<-A;|=Icy2e40Ty8&c)|?61zcU;Uuy5oBJ+(0i)E`@(e8CZz=hXeWpd);El<Gw$
z7m2}d?(Ocm50((``@&em@${k0y^*jswJaz5*<P_R&Y<2nPbX>Jr8a#pj9b1HBQXyH
z_ipRcMn5JH{PDs(&yLHH=x(+8O5#!vVho)aK`PI9UTxzD7wo)@6YED_z|SL=_O)vW
z8C#3VZQLd1>{e<F=RmQbdbIR{&PxLqvjS<G*XKpb;fq6z`rgWUY3h++4zEXAy5D7n
zeCnu|?9{#AxM7BXK6k$8q=w(DmN~lVj(h06A-Gr7fkyY9#FRZRmiB$B4Q;N<V7<t^
z#%C=|Di-b?)G`dKnKMNP-b;Gaj^fJVE8)l`Td{*gU(5NXXpTP2rkHCu+HiT#S-jI<
z|1!IC8f<h`yvG1&x=iyG{F{b5UkhkE=NnOX4No=mMZ>WNsX|J-NNZm!Ib<s_F7)R~
zwM0BVcS2eLBoQ!g+_8o~zB-q0P|8cQX-;V&G43}ww!d}h@^zrl4H&nfX$IW8`8`1c
zKifCA>1`xomJ6+w$Btamp1N$eo&aB;=L%Twvp5kBx~d1KlHEAU8f=-(<31kX$E~hr
zFw5>@%0#hPhU(!6o;n?U@@TIG&HZ*e8iRA4<8I1f3h1Km{mIO%6R;L=S_@m8ek6mf
zEn6f5^HO;ig6g-->wUG+_L6<dP_|SkslQ2EzAWaa(6eZsUP>qPb8dXohqvpAZ1xlT
zXiv&=B1GLTA~=5H<LR;X-top;4c}cF9hAL?Xr19bGxrh?;<H5wi+OS?W8<q})qMOO
zJoK$Nm6U`kqVSVR{Y|j8Z<85wyTKD^El=&Ko;nqT?|qyy#Kk#x8TyLKZe557XwC21
zm=lj=&_ek*`d7aML56hXUWls-_y|Ou<Z%i!2w9Dc?{zj^nf>;0zCZFdJZC9a-(6mc
zrhS&LKxTQ0Whh~FN7&b1W}5rtrPUL^p;Zw#fJJWWUM)hfc-mp(y2jTe!+Eb%$?>Z*
z>0lH~Y<cH}v}L_wAXann0cC(1wKJdQxWit4_4Lk2VEFx>EfksIwhYt@F8G+T>M-hV
z*;y$Zwa?P;Q^haao|k>>!7~TGTzM3w_-6H>u~T<T>^FJ-e9|NvuG^#6zA@+G^w4>s
zc%E2X+_-t`%r@Lmx-}wd9eZxSXYC6q)*IikV3fKiA2@<PrV#q^>O3EY!Swq{Or}_;
zEQMt%{nk;Fwjcgx6oI-yI%{t48rfHdlX8S2zM^a|&ie#r;#XzKuu~q#8T-X;c$`gq
z8w&MV2#o8k1I^IF*v7t?q@~z-alZRwg*w-xZZTYqZ(i!%zL&>1vRX*B*v)T?&N!}|
zEu<{@%8&c7&eg$be7<^m-}iO4r!#stvY+w-V7u&g?!x$!yO&SR%U#|?U~SZLg!w3h
zAh@5?hs&QZ7rP6(`SSkGueB>Dj2<3D!l=rm-}CL6`BvONBzYe=6Svw6MUU~a9Y*uU
z!aDfSdE&c&n<-*1FpzN9?VMmaO~N+!GW9ulzhg%AlOpNVIy_GX19v8!HEX~34-0pF
zk6J<OqMevqp${}#OSQXG1fRegb)vxcSAxV;zjDln1QXmMInS8WxBmAQK0SHuTXi<y
z1WB=|w5;HaX}7(s;a7P<<ZgyDeDl)?oe~deGu2h4xV<3u9Y9bceS>dAh4(uxH5pf3
zoafoR`4Dx?7Gvp@U5z5%cxjpfh3N#Noz(S=5_wRyU6~57WN6t;d95t_mi4z-!S&lG
ztMIrAFD!U23)f4ST_lKz*F)-#)LN2F_1R&iIe0{VRfZ^DlqaS)HHV1{j3;>2a-WRD
zao?|PmgId;lNVu6N%eX<z_sW)ZKfe}vgjqE=@U<8E8ktmVo^fqC*i(|Lehj_*<LGT
zps3F&>p1j$2dS$fp-g_EGL7MQaXfubB3~ty>%nJc2hYppoc840Bqu&6dy+1W0SwUX
zQq|pyqiFQf{&>)4wE-y>h{uU5vFxgMG$oWE4F)21=xV-jWa39tHc3d}xLWBn2Up@A
zykF-QqoW?m3D_qWf@MybE^Ml$D?ODYYpE6A5^>21+Q(O3(k9;~cs<$h98#lVA2wt>
zS!TC*wI=La50lUM`hwLSUB1MLNPfzx+6=vHCy&8U435jkvD;ivdB`>{9H`!hcxT$$
z?laZ2%5yX8&<kw$J(c7`#&G#M93PcsJ{w?kLBDE#9<Sf=bNptW$@z6H9E(sOIEDdR
zA}R=1udW;eb3Ji)THWHuB*OIbK^EG%SNXuRs>GM0iy2rsjz){klM|RqGr5oOOu);6
zpSQ;v3d&>JEE)I~rLdCV-m4u--x%QsH}N!R`=jOitteD8L?|OfW$f*~{%x6S{{}b0
zulWs6IqpP0QFz`@fAk4Mizwbf13MiDk@wrV+`}L*ct2)+Ha{a{{%mPCFoJJT0kg`(
zo2M?YRcwEqdw=`iL`5#~t>?%|Ll<x1cS$IVY^UP^b^!&3NP8WI93D9yboi#ot?)UX
zY+tpXN!D)mX|-rv;bf)N`fj)t9#KNT?84Ffx@EP$EyGs`Yr5^h=-z8xa@WNC@x}J)
zWmw#9o1*77!BIs8-5sX%HC##V*RoP#)d2R#>t0haq9o5E^FGbsMnH$a9w^9&zf3Mq
zetKVLIai!d^j?-Tx3&7-tcaphFPgqI#`=^q1GwLtz>nbysJ=CH2eRTKu!rmXs&YH$
z3Gf*JlLMQkDEe>>;(kjn80+G_<3iIU**Py$OgP$dX<hPT-?}*BCtgeB>mj-~uJ%Em
zxOb$xJaX0G3GS~y;es)qkl4K@wxRKDmtN(Zu{tvk1H+bzZ-K2DZF|w2BSe!qA;vwZ
zN+8)&!@i7R$d}_rl+7*H&R|nC0JEu=`qcf27r}cY4`V(QDmCNttrBBN0VFxMGLJ;;
z8Qs;g7)Bsn;}=j_`@A^$Yp$r;;f%fz45c|9HR7rf(~r%_C*=fOc!_K9KpE?VIvPJ$
zc<@;#UjBX%0N{}q`6csj;+1ed5HY!Ua{DpSLnr{e>C^U2QLSZUzx=V~z}h9cW_Iu?
zLP9tyJI3QUy$>n<qDLvq+E~2+m8rPSr-kOmT#Y`sh6j5jfbKrOIeZJx(b7IDi97Q3
z`y=S>Cps1ceR4?c^0miwc@Dl{ZH>yR^|e1GPEnq@u&A1g<M!;ex4+hRS=#Mz_Um6i
z=3e6=Lu9YatMe>dx->sUmS7DP<$b(hMDT=711rpIR=wcCWfyO(`Ofm7gZ8Pj)OS=C
zZjRA~@duT8j!r-4$QuxLX<tOZc@H2wru?<flGAjEB~$_?q8mSC#<}xcCJxWf$5{eD
zuX}x;JX(D3?2AAsw=Tdw6t`-*D2n{e7=Xs(iT-UXW!!W1D+D(yVitSPz-|v^!l@-V
zr|NyGisT-4W+!G#OejKyd>_d#vkh=A`ZJ{O40Kdm?x15+taabnuZBf0<Xm;vz75Hb
z8K}NP2@(mLIxo3B=ZD^V<b>zf-#wy7_ThZWQ$2G`imr3!v{|8eNkUI3{Tl5t`m(xQ
zL_xQJ)S3JI))Lwwh5Ni{SccBVF?}ZmNo(-yxOmZrc!$BhlE!2GVol?cK93p4bDNYU
zm9Ca>+(RoQvwZAIt7&&SF`Sv$du;Nn+t@k_u6Ssf+~G9P0OGxMnU5<UpA*w$cAwr_
ztAhPb9D28M|6?%XZ-4sJKR)C5^FRIN|K|T&B>(gO`O`oAlwJPipa1n4lm31*`g_)C
zY_=dR6Nm)4ST8qrb;dZA03JH0OLwSVD!Prsjxzdu><6p;S^59~0s;U2Km7mquYdo?
zzkCOBYGY_&O`vRH$6kPuqlZlYUJCuY52?>76;`ejO<2;pJ7yRP!KIKoMRJ$t8yJ~8
z)TSieX!hgeAp5z}<=-C@1QZMoI0PgVGz=_U1Vkic6jXen(=jlyuyOEfTPCEJHieXo
z4mkxqS7{nrx(tl`RSdGS@%e_;e%IMNynF=&g@olPR+A$xAt@y-BP&-yQAt@vRZWk&
zhUN>_`YmNLFf=kYF@5R5+``hz+Q!!Ifp7mUf1kw8Iey~gsnci9p05<#>EWuYn;&<N
zM+x5kZIBKK3<?ej4T}?BVM$bU%oD@;*qD-2Qq%IJXJlqQk&&CXps=X8q_n=>XBCxI
z)iu9XxHdL5x3sqP`7bcH|Kw<-_V*o4|7K~@-%N#gA%}da9I|7G(C^*FfdegGzS4f`
zJDdoM82#43?S6}n(F6#VYC#QLeWC#x_$*6?1wWySd87rYO8SV2g+3E{jPu{jQGb3(
zaHgMh#Z|nOeYE-%H%>UOmz3)*oV|GoJ&>~9gn<r2Jj1--aIJl*)p&gy(Jx358^7Oq
qSn;^%mTH&iw}eoiT?N(uI{N>3NB`}wzy0;Me**vj|Nj910RR7JQea&G

literal 521342
zcmV(wK<U4P`8%(#Z;l*_<^B|djxB(fhZj2Ig~a3&4ip@~f^7Jbj55LB-8~D?iC*E?
z!T#^P8d!K)RZp=<{?C8>zy6Q^@gM*Azx~Vq{J;Fmzx?Ch{x$i(5WRo?```ch?|=FG
z>3{z3AOH9N=YRii|M5Tm`SX8hy#;>6sy0=|rHk_99c*FNJPEr<EHGa_DM_uifBawn
z*YEm&|F{3|fBzr<kAMCy_&<O2|M_qK@gM)kfB$d)`TGI>@%PjJ-+%s}pI<O%kkc=U
z)^v9{H5e=S@}WO$&ZC}_VoLOqXWkqiU*KO~(EaNR>W)HOadPLF*FZ1|m#XVEZQL^J
z8}q2<LSw*2`S=3VuTOY*_3I<>xyRg#2Gfi@x>sGO%u(G>lHS%u@0*@p+eRb&B7)x6
zN8q{HPb`wT#pgU7NDnR~FjQ-F0CtB9*D1syD{4u-^FG;N`lJK5Z?1ph0V@v4gb@;o
z8qApUxUUa^^qr%q02@32@&v6X{_!F2Q<;Q^{IbP<eafv+GjvGf3I-F{h7F6{EW{Ij
zP6poKrkSBA;0Iry@-0z4fhv1T@#|x}-V1-xW&O;wC3sf+Mw*t1x`a_{!P5l95^zWJ
z<74DgtcYRA-Ojsvzdi?$U3<nrJc^57JltE<ask7Q%6N_zK?LueK5+H@_#FL|?aOxr
z^!y2ukp9F+LwLaT0Y*FCa5@N!B`V#RCURQW=^c!+0LsAE2N`|8Bh{>jE;~`mCci#u
zMXxC(#SH=&=YW#-X->!mi}R8_Q3iQ1K4E9TUk>*v<=wGIL}ZFwdcyrvM>yu(Y|WHZ
zh9&T-GeNEaN;wWM*Vf0EkE>rCJpB5oPf>5~j`ZA($87HtIsElm^4j**aT_lN<t!1;
zZMq%}yzC2MMKZ<^KbO~5^YK~nDQ~HL+yO@vK>KcehlYQBnAr;U<|JieS6xW<I3a+S
z*v8YdctFI3anQo6^rb6=Po<|lC1WB-qGQMAdb;m7Xt5))gCZM-@)p!C;Utm4IZCXi
zCiS+QCTjuo;LD&8KSj?iZrGz3t&z$l54I$ge#+mmct!hm*Ef)TxNhlHS@+z$5*R4&
zM9j5$1s(eNb@ZwKOCq;d-JtFk>wAc)abQG0+dqn7?Fg;B-D9(fn6uhft?JZ|+3lz<
zvO8!_!SD0?{8Mw33Z6ySJ>&VFSc>heIicxKlXZB~XFkL}qG5E{F7WVGKX}(VU5Mv@
zf*j!2ik}Gb=c{m94B7{eXL^vfPbf47&cSx)rv~rFAG8SM5QpKG^m^pdjS^ATl^tZ>
z*cJeYq1M+ozR&kzqR!JLqWGYNNFG<|280)367J7eOtW3GiA9n$nOnp!eL@#bj1V8G
zswVB47O_h!eSM|SXW-R+d;0`fR`D|Lkz2j-!9(f{TlpEo#3NYQAbALYqo2mSm)NAM
z<iuIz-2!Nm;b9m4={EY^Ge|KwJO)(MZ`FNG<UwwN+Ovss`RzS=j~`&pixwYu1A^m_
zngKkW9C%2cE`??e54_nvzx4C<j8FT`UQKVzd;7Zb*8DxITrPR62$a9WZNfo|&{_`}
z@h#Efh+!-tPb5#`RKzmv-3{E+uWz;Q?qc9_V~dYavk+*U(F(elJ<WCGnrZxg#)b&I
zm-tF_T8rrIu~4p8d*^y#9yUp<G0&CVEq?lve|H>^2X9WMN=(C+8ugN5_Od;TMPU?4
zFX89gLU+|B>{>nwWPJ@*tYDs62jwJQu#F;1ONDvFU*8+_`Muj!Kqhham`AS*G?d#O
zDE2s)6yK#Da{u&IVg()08$Y)u0?8`5f!EAi$siCRLI9$gaAs65zGg0f&o9oK4thL1
zFCkRKlNGwj+Q*d+YK^C4-81E<Gk^rkK@O3=XEMj{GW0Y9(VM9VZCz1g%X0QD-PGqd
z`=`%V`*XF^i;bJ+MR?k|oI-83^ITkEmlT$v@aI=wZ98{O>43M@%``3B85inwP>`lH
z@nk)m-MYfhuSWgO04>B~k`dd_$s#SE#D?DmV4&wS0e(!jS0es?raoK^E~s8&BN3R~
zV<~)xob~uU+);ZpyS%P9IKKDw-QQz5oEME>-^8f*U88khA(}yy@Q^;G<m0DT))wWm
zKfl}@5Ba@mv{Q32ytgvP5ned#h2yM1C0tQ@<UC(qNBsR7L%Df9<W3T5pVNB)f<BH9
z>D=T}KnRy~T{b(Q;r-M&m%Xy_YdqpJtt={SmZP9X5ztwEVSar&5ysd1_3huoKX9U}
zdm(hg&N=5Cq(2AGFm!hA2L`SEjzS<@BeLn|=0a0l>?#AeVv<Z)1Dd1dc`bl1(N?k1
zZYFBG1p4RK`)68vSAr#IbJ~*KB?Cm~M?MKr2*fmxnBcCNrnZ}%rG9T1+${+Gc~1Bf
zKc3=+?U5Xr!h^av8t4R9K(IFwpPQ)f6+;|dw{^fQ1dNtjk8K!w<EC~IBKkFr%*KVS
zOldZ5H2&;F3u2sOp!ME(zae<%{wgF3J&@P*9`;cr>eTYHcwZHKZzX2^u=p}x89dl|
zqTF1*5>CQszHa*l=1lh8(b4RTB-FzD*_$dEi5Vh5<T-c5S&q}d(93&nJFkTA4%35D
zWTyD5hVMm&(xJR<jyF(kVgpaw!rRL&0Txtb;5nuZO<ajjaPG94mi*2HwU>!q&-%<~
z<}HMlD^~M^GSd@U7Tj7k&shek{Ho%6_fa%`8+RB>MciwXl#jrMSGKJck<ybWw?j?R
zUD<r`t<+V{`{|~KYl%g^`9`l?#o$x}ahb%M@5Onb%Dd`~`m^c!tmE@dKReN|Y;VQ~
z(ctP%#?MlblSK(0wleqO;kmj>is=G5%MLZY_&M!16{9_UPlMkr#ro?jX_5l2W!?aI
zXKw==^I*#SGxNlE21ZI93R<=8qTA<Mw?V29!fEpS-MxNC+erm^u+uY-Ia-T$-^%-0
z3#WrVxqW2FPcwI#a|IB~WDb=thj$gp$L)Ax^6QN-yicbx?xT9s2X*O2^$_EAfmFRk
zHHAcfFwTz|(1FAh!?rP&5?}E6y{n(qv~2C;Br&YsBiXm9maj9M-3*3UB0wTU@`CUD
zvzqTMjzjHM4=tZ(Ji&P{A{0A}F;~@kn%*W5^m0Y!t7=F)i)F~*_tYj|{e1g*hLZ)y
zJY3I>IY*hLQz1BfJl^VM=!qcY8m|m})$_ggv8+s_ZA#;3YH#0r_#hXqRARsvTXnX_
zM>jV}E}!7295*odQoN_-`+EmCV}dl9(8{kH#oZ0cp9YT2Qlry~7>t;!ug#>)XGNbb
z(C)JvL8cbvd5<WoEBnZ~0^S|tVrPrDIfg@=%7}x_QzI^dQ>#>jrm~-DrR!Z#P$hGx
z4+WQ{?U^dZnlVHrp?S|sWT*@JOe@TvegL?SZ&~1a`w47EArJ_!mW=2^c<92+1lYSp
z_Elgf1Ttvn*Q=Y;ROMQyKeZR-k7Y%!1#W}o&-=quDH?fQw7I2k=sA*x>B1*d@6#EW
z4T#wwpO@0^V|jXL{r0HN$F>LO#RXKB!Yk)!T3x9jlm|mmNtWfy5cz(y6}%QMphOjT
zMv(=gn-6Ho4zPrYQ5+GAf|W9K<f|_EP6Zw$4=(hzx4jyg0&2){e}d4(o;UBY=P_Of
zl8GMgZEG==_*S!DQ)&gWgr@(h%vNwj7}@Csr~#tPA|qQD=ajA~VcEoXIvQMN=vQU>
z=@uuUI5$*ycQ^U&>KH_!QKfDt%X^_#Nc_oc`LrUyE1P0}Y6NmJeZ?;+`!=+HI$=n&
z09!hk2I;l*BWxB_$d+4SPBNz>I2yiJST>)vefvg&V$zoO?zlVl5{RMExW*VKhTtlX
z7%8&9a_B92f@@ZweQ=VniP9NhyVzt~`TKkh^zz+42W3U{>vkyzGk7CW`UW*oAXB(!
zA09A#RcD_Lg7!GgNN_ahkqPuW#0SFE!_9nA(miK_Z(aP&OS!ljW2ioV1M`fO^;Oh`
zWRc)R)zA7Y1+NPH&2EVx>)seCtP~<G_k+Qt!B_ZbE*R#%>hteu!Y?cF1mpFal0(zW
zx;qyQdV5NiY(3z8A_`uWez;6;tnE;Y!Z)km^xAmz3M##bi=RCJ`<x-E-}ybS*2fo?
zB<Dm8$Y)%0uj^sFY9EpB3ggpNYD4|i8t?;GVB?N{PL+bT9&znhnTfR0I%Z^HGB^(_
zz4pw#r=;&GXh&n)DdvvEh0V|2?RH9=j+k^>$1OLD{7foZO_iVl{hb@Wn09sTuRizS
zJB=*LP{pRbPK8r#pUYyi2@EeQ)Y;O+O4#JKU4lpFF>J1D7JVSxX6BL^t3l_4hcE4Z
zZ{vYHm7{GNDsg%nN<A`3ml{w_iJp>bq_hw)Do}k^`RO!~gi-t0kZZ&oP&RH-wc%)-
zJ6n{?Ota$HkN2JJ5k=Q~%<!)A0qzym)Y$e02Le&J3byM{M+M&_&!W<<dM_&S?9#k=
z0v0fu167o^o?|4m+kMrE`klm%N`q@)O!gu=x2B15?ty!TB+H{yHUeI9u4*QAb69g5
z^&#(O4|_tVNtEeg+`V=5B#eH#t7iMd7v}+sEYv#2VUx|pW*pCoO>BMVZG*&~M|@RE
zpYF2_7h#Bi+M1MLISzyR=d{|Z_a1`84Qaebm6_zNoxoN^yV);B#^W{AsS?IfgKrG1
zXA#cI&w1|2B$=V~n4GvtZP^6AK6~!;V6gDQWFEuNz1XNvR{7J1VEPF<GFvB8IuYGk
za^0irI1hV|B>GN;1>PtK-uf#{yBmV8XY(|)myl9jtD-j2v#>R+bTpZNGRt|DRoh^M
z59WGr_4QeG2*2q>2vK;nj8iK<kn&aS`*fsPa;<y>x?TWc_|D-9doH(T1Bc@LDe%7J
zt%j$r7m-gp)*ULe#h#Oh)4C%i=}NlTU8`7}vOT(=^*%QYp6FT$E}l$*d2@3%LyE)z
zRl!{x%e$ADm!I{1ded%oqk|X;bsb+c7#yZCA+zYnylRYW%7?h^J-cfuhD%GZd5SmC
z%n5f}6gE?48Fr8lg`Z8SR_D)(VYW$Xnaq}K-kHA~x%0Ca#ffBy8VwfY?AjfqPd&@0
zOFh(*o{rlPtYO6(%eqE_6p&})Tj_o?>NozDW4Iu)NnY5n*5j_Va!F0@tx2DHEApaw
zSFlR2OSAF!-GQOhS_e}UmB_NjIP3Jb46YYP^3^f3w@!C)%%`gL)32oE@>Gv$;hYhh
zX?@bkU%nj$4@^m0fh!8p;;u}KYt>FReF}>J59I+~Q@NnGJ^?y(+r(GbA;2bKAip<J
zRgzu)T$Z3p3Faj*R5Zyjie?n42j>D<TO7k@)%NLJhH8roREuey8e{INdQP1Cc8`M$
zkDD~5&w3Z6I-OAwRHtbPt(alX2@%*L=5*{i!tStgPQR>(V}+;rvkwz3p$bKYFbIQf
zfVT##ZB^t1<90GWQO;(~EQhbU{nNwfCK++6l8gykm_iUPSL68s6GEBJ<F)sEP(2cq
z-K=!*^*bHd%+N*w5M;x%8PA6pXOq&;xtmvwxB;(z=gBtO;H2ir>Iuj~?BPQhiAiqa
zhC}POq#Z3D;BKFle<v*&eD+c@ONJg%cIrMybaUoZLaL#G3w(m9He;@H9XPimSS<H!
zake}?>s55Al>u6Glb#6YT8Tzz^rB$-@7lYYOXA3zub<L1q=urvNp31lLRN<LGp&Jf
z)yA*d<2!vB)>u5ehjZ{=Qjn$JiPWp7*31JQ2jQMc!b9<Lrly#Lp<y0@7s5nHIPpQl
zf$>v+06J%J1`%#>S|?11>A$Nd?;B`6An>7=nHsCjaYAB^%)lGiH0qp@M^Rz?QN6&Y
z!<|^`1JH?0Q}m$4Cmk_|MNc2N^Q6VZj*yZ|Oiy}qGc8B~Pxw2`dPxlQC`-$HSbbVD
z6IX{{_z1J%`YULh_j}%Nl&4@9t`~IyG|ouD?d&?NMSz=?dU^$==Jm?)tA70Sx((7?
zFUZpsM$@UgZb~ip)*4f};20h>&#2kh<4k01#bs>VM?IJK>P^pzMY1gl?A4x#NWI3c
z2ajW%C5_(F<=RizlXc4uIC+>A(A8%*wy@AB)O+S5yXXuXJD#{>UkK2r>!Gd}k6*ZN
zRKc5#4n0ybN9-`}eJK=L&x|^G_qH5Tg=&uQ1pYM6G(~)I#>2ryBQ}vhVP{E4Ytc8!
zamm4Rm<{l=<4KJTkUSinR|wgwK#}wsEZJ{FIV*|m;LLPWmOe4~^uOyzZ@0)AJrNu5
zI9f!;%RC*V+@}(!DIe{~Qp2{f-KiHn(Q(*vSwzEk$>*DO6`;e77W%s0$(j~Lqp3^*
zPhc(E^-m?lY?t@pJbPhK+?Q^bPpM3n$*scc)jkM*6iYPvg#v#%Vb=09DtT*U{Awy~
z0>zE>=_A2@M_9~P)j?yI9m&#fnThTIhuEPj^X>T+*bpWmd0E9t>BR9{<l|_&Yg(gy
z=I#<v`7{4`6Ws9lf)h&t8d<)%_r`S%*XbR;f~MQIK52(lUpTx^Ph`C~NR^|`7e2;O
z@!sg(@uX~3imgrbLkUkR*vAgXeXpLyHu3WTl)F_DC1XKEd3k+YuU;L*Xg_=JX5f^@
z1T5w~Fwpv)1eapfA4hJ_ik?u|Rj^Fk)GCi+FDoR5Qea4pXMQ0e^sR_?Gv&_3&hQ#<
zDW}d#dD+h7dTtwvfaJMvRy{jpPL?T}6%4J0UmR(<k&wTjPV0D0jf;DtWpAofnzC6i
z9B+zoK-(<eFDzsT^-cO)Gq4_9^Dx9zeOa{Cr@ECMkpYo7(6#-Ag?{>Eyt7VUOnJnw
zb%eW(Ulk9dKzpUPoI7lm56SHyTX2Q}ZY>iC1i9Y$KB5iAiRkdjH)m^*`<_*n_uT}s
z(|DShLXyPwyBeckXk3zVLGUJDXbDXz32u_4ki49fk~hz^3oPESyT>OQpN@%KLyma5
zL!}4rjy)uMcdYh&dY)_{p#@fByo7U50<F8|3UX{J1}{vb=ml`Zm|;-eVDs$h7Rc~)
zS^{HtfYP3+mD|vGIr@7e>%hwd8LqN*EF$a4%gE2vlXkIqB`#5prD<CPzVI;p#AA1&
zE72kWVw<)_z|DAuL7rJBqOFc-tZK>WYpvGjfW0K?k6!Of(h-yL)GLI|;Tw#gotfRH
ztu+*w4nO6bW@6hDt3VFR^!%AC5GY7Wxp;#^&K>DB*QJ>qMM^zv<WkBRYclN7{X)b)
zU9?h4tz?^%?{cXzW*kkE_DmXj0@z6ANk^9fL<T@ZL8m2!T88ARlSb;)`BQBx_4g7-
z!LwEIZ0`VseVKSlj#}R<^P+h^iwU0j`#$~FxhF`RK#rTLPanRxmp#2}_Na@771)Ih
z4QswIiBCU;y(G;RHAc1R>?~IZrX58(mAe<^a2dHOPh~|Obt!?#9Jb`jyUI7^V6`L#
z2Ee?RL|ijcINb4C7XzY!N(tr_7N>UH4!tq37Ygt9^!YlriuNMIiBgHY2GMo8-$SgH
z*beqNvXxihC?BXOd^&5@O)wAMSe?YnwtFmOHjOqul2X2JkSBEL^sO0Y)d;4f=cYZZ
z?XH<Zv+7L{db~9N+&7!+X5INF<0(j~X<%TC7cigMu)j_~32v;Po<jTxF2ZG055neg
z!WBJ!_+qG-kFcb2w695E!RQm0@2MQXJR)wmS<3V39;kNBGK&YY%E7fsBf0jB`=#Jz
z#k(k<J?qF8r<AFl5J$@^8?5K2Z15JNsWRUjKfCAiQb&OSxrq-q6mcYEE1Ru<dkgIh
zZ9F~Z8Os#m&DZ-@CEAJ}EG~JqDgpSDar;6BKiyUzf^4TN3rZ8L^;IS$lsg1GMSaKi
zMgx0lRKPQ{8Xe;z+g}M)USq+n^-Q(MD+O=B_JG%_F+Rnp2_c-X)wh@FZA-qmo03SZ
z(WIbE*k9OK`&M`vvp?Vl<WXrTsd^<tT_+q}h!B16*`?}dCsO+K-FYgnmfS0j%MhCe
z2vEX2y<6-Vj;KRIP^R!ZW1}|g%`78HcJ6n5Z+tdW>^iv@M30d|al0?d_3(vbrPPjQ
zNxc`oc-l^_ovYXQ{7G?p{`Q&zn+@FSeKc9-7_m!R4EXZJi+IGENX4_n3{9V2!=Da}
zG{N!Qok6lgSLLV<77M*8I^Z_O@Xbh^3Z7887Xx^U`(u&kpt?!duMrT@JMfr9l<1{A
znAN?R>ZH&;yaM2dCk1%h*Z8!iNU*pjM?`ym<~q9GBZ-&mBD3#Wb-G*7QY8?*IOAyL
zR@uWLr>?&6d7obFh6!US$J#uJbG>5O<5~XPn(SQ;vsNS9*67_+@seka)0d@kz?La~
zEPJSV_p;WkQt?!r^sH7LOG-x)HyvD-a-&E3AOhVy8L{L=>S!J@{B-3fZhY{ByN(@2
z6WQM~ue7PSm(|ttG>GDOJb|vC2z|Qp2GqOTd-KGq%@FTirV%lAlH_U866krION^U%
zd8GBQBFGd8`+!b5SB{)2S0bjIp5hVfjhv5g%X%C-C-=6Zlt5dn<C^gx#GSpsl5Qdj
z?cWy!d7Lv+wsY;Ax7K(xBKRP8%EcL;k|V?om=(KzdXVTRMn*oXG$t-80R7r5AGsp+
zIJ{$MK7?VtB8-+!$Ye0mEDTsVKC)Oa<}q6%wMMHY8$uPx$Tzr5r!SOD*{5<c45+P>
zfk|TrAK)uG?(_0^o9!a+CrWDm4)KNfcu6VAj7PrZFiu2X8B~P16sdRhBtIug)la8Z
zettx;RyfCH25lzqt)S|HqYGSOYrCVyl)X0HM_b{1*+r%~nlN~2B`~~PdOa4g9rg@@
zAT4X>*^v94J1@OX!nSijt>CJtSTL`tFyNsw$5Pav9qpmpZSK6Q;SrDwO&<kSPj@uh
zch>#{^QAgai@ncoZ=at13dwF(W{o*f9hxkFm6dFjvpxB+o`Fp`b#9WlicHj@pGV%x
zL$c>o3Ao_?MB<eiGH3!xM@mcS1s5cT5KX(;W2=>>$J%ua&}&(0&w}6eHA8OZ>CgFM
zpQ%p0jX?zJU7cIVB_d?PiiTSQJ4kbqF%kP#lz+N6_)|Op?Yq~luS}>zjNDcdF0&e>
zqwYM0_$Gjc>9s`w*YoT0^Lqt&yl<wSvjh*x0RX#d_({&%WzL48+_b<jnaif&yzqGY
zq%wKhz?SH#d+P%)^+NoG)#7y+)fL4<m&0)Aq+nN(D{)>&%Hh#>Df#*gct5fF^l|m}
zbAM4tu)5F@8Y!-tCxPh{6?Du!kuMoTLoD%mzd-iIrIR+rNFCYP+6c)W$8E2Qwu-(^
zH6L)?j3r5v;h2KA=<`g1px4PO-Wt)vqc>$FPm6^T_NP~!9{F;ql=|zK5KvGI2Y3pK
z9MC;WPdo`O3S4VHb5ndedijVxqmZ|ZSMrwpI_>fK8=vOqfnB1n^%eM887k{+jlNFY
zsj0MUY2F9$qBoqX(%Tjc82BwSvOf*km^Cdyct=<Lgk`&StC_3Gj^fZyk8B-?3$98}
zl>0Ycu0w_FT0jMUfBzjB0RkOaWPcC3V1l>0xtQ|HvkX4H9Y#D`RWAMUqgCj=UB<$E
zn>__VheUI&&JbXhJ9xZ8eq!ztyRonL>ZOryJY{-8R%+7o?q&NseN#Nyw=U2)gKqD&
zz25GL+c!=4zy-nY!P_hyzb91k9_6$7>GJxV*<=vunriJ7vG!H?Tu!okP(SXy6jvjy
z=T%>b;de4Ok)@%P!Nvj<eWE2CCVcl$RdC+Z@O1;A=~JA(q<U*~q;Dce0_X5%*Xm)>
z763W7<W})RWa3hz&BP}yNP;eZDuZJdhgU#MQaYO|3Vi(H-pF{F(+oe2?)mLu8#$t$
zD+LqA_y8*3waoz&CcMpu99*ek(S{cNg&BSNeWAlFrXnKZu8F@&>Q_J@;XPt6+iV}a
zb>Trt1Z+J?T4@Iy8<*)2a!qu2?FLnG05@;CfHR%R$ppn6V>-u3_;`7UEjQD`g49!{
zu(cOFW80d<!kpXl8ZR(^Zzh?KapJ16D47pCylx2>DHaShHFn7!xIMl*wERZx)A{>Y
zoV(`cbu}6&7p_e}0UfL^?Sfpym@T~(1r8FHeYPNAhGG}$$nsvI!PCHZu~+&`DT(_m
zU)%~M<ZHlIhQ4(pE61yd^tiKb#OV|?2C;>QR(@+4dzCsNEh6_buOgElyiR@VLYS=S
z@wl0LE2I`Hz~P=Sk4}Oq=zQVE`sry#*FgMWF9K02$LN9@a9=}kg+!e8^^-1k*j3jq
z*#eAp(5$EtS>>07kg1d*2;HDYJ-jm|9&K|}YS+U|ar)<*@8Nd3C3E|UOunnikv=LC
zvhoe*D#oPC*)}2mg<Q_Cy}}`jr_tbRMV8BVSn!$$u6R#ZB9rr6RpHayzAuWVyL};=
zLi*y|Ovv%+Eb|<_=y8B0bcR#efP*9Hj8S=Tvkw%Q7`9VQ;Sf36j?`x>2^5rZH-ifA
z4&;JwM2xPMLM*oDc{QhxHf_DsB3<^;maC%%hxc+fpF#T3k^bzYJ9e`kZ-TnHO8vSy
z^pAAthoT4XI(jE!kor<Su@m~lE~lYXgIBRh<H&q9-b+auXMk|r2S9Yrk*)8sTU~a5
zs|tWiQ%{S_Z9c0QTA@)%DvGpeHh6%0G72*=gcnN{aJhlO7=^FAMN|qNaqpFrjT{m%
z17!@L5WnzzQwVJDr`OpvFxl+0*XAee^^U_)?cF_t%tw1%P7U4sW_9ulz3;2#;@xF9
zY4>`$R`*`H#oOoowCC6ekk6d9cW~L9G|FnJtWJ>aK@chCBEdRQt-2horL*d*zFPKM
zSLUO)%6zvN?u*rueG(~dV3A@O2sNny3hPpGQhH{3AQZ|m(Y>#Jc3Ah@tMv$33eA|^
zH%ayIjifE|gD1+7T4>rd#=7%~-}jUd7g?1m60{3A^`=*7Dl4GCui;^^0$I@Rn@my$
z=8*tLaVv<beKAlkI-F#P{6W#3OthfLg~|C*(^>|!$<V%ZcyP;c%2j#wfG3u`o6B|K
zEyv5~KW~*9ZkNkAX!Ae?_=R8tkTIPedzQ142jR(ez4TtZ7R7>%OTyQ32ZTXi2!3Bi
z*%KjIs8e$1(ifxkncMhAbDB&Ym#e+HEQ*q;Ym`(Tgv(X!!PM2ECp01!YMVJ8`8xc)
zFt>tY)YmCxXc>P>EGPl(ErYJ=@-Zq(qX@o$$ef^q_ZCW$I<lh+HKCKv@m~DQ#%}|F
zE+%Zks~$&Qv*HC;g@h2VF|sDLO3_k*>KBIJw^SW(-S?szS@|8J*o&s;jn;$D%Lv7i
znyt=5W7E0bXr(vok|8$vF5(Nh$M8Zzg`oGb0=xp!(#A6is_4gBAktMvBMjpTgJha0
zKq>fOx%uQ}uqy8xf}L%qA%9CE`cCPENXhTrcHN<NWvqZH4UzknIe__7YH+>RbrR3w
zgxwN~K4-F^PZamMI`0WKQcNvCMejkgy%^q&dDvDX06F`hr&VUBs&dL*QVL%&B{U4U
zISBzS1Cx6ivp>4Dm57EGd<*6W(oWcx?}Zm&KLDnULpMt7Ah|^ACE@j8+1K2L<V26U
z47CV6x*LDtD0|b~nMAwPw53e*TJ=dUZ!3qw+-M}css%*RmJb~L`(FE)TNoG_m0kl7
zj;kkwlRT64ff@#(1R`|c@Oz!_5mz|jE3M6J!ghy0(eil**E}i+>c#@?onxXmvV+?c
z=I_0CL<^oGnd0)OgkAyl@W{w%faR@W%h*#QddU|PE4;SgPp7M1@6Y+ouk@uocI!x9
z%zjzzG%SIo#V?LldRE2X_*k>yCz7AtCEa+T)jE{}NK4fjz|S(3>CFoZ5!k3+(ASBJ
zS7FIe_$=uipQ<*b(HQdcoi)Hd8nh)6ZhnK?T>5OP_vqZ>-j+M|bB3}&Htzu3GLlVc
zG-A}&QP71vn|pJ1ruzbV7>X+Ao~ZwxPNs-nb)R&)&Q<az8!eHB36wBBh)saEPV-8f
zW&I0F{GLug1FiI3OwZxaxV5LEap^l1H&kDT%XB!W@plRgxT3g>G;!6dbR4Ny&vXGd
zNRG6+180@+y{J`z*8<NOGMD2)X#2HkJQV~%R++aOV1R(zQR?7&wCU$rR*tyoIl*tF
zqm)`9pBet_I7{wo(|ep&CecZ69KmV}x-O>R5R&^LWYnwl{zUWpihRf&MlICE-7nu9
zd50a%A@+htIm%P5b$4ZYyv68EIfePqx)2^RxP;3?BfzkV!Y-*KMz0aEH#kRVFAtyl
z!xxoNbnodX#2h{7WfqADvGQ#PH=Rgu$pwD_RxP1e1a)%SDLyh;>^b$*GaH)bkP~mz
zluB3NiWeMKUo@ws&*VetM_0;*tY3J3-<_Am9JazDa$cJW%e<LV=RW2=Rx=bP>wEoD
zd?&i5XP)b+#yOzJ$cqftcj=UZDWvkYjj)O{D`a}>rE6+l20Q6g5DVG{`7tkFr3=gx
zRoHW`aMSG0OUekhBzc8wt&0zmPy-i1<01R=-`BGfW!NUCD7eb;cPJ1{`&6IpbU%3u
zTEwWTilgv_==Y^s-!>3-h|2=rtqx<Az`WNMr4c+vYL3cN&t5!B5LSDNF(?kGIYp08
z+D9NW=mfG@S1j&mvdSEiN+{T1GAV+<`l@F*BS`>sF!~+dGVd$g+-8*V)?Hj<P~sbm
zhi+0qZ%b@+plPSynveeU&}@=;)x%<|9OOy3;r#r_1}>=$w!qrfH+XdX?I)(6{YXMy
zWeHLrlZ|T0#8D_ZfWre)dO4=#0$L)no6b(6#Ps@}&{e)9WSHeel|gjIB!h{ruwHK(
zrVKrSF;sx6*GcMq;TtgeLJLwABPG3+r*u3)`OUSqZTn_4fR^?XJuHGAj5WtRf+sKA
z9e(D{7Y1|O=N-#1U8{<Yc4tr6a~@X*6u#K8&N4@=FI45bGx5X)6}6}sM2fo6OUS!`
z^W$gtxPX}b;wA77)9Nv+>YX^y<ZH*8UKm){hL<;Qr|H`3;lrjdDLpXdD2#X=#uFKN
zy*x3j;z|Jg!Uef5QFTZumhny4d#Gv!U=QCK$JlKh+;THDS|+-utMl)zTGTy)p%R0w
zwIEK@BH=^PV?j2g5UH+;bmMsQiK~A1D8}`A7Yj-_!Z<|94z)6oHKLc>!d=5rcv-}-
zsfPaEgO$QTd15srCra=x1MTwpss^BTJ#V~gT-+yQuehGE#RBAGf86H^m?DA?aT`g1
zS2FwYxSA#wQP{R6IKb5H!lR%Kwj*o+IkboPjN#!=#hyZtlkzQ&Tne&I`YaALmqN`e
z14v$K65SBiy)R_HFYYG3$+v0jVLS!pwYCybwf6*rjYn6f$1r5mU9KZ=Jk*pT$RwH)
z0)PVP3VfkU%Jg2KQf_&lTcJ@O=U@N{&neQG6&|!OEtgzJG!5hVsQ{veB)BEZ?%Q2i
z=GUw-zAHm<8saG9s*@3Od=?LWs<y5koUNVX(QTW)x8PSD(Wai$%J|B=$C;Vwu<kQi
z`S<i>tqV<MFP=Y@Aar$ycW_oCFvG;+JZ=6i!ZWxBJ74Rbzj-+A*whb>UrFt12D@5u
zO(lR(%So&rt5~2nJFOWGGeRIyw^za93in$c<a*ruUKpG#G*}Gf*jTc>=rJ*cCaglK
z_e?z2b$v_=H+tvijE?~uH|c3(&X4ct<!s!ph6=PPV~#S#pv|ihlW$LO|MUb6NMy=-
zTI4&I`YgzK^u4!i*!m<8Ja3{|riNG+N=xrvzfJKqkyisiPvJ2ap}tPRb@j7&_6H1%
z1?|f^sFiyHF5LZKT%Jo&xr=QwmTc<2?n^pO+hcYB)v@ugxXD)Z%;B+h*V%jrAh|CG
zWCis1l(nQi1my<KU2*hu2z7Z<aL-x<qn`8B;}|v)o%&1&@!8A7M>C>YpSaU25)D){
zNPlSXzzDnh=9R@}kC#fasr5>wtv!U-;gT&{-W|C$sJAt*Cncwlq2P{~qT5FixA09i
zsV7~mGIzu*bA;XI!xl<wS!A@4lF1#Gt+bI;*e8RRwwcu|Crt$jM{GfiA<RVm_7}q1
zc@B1()tF|4DMt|35H|qNUd2+H?OBN}G68+=1Oh(0TJ2?tJq{f^FEx;*krFRzY$vFq
zw|uX1dHt$~b?S`YF20q~tT4)*VR=9-Pj#Kd1$JKx(q>pl)(!J9!^Dl9#VS>ma_Xkb
zEJ|(erk)SMOY#r}i6vzkL|2?ESe0t9Y)_P6_mO5YTOuRZQ@N9slHA6h7{4B&z{CUx
ztF*?4zzO%XmDNJd&xaFfCDwhS<r8E4>~Fr}_}*op#i;8uSEAl0(Ds}ZI%Kf&ars3_
zWNoKU@N=Iue#(0fFudNNUO|C@5g<QX5YRh}0jy29N9B33hKYwYsBVs+F>jdtW)Gn5
zVO$je1LK?;-b=Qy5PhdXPP5S}56qv<z@&g=p+0P&`SXl%e&PBvMZ^mv(R8T83?|{{
zCH`=yjr7t}7|}?*pPjvuees1d!Kac%8ewx`Tm3caAV1}!pujrPc3QfGN0bq5IQ8=I
z%|zQV@1)R;@c>#k98In98)rNiCm7I?^O)>@F2;fHo%hYN2qG@by8y;SkS<N2s5D$%
zakX(tkr#o@KF1w<-nh7trVO=;omrh4<j@?^cx8z+NV(TPbFdJ<7xib6vs@fK?<qXR
z7q_{~WTPX+5fl}f9VnkTfA&1u-PGU{mwP*UdhRM!xzADqJh#XCQS7VjcQA_soq*1l
z1enl;FNLCPEE`tuRKb$z@oropRv#}hyjzpIo*8XvTFTe+<di#<1`zZKh!3k6K6t4^
z_3k|rdHlvS!q@phG!sZBD$3M*AT||&#5mOTNa=~alP5osuA=KD<X+U*@v<yUxd~6%
zldF7;&VgogvKxqVzmVq7?l)P8(@^ki3LZg<%Zc`*2}To9a-m25B2G17$`Svd%A&KL
zyB(CrD_2H{Q2Nxh+DhFmg+1rJ27$wUq>R;X+cS<5o}uzMQL=}}?#nE|dX0yQ1xn+_
zg?-8HHw-BFPKoHDSViqU;x=<G%WNNpQR%^|^ihwd`Gs{qn9w*Q^f9b}*KgluZ^1LJ
zgrqg*&=-?3x8=e9h4uUFgO4^M=^Szw768d2>G3;bT)^R%?-iyappgb)g9J3gF%oP!
zgTyh(dc2hEkeE)xULt%J5vY&ey2Ox;c|5j?A)^O%-Yhwl*W1lR^*ob6ih@IFTwH~+
zvTMY>`n0RreISBsl;}ct<SD);Db2_fGV$2VyFRp;v!7nQMSgQneBN!B)O$FAP-1$@
zu&P>h44EB}rSFl{7uxdK5xJwDK7od#&h=#{KCh`qX2)3eUN3E-fxMb&ojcY%yBAlU
z#01@3bH0$YNs+@TGK;7(gpso|C1^szOM}m2qx5EgmYRq2mAp|{&S%W8*#fymL)bi3
zW21~_n<-BozYD&nXu5UqUO)5q)Y<@^!9YVjXiso&M{(4jPQvU~bV;1Zb-899a(KbP
zl3)nCoIrL5qZ~25-CuYsd^!oP$}6)j6gg?LFid@Ou`>LcG`VxM?X(zRIA#k20pe+3
zP9}uZzDgNa4ahKk<jOK4q{kai&!)NNO|^MMtO~z}=$4KbIX#lxawM<XNwfgPPo5f2
zHxkq72Kv^uwqUQ?<`z7fII-P+bsGqa8hPf$v(E?F=H8J%_=UKMiQLnsYuB2Wxh8?p
z+9`!;Y_d<alhNP|cJ~E*BL3MWmGsmbJvCA#03|Z|X)W+bsA%}nWb>?9l>gNc{RkJ1
zutFqJ+fW*}afy0)OP`e2J5oLcRoG-8569gaZEsFiBbU;^_Fd6<FRcd&Ey5NjnotQ!
zSZiuz)`R5EaJKcTL6u&X7U435BhLm5t{BagN1`J^^C>8c49QQ-(O+xqVn4nSeF)T}
zzUSd11LLHxqF~@X4Xj4b`@-Dx6LZ1TEACegZLQu4h-$J5@wP;>POcfmnBG?FGjkG9
zyg0J8jHk?5gO?JX_H<v0S?3A87TQL0e})%S-fTx~A)Oc_67!yR7HU^dZ$MdGB9Qj3
zS>4OR65y7K*F>T@CdHerH!@wJ+4%}MonKwOjl6L0?K;Ypu&#ix_^tF4=rg~2D##rm
z9MMgJppF^P3m(@y53V};2)*-tq3)lZ(=!i@uGf<$v>Ktf1KS~XgTd&EKsxOZvc_q9
zociEFVfBkm<Utp6l!lEk$63y)lJ~e5+rw4_-Fx$hFf-Iq*=Ip=v6v{>?`ic4%HtB-
zo_bBHWJD5!7Cwty8?Xp_+caR$-$W56yTMXsENByE(m+SwBLIhV$iUe}y`Q*KW-a<y
zy&2y(4cR_@Zv!yeI`Ww3RR~Q!B#hh793G!NRQLk@2B6RYYXshT&!z)scM@i!x9H0X
zXiBt632GY+bw3pcG2svqT<>9CxIOSr-Ff0ZZ}36!zSqFSB6HZnDEh|kIg1JNd;BET
z92c=i7DCE+PR^-4mvaEzELc5M4L6>33oRAJ^gQJWNazR(B%dUrk|e|@P}Q(N@A=Zt
zZrU;cgJx?uR*_+3uu1^?h6l_Aw`j!+sTOK?;tP2M_-v=CPa?`wv7~!DRxNil-m@ps
zKFNdI+Sb-iX^*_3#NVab2Auj*16<Y4Q)E?LLG{U(sK+5^$<5AGT*$AkqboCHDB+fb
z?!9bP$1R-)S%HlM<a9e~fGzfvhg*)Syfuvhub!A@a>=0x!jy;To!K*Q(zJ%CO)C!X
zYi9vIVc(xYy(}#1wKh3v&z>!2PP&};lczHhLvanc`QAGRvv2S}J1Z<_!Gb*FD1e^Q
zbgMz?T%cF-x@1LQwI2y9G_Bi8JiwD}dV9e5T;$+H`<aG}XxbG%G!4$9#2ul)quUKR
zliiV*SlG0VM0$0nr<}9mFA&=>)Y7*Mg1MSc2BkW%q)FeK5Y*x3^hSBR&lk~a@I7jH
z+?Ftvk}ZWJtdO}<0V+RTC&s%^)t?6UgLd4i0nmOC{;u*ksb~WvYZXjo<`aI@Z|&2y
zgw%u3Rc2k`>$&#9ZZsLg$&N9BRAe4vjM&U3cLIy|dQ%H^$doZq>M6$A<4IbEga)XZ
z!m47)a-lu0$Zai1pKje)%*x~(rEExTnKhMJYBt0&jpdttFYN*9-8p4Hz4Sv18!k#C
zEe&0sO%aC2k-f|Lq$vffnPxyl1?m?8J9x@&X|)hQW~GvHJq8cjYGF4IZtU=dI)u4#
zeG)*Q{gz6ntan^hwl-!994Lg)A8AddwN6IP5V!|Z&s}9=<3oz-o-sJq*eiTNE-pS)
zI4CmsX6dHXA-#Z%{DBBMC3G&C5Wnu|AXjdzm!*0PuMd>4N1mvh)ZJ4YuBTY@V2&Ka
zmyJmP>$$?_i~tYm=xQ+gy@e;bu~B(EPL``KS2&J8r&ma_UJc_eqVz%lvGlc6c_3bf
ztK+TFD*RCHpdCLc;Lp~JFeMO0J)M=>pp?s8`y5e|VhepaV6iGEr4y12J+FF*ALDy~
zpc2o6;c>SeDG52&*(|AuJA`Ty8^}QmiZq>cXB;)*qYWKMT2n3qb?teCB~y+x**nlW
zD!_8HBEIpCw0L!9r3N`1x*aH}j2Mt>fSLS>zq%t+F*hve151B#FMl`TTCRN&4)^#<
zCA>BW$Hs3GkHbzuCJek~kfh(neUk7#n{Y6{S%r?UnpAK_z*NR}`u08Xle>5VEf8}6
zy590EoLdDu!`uQ*GAp5lW1R-1ae?|dgh^L1AUYC)V&PWyJD*54$E7JPba=FY+ZTYA
z`Vv;`J=?bHT1`7AaXEXyyF|nzG;H<i9_b@j<k5O077k&QkewyqX-d%8MZWbmhT-}l
zD{lXyA()V@j(V78Zn)B+g@n|Nq4eyDD_{wQ<`$En^EVBj?Red@z|{jaI8#`9i(vJ&
zWrelPuslCDSLX1rl!N8~MtRZc2B^Bv%pP}NEuhwW<l|xN`$$jj)=^23?a*@jPO*%p
zc4?X*6y2e3$#E`AcG(Mq&>f$^q5{*b>>H6BpLd-KVT1)5RM{4_lAw!bx84p7?JO8q
z%+F@y9*>A(mm^q3$<9wAEL6jL>FxET6TU%3WIt}3)G<Zb*N2m>TpIE4;*$vZY|J+p
z3z*JZy6p%RPn^2^>XNQ2f=XEZUD@*?(sw{GT%pi~qvg%dn@V2B^`;RsG-YNaz3nN0
zeymw-K&+TfRqo{F!W!jmw7mdMx1b`1${x{_u$ND@nHwHIPUm=NAjT1?oE#LjxceMr
zw3k-~214yN0G@`XsPete4zvK!q~0=-M`JSTKdp&SgJDs8RIc#u(Yx3z?IDj)V%(Em
z9F?i17&iE%LO)xyL@q(;*+Ow!hDTnJGrfFpoh0Kb*oXHtm!0=?{5=%6Ol)|~%XRMS
z$k?m+q^~@TCluEoQxVXm<ncm`l3eCENj1h~l(aU%0A)?mb&HqO@U4K=5g;iagFJQ&
zL1?6E;-#5-XNUuC>AF)`EW*gFoHQGu<$*x5_zYOV?E!WlcbcQraliOEtev)+rV_aq
z4N1DvxvLf_rM=~$gn9TXRC^V0@qLnEpUv8A*WpzhQ%DxEl7*L1L1NJ`1x{}{a(F0<
zIK%NPE+!X6VLS(mvPj(s2LnL?SA9S?jiwFaVapP!U6_^yYV5rA!q6#gCHD;2_jTwX
zbCEd(+Cy6o6qb_361->QJGO5gklcn(yHzwQk>aa69t4V2UpAUG3<q|xP9ae1nam0C
z5bPpQ@77;*JoI+n0(8fE$1d-w3IWc5bZ~USvte|8r)>O)AAQo{-)CAg9O*q7%!e5~
zDEfE|9fy+kAbtH!pd%f@4&mXm+B2p)PKCV(YR$&4T&lh28Jfc(OvgF}mN;{ynpG$e
z`WdbTA6Zy#@{0#5NKOGN!&W7-X`z?zL~q<f>qSuyMm;8!oKR~+DtarxG@wFE3)D#V
zAcl4xKCKv&G361O3ZHl}TyQ&@4nkKy=Lvmd?r4VZ7KDt39b|PeK(tU_0BcW=K)f65
z_JI5*#6JmPnvjBu%%OBgoz(#yJXZi0kQ#4%NbhtbQMn{3XGP9g2DaH9_5=)IxJdR<
zH{^jp_h7B8h!ionExfV1aAYMihc-q|40-4Fpmdjp&+trr=AoSsJf|8?@Oei>^>$-w
z0OdU^W&xWKIL><XtYtRRvqmX>wl@Kn%dNeF?4-bJi%spdo-aEzykC@1zqJ;&fu%em
z#Z--IdNnYII@CsK7e1D<r|Br){UbhGIlPCkjNp{d#9uwo13?Z?&02f=CMBx$TvqGF
zdg9qpC%{~#Jf)@{s+;xFcSSe`4bF$i=p~v$16+=sExS#z#aIJiUW%gTI?1Es%?#l!
z{j5qYTi+BuRLN7R_vF2C(3zEcZX;~mc40wH5gY1Sw&H|q?MqLbQ7S@9)NF!uvc-yz
zXwr>a0Rc5(evvYV*X5AK4xP+3rFfw^S<Elk76T5rvCNAwR^a@L6ol_RcR6lU&Mc4~
zz6oi-2s5D9vB*=F(nEN$as2|vP*Go1_OyY*xRavHLwxMH38KvpdM?b&{dCa=(Pu?~
z)I~0s44%>84SL1eI#T5#*uvbbfieS@;c4H#C6dnKBBlUI(T#WqzDpih8AS7<dGfYQ
z&RW9+y41#rIuuR&X^khvp#ie-6+~j{avO@@&sluNEGOAtXK7mY4n|))JZ}=!c?`S+
z2pvAC34;1b3x2luOWhrMld7soMBw<eFjAPBwxcrMK^)E=u3aNHN96N;nBA1(F%Utf
z6w1$!LrJ*Ax?mqrU=2B$v5J;1jMpaiB=}1<c1KNr@LaBsuNdsi>{4#CpKC}{-ZKp&
zAn`Vf$5&58o0TTI((4d7w*vT8rf+&(MZfb^d(;af)Gs!D!`?B6BCRuQtYtI>sQeDW
zq64F)qiM8=JP48#3fO_cJi<kg4C70E%ojSJ#L)MAUiI>@-a#}N_HyTC(7r9>UQaz4
zr*tvq_kh)B_ibTUTZv?&fEkzGKAT!#?I+^2qqfBN+Mc*fmO#v5IV*zblPCJ9sBrr!
zFFHKGCVpnEMVY`N@wSKA0`oNQbu}fTYF7Fvd5f)q9Tcn^Smy=yyjN3!vOu8=7%-y4
zJU+7sC8fY-&K|~%6OWr{hgtR~H6dptNb+=Fp1K4hJvFrI=Tx^rWFASndw@0TG~d*G
zwtPah148s}C3w66fvL|rr*=XVF@^9JM&G)iA8I>z7KIs!gy&MIJER#aSX%g5b6>B+
zkl@y~x(lFOWSwnh<vz9WbLx^Hos}lO_mVFzgkN#%J&+RC*L0p<)6)5(?M3Z)@2h<7
zVW5=jk6x$Ftei;0KFW~6rJzoES5MR5RY#B8(Ll%Adp^tXIG5;Vh~j4+BPaF@VKTCA
z=kuH1K^$aHwB3D9)G{nDP;7K$Kgr?G<{z)@5~{J^+jvnprf9=h&j`BKI>lNq-#v&o
z&lE*%*<-u)ord~8&^Ko==dAf`pbeQ>OMtvsf?+7OEbSsCFLI>sJ+vp4+ffDhdiPH9
zVWl+og3E1%LuEyu#Sw}x@Sd&mQZ)OR{~6-EGh8@%UUto>;F8Oppl}!Ev(0*eIkDA{
zQrgVkReq`x!;g|4tM|`-lLa>nE&*b1^b{G0Y2xxS?)o;(#UeHR)LH@_!6!ZMGX`uv
zSm!SE;-p87+pXOLWiFhLW3s44qpx+EJuyx?AiK^q_hOUn(H)n(JsZ|7>wS0Fk;T=B
z(RW%K+`voV=FBV&S&nSAQV2b*ddKIHSTn7OyJPPJUe_80Xh0Q(q#IQ%-%{_!YOD3b
zDc>6#SMEbNe{ielYr#6n(<z-g7tBZRG~`u+113_u9v@rPxxC*C$r0p70Mp_3I-f%i
zy`lHQjE#g!B+POpU89l=Jig6MzL)c2BW3#p>{KU`)Sl@uJL6iFsm~jD-Tc@mkuCs%
zlsDx%uVzUsrs%Z9FAzt9N6z93<d!9L`O@Kz&J+g=Rty|Kq!GP^SGcE?L4*{?I*N*;
zCLp_+grKXYCaK?zyXaK!qA@ZhsRf2lo-=@Dl(e8A=Dsl1wxFaC0(O7zZS5^NiC!_!
zBZbG&mBty*Vi%y5e^K<}b#;`!*yr1lW2`T?qJ8JypX-2m>=E!;IeNbLNs)d=17|IM
zB`DAI6#4c&%eT;cTz&+BknNEiW+2j`Ff=k$Mm3(@hLQm+Ojxc4oDXqk;i-;zN|=Tk
zWh&%|TlsUGeN`z!iTcDW%tHXTg-0G#z;nW5DyTshDR}$*`NetP#@2Ws)`pm4n#5R6
z7`-$Enp!b6)3R2kYL1GM#Q?D-QV~jtc#TuVC2ek)h$q4Zi11#^Pm=7;lROIv>>*I@
z@m_hrBY&l6#KuHPbq3gReS7^)(q~BMHuIM+kkYawhm|0+C@S5+tcSatl{Kg1cskw*
z?wk-7q2eBbA7MgLxQK;g!wUCm?>wnFb86fpfT5@?#~FPJ;u`vPvaGkJYTM+-f&>)K
zCaGMwsK7(qFX6mVxAlb=z80C@WtJ|^z|ru1!@*g;zS-a;=Q&%ui=lH538Vp0?XB=5
z?aU{9K8sx?7Jt&Phx2~#(*$~IvtCsuxZ?4$zC0ng7%zEivFwIfomN#;x$;SqeZ~b-
zj(UoBM+QYtBpV0wdd(@`%T3t;x2=~PTcK6bT$u;!>g_^0{NP<YkhNH|x@@^Ck2(yo
z65>T0emKU&%|M$5&Tcd#>jt9nvS*TYB(XdsGf}rw5dc9zzQ0~Osk<<>*DYE=$#mS?
zmfMiZ9k#_Gw^~DZjE5`hy9iSKXoqd=6|PA5tHXx4)x=BWJ+9Ep%^gij41q+#-|vZ{
zw1l{w?nQuk8!JO4JCRil_#P&WT0N2m@!9((%D;m{sUTk~7DHd9_`I=oxOjt4JRqPC
z$DweJRvp}@72$<MC5$+axcqrf7UVYcvG()FvL&<=e`@Qsl&n>Y4$GyfWm)gWc~YP=
z$$bx9Ra&fT_f^%i%h!44_jXnEwu$Zb?N;R_fiCV*4eY*L!y4EqI(Zj3nR9qsHwH}X
zILcbaJY8I8dWCO^^A1maho|~XIx3>|NPpind!c<Ei!i{vRUVZHq?k>61S_QwQ^ivI
zm<p-BsfzCiA@Rmuoy_cek5uM0y!kVFyyNB9bxJgO{O}gFLLcL4zd1Zp7=A~gTVWGE
zqL3rxdfRV$(dZpP$-A*R!FhGamNP2a4)XL0>jZU_cAY9Sf&yXhb)%QT@wtYR>Gjon
z3)}LvsX6+_cLRanT`(|+*CU~)bgu2hTPStUakVVEIe`dWLW)&<z1Y~PM&SA8j@$q>
zTfDc%^)v4QdFcH4M}%t}73GVde6f3$g$#aAw9VTgYO>wG$RhX*6R$6k%mWxmPxW@@
zA=?x2S}buH;FcDd?0Bp=N3Qc~ING`#*mk%`t-zX}D(QPM&@BZs)JKG8`<ma2e6<nb
zGBmPkbw@$WVl$g1SzS*tj+0ZYs4vJ9h_=Yow6)Jc)C1sM=bML{+BA^QJlYiGtjgJE
z+_^Z1SAlHJr20t79UnPFwB21u;cE!lM23ZmU{6`1Yatal3H(JDIxaEbDMg9~8CKbY
zVJaN1A;~VZ*vPHDaDdo(-*kP(is4o13hGM>RXWXk!K0xG)_qKwIo*2)y2k4hrxy?e
zv8skLx?yha{bH{I+zJi0k276|<_#vO<icKi&^uNcH7)LnrP>bko6v!JJiE?D){((=
zqMcN<5;>JF8Y)lIQ9$k5(i}LHVqQES6k978CmpQwbtJaRGA3lCo6I*tXzyLPPwCCU
zlNSRwog6&M(MFMHs2lB7`TS?V=mE4MjZ{``^O)%E+~eJ7787(#@JFg+o<KfjpM>FO
z!0<=i;w<olLy5-DaBUe~IjP*GMH4EOre0I>(GAjCsKT@nNGC<YG^E?qn^xL=mJg>`
zD`tu*xFY*i=GvUJt`Xp(ouOrkE>h<_)7lpbo<k$R5Nq>%Xngivif41*=I!qDhK${I
zf8on}EqL;V0mjK^rn_RGKxcq3Df*;KiUc%JYReNb!pqBD7cR=uVZ$acZ2-yOBF)f#
zQI<^(Nr)YuV5iqrhH)gYypmc;9h}Y_rX9!lZ0nOU`ivUduOPuN#CXN%xhih>Z7q|E
z;YDJnBM&RPFy@libA=;rPEOCpCIR4=s<1SMi#nX$uP%BCrS(t>8?J55hKCHrR&_FZ
zw}ZsbkLqH9>SYI8@Qg0SGT6?th9t}>cTK~!>XjKd@)o}6qzu$Rtlbwt{jAM_R%0K?
zEjPU05+Smn6al_;iZd`WB2pzh>*t=P;SHmaDT=jmY(L*wlfMoIPx8{C=*~13KJSN>
z(=*kW`8MJ?rtZ?c`6P`$Lx*75R9P?GZ9TFK?7kI3zj<)6P`30;bY4H}5m8V8uW7PD
zeE`86pf_<0dpGmk0f+`1QG_4m@s;)nt5KF+NpW&@?Xz0E;UqHeTu-@CY<$dT!vbnD
zL+HTvv~xPe9x@yt0RX*Levk#-)MxLA_^HP6+W?3?+KT7Iqg0F!>|W*5!^GWws1MiQ
zm>F3~tUWDHHLSg0J&;-_Fp0}wwDClSMe&;_qOsWF12L^Mz>3;Hg8eYP0+8JV4)>F`
z2cP!H5;4IiqPR|21DMZ<U90Kt?bW>8Q5bQ;^_RK!#=#IM9N}ci_59FOu!n3CtZ?hG
z)0w;;>=05n=Nt$kI1wO!zy|Z;)fO7kBZAYs-oR~7I1ysJP@%`X(#y}IjLcB`UT&pL
zPZIP{WJbCK0g~{=^O<-Yl9jRSLNz!FGikXp4Nr=kCjoS^E62GTnSzp0rbL7pq?LRI
z0`aNDPm}bSj>CnE*GSJ&Z4@#7jKGvy+YYzw6mb+;IE&$%xbGuKZPW>A$4HutsLUYl
zDOXqwsH;TV0cnHR=F3CHamlAN4*LWiY~VdqX|UIivsIBD7%{zTN21&J^%L}U=%F^x
z!p=I?x^vzvP6vE00u06oAuxZ|ORgQ9xV;_}tL)OUT&0_y)^Mex%(P6fhTU)LDJ7-S
zQr&_dbms)GV(pa7K$&YAd6udk*n*f2dUQ}-ToFv?i)<PW(Rs!$OTValx|5_t^P&Qu
z*Mm~P*CzSEbt`6`Jvf+=!0Z$*`lL=iBT1*}a3V=aI+{8u8i4w9HIZk->nG4e2p4$)
z+OXCuQ12<A>#e~P%UHKqi<>u?>fQ#)&seejStZP9rckhMp09XfEuA#B!CL}+I;@&o
z?83DZvr&5+qLJ;Hn`{|Zh8&5BX(MgV6(oK3io#rDYiA5cQBo#}U+5q%VpbKB7J*(u
znuYD!ETV-g;Gdn*^q!eC-Qts+)SATZV$wQ&?`NL0zC^ZAZ;s7G5@vX>oK&g;cpJ5S
z&`SI85VYkxPwHnlIn#2PR(pg%GWs?cLI=l?$|}#U0MJkmXqbyop{d=e8DS4O#k8<#
z820?k_k8G{3V<O*<^-R;u2>tZJ?oHw^*k<8YmY{mB6ei&C(hjA-7lYEngbc}-fMd=
zUAWI7p-I$d-i~-uhrZ{a_Xy$juCS7?)SQ)aK{5LV<1&_8(<^-1I`BY2M6GvELSZfz
zh`OG}yf(LcUCAx)C1wX+$o;fUV`#!yjEQ0EvQ*ADGa~D6x`0^stli0rlDMPdlRl$Q
z+m!N-2BuA|9%H_1H}tEb6ySWDeulG&Xo?=E@fhC0o%*^`I);^VgqXb8qsJ*^aZUQP
z<~2Z+4(@CnJ!8kPta=?mr-jo|>47H(Zjs$1sfDhA8QeCIKI|7#%F#Hv^}Juxp>&^A
zjDVjrb2H7Fn`1q6fg{Cok$$z+jU>qqEpG&{Ww-`xwS*7|QNewM$5fmPP;n{62h98+
zkU%qQB!3RziVb-65)h6t27|kFSV7qYLm)Bzf`y|tna<xPeiG>LNg(!3Q(AY~F=O%2
z?%lEN^PIShHuvV^CV&Mro`_Ih?CK0w;v#(;1RO8-dDUx9sS3TT_Jb8Zh9wHooUA5O
zIk78KTzs}&=b|ReQ@R4}iRbYcA>-|wgU)!TCM-T|xU`PT)z(~<L+{{pp;%oh5v~(C
zl3H4a40ozwJA886wZ-$ECHLE>O(^ubMS4c*gfJ^8z0#;WEJFK56&YiASz*Wiq7a`1
zyf+t3db0H3G_`^qj9=&YE0v(@(BPSg3w!%b;b(Mt`-CbVA=z|?=-xX&mKpUfBDpdy
zskX&!Ne{0|3Pw?0dzW`yYK-sb;r5GrX`r}V1B9IGq?N@EhllSn%M12qMsBd`1sl6?
zf**qjkEBR<RXGaJK7)4@om8`X@GzeGg3JhtSa&-#WGDtyb-yv&z9VeantQHKVjkIr
z>q9tqPKT80W@>_iXI>Q<mPmRn7xD!6!BJ2?#TN_%^4bNn2Qa#S8tImF1E4W+xZrUp
z>|`@5fFJ~V%r(5C=zKl1QvLl7LqGdqx~SotP0mH6-tC4ZXGH|6;fYdU2)uBI7xvs-
zEw$g%QUJHhj)bG@_T{3tVf%=mRB*}Jum(EC@Ok&VD%OWsF4x55ThM}CjDlz23OP(q
zdqIiQr@gpeT!^1*!1=N(tl<_FK8uvzgyQqs8@KE{VWr2ix!omn?21;cElsUU8k>Vx
zqp|UDUJe1$B()S__0@&%OS3G>!{eJ|Vm^2}?1$4o$M)0*^ZX$P+_ULt^XmGL;rawy
zj^+hkU?a1=UI~>i8X3ONIsyJHS1s(Sp|n^>SKJ%Y9*>cjd#6C@SP%<sI>kGwRC$TQ
zs^yDC?&I$S&FO)Yg-M!n^^>-O$FQCvG54OkfGj|?@?^w2e8Bg>LY#nmt904MqvNG)
z_9<{Alb!aPs<xzLunE&lj(wP?!bXp;34Ja#>&-Y?X>!<{bZQ`228LV24n5b0rCg7?
zUQ^V~SeRso?p%|-Y*89`_F93TC7AcVCRzVUq)Qd=g!gms@l$If>OhQ^w<?c|V#R9S
zm2|b6w|x?cpTXvIq^Y!nL*BKLDNqCS>x{JF9i$>d<Ab7(f_*8$!QrVYtF{^gg>+^6
zdW(eD!FjN^j9xa_0mMPPeRMQ>gcQ$X{psc%7(n{GC%pHBlXs@k?}4{jI+KZ_T~@zM
zPIBf<;|JQXp-QG;G3@KhE*xpF7_VCdIWwPFYXm#rU;q@ZQO%XJ4Bjwdu~j<Aivsg}
zu?dbsu91P>DRxrwb`1C3aJDq4QT)D%mknfBFd;5n2g`*)_2UGnb&ApAMz(or%SH8V
ztxTU0r_V*Huy#B=Xw+shk7u{Y>FE>QFk;fFo{~PkB9H6@T=hvA2@hRPMHLn=Ff4{Q
zn#BX?@m{UKi;;z;D#yq^wNwB_MDSQOHDns28JF6buA<TRLZ_fRC`7VeEAczrO?pQo
z_?(ZHAohtzT?ocy3)UM@Tn9vwRgiNCuF?prM&%Jf3B7$;)|cy7kpZXS@Em%fiQ)#;
z<U!P!JIk9qMx_UR3wgm?zsR(nMsq5TYuGJ3w>M$!4uX9M0>0oTmuQ^*u-o^W%<nx-
z_A+J_BrTI#yf<_viy{#&Q^xXI|DZsh_Gj>jualvS87GRlUp^)^=fTcgtao6buy<j;
z&z{yn+cNYh!h;&wCVN^GuDoT3z+01wuO9`bgOuiLCw#;p`VvH}+7M`=hIfb!gM`i=
z%jg?I*rm*Caj6a9%ZH1h-U2r=!fHV}X9=>LkNUt?Mel-UjSE=&yf8exp^Kl0H8fJw
zc=_8vbj*8d)g~E(KV#3z2zb6V2>=Y<h=f-@&YtMAbKQ?|EsxPDpUvneo%|VlV0<8Q
z2jdWsL!(#Lwt~(%2_o0Dma$Eqzqc8P+FKk+v{eegfL7H<Dk7Jv^w0&}ru?9bMPGSg
zgVw3bJUb@Wog^q{7C(s?g7>Np#QCy(%+KZBLP{t)6GO|Mue?WU0-HzOZz+ar2H4j4
zjVm|Rgn86!dJLh+ex^oEOpI^u=2`{$ku6P{25JdC59V4%+LD=leFhHiio~<!%4x(0
z9L=)zo{0k5-N{e0jYpMU;>jXMxd*ls=NDnffa_+LOk+SYCqji=pM<{mX|_zPWjtG^
zN_BiZnc|0R#p0EUAPRf-M9d|l_NIU(L3INR-UUTXs7LQXFW01G-+K<#TRsqjP!OKu
z0x(euhI7q{FHhS{5XW&j)BU}0ZLUqdr*W}B7_Wm|y+=+^pOUDB-@&67@){q%n%jxX
zE)FQL;YS-m!Mbqnbpz}E5@t#*2IN`yY%BXCmwfUl22rwYh$Rh;9s%LtG>bkwImqYh
z@5xk(uXa)U<}XSq=t0JYvAb7zayn};yU08o&nj(p&{WdqIrP*1q*OkmP;uOrlk?`Z
z@;dq}!8yt0n}?b08Ol{qi#_0(;%eg)2(21KxW@FD74+$;$e;0oq`&oPm<1_)7~A}!
zGvYl53?9G^5|ZO9p580)yw)L&XEjwfE*N~mC7=+k_#i-9I8|Lse1(%SQmjIW8Fw}u
zU*z#DBYHZ<<Qr21O?dR`Ee-`j!47Gj;-J7**Ha0ZN2&=mb}Cr;Y@qGXqLW;n0N4br
zKa6>Pb2au}?=Mm#56uf_xc54g$dWwJq)Kt(w4hjM%;B9Z*yfY@Bvn5{QHJx#I{|j!
z^|pw(w^OxF8{qFA5kAgfnwjZmiB?c1`qGXqBL>WMBcACaABsOKYz#}Ix-8^Jjg)Zx
z%<aYiZ7db-!HdnuC1!ydd-jZKswN&zm(#UzW<N>KcpXPI{LD`AhRZ?^D6yRMCE;tm
zO?zb^SVY=J1QFZj&iRzexioL)0R%lSPhvX-xs?RJwefnwgpY8mQmw`yp#Wy;;#FqZ
zvBb#WZX(E$Pv6gYbn>{~JmSr4S7xu$@m6%q(P>B$V-Dfou`Oq_<8N9&<I%psMh{C!
zSM3#j%2M`-=t4v5sO|K@jQQA7cB(FxV(X(S;7t?O%#|=l+^BnL^@Mkp@xtn9%E6vs
zf?-l|pwFQe3JFFoo9V^jPS$HmHfyG!4SnD&F|5e`-pCdQ0{}UX<nRMbMlYlreD=x}
z>8MKJO4BPAh*RF!%#!!x(Q%j8K7URt!O|Gvh*Q^Y8w+5x0bB0s*lj{#_|C69sbkzl
zE$1ri?Gi{vos~cTnR~4sSnO_0EZ-yu?n38ds5b|Q1EPx5nD?G0x;1?gYx-%z2rXg6
z%hNfdV>0J9kSGpojLaEj1JD(+jd3E+fQ*T2O;EfL&!KejQEQqDqq|PPvjSfcT$5E&
zTnlqy)iIz~V?EKwL=&|(VppmN8b{But;!^N4C@tZCsos&4kwdeZcRl<hQ&)CBNW*Y
z!NhZGhdKp`dVFpA0-(?no8H5-=Vp)l{H>^*;`t11ua<Uqy!YS*hGpgnZ;)Q?a$Tp_
ziu<<NQ4As0dd#91%IQxlb{hsH=*WDbPX$ub7&f9^&#q?bZTe_EN7;Q__ergPMy4sm
zQ;5n+E9g{yL0UK?9PM2>NiWpKa^_9A>6tZ+L&Lr4y&6M8dCtb-WFXy1FQkU@v7z4T
z+aVp0=qphzW_>j;cEQkUCLCb~-}vP?Ox5)3ykhHCxPn_shpQ(K%R6HvruT^%d&cni
z>BBs4zR^iknnt|_%xodcmp~%*h8P=a1@66rDJVnE1D;U7wS!aK0jJj@{Ypqhp5NAJ
z=19x#obujU@bhSn@*9dlc)$DXQw(Ma4y)$P9*w$t2m~z7>@*v^-ESPGuimxbcb|>#
z@U%7WF#TP7q3nA?DX#`-G?w9&9h0JF&IAZsupwyfTk_c$&n%$9sOF`c#Zf_#SPFf@
z`=&A;8zjD|DjJ-(1Vjw98?Xe<gnK<M<T)PublN#KV@}aGo#Um}9fPkKY2`v=RL`pw
znp6^B+It(CNl5QKihHpqUC(vwj-|7)vdcEa5aYe-F3RF(0P|>Yi@juowc;5+&nLdK
zJgqglEzb%II#-IsYFX2e-XbV88r=QN#!yXxU~Nk>@16HL=R+x+l{xlQ!!Qj6HKj5P
z`nKf<pD{|ZQ#64S+5FWslg9+>JBy`sX(TeO7Zo%GIhpSWbOgwckWbB<1z{2KV)`{U
zo|k49TIxg2Br*kSL20ElW=E@(HKlH~=W7e2Zq(s#jJTtU3(>Ybl+lF&(xEO@diI5k
zK|byGTwFn}yLP~}sh;#+C=WBmo7ynYLe3*PEbG@J34nduBzTqRYecP!{R&Yv(CeMv
z^9(P2#SM1tn)+ARz;np5n78^+N(c`7`5QGU{6%m*7k#gp$hpV?EzUX&9}655XWv*q
zNqSbtr9B1qP4H)+O3579r%#iqUHUrP_<*j30S?3IvWkw-V#yhJ-!qp7@p`UZ9wV$Y
zoI(Wm-pLz(qxF=DCm3=HtkEQ*SV}++V$EN5O1Lbb5s6vYm9V~8+A!k1L3Nd8ENLD=
z<Pxufy7nNrteFJYF=1QPF^B<y8hisC3T}KTdO1=&><@abr=wQ$1Y?SnlI$LMXckE~
z$AyN!Q2|A47)b_)k>bQUbj_MaAu8_0CEgRy!(b@fOhMsiW@dl#=tb-eF+0vyPawS(
zj($*=1}kXfaH0u8u=q(ae(#{Pt5$8}WtbE2=4gXhVoE{yGp|>#Yfmz4gWLDfi5MBO
zm|Ro3KVckGqVsbLc1xE?heOx{GVmThd&pVrlGiMz<`rVzuyy)y4@?u2;qXk@Vq>}}
z-KAzIBtUi@8c;ozG9+ve`jBR5ymz1KleU$_ho=imocWxxR#dT3S7Q&CoDG+jSeqp(
z-v%{_lBSj2A)ju(+yGtdTU6da!zerx$k47?x#|#}STXG()VvO0;-5x6NXzc8+WP`c
z2F-juIWrMsUwW9apO0f9nODE(pCr>~$U1Bx?=$0Ydj>XdJVz@0tj$nk7D^1==ZLvz
z+Ea>gCuQnU;7pwQYUQw%kDYcjz<b4Y_Nto41}%J%-5?6aWUVE5xVxvZ2-?tIz15(c
zaf0k6rFqhQxddkG<`&A&P#qK!m9{&**&EZH1!|P5gai4V0o=Tt83~Cc5oViA&}vr}
zzpSpkxsq!4Fz4~d4W2oz{Z5<pR1QVg1v?Th(Do&(mE;7E+jFGESxu|p9^srYV){w5
zCqE~B^BkVcdrrr<0MwXxtn=nzWS?EOAW2)iZ@cEtxD^w}Y1<=M4^PGD1_s=588~3B
z%pn3N*QU6hDF*U0^wkSDM_75J7;~9c0@9{sEYSLx#_O<eYYsu90+Qum;C0O*L&02|
zo7~H{N<HN(B$+eT>yLyWpHnvaLA*y}&LFogX>U2!6!JOSbK0SMY%|D3+X#>H`eL@H
zdEIOU?jC~XAf%8G!ypC$(@RH)H_14grO!0;(Gj#if85vD;`071g@tN{?ZJ#Dss-iJ
zxE`WDtTMFzNwm7k)7P5BP_Is3C39WalNcPL$t#QnzgITd3v~BM^!pB8XyNWg&oQoY
zI4^^2Sj;R`6;{)+g(iH1fk|;BUpf=h>6v)&8-YycyI6vhAf4OF>=!~Y0J;^#Ex7{E
zcjUe8XSib+xN}cgnVp^91&V1Duew9LR;L0&!IfRW6@+?>?XHq{URru|5?wk-F=?@3
ztwZIP+B(Unz!)(!Se+%$)F~Z%v`^(!1d)&f$Gp0UOKM<)Xj{kY!a9W3-wb)~1w>Xd
z?o<F5`PDUZnF04iD4`@GvHzkPW0-qbULt2vz6bB2yc$<IMBDRpx2pj$NYB^l@J+RU
zQf<1&LNE+v`8=Y$VPsiipR}My&LF@(u6+~<bj7oB_s(x%EhbbsyVIzLqT`8EVNg(t
zSW6+JP}rdQRms~}+8$(wXeznh2;XTH19`IeBBs`^?9H<tI~FG{LMo6tK1qwt<VW;w
zMh%8pt_wj=Ca5`{-h0D&UAeRmvqj$cs!1F(m1(U<0@KSxYI#nBo4o5WJ1<y|mm3@&
z>j}ptvaP+=VfLsw$tPg1pH*8C6vXofma5|-OZSWHeeAgpg`aXUbMCtpt3yTsX>WKb
z{E{OH#2$+5i%+uUJB-Z{3SGW?EY@xhg<{5R%{fSh$8<v~FRA2FQZpY94x$Z8^gZKq
zVgwew-PZvbD<Erde)L>IMOnQPf*mjE$(A;cDIY`dL3>mft!fF6!~>l;z}y5oFD^yt
z?6>;{<mA!Xz+^ocweIfWRM76)V%)?_1CUBEG+l+svN1n(ggtP*M+d$Va<ENkY*gW4
z(5*};rW4f5e%2h854ds?<@pdu^W$uY*-lp`VdLg9oj4{SzfIp_5|m$bKY13~Mi{MU
z>n`APjjZbBXwM0;22jUeNl<XTC!cidXDs7IVS#ZQ-70C%iI_)%(zj^g5X^1qr{z_3
zkjh5hdznKZq{Iz15{%A)Ncmiuueb@|E!c~8%ZEjpUeDu+a17o(%vYrGlx{GhZhM}v
zJrg~V3`E@^2+odpg1J|e7dK3!V<%T_XDJUxAgm#DtGPIhP#(^Labh>n*%e%21(RJt
zA)$A^=y+~f!l6o($hq>g!?I>iOOzdE(f}!){Xt-<iVkFv(XeuFnxpcasq_qT78-lS
zgF)@wUxfFfc<$&9cg%ZCOOGheheWdQ*uzgxN?H=1xd`<q;YQ#0VIM6h6YCP8+6VDq
zdjTN!xS%8$tnmq|>tPZZP!Ku5h*z(rvNjsot~_hNB7A1C9)1lg3g@|YinaH~WHU9i
zg78MmSOyJ+Wn*VZtud$~+@akf%n$(xARuHsEg##GIKs<^DIhC*hAWCZGX&rma?oOL
zwUTciKtx|6>dIl#rKe89tDLU4G%_&Dc+<}TJg}dbV?t(I2Uv-YGG3?jdQs0R!5|Kr
z*-l(4@Sn;o-b{;$UyodldH<ZR6OwR3Rv#R4k*Lt~xAa~u78`FAC`75tUhi`R%TLPv
zGphN}EFTnGD!X)maX3h!0f-$0_CQ-gbqLCXBTY$@;?;P{Sf#H`S$2m}Pms|!#%Gb+
zASo;1B|c|$kz?8CAmnAH1BvTNT=J~Fd^BMoiXINv2AiQmcfM5%9)J{-X^NmOyS9gu
zooM(NCnLI7&&=bHVkuktRO-PPFtGFxx>N;gI|0z-c~_IAWvs|6Pz+Uu_cZk&@l~S8
z4(Wu{C|MbSG#Cv~DNMnQ?TbwiZ(67%pvgO!4P1ZHXYuo$r*|Ps92CgXT|9i<3$r@Z
z^#-KCSzZ%jq#Hl#{3iV~wDr?hH92I`0@D-DrILeyQE}&zxQ6Xu#{{p6ItZs3uX?=Y
z`iZOO#-2-QM>$s|rKA%P;EuYuZp${=6}ec-VA4Pg1fm?#baUJ)o-9_vovzo*uGczg
z&ui`Yz&VVA<K5Y%FUQ&0`b*|!S9OyHtS%(wjt4S<0lu+N0&7p=vPyZpwW^HAm!ES(
zM2S>0+(FQtdTGwi%`+QiG3YoE6n}QCORo~jKtv1~dRuHO2M3BV*?a>%-Y)5K!uv%#
z%*>!rA1EK3fRvzb`ILzmynE7NEatGy>ERi~pR~tkeDm^Aukti8rdu*{lvGdbXvt)(
zhqKfEg4a|?1_zLbxwj^kFr_MFiWD_W(;Mvi9^%PqwVo}MSazCslLe$+l!v=`cC<yI
z${oE`RWo5+juWF=8OJRqeL@c%5#^Z7fyC-6a<?@PDUW=`t+PQrF)4&gB1awWH9aX>
z-ex_Ccra{>!&B^wyi*h<4fo)k-npH_wbxn_$sN&EMSE%C7&Ek(KNxz|CIwm!!!SAO
zpz_`bLZ0?Bmv!Q7UZ|f#niz*w;rTN}eYo-NA)kz~h*oH&^exI6gpe!geDBExK7*VV
zpc}$_daS<o2oI~F`$TD?(I5NMYM=1Ijyjtdy{_kV&2`SjI`8$n41NrGCOsHXv#e<s
zbgp*d>A(Rn=YWm^>~CDg37HOw0W_O(E5#Qmf$diFYE-t<`n@ol;c0vKymT$GZlwE7
zAH97ev_UoRiTLw<L0+)gUiM6Hxf^(0Df7+Udj?atqqEQVAsh*WKDX^_rX(Y?;}ak*
zGLoEqiiIrV9wIN@Sv&fKYfSCL*hU2X?IvdN3GWPqX+M|WtC-X5M;<pq_(&NUoZ%+l
zqym<E;khtxHdq3)Pkd63-;pkaU(z#tHLsSf-IFH~oOaSWYfxS@#8{0QO!tIj3X8;h
z${?N;X90|(+nI4{GDwIUEK%#E8fnokvgzY7!`{@UI5V&fy|G~u_Lw#jYjZ)VXAF04
zZk|5GsEySa^t7}a>xCr*J!mh;x@Ra$ozM5;p1f%S?obs~;W9FC7Uc82a@`j#$W<m@
zTp)Byc-SCS%*}=rquq{&xu-e(q+s32(iv{$NuSt2h&WIq+7Ne_$R_!PG>kW0v?M($
z=AZNW;gfzsNF3zx)(-ovkdZ%w^P~wy!RHzguvhEE^hrK_hC8qTZ8r)lSIfF5rW?oI
zc1}lBC@-(;D7b<#4hzKJq~?PrE2f3QvU^DV4$J8|tU(5`6w)>s1f(Q0nj}?`kLUC=
z>Aht>bKvt{vQQ&5c08a}ORjhR((tf_$QPP&!jO$mPmPq`^`;MIoC_LU4#Oo>4GFL`
z*TYmanWq-vHApC@$F6$9{_LVpeUF!}N?vuun<WM+r)b$t_3iiYy7I;bHTT`d-G$cy
ztW;BuyqUnexXCwTR@x>n14Cr+Dsz5jd-h&KfDPJxrPA$;fs&woO$ZnPUFwSf?`#9m
z=6%!uy_<92coiTos|h{kG|DUa@xwCf86jVDg_YUsOpAh!d_p;|oH7}-)}OF$S?_c$
zh>w-O)ZBB@0`l?%GAxa3R*(#3*^HA-$TWcCEpwJ?d5Ty;6#5vTLwIlP1um;uQ*SLe
z(S~Rb>SHdTR_~X@B-DJdD3}kmUMQ1TnezhsX}yt-Lxgif6>3X;kygFa)!lkDU?f!m
z+>N1?rfr%ThmaUhIEd;IT$yp#p@}L&sAl}cYul(`IXaFS3EBKM>#ga}yIPHMr@zVe
zYH=MnsAZw4s>FL;k6|{`5u<z(xj{b#z~B2i4~evWmAP&&$Q_yWfg#3Q3Jx<mf+=f8
zF)$Ce7O|$(k*rl8A=o{het{aaxP;Z?4mn$=T=fXK1U&2#KuC1wVTlHu`3bp5`vj`z
zD^<N-nxuN7V`*!RmL*45xEoLwtKo*Up=>DOd;_Krb6>rUX=4JuY|KTx#Phazc->B$
zMbC1kM3<EPJ=++CSVbs>UT{^>%&o&oZckzyn|Mn%khf2Z1Ml#q(dHK4dpU2;#Z_nT
z@jP=(C>HbT2yM48DExhMv)#A3sYur9d%da=SbpGww_r5Kg$pGEww$l_TLSXlXa6rs
z;&)G$wntpqL-Gj@dn9XQRz%+(jC9;};_51&DVH?9tEgwr$nEP5dt00x0?;Qn!4_EN
zv1*%*bOY>5@~qnzu4769k2!H)fVI91qM0P#4ku%TVo(SddHK@(K!B8{q~uAV#Nr)J
zr*0X)awC3R{;0(^uW!;H$nI1<-(%Vc4IN|&3u0+b5Z1SB*fgex0dzRd_;fB_NJDCi
zjn&1j**aX9Tkew8;w_T)bnJO>zO?D8X0?5A`}R-0^=OkM5Adf5j(5ep;325n<_YV?
zwvEawlM{H2@XFkR`}GBke2PFmL*Ss+<{VHK&YRYAFYhPvT5w%;&Kb(1LDyVU&P{AR
zAQ&M}u>HZ_`VbTgGu~s7aX4cN341C$GfL1i`;6gA+XsfGi|WY)&AXZswT9$%t-<uP
zkUY|>qqx>qiHAK?5O8Nb#E>ndp7j*;x+`O62a-w#@a;nLJ1BC;Y+zk_i-NTtyQMvm
zmKKoLeMkJpx)3X3>%@DY#p4KSvfstQlAp=)!doextzHGo7drlY)Gn=FAX6Kbo8O3t
zEjT6mcH-4!ym|FY1|3bxp(_eKxa#yKR&>$gx;?XB!vxcrGF3{vdHpE^{oeJR%4xMk
zx)=zcE>*7GiiN{0BiTw8nVc98^E=~n1xC<q7GXeD@I9K*)hK$kP=?5Lnx;^x8@<@i
zFBV+^sV_8fp1&BAIjM3+VYeIejYZ)#J+HKFZTA<Ba1vLqDhl8+Iw2I>Aw>wOtKNGc
zv4FNj8``xGT_XnYwQd4-8~}SEP=x!N+GdQX0?Fxk8zPCqOc;%bayzhcghXCocn@a8
z`q6_4AGR{yhja^<&w!C&tfAGyXor|rW{UxmNI{;_B_~(9{=DNIg9<ITZoX~8_l)X7
zSB_yiaTwEl>k%10McF+37J`2Y;d$T+EzA>iWI|}ZQI_IJ;MB4-Mk^vr%W5*1%Xr$4
zR3o#iYR&-{#osZ*lDAR#vrT*`RHJOg14qSPuSV*kEwIHMlpGN_d9x~aR@M+#I9Ah(
z`Y5cA1slxkUHaLv^eNWXx#O#&=Lt9u*R{n^HXpR|8Jn<0+7^!aktxyDQ_nJgnOXT(
z_@&Mb&gmtJAo9aCk{w#N3pcjzveMMK+=u$io>9TmI&?&I8x*X|I4i1)>?z{pS^?`h
ze0_6*Hq<3ou`lbV6eL4m9s3qPQ-4H%uE|@t*QF2JFA%#xJ<VQ`lz)4IeMZEav5d!@
zTrV$cEIDQQiLK~to%#AJODO1s_0|!tfu_l2EHZ#rBxip2I2>!a2)S@95q%`uR!d)S
zx}K{hDoZ1|L|;V?+EYlgdP0=a=+4cf+3mWDN~*T~@NFc*%k&@+PAVKDR7n@9?D5NU
z;FmHJWvKTo!O<I{N-K{jQ-B+^UMDG@h?!z|4CU3hm!_KMAbFm;8X?%g;k9u~r#*NQ
z6jn?@MUER>y=96uYed+bA_l&)?e7`&OlSJrK4K&8h6rSlR`Q<%BiKV$m7Ok679ezc
z;V%&Ch4<NWVi3>=^f=erU(cr){4*>X<b%4}3nH_`%rQDGivcvluzp+fm{h%Q8)P6N
zyGsQ@sbua@w4unDRoyaPk*Y=COiZ5T5Ikm|iGG6*@d0y66G;u?5n9PTW12*@UB2KT
zrFro9I=V85fy+uZG&hlQCiS_*+$-0OT`2M8fWXy4_j=&j@fImwdLYu1T~=I$RlvOy
z9~?I2I5y$hcG#-7H%sDZj}=Un_*&(m+zJjBkOQj@Qj5HCwa3TJrDC)XfE820NRjb9
ztbD=ge6^7`8E}?|xrRpU^K*UF9h-v+&UA8cc{|FEc_Vg<%yM-FQg($0U^4u@HV*of
z!(-8XFYeX3zISGY@7}0&X-zbq<g%C&j+EoG6{S*XRdMM&+80>Qg(3ly-w^3M){sD9
zM`4E%^;m{tVX>ZUUGU+ff^}a4P=HaYiIdHH?sKmBp1~%O0Vq1{dkz5*uHLW7p&yTp
zz7$fwGz_p83gA|pn$^zcPUlX4f8{4ELBSr0RMh6^wzLVh=jFRcHthmH&ABXxDNwtb
z*v~6%(d3v>)u712`59$uD(()XIw!|26N7^iY`&Lq_8wxc^hN-KkY8lIXp5ttxuK<X
zN}<5{UD3iCg63{s#VWp92yTA{=!9=PW$H^13f}>;*}_+_TKzeVG23ufnM}vsx`N@$
z$T1edMFNm;g_)(7<;G-0RQmeN-a|=)GkQHo2D5zoY$m}<v15;tMev@ah(A}L=a)6B
zri(o$r!11mo13*<g42#XaYdW?4h|>I`Hgi>w6%uh`YWbjmujdz52-lZx%U!yUOj|v
z;<QLDrG3XwQ`To(u*t<DWTsAv#?W%hpE1JXX+F*7Ax*oe_rfJlMTg2d9_V_;`aPSj
zx2NUYnSGIarHEeFced}<o(9|2OnacKbClWdo1&b~qLy`4zG!llca$5B$|SZ{S^|*l
zfV&6AeBYAr&-{?0b;i)|oI~6MJsP3k6$vVciKX9mGhP_ma+3fTkb<uo<GPF`I|sMg
zte}<)!*hCdg)GZlM^v1|707j(Jye$Eg5l-pR#ZJt-pDeecXlz|C@D5$uAR2LJxxo>
z*KxdEj=d}*^A2*J>db2d&j5}X19%u=%|*gbGF14uBh?VIumVRjh6wdNnxqcnu2Gj=
z)5mpV#$-unxzR<=N|4}&I#*9=rEydqQ)i552CO5#$33`RelUv`9bL~W-|20$LaQDL
zovyx}4*fZ3TG`_D8+PU$w;NQwfH-Lq)oIv}Ld$l3ha1b2^C=4a43(wG@1l7FXB+_R
z!2raJgVF;>9KkG<ry2ID3w`)KeN>s!BLSS}Z^XBy5{&^zw&4)E2Lz(4_=fK;&}c9?
z56+xO=mwd+jozCF3;T$b$fSq{uwOHK9L9`B&4u{Zk}qSvyQPvtPd8`mD}#^|Pq&Us
z!YQLl(qN0CX<~oHlOfy|B&K*fOiu~2Hy_Ii)uWeY#HUFt#`aJw`Smynv0#%V7BM+#
z?=9Bw8r(HXGOjg9IAM$(z+<I&gXn?f^unsmGli8sDCvdFdE@TSb5v_~j68iVveI<U
zM=5%d5rk}$&$dBY9#Y78KVJKk1-<WE<inndCeMPjz@wG+^(rA3P|{2f0;z3ITOxI0
z<iYU5OXh2%5O!pFE^gwv+P<xq&Ge*opS(f6q!a9is+T1=M@BAwGzx46{UF><-+MIA
zE$>B-G)G{si*HgYOqQlf@_YC~C78oFo1PeWEK8t5S<g;CI*LWez#uf2(=wvB3&k%u
zxTo(F1xujVY!pHyf_NbO^`ruTQ&ga4sfTLto+e>LaTA?QivT1_If*}lWqeIU)c{ca
zRvz-|j8jMOIWwHJ4%WVEivv$g$oF#yeY<qQjUM(U%x5^U>%4HXpRt31TDgM_kfKus
z;HNP7GibgSv3HmKsyBt~+1}v3BPip2ZsN6p((Z|OD-=;s0OD-<wCD&jy0~@qWh}So
zOR|Q;)*K84HU`#hsas6H)_g2Y=&}Qc_*!7ScwgI2Xn`iMI!4D+Ue}l6qvU$#vP|jl
z-s2R_gL-qC)nYr+ROm9Z>(65o9A<Y{HIun%b+TAVupf{*l{!5qya;b5R7QOizIb`V
zSXtF~CGk4Y-CGF*EGEEi>ap*52*v1x64H%G))H{U)ZXwTdM;p(H5hv~=Y?+RzI0&m
z>^9eD1CM`6WAx=N+Kw-k%W6T`)C-X}EPB9{{1T;X{k?4;_xO~?`;45sUFA2IZ&C>j
zZa|IfG;AEt`4sR@ai2MY40o9T9koXtub=47JdJ@D4wmfhl(u`-F4vJE5JDT5{>t;V
zhI`Fv-lT*BkdqZ|g}c)x9;BaTMlT?zZd5;|E7kUSi9SjA02eEmMYoWSjihu6)!z{V
zWOzj)#>$Z08N9qJMPDQXU$fPf<A)q6`4AazaFkh_jMA^!z~SIw8}h^2)hrR{dP$Hv
zQ<}a&5l4lu+8A11d0}Hew|envx^Fmzg(ZuQ7$u;N`hn67<%nN^CJp=?P_bq@sMaIZ
zsIewQ>j_kh)w6n4P%WM<cqnHJ^5$C{{wWT9$NREZ+8_F;+%{FqP%`k$69<0Ax?C`4
z7!Y1-NuaZNLZg*VjM{n3u;)T-g6=&_#nBxv^Su!Bw59arlZ;VcM=c*z_qb}<ItY$|
zcgnz=8@W`IWnAt}I$A@r`xJI@Py7n<GN@ZP&f9c&AZ#r)mA5KN+->K$4@`l)rD~*N
ziV2YobNChs=WW!zM-=xKw@(r-4z}`*^p=sEXAw0YY)L8!6KAWQf#SV%ylm(93>R8L
zgb%@=$t?xU<JAO_T;6?prS^!<@uhmdT3+w?Ih(X+(*rbUm8Y|Hudbxn&yQhKrghJ?
zQFVQhb@Y2&mCqPD)J0>=z<jZR9KuKr&d%NMpfl{P+qU`x7@-X<zSQuSEk2P0!9KH+
zVGQ8o=>0;$CT5BJttt9pdG0tHU5(I=JQ2%#L~z*<bLsCfAZkQ~jXgd;D$G3=wyk<H
z-Lc4X_1GWzE(YY=o8rzbI}T<<t5eRJwiT<bhlXv7Ii!#U;^v_J2H8p(wFI&{x)<h-
zvvcxURk_xh*(zGqiuv6W41aHm6&5nI)c`4AO{+qN^xzy`d%hz>+w8YC8%KS|RV|We
zYo-kY<f6co+Jlfo&i+dvbQ3o>^j<+4KRS0Ux8j-UmDlbDSEOl}ekugS-?>9S1L;wO
zhlnE2Jbc}VI48Xf86i~`w4_k5Y$=5kk8T6dFkd#E>bxKy%VD#710t{MUJLOM-k*6}
zjNU6C@9By{6CW-PRi;OG+@(9K$(ni~Q(XOUVO+7;U+HX%S3&4NKB60WG>0aOwJ3&H
zLb<9(<C=8p^wRq>yRu)}3(A4Vyjv(wUY;K#6&IzLnZWX14I8YdcQ%TXIELX>a^<Um
zF<nES?DNMw%qcPCcHSLC{MM2T;b95svd3P*J}6D};>=U=b=tu;SH>ISdd*v8&6nG*
zF27rh)?$niM%0<yJTO^#VUm~dm@Dc8rG^1|<?+04i5PuHQ?sxok0_&L(MplJH^<qX
z+EWM*x1L!II=_sI>}r0H6mN{;=)&eW6`>aHP<AR>N2VU?dlhbv74X5ez7xs>J|Nfj
z)CXz+YUytQElAVgu}@(YE6(1oF&Yp)l5;1VJ<`FwF}rr*a&&nzAd=HT{w#FGxlLDZ
z?R8|6xMe=g^mB)IbX(%A-LE(+E6X26ia9UZNJJbHJ=&7kW9YG*tVSK9sVN9kVtCf!
z;c@PRZ}WiC2&oozn+7Z#GczJy%$&#e1Tb@&Rlmh>Pp7Q2w$5V;{3VinS{|jZpe-0?
zo}3hk(~U)2PC$xxycW8sOOd|*6p4R^)HrJNoQ-0KHh+r-SEjs?Ng$_>fkABxt2cw^
zWU^nKBrQOhW5_x99KCDPCGE0W#%Y!Vf3If;MXf3+T)gi(?1};qn6Usyldl*hy0OA|
zNMthn@$yT^2a26F6+3K459_jun_!si@jW0diG1D7E=de{&J6{L0R=|`m|cD_4-s(@
zj_xhKU<)#lh!mOzk7BtQA$|pYWu@b}HKN>!mnz)SKsYyg5(KM<UY9quT?bhJ<jBlB
z0u>n%@}jZ*yp_k4w4XE4h6Rq?8BsiVQL}+-e81Zb9*nyPyV1ijOhZ~ZQKv@HiW|yQ
z@<;Iu-GvYGTPB}zH5Vn0FPRksfO56E*Sl)QhJ0lwMp5`lNWYGI+z%+Dit)G@u<PdK
z<KEZwdZfc&bSp`0XTVZgEZ|*bgH^)fv&%<nnmDR11`8a@ZY9+t5$mg(xr612fi3w=
zo}D5a1L394=5&d$@(^>=dk>D<c&Y^Btm9JBLuqg1l!O`{*kQojUXFnsw*lB_+_9EF
zkCf7~7O}OMc_+}If_M^fqV1u@(t%dWl`O4y4ndV?gDSpe*CFGn`FOWp10M4MyV(Vq
zy;_e(#5W_14Tvk8{HE!7(!uI4p*Zcj$iuOeqNJh#0B+uWD)vS^ZD!<MH6fherhG5T
z;xo8%`G&RJHI3$jOPjUpy$(1oq>cw`Sr3H?mtt3g=CUoK0HPzNXUf2@R}#%znq`;D
z6%8Nn^y>%phLKhAUS!P#_ol@lnxH$#3%%9sqo96GiDz05IK#%8BPP$Kp62*lRC?NK
zqt0q#HOs6`0VDGOR~y+ii^;<Bw2A~bipFnEUO#(IWwcNnZ?jAT6-jT@H*Hk5f=A+{
zUQ70av*u!3JJxtd@#r<ZJa0ePljw=5!y#W-gtLg$Gw&RnClymXHoGqkB(gRFoeW<%
zS9HvKV<-ApLgyX-^c3?MPd+Aa4D34<FCU#^S!7PseU`~4I~CNL_I;x@c%M>v{I(ej
z;m<K|w_!$W;;qA3WlSf=9+;eM0h%D?sgCBWJ{#0ZaEwF`N@b&qVySNHbQIaeSbyZz
zL__#obVn|O?KL+<&7y_^brXhKoJyjoUK^v{>*i9%M8A6P#iiyYYVs6SKSJ6&;b^r!
z^rsF^DlFpBhKOTacfF6XUO#w2YswR3AqttvzD3jcl90xTFXAQMs_5OD!6$;fZ>^QE
zC{q+(A^>2Ko2Q2*d4fYoGsz+(>ChFXN!{pc5@3ibk$mrntFmE4P!n6-hU?)TUDZXm
z=se?}191rmnISejn>~X<>m#@@s2z*O#tI>mCiB-Ez_XuX!S929TL_P1`w;jIc9=TO
z^LsG^z)y5m;hB^_FxY$kteLs&iAmwL4<)*WzUPu$uKaE@Swb=slkQ1K+Gr^Xi}LI;
zR%O4(?a915Ix-=e;gIUA+9YHp0=pqV0&}H-n_VL#nv1W(K-Fu}UVF^ZZ9dKwI%IsL
z9PR#Yl#<oCq1l2Cj$RfrdUcU4;XPx!ETuNvWUu~%<Q|?)mcB;5tu+*?lPb%SG(X{|
z^SIj{cIg?Fm50NTda2hbWz7|eSqeS&TYM#fFT6YCz>vtFLR-s7Z@sjd75B9x>|b&@
zvo0YMLh7JPn4BOil@oA$PP9Ba;;%h~JOU2rQ!WIba!Jj1@1`XZhltrRSMpx?*efHU
z?UPvc*cZsqwz;dMYc=6vdpALVcCUL@wctH?N<BL_EHsY7tNGf;5*+Cau-n*5(7Z`R
z4-63rU`xrSnj$*Wg62~ESb~KjE;(5+HVPP3=PpqKf$x%KUChoJ(zUgo-Xc%=QqRQn
zRl3y7bT6c(FN&Pw8PfR1tv*HJ;UQ{Atl>Ckc+5qFJoA(R<6%iq@C_vMQYq)ugb+tH
zAfxotn^JQ(DQ?FF;e2r7*jL;15+A%mHB2n`)B!~Tq7d{e<h0ib*^>M7?yH@#>N1zp
zYGOL?tv9CAdY^636{O?sizP(xh4>cCXTY7fOnkkyQ8p`rr46R?Ad)%QMG25g))y8R
zQXl%9al}Asn&FjWb7$0Wl`n;0LA3=5Nm9J6L2y=g2fdZG!$rG!%lU8s+GG9tUb1rM
zPGNS5`0|L-Ap;eUbCtX9kd-MgTR1XK7DzopW5>-*t3=s$f+}g`64V)eu(>TsHXt|G
z3CB{L!btekLF+Y;N%cTxauJ{%KMj*9QN5@)$aZfRLEmdinpB<LPT@yOtS_Xwl^le;
zZkRS8@AX7gfFD0VDxrGSqVv4lQ%j<<0AILo)*vk=BsMJ?to<CFYZ$rOpzN|>t5I!?
zqvUlMd#nlVVlr|esqqQ+r)2mu>eBcld&~o^cr>AX>(GZAOr(++$STdHn3+5}-N12L
zNjXBP>D>(12xlOxWd?#EVRrdK8{5E>%o6D_yu<4Ufw=Y_4wkH0g<$4b0p7?I7Ml&K
z6iC&1I6PVoRp>k~vbYtZ7)+mXZHR~+l@%Vq?&?>M(YX5}s5tS7>uKeqlUs(o^xOw6
za}=R^!A~dUyjTu3ah9`m7VepikE=qUgTlI3RBUu=J^};ga!W^=I+6E=W1l+#!a0@p
z0?7ILo!)Y@gH}@+H<fc<89aWX6b$d;Tv^<ZHZGStd4D&iIAu{LZ*eF`yiLcJoq%NE
z&f}L5wS|vspTNBD#`HczuPnxdx!ZMS1G_Cz>p5`qOP=f@g@;Cu`7Avxg|zb}C6eLx
zwTz6_N;Ztk1R;d5z+9_D*u2M0*bea)l5cM)6ss#<?f_F@E+ceLnv7@ftG4l28(tYy
zftr+2_3{#^YhMLl^mlJKBdK!w-N}J1G*o-W(Lzy@-spIX0Dxa+mdTA_9_6D~+mY52
z<9s=<eS<L&MMcvMZMcLu)$bhOk$6P}?64ApKShUE$;)XQG=6lKD@|7^QYpzz){u0D
zHHJ8Jix$z8Q;bCb!15e7cBNm=QC2iu3KVge^!=QbB1Y+aPBv%N4c)o^6wQzkLTRs%
zjz=WV!doN0XC?WJzwH~QSx?ymg57$#eBKH|Gcl}azykFX2re873xuqGjw`yGa1?ss
zY%$jX4tW}DT*MKB{U_;l$VDbcrCzMG({#3{7DbTR!wy?-71^mHBHZAOk^$yr;JZjN
zke&h+cR7Ip*XAuTVFPG(L-Z<qbi6u=8}4((m~Aq~>cO~A201XvUJ;#hZ-LQ8byh<W
zs=CyTd7J=o7y`XQH%|h2kA&!A)5a|<9|9%MJv3lbC&3$8Kx>yl0?4Ni(KA_8-dZQe
zakEMJo_DPYzp2(&O;CIF(E1d%gHCy3*EsC=KBkh&M`iKdWDA}`oV&Z@l!HM+8H{;Q
z14LpD`KNI7I|$>GOQcu!C=#!U7>O<8MWqp7b)ypvlhG`Ilsa)ZhBnFBN;e&OT-|#Q
z<uszpZq>vru<$*82*fWJ6n9RESz@W)GBrk>`xAIfGk~2bTd0ZCY<?WrDa-v<jzx{U
zX6A*-l(h#;dR6=DHol|xINrcK4|!p3D*F<kB=`)DI>AYelN5K{r+N>O%*e-kJgTWB
zYy*LMM*-nfE=>~O);_gMv0kou@x0X4#$LvpG;He$L)X!+Vy_-(wI8{@xf5|V(_)<S
zw!1FHN1mc}R>Oww^-_?y>X@B_^PcXc%kNd*`3j*=f!nYbwi(m2Ya)Z!cr`^(C;&^E
zmry1~-_r3<>D*jScML`45a$AWYpe7m=AMZWVYwUa@R;2BoK1p~4XG~CTSsb+vvA%g
z;&lUwN43YdC0YrA1be0wXcY~?t`^VbS?-1_z#xoU5g@3Wrw>u<WAi%YcXlQL(7@qZ
zU{+87NkF#0=VcGl={+mOinv{2)0Qn&hwWGf_k)^&7Io)`JPM60Hr$RF0xKS{rT_@s
zfyxidq3v;Nx=>lYD~0At!sBX`a&~%bss7}dMIZOr#RYV??~xCbfeK6EJ_O$qC98Te
zhS3F2og;S{u@keVoiP>!MlFoGSW*iWut=uv`A^@uRG@<>@^iH?!;R)p1*USiq=RE#
zf5$r-wU!&-;n+UIakwixVcal;Ji>F*6Ww<Z%c2xoO5WV7!O(HECVqqI&`!ojr?_u2
zSEb(}!th!rgi5vzz2(<1{VHkn4(g<8gNw!GSl*aC?vh7|nex=$unCwQ4J)MIn@7h}
z$k<$#WeiGcl?bL1t}g@HJ0PAy8Y|)8$;9wYNNr&h@f3Dx!@yMr4yy+WMR|>ra%W;?
ziRR0@+<7mQ<{)%@q;Sih>@lKy@gf}NIbtFoiq@7Txo55fZw)@fQhJ$~)|zvGO9W6n
zM&q8GJB$GBPK^6-uh}#}4@w-SJ><aQCdD59mGDbG?PH?u9y5Af&E;-y#{vZ1WVn|C
zf##rPvOTvvKjq`!F*&o8OmrA5Rb%jJR)+fo*lS6YD4ume!E}s5v`)NJ2|Gp6b+{Sw
zj%GA<7SuOvlQxMs@fIRy%%Id$7aV(tI-vnx-C7Sh*F8>gpA0;KD6&-X*Uw(Qq~l#U
zJkj@zE$Bf?7G9a%biODCIj~CC`YY=y_Uc^|NxS-!1JX@-1f~_3P)$99tcygg615~T
z;Vb@d?lqkPGt3+B*|j=MNP17`?RKl*QSM0{fJVo<C1UFe#w_Lor9^0FXJhxXJ#h(7
z_NVt^UW7W8I`>OZsz)gCF0UHdx#MxAbIqQh?DZkcF9D5nfsQ~7Goe0kYiPa{C?b7b
zWT!gzwBQ+_YFB?ZulNki&&mlk6Rt`|EmV)zsnHrNlSY|rL$AkqdDfU&J&t!RB3@$M
z6L9J`MzZ7ckU+YmdQO@jp4nv=PCiYkDC+7Ln{(z`J??mHm?4*FbH=Bjf{~kWXEBn9
zkF3IX?T}L%K-rdD9`e&bkZ=wpyv@j3>cQ%&I<mIcd93COQdijV!oxNJPxLO|<kh;q
zr-<s(ik3{EZE3)|FWXTq;xu^j)(+zsxc6-(#1Jm9A`oC*t4bL?fRty63vd}_IX?c*
zU-8R5L>H8`H+zT`=w5@17dDYd&45hX<e<z^laoD3H(vJh=FP77te}rrg`aNt)8XT^
z>D|(0RjIT=32yMB691Ht!)J8%zQa?y6>bRk&<SK^j~aJJNA1qy=So#-siMmh?xDxM
zdN*&<I7}SkdM;Ge6h>DRTZGt)K*r%kWAE%9+Z!~N$rNUMR+phr)V(j?kvuf5dV@8%
z9xCrKl}{}uvh*WFDUMe_&qb5cdD>;voN8aa_lQH(y0>4Uzj^X}bNNmagN`3lP$ex>
z!jalBc9R;$mJ2<ZhjQg%*);i>cLOux(d!sHG}U|$4F^>a0Gs{Vg5qU&tM`_u%CHjp
zlQ&$68o3~z&dBVIW{(y49Cy*Ut|7>tzKa?opWS$^xmlLEy346#`%^@z(a`8=NDqAc
zlGr0VtGP~3AJS=<^Tx4-!a#|Bi|8{%Z}xzNVc$hXa0Kvq<9JueyeTYso-PA#flctG
zI4it0w_}Q+Izq$>%a-*Fc48JGV`M@h%93?)7DZAh8|1CsGnXRHhc_;!sgtHJeMiTM
z=7m_wlM#B)L>oQRVKH;w;6)P*Nz5)9;!?NY05WP^S@-K@FIGBV2-e)d@UnIG>CJbR
zQt>FN__V5zrh`OfSxp;TR=0SD63#V~cxQOP0}sRAGYztM#dAp-ikK62Mr9!iRPUxR
z{P>2q9@awveI&a4WPQ8^TSTTk2?Jh6!C?;UU6z?^{%M#CLj`Q(m^)eY(a$&y8gaw&
zP{-K<r+roQhzz|TCS!R{*N!boV2P&ZQ%3l`Yv$~?k&jyUo-{LSug*2y*{r+29^&ah
zx;;2E(S{giY4kYG;Uw0utVtJ4M|VtU@6PLR$f7nN(brUqa{KyK9Ku`?Js%k8q9u2`
zc@myDFMHC%;=QE17Kgha!|0Gc%6v2}{?uNVWK@f(RE*A?n1=-p%K1!?WFpmFUiB(C
zS-pTNo8y_(qr}JUb)i`uz~ej;X@N_l<oME~92}Ay6hys`UOMC|qQ$Mhg}WR8c1QCr
zO+_2Fy^+@q7zX+B;b8jkOz+d3s(e}20Xd?=;lrl)7}2BG8=HBN={8r>d(cv`l>v}`
z-qBB!|3H-`FEb^IdxP}m0bfoGTs4)cdWVdc!29+i`V7{9MsvnQP95{yRijya`2~?e
z*9QI(SB=ZJsr?GJk)oa)J<48)L!oOWev7s1ndLpA>-Ah0rz@jD9$3?bO#1j?L!S9A
z?KmZ;#Wr+-L2&4<Qs$Ju^L)FW*4@dCyZ)Ae5@OSV2wvXy!Go|>8#rIj7*atbZAb}E
zHgMcWgX#sjo`xaVLXRZ&ErGlhmNE;qsL5GTy%jM47gzLE(s~J(=ONX-0f+)GUo6Ot
zD3Wb151t2FUdi+AoUBO%0z|y+V0`_MUwE=Yf$IZ#kwjg@ZH(D#k4Y$<$P$LsV_qu&
zDyW*zRS^D?lIZ!yX(UIikVj}g<xx3;sfQ0#nA_&467!N?y!@0Be@1L}lL~s!#|!Bt
z(JC$vjx-Ih58YqrQWM%U_d?PeiU%~BCQrB$l!g2axU<{?5KPKY=joul3U)RO3?xQ0
zV2et<m(z}V+f{JU?`fG!oe)^4KU{G)FXI*;-YN*|eWrM`S&K4D#~5>!hxVvvi#<f5
z%^ew2EqF25MOBea+p#x9eG(&6gQT9_jafc!OIQ<cw$UJY0dWUc^HBDDE7+>%#RWd~
zdJ*;-Y}zrhMvX(JU_sp8o%76Oc?iFkHL!+=MRT#@V>&K5;Rsr+6yl_{@aC~7ii9Z0
zzIs(oubBJgZOK{{48{e-FEK^H8?o7`V0mOmEC~RiNW^mZHXdma`U3g66*u&!nBMoE
z`dK%o#O+na%V?8IS8axAY3zcA^9@#<@aHc?XJjxRoT9(HTAu7UQy?Gg-0rK>z=+mf
zs@D*dd~Ya4ZzY)%z{Kv2&92N92t7v3uv}2}d=`ckVya80GtZk(%pYFh!ApP~*)%ws
zXOW}?)6!$UnZ?Nkh=x(N=7TYF1{06i!t=}oZL38%=z0LJ6<~axYQ<Vwy3{dWbj!oo
zsBwEUHwxj10yB9&c3YW`?H#yLijohb0{|l~ou~+_<h=QFXIN=?b7)CKYqQ%HEm?@D
z<6?AyJ)n!-ZM`FGtk<q~^J05zwa&q5J%7pR&H!00vZz)icLu^ZPV{^Rz{uFkbq$lA
z!82{|Z#jL&Zn3;Dyzbl%do0tm9eeO7s&`sTpBcp_s=IjVzQ{%}Tm!wAlKP|*-+G%p
z9Th=T0(I&DZ7<jD06d=Ad8k%=00r80*_yj-<RDnQa)(gwV#jNsd@>#bw=<haaVO`_
z9F)9jA5|t~FBy``0v@#DC!R6pgx~;rQf0FyB@LA>uO9Jul>@E;Zp8Gv%^ZnpY(u0c
zT=0f@la)m|t{kY1o62y+Q?zQ-u+VS$?a=acvOC!*-xSWfVsd#P0I#TcNx?Dw4!lQ)
z3jBPnYy*<AaL4jt;Q*2gQPX+diKgAEg~lW5b&iaA3Vy&p{b{Z=U0yN=zRg7mogS)X
z<qTb0aIY1DQ&>rrw)+&6d<JlMi#j`vL>54mdCW9C;6bc_HKXsu_%gA|2r$t57PW8@
zP;heHWD*)ixh0xsK%if1x;;QFK!1dJ{ggNh*wGn_CMmu0QHSn31J{@R-XiG5V?+>K
zdu`T8fpsz!!m%2nR;P*Br@>TJIn3wrv`!pfgX*}TG7qL83j%NyzX*=Hc~mamgih9e
z2XZ(Ng$1TEZJx+d()s2p!2zpt<`PYmxV`k*W?#McUb*CZXY2tAHlQP5`OZ05#m!wc
zPWRqyi4S-Sbb^VFEZvL2v>fAwgW}<mgMjQ)qCz)s31r@v{(M1DSb{bkTd#iJ^qXuQ
znvIK44S0BB)rh#S<%Kn`y(cm+3SQ*$$-PfW>HBPX?I_Lub{CG^x0kGYM<@Xm7|9AO
z8o=1RS_W5JHdY7QSd2KkYQzDvU%0%Y5{-G!XqfLoRk=HbC_QObon~<wLk-Qae2XDs
z`*7vW?sH0fL;)ZdoHx`jZCvpULWX6`CD>U{JiUBE%Ah<m6jOe&{H7EplS%y@fYByp
zJkss0OCgRcwWDbCu1w0)omcnhPX<n$jTV6VZd;yMMps&!TBigDO}x&s_xuF5_-$lx
zIsn--?3FOqgNSz5*~F~Zm2W&wt}U02uzSc(5x4UxY0-dB6S30<HSQIi=1u!e^AH*-
zyc1yQr{x$nKYfZ5J(S^uTht00oy6je!0ZKJ0<0Yy`SwxO0!+ZCsO&S8FU1H5icif1
z+r;t^K2h;qJ&B;CYYVt{3O><O?<E9|RJ?Lu$IE^<C;j3*I^+t(7ID|7p%fyB9-DVc
z&;2l;McEW$q9`ne&vbX607^jcBe}D~E*~7ErvqVb`oL|pvPld`3j+3Xy|?9vN{_H5
zvKO<BT~ErLty2@J^y)<T&44KEfpnT9yy1$+Gercqx$TiDt3e5HPLz}tNw*3tFeYoY
zsCOi!)B4zr1ZV*7(V=_R4y10Rp4`A-uZ@^U$6cxx<UtYCIOu^dD2i&pIA%MdnRoJJ
zQ`3tI1t37X-ryCm<qF~KiwJ$?@8|xB#HGe3P<%9mYB!_+-pTD4TplQvdKQi5gQrnz
zpR)4Lcs~9|edvkls%$5q$Z^O)U-md3YepdAj+pu!4WbSq;WDvU<vV#h8)SzbM`6Pm
zb~$e&;iMjpkH?JN5}>F>G?kUsMTb}=jGFREbG0CaJ*z5V6{;5$(0ABwOFc*ZDr7u!
z7oys)F4dh^X^72T9N`7lH3A-vx3Vq|?5wlrfHZ+6&%MhreL`We6>$`KxxF*k%H_k_
z$L3F7VwGCj!#2y-(&7ubcR;0YvKr;FEAr+G6PSCn8-Rd^D4CH}ai@>z&1_6o6(Go4
ztkHVa(-sW*UK0b1Tc>%02E73$&M|k}rya1~ZxA4RVs{Alm#}R09k+PMfVg%`$>SoM
z#Zt{+LBplB<Id+ZZ0P$ftk0m%iF7XD^`M#B-U}*KCT5fA+ZX7s&CeJuju~HBtTLOH
zXRGr`3LXl-8lxznf;RwkB3<L_*HN;Kn_9J+FtGL*1%0*h$sj#oxfq^aNUyRwd<+?<
zVhi;);|R70+FVl{9TS%zLl2ew+{hET<}6>mV!HNB19{!g9dqpxBQI52n|HA|XBmU?
z9)Y~{48-znbW&HDrxSd**0NOQ$Q_gdy29>yJkJ2Df`?Kaa}c8aNx-Xe#XQdgeOkI4
zQS7DoKydh-`Xf<JIJRwoE*@98ma(V(!flpP1q>0uos%-!lIj+hW)yg0liswo+<?|k
zX~8+0fiEDiNuJx8Jd_=caKBa9q9fJF0l~`%qi@fO&&ZChxYPUeQgYB1?{GF3{LQvF
zT-ZRWxy#%-zlynR%mq_>)Ei4`g48K^Iw$!=@}T8Lvo2otCITn3L9@K)lIBmZ{2gao
zQ@|@Jx;i2Qpk6^j<|<q4w*nwmH@NRjF}L+pXk^5aze0Z}koXGJ6R!mzCW^wRHi$UH
zC{4*S8z^i2c)6bOLp#=aLjp3WWny+uNINE8l0nkkK7j$9^wY}_b&G@)>D!34N1GzD
z`OGSLqu%Qt0dF>W#EO^~v?Bauno!K5Xaq5~@<kiYi;7!56pc%IE1kT|H1OyVrI(}l
z@V06?08*G9<J}yC9CWn&6jxi!a+tXUJ3<4C^GGNa>%u#JtioW=R0qWpC4#@i74W@B
z_kp`vPTjYsqTriqw9gqDDISlZTlXFKy?EHy$SY5dE822ow`!>X^-(?7&U2BbHa_vj
zeajp;=}V(Lp^I|kFNAZYi7^lhAV)!<$1-m+I|@#fb2YP`2*$t(2c|qUuz421Z;exP
z93+<|976NJ{E&kg@CA=5&lsMwYjl!T3V7KDuHzzkqoGc7_AP_IA_81^eGZ_Cw%doL
z51zf0dD1r<_lEa^Mh8SHAUp`;ji(d(l#UZ{`Xj|5fH8c=W6%Bgkv-H>4{c<dCvwCH
zhMisQy6{l4+;iI>PH0(q-opi{dW!i#pVXnL0v@g@%*xN%Fr?cNyG4aCA1wEdPb4uc
zA>cYFUI8w<SA@PgicfjrXN(_n$||FjTIL`Vs|6a~C$+i+5u*nH1CQEM9-qLDZZ(Lc
z9Wocp_(nB97uKE5Tw0`U^mS*Ov&7<d+kQF%O%G?+32wv{!$fGBpmtN>-jf7N_Cr%o
zj-{eIkeS&z6Fi(fMH<>Sjxd>=&>ipu^&%hVsRE<03!0};tl)X(;zI{-ua>b==xoxe
z@RyAqFz{IS%;Ax?Jll9_1%80pb^Vf^WOL!25M%)A(UsQ;s_Y;c>$Tys=8H5|e8#bv
zyzTrzqp%(vvOrUDmb)}i>w}6jb={GR5VC#P*JGi#uSv86jnTD<6gBQhEaYuXIyS6a
z#Lqy#waACG{doDbKtRW`2z9X;k>j1U$7o~_^Z+z`3XDDjy<D#&M6$RT?1OM#M1Ly}
zow+I?aLM6Fysz**b}Nv<fPIWz7?r6;#+A_GSsTdUi~ip9K(U%v=A&blqe~D{OP~kE
zZRjcSsJM8!F2hr#NfMvx`dBKk5p_}30q3Q>9@EH(V+3Q_l?0hwYNFw=nh<3<@qV6a
z7qD2ynb*VTglGq-s$zeph5%CNlY0DcbOWxjr&y>MF89gsbBebDSjr?ci_ab$l}oNr
z#LPCM(X5vaR1!uKByp82!rkLH98-Ma%pe;l4IC3L8p~#7k_K7MHaJHb<@rif??F{y
ziP;mm;pRWFy-U!Fv|f5`jFxCLza-`a2zc^X#&t1jTYLu=+g2HFoo0f@4BkF`4wR_h
z68ntyibjWFn7X)c6%Fz#CuHQdBkDAYUa7rmv>9_iRFoB<Sv}EmElk7Vd;A>S2tC`%
z27-YixR#9er38k0?x81=(x{3e41&RKV7E`QE}lP3jkHv!7Ke4#csPU;5XpIs2NlYT
zosxyYi}Vsxcn(|Kp23PcUdfwWEEs=q(0(yk@LHc#B0OvxpE@F7NF~lhQTF1ANa_c0
zXL?LRV3FrORBXqxtJ;`<xFq@TuzU6ssIZZPv)CsOO@u{@3sW?-fcQAFEK81j?h#P1
zR)=wL1y=`37fNhmjV0v6*Y(O0vpG-w1jgc^qmA*c37iekWs2ARJoFUy$veSwyeTPt
zQKg82r1*kD$-M4(ghTq|5NY10$XGvpOx3q1Vy>1@`XM@pXGh28Vd7)Htk*rmp$_^?
zsFY+g-ZRECndeD1@NCrN+2NakyG)TwS&Fkf7*rgW&Fgmr6lG`~=$jS8@Z>QC)KnUZ
zmpTwMRK5j^>X4FZxQ6#Kf+}9U?%^8Mfz2wJs;q!FN(*2@{gw+LaLl;+UgN9BW|O>k
z=kyA@=n}A)2KQ+P#470yO>Pj}Yn$3qmTHrC*)={dYAgAO8~b5*T@UO+Bfixzwi5|!
zsKarIgEqBA2cTSEjwU6=yIBf?;epD74Nzp)(7u(jWhw=@Cv%*c9Km#)HWyL~mu^T&
zWO$v&f!J#$h=o68ra(qCSaFOMEfBbHX9S0X=_$CS7qY|kkY+)7K4td4<35j)Ja?8i
z$FO{ElIlCx$M4TVG<`8k?P8?mxn`(S%w>a^lLt5zr4pho_C54^TmcI??T*))>j={B
zzOg-oxrrUQm=D<J293>c$8dmhUl6#B_4I_FJ#`Tx3$-rHdWMe_ceyr)?@b{(Qw(qI
zz3S)bCXG>P%Aq<5TbmBBfJG-z02?!}vs0&w@eKg_+cVrG4jfbH5HN(Pmj)MvboYk@
zUQC-%FS@Ih=RiN7^QXFJ#JH9%Y6n{)5V1<MRjyscCIlFeimjT%@9^G|M;DV*E^lTl
z3hmGv>Y&P%G!-YI6z&&g1vIzvZi+Sl?3MO0LbmEpp&_e3dFwBZhA0Be?tzom1Eba3
zeNhBTUA|mTi2FPE%V+SXohGNd3aBtdp8?KH;KC=z$^o+6H8cX-qd~=12LR~ODmc7h
zq^$wNX1tC2ToCqAq1mH?0ybNl)$$Wrfb@J*&mQ!yPJuHB#SDg`3E(ttutX+TA3j@1
z)8Z_He&Mf?mpN7)w2EcbInRX*g4Mt!j>i+OZC-G7rB)%8oXQ%mfpp4f$MaF$;W36H
zo#K$<_srOu^m4!>6LMe~w2QnBvJXMeBaiLL!M4!|zfkW^dE7&t0v)gLiP~e5w=CYs
zXbqNNbyTpOk39{7)h@3+Qj9o&{911NM!0-0#P<+(LBY#Tx*~{k!a#f*)C{28o;H%D
z;_lB=k(f#uh`kHuhmGAYyZD_xDVeZxoY(8e-t0=Jjo(t!&k-P?$Wt@%R+s~&x_ljX
zw6muXLaFS|>DfDfvRkfUrT~2g1y<?H7K#sd`N8t_`lDn|fxOxP228H$mcXO6iCN)&
zAwnVw72xebk0Sz-I!P^BgyU{bS<Ngb8hiE}q9<d0dg=*gRcticUOu+S8hV9JHR0HK
zZ9)1V(YX{g9s>@%mg3DEjh9;Ux<U73(l3eYT~g{3iI!C7uwVd-A%PaGK7ge{P3;$G
z_?Qba=f;5;$y5}|;fc?ffk#<lRd=lIt2lSu?9mSD$LRb#k?#e*Eiyz&>}wg+v72}y
zuUVM(vXeRsND#PafLd=1CppdTp^XKTy14uAoaR@IPEYE=BO<B?$_c`UGO6Y9j>uS#
zFP8L-(BxZe{^@I>@tzHuynv(3r~(ndH?>ErF0Vt*M<E32)*EVlmgF^Q(J)r*n~hfQ
z$hjB$cB8P#1w!p8P6piApL0F5s?eeoJ!sEPWhxN@iI&K0KE<<o(xF-=hZDhg_f|q5
zD4X|gU}hR=a{6oLW83JdRniiBl2D+aFFk!kS2*(!XozQG4w7%qQrQI})fAKY^3kQw
z)cB&JL<a+S37ZOFG#_jnLg9P8lr45LMqw8n@nYYddKnCJoSOjlx(JjR9aHP1=TI*p
zKzhh{fnVZojy0Rs12YH%Zb2x4b6ewme7?rd&#l>+Ql9Nm)rv)A?exjwvC*bO5c2`(
z&oj8N5^YdhfSrhP<@vp}JZL&Mx_2ec1(+9GJOTD8H~Sn5j8LB_bH10<=7j<DHn&e)
zOtOfZ3<I3GN!?@`4o0A!=4LcM9;ZzkDPDnX1CS@JD3hC;`iwN;Kom?&r-wtwkqY=q
zMX>cDxVh+nKq0K=8xgZ|%J97M=v|k19n%<VaeD{sbbW(lhvmTeD&pzA?8wLFi>nI{
z3)v%um!Cin)5K6bEa=Lb5}5Q&5@dXW`kJ$}x`qV%Js+A^;Fc|x5>4bXqVG^A-;S(;
z?SzE{;nTZ<JwBdd@GE{aCtDKq@;QlKn=(F3GIxCKG&;)9#Y~>KK`y6r8!==9CCY<a
zwD7Y%h-H>^m84vV7e%=5?D>_a;Js%8OUUV0zXaz-D0#*sJsVyu@+|VoDFqQ7%BFdQ
zAGP};bME-3;QVty&~k<0Fp|VqFTBd|iM@Km)@g1Jo~fU{*5`#LSS*|!RN2&=<eLF;
zbMT0n^#LZ(DsR(c5(XG2E_HoX26!>nmUzA$1Gy~zGId626C<q08S7QnM7~LZV4Al#
zX@6SYhYTLDD4M&9$c8$3A*PRrG7#OSXzw;(j0{L90*zwSkfx$m-J~;%fLs+!K)ptX
z!6as>Kw)20^@|IAWC8V7<f60SmTHEAWdLwjA4XP|JTZ3|n7Sj_aTCAS1h*!!SIqdZ
z57vXk?bgw4<*LQZwQRk>Ly<aI=Nfp(_Nvy})%Z|BYXnE`*!5momio>~9J_2G1s<Z+
zt)X%JUg1iv3r!_!`G{w{8R;A6C;0GAY;DTM9JSvW2~~YcF6dKo3Fr)Y>>f#i&h*}F
zmw?v*lJH0gc-9LTMtXU5kCe1%4LsgPiBggKK++TF%RYPwGr7|640R;|oSHctPl0WS
zM;4y!;vSLnm6x)42ELYw_fW~wh?<=4p3st{Z7TR^^zP%}1S1)=P#)k%>hDP8g^nkB
zQz+sSMnML7!HCyj2aI%Oz6xf{@7y-ijceC4Lo_@>w+Pu}i|XwOH@*i*V6*i^ox@jV
zBCRiMy+f6knEBPyKsx958e^}|n=19-G09<)Ehv>ziVv9TwNAaE*2ExJcm-%OZZxQ6
z0lwAn&=k?F+gyaSDcOy0vpMxq6~_q+ia=hNK{I)t{q(u*1&;U74^&SCh%HP67xXl3
zP@kw%=9`!?$@8_Zr7i({4h_XEYp*ndxk;E2v_-jICjqe^m9CnstK;%Z_V9S-Qj@b1
zDl{*R$04O%YM#6s+_;+@Y<83rVBgq#Oqngs{cin1HyiZ1ibE<Ont9buo*<@Ri4G=h
zsdKzcidfRg$Vp8)j*81WyUHh~9u<u#W<`lBAU9{ymXP`i=NyZZMFFr5=H3D&UQ3(`
zc8s`eE77YWi`Lpo3e|OY8g(`W#|pQnzLq<<7qB%Dkn1EC($k6c4kE*%eXa@f`FINV
zRFU?Zl4sYTdrKECurs7C`Bbs%1>&K~yi(pHDYt<P9iBVQ0uzsj%prUOR`U*-Q;pxv
zz9+ZOo*|Y-hMz6{Zm%z24J}`i_PYYSbqrw+KdDz@@Zvp|SAykkHxckHyU+2#IgcM%
zbeBAa+u8<8#}F8Xd!>5MpOfb8+7mqh!xUVsY7sFg>9%dXV2DPmliHiH)=J$_?<4f2
z;#VVmL6+rDmpva;jiX6yEHgU-YMRJt#2m}00)Ull&QZ|qUKtC4ZJj|$4Vv>it4mna
zF2cxpc|tD>H`$n9rs`u^84kOK1eJb>Th+_d^q>Ns=`dKY18qAs_KRw)?dJ_@vQ4S2
z$2+`I_Hd9N8-y5Gi^?L5Cqa1=JoUQ}eAmZVk6!dRP49{~B;^TvQDC|)bHErI1}50^
zmoj{O<?V;k3!*D4=eM=8cqK7v55gf6w9^xs;KY#X^{fmqZBUlSLGJH;oIyWiSDv`H
z-cWAo!t_uJAvKzx4=28-;+wk%JD<YC&p{$>$Dh6EZqX{7s}w_wA&YrP<r%K-I*xFl
zmd7vF?Zw8XJxzrIwnxg^Pv14}5_5J7HHLHG)1cDF5IZ+VahMfI+q^yr_J$9K7zOdf
zL=Q@Lb9g;c)BTni65+C!)atITc^LxQZX#Vk6pxj2Og7zdjov$lI}ryO*|WraYvpl$
z>2RoX@&*e;ca?25^i?d}4N577){IS&L5tQi5_~TFd|x<ny{*_mq6947e3B!J85DDh
zBMrxEws_MlTFUO63L9M&*Sr8t$22uhLnYk#G@#XtmRU~Gs+kWJM^D2a3GE`SQYipr
z3o$NqRIAhy@%Y@tYXNwPfO&DF4ZlZ<@g}h;Q(-;Z!|5w}VY+3g6ECpGRd9jit@TT(
z`jj5MPwD9`!}RqeCR40amcTNVoWK@IyK&19gSbLEOK$Hf>C0rzXOAL?`jr>w4ZtKS
zusFj`d6+ZyTPuL0CccJ3xoL)RxiV;mevGZ`i%C*~orh!V1p;N~QCAEnac~5;eaE95
zS^Y?)*wwF}%sB3|Eu^dmN11Ibb22!MIT6--{l;0#<@Ii40|fxE9=qBtjK91)wwh%I
zZz9lE>SvGH1mYpMo3(Md70J_EkWFN(oomn}3nhCHkuV}}($B_-IG=YNW7%wH;#Pa%
z6H{JRV^nV}EJJDRiP#>VDPk{Bc;PPFIl<4G9_!pOwHY42WEZ!5FP&P32iX$1Gs#x9
z{qE-i<s8R%AGk&pdm`sM6LG&}1_$*S>}fJm8`aCk@K5nEeK%ZGyAw8e&6yY*SIoe|
zVG{jx=0RWz&E!Uo>jN(hW(ki~eE6yfvfcm^!Lrc9y^{_hDzLap2~&IRW2m?9;fg9E
zloFya_I97&fL8ko;sBV-ikbUPB(}7%&^th97+S>V9W=1hVTin3R?@@pLdmkGyf|jw
zs0S?U21f7&6)?+7_Y)$)mZz)l@tbHKd-C29Uj?ru4IN&g$dh`Dtkz-7Qb2+6UV9ls
z4$m_WGQNE8Dtye7wYk~!W$k8Li$>!<P8M1zGiVlg=LP|@3nq#E+NGg6`W|6Tx1wC^
zop!xjed+)&w^xo~al3VjC?|rWiVC_rR0!wlUM_%_)YEDJ-Cy#HryiSe{A?zD#=_IZ
z6~xu;acd25YO1t?%LvtX+lBWzW^i&kMnB)1rJTTbbpVT=rPc57333+MK%;r0dnrD~
zwG$=oQY~VBY9_<3C9vVtFF2>_T3$tR4?D9HvnD1Kp+KUr_%Z7M=c1pgwu$kG^t(aF
zrdaL1S>;WZgPaq0>1#+He@R9AX6U`pDf3uWMuXn7XW^Mx)$_#OCRF8v=P{<Q=$tdB
zRSTcjOXvxqr;TJIZrJY-AG!vl%p4#+O=yRF+y?N6hqH1_-{eD*8bnUN7rVqe40@R@
zrp;H-xFo8E<7n3;{8H$o9>*E&qc_W@_gYlC(}}@mV$XC^%KB~Df(sfglRH=g4Itjt
zF`EmUkHs{po~G1l73|BP?cK`#KM(%@{PVy5r#SxcZ~vP7Ur6+y%J}#HohZ}pTF>in
z$5aIypNS?Yjw+ov+`ZYy_2SZL9P*XJ`Qw)#;`~%5z^~__W`8b;J#2s!JnVA7R>@?c
zBvfU+=uiM9PBT#inK^b}W6|eK)cteO9>-X^Dm>Q{ojasJH*Tj`O7cz|8R<%Qx8E2(
zzoa$FFHF8u^26VWshWtN?5p9kpyY>r=-FT%haDZNhLi$W7=xwC)IAS;TfW@mGdJP6
z*-va*T%y)V6uR9!kol~gU+S)sFAJ`~TLoMPi3C-<Q);C5@j2g}v~m09etwWhO%T1j
zw>vOMh%c7y?v2ezExnq!TG0hGT(>Dpy|<uW?)vSmgopgH#eRKKE_Aht&C3G!MWd`6
zx2NP00v9ywNkSniK6Un9iL&Iu7e?<}%6bA-_Lk!3l8Ya7<a=zq*G)+GXZ8utviY^!
z9kzJC#8;?Eb<I!1tMCga`4lx`7;?As?%q#%=eq)k5liVUmur0^Z>2?2#O2k)?q@kD
z6tDW>F`>#_eZ4jPl=sVb1oZp~l92xVuyEJC0BNroGTKR}a93F{4c9pA(DxJuGh-~F
z)y=@Vzwk2pes`)_4_$Vmludr-*epNyVGLZtG?F50<pk;+zO;S<doKPeUSG1)aquI0
zB41AVDf!*8M?_?bTzbO&Q)j`-*~9m|Dlk35Ghuzsq{Gk*5;YCihM3=jFn&EYkg@yq
zai8Mf+#Tt;8;{xECvv}c9~w-jr!t#4Vh&4^^$=RMU>}BWW!&4rB-y2R<`$QGOCO&X
zpU*&QA9uhJ1<<}*-=X23AK2swu&^hfhHaa?K<|<(W0JOJ>dlhA=A=j3tT}vvt@zb^
z;CoQEr({gzNObJjTu=A?2GP;E_PNPr*|uE7PP~%~fIb|p5FS6n#kFn#SGRCjMgDA%
zNS}eW#SMEDqcu{w<iVDtlKgDrg{eb$`<@0)_S>?S;M8#;?o!ZI?gQ9(V~8pC==o%)
ze0?Q-zLQHLw^!Yu?iTBNh^cX4L_cp{ZEIaDdeiFL9%TC>hEgk+${ZanFxn}$YMn?b
zcb<mY=Xd(2CMgv>i?Dmf^F6T?+gWo$`{{{og|v4XH2w$?x;e5H6xG18i!TZeyI8T}
ziP>HYMJH*0eJOvw9;d~ieeigu2Wk6+LSx_@Y<GTr>kHn>t%hf&_ZHMdBrhRKyj|et
zuwaSi)d6Vl!-l|VQ~LVW_xX-Y)Oor@6d$w@$>S>Bfbb$r!u|Q`2k;mPwy$Q$r}sTZ
zQ`J7#cS0Okv7PLXr=F-<(?W*le0{CZXAswYd;0`fR`D|Lkz2j-!9(f{TluY7T*Z}n
zLcm8>u7?zy4wc0ZgC_4$xe^x=fD~O}qi5HrOX+tHBE{hF7*J8aRrfWK2e}Dq&nC|0
zr)TBB@==%?sBKUT_V$E`)0`h=)K<`DlI<3woD#4~2EF(B#h<TieA;jJYI<Yd+t-!1
z=I>eMa>-*wp!|t)y)Bs~SXZ#uStU}J$|>!wxhQJEK%nSPD*A|d(K<jsuj2OItqfdl
zZ1E9l76OekT0s}Hr@4+?GmZa@beapVwe?s94^Ll1j)pNuKs~f)9ei%t<;YbeRd@}1
z2cLfC-yIC(!JCt*64S7yM!lq%y=>27Q5Z$iOZe#+aB(8lB9l+Gny2wRoF(-^JTaOz
z9(_BiPZNhr)oKkgzP>x?^SigJfK1}-F^^ssXehTmQ0#FoDZWcR<o@l;`fB^EOs?H!
z#D#<2QQ5F%_1^F#l2$qXA%zKnLWNuVeNp`U^1SJw$HVgyLPb1Tp_{CIT<M_JcuLki
zQ+_&$*gQ?G_RC^cKw+O8vI}q3_ZXPEIglQ|Cf{-&$a}Aa`t#fU)2FNbx!UQ)#!d4g
zJndXgp*GujF0Qak3d>OV^XsicRDeh7O_k}p^HsgH*9#ZOG#RkT^7vGvV+MR5@-lyZ
zJ?eMHXdxDpjM#oo7HRn;HvBFC13jM!@ME&Q67lylZR#xQ%TUshd?#;QUN(wHykkjU
zR@!b8J`r@XfZ&(3FrZ)G|Gi#-^P=(Vn;7-JYqahwL^FsI9@3|jeEjsv+M-;3cFr;d
zMykOgi)%G{7DL#w!!K5DLk~P25L-P#c|u0mFA_g1;O|!(%FXK`cal*1oZbTv^l^Mh
z=O&i|Lb#;sve^L*@Aqc-nnY&b9!A6DD~O_{%O*SmcwSErtr^rMYafiXJwCSY9S?l6
zz=^Kzh0qN<=bUqp{v15R(Al{k7_{~~3W0Eq$fo|iHp`cA*H3{pJQwmE552<bN7<G%
zHbK0WG79vB*J*@_`@0JNOo#7Eumo*RTe7=kfav_lCm{-fnC1}^+%?nGcC)k8?@b9E
zrktU~^4rAdnKszED96K8oqC`sW1GX>cvvBCoRagt>iAxj#L;zI2h2jiXu0*+hM_lZ
zY8N4*U(?8JT-eH#X5&U9{GKJnZeiJbIFa6FYLD9)Bv@2;gK_f1^@c4B(<@FsE3@}i
z$@g|;)(?v>^OeDaohQo8<tyPNjOOdMZ(z=3-yI#z&PYNnyq`TT14MxfUH9J6NYP;R
zO$xkL-;u2-Xe-;K1VAx4$<$c&uUftrGD?T?wmIHFwTTTpX$x;Jw***Fk%8x!HZ*Z1
zKEb)uYFhF;Yuw#%ob?kl_bp)5dlZ|H){yNGsAAbkekck%VkYbT8tJQ=?;TFj^ljW>
zEERFDO;SDr8(!JARzylqqTCKONq1%Q#kW#dIq#<n>xtC%p!z~^RMI5`kXWISU8}yp
zeD4L5MM`aU#qwie`c&HY+UMDchGly*K8OZacQSsKikvJ;@UWG+4-e1PRZ>hB$XRx%
z>BY~f+@HRvyPoGlRzdFTlX5~=S)}l$B?J2vl-oSBsj+%cnxB~}zOy${>QK<CZ5Q1>
z*SZZ-g%D1Y=kM<IJK9bv$b+4pdCbvTwEI@x&zk0eNWJBy+{9Mvj<|UcBlcE!aVfMf
zcF(w<QC3iDmnwWET!v3S2;)AgH+@i-Zd4C3UKdE!TU1j>^atbom;oI~OfhU5V=3_k
zkKg-!ArXz&NyinTM5O74%3178Qa$bAX-sol)T~o)%Uw~+?crBd_~{G|wOc*3e4g<H
z=e>wf>@db$RqJVbn?TUZ6`8N9A?+-dA%ovjn|$@tBfO8?a)7g5+5=Z5=*!o=_U`$m
z^c2cAP~jP&vF1B}u?k;x(WggPRwmLmrSUVhx9>fCkPBBTG2n}>I@{x;n;RsTPjFO@
z8yI{k-qZ5^z2j^d$s@`)7uf?1qL&QgOAksdl3?DDGLXWV#hs&cI*rX|WuI=*?z0;~
zrWWOSk0`4v`^dQh-W}s&XN$KvhC`gnh=a{jBQAndt5k%hvR}19wh39}+^ML-(<cH+
z&bK{pK@rCNSj1lQShfriDJ9+dS8e?18-V-xmIbc2pTKq$0)g;q$%rn5hc3)afW2E}
zUj=qTAcJ;(y}CI~RjzgVQ<E5IxfC!}iAEmjskYLzUP!|;3ws+E0T`ZW%6IR0Che=b
z_vs+a2E=TT&r50du{=GretT5sW7~uC;sPp5;gxeVt*+D%%7dY(B+K$;h<v}<L-sXU
zqnnu^TM1;8JRi<Va@b2&Vn}9)46B}%G;c=nPluH6l;J`0;6h(}+pD1|poSdxCkS2a
zdGj879^-W&ndtG}wiZ)~Z#DZhrB)zIX!_4|i`A3Ex5q2x5?v5TNfEf0s#rOWWX~vQ
z56&X}y0zZMr#|)5RZc>2Zm96?Zt~sLF^EE=O5IMD_d>0Z_><Z4X+?lnHpTwb2;^k?
zieFOpZD{{?&e5A_ktnDa&o7YK0u}r<fK#F-m`FhaI3k2@81M7q{;u)cUlJ6PwzPN0
z-LaQI42{M$#yBwqS9!!pk^PlJZ^;u}vjXjdlY~u_&H&rRCfmxNTAd-zwagjCHKdwx
zs!>RTnHbfM8;hwMSB>S(tg`^@>8~p7(`nEirx^*320b!?euwx#n0mOGFG{-SOz^FX
zzj-MaS7Qv-=Wk%1k+Qyux{xdqoT#7uo!_~FZ6h=UHC95YsPrm^fl|N4WJzCdBi`pp
zLl3pt;<FF>_Y~uom3V^j`c289>1ExWiw3<tB}=v*@IDa*uS!2$rZ?7hC`RF%)o*%j
zJbDF{Uc|*uMk8I!t^+PtMpKIx8t+g<Pz0zi(ZqnFA!@5GNqHh!`K!|Sbf4N#f3*hu
zz!liIqn}fypshz-J62{Qt+b9AS(psY!%D9`bMGnXdkWgo*mjD!BXME#tJav9s@H1+
zH~_ImsS1MGjp`u#;v~FlA4AK$CQ5fqeZ^l>_Ji+qvnWFqoAx>tPPKh5i_Io5ysS`X
zOA{+$liPL)9-YUqxvp9CfpD9dOJ=MFof96uv=jW@R}LlwOW$)umZ#d+T`Tm^yK#W8
zP)kZfn`MmN>4|ie&S$lsjuc54wT}(CM$7?a<0e%bj>fsOMY+s0D~|nm-`O5fbiKz6
z?<ybQUQtbrZEtWO5QVE?`_G(kMYmP}Wzvrrq>phH--KVlTkogSVpV$anw&blk*A+b
zebtNlo$!uIgKJ<+_98mBripUyfqRA|%cD~^0$y^iY9@7aSaTcoA@61ndqSs4l<8vJ
zy>;{?jDEWD$m=>AX@^|Ign`O=8<K@ya$x=ER(Kq&?^!<IJx3qV{i>KgU1}RH!Vm$q
zH7UVz90v8znYCB%Jp_px(s++5Gs#;!fvt#kvtNvi$7`rlC5)p6-xyfWBAgZa$?}0f
zKFQg=*Vi_o4}mJ(tR0vj*({z1uewU8Y?D0ec^zLh^QT|I^b>SswoayWBD%HYx<}V>
z9`+td^qmR|yipLm^;ej7Hw0bJ=4ogzA*H%jMQx;KVQX0FXfpqN%hg!j2B+*HK7|09
z$5udF;~{TbqBy&9kT!d#T8eN3{HyBs>0GnqTKNccy#U1Uox>IOTyD(<4#oLX;C;zk
z4NqM!BA<4wJ5*?kJtq;Tbw^6lm2|PYR<Sr`dvrh9wwfi59B|9D$=XNVZ@6EuLjq|J
zaim@5@k=7+r;+dFo6ovGJ#4qS(Ls!ax{faz3=Y$nkXdwOUNuHG<wM-|p53(+!=)wI
zJjEMm=7hT~3Y#gj3_Hk&!q28utMg~&d;TP|Df1vL7{LkN9Xl)}!;y%uWzRlg%pyA9
zwph~CPo2xBn?2N$o{rlPtYO6(%eqE_6p&})Tj_o?>NozDW4Iu)NnY5n*5j_Va!F0@
ztx2DHEApawSFlR2OS5r*&I>vv_!e-1U#od3>pZArwMja*Qv>rVF}<U5kti0l=ijXB
zr>{xN<*6Ri!Z{;0)B2>7zkE9i9+;B00#_8G#a)>e*Q%Xt`V<xc9?Ao}rgA}VeFAjo
zwu!H<Lx4@f;P-WMYF>%>Q^rt2d@7CCOb_sy#`ob?%WCBej-T~A2sk7EOeyy1aE5A&
z3sj3~of>2As(MbG`*x3m43C>MrO$d7q&l5Z5mcvX39Xo6&Iu9NBIb1LIl}I+a!$Xj
zh+~DPKf4->w8f3CUb^o*pwh6oS=@1u7oN3+fcJ>8Wb_R_juD|x_WjfA=q4F)s*;Qe
zTbM!+E?49E0TV)*&f~TBd{8|Sl-;a!@bx<#*v!yI0T5)vvl-8a7-y5x&$*jdjkp1?
ze&<x4=%|AjcS3Ai08vC5Fy3_;fb7gSX{qX$fL2V#J#SupBJiEuWboNb$t)RqMA@nP
z9MR30Qwgbt1}^XkrrM0T&UN72j$pCev&Gr+^sHCWrB()L(M@_HoNFZ-q0x(i<v%e{
z3x^?JTK)4mdPx$T<fxX&6JP^+&x~T8b-r6Pqx0hVd<F5H<_v2r9^S(_crPi)((gp-
z)l+Nc0gr=l&m`fYcsWy3Ov2DGkH8CIA|#ynpy9yysXqXnvp9nYH#n^mCdBmLD5TG6
zna(|ocxMuPn2w>gX1nOHjOaYrFGXX@<*njI6vzh(0-sKJVyzEACpJydgBG83#2gkq
zec;ZM785%{N-i-y>CMfwAO$?(?=b5nG0>wdE%RaZX~|4n9e&{>%!cc)pmARP^aQfh
z_i#5j>giIm`B>f-tOxe9Bu9dM?t2GWhI!!T-dp^I1Acnq25GJr<mn2d>C{~}rIveZ
zjj3F43=f)T)NJf=CNj3-GB)m`p38gnrf0<>*%k%%YEML@USrpT$1%>5MsMkI?H3aL
zsz8mM0ch&IPBRYlDtid86kdw+A{A(@Xp_NtJr<;+FC^&G9Z}bd$1mJBs^HB=haM@J
zBX$_~z7z_rXGWd8ds_~vLN!Nt0)N_Pnj*e9<Kf_<5t~S$u(PD2wdkAVxa8nD%m(=R
zI`*%0>C{K#@Q|6IV_`RHKvlQ_h+7)S3;~V{g>*9o=M#%hpS*tbc8jdh6R`o0qeW!A
z%+o>2eJXL9^3jegHEbK(oqEv|9fvKKMKpYue7;#%0Xp1hp|9(mtZ7j+n#vUL1lF=$
z|GvCmjP^#Cii>EO_SjbP3UaVU<Oo1v7M~~@+4Cto303<-gFhWJYxx<Kyfrd@HI+7j
z;>P;)kzl_gEat1~ps~x2Wa+oeM0bEg?9i3@_WTNL2$PV!tm33};`lA{akSkvt<gSn
zcZsN!-y2zlb&sV&Aefw2Ld<|Cr&U?n=9ovO;F71NB2TZcLbAW`c%R<MdU22{N1ZQx
zjHBYc(Y@nI*{T#<o9KrUo>Z`p9gh26J&SGP=L0Brt0YRsf{60+`nX=bI*8GJ_TJ6F
zDUAtO%zI#<^*dS4yt`MzAVT*%FVch|_33kr9ZV@>27hM|`*89wyI8jG^SuatE2P~_
zxpT2IyvAF~sk2gEwlle&+lC?_dG4E4&kmWBWr}76L#yEzM_O(q<S(exI$l%b;+|;P
zn<|y2Y!(d1n_?W$Hp}-56U+8_Rl?Vg-;5j5<lfe^r|KsUANuMk+EfbhI0tQksqPmh
z`st_f&N_WD<q^Nu5$-mARXmIW?Umkg?yy-tB)5ZX!5Id)wM-xo<a*=#h&C7}qQfWO
zoUK9bdsbQAcN4@;<7s9JNfOuZYK(r*-35!1%EXjZ4p79!h{IxvHgkg%ym+^KW~4zm
z%a06&K2iB}R^%FT#M2!rJ$QHQA=$fQwdd3GWD5x`uo~kfoP!c*-8EN`V^cABVH!m*
zfFs5XgX#vGXHU04hNsgK7`p?M_DrqZhQ`a$pLwi!K=N$8A81;WK@hP84xijBMhd2g
zU?KqFWToJ2Dp=4jTueW4*`4T0v`B#1rfm^$GoE3PXV!^mt0Nk#T5|eYtMxfxFG>2N
z*ZY!m#H2j+3So2j1|w)^X18f;4F#sdPdTTV*!ILKki#-Pf94YHXG@!}l48*;X!iP*
zftkF1s;_2IP(1|!>fCYL8mLJ83mN}(+e#_5l5I}D%caJcaWqZZGim4vU?Z6)9bE<x
z82}9hot6}88Ir3`8mUv~PqnSo-%A_?&sN2=y#o;TW#TD0YJIQFi{|+(CV1x0PDH6%
zJE}h2`0|h%Ux#V03c!nv!HLi)=fN2+J#4Tcq58rmK7AMVk~CY?7}ch;vs@vVb`<GU
z?p~C`W#p<nl@)o^r35B(*pe&nD&LfY)shq#0P|iFam`5KaK~$142T9QC74%OoZ4|a
z^v1wmDExF_I>G@PD+G0}$hK78xNd{KICtv`kc+w#W)eYiFLD=pALuB2I&jrZFc02X
zoy5zwdn{x&jW#}#Qoe7HCv@oatr=$32&Saxrai3fu9-r!>P--OyfpyaH=FBb-T5Zt
zDM+blU|@_FFrV45zfM32Zmgf`0RlR}HGDAjZubTJ`B`4xoaXaR=3%8aHz{AAijDyl
z`NZebivz$sB5t@@%Jb?TsCLaViwCmG!L>;vx%Q0vrQl`7yC|PM>&O<Tl&PK&N6RZ4
ztmmg}@D`(~GT$6OyXW&#M}Yyki4QjvaU^6bo2`GkGBHD<2RvIwv}ciY1jP?5Z4hH$
z&SSg<y~8_71U<^)q%VZ<)0Ooh$acE2pftf+Uu8l<xkJEH)OT!eG_a>e1w1pW(J?Nv
z{gqJVH5S}j&s2-NQt$?B4|uH_<5P^95W@LdeS4YSw&aVuDT%}yO$y3{{fSXUMU}cV
zJv<-fn>v`vtll#)$r-DBAW3((mLo;HK-l($5q<jeJe5~V?iI&nh)n|oC}E!7E%ppY
z)FB}#Q}~^+Q5*JVmXRbo_q)C~KAS0ao!kqe$4H^L-52G0_`<PLYDcrA-V0wmZKu}G
z)oXnIq`3X3Q=c<xvRWoE>LiQOF~$hdI^IjKp(O+#5+)?QmjP_>D)|c~{&Z@j36AIP
z43ZtXDo1s&Sm;gB0k<)RZ${!&@Px{}7{FWHAB#K()lIs7jev;WfyX4GL@(vRtnSTJ
zCx!0e6#zdxDZtyl#-}w!g2gpCBHBYgJt_9j@u-NR$0QUfMF_{$vM5pFRYT#erg>S&
z>u!IY2cI~-PtSJ4gt3%kZJxxrUa{=)EPrlI_AZB6tC4MM^zNy6$+O1k%ThUD%M?GB
zJ=DB=S!-6Qcq&eMR;!LBr6Y-(4lYZ%(Ib5jfo`6RSn?uuG>;g5cDJ=|H(`)Xt%{~=
zGpHDUH^CM9K<1)?8SJ!VmUNND==CR3pYFW@_3rlGJh5ss#JiViM2wvzd0MmtdS2%e
z<0f7nX+5k6GDX5Zpp(v(Bd5xhh$*M1c*J@m=Of&*9*54!y{#xE(AMg>W;_USXD_g%
zn}|aD=X|=IWpd<c<d353F>fO?!eF^T_X$z64_)e9K95iy9qs(|DA7->jC@vUOk7j|
z`n6d;az*NKc*oFu2*Y|s7%iQU$zY^e7_f4DWU*k(W41<WjaExGges7cZ*ZATUnrTf
zPvvA7P+KPhlg17{z*ltK=jHJ>+eLonCLrv15`$0hc=9z^14X(z#*=nysjb##n8XQb
z=@;W!A)m_9Pe)gNenhcWILBoMZ6@!npz4C73tVDryQ9XGy*AxPTj6}!MW#8LFnDPt
zFuYuPJr=PY_6&j`Eo<l5ko%oGFTGB}wsSzO;Hs!tFaSY7zQ3=jFyNsw$5Pav9q{R+
zB~+qADTs=PtP<*gsC9IqolWeoye$ryd}M}oECIjpvQKY+g=9A?v&NjL4ow!o%1XA%
z*`9n@&%h>}IyXsNMJDRd&m(W;A=z`P1YB@`BJoNM88m^UBc-MEf(w#Eh^F1_vDHe`
zW9>Qy=(Q}hXTk6Knjtsy^ry>D=CfuoLNQX!0Wuv4(!3)#I?#e1tFV_2W2sIy56Ap7
zSNW&QgFnRs(7t=!`pSel#K>(W;WDd1I_l12h;IUDm|j~1a6P{+KfhOi$NOgLIZN=6
z900JZhM(lDUFK{k%1sLlleugP&I^yXPb!nA4Qz>?y0<>?QZK|`nDG-<A*SBQYZaN^
zSJ}k(xIMe(0#N5w6TesM!=d>CqxpSe_UZTP?dSfYkYIJ8BQ#Q6HBSQ5DJtlgdm>*l
zhK5+;^L~Nsi%TbMijg|9v$YYDJ&xO66>SxLooYVdxEV{5Cc`lWZ_($O1VOKpSG+Z%
zhevP9NS+o8CG1ZxJE29O6{BD`Z}Ov<t!Ea*^lqO>DqY%pm|5MZ8GZfWF27KVPv<Wm
z(PtF$mhnp7l3%AiK7ZrW{5-Hr^tHYMKPy9JovqQ=i90owb}h~O0ABQlQ&oD~f&l}+
zWk&X=Ase%%B?#~6s-LiI*KRd)HQ7-d`stCa198Ds>4|dxOc&*m>0VfNalZK!`?YlL
za|$H6Cnp*<n^QhT8~TJ^!^D@T+4p@AMm$?pF8%SNRp`B4#=?A?Jq1CBM02gq5MY)&
zc)UV>V(t>Vv9I^)rIBwuWqLtYYSQ!WW&1mQQ#{$XF3>oGZtu0d-tLLpH%<7!1;OvZ
z+bkWwCsgtt<@<eO=VJ(Bm2hgPN9G_>yBolC7lWX%z|942i>Vkkdw;fo`Gp*QCw&uH
z8d@1_EI`pGTEbz%cMnws=RFNyHvpPG#pz3`w?;?$CUPWj4sUj?9u{o@kaJ6J6+c8K
zE;ZUreA0p>=<=sJIA(Ep1;iw!v#FxM$1m=UjF&mh@YCr2ja}QzTsnS`^w7L3OAz37
zC1y5HATl=t7|NzoqZw&5i0Bt~-#5rYhxx-E5pmbVUnTV`Adv7Lv6pSO58k@)pd<pe
zo+Pcb1CEW$bO^a7I=ps+syKj~H(kJ)&g5i*;*K$$V<ddMJj9lpX<<R?DO1?m3!brU
zO=4lr?RkwC_<K_dDAup?Jw=}##0>|?OR$8I(l*3v)D+W}oigm#tsd{3KGFN^5PdAp
zU32rg8V!^S*CwEV4px_TK`vs<mfng22MNnQTM#fqu?ux%c`wo6Y2drqD}APv#C?`8
zZiN!^HDD`4-@1{N<5fg@+*vo`bP5`S*uq0AzqO3LN}Z4vk^7xWgr^e0GPBDc(Wt7O
znz?hFhsycB_Iv4q<gYsr)iZ$M3qRIR&ojCP;s<*Xh*CL57u10J8iFe%;<T@ybg{#(
zx^~GHV61~?MUBWRzbu4Ir3^vn1~uy8ohk8Xo1;>@9%hQuKVN+hx6>_|+fQWjT~&_s
zQIU|9Z#Y*mCSA_93Gpuk1(gqon3tJyqL!(NpLSf|a^$64ZB%35R?xj5K#?NY{zCBk
zGHSZp7osVoFV4+`9G}iI&(Vt>2UtR9IF$`JIFim7l?ONbK!J&2JJl2pk)!QMeYTQ7
zK^b>5sPOJUF8D^o=xQm%VtbxfbNXo0)=MqYWgl(1I%;ruFL(19q#qsq%*K~_upxxj
z`3gnd1ovoP4?mpPW?obUsDr4W*2B~}e?$9)q0lFWISr*6yoya4N9L>XUP{t91BBx~
z0HSk_Y<-X2>aqh|RRCO?dRkm=^I65v3XMuqQKU_?!2{frQJ8@tyjZG$%MA?1D17BD
zqEhgPd#{{q<dA?FC}RMH_=V@2LSTEpH@A%@6BCq~v1_D87a`?yLz8(bA_+{E0#4`|
z^`0F-t$(5TeSKZLy9_7oUN6_`zX~kgKJTYJ$3}pB=Cr+o%jTp}R!e1df@}|hNHG@)
z)`@D><!CLPRbTbhvfsKgAH7xPyTx!{td{JPNO1#;6w5%UNd-_?my(mxGt&d1P>zZ2
zeKkMTSi<f|#Gu30yB5$nINURpzLCKr7h_KD1wzlsINF_WK5_h>I^rU$QbmGx0jJ*d
z3Qc7N6!<kf3|1fu+I^Er%D_Al;3#edQME4y>P3f>43R%5x|4|(6uB@tKWbXbfHoQ0
zmktkZIZnAMuO9Hkl6P~tF1+P<8U5$IQp4?X83%11r~to^#HRCk=yz)9g+BAzM5o(#
z;GT)BH_;1A?Z!AC%e6nb+82`F7hd*6NEYgp+`06{Xnp23zR{c}Q^)0MuP%$CWa=6v
zl?UN+ReLaXb?6C=h=tl_jz_)@e=p3fpcwUaN*P+lpE3(dKzqxetGaxQiqa^8FCa1}
z=-|DDlBAC8=t52Cq;tF%zp%7TN7U8Fudy@X1!zpwMCrlCwD#O+x(7cVE>a-}2J`#u
zGv7C19dF(Dq8eHG9irHarss{;gU`zd#gdw>&O>9<x!!1{H|&xjHu)~%3%SSeLPCY0
z_pt)J0@BjPGYYEc$66rLRYoHW;|hahnkYai_+YvD<Yllb?;C=hZKffAOCtJC>4iuM
z{X~;>+}#8(v)}ld*OLm#DwKIJ;p4#GMkKXxLOk*~Hl;pOchD!AdtIIP1RE))7NDZ{
zpxIsw@5VfAs}X>lebCb?vr|<$<t{0Oub2`V2Hc#40GENuJ&oBPUD`@SLkqqI^8;xo
zY|Hn;3$Pym)5f72C3cWpqV<ySda&$kZbNdSM_q<m1RmXuzwiuLgu+fA7P5F_Q)89;
z5NeO)VA}>97KHD)+9S4Q-h6T&c>4F<`7yUJFfuB=1|S?)PX;G>ChG$=3_=M+=)mFk
zI^QF%aKcwwo7sfz4u2x%^A4_gR1nmS1=>5uL~mpVw<*lud+&%AJVi3a<xvT}0_x$B
zk<$RnTf>&Ir$qFUFD6!aZNZ;TSH0e!$vh!_bVRzl7G&GrG#MA_sCHBUsH*ICNhuHy
zZF00ek@tz{XBSF0UTC#W<p9!Bbq4UWOl5lW!a@W#su%Qi;^I|UG88^bddH`#4QVun
z{CsB(u#X09iG-Wq;5L^&o9aC}x45_Ej{TgWERfAR0Jn@}QyPsJwRIG9A<yRCoSo^u
zfF6dT%DE@%zo#7}@{m!^RA9LFBaR0x<ZCGtZC7ZJ7PnUYh!uJTmZU7dFvag_2Q<)1
z-^KJC4vkxTDjJu*Q*lG}b+}B2a~glAz<?`?%SaPfy-LTCdi6{faD(JXt2=O33Ezua
z6?iT1oFQ{L9)z}Eo5oW?5M-5ky8#9WxE-Yqu1A}Go@M2To1PQ=MmkEV74n(=-qJ3-
zUEvUr78=LbS=`byHb<kot7Mz+p*sq1YI%FDoHl)-`h5*Q<PM`2>f-K~Z;rgfj^+@1
z!J{1Isn)u?GCkg6^roD`d}v(=4;fs-<)IN^SVdu%R1%}th}avPBea)?&;8+x$|$<`
zbQEHa9`rJcM1)xRwu75aB)H^)zW}S2P%MHvIqei5nJo64`i1MVLOpsZ4QlWPpR>@y
zyQhNZ!^JKQc=T=(Vn}t~j@_w#;`)6*Ulw!N3X8~jZ6+-9W=fs=nD<!CP?)Um^-J-c
z=$f8+uBRI3fF2_+GFacGQwpY#%G)-=D$cBs>8+Qpsd*Xfq*FmGXdC3mynK}|Fi%ur
z&$+@)vpX*-BixeY6|%K1K1f0hTm+4W?9YE83&XWtu~;t`52a%_+?eWF=tkUF#F_3G
zGo^YKYnvtR#TT;Q7k7QzK-eKJ3wXCWj8y{jUR#t#@EEB%Do;Io@hm}D?J35fIH2Yf
zJw9n4fy|&2$YNcwxTDD`b4V(oV1vn|2m<S?p5crn0nowdcX-RZuW)mlQN~+$ag9NV
zZ!jLZNd>(vvC)C1oqlUR`qK?EXKV>vhn=12d1NxUZvdaPUiz}nQJ<SG)SI5^ln&xg
zY(M*!guKcUq&_Aa)sl&$P;>x?2c-0JOvwebL}WLeokWT0^*y1hd`ZYK%Zn<5=!{7Q
z6J24w-ZV@ZdIDpp09CJ()ce9WVDyC+q$);AdMi)qc!KhqYi-;1&1e8E?I(Iz1U(pQ
zj(G%6UbZ{@%&jQBBW9WowB@@%9rIKk-#xvxj2;ZSw0U=>>-flSu?)Y^mG2J56Bks}
zqGAv!>P9ai?*h(`pWWjEV)l!dz&lK<$E>P%;y{zH9cy}FU|kzt-n^ZrYp;h7o5G~@
zz?7pf;&m8LWaRbo#ITAh0q_eK<hn%FA*EQxH(~Fgsuh4ed}|zIw{>vK&D3a_=$@|5
zzwn(|#q(N{@*-X&q{fEwbV(SXad}>aHf)B>%MChH;+>zKtKYqhalPKff)b7}4pFj0
ztxRN%=;gL>*KibG7BOt9p}+TFrEpN5SPjXE61>YmyL`T?0jOQi8}Awy_X*i6u4inq
z0QuM-_qhV5h~PuqMiSta%ziwsrin!qwrvRxFm=1|C}@N22pd2S?IAv6c=*$MC5~$6
zUh3{u$h9=&qKRm)*G$WzJ6sl>x+icxts?L5Nx{B%ed3#Zo5mi-Q&3)OD-l(DPcYbc
zbai?RLpI&zIs(T-O(}v*qA4K&D3Gqe7rLZO?*%I5miM_88uf7w29WTaBAr>`K?~Dz
z$#q22FrJ?ZAZkd0Te9rF-IZm2%^KsoG8CsFjxw$~88OFa@qmBlTq)Q!H%L9(dN-jm
zu}}eHad*}7k^uc)s}ntSI#%H0PmKM08nf1grm`2$pGpwAy2Cp-s}Y!CVsV}}e;45y
z+=HF3b<f{CoOW#L2gk3Zb~S@tt+=KVK&a&;R*zLI(3_ps42KyZkf__MU~z@}Ee~=%
z?tL!|P8J$0hH`8ySzh#*m_id)q11aO9_zY3riB~5LqBKUG+!u5eqD!#dieUR)b^&I
zJV=vneJbpUn7%hL)?-5Pjk14wg$5)tWj!tOolAWd<UIP`TQ+Qc5(u6*(JWI#EDNQj
zcdy^3_?pP80idVwn2S(fr{KE!Sv>m#2*!f;WgXPYJpmW)e(>jfQdI6@n~Wu!y080^
zj??y-9YA$#JS=Xq6+Lr!Y~6J>-vLPO%K=#d{XMlkVvr=kbb#2oQEHpOK&a4)k{Q2A
zDP+>yhkLqvVLn*<g>!uNJn_+tsMaU$^om3S)eO=f8ayz<?!I|tvDxFLl5A?dQfX@s
z;dQuVi<WmsZVl>f&Fe|YDP$<PBc|x~QN%5LlTGSL7pu%2G0PlbxB0Mz(pnZ7ZKPy!
zhh-~mBo+3_;H7P5HOom;LBbJR5Mu~4QNR6#v{tMiuhS;l+iLd|ZkZiWG931^*ywFB
z%oq&WlNSiI<sV1~e0IOu%MyDWI(A-aAWI`9Uewr5P(^R~Ugh%oRS)ab8NXe8E2CLq
zlsm)nfLNaDI*AMHz80j-u#l`9=3|D58#{|tsw(BwO_y1e+T2Y&AA*<UAqo;p$~1_s
zI9ISL)nM74D8cR{&1AMjMy{uFCo3hn{d;N_pM8xx4EMai--Y6-@NKmQqhGK)E7C~9
zt3Zy#w{1ZCg*ATmL0@rv?=sM0)b*JwQSTFIdrk@+GFbVz{GueXw$ms0xlbBD<-G?O
zUT;vZpuoTgke@9G=pDuY)+XGe^1N8X#KRg?H%HKzH_U#s2T=Dgt_pyGaZU~IC0kgC
zzSAJ5*=Usq=FeteQb4j$A2!gRm%uo`aQ*2aX*KA%2wU;QgI=a|0t}z>%L)@#as)e+
zJF27CJzVkbeW6Y8scex(*j(6Fe~miGPx&Y)u#U8ymM-BDWkefJy*zv~(RR!`DRg5z
zfYuF1Q)~Rj84tz@26W^+CcB@Dao~IBee*1Whzs*BfH4uIOA{z64OdrOZCq01MPRef
zamSuFE^eeLL#<+GR;LCzG)FXESt1Qm?)A^!=pOru3n^X#is)s`YHA92Mw;>nGT-#P
zU@NU6?&QS){KWgSH`4B=2A{ax+tJf=SE<T<mKxx>J=Tw6Uv0mGSsdsDbiO3Ogf4t3
z6lG)CuzIHomQ0U#;|j6*c!}ZNn%wowXiL*lzMdzi+@Umppie-2SjF(cOC73r@0rNs
zH>MH3&JUuQKr&HLrrrawsR$&-p{_?tPwbsM`ROMER1d?YX3$x>p1mv9*Cb8d8I!O>
zSCwTV^y(o5u%lFbA<my&a<UMoq2SpRJc1OL6YWP6j3%PwLXZ4KoNB_9BmO~_MQ1&C
zJ1CD=u8a_&^r>sLmAYFBd(L|e0*CuZ8LQv6XB;IwL*;RzWDk$smsx=I8V?l<l*Ww<
z`;y&n7*Oz?6467kirRa`ZRT8-***-T(t}m$qaIE3`@T6rz)}0eq1DwwM*?7X9^+Py
zZi?y#y|<>7>c)FrFS5Qcf1myG(MBYlL+-)?AXy|merJpeIQ;Ux!gK^Q(jaV*fMz&G
zf-Pr|I3`(-my#V4(`ndCgwG-Z_0e0G7_u>s$5t_9^q|h0C8zRwyP2q-XA($Ja43z7
zt58;Ujks5zb~U>XL~xA~UFeQH#n&XI8JR*R9-DdBhc<KeGo?7RLD6GWu0KoL;qs+%
zS@n1;>mh*s-fM428Z*t#afwf*%V+20j(Yk88jd>Gm!0^$rXHCcW7&JXw1o!pYNmDW
zSo7>&TzL``baT!5LeeHh4yVX0qRJ3P&d!ve2?;L^K97ykn*myC9?n<tMqxRhF~4RD
z<Q5HK^HhzEGMa6sJbC;s_@1Ka*1>!I%->UM19%1l4fUWs!Mz>D@n;Vmm388w-nVxZ
zMK)EZdp&9FIVf~hNJ9udw5<aI$yXHeg}cJ1!{DmCGV4N-lQs*()HfF^!>>t`J4f42
zivfmXwlEMNo(AS*LP+halyTL74AV!hEF(gCyz%sGnrq%vn@7Z|@Oy}E>3EUTBgrjC
z@~WLg3sC&zsqu6pF`aIpZ(VB(_Nr}e!J~;2+wE7kfv~8NXI?z}e2{JK9r=S_$oJ~d
zjE}sB*C^%gw_^l~ixf!m7;9&fX#sX2O+^~CS^N|E&u*%ur{3tPktzWwk<m|Ufk#3`
z!;dDLXU(Ggub${fxNw9OB8l3D(zuOF)XQ7?q`cmd@+qjoCIfjm?$&5~bFvz_lm@o%
zipG0sJxFK~wm8v*N>IXDQzNq;BzK0htyc}I^s=-Fmnj^1HehhYXs$dG9SNFGL0M$z
zXI~`;LvFY<R3MM5+m%dl$Z--R=Ro1feKre&^4MR#@#38?>`gzh7fik4e&x{C>aBpN
zCaVx{OEl}`nn8@|ZM8l#CjrHaBU{UO%A7TLDdA~P_obM1p3rNdZ8Z01ctPdOcElFa
zi7_HE?`dbDcJ=fIl*J_iY44iVy(}yNZmD=pB${JVyxDpq(-oSXuYl9})z#a`3-{ix
zqg)B=3J8ne$~VFrH`34}oXrdgY3N<62BQ}W7-SuqDo$F@-Fhl9H}ngA|Lm}yd0=$C
zo;0D=2*n-P4zU{yMpp#VX@`(CPTS+u2M-FXUu+@|x|pLhY=k+^a!!@J$GzAdwj$`>
zn@5D1p^nNv3zCb)M8SSft5;ASm)Q2yYf>d6k{Gn`S>)P)McCV>0ek)?iZIy?mNH{O
zn=q3GI{F>~IHW@c&MxZx!oP&`TnUP!b7(X?(KNvzH#4r(YJgdqpG$IS8>iv4wDcGL
z@!4yIFVJrQ3JtJE;GOquI&gL;VK#b;zN~<zM4ObLw$V`cQ*jUz4iUli9_EGH1Mk$G
zC+_nG9~AF<4NNRDhb@evZ|t74m@vP`Pg2cs5qo4Iq>Sg}oZ53a2f)pO)kD>A<5{=R
zQc+CLQ=Wi?j-WvDNg^sqLVN;M4GZ+1Fa3N0p6GRuLaS$XC}(&3I=Lfa#TJ`S>kvXf
z9Pa@?ft|9j4+aq6v+brni6~FSlJ4zTwcOEo&z?m4BoA(DTU$G&J@SeYf0t?-aOz79
za8)}`kyUjC)hAz~9*3MIH#<{tA-}qguFR03gj*82_p((Tw{#w41vU<l)9t7Mw%Ai1
zZaJ#*)-(pZdSaT%C5IviQy!vsX3xAy(;A{StvI}|odx)WeSeXVc7TGrt3`P0WUE1<
zBMOU~KEY8Ap>%DRt_a!a@qlvZn}p8}49i)tAkR1opr<t5YLGe?=#{)KSrJ(6N5TqC
z>$VaP@MN3b9xy%^IXKaNrXeGmc7+d3gYzhHM=0><c0<l&cjP4&HmxI(Uft;_=dAb(
z#5N4I^euy6uI7_LsSYe@()T6=b+|dbQQq$JMf4hcj~X7gB}}DcOW_DBWUf?z{_Mq&
z5d8}M1kn!m$vj?SslvA+g-RQ-#r7VmVCcY0mq!#ApERI;zXiIMka`fh%B(AVJ=Z?i
zjV5C_*)b-Nip)cd5u4fMPGIp~Z)%|qnKA}SJ;gYCJW0!t&;V6aSXC@pF0{uLxvd51
z)2$neS(%)plntpZv!*gj&4yT}v3#@dr9D8sJE!cYmwsqr!$oPNrJ>8SDZ=nLvUfS3
zG^JoQ(+r5HK>chBHo%yvQC4qAlchX#Op);&j^Y;5bmJOjo?=DMa{$h7B7i>oGL=qQ
z@3^XLZOj%pPza$v(wa<bos66za1W-QyUN7IhZNO4V{ojoSNMWlTzsf-P-O7U(oLyD
zdI1^v0}*se=v*=(e%;YQuH0BJOZ6CDA1GmuJW)BRyQer@PqF5~965$B8<POmbA`<r
z0UpxP)nN8}3r}=oqw;v1ELUBwa2$V5!`tBE9Rp}d!$#Jbv$oHT)Zd|%6LsG9<a?4R
zeGHfFeeg*If3|3ZDS;^J>8#WSrCjFP=ZKmVTj<LHi&Z%(oseYcdDTPw7~cZ~m3STu
zkGt(iNyxFzW=TcdAykvtKn_|^r0JwP<ERNAZRkMKnsOPaYtJJrnR2Ab-htLp0hXH;
z@r`$+#j7(bHOS%6?La|g#DH7_%;Zn})g76NxnV&cSo({5`MX&gE{-CUn1b?AA)N*i
zL2b?nXl+Asf@{@^>${S7!BZmoNyhtZ*1`N{6*|IdQo$7gQyJgs+xNsz?&1lwK+FN?
zddstLZWZhda|<-dtb`VhbsCVy1?uMzCSApV=tu~Pg<IM0d?MK#m!`DP;n4zaUjSO_
zOIWe@Y}>ADHSL_l<?I3P5)qHku+^)3q>o&YN9&PTID}C`c9wvrDM4cw`PSPQhU<r{
zxcz&2NKbpg3;_<=-APGFIQsCYLS4#OsrH3VTQxJN#ChN1HyxjCd)>3Z)dMv+Q&@V7
zVD+_Sg|*GFJU=#9=J2qTgXRE6dC}<xsJhS09(P|Ypw@fj<6-RkNKfw8QAv^Q&~p1u
zv5cm6X__Du-Jx&EaV|@C*$acv9iPCW0@JMQ8<8BJcby7hgasN@*%q~upo?a=-VP1z
zEEreJ&t~HukBDNIBUnYr&QC(}FgDzWZAr`~-#vcH=JCga49mOju0iObR=k?_DnO_2
zFe{%8{03tI(|Jp`9iifhQ<q;|(se~p39G*=dp<<^4hV)T6uNM<y!m-k$;-IjG-8IP
z%#5VBJq6H@HLDGX71OE8oxEIFqr8o_7r^NjRK!r(BbpNS@~Jj+!{f*491jh|I3ksk
zgQ6C9pM#9{^2)$KsNDv@)6f)EzSr4-766*mTPE^oOh)||C5Iaoy+_5iZ<`aYNA^zY
zY<XTFKyDqNPX}FTKG;WL2Je#+{cPnDxdf$W3&m|29(hI1^zy-Vl8mchAKuekcHYzR
z_fXt2vEel@*SW7FW3S?qzVa}hP+WgZML?I5#|tq^a+%{K)fkge(%J+Alr>4$EnZT?
zw*pp2fTVm3^4Kv1p^>VImuBjnAr82u>rP>@2qUv{(rkp52Lj3BGhhX`2iSewX^v9I
z{o)rXGrYCXozOX)XOw4r^<o}OP4_E2yn8C$xwmR`W)YN~-%Z^<o4VPq!>c%^kSt;)
z3ooOB#G+veoZfQe@K6?UhT~UUOfHJTcn%h2k-8BM27&^v`had4O&i3+mL*cVFf9wz
z*m>)Pp;OvQ?isM}>(D{wB6A9~hqfFjEG3I2c+bXnY~MT}xecFot7udr#aDMc2o$Tn
zY&2^a4(wu`LZH?&nG@n6*hQe;tv~GxV|Rn92*OI=I`K%Dg=eDIMp+wcIY?yPs99vQ
zWIL98(&FD|WHTJ;JsHf089XTZcnlqflJ+2d{Y{`F9l;La;j`K^raDfAy$5Q|#;;te
zz2_O4!y!z^It7+EbEKM8C=mJ?t_2@iSZ?x*2P#NT0V=~*C9-Lum+wSx+(YX{Q4dBv
zCX}2|YeOn}E5J0MLQD(PNcJFxb{;;h7?UyO5t<60crjdXJDLtcSM~F~oEqOl5Vp9}
zGLhXZg5H8@vl4P;eYdDB(d`*vc?V`p-^BPQF-#LuP?0&5?x?dmpo8ZM-~v+PjSuOa
zZX_y~B;~BgIm^H{yThJ<0Sp((KI(=%5a=GPl@*a92DgPbRu_(}MCQ=O$cZ8E+#Zzf
z((oCcsn0yL6N2Yd!wEj`h^XFfObwvCXT>aFGXlq1kDj&6MtasLrO);z;BvXOSCE|)
zcx|z%z1H((hlcl)8llJ3$EEcuUS#_71@Y-o8e>^NGqNC}wQR_9foDpW`E6zK+4A8%
zgk=P$d?x<tfgT8Qcxu+#+czmurRTC*FV+*!jyeJ6D&;9P^-$fcm%b~)F=%i;L`E;s
z6dK@i>}=U>iY>+(0P|85HP=ZV9dBj`Z|P@MYT5dx@S#ecO1&rVjf2jt+;baY<F*S6
zYKquU*RmBSTx(x?;*3%eTB2qXq?0XHd_<FO+zJS&3G<5_uvIa6qqKk(2`>g^wqYO|
z=$=I<<<=|oWdnmEIG4nt&v^ymd%s?e8<jH)q=#=p8Zg2P=yfdel%@0#UTj>yz%f+R
zSCu_&pfK*FDDw~>dv1bg^MjrXGjl&(v_bS)5g>Ju3nqhSG<btvv9^v>xd^r}H*28G
zfMs~vw{MB0v$%*UKvHxg-huCu2UZ5ryl9@hEt9j>Fo7<$aiR`I(|%gxNpWa^Y<vZg
zn7Z7C;`fUlw0w%?y8@Qgw<DMWd-yz%A#NW~i^jy`c%7CEjJ4Mz@JSDT#(+!R9eR_h
zs!2rP__Q!mn3}euGTuQP&K|B^BR5Cn^L?1zl;SZEL8cVS&yPb%xWu|(A5dToIhnDF
zmM)CfCiW!wOEz{#O@HuQu8*%6?9A*^ZnK|jNK@W34I?1&HjBqsPehxQCc4t=5IDC2
z_*JHFdR;}o^HqD)3nSDoHhsh1F^3|pGi<D7GzI)#NG5P=NeSk@On^Yj!@knC3WYs!
zU`5dv)-7s<tbs35;>9OH^gZuay*#XU5DkXC+<6(aZ_BvXQ%}YzU5xoXVD;I3TiDfB
zBH1Wl#-+E<rWRQHi8$@3E%Cj!CoYpE5OY}0iXi&ri9RYS+<wZ74$rTNpIK{BCa_4n
z?P0dSJk5JuO^K+Ql|D+|VryUr1?vXZd4WCe)l{G?Q0M{%jOZ|r&n!YoDX^KdhjHV?
z<0jf+mi_sLUTd^$*6ejGCqBhwi|wFhs@Bo~L!jtl6+ww9Od-LvZ;C#n0ioIfA$qqG
zJl=r7)MuSjJ0XggLU;?KZ(Yz2wH-W*!i+@1b1Bpv(u@@>E&Qyxuh(HnaBExL1yC-s
z&Nj1hpIZ1ibxDxUN)z9E$rl&GuekLdND1p}I!~`@>3q@lqISIZRX+DHP|Ed3uTy7M
zPNZQUWys)CP^Y}Br|IviqsQ%NpkwVlpJjNQOLQ|tKj$6pT2Oau&t-)Tu`TdUF>`+X
z#4hI^`aqX)s9ic)66Kq3lK3+u#4EdmYV7wmUKEZg+A!8Lg08hrvDV9X58}-;MNwP!
z*lvBNp}r6F%^A!&Yd#xjLuS?zATO3+7>X@RyGY549O-)x?MdZ!Q~|!;y_0-cDUH40
za$Dh0S<z>4gyIXlXREvv%|7OTMmg^c7fzm+T{9}U<gzCy+(r3pvtD3MY&E2mHnVq?
zpQ^<0qol{`{j(pfc*e60ADyucrlDJ)i3nOn^oFKZ(3+kEU5m#<9kQ_UNz?m`3!4wt
zxeL8G=~3f$Yxh8z3+LmQENao{Yn^6KjFS$?t~1TO*kpTj$0cvihIPw&-yL>jaW!J}
zoz@07@DjK=GfP93BU`N$LQkvS@p&ZHOl#uq*gJvOwMGFNP(>l>MitAq)Vs0TYW;A^
z_r}JR`w-3_+$#E7uuk%HN~g{R^U*sEd6nRRi4?EL$5wSN@Au*}gY_!%+^*DItax*z
zO^Gze-{dnjKW@5PNsgP6KZV`ZCsFc!6c8IJ+b3YBI+3LIOo!PS*Q!i?-oWeT$3BU4
z0SKhLDc5;5OJXrarzL)YI1)T^7FQs*ETPMn4tI2>I9RY^-~b|x=q<d$J*5mHq&U`5
zR2(${+07&bT{SgH{chYvr+OESkts<nFnscy0W71W1qCtpg{ig$C4~^M`+IL|Z^=pY
zig_L>JdUn3&UhBP0ImGf`cmbU`?-T_lL_wR>Tu9=eB7tR(ppd!8vLlABn!qXwf&?@
zKO=;*7QYgdXL^c!`<~@nXg)4Kf<VajNDea)=};IN87iY1&u&A>02U@JR|C$6IJ59n
zM?57=Lya;Oa>T9tInKVS6rn_YVix8hfZM_&4=Ug};V~7|po<i|eg6F7yl-P`JP>O`
z%rQ-3EGLX!8UjtNn3`!>D^oQ`Mag1-*b=D-r9`~Osp670H%!D6VFN^XujMCM7|C6{
zE`kSsRVh=7Z%O@>2Tv24)uU>|cqE3U>fI9=_$KQ!Omv(1%NIy#S(3v_kXaO!ZeZ5K
zUCzpy({Vf<?*w;F2#Zj055bQxAt_wM!m(k6d$o6-)SNjr?h(LHRF>n6J_T_NeLGp!
zTT``da$`XP3TKm4E?iXLA?}xO-l*I9!V6!EOz$#F7iZvT_`c!bEMMPjaFX+!t=+}Y
zxrYSOfT;FX_>p$z6F#5Ct`dtsiP*z=zxQ>W-dD(BeCHB2nwbt-!?aHKHq|SeujKKO
zs@v?V=vuG&q{}{Ig(*ip#k(Veq9>A#gL%E?6z}DxY=GO=OOCD3Drv6FgLU<GAsv43
zE*{8QtXW;Q+?7WihFA&lq76SBW8!9@O#^2)nvrz_(RkT2$vTo)9+H`;+o=ezozz{J
z+UpiApkzAkZOd&)<qq58kXx-GJjTP7^<4z1eze0j_6k=d{MBJY+-l+_@*Y>{<>rni
zC5AvE;qUhqxoU9fk|nLh)utBKN3Vxn5W&Eat@M0vd@u={!yOy_lQ91d7^Q-Itym0w
zmE!Zp*5Tp}KJkEnJ{*U_Ia+mapH_qy5|uFGJmT`_Nm-EF(8t=(AIp}|PGr5RUQ5YZ
zwdk;1np&3iZk#6tI+NV@&{d_yx^`bxJ-d9JXMS&2MQ@wfZr^TIUJ~fy9@W6^%QdWl
zjiQrxfs;9hw{>H{#Ezq^Wz5sXb*5MNmN@V5)OUEQ&!nRwT95Q+CS;mZLa#KrdFGzB
zVq|Hf-r^Mff}g7MH6ia~&f}?+tnW-1-%&&2jlDXV+4ml)%xid)6GnK)%dhK{X!7{s
zEoy~6#?yXtc&0G?jzYJ>CVWI8N67WI-}Iu<JA#sTV{?M@>X0pGRJ0xB=@r%q>L~3x
zRb~VQ!rtpfFN5QA4JXs<tM?YR<!MuM^o{QZ0>8UpU=XiILQm;j+ljYO>Yn3jS#)y(
z5xRsFtN41cu~Ut}^UWQ(0cy5*Z;k60X+Vy~%dO2pD}$V8&yUT09={jWG9w|3^fqPZ
zI2g#}R6j{0_zWGdFOkdx7)Vd`cIF}56Y*LsaT(y27MbjLtT;!m^J+NSx*XVcxJa$Q
znx87^doj>01vAt~glGGj--~>;5#cg4vTAilLCj(^n<ZIYPce>@Q>>^j$P<XR$kep8
z&q34!;9cjNhnw0okk35Y6y&VR*=O9jIEPn(Y|W(lNXZ=^IYhMGT}a_;2-!r2g^FNL
zS)ywp6*vj}X^-{<uAd&Q%=tMgabb5pz7#mYO=H>j2*>75mGO-)Ay$9W_8C8hSEVbc
zFD+E*H17qEh9+3|F=gg-?;YqGuTPv_KoG>L8p`N~xw-d?y$WzEG}u1QbRC*En4ppi
zd+kB*SY_0-xGR=wJJ4@J2kP<cIvZI>2G@ypQqfA}RJv%WJWWRdwQEar;82Qr@qAEh
ztzevVu+G<!*ec7IkdbaO-w2_-ci}#zHwRB%4BT{b@F+(cMV_H<v{&WxpYvF~l{DZ0
zF+0yCg%R$8H3)p?6&#+G=?~8w?C_bw)7E#N#NlTU@kia_EbxRwiN?-wZ5drTsobSS
z6DpOaUQ_bX4bobu!n6@cCq=?Eq}$Y+R@!}*52siwW{N4eBKuY5+MKkm5#XYop=F6K
zQs+F=+7}9*LnFWtYx8_)eD+<6XLH}??e6o2jNNvB;mdn1c=Cn;#>r=<yJDa~XMiv%
z`lL&W1T;`;%M&re%gbFCF3Qqj!zM6o0LkDY&Cq^P=ZJpPC^m;AF!i_?(fQt^^C%|T
z7aHi!-cqW5q0h2)v_7e$&q$*E3K9%Mj8}}FtKx>=)-tIWUL<xp^02ZCV=j3;S2*J4
z<n(N85&(Xw3QJ?SsKeR)>Y|rWS`VeL;o8=0c*sy}RVSl&J4pQes4f<$UUskr&*)Mt
zgY7J9NWz?Q*EC$KUYUU-Z{dqh%0Lao+I<1k&)OVlHTHqra>MH_5h4pp5#URwI0GXi
zB2~h(e(q@+-Y^=OqF5Wp_Ve8t>oR0_i%6jRLuw04OsQ2Iynw?O5Ac*x!s0y?NtesB
zPxAOPoCuapmG#oy)+5Wn?pq=Bn+F#QWlPUQ=k>E55d{VCnkF062N28wdK1U6cQel&
zfM~!GMfg!3Uulo98fDp)6em~LKC8tWP9pQp^^_aM#>ad%ETAScgbr*^JEv3ZA;SR@
z0MKjY2U*ZfefExspK2Vx4S?9At$0p6O2zoV?o~cLOx*2<`f&Y?nUR&m+SBq>!`chh
z1F3ZaleqlZ?<8V&yIaGPUOvUNhp~ad(e_Z0@AbOdRC-L?GTEPH)VFOu__R%yhzULs
z#dX3Oz<fsRT1|Ivujb{B!iW>Dzs$8a4u(MC2q#Of=ZB_(J!F$$g<FrE&gAuAhmg8C
z=Rgp_i2(TnHkcQ$w$P9s5uE1r25x)8i4fz33O(kPUVa{BWQN-Jaw~0mlAwnoGtwmp
zkc2Ou&&1=9tc+zBs=-m1Nz0XKcv9p%380HzInLe46qJlIB_hlqt>iNhh)*ScnrAJH
z8!BkNMvC53)O+j-Fw)hqaW95)+S64G8-rM}`QCjK_<ek-jXELi7)g^6l^Mi6<qC@d
zb(Ls4AZ_s4e0iuiF8P$kVV}T*4ZMdc4fgtRwkom%Bc^xlNOb$YeuBOZJ=Eq|*jcAq
zcg~x|>448gfWa6c1m@3@$+d$Mx7UMWm0envt8~-T8m@GdnU)FGu={O2rKD6^s$1}b
z?wsINteuh>D059C&r;O`TM*Mhj}EGfD}w2Kkxj!PI?vc;=@*4>7!;rtcH$)rRX3U#
zCPodQK~HwJ`M@JwsLG{e&F7`_Nuhj3mrm2+M3RtnG<8xm0QKi;BF~1`PoRkqF7g7j
zVXar7-cvx=TZ1Q-v2L*zH*YZ2y$zC|v10qPN|@11p<vxSU-86RI%#Z!w*>ffST(oU
zg=;5fqxLpLBil1K*)pySIT91oM%tb$Nc!v*g}KJo&KQoOq)ZaO&_P_ptSTfe0=<MZ
z3){6>L<?6y8epaAJu_*##V0wbHHqEDq;>k<FA}*%uZ&FJS<d6YvU-r4k6zZupYLUh
zUMv{336Da+<*WM+G5Q%|&a_;n)gB>`jJ^$q(7`dJvdXh705sGC8s;KYXli$AM%Y76
zF)eHwhCM&?Js-NK0$>P{Il*VIE7rzp&pISvJ&%jj+M`jXh#lGci8FV2_seIP=0HZg
z_uAe|7w&UNXcG0Aw<Dg^q3=29JwkZBE3D)zHD{$<P|Uu;xQyl2^a`K04m?m0QS054
zP?(DaqOPYgug&dVS8~gHiP?b{a=&O)^{67L+=UjW^TUF61LIm&)%PY{f{|<c-qXi2
zbh;j~pEMeM+NqRxG%#&y^%(PAyP;ndr2yyK^fR1IL{s!QjmPi~?$p<n(lM-@BgEvz
z9z9MWi)+%SHLn4pbZ}?u=ovePW!38lIxU=zN)J3SaEt67NiB2@%;2_x^kKh{QjW&S
zt>^uk4yF5~Vg&r0nVV_W+#Ktn3mhqyi}b6lZX`)|Xn7-mEyFcnt0ja$hzjm2Jf`AY
zfQm~gK49htfdraaBl&ZXCncY0GjRgXjKh8L!ie4$skaVQPi8$Qn2knFmDW>0%TFR5
zK8eJ>X-exZJ7z2%+PyoreV!AS(dOQK+yt<I#uE|Bi(Q?;N?fFGgMj1ZKCgPsDOI6&
z)qb$T$FM{pnv>OJDkpYjii^*->s-`?c}iEHJ@GsqBV@dtbI=*@)P%){4VTt&x!Rhm
za_AkLE)=UPCBk(gM^a1ckl{`>Y==*7yS8}Vv*dpJv<Zb?w@A+@oe*XPrB@o2hec?=
zs3KzwFDvZWUsTS$=fS#bG;yolS8RjMnK#oG;0vf^n3s;*;G77F@14vym7fvk?Gvhe
zgk;klqI>WBSZ36_h~&z+q}mp@B|W?<DHuh0?Oon+sWHBzhubgirGesd4G?m!lU5cx
z93H;QEHBub8M(o#7i{dp34RPBJdz^aRplr=`wZSubW+Xk!NYj!3o;`pV%_b~kf9h*
z)&0h7`;M?xYwo!|iFsrft`FhdIUQ1}o2dy7o_SSdSR(1QT*wpL2S-8q6kjk5$ZHqO
z9>D1SX|PoFdYdTUZIAO+RSqsY3qM}g)-Kg14So5TwqF|@FIv4%GDAQ6WV)!~oK4O}
zq~7g@C1*ths^N)JU<kZ$hZpwTTrIWV(^3Gp%Z`Mj>-OcMw_*E;pHy(k*{}vW#qfFe
zyeig*ST5JZ<Xg~!U5tWf;0ifRPkTX$)2F?-UtEZvYry%kE3Dxb6+VlU-h|@w+8ej*
zJYl8Bvbo(QbnJ>&tu0NhOB$PlSEI4<a9$1p(j>JMVfEF8?@O~R%ERNEWMV#eI_!tj
zKgWN3N=KX6EPs-t^@d_-vQ+SK>M^j>!Gz3_ZfhPaA8m#&IvKvtNdf*WS1s(Sp|n^>
zSKJ%Y9*>cjd#6C@SP%<sI>kGwRC$TQs^yDC?&I$S&FO)Yg-M!n^^>-O$FQCv@n=3R
zAPW$!JQ?v0AMib}5GUZ?DqXhm=y)lceF_}OWT*Y6sx2uQY{E2?V;|<Ju+igdLZ3^`
zdNYnznjAJKof-(1f#DXhL(lbLDc7T}*A#U#7AD!DJJ)0{Ta*T#y;k673Ff`8N!EW7
zs%Z6)cJ!U-=oD+&3T=*}Pe?-GsDM!Ov1tm^c-7=t+b5y;8Guelno2u3<XtP70yRLt
z&PW^HK`JsdJ}Bxa*q0I<9G<GOYO66&NLRM6w@7#$oCkZ$=w*W)Kpe!|M@OSaNbx+@
zpKjiP0i@4+!h26Rd1o5^9(bFjGnpvbW%b+SBxlYvexMB-s$>cl!@j=k!jT4x@w!Ej
zGxLeHMzHe@20-B&)m%Bt;0+TNTcv}%C@{|#o8Tzq8X4%FVkaeU$8g^bXG?<`#V<;o
zS{`mn7s_BhBspPql3;IQ@!h7HX&LN(@MxCvfVETPlT!MOLVYeug|*}1L8CU4c|5yC
zPEVich7pra^_2AS6?tSQ;Hpo`NO<USDypz}fnhPc(JUT7kN0W?UW_a(RXIlXsigua
zB7(=NsUg!C&A8OgbQO)h7di#qK_Qa$T8ZD`Zqhp%!RLIm1hG#%>OwFsTd>}M;yNIb
ztb&|FaFs?_H7bt?O6cv&vc6ouiVQdnhv(1>O%yk%CJ&;<+*#h_F)BUiTgVIE`uR@%
zRar1SW<qa8J&=F`j^4`-BPV|b`fN}Fd$Zl6J(!HXN&VjYWG`b@LDDj*#d||%vM3Va
zGG#2U^$!yCX@3Tf_&OQNm~o<*`{iR&a~|x>#d-$@3VRpk`|N2Qv@JuAB0Q*(ZL+6D
z;mTWf2)s3^`1(;`I!I~0cEU#tqAx+jstth_YIuj(Fi7a^v5dYUgk8$K7MI!pzI?bC
z>Md|1BdivrbCw{>`KS+URrD@s*0_MR&kMuD8@l+3SVJQ<jhDX-M8~|RR&A0oKgSjU
zFUn)nN_}d5;nb$q{(Pt=eLy{hAL@a<gbwd#JV2-QNh^QGBN!iu+`%{m<k0AqwXL9Y
zPJ+latz~SJ=kIL>qV^U?5^a?NFrZcSk&4KrDm`>Tw<$m9V$oM#*r0XlGS805btehR
znZ-{chTy%b1984AAM<m0w~!Kw&cx8N=PU1#n!x5!_gjkLngO;oe&fnbHDMn0njS+a
zvY)9@6BFaxySY|Deq>9Nrh!^Q&x5&^k+x)JU!Q@)yCU&yxpEru0Y|fJy=S6;c6aiV
zSXm;ku1Nz$eKY`%jpwaCurf+Eb{wp|>$<u)Io*Wd%}-+A`!r!D)-s+gQ>8jSo=ovW
zwqo&0MG%EOdm`qNQF~LslAyW)2JeERCe)+%pqFb>vhO{I>Mb9LK`02%aRHbp1;e@K
z#FwXSCWzy>oaz2vxHi|O-qW~PAdJ^RuHGXjs831M!tdbG3we!?U(M~rWfun&*zlu`
zpkQ4%_qu^~e+e_C76bCEd$yJRkxM>#6oV+)HpG&KMvs7SaGFIQo*d-!_4i~d#aFwi
zee)N!AjAz()pz^Qhp&gIHS0pMuGlYLuZU84T@USMTp0yC{G?VsBU5qQmXq`5wDLOo
zE5SL*<(r3@?HS5dP>Vg_nc`~W69}yuM7YNEm=*NtsmPxpgQUOpX_y5meHh#PqBG(>
z2Miv-4ib{%E1upf@VwR`jb}AgH!c`_!X=;(t@t27S~yi*OMHcsF;c8Ti5Yh`9AD(|
zEF*e4#^f7Q15J4J>MafhLctDcp5mauR@YMrnMbM#HFhdk`D~!=(4v!Eo&eYctv`%;
zeseYUUjJS`bTx_7!<-$qhzM=U(H&SGdwtz%_G0)s6lJ9O%6Z=Tcc0bI@RZ>^@=kyq
zc)cwm?(I~q(+2pvM}&_vm}X}BS)vt`iN3UB%ZLGU-H2!U$cN(3A{)cfs4ffnQ6nW>
zKXbb=KpRU%d+=iOafw-=#-2T+nyQJ1)8%w+oY_y(GhWA04L`F}yy3FY14=9>eM$IQ
zZ_{2G2o{mH5kbVZxpO|HaxTrAc>qDr%ahnnL2f0%Z*9DuFySNIs#L2nNGO1rx_FgY
zb}TV6xSI%a<kR;vMs=+-`dZPgQC$xSLw9d)K0q%Nw|mZId;-0){(47cA^4l#&lt6D
zu+hU3(p7s!pR$xaBD&DfI%+$8Fk?Qpl%1-JrP%tY3V73mHFG7*5jW~yT0P;NWxTL@
znsTrwm|&Px9O!eXg+hXn%Vv6UxRdpolFgbaXhR=3OAITrzc;eQ!2m$cBRTv4lhF(5
z2A{ohMLMbyxYG2B1>%%9HnZgYcy!$5wa=deORzLXIO5c`+r|PIZNQehI(C~-7{2o>
zPwE(VQOmgsd%FaZQD^1Pe-1yrNudC4@O*W3o-L!uI|jLK#|7SiN<U|&8Q0d*Vqf?s
z*!0t!5n95Cm#1?^$7IfJAW<CF7@0H52B0fs8{<Tt0T~n5nxJ?go<r&4qt-MRMt7Zn
zX9d0@xF)NlxEAKZs$)Q}#(JWUi6&}o#I95kG>)EQTa`)l7}hJ+PO7Fk9Zn{{+?tAz
z42zdOMkul)f{EwW4s{9=_4wNK1wf%EHob>u&&?k9`CCyr#q$~3UM=nJc<;dr49m<D
z-XOi&<+@I<758nkqZmT0^_WF3l+#}nzqe!>fh+7(V_TBbhiAb`4sZBr?Obc1-kZ)>
zV)S66BR(ni&uBG;cnVQjX$76iFGve#grmJHC+UUSSkAl&H$AhaacH<Vy;oyMD9_ng
zoD8Hp>4nr#J~q@_eLJKB5`87A#jLO9#V#0H&4eS&;2XajhpC!=omXt#3RiGT>2USr
zVR>ha#PmKfW6u~KKYf_z%{MxUO4F#<fSE01`4UK^-VkF$t-!r^Fa>4EdB79uw{~!f
zJK*$Mq+bcC$n)D8%^Ydjom1Xh3w|EWQGP=)2=8|vcJROi*F1Is5>U5@!=Q)Q>e2lc
zCQ{<~9!?cd^5era`6fBOL)O;3!}NFUg|hDnrMw!T(O8C8c1((zITIjk!G@r@Z^>t4
zJhOlXqnej)7Doj|Vkz_q@0-eaY>@b-s%UWD5)d)aZom>a6Yll6kmq>p(`o0}j5$T$
zbdHx=cMQH}q?HSeQ9Z9#Xi`ahY42@lCLz7|DDK6cbUoLxJC@GI$}ZawLyY&TyC{pF
z0nDSpE%uTT){1BRJfHZ^^0e0Iwmd5==v*lht7T0?dW)dYXmIy4OPkFc@GF}eEeguy
zg2ol0dsaB!#9$7Oy2Yz_<{3f7?wc=~AAH6w$xhJ(PGs{}(@Y){tnVzA(xs8ev|d!u
z6y#*SBhV2bKSDk=Zx)0_#Ea?I*mz!=U1+HfIg`i~tOcc&(wH5sQr48Z)t;{{jJi>W
zzcJ#DDlSCZ@=!(>21tjxRO#6lG6wmy-*a&Vx$fEl*QR>Xd!anc6mM$7KnppK=&-C`
zk0b#0ZIj?tqOTFPF7_)#)j+Rzde1Yw^c6SQwQK5MVFS-0%VOT@Ln$FR?B{RPq<-IL
zc}U&I)e;>ZtkapBW*@w1&S<~~w==<8YdIGLMdv*EzKQnFTrHUc`}AotwM$=T8z0cM
zFu-9rT~^T%S}ZvO?|bI*AYRY4%VUI<hEs^(-aC2YZ?v8=@dQIofi;>$6iW%nL9F?!
zP6?L<G$JtzyAswHOB+VKH>j@Cj3vz@h+N`TP}d#=mo<~%IwowZItDQyP=jxvL&1#?
zMK4E+hy6j%^>ox~o?uLoQj*;R56vR!=D5)CH!7fr4I|0mFjAaYhpt)kC`84*xWs$n
zc^C|Zn<*&#q<T(OuVvomU~?f<oX@Lr%*}Vf!)`p%D}9yyO5?FCmh~sq_`TE8u3EK?
zmtju8o1+b4i75r)&%9o}u06@H4Q}5@Ct_sCVscIC{)BN%iO$b0*ezWm9S&g+$iRF2
z>>+2dOJ1{>npcQ<!`A7;Jupp7hQl*qi;d}`beEc;kO0|rXh8K;%8;-@=tG*J@!ox^
zPuf-zAD%8OaprT%T2aMDU5!0layDFAVr`bFd>hmxN}5)7hkUyEasza+Z&7&z4WsZ(
zAVa%m<*Gw?V#TzFQ1d!~iGLb+9<)4rLJmwzN>P4Qu>2m#*^%HpT;mc|tK|mkE^6!$
z{v?||!`NX9d7l}F+cU6v<2h2{XKjWWvruB_K1a+&)1Fd{J1J9-0%zjXS1X6DeC)KN
z0p2UFvscwTHfZ6C>;_RVCTlIh!`(fNMbL)!>a7Olj1y!pDb17a%Ox;dH@8rJhU%b@
zsI=Yb&EA;qEKs9dB^=1_4B+PF%t%Nqi7?w_f>yh-_+@qN&6QNUhdGZwZt%=$?RVO&
zr*bH|F4&Q9fwnJMtt2OS+@2#P&T3i(_Xy{N5z{ZaqiWC6gacV#vU_G)C$LN_4HIKI
zKwy;sOhB{0+4D19q4A9)IQXQSKVw-;9H(uMU_Cq)qZ=4-$7SGvxiW_coLrmYdZrl2
z&(K#d+#F%$kz&kcS_w#-ma#zVV;Zl+zO6X~jS5JXgMrsIhYSUCZEkWe-zxQ#uaIQU
zSg$`4f_zTd=m+s0jX8tdx}?43SX0R7Y|m+j?y=1v7i}Xv%Ik~Sp5}G46}Wo{nuCx+
zLJWf#1WYd-A>Jh8Y?eOL%tuGi{`_%YV~flCvltet8MX&Any40(OXGTo`moB-`X}Lq
z;7=^Ih8b%gciiGq0<E{b*Hqm>meJhL^$=mYFThUglkoQ)(9pu&jh<s%<#1jG*|3;d
zs4A?cV+&3A1_P7gNWOF?rqeU=;5P!9&Udi{DM327mDw+ZVgPh2h+A?6p6|$e+s|;v
zFmUIdvNAh6y$cl6C|-4kc&$zagn}!(fGY^~7~5SX@4U41=p?#ykYdte!&-;RFST`&
zPk}LFXs|j<o~cth_Gq8VsR$w=2ab7l6PMJ$2GO>T*M)Tmt-l%a+zW`TWZbC$F7m5u
z<}w5BiBLjGL}LGG>52&9>~krFPv_ohb4|77Gpl7SCGxEa1QI~Xd)=`0AigR0Ps&aA
zSO|upET2b|H;gPx?2{Js$QcCK$F+|lfv$K~?%w$gti^;XXLlO)P;@+TDhvur5o;-A
z6bc(uzbbhfOWT9&5KSf58{s>xVjxczU&PefmA!e^W5?peMMwow$0upgnf!>}&8WdJ
z%XJ~>$pkgW(|d0?uPc}KVYbK{Up0wirZTPdNML%ING;E4aFcgEX6FU#@p6O1V?E)x
zM7FipI?Nt5C;0^I^|NX#f`WMdz*2QwWa)m9{tk|zJ)j`#!3#wc7h_?+jie%e6)zzI
zk91@c-pzEhsC<$x-=S@eQ0VgAW3hI7C=@ehYtBJ3Jf<5`c}XRYlA8H=a1d=!qVE}>
z6C<$b?Y<7kSOHms^P}eyD$44W5bStKPqwsqO!*js589)`XjMyiBp&F*0p=#yd2uO9
zXTRMyASaL31}5vtsC9P_r-F9Z7UL#f8h})Sq3J42mW}zTBkY0eJv#7}kb`YPW1|WW
zgKlL)F`b}Z_Os@&e882HD9?vLnjdFF%yzmm2^%+;>BKPs`EB|Zlc4;f-Q`L26_AHS
z^o&|R<Ah3`RMb}RWwjG;fdm$%M{oLYKtE~M&-liR!UE$qx>eGi6ETkjrEk%~A(-3J
zPs^+7AeD{0_cDh-NQoP2Bp96ok@C4RUvU$_Td)`HmJf?Gy`IMt;TXJon6F6VDcxX1
z-S#|TdnS4!8Hl<;5S$(H1aq$_FK(Dd$4;)=&QczXKv+ZQR&#M0p*)-g<HT;Dvn#m5
z3MRXPLPGC+(ed1}ghQ1mk#pr~hh@#4mMA;SqybVo`-8wz6&=VTqhaOVG)Lt-Q|TGx
zEHw6t2ZP$Vzwgr=Lo1Y$SjA0G3s9Uzmx|2k8o3eZd9Wq)%LfI4r}XTTc%$$8w2u~)
ziFJuk?Spu*y#Nq<Tu>4W*7yX~^)QJHD2N<j#H-g*SsRUPSDrOs5k9k655I;Lh4WlH
z#oBvgvY8rML3pEOEQ5x^vavIy))-U~?$B-#W{3a;5D+q+mXB>o9O31|6p)oY!xcrI
z83J$&IcTxBTFJK$Afhi3b>%SW(o-klRZiDi8X1^nyy@ov9@tOJF(I?91FS?x8Lv}%
zy{KoEU=Rn*Y$q-i_)l#XZ>Gh>uSYJ&ynoK;I?4}&z$#+i6y}VDj0>etW+Rq)<U!jg
z3j=Ex@#!P4_es5fMmisw<%42NWtR>x4hJbT0I`F>9%xIb4ncWvq$z1qyc$m#tMs)g
z%kD7h2{QV|_$+c8BxNPM#OJIoaxD8CguKjjAaOm3OP;ltk0uO6(Zk`|U^7(c&bMm8
z1CW9;O%c>(*Y<F-6Ad5ZWJLGsnRy&iEM-fdN<A0@29_Q|m#ScGCjgo}?`pENj1_qW
zilNHzo~9lozDg9?A)SyKB`YJ42BQHgg(<kPeX$ARO$(I-G<gTJf$LBDEPjzc1Obx^
z*92Hp(ZDm$DSZp?hWiX!<ibafBOjL6WRoS@H~F98uAjcD$sv;#n4WMhl^g_&iaVFY
zHEahvCU{lUK{(BL)#EMKPh34W_FPIk%DE~jC7p->chtpoTeiur$i-3ylLlfS5ao!b
zo8wmTWU&(NbiH17z1B&4UTen(&S4xJ@6IlLInK`3Uotnls+%-mbs;HtJdg<t@QsBM
zSbGweRm$V7Rb@QB{G1yiN~D_M4ubB~OLKN^p4ljiLC1-p__JeOdX-QHB4WtU+hSWe
zI8cnq<{Rkoc1f2L-Y@z))-SZuWb@c?I$5SQkbOJ7i;tZ6xK;!wrae>h?L5@)Y#*O7
z&&x->%G1P{Zpp||Qa!PwC6lop&QALaUQ;0%96%oC-kMm#l&X*^Qq(X_Z?Nloh$pAj
zdbUtv*=gQQ7La;T9`54V(H4a&cl1_O&4h6|PK;`09JiSC2|aW~lw&dn6057o-PSy$
zJn|K{&Ia|wq!2EN9Cf(Y^rUEcoAo5(!LTh3Pq8oZPEnLJ+=F*|=XMU)UTaAtcSKhe
z?WKid%+O-~VCYqw6lggN!{n%g%6lUSdD_oh)`_!uq5StAo(rnU@o_VysuyI*nAVCR
zHLx3qUcp)%HJu$c<GyswF98UA20kr7H-z`}Sbgmg9#%v5iPA))KlZ29KH-BMbv7}2
zUC-;9>zs>q-s^W6{21~~dN817S<^1)T<yfufdgR90UZU{-?)quG93~FXg1|miZ4(C
z+pXr+sBEY8dto-i)AsIp=~`mlNcWpQdizFbgKFLr@#p)3ykN7v?3vzjH}JYr=9|0s
z45n^JXP@swI1&hbZrj&PNk(SJCqP_eBsu#O3t7ZHL|(eHcJv9?nA(Z4jR^YNP0ZpG
z-Wdqfe*QD_mqp1rIt^dFtSsfVF4FV`SIPCUsCg~;ay-yRw##nE?^6Q!9sNT1B|XDe
z^J>}JJ$VwrX(z3-2IVzFjMb>YbWcd8ut>b84B|;~7Qi^Vof)SlgM_%j617gMkrwSD
zn?4>h>`iToGXvYu8yhBJk7*;ZHW!q7#&GB6=IKL>+E|T2PfNS8URXlVgZ6@~dxo;q
z`Ft<#$(ttN4pmVVE+YeHK|bFr*L~4~TxH_L1wyxkhYeE2+-yiO+U<Cldz#Zv3f7%0
zo#9rV^ob3GhyyjE4RLpgY?5C{!+6t0OVXoa{yFcTI$-!L#p5B^7>BrVMjEx(kt8rl
zRH+*T`@m0+8WxP>Qv~!G0>J{b-6*VFE$g0`ZX9>pIUP}<yu7ZX;0ne#ED(Q_nh%<+
zm=+4l?jiL%ET`wN1{uUsNZVu(kdn-3l2k=Lp3~2y_m=t0fzNx%LXFVa@qkt>x!(Cp
z!^0LLUuen+LpDA=HBx%ln?9IvE@*H$43|(fB*4;K4^z=(o?3+0AfcQdyXp!1vx`3U
zJzlyhdDRhbmKdm<qGdPLx8K9-${QQh+;<yy7hVUjQcXGXW&-cxCf|%%X`8$Z43WXB
z%=tMBBnHeFizv8m8dNg^(P+L48INg*SOSK|V8m_@cXA~A_5z{rU7!2Ls{nafP3SSF
zQC`W9AC_6q2>F^Ttju0#S`>8T6Uuqzl*ypA{)BbQdZ%kae60MX=AM%lke4TrVQFNu
zf@CPmW}Iw7rU4vpnX^>OQ^X3Q(8mBB!h35ka9PcodTYUnHbi?+A9De<dcPzlq2`N4
z!F;IoLYc(MoEO+n>y30ABAgqlP+RJYwCbI%?$)CLBdH4DZVat7ZPUy+gv5ZtK~#_6
z%8a`XO;iy=HRC5<+eQV;(Q(vB$mX|MZ%y-OE<jWTeJxbt-nea>I)?$0R1%f*BI+3&
zgC}X}vb>pF`4)n(e)@rjMB2W}T(=kGj?DVN5aTTchZ!Bglr^Imn1@@7SX1gq)~b&X
z>>f|QKn+@4!s>B{oUK!?dW2j89(D;JB)apkL<7$Jgj}S30@d@Cs$MTmQa#bJw6#Xd
zlA|l!4JeD%a6{TqHk5F_0n>-MuinPAF#%sT<|1C=d0RZZZl}$nXE{@%OUnM9ZHz*!
zB9uZexT<L8*5M?#Cozsqyrmn++o#2Wclgq1bBpi2oHys<s<Zcao;fBIi+Oc~wp$n!
z{=V^n;9>;m)3<Fm&BM0K)qBd1eOq>FQ!)uC>6M*fK&i*Vrxf02MC_s@e)nW)d&HGJ
zB%k20N3up{MfB~#NXK0#uCDT#a!KR6ihAaZ+`ithx5e2Z0DW>3Y=LDStG3xlH^9Cm
z&$@l#I;JG>m=pH}SnJCmnn~jAa56?H28D2umoLo^1W0L0N}d!-EZ*UC>Xz{<H{!?T
zk6LW=`X>E>>`vA5J*JJ&&_R~4AeQC?VSUSnO=Ef(K!@XuPv_!=G^DoJSY7Ozt;2=6
z<t|w*-XdvF$DRl0OPj80R@(=+Z~s(Wk2Xp20Dp-A{Z_T12SPf!9r5HLl=Mwwp-?V&
z7Bn+?*jt-dwe<kL@B1R3VR2Ava}FpA=S}Omm-iESEx4{a=M3f1plhxv=O(ru5R8x~
z*#2N|eF%z$8Sk;kIGizsggq6W871hMea3L5?E^#8MfGHY=3PyRT0`=>)?j*CNFM3c
zQCw@Q#KWE`2)MHzV#pR!&w2`a-IcMk14$(V_;#WB9Td4^Hn1+eMZsE+-O`>&OAE;B
zz9W8PU5FL2b>cnH;&B8u+3(_D$<JhY;jI+UR<DBP3mtzxYL`|okf{yJ&2L1+7Mv1&
zJMn5V-n{xbJ4`)N_8`QFQFs)uM9h0DyXTN;aV*c&q|DS;K!mSL;eE<MzjueHa#}5s
zE(QXqOO<Q4V&O2$NVbwiCMU+j{Lc7Xff00@MHo;Oe2->yHHuy>lp%7RrYThFMlbgB
zi$zyJ>I+Sr=P$-&PO6+y*zLxAV^Mfb&ns<P+x>+joW#|uiUN3yP6)+zND)Hns`nm9
zETApXhIZ{k*N6dpt($-y2f$tk6yg4+wizR;Kyo_XhDf3?6GkJV+zzZ9A(0mt-h&yj
ze)M3%hpmkFA>G2|GhiebYiPAF+9BqZ*<yesQjlkK$;p+jzXZ`W?gUZ70O;wWElo@~
zw$DWnJ5i8T@$hEx67-$|&m!8lApBDh&jVLzVV<BP6GHQivJ^)Gr<SELS`lGdR+GV8
z#?yYJ8kt>Ha}KyD{*D=zyp6)2ZQ?_r8f7aUI4bsfHBuLCfi3Q!<cPq@n^n29vWB?A
zv6^1gM`3*|*kE4o($9{iPqDVn9bX+iPr!M&t}TYL`Jk20*n}<8ws6dkOo^_ZdY1Xi
z%*waIFLiEkPA^deksq#+?9jShxUqGYm8Q<+KGbLSj0&FCp(CQ(pkQ6bSy5eNPZ1~A
z3RutK>zfm_p)R?KeOW&xanP@k?HzLlPOI2?@};0DcMV)6cHRuNgzPX-W?_~|evg*+
z86|JVG9Ghsy}Yck<do$nwxY9j=IgI4p`a7iTSvGCnkJXA$N*ZAocZ13aIEDb<ifE;
z^pR*=Eq%f1dajzNEREz6eHA%qPa)0f2~kR;J2#JJx9ch@soM6#w~+`h(}O@bsc?)?
zC0(Sl$1l%;U&>6Bq299uM{kHKtvsSk0dCNGouqgoW{Tl4lvm?knrfbd<az39gkS@Q
z*TyZK_TWiSSTO|^Ic{+EmMPY(5n*$R82HMzzh~4lo#}7;h>f@#B9KK|$>FCc2*nyz
zc580nJ;9CDJ}5-0!slDj57vtw*{*Mjt-{EReu~0BL#07JsH?poGE2-Hqtmh&Kr;;M
zw>6JR)%&(V1|qV%R1lO(<_<+0ii}y+E#nobTJ+7t<XH~EWA>ToH~0`AFsC$;)F2+A
zmE1F?NmSeA3l3762am6#D}xxgtYkxT6Dem>pG(ZWa^2X45?>AoTrG632c8{ok>aHX
zB0bq<#Z_1Z+&l5XVN;G{6RvHCt$KU2B#!o2!BmN_RUXQ%;9vncu<9VS$QxICeB4|r
zM*9F*F%^sy8Q;Uo7o5&l8+nrfXL*=wXv980XANh~sx#X&UsRg)E7eyKp(6<#7-bK)
zUh)C0RhW~C#(l4&gFa>PSajcudv&hwomt_#H)>s46OAXiET)7b<@jtxsZ?53Tsn{T
z1=e$+NWkPbL^_W(Bv9B<*kMFHmZ4Z!tS4I+eE6tf-Io9qV3ca&Wb>Z;oNK;kut{V9
zicb5ULjZ)U_iJ+K$77=}h14$%1MGzYxD}^nwX?a?xzpcY`3Xx<uty>lwK=*iZG!E2
z`R<WTy8uvgF3VvG)UGD>^GaJZIc8KfD6(*VMwyz5y924t$+64C;GhJX?`535hnOq9
z5x^ki7g;ab;(iXH{=%Rw7<E0$V5!hGHKs6M^D?(3o7R)YvZ&#wGt7Ih_e&TG-$Aq4
z!dI|b{W*;>+i+HyOvl~2g5k@^F&4o^0+4WpnWdNI#$-fP`ufb?LrH@(dOb%5vwZt(
zCc#RvV~>(W@SdcIKUbjVmo=-Vi#;Z%ERxBao3&hm(~dlGMVt8!4kym}jdf16wT9&S
zE2dzVYN$OAsW{xZ_Y!zsJ%n!Jv`8(beaBBz)@NL>$;BdMrcR2+&~nS4F~Z_$KF#JK
zO}nV~!X-~dhsru0=z7NbJ)5q#r{&z4eUW>mh+fxsw(r%R2HVz5d!Vaxl-W<u&>h<9
zhcO@=FV?*~8XgpG_1a^T9O#8;=y@Ybt#tmv=35&6nJ-eb&KUZgbBLRuM<evRB0&W)
zvGm(+#tUOxZW7=EQt(w{T$izA=ipYG71VNJcuudbkY$<ch>DZA0=Z7Jhsv^CFuWYy
zimK<y8(C)b&Mu}KCB<gUwbPcjr)f#~I*zx?v6n?;-a*b&oq3Jm8Nd-^01qRqxk&g)
zh6*2dq#9xtR^VvH5TU+Dlhk3{HR`f!`nYb)m@MfmH@e7K2@>2;=jth~G>*z+>WmT1
zfOW+8xCgh(4`$J#qw9I)JH2gIXw@U3)77`rq4jefxd4Sc-na9NQL|5QrGk*Sr=OG6
zyxfaGai1Os^NQVk@F@=b44<XQ@1l7FXB+_R!2raJgVF;>9KkG<ry2ID3w`)KeN>s!
zBLSS}Z^XBy5{&^zw&4)E2Lz(4_=fK;&}c9?56+xO=mwd+jozCF3;T$b$fSq{uwOHK
z9L9`B&4u{Zk}qSvyQPvtPd8`mD}#^|Pq&Us!YQLl(qN0CX<~oHlOfy|B&K*fOiu~2
zHy_Ii)uWeY#HUFt#`aJw`Smynv0#%V7BM+#?=9Bw8r(HXGOjg9IAM$(z+<I&gXn?f
z^unsmGli8sDCvdFdE@TSvzPKdFb24YJ7R?c%3R1vmea-z$Q^2Ba;iU@45(ZNBYB_l
zp!a?IeArXb<XMmwc(l^KUM1uLN}B0GAhpeDOQcSWJQ!Yh$$V`T!j3G@#Z5d{+qd<y
znVz)nlQ*cBbb|d*^|A!#$jHTyMuE+sAB5ZKdynS1<-O>U<_PR{@l8sF$<kCweh*)$
z1alZ?(-Q-aWeHR$>)Gi?N3jSQ7=-3>T1NDCq4)&{_w=2jU<nkPjY5b-5D$dEo>TyE
ziVD;$^-vAo(<F>2Zlbek5r9M~C-FzHjIW8P8UU)_%0phAaq0*@XNHs3!P-}Cao~vw
z`F;+skL*vbFtUUaumVrgp8%n<N@YmX8a<KZsnK|cj3TpG_9+nl45aTx?A>L*>P;bg
zwl}!%2+DY$n|N)Yw0q*+3PltYfH+$|EjogXE^b|Y8OtsDlC0sdH3vh1je&Jr>K4<l
zH6Ke8y6nIqz7|+7-q*GhTA&H6j?wXy*Y&0ND7l`wEK@qX_c%rKpx&Hjwb+g{6}rsq
z`t#TXhuPg#&17y`oh()o><6SyrB2TYFT$G%l~EssFJ9g-R#x?0NxTkp_g2CHiwUrs
zdh9zMLNPj_gmfd4wFDe7wKx2To(tGx4aT0$d7)dnFCADsyUq34z~f&MDOrUCjP-|a
zo<Xhw8GAL0AGSl4-dWAQqp1>YifGeUsGkyfpV4%;tNiBjO)8<m4XBZwhK=Jnp90<~
z?lVV_;Vu)PqxPud^%LEhr!nxt!IIsb(sr-f<vKD1LTKaCUwPivaIZPdo0M<>a<am$
zaCh3ogY>h^=mq4|jq0a#rP@9((I*KX;9>={=oZqkk(5rM`a5EP46jJUSQ)ZAgO_)u
z=!<0FYqq*_{E#ChA0p!ojxuYLQTjC-I2=4|Lw;Dhnk52VF9}j-O4Ao8;;8Ud8$-)0
zFKq1RRxe&n_YJ48uw>B@qXg7ZKTx`%9Pta#q=EUFL&CKtHwyWxgDhAv_Ju)KGjsS+
zNs6U*)q_+b30l&Sxo?s9r%3c2@5^3kf9Ruf+f*$>$-pyD9QYaQa>1NoKzOYsfzIX$
zjaE7_YUeS-o(r)Fy7w#<M|Zr;_d?9mmeQ9`GDdwJwR}+B<EmlnAUFozDFbtE<WfzR
zak)3?Xbs8kQ`p5l@hiy7pl;zfZ`0v{u(i}w-l`~Zx1HlYFa`3Ks*#E*CPX&O;aen}
zw^8>VQQTYHK1sMZ*vdE3TSji4Mbvz-C8;D#oUM8Wiucm-vYp>ETxbaqJ_LUzw-hjs
zR}(~XdH3m++9Nv0m+Jj$dA;N3*_~e7wI^(|hpdN2ueF_RXUe;!-Ht3q0wYDxBg&*O
zdH5+4`HZVWT{OlF%oiKTA&lhU?A-khI>X+&ZL2?k5!%q=OAUY7;uAR#>@zDF#sEH!
z-Y*nvVwT9?nxY?;=Z>?{)d=m#6S2HU1eXmlm;N3DqDEBM*yHn~!rWtF+o~ti9g93y
zkNuJFVnDvVDel~|<6uU#I_0csTd~@DXxO%xLkd|SZVuXSkgb$aOCYPGdtvT4J13u2
zm20h;t)f+}nBP6Y@b{)zVIf0X4UhuXv?^ps56<DW=Q}dA&3<dManyHQ)gp<uX4)`7
zE(%PkJqS7E?7xI^d9qxV`jp~scfnF^$1FMDsU3O;JKjcNobD>%$yG#t`-y%A*P{pz
z5k;PP__`5sPI?(KLaOY~rl4TiQVJ&?-3FjxzHB<xc|ksw!)EseL|)gu7UChiKU23D
zy;nfq(-nm#K3p8COporkOLtb2HT6KIxccG3xMH!t(%BZTg3y6{L^twi4owzoQ4Fty
za#fGUHR;sprT1laWxuo+lmm}>w@{wEJU>P%E=n;of#tm#Hds&ZY!oMP48yDB%2xwp
zx`sa4=Z|@qQ)0;NygP{attA=4!xGYEkG+C@P@3q)nWy6Gw1aJ~j5oyfnzzWBFSlJ?
zen}-g!&i$FK(321ZdbhJi4DBc7>N^h<J0R_P#N`e2WS44iqUt3H49tvh%!nRtrV$y
zbDZ6&J%#Xa>zUP{^UJu%uI2|x@x~~QE^Lld5o+NMWv8NbWa^>5SK;<p0UuoJJE2VA
z19ELoeV_)Qmi`vdf;0^t`xI8O;_U4jqXFR~Id{U@BOTluvuhVFN0%o9A~_x8&q7z6
z+jRBTUPm^GTjtZuKfK=2ZHcpXzv8T{EPoU!=DcVl5phiPXiH*`p~rHv8g-1OrXWm-
z;aP`=$GH!_%>zm!q*~N%8nAH8%!qg~a~|6hz|3h@{T9PLowCl_I*%#vXHM}rDt?M&
zn-xnAA=B>#dShbd=E8Hu#u>o(5_iGQi5vY>EdCj0<EYVdHi{kE{4E+>nes*^ft)@D
z2DL4$-VC0T$$oW`v;bv}A?M(8^sY^pw99H4r&$jCy`CKuwW_3W@xJS@D+)kh#sVBo
zzG9T<#tP#hk;(AK%P%1xD0bFV?64g@tjj8Hf?=}9_kgq{@^v@6Br)JQHxwiW6dVm;
zcKN|PM8riny0`d(EyzS7QfL}Hisfd6_!ab(m5%4uh;k=hs&GpK;oRs+5Ud`0UEb7o
z9b^HJBQx&^RAfZRi^lfzRvuH*e$GT27C3TeMDgH7%?7UV{cJ;P>6l%6EMrBl3{+m!
z!>n;q^6tCHzK2KcIYVxb)jb#RTP~lmHWww1FPRksfO56E*Sl)QhJ0lwMp5`lNWYGI
z+z%+Dit)G@u<PdK<KEZwdZfc&bSp`0XTVZgEZ|*bgH^)fv&%<nnmDR11`8a@ZY9+t
z5$mg(xr612fi3w=o}D5a1L394=5&d$@(^>=dk>D<c&Y^Btm9JBLuqg1l!O`{*kQoj
zUXFnsw*lB_+_9EFkCf7~7O}OMc_+}If_M^fqV1u@(t%dWl`O4y4ndV?gDSpe*CFGn
z`FOWp10M4MyV(Vqy;_e(#5W_14Tvk8{HE!7(!uI4!Hgrlz{jbvi5=6ZULto3I!_0#
z8o)pW5m<OkTf6t&t$q*7@fmQre8XDqnnv@%rOn#)UI!c(Qpba}tcSvcOR=j#bJ-SA
z0MQZCGiBh{D~aYU&9Y17iiVGO`t^f)!^o<5FS2HWd(&bNP0$_Wh2CoRQBc38#51i2
zoMB_l5tHXqPjmb&Dm`trQD-%=nq}6efRTBCtBvfM#bjZ5T1A2zMdP<7ub(}qGFm8(
zw^^oviljH{n>H$2!6R`}uO<7zS#z<i9c#R!c=VcHp0^+DN%X|j;gByZ!dXP>nRgD(
zlZq)Go86ZN5?LF8PKGa>D>~-Au@ikPq4SP^=9l!Ud5(mS2$7IXxz2ar=tAb?t*nse
zCSGAJqC4omxNpfAyidtIe%p+N@aLqr+c2Xw@z&w2GNuz_4@}Os08NncR7dkwpABjy
zI7XrerLxgQu~fHpI*ROKtUvN<q9J@Px+9mt_L>`_W>G_dx(P!qP9;%PuZ>afb#p0W
zqF=rD;!^VxHF=7vA0h3XaI{(<`cnrd6&CSmL&PzzyWYoGuOGaiHRTDi5QWTS-=b-J
zNl0VF7x5BrRrK!7;1j{#x7JEnlqm`?5dg5r&C|n@Ji#HPnPd@?bm$7xq;B*z2{1&J
zNWOQ(RoO5isEMs^!}V~FuIi#&be{3gLHdD5q2ruvryRb?LJ-T$-OfssBY>Mpn0>)w
zqZoRb^<I6720ufuwT19Fwhw{dV27#WJiiw+0Q^K}6`o1?1B1Qi&zhObo|qI~`%t25
z=zA{7<;w3ilO-fGG3lO!q>YxMuqe+iV^#Kh+@8$4qazcd84jt=s!c*xBCs0*BrsPR
zxY;!_qPh4g3{<@q?X|}o-R9$5p+m+;%F*ucMk!gH8=5WX;OJ!`qgNN%65cbm%Tj8y
zP4?<PNbcd;Wa(?<+gd}RI;pZON%IqaI*+^UVV9m!S$Q}dsh4`4Qr29dn5EETzr|M)
z_`<tG4h)I>DYUhW^wvwOS#e)G!v5Kwwoamom<L2&xUj>!R`Ul=SR)Q}Zr7fHQid?R
zPGArMpRytNluc^Bdp9kSI7G~jxsvz7$6gr;ZJ)%l$G$*@w#{87U8@NX+q($@w0qsN
zss-=CQ|j5dVWDvpUd`7&mf%QdfZfJcg62&kdSHl109#5n)fCa07BrXQ#}X_QammSo
zu~ERNI(LZ@2z-|;>tc4+kgl!u^cH!_mwG0quhOMvrh6eReNp5b&ydD9ZuKb&4-Zj0
zVhzVR!(%QY<e8@o7!ON=f^Q(1mr6OOCWJVu0U4#A-jtfVNpU+a2<L+n$G+O8m-yfn
zs$pWerw%9*5QU&$A*a1g$d=q+!hxGgY>N{)VooHq6Qa>}JTp6HxSSG|MKnB)MRN~i
ze)KJz&mcT;nfQ8Zqij|LOB+n(K_qjqixME0tS>Asq(1aH<A{OOG{Y;$=FX_$Dqjl0
zf@%vAlB9TBgW#<04tgtVhl_Uemh<5Nw8#4Oy=3Liox<!A@#PVvLk21y=PGyIAuCg0
zws2&eERcGH#*UkrR*ACh1Xa?=C8#s{U~^lNY(Q?V6ON@gg^}>7gVt*xlj?!Y<RU;j
zei|lIqIywpknP?sg1*<3G^skfox+cnSYJqUD>(>x-7sxH-s_2~06%_!R6_NtMdx|9
zr<O!z0lskGtU+2#NNid(So=9c&65P(kW}Fyg94&}F$9nUY>`SZd-$5Gr`ST+R;Ttl
zKBdE-k(kCG*<&7P#iI%BTZcZ}U?P>oKvrok#mwZ<=?0F|O3D#RP48y7MmPgmEi(`V
z3A4)=+Smr3WR^&e;T>K-2*kDbaIj>}Dg-mf3h+jzu-I%+r9i6A!{O0#s6yv?k;SbL
z#bElBYePirsI2e+c2~c8jK<v;LB)wrTu&<>o!m0yrRP3qnWG5R3w}B&=f!fUiL;!g
zvvALBd|VX*9Te8RqGF>{^AQ*@ms>j0)QP+|9Q)h}5YDNz7eLO}@AQ_N9kiOtxT&1;
z%HZ)6rC@j$=gQ)Sv~juI$v=IEZLLo;lCdD1ik`(|Dsy%fvxfz{7CDnx<R$`JOw#7v
zpW=C+;aC=9!rbjTvw_`~sP!DU`6W;GkitWw$9$HamO|S3k`l>q`&vfEY9$-SWr7ew
zSYWPIB5dB{CTxdz3(2=P6pGaqFL!_`FqaX!Cr!q)_f^|?tPQUWsz6Q3sCsz`)U~gI
zFZ#PToRL&H{qE$z78<HO<7lBMNpEz#MF7ArGt1=0Fpu)ltL;eZiE+N1*S^6Rh@ztD
zhBjP6oa%QD@JPHO0(Mx5!JneTtK{Xh4H`eX%ax|96seTtCTmDK!x}>zx<!j<$|=So
z0AP8J8@tjk=O`;0E(MA>O!|JyhYjB8!^@)z^d;KBM_H%!vJFe!Is1(zn4FSsJae|;
z`;?D-#^m-5)2yfL0l{v)Tt06Fp_v#~G+=@H2?Q4og#|)ZKgSi_O*jg@aJHE10Eaw{
zH7??a!N$k6>yV2~j!L~)X{YIIPc4cdvxgnF-YT+FM?|>68zlqG%fNS$WFS2SD(-Ru
z1Fp?mV!{T{?1t!7_~>|b5;xrEiZR<{jMam2pA2$flD#52=iUONi|VX~B2;y$8}m2;
z;xGhyg>Ie%@*WA%#ios0SUv<wo_lD(rcQ!4vVhhug9MOIAEIZnsJyjKj^k#N@;&cb
z6Mj>zubQCt>Y?>1YzLk4#IAAtZeA-9uXvbha>dt3RIllkyFNuiyBQ<nMFl@73evJ5
zmiIlJ>vv$rCznXC>`^3M6EPB7#*0cL!0JXP8YZJz04a6ia13pdvz2Z-^0>P99?EG%
zm))v~SzzIN{1Av=E-3Dt60^ioy=7{QI`=2=m}USwQ?^hOr`h~Cuv3=%tsILQdCklV
zlPPNtnDnal*KK@9?{U0=c^>k@+*I}@KuPc!9Cd<|8Ye04xKH&SBAJno_jpuOOV|bi
z^^O9<sa%>QzO8*~mtwtK^Wu4_tBt*kIceC|6Nav%UBzBK&}u(&eRC(`Y^KFH=WTag
zijO=+>#T+i-Rq?wan&(92j@NANtfR%K~3>@aW8xP+81TAhe;{$HW;x9!i`8;u<w!J
z3e~eqBL0?;e@f`)a=K$EDu*~1*jrnrCo%U-j0nr!Xott-&gX0rlx#?KiQYO=bDV|q
zJ`t}QNIa@NzAe#82qf4ur9i7_2zIr2F3)l|Tmc4Q+=>7}-8_AWS|6L&DZjHb34jI;
z*8;PGIxl;WPVZSMR>bWJo3?DJI&8->xF6IEw5U5j<WXp3vEg>a5LoemH3dN64pe?v
z4sDNH(}l|FT`4qI5*}Bhl(W-gOZ6wuEc&>|E-s+EeUE&g3{+SO_aXR}C|T8$F^n#F
z>KwVth@F@<?ToP?Flu4c#gba6fJHKO&wu*RyCCQ2nSwdSK~0zvu39h+PiqXM5eXPV
z6qzSeSkF7_eTv9FLv*++J7L@~ggnA?(i7cx5X+(zT1wvBtHIE5v?hLo>CjHbN2j=N
zGFPSFA;R!lCxlA24ZY>pF#RfN^bYEzYJ-c#<yhXBJnoW5iJ9`$-mnRn9Stj_-<wCr
zQ^?p{mSqe|YLy7460R=;+B+bgLK-XK;K{`BO-OBF6!8>xX~V!(1`ewS3PpL1lX7Qb
zWr^m?yWDv%l;$9Ge57#8pX@QBd+{P1<~d>_ABxtNCAnv=1aA#K!%}*gnAVzefJ+2W
zJVxW5oI8vF?M{sQaIe`kKo3eBrak1q;U>i%{*~~vo#l-x9zV`?eyxNH_OdmAla^PR
z-myyYW171(rh8`DNZ+%Vf5+*}QZmtDuvCq~r&$^96JW0;QKER(1qIVF3eh_8P9^LV
zMc3hG$UB<R)LBs9uua+|;>25soH2t^PhD{AA?kz%cy((%<XrbS#eFjH1fs}N#a};r
z`I3%z;qXM?Gq#`yDOq@BcGLNy805ezUF)x`tJte|O(gB=PYy^o<q?=xU_v$Z46-f~
zwMx{I#DuT-!@1XV3d}HXyl2<yFd^wZp|{(uen+_{bpRS2>z0VED;Tqw50nz2ot=%{
z&-TP6JlUV#i+K_1RO;L>L8%_0#Jjv|Wao~@mCiMLg0k0#Fh7I!^tNiW44`RYO#_gT
z4?Sven@Ql}tV;!ZLOguA_ne^iQ%La{te=$=Y9?Hjj9RE3ty7~lSSF1!*@j+^^YW}Q
zvw9rwT133Wx+mb&Z;WKe=OKY~N%fpGKRmO`E}VRtQc={^FE;1QwR+s~*f2vb(dLX#
zK?Nf>;m%?t5g%EF@7f`!G=Q=#xjf{jfgs@=NO+r(wbX;vRdr--uk%>V7o@JR<AsN9
z0-oqyzR9a~eNPe9r4=oiK-<!QbziolTEuDa<gFdXF>vqON{As`U_~Inx>l7kdH^ZU
z5*Oey%5r@CoxkFjdx$P5Yj5@tE6}|L7cXogk(vRSw#h-6qb4VNl5V`rf3~)oGsddo
zfu$_i;t3-pPD@B|S<mon&GVcZW+^r@nYqsy&EYd*d*9)y-3m8^d*}qRvPX@(qoa0b
z@pGjrwN%mN3HQ+BUcH+)X&fdFaXlBRY6_z(iY-FyMIhtwqOo^&kL?W_%VY{OKC8=6
zDC*vq??@h+R=vR*To0A^n98RX6IuEZq7=s~py#4V={)T+YEHGU-h0F$YTetf(BC|H
zzPWs-i9yGYDX5Z`Dd9-%7`sUgW6On}%tN{Iuxy%q%)5aZ@#uAo9hz#shlYbH2!PFg
zZ9(y}yVZM3RApER{mC1yM2%b!PiJKIMzhBXe2%+lT-Oj}Pv1q2k<V_t*4!-1T;1hV
zvi&V4yMTAQsbECXS+v|j_T0@wU)@gMg1V8-D#9s0LRPE3Z!vv_?adyrFzmai2#x?g
zZyfI`nKy+c&(me#EwBl`6laCE=5|aGR7Z$dVcCBwXD4P6GDap8qAXb#XHg`DvO(V3
zJ##7Ie0bwxnmTFv(sy*6XkLh=JQ<<)OtjH69Tqd^4PG?Cki_hwAue_M4Irb&m36;f
z_F|>;g<#DM3@=+}pWb|DDHV^RichQhXgWw#mesVeWp#^ZDB)Z)iFbwvJn%5=J<}kI
zS3H-bp@=zQXH*uVK=p14!;f!x>tQ_<&_|-nPu9m<utj9rlQ7_A6ddNj-esA&=AV|i
zFjT-cj=7UXAKA|~M=#hEY~oP!9K`_b#Q~cYlVe`AREf&yQH3H3Q)wN%_bDg*-d%I{
z+sH?)drz8~wO8kw?rhfGUk~wgAl)9EnP@`{vov}f=Wr5hSk|NqrlUJ1w0GxqIAl>9
zkmzfwMY(<bDh^?;h@KA&bkUN#-8>0ToR>Z6VewwlU5mqAkYRL4A7wt87Jq85OERj(
zR4PViPRzps2jzSwNHUS?F0XnOoUC3zmCf-?>QUn3_PWrl4&ZSfiL}6_QF46gQ4S7C
z4ho{)M=u?67183>-@;uE0K21km!_f(+uq3Q1`LCI`EW3Oc&7L1PF21v>wp|l;qYP8
zdyMGO>y6F4$aI^l={;zv*vbG%zXVm`uW7XOrpd)#=7``mYN?+~opwKmL}?_?6-5=r
zd1{28f}+m=4rnxIOytxt&s{Z|#g|_YDRgb%AA!}le4E;@U>hmw$<d?ig*X(tR^qo<
zyPjFzBf4JCb#b~f8svdBUC5-5A2#Hf@6wJ_a$0Od7Z?PG?kZ(Y`8&_I>uKGc+_>v+
z87Lt(9f;uNZ67=cTeX4n^^74EMAC+o@MHtWeKe?Ekn3p}f-Uq&V&4+TTVW})P>Y(J
z71di218{LgUnQ-VaCsh5-5Y=?@bbli+=wFC=JMcqpyic3-_FUJL?A%K+YZLp5BY^B
zD-^gskQYhRMcl@iz4n-d(upi#NImAY0-%Db`CJ9zFG&TaR9w?^%jHgr4Xx$F4WenL
z5u@Ci(~;NZ&AE@Btc%L0r1&$6vzt`VgFaqJFNs!hd2pm@fPLuxLYJD*p1Bv2-cUTC
z(KLC&m7px-Z@``99)Ms{hB{9N<yEk=VPGIJq5)e}>b;zH)Z4Cti+)ebT<V0tLjB>2
zyLlP6`0!RiSno5%o6TC3Svtm;t30$vJzMM{5^e6tm}<d`!7i$bY}$^!A?lMDnHnVZ
z>~75Raa+Qgc(aWL$qR@(xSEHu=Uc&6Jufcssn?6J*I?6*ku_=@G6f6b_U@c#Cd)(k
zy{v&XL@b(%6(7@a$q7f$Vx<r#t%Wy_MNuR~LH5<Fa(czwFK<iMs$eiKAbyI<rV~LR
zpGqlg;MS5ZMNUbQYl1lKF0Ds-1z^ad;8XnGd;9y|dq3;Ol(@ahco}U{>8i~zEsb5!
zaK6Ec6aM^#=!^{JgH!aESId(fXA0zlo!fnN8W_>qOZ6IplJ5<r=&dAk0+`snvDuZm
z0-?u<8I}vGp3lOtLQHk(bmn>UiTT3|Ja`F^Bbx?C^DL5-U|M?2H?ugo0MRhY)_gE#
z&S2sZTX>$Cpl!7X2VD=~wE~RKQ>|D_OP4z4i*9)s8#Qik=0+hLQD7#|$8Ib0vAqK~
zN>TD*bO2z)r4tolm7F(!ZVf99Zw@VqXl-`eq9qFvbzF=tum^OpyRCPGjrH2qZeDC}
zt=2g>t>-UU=>YS%OztqNj+~9`JK*90DHSu{-2{6Dt<HVdqbE30^DV2-crKO~hS#0j
zVUJ~+wqp+-MfFZ==`*9)M0FQW-51#ihHIerQc|CE;#+UCr=uc>N}x_1pzY<l9e~F(
zI}g>051>H1E?aY#jT{7vSMCt%UF>)bluyQE;C5ycDemOlnS+v7?W4+s>?K1|S-^u<
z{KPZHoDdv9PpWLzq@<zJ<<%n|uX4aOz>S!Gx0xeRjcthZgbUs<Z?du|$CU%MaZ?$N
zc#2ky8W#F3za3hhPIf07<(tBJS4=Js1mG1FFDW>t-+}k&P=TMXm2E&$7VcO+EF3^`
zA!<6WJJGaTwa|D(z0Q#_Pr(oPm#_f0s*E4PZe^=Vb3Fj%0l<4awJ~T!TTFZlZpveK
zps4*REYZ(g^%iw@8i_1`D)X3Wc)){L0c%FziScD(l@VZ|_bqDSBB0>py2&IojB-mf
z&wxO`)^vM-Sb+Wr^ZF@q7O<l;7EMxm<)aSWcLuI6`@Kcbi^qr{xc1ttkpk;vDuiP-
zM6FH}u}_1ks&bgm<7u5Zz6RBCL1i9HK^6qyD1H$fb@QlPya}DG{SM@CAPNgiW!gNE
zrKI!CRe}Rn=gcLVC~<q~v(3JG@4a%#_s-Y@6l_38!1A4Qu!@_zYMk!9*%BY{7U%>M
z9a*{;gK0U&3kSu+B?kf7r$mKr-V(^XFa7y~ps)mOI<{WjFKPL3zUUI8tcZ>}AVyZL
z0<?~tBY76X@*Zax?h|ucWAFXWSNc9%VLM8*zuko+_w6O?-VsVb1xB(0iv}<@ua?2p
zmW|cHHWnk!t{QQ`>=!Pts6=DlGaBZ5P*v_uAxcl0Ri{~;#!y2uEZ<^?*gjl&v-_M9
zA5j3v1?LU*OB+{wgOFhva|w3V6HhOnkTNLG48@dREWas*$z)Q02Vk^G8IN>(>r#m0
zO6@2by(^RQbm!GQ`jdkbXQKt6zT1{3meG~grq(IJK@+dD>^(n$Eq)sroDM+t40|Pv
z^&q0%bv7~Ub>$n6lWWVRBkUfsQ^f6jN?J7F(?smFL5+Jwr+L$U(>#Pm3hxA1`e`|a
z%}?LDDoMz~<a+%sMRN)}gmEjvqD5W+gD@aB!R-y7SV{NPr?~7hyf4KF2#Qb51lz>&
z5I#}yT|J4Qq-zVfcM3kyQ|~1Nj#RvIU&qUSHz)n#Jv!tH#1?Var=b)gh#s4FO3(c;
zpGDaeVxlN4hR<|&p8!fg@FTgi!!92jq^AR6Zu-D&w6aMINDBh?a=o|Zh)R#JC9)T@
zja^U5ovl+7sr2eZ_|1SQ?16NeBfQ~?$1_C)x4G?+DXT#Va88tz6-l=WEHEZ(wWxO_
zq|^G?jRa@_@6n-q)()g@q@LWsV6TmsNXK2O7UV$@)HvvYFDQy?z&K_*qM3K{WK+|N
z3I!lQyWZdxu;mKj?28C}<<EZRt>WpnY)$EMDYa|EdLS}v;mB`xkMxGOfD;}qOeRaW
ze|wjI#`y6+351@QuF7@-iX4X=^kt9pv1SA!?ue<+(IDy&5-t;qRlbwAvq5&~aTGS3
zVVCnZ5>D#j_;}3NEdh#JL{nL5U37?5!l)^qG*=5!*t4n<R-t-90ey$<w$yXfuR_K%
zcOk0%>Qdc#m4?{d#Sva$T_fP(cq{Ajz|J~*4oDMN^4z-|(<c-bTM<W*m)kpotz15=
zeQf^ZC041WJ#4dVEiJx~dk0kdCaX~%yCQGCFoC&8y8#Gzh>{su6?giW-ps~iRRMy$
z#Tu<wJ#E2|?=>;NxOJL0XwVyA;v93gecA!*{RRQDCw7N$e+f(mr_v9_Up60Wadwbw
zBWII8K(0`Ip^~MfQt{}imW*$I3+yw{b0VD!cs*#Qw)cWcm5JG8`t}9-Yx6Tki(|%D
z7OTvr<=N_dl7ffAuf`|}sNf9%ok-XC`gN3S<EB=vCJd}SMnPY#d@@K6ST2UA7t*V&
z4j)6tsn|lj%{YQBf;QI_N5{k^$k0P2KR5D3t~twBub8eq(?DMLbH`k}#K=pP*5+L-
z&RNEwyhk7}Jp-|P8=cfu=II0<uC*+cIdTW3fUdB+9?vtts^Fni#~g%ce-iMjTrtn{
zK%bT_M-+Q0J`fy!r~XKk6OL^gpo_;<u4U|Lzi^wSQ~^T-aOb3qwxqhnr5OdD*rYdY
zEjOU`Q(_*i?K%bN9+_(6UEp$YkCF6A7)_Y9R0vI+(&Mq=+Be@G7N5}`U2&)P>80eL
zE#Bd5F8G^mak#L7RCAZPb$%6d*_aEa_NX_O)C8$h@N`b{iR3}cjb>fE>`eqtW`kyV
z&n3;DUimxDwx)nrQgn4h20*=ngv?d8*lz_utZs1Mn__P3snE!XC4YtfP9X6Ws3%?v
zKui>cPi+u!h*6r7Wj0XO`tfo-<A-*v^M(XuP|L*Zo{)A-yd;C9xqSiyI_amEA?g+h
zDblwQYmYWXWb>I-@<zSaJp$fr@`x2NFK9*h$uyyuMbQXiY~_nKoEH_hd?*^1^j11~
znQ7qBBT6qv@!@UNbO59<J;u8^207?x`6;q&pvROV51W+OTQA~rii)`8u5<k0)x744
zR3+#vB-Pc=92W4sm-m6YSx()zr=sASYP8Q88Yv!+p<DMI_`P`8*T^eRjw{-7WVdRm
z0QFHl*Uod1rZztD#(m2iIO$8HJfVwn<1d7BrHL^R3m`{9pvN+AGCK-Rm2)+-o(RUk
z2?wS;G_ZLVz;BIHa~vd>B^*NY!2FPd8Sn*<D$f|6vukvcRSJ072Cm~Gd846DbM`HR
zzaj!$czq6_iniN_r4OFHlzGxO8~29yf<^~KDj+-v<Bg{i`jn0naQY*~A%HP_#$(U@
z_>n!-QV(rpn<sL_2!@?q?Yi(#vfOjqA5LgldEUbXsd|d}K%dm1sRACZDa^|KjQb*)
zfU{Xh_<UJRV#?7EL4pNQWn=Y%haVkeT_*x9IN+zukUsO6Ic1emN-cAciPZuP?~__x
zf{4)rfPqKtDUVNJN4FY8(hivmW_+WXp9||wXD%($Hu}1=%~@h`yKO%mfu@JE>jXFA
zieVx&O;EcjaPLWiCHtYNC&yCJ9mve=oCzMzo+1tH8%LN-PUsGJf_jmU^HhOR*agi~
zC|2-1bMc{rw^z$pDReezRrt$B4;Xl?d*<*+Tb^yav;sfC?7Du*PO`c1P6#pp_2|m$
z1XXsBjP=@ZS@T62D?a1cOx|{Wpix*44q2e7ILlocsP#d`nY!-CMF`nG?CY`6+t(!8
zfyU_CM2Z@BBo^|vCLJ4AF5;Katf3~Y>(S)Y0NV+q9NBV~Op^FKH8`xz0F>8m9geJ(
z-$J9$;4jzf2$3u<2KykK7t!C!LualE2wZYF67MT~kKGDnFkl~J7e-~Ok#Qxoc-96o
z_@cizJy5LXmHFtH<>(TG)Dq}HaT|I{JSr|;uFLQgX_CaJx;~Z)Y(!mDb-;Nkug5ep
z;uyhLb|pb3mzroetR_TRPQ0I|+663@apv{#IU(8ss;bzZ$svFg`lKE|9NmCx>?sy1
zhRc02{G8&g0G2Wd&Em5MN9B?$6fv{SXf*4k1C@l41W8;ai*Wb&4aXFpI5Wt`Ndw1(
zi^j59nWRCMvklIXMtQyx)q7ACSYq}>Zn*hRbng<hBCVHR8>1x}%}-BLXyHmiCJHWh
zJP_oytY^1jPj_Bwc681vu8sqZxDgwDOYL(6P&7IW!_>unt7wo{IUysr9Z{!I^h)hj
zqs^EDqN1z-&FYDkYhfA=-{a@tM(EjAHV_OH!L?+xFC{S4a}Pa{ltxt)VGs;<1G{~a
zb@BXRYNVw)wK%M^#={|;fJn}3Jg87!?364FUZj_p!gJW-_6%0s@k-w0V!`->gZ7KT
zg4g<_65(On_|y>rLn?75in13^L{dM1JJVwl0*gHNp<+9hUDd|?!zIawhuyQEK!uGQ
zoW(wQXd*0HT$rMv1;odZWm$6MbB}<6wK|N0E4VsPx=>;hYb+rjzOGl6n9X_WComQV
z9c_$nP2g;RE>pbj=K%>@^-rP#J7$9x3H{hcJfOo_68QqsI02a{3yd)zCZg=8*jPV(
zP1Uz2Vy>1@`XM@pXGh28Vd7)Htk*rmp$_^?sFY+g-ZRECndeD1@NCrN+2NakyG)Tw
zS&Fkf7*rgW&Fgmr6lG`~=$jS8@Z>QC)KnUZmpTwMRK5j^>X4FZxQ6#Kf+}9U?%^8M
zfz2wJs;q!FN(*2@{gw+LaLl;+UgN9BW|O>k=kyA@=n}A)2KQ+P#470yO>Pj}Yn$3q
zmTHrC*)={dYAgAO8~b5*T@UO+Bfixzwi5|!sKarIgEqBA2cTSEjwU6=yIBf?;epD7
z4Nzp)(7u(jWhw=@Cv%*c9Km#)HWyL~mu^T&WO$v&f!J#$h=sr8_B;V9iC(sd_&rRE
z6GFDBK&K2ogeUXZJXQjEtoFeJ?{9B=-(vxfl00{oH^;DiZj$Od*T?VAQZ#)rOYLH$
z<+*04Q_N+9n3D%M6{QlQE%rV1dRzeuIqi<un(GMC?!K`-gt>_wxtI^w=LU_<Z^v+e
za$gX*jrH_|pFMREA`7)H%zB286nD8chwn`xI#Ud9?Y-*f=_ZX)Y09BG30s>Euz*D;
zPyib<ud`F9i}4Kr`r9+yBn})?=nyc3sh0*9gmm|Z1YS&=P%pZxmFGY|pYx}>XT-Rc
zEoui_A`r1kv{kNM#3lq7kczFE!|(9kl1CSlQ!a02D+=w<098P$zZ>eH%9S(~C!rMX
z7i9%BxAJa^HUR9E_Ax@X>QBMZgZy&=I|kIopd4AWl?yI?e9QZ10&$O6gOlGRn?EPZ
zPr=FOfIvG<PInbhVTe8hoSDFdPmYxXWVvf-1hz+mimeU+(4|#yc*96r1BT6b8~3>&
z?4v@nM+F6Jwl=HfC$a$P`KF#d=v|!xXAp`R3`G;bY209mOs+nBwveX9SqA;WUn4Jb
ztU72F%c^sp3mF8fflC~ZCtTaS;Oa`PLMl0xHCzMfl+ljoqq@Um3`IJ{A;s^Ru{G)C
zfJY|ez%pnTc^zaQf}Ten+mnNBqY-|g-ktKehdKp1Uf~n9$0ToAyphowEWzriU^^ds
z8U(9dUVEe%aRB+X-1d!d`Cf?cA?$*Jmz{J)5a)z}_%^5+K({?@Bum9z{wcZ47)YF`
zC=IMvt`Apzp1h%n=GXf;r9@`LB*0M1^J$-bN=`pVg@7VY&BR+_4wUNhb==X;o<<0z
zvOA||@BGPbxrUhn^cfUbr7v43KHTL8%h&6Vl060TY6BQBxu#nJkJct;h4+OBi6~Tn
zw+B6r2uSKAwP+EJyE$bwvz%z`*>i}VjP>cMCzw^S(P(@5*dlA_6*|>~W9PL6>4QY)
zQq*`1IPhAEH*+*zYR&5g-IGbbB(8T!sZS(YQk}zs0W5|DTCn;6mI^hsU!dV*F36l4
z2Vx{sQ7DHeK4S(RWr<bYv9_<`+;Ou<JE$L{^YcW$7x=cw5GAp%Wl+a%;)T3sVcN@1
z>MS5Z;GzL)y)m5RG`oj37EJ2m?mu&!ct4HBG<BA4Ob;t}DJ)9<tE+lnUzLgw4=oJ%
z=wLqNZ_)Xu&xOW&HfZt!jxwVPL;&B^9<92(4mlr%5U5*ksP$Qr*Q7<mSg~(5TD>FZ
zUhLbA!X_68wWBy0aASYY_0Xz9i&FHUJv)`DL<l5WBD47v&+18sYMC5P1moRX34Ne!
z-n)UBX{5>NubGc+qo-C$OYBKPfr7sD^buX*%tN3do{2d~zBx-}7l>3-Oy<i+mp)VD
zi;5B*4B#bfDuB^^uyF{5@AXo)*vS}$U3A2YeRt|*FwAjo0@&*!P-b*Yt&^TZy@UYi
zA>##piMu)0Y+4V@APl$#p#;utjrZ~S8b3d`W@k!ywntSf7Lm2nCyU2Mn+`$D2cSRi
zq3v^yg^N1|DG!;|0evczykMc8C_mx`!IU=ukU6u^pr5j{&+)+s^@%d)dr56x7(j1x
z`^3d0i@3=!z?qxWO{U>s1nOySM)Tuw+O(1471%ZadD4n9xw)y&ND~f3!NhcWICLDT
zfUi^pTOWd(iw+1B!fL(|F)ODG&nu7Kb&1z8jj<NDcfd~9H%N9^4xFzdp5Dujd~CkB
zy6~`&JyLl23G^^c48_BOuB<76N#7(v#wVz+IZLZ+NU-1Yp?L*v*<vZtL@p!x4t4VF
z$ST-QSV#~)y(`$`<0%He;zx6`B|$HrljyZ6<HIC#$Jb7yqx@XV<cS;PayqvWLpD&N
zJh(**Kih*?W=U5`%7u7Qg!|5(UwI1NdnT}ioPPClZUw))ha=Ue^1!g(!?&t>vsLTn
z%@CtA9gvqNtvKf*aquZT{~RQ=TwyqjB=OY?uQGgMuimhAn%jeC>Zh;ud7%jw3ugya
zHZ>>tW<cB=JYr^jfC;q9+w_=(0mg|-U0;;}UW~ORo^QuME{nfRol)Av2<vgidX+Vi
zZ&Dzb=Iu?|pQiUAg9j{%=B^^Lp-x_i=_8^HM7Js0yUiCP0}_frqZl=$si;*q>C7S^
zR|OMLuhC&JiCHR8*cVm(;zA!;K)n^Y=q$LUnxSAB0NmAwk(DJ+%pC@%?g)0=#P2o1
ztx4<^Gd}Et^&oM(b#z;~YB6&yTQBfXqz=}(1|G7#s<n1CK2*>e!I3+5y_c4yzH<`C
zE?Y=}hiG+cXdJ&+!GfEamoK+Hdq@>@^l`LENvm$#l!J-IPOC?}Vt}&*`_6YkpVCV}
zXUJpsND_3W_h!2UyatejM@qo6UcfNY%d2~&q(y7s@it17irfd1o<Lvr;Y*mwm4;`i
zD+%D#%;9(nY(qS<@MIVFh@7vyl+82nwM@K+N|r{{<aGChmLzRc!AGNa9|tEG$)JVu
z06$WHM<OqDJkgs%5uY#$GRO-?yaqd9q$~4PFk^n_wwZ2RyPg@M;Sst;$R=A<Z%?@K
zJwO7RttaXnzA_VOePQbzs=UO^ubu|dIltE!dwt$isRxfq4wGy_sgzQDz*Mhw>J7Cf
z2D!p3K$CH!K`jgLt%irDh;H5HBBV{pZhV`~sgJ5SPFPR`^1=+7$@A=|?*%lCoG)oX
z&1@P5=&J%srAJ5Il8=J5@ZF-FE7r5JMgMBJ1n@ar6t}Fs(g@}zVMfpv<$9e2#C}w|
zYO=15%P-l(<C#lM&Pu4zyfhw%ly<3k@@{bBZgQ~MQBHt;WA8C#wlw#<^#|Q-(B~=+
zseowaRXcftn1Urbn6#zN@iHl5Nhc#GHR(7iF7NCrpO|`7G^UspC9Z(noJm_k>MNXc
zEKU{$z&e<F3zT>*aVpp`;<BwouZk>MYbz;K*WGE<*%TZr+@AVc?%-a))<8h6lUPVk
zC)PWN42$-;Cd}vKDcn;<+HXppU4!l|UAVx`kh<hk#jY2Khbr?*d5@&r1~PPb?lcQb
zJR&lO@C{haJ7i8ZemDD`+&+7TSQ;6Aw)9heOyL>Qw-ObjofXln)5!ENUPD~ifya9Z
zG$Hn?IvHK-;kW!g#|-B@eq_;I@)&Mw8!R0|U>NR|>OFr>nzw6D^Z*P~aIvaI#Gs_x
zw)KJ`8m&%hZ^l|Hbwj<6(36T^jr0XsmOowgd{8xxCb6;1><Fl7BBv2^ETaklR<b!q
zLAQHlECjZ71|>CU&hM-)VNtsXBj@D_y)4{hV}6;ck7Z>z>>3hO`XO#rFH_Tl3V5c&
zV7(5s?bO&Ws<F18H>k-rrM4dL@JiXkL4IryVqh&Qi!h!9<xTL^??UihA7edw(c?6|
zE8dWlC+tOm>9))PV{90hV9#I5@bQ(mA4)HXuB@Ej*2?0Q#Hc+8hfL5;PiTS@L#o%a
zGQhM!Ssn+u`1@Y*&?v~e5EeCydy4rS1%V3yQrkv}O*@Ao5BOeD!6NXd0P%C+NZave
zFS=W_3g;@t5M#(<9#VORtGkXP9H`~-i*<Xkv1w0Jp@8j?vi8$=jl0C0-9nAw9QZV-
z^fAQF%~2d?1=2RJPlCPS!y!gNJTcLO(%l?hkJNO(Wrjq!>?O6jt7~3{fVP`R7ZAl`
z<s6eucU+_Q&f!kPfkyT$G2dEwTwgjI>YTj60?}P%TMc~`3wMK3ilH@QQ)JMh^^63c
z3qRi%j$Cgmc919mi#MO-$YKV?oZ?8s@tQ5(G>ew9JEy`%SH(3iK+`cz&C^f`cRmeh
zHKS#gQ?zR4L&ee4@JB+sNUKx|0NFx}3mw%ewM0BVH}P5kULs&#+-Sq^(c`4A-W;E`
zq?sRkay>56XOXa;FMy#XvN5jU4^0Kf&X=DOr1vR7y=9obp2TE|b;=T0rjirbB55~n
z8DbDuNN36IT_t^)toiIw1W~{8;=BQvL<JUS*eMTl#(rxBaMZ-tP$)OeFfLaH&Crjr
zm3=WuO0e^AY`s9B>^$m<;Uo@@;I{90lq0Jji4?o~^^+OLeYS;^_24M8jb%;-r!gnO
zdavI&Yq`AMjclL*0M=tyyM^(WcgI$<%-~G~+DiTGF`Ga<1b4GGF1I3idJD3NY_)R@
znq;A54<Zsq<W2h77!l|5u462l?M&QiFMMLk%W913jfG_>jXe?D!!t$f1qv_RWjiPM
zS<_>kJEk_n<CpB>mhYug%kUsu0(U0as<z+hFA;)f`AzMc-eB2B0NiMI3YElqkJBGV
zNZIXiQp_#1)8V{N5i)%@VpO{mHh9gM7#mm2z`|h?{dDF*U<%FTMvm(PFAZi1k5zp5
zstK~*020Bn(8Ilx4k0SAxJn6Ad+lSWx9{PKDk78;qA>P$pWlF1`wHR!n9GWp`%Wab
zw6V}TKxY_Q#OEC}u+w3Pyj)h&!|+1MvZlN^X5Od=EbInG@C6kx%S-nYBEgoYtMBof
zXdZj=-Vt8~uOtl}UZKd7dW)>qVa!rMf$?5@8AA@wGY>MpeD5lJ%#*db+4N=YW?PF!
z<33InS}8MV7I^0d0kaDxiT&E8p*i{<VNJK9T<o28y<2_i057*!j$v`Tb&4n_f}@HG
zx;s<|=jvWAfS1(MY5?6|GHk?SAxgipVqqGG(s=;H8C1_BXL5q;Wb_sBv23Wa5ca1G
z-{&~O$>|vVd~cR=0^ijEEP9q!zr!cUS!4r^=85j5_!!qtl(<W^i213R47--VhEu=b
zoT_Vi70Es9%udXjm{5cQiNfN?tOJ~jeyZ9g#v{`21|6GXwfkn3H(3sHPTZxhA$j~I
z744g$_d=)4V^tXqde5GPXJS>)6MLIbl@FfBn7*QO&YV^)d|of1Cxo6hl8v}wze9ZJ
z8jvz`fb=w>9rAG-z#ksY$}xSD4@qheIsIPj67MkRWww|$UqR!Ns2Yx=U6b%jp_6(X
zXS9#rESuhIQRz-62AhdJ(@81ow`B`1XtYf3U=1{Ycvr`4E^Iy))1-QuQma+4FN3ys
zE4ThvF8t@8|Mfq`@sEG|*W~}g{{E?qfB)ZlWGkmh`ICKT1BhVbLi?JYOADqzW@fx=
z#Ryr$s@-r-%4S1$M$(s4&#trv7sN*n;LAfll?(9mdb4ZC_QJU5Rq^!0WpL!D7XHHS
zbXmKCg~)Mk!3OMF7&;@z_bhWn_hcT{I*+V8cKBL3ea>9nKlAsDqe4tK1?=5eHe|@W
zByd7;SkW4Rsqx1_paQj)4vB^#W|Pd;H|M&7ZTdQs7NO?jOTW|k!{12_-|0QqtMHwt
z`4Yq7!K8!5TI_p1nZ30Ea`pOP&UKH{Q1Fy)A*9X)bqmz&R>6$l(wBRE<~Tez`-$xY
zRgJ={8G04&A>ijCUdS6NA=v@dp6}u0MG1~(HNLw6XSoViT@ECHNBVl*_7QgZ$LD@`
z{KoB@`}x63&qwe0(Xb@LHZfER_7o}t$>?E|V0LOQ3*&)0HR?;e1|un~y>sv+fJR0U
zOCpE(_~7r}KzPV6TkI#sIzv0)ji>LqSfWf`o`bO0u7r_!N7ll#y2`rp!s{}5ybif>
zhK~o}-eev}A$u0zeSPxxQ_~ZuvbXee<NTr%w|oo-Z`#smGMS+LqEjBLVN;jiMv=0o
zKh!yaw15;CsM2z`hhvU93X1nMH~kA|(N7&?7;?As?%uD@_L#cY9OYL}Zw^v}w6}pp
z^3~KuYrdz856aqW!0+^)#}UZn`Q9xm++#bn7r5tPO<%LTzE7{ncLenO36hZh775DJ
zhhr0SN(a5uRHJX#=^+)T!|7(P^^*$&W@EMhu+2IN8X7{>h2UxC>8gDCV!!Y<`t}Xg
ztcNZ;QOYL2KAm=DjwG<JUl%S8)Oe8_*}<i-M4FsAMg}E!In0z8_&x(cvkFHJt>@^2
zxZJ5I+wq0De?H0Gu}4H?id=fa{rj@w+I+@W5LAo)uBk9ig5Y@K9mzZ)MwMKri{dD1
zqj#e;9m%8&fk_-Adzd3iGw+7<>*M|N<8ybU=WaY^d!NYR&(9BZM~-dk93KoD1}_Kg
zV`p<}iu5MirD$2kM^ZF{UUYIV@al?v49rhl5RjxnU&7boAU>a|)IRQjBMP8>x4uKe
zKZnY8DsPjPkq2v|^n#omuhPp03dMQs9UpAIBY?wRc_#Rx$!S5RG-O(>@*d6JP4kI-
zHFx-4eArVmCUPV?c5JSv`+k$)3`0!P0I0+}w;8sH1FI5F^L8w&eD!TAw#!B}y3-(D
zKNN0;TIFlildE2PRUA)3ziPnG$IC5l*rOP&k;)|xwj`D0cg(8AYK4r}t3^m7TS^@c
z3x<(rIn*3LuJODX)ppJ9bjf7fA7e|-tG90@S1n()`@km?^!bi2iQHawgSuO+?;)nf
zff4<x<93(!m`PB`-$ErlYo#N77y<7Mu$#5`$}7QCT8<5Dvdmoe=WJUs&!S!fgZH(T
zS=478pHEsS6+DZud&cuUu@u``b3)UfjJW%Tu#t5++w6nZa1Bvt0;6aFW#1=?#V)~C
z*RLsT&0|v=c(0G<m;wrKSZhhWnZ7FF&)4m=7_<)_&-5T|pHOHFoP+JouUZ&pt>isY
zc|^VHv8r~@U-&(d^*RI*6+S|Ww>dVn9$p}qCcB+ar%6oune=nWe9@_&wY<-FZlcc9
zC8GGCg-9M(=>~)sVG{07*Lqmi9yPDTDQyT=ELv|0y%HKpaI&&n-SXb^trsX*)$nq<
z9LK`uRSO<)-5oL9b$`Bi`F!!9`}Xz;u&m-`-Xphq<AaCP8Mg8>Rp*)DuC7TYwdfN*
zMs2{TNgK<>n*=V4?1x;1NB&^MGc()lXc|F>=r9dY?Be`kzt1<L-#wfZgTrG$Mg3OY
z*F+xVCa67|IG3NEjM^{lY`xMpky}DcYZd6+WeIDo`4wk_boL{q${f$+3#kcGIOGEt
zfnH|ZHseYY@6U=pU0{6LZ}w_>W8T}>mAB^aS><xcV@06+IkF>0zH7wEqdl1|%Pkgp
zfl3p3?PMI3?&@pj5-+7O-bDLpK87xKEgvW8*2#K1WsmZ!Cj0L81}-<Y_y{!%fyNoF
zpo`hlTt}{%#(zfk3_L)CC${FrRVW2D4R>#EeT<QZjAVR$%1x^Csu39<l8VGVS=Tj3
z)-A$!2W0v>KegxI2>|55o0F*$)3BvRy`-4EY|mm*7)8=c_*GZ<t)o5dKI>Z%!_o1A
zh{xNx@126a_bw*uFvV`)y5VUkk?NqU(9PSeseM6xEk#9mUv&k2*0o&)WD;kOdGxwK
zL%HpNVvlo4@m=a6xBm3<nE-i>ApO9?=brSHxWk2I2<xTQARmsSmhZaTb>%ezrOm6^
zxYZ>UVc%^Mk`fq??~DCsWqH#<kB8?ago=2wLN{6axY9wb@szB4ru=lm*&Z`5k9rgW
zMpGBA9!pyas{24$bn}&UjtBt8y`-!nLFElG9LTB2X-x+zTi`~a{;ciOH>}#9tDRnK
z+%zx3)6V4-YO|f^;tIQ@undJit7AKS#c1=irg&vWPd!`{JR!WFR*cKwk-S86^9Jw>
z3)1#PZgzGf>|0K8Fg=c-BmJxn^*iIW5Q|AhY(FQ9w0sg9eiwj&p3emMG1*>;`1?6c
z=)<%;<Z_R}gu_hUx9`roC4l?cVhYu4lGr#b+e)bD%VOTm0X4Lq(lXF44Oa@DcVG3<
zr<cHa(fIXEjC$WSTK5&A8AJ&W=~GHRetKnXQ7-$luMw4(D+1qgqu-IEd6H;$L1($3
zGy70iYS{9L!uIV#6ws@%@%i%@rW`zKIZ^WA{j89`T_u#8*F)|kq4qhw2O#L<_>j&`
zE(L^eN!Mkw0~+4X1kaKbv=|0pOWvzO`Ns+$t3(Ty!DG*ieazrEJZD%h5tol^C68&T
z!G}1Z-dl!(n$H^Fr@sIvy1ExaH|(5q&O!Qf@C-v|=YC+&+V3a?!ZjkB`uEx-CA8kt
zk?!$>AWK@dfIwV;!xQSO>xYL#0bSXH9l&jGcF!N&Acrr~t}ACxQ03Nlm7h-I?@F))
zZBARVyJUdq{KzLE3W1pB5fj`s)6{mev()cRVr8yn?!2pebit@?>t{r}1)36G0&(cC
zh^|J`v4bb%?hNr{Ho%`1)AQ0f)6VJz+x@CjK0POnuG>0b76L}gt;aSDy>U~!2oe37
zMrPx}R;Dx?HyYumyHa0!qNgG1yb7QI!FcH4&BaW6Q^?eUa)AhoQO@#MWa24mN2pZO
z;L-Cqe?ob7MW2l7r~AzMVew_YGI+4_M7g<qC7guOeBJg9%$e-FqodgwNvMVQGXogE
z$D8cw4#*)5?=5$2&yyLY(Pelo@4;o<h6?6mZ$L;>Lo$h40(CrmsH(X3bY;uzt5*B;
zA*Dlk+Z=D8+QbH)w1u~qTLLVo$iQ<<8=ANhpWxhSH7)s_<#e6yDX7BnP&ad?M6w-|
z><%FFEk#DxBTsH3F)FRomPs0zr%(C?vZ!#v3k#XIlmlPY`lllmP2a{H#!?aY+9c&8
zu;G<$Yel5=B+BhjlXO=$UwkWdmGkzeH&LKMD)x~-Dz;4*bFac)r+Bjyn?tHBF^Y3M
zIv2i+B0IoYn1Z7eSP#`90YsR>w?6Cr^rmMg8kX(N_#hfw-O2b_Dsr+Y!NXSOK0G{E
zS4lBlAZOX3rWe1rMl#MmI|r7{Df*NMb6Ptk;7ORyMKiP7O(xWGUW@G>%;UEk)T8Ld
zm!xf*HRxk*Mqd@j_iTlfIux{O+eNp}wQhq{A%xT9`MZ1lj<%Bu@?fWD9&@x7?Y@=w
zv*vl2OfS(ms`@&dlZpgPAQ914tcFyOx@9^IRL3ifa$*arxNTW0%HK7tBSmTSu)nW2
z%<$<~VcbXcrVr}Ujp`xB>jJ5Ii)spq{$QLRGoS;BDTZxhEG53+@q73CLTfO_m1nlO
zmM)Z7g;A-ha<TVFQuRn*Y)F)Jrqcl4lt+8prQQPrI&0>@!l$Q~%==X}ema*!?N$#h
zpJzP5c`qUqJB%?`)q0xVCJ^*;Mdqt&NIQ#V$l&+XCSU#Zu=IPWkbWn{TlF@lqMsh#
z1J1HLWok>rbGQx^cJX@tD6lwK4H-;Bgun*c7DL}O^3$)n>C?k3D-&s(()gL$+xH$m
z$b~DF81Thbo$c|_%?*;vCpap{4Gg{%?`iq|zA=cSjCpp30w@!4l=V8hjIFbsJG+<y
z?v?pP(_}}6=0e>dn2;W+59rk+vUz4NV~y;y@=rHw_t}jgQ;YJvN0il-edJsL?~ZY?
zv&GvS!y!&(#KGpN5f{O!RVqSL*-zGG0t-+DhF(1rzK3pjX#g8xBZqs@pyL<C8AZeB
zhWfx4MYRfEy(oWcc5=q!rw`=eSMB`iYk>RsmIbc2pTKq$0)g;q$%rn5hc3)afW2E}
zUj=qTAcJ;(y}CI~RjzeEQ%YMUsJi1+FmANk8+*OP5XAu0I#NvpqW$ENVo$Y9@GT>3
z&X~wPyuvY$n~F5PN%H%u{(U+evjH(1<nvP6eJoE8t=}Hi`Pla0ytshMQh4PYO{*(4
zgz{i0D#@~Z86sc(W?!h2A99s*@GIP$r>>_Q70|NFT~cdHk(ffk?dtF0Sk%%UJ*`J}
z*9W3LZvboM-NAg-FW)K6gXF=5zV^0PLsLKvIqpvoy4dsPJ@!1t>p(Km<GpPyrV`(3
z_G?P5K$g(-pKi~qAo4EJd(W*mYw?*pbk_-Mx{`Zvs5~LephHPofLzR71T^Nk_u}T+
z+BUX534;DaKtEmYBoya{3h(YF-(4MpC^V|n?PPf`)C!3|nJu4I1bAgr>`#qAPNuK;
zC1u}+_D|>Ex4_+%K~+PJP6HsPG5glA6<eu?iD&zYa;A3gY}Z~eXIi4#zQw8HIa}#K
z^mjDwpBQ}mUxH%NmiF$rJN6QYq0zX;7$=6{DvuZ`vcGcZEqQ`#R-k=wlCX)=8DP8E
zWLx<Qg(%XEI^@!8<{M_23)A++GRJlR57`={<#(Z5Zc+~qUgoZo^!UM+_TzEjd#iiu
zp7Di(eL5l9<1{0|(V#~r(C-i*2vZL?^F>MboC&^l@i#B!;%bbc`uq*dGg8)9Q5TX$
zf)iCgJpsvXuV?7NnNs)i$)N~d+hWgFTL=vH#A|i;djVZUE{SjhyB1cc-qQI@@sgM_
z59A96|DIC)vJy`)UcV_hG`+05bJ3u;r)0_21Kua1;8p2|%k;+D4#g;Zv-(Z1jYqGb
z(u=tGeJL(UdOHPDd;YW_@%Wxk64G4LKxNxg515x@bhVsT@6MM>9+i`s#ZyBfGAvw}
zqZ;}`B0k-*Hq>9O0Y7jBHty)>R4Hid5!a5DnMf<GV@4JxgY&S`YtP(!O8TCHb~Lt~
zV(v&>*!;r6C*Sd4B4ZdD7SLjMfz=82RMt52O>?t_B_j8ww4sHVQ$OovZT7gzd5Qxg
zCDEz=KCpQ3oemdesAAJzr^2bW&t<XM1csLt>TGFZC2VrrF2SSo7&g~6i#`x;Gjqv|
z)u402!<TlyuZM$i`%*5rdY<!STAp_)tAmBoJjja_u<3XC7H^(I>iQ)&$tA;<mc6jp
zeWH!}UP|M9qVegNk%UqE*pO?)98flHQnle|oI6{T%S^N4*pK&}?GZ)Sd(7~z@&WD@
z)zsMb1_uIBxC*xa%u&jB48qx~ZdZX|&}rA2f=v>OJn7jmV-K@f2QPzRxhk?X@p4q&
z8L{{EdoC>(=Opxn2kLi%J}M2afic;O=-iqn%DD&b8ImlIPT2@}$+@bT)XibdZPbUn
zn?39aohDJHi*fhX(UY*>w^)vu1xm&!S=YGNf{DX$_vVfJ)(X6qcPNr6m&1(u;N8?<
zpo6_(8GM!PK6)&H;EB^;h|s5tZo@?wBA~V=C0LHbpguAI?bUk^LE?rq-lNJ)^43mZ
zE27=(7bD~G8tPOD<EX(m2G+9(XN7)dt&m{zV?wkQZ@`DBu&9@P%d8TBp|uV&_+m?P
zH}&B~6=D?c%<YY%8DKjNosgH)=Vbl((@$ag2|6-cCsR5R-CA<pqw6>idygdgPK5>D
zC<xyAD@?l^g05%tG_;qHQeCT}Hqx`OHLP?r`RDX$g+>`wj9ADfi?Y4gxPA~++n2W;
z$N1g`pM-ANYStCM>zxAMNpt6|x(C2smL~7wzEF9e&N@r3m5)Hz3qTCtIb31S<<@NA
zP@F#n-j}@9@YMAp@@dDqLxr~3a}se{ccdg;Nf*0o6^m20NB7fHDw(!36EdSE)(DM{
z(i}Bg@EEzDS^^pdOocPGGU7II`G}Sk5nMuKfMY1_?Fjm}THdF}?p8NCh>=j&@kN8d
zVHy)Mi;m2z#>l38h}+(?yOv_Ov;>={cmvIxaJNNaGi8=x2l-I=*_3K^{zOLP=4hL2
zm|sar>{XPGpf5=+oZKl}oK;vnIbI}|Z37A^j;+l)gX=t8#ht<?%-5h_$jGPLKGc$)
zj@uBdVZ|EDx<-N&kZ0ms>3%cnH~yAmxFE7gUf8hK<F2)GNlospNuPQv@}hZHuu88>
zvvGfRX2IlR4vbrwguPAO$sxc4y!40K?2;Z6I%kiE9;aqjN|^=>x>ZQ$-DD50%ZZjF
z*B3VW>ATW$d8)^>aL$O$v_9$NFW-)W2d1R0z!imPaaX3rwQ47uK7~bqhw=cgsa()o
zp8y@YZQ`rz5MYxqke`VbN7pZ;U)V@(UOhrtu%41wST=}0QB?F(TLuiqA$YC5&urmL
z03yU+>64{1bQN&qFLdnFfeqCb7pNA~IyJ`JRrQ=W_w61B86G!jN}u&ENOd}+BB)N&
z5?V3CoD(9jMa=2gbA;Vt<(z(55yuKoe|GJ{;b#M4-DBixg;WPnCy3`Zdp&TeIXQW+
z3Ue&rK)0*#-g8f2i~{MWX>QNO*r3-wUzUG*G2J91PF0dIVGC0T!sTi_KVU*A(|Nr1
zo)4-=g0h>H4!(Y;1DhGzC;)<NcsAqt5aVo8`Z;&=su4Hf)$cjr9R}@O%De5=mkq_+
zu}Dx9n6nY_+(FW<s^G=54e~14O1Gt5i3o*$tee*6{?KjB`xBw><ST>EUP@-k&?CxD
z-RFpI&YVg}H8gO6PcYSH%yq5<=XL~(<(@6hmZxXEiY~P>K#OkD6X9Gd(Fl!R6fFOV
zk;xL@4wuA~77nv{*}56&qprF$Lm1D%q8C-#>dXFm9_nFa<N8ie84h$Z@X)i}sL$yj
zzSFQ_jm5)zI0x?~1zGx?NWFS$%{<_75bl{IJQOcyYKlo18s-srAxwmX6CX4j7(ev~
zpmP>y5a9-=b;5+0{u`zC!PQ!MF4xF)kNFT&9I|RX3Mo|wR=V)v;wbgBCaW2V1z(Z)
zgJSJ606toq<CXioh6{W;^@+9q)e@Vg=s}B5I${oso<4BrNsEacAtjfXp7iEsT95*s
z@OPN?k{IYwmX`Uj`m|&wt`5KO5oW{nSI{`GetOa)u0(#r)g}8LWIMA_+s;&SF4xQ<
z5uJcEM$gjI9MhzN0V9r-w>S{|I*Ny4UaZ`wngl;RdxJFB3-WY@(RAvrn^McYwZ>E~
zIEDw!Gio;WI1?FLaTy!;QP1VQdegIFk!*_sd$lJbQm?V=!Q&WbNu#%Px%M+LD)n>0
zVZ=1o+1Hb{v59*Jb@`M`@lN|3-b&z3Buc?_a8i|~_T99P4RI243bpIzCsOq3-l*%v
z;}`B5Rq$q`Lywfq5j%`~UkZiRGow!4y)B1Sp_(H+fjNs~nj*e9<Kf_<5t~S$u(PD2
zwdkAVxa8nD%m(<GAx~c6<fYn9)C)(F1$_qvcJkKbEgyps%)ESt8&$dtb|6<8)sDk~
zC%_%jT&0GqVf=~Jr;lGhdb>r|=!w{X$I&7(Ugqf_<vx`-P5Ed?mKwH=?M}VuiH^gT
z%OV=SOFrMMs{kEtw9wb}PS&(28ck&icmiwLu79DGge5XNe*5r>3WG0Sz#~X6rR&^C
zbeVKn5}w>!7cwXfc$IIvO{)aSgY@oVEY8TkmBpWqp0)gpO5Pe7znV&$KyhPz`be<f
z5f<}Rb<o&lN3!%=W}-X5A$I7>e0zQcHiSt?URH5ZI&u6K`8e9{n$~Eaxw}ME{>+*D
zuvXM8L3YPclQ2|c)S>For5O8o3x+%{fDo=QEgnqN-3tgN$bHLYWN)SRS@hGxFTCET
zx3gXxq{>m}3m@aCcyDy?cv7}1#nvYJp@b(D>|=-HzE{s;oA~(v%H1l7lCdD7yu3cH
zSFa9Yw4c3qGjK{{0v7Wg7-;=Y=3{W?9&ahAz$D>T^eTjkdfhT!Cs6P+l(;ISB0}Jq
zH~pGa%5vR9pgTSKK?&ny%Y0vm34JT9-AuW2u`|5JTgs`kQeL(*xt`mGA|QG0n^n&a
znUiITW(7m5;TK0*ZY1O{sM9)LQ{&>EXxW=8m8NVK49A;d9MCq)_X{(R8ZGONoSD0Q
zTIbTD<-Mwlh4nNv3d3^hX!(_a#CR3R#R=D7il;54>dGF0*NKLFVWyvcAMdQw7gHYb
zYaQWk<5$JQD9~Q%E$0rK<wJ5i$QGPofLqH10zs}fzK>{waUwc=^3B;A<i2N><$X6n
z>@=QcrjR6Y{jSF7r<bh??g=D8!M)H!cqe-Pgg|%Xy&@lAdtGG~_;l`QQ#{@l1q0qP
zyU|5aL|Qa79C^P_)IOabxrQ9^bcae0-W_{L_U>5i`Sd*5LP86y#&`+mpafcX%@yR>
zR1992M$rr4h%v*Uy20kz(=CwU>9hpK?f|7dQ!BTj@p5#2;^vP6eXi=b?z&sZN@u8H
z?rrfQz<~xC*`(Rzy_YJ_O#!*sfU#e2HhKsE@NNx)CB+wRrk}X&PIM(&BtUG_wg|Wx
z&oIa{>qNBG5sg(XIeo3w`W&#AB>mCreMvfEQl5H+usM8#5wtV2+qAWY0@LBAoYPEf
zdtw#HVVRyka~Z*)c59y08_Dh79Ef9p!fBigP6cO!T`1~9X+{<Bl0EOJB^x*+cSS2)
zp}3}C0`@QDzAuWEQfejJoP3u{jWOeBnzU!q&=bH$GEX|X3?MQ98VWisDbz9~SDiFc
zr_P^hTdBX7I0~Mvif4NVAneP;Q*zY$UYQro^I1&r%%7PylB-xxXiEiJ*Xhv|h)RfY
zo+BovOa=Iv@u;l5VX~7_Vc;2<i5jpw1Q-z5r?+9B$>aM5342MJEozKv)7e?B5KKFY
zbSif*%Hc9{Ri4U<JnB*clR0e3m3NhI%E4+$3JidGFNwHjq;R<7wJruk1C<iYD=bd!
zxE*?9U@sJYc8DR4qf1ni#018r)AbY{T{^Y_$DRTTBP-6X8SA>XVR5Wk9|rZzNCwD7
zDx)VzPvA>=`hB&mx(VjN8>^Fe*>;bG%%;)CM^ei74f2EzoxU~0tQx_T^xU+EwcRyS
zXjZ)mLXWowfcs{1-K;y`WIP2aH4O}m@dD;E8}`=;D8Y^O^W~n8J)1dwOh94v-nl&6
zdvv|#`TQUy5`7B$D(-Q^3njm>hN|G4%nC(A5i)x8&K{6`;`hDn0Wgn<8*Y~Jyt)Uf
zU9-&Mfvj?HZPG}tJ>z~Ucv<l-%4g3yvc)N7swc$J^2!G5`6(N`#b~O`H^<NJ`MlIo
zU_fr-!wp3o3E9eK`#CunzFIxH;I~kEqp=(`5!oFsK?NxLJW<(5=_1HgfC|*?nR8Vf
z8@4GlZ<*)jTn)^@7lPlHQGE!qovth>O|aHinUGNK5bzZB9oriX?5R-!&&+CcjEii4
zB~*Eh1-I5S)grGHyaC$-UaQ9V6r(1DaK2XGUZ%G#`QmO$BC$r3f-+%$s*v(wA==Y-
zb}!Uv9XS$4YKU(E1~H(p9>$T?3n-%~(W;DDeKBJl?xn@xz^;mm%}QSwe&15(sk~Zp
zuQ)D4Y#Jay3G?)Bv1d4<4hcb-!tacY+ORjXj3n8)-}Sxm*-WwP<X#XxMheC4z9`qj
z7mk%uJDMf+Uiji^JGFMMUgPs8#qIf1iDnMR`gF*h0xjSu<z8lVc<M_;6b6lWJt}QV
zFteb;f@r<3EG8Gcq~2QilK_NxSoMYC_w^NNg5$Y6gJg%U%26FG7J5^3z-^4-n~^vb
zJfU(g2Jja5$0E-`b(5}NBOs!8;4z6P(Mx$St9vumNuhgq1;7ta3h=hC@o7zwU~x^3
zi1z%<&(b?w#_HlUqqBAUa5V46sf;{c3EsVa*<A_I5>l*7y!<TdRc65o29E2Ju1e@A
zE%6tQ-}hQKOc+Z!*5*l^>lMo$&+_NiWbbmAwHn#BM(>`Ampp5nzATjkwoLJ3*+b2{
zm$hb<il^eFXSM2BQaX~j>EN=I8$Hqo5$NX0h$SylNArl`7n1l8_9Cl%!V6nv5jhnD
zrC>Fft0g8G+pn9W3{}=p0t5ZA$v9DhwV9vtW2~jz?TPqA^83OYQ15Q<%@eCOL%e&L
zM#R`jlBY#WpyzciF>d1Jk=DbCAX6ml13KwkIdZC8iI{SFibt$Baz4T>>v8Cu+}ny$
z0&T61YsP~RclH8Hx``;Xe{WnEb_5HaJj2=az9SWcQGf9iar;K`&5M<cZuh5&OoCC>
z_aeYFFk7<w8iafj8sEIwFDykru{82or7>|)0qECe`N$Qi$Kf4A^C1lD6=Ae=LMDTe
zW?{g}@sY)XF^}0AsWn<H*$}EgM!vyiI(?yJ%088oVL)x23``n3_yAwgai5pR+iVwk
zKhbnU#3aybeeP#I56#tGGgh|aj2Dq{f{p@CU67a{ANa^AZ>D4=(}W9eA(j-l+kSVP
z?<=zM^COD2!Z|K8Xft_l1yvUuUEmU1+Z{Eg?6v7W+6w2(E;7y0guzQIf#K!S>#>OK
zuxAhiX<0kZhTQMmdFgc$ww(iN1y@DIf_Y7a0S}cqmZI*@-s56?GGIag!%mFx(r`uG
z;ohzJ^B{gx$8)@F{JJ{Vr*XV7H{@b3BY>x0KXELHnfX-b_ucswlHIJ#8grsLG+6*E
zE7>Y%d-7pD1DkN_+$3=onW#fQkGz$KWY4J*aKZhF#49yq&;*i>l$O#9E=Ud`ns&3t
zRx3@9wd)w5*Rs@}1;6WShTP24Ux?n^zQY23#@y8L(u#Gdgv?%sG}SE8_0092(An)-
zs~z~#Sw(rM?R$2ndx4=aX-fV%*?eEB!Jpy*Xy3hVePu!&V&t}xaGBL09d+k1#5Vyn
zOs_2hxSn5^pWiFM<9##roF#Zj4glCy!%uS7E^{^%<)#IO$y_!C=Y_}HCzZ+52DU^`
z-CG}csTbleOrMWxK2*t+C*<4fQ4^T}n}wmrG&lXm^oUhOoJGho6ZO$*-P<{O2Mi~>
zdtjFjPKG`){p?5T?dSfYkYIJ8BQ#Q6HBSQ5DJtlgdm>*lhK5+;^L~Nsi%TbMijg|9
zv$YYDJ&xO66>SxLooYVdxEV{5Cc`lWZ_($O1VOKpSG+Z%hevP9NS+o8CG2l6Z4whU
z>cwM+)K#qlldIhDYg!#1QcHq6VC1akSrS^{8>zYUYATCsx7R)SvZm^#exdq(4KE+j
zXB6_5@k-v3U#C4jf8*2qJg`gjwY~yBD???St<l$sJ2jPdEzSD?Ui5}jReIZk0Rz8f
zM)s#68?&Y*2=C~spRjD#ZZ&f?*-;$&>5;7ialuvTiSp0M5_UDW(`OvY9+6}}cUr2(
zRmbS4cn1U3khp}Ib*~V+>`gu6SM7snF*dy?EVXewNnZ|N@ID=2#Isf9(jPxsh2Gm`
zEX=prQxJ4WG}r130cN>_$1CI~<}R@t`+Bcl8u`XkrWa(TCOz+7w!hOi#gl#O0*y21
z_FmiT?Vh-O(}WLP5d0pz&C>CELM87}KAT_2I*_fvdqI4@yEupbT%{+hlqJn4G2+G{
zhld}h<N^;Cs;u~6K@9}&1!|&>>cg5u>n~*Sdr~ryrJ<F<#sU<5q9q(AeD_dQaNg7K
zbpxR3Q=Gn}dTVr~Zz4wm=kR9N>S56q06DkhR`Ek*;!>l{#3wCCf-Zlmg<}?nS3pcs
zI-4pAeEj0x$atC43_p$TpV(Tcqc1!Q<dM93xv!<HWn@nyk~6mU>b<A5>$eKrDM}v3
ztg$a+d=U`kW=z_{z|t?iuqF6(19X_hR76DFHSt$T{R#*qyhrS1o9%<QE<7lSfUPG<
zEA4<|<1!sWu89t>-JmKC;O0#iaHcaknV`61Oy?L0A1@EF<z`w~kb24#w)TQ&Y+I99
zm~(qx;|2cSwBv^EozliVef1nDjBc{cnl}*{i=0R?hFZpzm&FF+Nuyox&Z_2t%+pnF
za<P<mYWF_T{p?_UEY4kX^ST-hlnd7;pnwimmv%ueV$7D_iUJ1-%RXBWFhj8mb!2%j
z(co#|yVxszrj*2emM?CF67n@*D?{J9k(J|BM0(s=H{x^(8iUxvLo2_vjJ-;okQR~q
znGm`kHeJ~mPGS!0paaF3$mH>(HKuLGg9cqP2xKrr&o1FhM9vlPIrj1nb$+wV7l&W?
zvVMB5(KQf1*o#1v$}zg22He*WTp<ysef^}19d^~VOSS-G9W*OyL{|A_A!I6L2tqfg
zQ4jA-iAUQUmD=?%Q=I<!`g^#YZpqw!B9rf`a-@%ngsgnSxr#CAa<)x~e<2*{^GXyR
zVLL@&&2@r@Cq+us6vPmmrxaO0s1a8dJDJCU<K_qq8E@xfZ6VD{9qIe@-uKznOn3W2
zG==oVxtWmT(^=*@deP$mOXv)zvH=H2(ix-j;AS5vFfnYWn!+J+v>mC>RuU*E<8B5O
z-W|vV--sApErnQY&+}?dA8p!tsYSZ%qb*lQ4G!<+Za#zbqa*#9$ke*{7C5=91TGhE
zZPT3-a)rCrjLsmYML>=_z(ikzU%xQ0z6<3jlD4O%z;X9H_tS%gJ~7T|DAnLqY|=O~
zUyb)tlExVz9QOebopWUCd+b)19pI`0;L_C7;&PkMDuz~QRFaA!ZJG@p;GT@a3=HAL
zQUzRYU@%7ED{m2%f=AqY<zyp=1k6Ag11Q8VJl_-o+t1uvRRb~_V+l^zlfEM?WBXQS
zk<DrX*JvJ1hfqkzlsTZr(uERiTT0%A#2rmMy&*`WFO>DO(=FazhLd)$muvN3g%)q0
z_tTzZBS1cL+TOusbJ8fQrLsCfwg*9^n2QAKM78R2w3g1Qulj1)Z(W&>-YWCmVz@6>
zOZG{mxPe8AWgyg~0w}CY$w}#%>48uv$3*wOnx8nY*ETe58{tATDX{grCJOo$hcst6
z&@5o{5<gPks>qJyNZkkTNUrR*rVr1KWEz}5asHm#;v%b3MS^w#r{44mO=SfX_%%EX
zRv-)7eUnMbz&sM*C~gH&wJ!$hMTe6Nkv}N9lZh4-xiC3DYFf*HHW}KN4i9cQPPr<t
z9`MAHcXPQeyybWq{pbBs!|iez2W=jx0Kbr?+|8q)93>&bN{duNLc77@^DwV;zO_5#
zVi$YYmv=P;M&T~6^rFc|)$GM1ctm)UUr5_$_hV0lWT8&Uol9Sg)@N?x8_j7lbzH9Y
z>ar+Grmj&^c@QpFwFgsIhn~=gSg390c;xHw_rlx?icw#ul%Zw(DZ8Kqw6_eps>{cy
zD2*cc0wQyQ4&GZRN$SXsF4TlhI>&qQyAPr%wwOe(T1P|hwzM-g-dShq%eHm^0@a<)
z9e8i{#CntWv^HGKS$U|J2Tv;B^ZT6c{CfjA-n#EaHL~(MM6nl5&l{}=pO+DeB{f@}
zhsLIJz0pc<*d;@3@?FFia*yGKgbG3LV+D8xq@|5#6jafVwLqk+j7Av76$Z&PQGinL
z!E*D-%V1UBHv~J|Ohf*bMD(4~3y~7~nd_2XVxIbxN^_V!#$87UYBN3SVjey4cz^(#
z^dM>QT#57Hfb~YORoAw6A{Zs6`Fee!9rTIzURUQm!A6Ry1*qsfXto!_yD<;jY6Ku>
zAM~`!>{L}wxl2mnE2e~o0XHWhz-3@^Ph<8+m$nko(1LHl{6N|X+w#5e0_+FCv~lQ0
zi5(=DXuTx79xVHs+mM{-QJ0|>fk$`aPj!=Tyur9u0F{(I+vkAJZtZY1EN~1uaEgG&
zhB4A^Z(e$K^Ml)*SIc6HXO8qRJjd(<Z->v`_?TN57#Wpb0}zg@Cxeqbll6fb2B8EZ
zbl~uNo$nD>IN>X;&1}MU2TN+^^A4_gR1nmS1=>5uL~mpVw<*lud+&%AJVi3a<xvT}
z0_x$Bk<$RnTf>&Ir$qFUFD6!aZNZ;TSH0ff8~8*YrSr7ClhzrN@-8sGVc1n~H*eY&
z&m3%-fi1{=tl_C>RnTg1y_5;z3pw{liartl?2_rm3$50v96(yC&H#RvsZ4KPSct$z
z^@6@mT)YZPhQen_@Ay=;A&th6pYN;z_R*j%k#O@H+~(3}Q@uy$7WcN?v7a-P1+sYu
z;FghWN}~~@wvK`><k{StvoqZn(8EwvIrl{U_q4dXCEC35E}gl;WiKU&n-7TO9){}c
zo$>ItIDKO@l=BKnlD!rP(4Y2uw0Qu6BdF8yg*kpti=cs4`YxvDaA@56k5Vpur{ad{
z>u{M4=QRFKfdN+(mysr}dX<hN_3D`};0DQ&R(Ig6622F;D)3t1IYZ`hJP2*SHjSr(
zAjm57b^{C$a63vJT#q*WJj==vH$5l#jdYY!E95i#=`E1XZxONH`hzvM#<1s4C7+FZ
z@xk$A9?BGnu-3GK`DHZ7YKO2hkUb&}b$>SLbwe;;sMBZXJme0e7V6^emv4@|!;a<<
zd%>d|<*C-XyD~lAV)Uk*!hC352oD)t!sVe6U|2<AmsAp?*NE5~oFlZChtK`ti^?dv
z_jD9ujvn+fi$sK2`L=_bP9(VGg1-Q(mQXB$IyvnWADJxnoce|PV8f+L`=E2}T|`cd
z2^A?Xxz;l~ivvR_KwvaL<1k0&_bOuYxXKEvWqpjOvR&eFe&NoaJ#<;jVJj>m=e3!z
z%$q57?ql9#HA7*tzSl3sccN>0=DD6~oCA7{yvSgEmrf~|LMm_D2&*`=LZ-J~x~Ar3
zu#-*&v7l{`AM^56y1+b9g+1pAH_h(6q>OM&l2^#qy7(XoHE<C$9<o3Gg}mlY-+QD*
z&$(e>;Au#8gHY`ZyvsLeiB&}wc1lK<&$O<QeIEoqh}*(!Sg$)4NLA%8<lkpE)wd0V
z9pbWpcdNr#B{1)`MQH?&k(#6O)Uy}Q5`@*BVhoA{YEIGPllBqF3_5`<))k98nyfO1
zq!J1?m`sWwu)gXU&PWmf9gKd5x6JzrH@6vOymc4X7?k)1<Dr{W(AyFl9cbF=x8|e2
zu+J_7<X#h`$L{Dh4Qr2~%U&|RQNYsnv9wv~1IDoQcjor)K-|H_q>By#T}~9MKnp*y
z|Lm(0@+wP^`j~7~OD2v&(E%JDkkZRBB^S^Vk==B55+$bB_k^zUB_YEsFRBcpGbR~K
zbcOYL(=cV|35=lvRJ~48?+f36(HB~fsu(HhtvsdU3CeG-wQbusqXD$EpXgx`^kA$x
z<`F!3+3r6l(u-$LW6F>=Nsr_V;?CRxSvM&y7Lo>bWcTG9EUF!XRzHLe&czAWZ9-hQ
ziF{xWT|RT9e0Nx$xS*mI6@y4oH+l(q7jS<3>>d{ovtPUf-eFojW>vit2bz5CSknsw
z>)P=0=Iu0Hdp&&E6egtyrW}P4ufupEBd?byhE-e%fM2*E*CnbBDaA6r340G!tpM!d
zTjLnJt%F-`rbf#|_jGms={yo1b#JTgHDU1#KM@>0MYTX6RyC}$<LA>Nlv57m`P45T
z?7j3xB1_DNO^zU|FPq>CfBo*YjO+C-7L;&=afp%~YGop8L@&36yN09ivWQ_*4gI|b
zD}{sd#A--Rl;B+k+U4_A4M6RB-gwuzxKGGlaXn*;1<1$#xX%?ZMFbz>Hj)6ZWcK56
zHBBs{ux(3lfT`PsM?o8GN7w*zXb<rj!~2<b$}BaOjq~7)xhIDsItoc2B|KeB^Wb52
zipS}!Hf;7_PB>6cCoe$IibDw-A3rvE`I+nOdzUM|$+v0jVLS!pwYCybwf6*rjYn6f
z$1r5mU9KZ=Jk*pT$RwH)0)PVP3VfkU%Jg2KQf_&lTcJ@O=U@N{&neQG6&|!OEtgzJ
zG!5hVsQ{veB)BEZ?%Q2i=GUw-zAHm<8saG9s*@3Od=?LWz5*V6rI)KHy5^>==3)7Q
zG|+KVyqi1!z=d-hO}Wxj6m^(@D2mfOTcyi^HwN&uHsaHT{Ck?U)`h0B7tfzc5W2d<
zJ2<Nmm|<dZo;H6M;Thb6ov(Gz-#nalZ0ZNcucUT0gI%q-rV>D?<s?>*RV>h(oz@J8
z86l9U+pA!4h5IcJay{;SFAPo=8Z3r#Y%Ez`^q81J6IP+rdnO+1x<00b8@=;;ha;K;
z7~qR;ozxp^`6hSV+&dsPs>9yiU`M`}%{mpOli||wtZgBmWs%h(^q9is^Sn<M{L_mx
zAdxBSX_4<->a!r{(f8i6Ve6AX@Vtp;nHpkQC@sBv{WitdL|zR5J%z_yg!(!K*VWJB
z*&l!~7PK$xpjPe)xN!G_ad|F9<u10#ShA`6x-aQCZI9UjRL91{;wD?sGl$34U1#$h
zfaJa$kQLD1Q*V>jWIuU}ISm5=11%&kDMD2dOVt?gb!8{LAuT=SZCk$xuH-qJ^Du)A
zppjFtcbfjiLwxpR@zIQ^)+g@tibMm|4ALJOJTSuUzIkP_+2f^>Y-+tyX=@MRb+}}U
zmUl;P4eD*p>q*HeWGJ{Jrs(!j#4UW2P3lP(tIQoS%N$|1`LKo3S{4~?q-1i3Wh-qY
z752&CrEO+4%Slr~!Vy~#V+b=*zx~Aoj!Ru+Qt5Ovf~<{QAZQ%mzK-zG11>Wa7!&6h
zm9&Hx7<v;dd3!foDpu_mTGnVKA4~*%cIVp55_=pvc3x^AOCu#-)Ywi?MQ{0D<?{Mf
z59`z!zg>JQqgi2;JHzsTSf1)Si3{w$7NpIvkgOZ#V}^+vJBwASD&^EomsynB+)X_n
zf|ukW3KC1oG>EP^SFkG8VA-B1!R{l?WVQfZK%&1yMy{uFCo3hn{d+6n(wE}c$M+87
zq1G<%NH)oPs+1{Mb2zm8e4@I^`0;a_BPjHV(<^<V;_3n~)j<YLzqr89KJ6=x?_CC3
zjJiH^CF*?wZO=)eLk24!mtT}b)^_>?Kle%Fr@Z$7!|M&|6%-g40rIm20lmW*z}kd+
zRGt@Wn0Q!&>gEU<^M=`P_5kW0##I3@FwUvry<`gu(RUi;G#jn*!2H<^ObSRA>ca+_
zKd&0+7ykPKZVK)P0UVwApbq1Y&BNg9*e*rXgzREs%goXq2dlBXC*$zO*%E!ICeoWH
zlM@Gpzu2J9j$I;+u(`0U{u*_VpYl;qU>#{YEnUJR%7`|cdU^O}qV1S>Qs~Bb0IeI2
zrq=k4Gaif+4Cu&tOm;sP<G}aM`{r2$5f|oN0AnIZmnKkD8m_Lm+PI|1i@;`|<BmOV
zT--=ghFZnWtWFJbXpU&SvP2rB-0Pn`V;&UC)dUp00eyIe;C|MM660H_v!1yS$0BZ)
zz|19#0_8ZYEluxfon$|yJ%967j6V7J?A^4xslg{M_jdI3+*PV_pQQ$PZjbe&*jL-{
zU={~D0i7=iFrf=y3PssiHmu&Mf+f@A-MB)mK3-yYw<dQzGuqO$l&|N>DR(FhAm|ei
zA67AZ@KT5B-FqhT_>F0Vuk(XwCXh^2l&SYXY$^hYaj5H&(i3|pPku2nh3`Fj021bg
zm!gAk!nIcQ0I1(ndi~ydbVP+9k(#FI9l1Xs7vfmjcXefg`_Mwn#=jWh&n`Y$h|^H;
zYziJhipz=iqX|Y6QF5V2{vu8_VagHzAkCt)p1U2C$17Jxh*0{}wc1MEErmVjy#|59
zeWZ-lZ`(7D5}u**I8m~P$L`B4z<P~`iUmsJ#)W;!?l%l5_)dxFp;$%jJ>oWVF3W5m
zhEeIks`OEhrum(4A#zI5tXgNQ)0Q=!9~c0lM2c;DcT$<Q85m1Tb+=kfYSvqQ6DR|V
zY4VzH60wBd7bowtpFi4&q;tq!SO6r8q{r`!aRG;4zE_xzfJPdG4HD1{$4Ic{3=+pA
z>+w>uLt;7&dx`K_M4&!;>k>mY=JD7nhKwH6d9&nHUT-%O)$>dODGCmyad8#O%B~Uj
z>eH@f_kjqmQKAdok*D~Yq%<Q_$i!na@A}YY&VHt>;5@^cA@VF<&lOlK>^cm81$jZ4
zEos=bik>$Q-DXGYDL%yHSfkCignSDr#Mm!<zF3jZ&dwe6^a(T^b*?Wv@p(->GCRhy
z_j+jy4dm5K>)f&C*}b^(Bqr$Qn)8LEO^O^&ky%8QA&i`zDM1qwUK)HJ8>Ke`wA4JD
zujGxwaz0~z%@)Wl8p7tO8XILa+e~@#_+9WlMboW=_xhQ?r`87W3<etNL3@IGJBs7)
z9={JmH1c6sm0{&Q)M7WI-I-_{NhTpgREUE+PxQ1GBPoiH6JL;|Qx8kO_W<%m-duh0
zqVVZpxGJyAx=`e#&B8GC&Be;_YtrP-(YDiKfZ>=e3<QX$fjOBFQu``pTs0uW^pPve
zh>#v{JUyG{nm5(v5wR-#9->=1UgY#ha?6ptYA4YG6hC=tJl#l4ryJ;7*V=-;YMWc|
zXyU|n`_*kAENbML7tcN)WSe_O{@@ogN+=C~tQNZ`@-tOn=~o$ok5|D5rSt5Og)+Rm
z#8g@lRmh4gJQenOd3e0(QEMZ3_sPs>w^!0rZ}ikil>n5;=%=;7BcY<<N0ZI7W>NlE
zZ}cNvIKm2%L~TQ9+{Pv9<t=?uUhhcx6jWi8fjk^{YqY&NS&dvu1KW2+<Gr*VB(w-y
zoM=KNC}FLsky#ItJHy%5s|HniSz3h46plO_Ft}ngS00Iu1kI<QEHd=7@57R1<+zYY
zsuG$JmCajVs-rk%uiQ|ni1W>32r#_!MzE98s?sbB7b0H`n^lmIxz9Pp^phLG)GO{+
z4sEU83W#d53h}l?vreuV#F*Yz>oao_P`o&@wT!3CS%a4np7wNKidp9gy%yR=bAN^x
zRNibyY$2T(BNFqTb{1+^Pj5h3Tq2P6u36p7!V=(?iq}M<IVQ!Mtv51Vq1pKgIGtZz
zy^XwZ@9jFum9VaWu=xFQvf@UtIP>+yds(GD1<D3qG)Tasl9;qr&leiQh!VYGPu^G}
zo~gg5R1s1->^;-)^mA_U&jjF^2S(THNfTO)P~3s-5WB%(bVVSYb_iMHv^`FJ@Sw2z
z#U}Egi#bZeMwsI)=Tymi+>7mDD}wI5c|@2Q>Zt6qAh}pf6zuo3dIjZiiEU54CRH*b
zi9rjWMXn84guQJVu;*{02$S7lDKi$d2{UP+qwf)bLpo&O?4sV!*TeCINwNi2wAxEh
z#8fD<G9!tqDXn(`AEilea3s6u0TAU|lVlEkRmI{U`WEsWVm|qa&nzH(fqnx}Xn-{W
z@4RQzfwMaav(a1hWd$@P+N1=vjfT3Pii4PNhzPFtFfZI5c&F|>ai2H%pm^VFU}BLu
zY+)3AWA~iJg!w&wl4_2N*dq%eWjrV6)Sk;Z0B#nn9;${L&$@+{ieh@6@&qJw1O<{$
z5>ZJK;uEN9SfKZO=@&y1NE!&qPieU<o5+Js*~V=G)U_His^%rrQolA#RIgN*BlIT<
zizHJ#O*{b=>ja1S!4Lv`#)8x*5#^~^(!Cw4mOC2n*^_9W<iTxiYip;pM_y6l?^108
zPJO8Xu4?BgvZ}72`s7R0<B+rDW@joc<X6|xl^HUWa7#k>Ubd>^md=B$z{UY`x*avZ
z7JJIWEk{+}n#O=vPfRnp<WK}*%0u+d?3p)dT0_*P6^Hk=vjCs4@6X|ri6faSQ>5Ss
zQDfm|74a1~f>s{itAszRwvxX0fC0p^)u>k}w&1uXSsf$P93%7co21W#0LxjhAkR1o
zpr<t5YLGe?=#{)KSrJ(6N5TqC>$VaP@MN3b9xy%^IXKaNrXeGmc7+d3gYzhHM=0><
zc0<l&cjP4&HmxI(Uft;_=dAb(#5N4I^euy6uI7_LsSYe@()T6=b+|dbQQq$JMf4hc
zj~X7gB}}DcOW_DBWUf?z%Fl%Di71Za_EPKxMGKx!cdP&gfIW77xy{+&9;?&{hMjU=
z+I`VbQ(VO=fx7khK^RZlCrzl|Z;7rYq#lH>GV2Oo&$SPBqsbUfc8m$6BJ&Vq#AY_R
z6Ii_0n_8$tri_77PchCOPtr0ZG(go9{yB4&3+-`5ZfimMbnC`qRwm~tWkYJqtf|aW
zvmusgEZ^*VX%A5E&MEupr5{?@a8Vj*Y3TB7iZDEm>|M?$O(|H-Gy@_kP``-s8^C~I
z$1Ov4;D^DA<Lk6R&osezx{0L96Iq5(x}FbMfjy;neYD1_s#7V!{0zf6K8d2w+(4yM
z);q2$TN|?l4irM@kF+M!S|=lC2;76I=dLob@gYTZ&lntQ>=nKs7Z)EY926ORvvgDH
zkX}GW{y+qs5;~Vmh+lVfkSjOV%Thgt*9S`2BTrOL>h38H*Hf%{Fh`Ez%f=*t^;}_d
zMu3NObTyd$-og{z*r+@nC(BirD;!7r*`LOy<vM2F3mf`rrp^m87LYqj(?pA9%#sPy
z)EJL)o=ct0jl~Ln54J&M7Q3C^XrX*k#h(!ZVM-v1dO9n$K`EEH_Bo;^#TNQ<z+zQS
zN+%>4dS3MqKgRa}K_#9C!{cr{QWA2kvsqFRcL>!aHjslB6lpr?&NynqM;khjw5D7J
z>e}-NOQsxYvUi|$RDk7XMSSBOY4PgJN)2*2bURQ`88IN&05ka$e|1NuVs2Q_2bTWg
zUj7afJX)3bWNbC2s^B1Eo+Tb3`@94=(gJIxKK5sLa21_E)QW#}1|VnD_{g}8FW^MI
z`6TOohKXQ)vkDzyHL2i=fT@h{^zD1%CwK7#S|H{CbiL(SIJXLRhPefrWL828$2tv2
z;{x?_2$Qa2Ky)Mo#lo%ZcRrD9j!RQo=<sL(w=V!K^(Cy>d$w)YwVHNL;&S$YcZrBc
zXxQr2J<><6$fNa0EF8ipAv;UJ)0CjGi+t;C48!$9R^0wY*H!O1%z&;f6qltumrkjs
zV)w4VBo8=rY!@qD$l4nPl@~EiGa|>=gSIT#kgTlb@@<3fGghp77Pxw#24@OOZxO7%
zwydzW8J6eA=E@u%mU7S>z$h;|-2hehnc3s+s|D10k9<6geIMz`-8w2MvK?A(-zk>S
z)GkdEgrYn2Eji9*$u4_g5W3?NSX5w|m3<?U<MXalA&js<gDTsiRuXj4?AF_%p`8We
ziuu`W+~W~Z>~aLFDB1Z*7_(<~WqY<%H}d5*Z0peWy>!Eif*32TmKr@D>zF~7SH9$}
zj^fEGf-{rlrT)ZX7e5J;&wz1*v4H8krQ42B@x-aiuP*7jBB+Gb-<3TdB7Fx0!xai$
zI9lHPys6}6TyGjNLsMo((%YT_=*ODX2E>Z#ROL=yF04`BM%xSEbPFnCsO%9<348fe
zo4Mif<8+RP24WnM%E>`di@VQ3MtgZ>U?9|P1K??BiYnjh>_7_uP3kQZc{C=Y{_~Ap
zhmXG|^%{uIf#|V%bulbE8@4UtF6$gCVnevyu;l3?0Kl%RewoXwFEQ#pE)utIOVrP(
zA(2Z^dbUv9mf?|C<V-IgTqnu63ijbW&1L639e)qSEfX7F^Kza0Ix_YuKItnD;|ay}
z$5aG#DS5mQqa>F(PEw6A86~YvFhE(8blu`5HGC^zbp%Mt#~_a#Ll7FNns{lZ-WlS6
zTe|KP7K<=4D<{oHXn7!zEItEPaC?B=$DQUVb=)t0k@gIqiU%}TH1N*V!KpissMv$b
zNiI|J98Iz_ie_m{SJe<+uZW@c*jcEdkukX0L#$8I>@#$j?K-@QV+zS4R<iIiDo89E
zroibfM-C5V5ob7l#l_^JD2(S|Q5LBi;b0&r;HnSkrqQ%PJZxDawF}d-K#iTZUKl#1
zt>m5o`@RkxWG*tNKznG*fx=R<Sc3O#e8=|91CrbDX}5|-B~pBK$Adtz>dQv6hT*_2
z)+q#PJ(D>h9)ev2>fQQ_HaM>|!Z!=c8H?QHRF@FFX->`9AasH{keLs7!VGm`zzfeV
zsvfwMh}eU6<bK<W74S)$f5wk8!;#*T!F-s(gQAbe&~Yef57O7)1Uk|Y><}J4t36|?
z<5bvtpw?{s%B9+So}oD$!gQ=tV2LwFs#%2sp`YPe@R5b(Cck)~g5(sSGHg{Mn-+Tc
zPV~k-v|beTVANwm$qBVKq@uS1Oam&!v_Oqy4`OKN;nRvS8B-pisql#x!v(ja=^%9V
za~|s)8uF{@=9DqK;+)=XAx6%5IPVTGP&$*}E|NLN)X_#-fiCvj9wm_=ZPW%`!M%ZR
z;{201rU@yi$Q(*{)L9+S!E*(00jcrEhxAT25|vAma#rM=Wni1#VNbvShKpn$bweHq
zbPv|bibxTI+rk^G3rAKWb7*7a#E^Gx4@!4w_zcg~XCB%K!E>tN1fO?ARBtz?22kF!
zVivF&f#a-4&st_9J!_QGXL}QHx!l?-$W98pw%F8O>-n-n!}~d(6$Wi(JtLI#jVs?b
zqF6*wIL&Hc$p<cHRe&bU(i}{J%TMj%i5NVBw#Te8a1a#>-x)GKBMH2Ru#Di8&%|Fn
z&;vmZPt96;`z9r-^juc!#d_k|Q76D$r97pk9;%!5(sxBT1`W=K$mk`SLIYfmoh`df
zvBg*eU|x!%<~qrv<IN1=E&Z%YEnD9dK2*t5srTf)anPBSdu}6a+;(9>O%WUFTDIbZ
zYwb%<oKY%5OVn(Fbh5>Yk7&}3TLA$zVSbS}r{_>QqJ5VxPm(O@NeZks4WeDMgx^ys
z?J*aHd&O--NPOg{))}i(w@`MX+F})ZU*sWt-%rYMqjF|}^zcnc14ftuy^ckmvXmae
zi;e3SIEIS)s<NjI6vmwtWgg;V&rJ|*e$aDaX6~npHi$ke0;Dc-!DR4^25-<S*4B|K
z7r_?hW(|}XunbT8_AQZg78fxENQ!R6JMdldz{((+7tNEmWpdUUCeWoePSl}j+D~gd
zDGm*gjjtdQQ<vLN{C?WzhHcD&o5%P=!3=3feg{+bR^~03E;LH0I!Uu(SrlW?jdirv
z<hqubIJ^>89z>zGPx|mPrd;ao(3@0MO(Fuvr-hNi)U+Ly@ebl}_HgYQxj7=A@5Ah-
z6pw)jGNn*{ejG}|CDsM|fC6jC$&6LBbYZ+Uu_wV_vavgA`h(|keSF1WXJ(gjoBdov
zn)04$7y*g5Sv<aaBHFAp(Uo3@z_}H`uQGkp>ni%4uiB$t7@>Z#=^OTrITUG~VPh?$
zDd6|Q*rU!puEvu6QNVEF2pPmwsw)ewaIh&uS=#|t&m=~npbevq%38##Ya1qHy-_KJ
z@=pTkdtXxZ^03}PG#K`B=Vj2oE#qEKJsGETG3NJx)o1r@VOLv;WTSu?m)<^`T43!b
z;<Tf-#P`~sxJ;Hn%wahzg6NYc`lzUI`zbFvJijJ>X01h;z#{RshuH%2H1BmaC8BCp
z`Y3set$`gBtQ%P81@^pGQ-QKTp$ix=qQg8svj`=nz-G=K#*Gt?n`nnw_V<4B!E#X3
zN>Q{!)0jdAXX0Y;GaB2KSOT7T=C|}(Qc2&E8|N`*%{n@nD+OS#gcw$RQ}`KO2-OY<
z(Yux4@dgB@KI@#?2~orp!dn=9>w<o$?ciAyW+W1xOQG(NW~^Xo;b+Z#y$(ZyTifa`
zfO3&_wwaat)WXlHOM-M(n)u#JzPJ#6#jW>1N?2dhd3sGt=Zm%%wd1|7^0|kBQm#LG
zojS8}A`SZ}Lk5?EI^|tGO@CJ%J#I$>9c%CTEW_hmqMIT5Iqz93Cro2=^u5cXAv&eT
z0x+@6R~|bshUAm<cmkYqpv}!+HoZB1Cs_<^aya6+_6TY|N#xHE6R+$Ns<GeOcu_c}
zXv0{~2)fof#ab`lJ%~5Y6h&>>W4ra8hWb9xH)k;Ctodx94VhU>fV^0OVJNmN?II;F
za-{D)v?rC@Q3d#V_fGO*r8M?}%WZ{2WksLG5sEMHo~`myH2awU8S%U`TsV1NcFm~Z
zlFOc;a2MsX&3b`3vDJ`L+RWZneyS3~kCGm%_s@Q~11{qXc|+r8p=9LPl#a^HfwxU9
zPU@$6_WCYNu!>?~z;M%V==$O@5Des)I62mR)A&B)%;tl2?m{n4depex+C5O_!udER
zi&`}LTBq3)<D>(!>r8VmHrXECamm}WVcoLccZVHWT#Xogr?tTiyaaB}%+iqM$W|+b
z(9^1Sd>)B4)0((D_D<k+tx<pmR8dH}QN{8t^=_=TT0flfy|HoSK7{iJw~D?Ntdl&Q
z(y4R7eDqF3UL`nSBE{?Ru~nVR`@NW^Kzb(BJulnnWi*d)L9tLCO^vBhoVT<-FWeY2
z$2g{?v{_gba((7WZ!W6X;9R7!KZ%s@qmS4~***a~)rlmvXFANzxK?HA^9EiwKlVwa
z3qT;{O}WmiSrUsWIxX=F#F5~Uv$z7eWeHurbhx84#leCV0|yXkL~r30?kQyuA;qzd
zqT;9t$ZjSf=&Gqn>UZNVI@P;qj7&*tf#H+q3}6{0Ehvb&FHE&9C@F-1-QRm#drMBD
zSIqNB;c;}OamKUQ1!(18R9<eDsM~RDhsSH_zALeHN`F;l^MboIuYm_F+v*)UuA*{O
z<TJyL2$vnZL^EFO<a?h~>Sx4p*5X%!@=Q;WZ{M?g3(d#nM-T|v9?4+_A{`1tBSU3W
z<JoN}8NkAX<!ZqB5N8&i>WHU=X{b@ALXNnVKgZcul_Hd=Pt3wR1aMn;<Us{ICp@Nt
z8g!9@x6hwnocC>PjR#_Fh&iT7jOB#UOGBWk6;m@UYh|kDs3=(s5L+S@p_GW%I8|KI
z=7x!QB5Z&N@3rtxgMG_Fg+mi=$=1%O6t~ct6`MuPvJY^u<lf_)mY1P>+<^mb+I>%R
z_8g<10&5`aq}w-{pJAul%wN7hO3RWQR)Wl;sB{Cf9`15h)|`&x>3Ao&b3#~zihBrt
zgb7LEA{LGfE8MHS^Q7j?sd0}0hN7|@XY?tEYv|j_vfi4iZIc@d5>Pmsq;lb+0uOP&
zg!4w-))!v*T4Z{cS-Lm_N5l6G2WR>EW`mQQ=WOjRhR!`CkOoAxx5AIKGoSGJEOwPx
z{7J|j&ilPD)h74bm-Y^JuviD_XiCGb`aM9a5*zl8t$A{iUhlRf@Hr^tzDm4HR9b}9
zK<!OTi|@B-pRvc3qn_g3kwMWD$;QFFUUQ1~a#J?IZR;h+R%n$pSLVUGdb^MgKX?}p
zWG&XLE?e%(qYgu?gm}@0AC56`Gtj1ivm4FGx`AlC?3rX8Nh}Y^Ow{dEgx5~$E==up
zixyBa9rw27Hl%WgZE?u0)({@!;mZ0hf>b}+VH<meD-!<dupw?W@e+BDEA(=6N0Smm
zAdyghzfUZkY(8W!Ic7aP6OVUJa@QE<tQ}Ox5+zbaX-*tR@1kEOE+}_26&Y9brKw(B
z<;o|a{vCiy1^HUB82T#3=Z&qy#T$I$0ReqD4ux~H>fk=D2rncmVZ?dF<<Il7Ah)59
zwVywhEuo#rdR4ualC^5lVYxK5EbHAkPYQG<x$mK?N{e;vzN&h5`8v=1-mZ$?HnH8l
z-KxAK(8WEff!&vDSOXhHC+`9$a}ICo#(;?(M_J35r;F=MukbB#-r=e5@Km2kM@6(A
z{eGhhRuUUrM9)N-ODZu_JrFVaP6IS7TP-&D#k$68l?V1FR1TWyPS6Tr*H0t(be}%`
zq%^*xki;8%buzQ>JyMz1@FpjW@Q#;X*D2BD@xxox3Vn>H{pRpYVfY<|ZiP+wh(eB#
z>uta3MWc5FCGW=O1n1QuTh6FxJIK>3tP|8x+I6bT2nvL~*Nt8V$LAVOrq@^REo{rv
zrsn7y-wgzQcfr6QUXO&H(z&)1Z=uvZ$JMgv<^&>i2`N_b^<rbE8iD7VJ8}cmZ1LV2
z*Dq2rwrEjEDV;;u{plGAsc9GzSRj){MQ)T<vI>kJr>}??a<dfUVU|6LWm6Ji_I{c4
zMJmB(D0+Q~WFEjkdaAcG580lG*J6pw0JpTrWXEI0IdYv>!_n5|z_!ChY6aH(R7u~9
zfo>_7p*|u!+t>VF<g1Mcm!XkWt2+u}7Ms~D$?AHFah#lDMSVe@K(s}srmcMrq8<S6
zI^R6p)TV)a=Fz4gXI0KV<Icr7yb5G%Ce=qu?)b<dqV4WN3SUFWCNeBk1bfO7T??te
zN#M_{`z9TV^h#FGR_68@lJ72r%+rbNy;{?=w^!|nIqK_ARQYYNDUj&%JxgW*ia1tX
zif>v!<I(V{bOrULg({uqz2MQ%1nWMg%$)AM16||wiPH-Rf>>2U8Qm~9_kOWg0d9o`
z+sB!%L-Pg`RB~ajJ?I^)jG7jA#Zqkt`c3FSJ)T`>BkRcEI?+xlT8W%W7Y&uC=_sIf
zZD|f1N--~<4~nf7jFS%5`8pC?Wf>DP(oN<YA++}{+^6*B;K_@Dn@$cM<!GbGGt`at
zs(k*7*qTan_QbVRz!8aiv5ibz)^b^kix4-RcYNk57kLjuv+5MGkr=|#$`x)OyZU31
zE%+oBKZBA#>K12#Cmc#Nc7|)q=*mguE-ji+sWkPPl8<hX)<PAgjX*jn5~d;DrrxyD
z?z4P2#ab~_Ou-e|uQJ!>q;-t|7wrr!OLUPs=b6^NQ1BcY0ftzc=R@PO?@~OQ`!;WP
zpEqRew)+cT-fO{=Hw-XNJ~Q1F0|hz*gh|mST~Z{Vfl^zZh!I|1?z(VMmJS;>foTIs
z1{Z0D_KVukxs3>|yOfo2ZjM5{XNNS1gm5;G0m{%}&;vI!?e;mu#q%g!dSG{MSES@K
zhu1*g)Y4~U(tZUAh9Sl)M$c7o!*6SuR17Z?I~{pg*@ZEeyq+r@adUEdHZ}<Wzf^^#
zF<jK)?0$98ODL^}QrK{9Yc@P&D7LDT(YqZaetuLJ3sf&V*n($tDVD)@mNg_{PPuCu
zu2rwhz>&A`MJHvT24d~L0P1IL4zwEkKyJC=^_B>c1*Hh^rBj@Nkr9z9;aNZTG!1VU
zjZ9Ijjbr=yZY}yK8PLv2gBwy9lhx35K;(Lr!Exupp*5jGt#rHBWR#`CpUXyRkxPLy
z>m9#U>~BNn&+sHzHdWS3cUzAv1G{g9&~F}GER-!h6P?%3dPEcyz-yXpP#-`r2k1>4
z!`{t2cL1URM-<^ld3>ck!fKRdS5ll@UHhySZ#ap}JJ(Zg6dND&*|30`%n&-TJ?)%M
zv4;!?NB}^ul^<k5H}%;&B7UlI{5Ak$kGA4D@hBDJ1G`uG^e}O^AL_&PH)cjw5^GP(
zQw?h`SP!Ju2~6Vh7rn5<ou~x8oI#vK8-rYRCXcgsK~A;QR!8r#R15Mw4UZR1Cgh-g
z9(3S_fqF{=kGc7i-Upwy%n~udC!)AcSOb{Ph+V7c?(NmQ+))^D!u6NA_Qt^wC>-Hr
z$@TouRIrC^60C6RvD2Bn9_$cOH|HD(A~+Esf4~Ow;?))!(j$V?yxzcVPdE``yilRX
zywc0hqm0Z@`(AFPO-~Z^P-I5B1Obxp#q*hX9Fmo>>_Rm-3NvZBG7V3PoF@Tvu`9>9
z8<~QVQKm$M8KnQL5d!h4#7}e9NV2K}hXoV~^5EeT84R%@HS;GLL7Yz&RZ_2zLXpQe
z^%UXQ6qaAi(}EzgE|(`yzX|?6uGL1Jkamou$%x7f;+}Ga#elj>v>lK(cx}EsR2-Ll
zO5?Ck;K2soLzM=5{Wx0{*?|$$yLKeHeP2I8UxyxQ^DOMFQ>{Da&Ej;x=OVyhj1U6z
zXZhsX!HL`JL9xm%Ez4E9>1hpDI?7DT1Z&v+ww_W_DlOG5_(6A0@G90$$qbaarjci<
z>VYkY>7Yjk)x{OTbiT-@;Sil??6UNW;*EA^zz0g98i~`=zDriC8f8dyZ`z&cDND~X
zznlm~Ilk%V8Y@c5%Wd}_fw7+9Tl%J0KBHBq>2M-RNIIH2DH?$Kb2X7?!|Nx|L<kpo
z0ot(ED^Tw#pzE!{6U$h)Sc{uCnCjjJ$<J7^{aGc<Xr@rGZl14rVlACCw!vEhd^)U}
zTkOKM6SGl!8={fznVW1GSB4ykiD@Hk&lMzn_KLz>V{2y&M^REHiC^d-E@D;{k`{qp
zLYjr`+AN}lD<BQ9()6C0G~MEpoYb1c?qbq9eeV~^Zw?g56hZ0$=zQb&z(-2(tSRSK
zGAj~Oog0J~p0r20GmsZT@Ka=UQrdJmA&zV-{3KaFL)Mv=%e2}f1d`FW!4Nt)hE!I0
zb_IZjdO*WmgbGdVPR$5=$SJ0UO~bI~XTIk{_f!B3Au=cU>~+Q3SnXMd1gz(Aky?8+
z$`r99dp~jJ4)1>X4AUIQi1%LGd+EY`4hc=7KJ#|OlRET02farKuXlx&e5K~BlnaX4
zHyD?(+?rnD)7F6p3L<K~dlCwBu|U-IH0HIr-Rnwjc`q?L@Ivkv&5oL>Q&Fl+?kg8e
z2e)|#yXGd%#j97@&@=tSYxF4_hDM*j&_F!8ZhOFDTz~~qPvnzkqffh*@{R_kO|2ed
zzH2x1tD+R(e4BoTvx#Vm9;fjb-oc&vx>7oZm2-rcyx611DP(a?`n2XXK$H&dY#lvg
z$FQt=9YLps(^2VxCkAej-6N@mu7MfcHjqB-7gEa6IJxz_U(=y<pHz&1pEGka&6=BI
zJ#>L1#d48;wbhLz$qp@V1h8ee25hy25C~DheTBzVoC{EKDa8lO{2-7(GixOA7tu&k
zf=$94sAetEz)Y=)JYcgTo8{nQ5`5qsDSD~qElX!zbiprcWyRebUS`SoA@BElcK9S3
z`=%+ayX=^;cxd<T*!Fo&Tt=IF^Klcv0vb<5C@*$(1}kxqz6}D7m;1cxHK$aC-c|d-
z3LnD~g=kJzlc}88l_@Sh+pcp_6Xq#hf%e4nc#M$ocFsX(yi*evA2wWC$K`5kuF9cz
zaJo>eu9OJZi5y8StwV-8)vz5tx$WBGdC!vj?b9X{dfg&DqjW-;6_j3SR2~+g{i2GD
zF}$p>V}DZ3(62yK<Ph7TA1Zjxjn(UQ3vt8hLk)l<7&5^{;(9n-1kZ0kNUiBYg}0ZL
zp=Oxjo9fR9_Vx)?K0>nT4$-}Lek?QUT|{zaTvBa|+maq$l@yGky!I~dxYQWm(ZlT*
z_tHRdxdsS1*GVgj9S#rQWtJE0&5Yb&)eAOu;RHVh5gtjA?y7PWo_z-IC_1TT_uyeX
z^#z#`6tV7hXvk0usOo-WwtYv~sx|jqpTs<}3)hEm?wk%O)y>od2hY4JGAxnwS}x=X
z?t`PCe2Om^2IRF1W)EO=|1@ykgiF2#mdyuUwUOM|dbW~}t&-qKjrGVw&T)imJ1Eh0
z?U_;_^vhHd6*eCBA|JW=Bs=u8Pp69-&e`N#MC#pcSaMcGpc<Yi1%|*2cX(mX&DB!-
zJuL-ryX;6fx^7=CdK<Qn_(=tqoDFNBQw*PX&#Pj6h~;ukOuhvz*u^M#2Ck69^t2b0
zIDOiS`^AO$xdxmsyTTf7QQ@;l=}jm;uf1{0&J$L8ESuY1LdULX)!Ne3x}>o=cr_Xu
z59j3&AWc$B5msMa_`WpDqC7mlNhaolr^9|Y{d+yqc$iQ3LBP|JWPGN!Uba>^kwL-u
z9=8loiX$5qJLDz0+KRm9vpL!)V%axwzQoY)ebLSEeJ%{}XSr%&R}H1bI=bTCkoI_t
z#N0atO2>j&Xwxa)Nu|n56jm)?EOH-zCumL&oGeVzl&hb#6+DLZ6p6X_+y!I-qLn8j
z-r)nj2NvQ4+*_r~HXa=>WwTF#Bbn^9-&D0FC4)_vW^(MqJQX&2d`;+csabEv(MprU
z=A=^t!7?!1B6jGxJ}l*W)b*O8ZpOkSJ9Ouo>}8A6z_Zs1{4Bw|_ch7-Pr@mO*wFx}
z{Qx}X5u3t^Xl$u<?G7CrWg?yLthwkeQKoLGzjMtEw1@dJxgD~@`X$sS;rJQQPDh$b
zJ2>QBE13c{K)=pN8{R=GGBiFY>L}Qk5*!?!s<LXUF;GZXwy(EHcpaPvd&}r$gB?H|
z#M?(lqen>bJl3CX-hlz6&wIjqPdIsJ8vP!4o24_EDB5N9+vFr?&NP0Y4I8Rt3Kqk@
zzU;!028;2!MUXS|iM2+s^9=?-;TqLkIm_S;6Bb*ggS;p(&lj8EDC8O$=$&FGC2z-Y
z-wkI=gBryz%7<UrGl|xGnK77ehiCa=QY8@0Az5wE7F0C`z?NiNdEN#@2~CROQ}yP4
zWmCa%^jJSBr_ZR?=b}_tJ02c1YBQO~vs>i!^oed5G3iuKNgrR4M|J|P`lO76hc2h0
z3X2yQ7Q-9O;sNw{uU6p2$ih;UV`QINDu5y)c&wTlGL6xUOYKZo(dc`jQ_vk0B3ZAM
z_#N&hy`vF)&PPiS`^2Lz1mm&=>kTNb10u;P$T<X8X@pgy@`#{>-o7mB%k`_sfYWez
z4!zJsaf52|AZpB=<xL)=(u2N*yx^^0q{9_^E-?$iyc2sGPkH}96hYs78!9H!z&THR
zhFtQB<^;WY*rSFOyQcSPsXS#&^rmmpzxQU@%a~P=v`lL8-q4vWibS|f8Ov+^gA9Gz
zpTQ%(PKGjOoG9jg`Iyw42Rn1I-hqL_-i7%-ds+u=%h00;4{Bta>}gTB@|GO}Z%rz`
zeiWDvQkt)w@DYRPOAxVYL!gBk-XS&&5;}V<qi+admol%#r8a;sA1;P^3*5*Es|D$t
zCCG9<>H}L9y$hN(E@18R!tn5hE`B1`&`3?=<!=MgG4H8Wn`F$-v8>AvyW`LMRM51-
zN{KZ6&nwMZ1p^RY_u@H2^4wlZdXo7_pTsLP&K7UbZF?bp=l%WG`7^%3_(0?i#vvew
zMz5@G1)XyeM6PKqW1BpGZ!-|Jw>Xk$s}z6%t*VbyL@rh7p$ocA`9T+pzVgBbty7nI
zc1*52Nl?x#eiAVR?^PX$^JV#%pUb<2lu&dghL$~Fd5_ctHjldBQViD&u&wbMS8l2a
z^QhPK7($W#OpThD7~kH_wF>ehTbeWt)Dn6g%(aZPB{Tc_3>@ASiD%1|(})i^nq})f
z69u%plV8NUndul1O`}UtiFpgZrRx)mrweDVpUt@_(s{H>@Qpymz9$XOM|(072M1x3
zi#v=5K8b(t)8v_0%Xqd-mFoC-GQ|(sip47xK@|4viI_`9?M(qog6aksybFq&P><e&
zUam>WzV{rew|pQ5p&&fR1z@5S4Ck5?U!Jy^Adcg5ru%#0+FYA@Pvc^NFkT0_dXJo-
zJ|$5Lzk^3F<TXBiHMbL&T^vwg!;dzCf_35C>ju{SCCrps49K(Y*;e*PF8Sn945DP)
z5K9^wJp#hPX%>BWa*)s0-;=2nU+tpy&7aisz4r*8-Cp}j<?zPtYgNTG!(4B-C!VE-
z!m~Xrlcy%Sd*u6ajaFsra>3m-b<KFcsh7`4R~)zH<h(hpypH}#a87dh=3!=ghH@3u
zVh?zxxZ3yxLaPQ5t}#7k1$}xd@@M!U>2G}+W<g3H#x}p`jCjuhg9osKgyi^&r}qjx
zuXRY{SxwcA3kIKX2`EG>J_wK&PF2?uU*Tko6su5T#+?nv7kNC(h@Ory`Nq^h6CS;K
zi$j4>utS=sI4H2y^;AOUk!nJXoeEYy8)!SU=p>gX05(DE4`ZI+T#dcg`-^-*7DoxN
zH=)o_F~%c@ls9?hCu0FplS*unx-e>F1H3n+yD3<YAFD5|sCGSjHc-j(NxpuDyA0=%
zcLMCd>unKnZ>MUVHo)IKB7B^|G&9rB60M+2^ranJMhuwiMm*C;J`{fz+!&Tdby>)d
z8Y$uWncIy4+E^;ugBP2ROUwc__UsweR82gbE~jhb%zl!d@j8xb_?eyJ4VQ%;P+~dh
zOTyQBoA$~;u!yvc2qL!4o%1P`b7|hp0|<Ivp2T(vaw`dbYvc8V2_NBBrCN<aLIKRw
z#jDJ+V~LT$-9(ThpT7FNuIWwhJQ&~0M<Xv=_E=Zx5!=LxfbZya>EkzQ$5-aw!rsba
z;U`pdV4N?FO>Y?cC4bZZ8T0lHHhNe>x@xcJQ<kzvL>C%bM{TDMX3WQyvQu@j6k8uv
z0dJbHX0C)e;zr#|t0%m(j2Bi<Qx5h76AY7z1APv)P)IOx*-S4Ecd}knvRN|)ZRi7M
ziD5<d_eQoj7y!t5B!?ehGI}B1;Imh*NJmuySDIe2K%DZ%W|q7kkB+;%_W5&o36{nP
zN1VEL+gJdj4cKy5$8Hk}!*_n=Ngd-ZYB^V7Z<jza>a6_zoafWs^!BMx_8CpL-v~0V
z%<Fv1rkWLQeX5%)%Vw}7G;~Ah0YU<(O1!H9`ZU1F+sMA>dDBnxM`#HnUY^bw9g{h?
zfkbgwV`R=K8-T8mZHyCn24qZJYl7m1cn+nDk6P1Q7~OROo)!3t;F_$G;#!ystBwJ^
z8taKZCYq?V5xY`F&^UUIZB-`GV_2_PJE@xHbU2y(a%(C=GAv&D7@^3H2qvCeJJcyi
z)Z=T@7XXEx*z_KrJvV#Y=Wj*j6wha9d$qK?<GlwjFf21qc!Tt6m+LycR@}GEj$#P0
z)?*gEP)>hIKoi1PjMW?tBgUi^0yvZ2*m)+JplX22I}@TksJdtKuxr|Din{2yMM4EZ
zIMhtRHa;cbpV4m$@f4!6(h542Uyv5g2uFKYPSOjtv7C7mZhB@-<Ir$#dauTiP@c1~
zI2lNH(hI4fd~B$<`gTYMB>GBJi&<aIi(N3Znh8gk!8d+64pTM#I<MHe6|Ufx(&6gK
z!}87;iRpb}#-1@ee)=%an{RXym8Maz0W(|3@+FW+y&=YiT7i4-U<%5R^MEJRZ|&d|
zcfjejNWT(Nk>|HHnmN+4JEy$27W_P#qx^<q5MJ-^5O_@$nB_RHP+0j;R=7?%K)JF-
z1gPF4?28nx&WgKdH)gYvt-<fq@*!<vAY6``seg(fzC+;Fyu<W&?S-=M38lOmpwU={
zS9VN_nmH37Y{7=0xo^p5V?48f2BVsnZWc!cMPe!R3GbWAcx;gPrmARg-VzWo&~CsI
zI1}#mxRB>~?9*xI*o-+v-*k?bT6YY-W~7x1jZr<XR%lX5d};4(XeJ@O_bBego^(Ce
zu{)N|#>y_+5JQajs=FwQp8?FH!7cWZ5!Q-l{5+rd&hoU@=(ap7Ea+S*602oRLwbv#
z&}eY?a~3dbcn%eKOnVM7-o#nNDvk%$=@su;zF{SD5Gu|p&C+Pa!5AZWuE}>VET0;e
zzpjwav+RS<I4IdEn!t%{{%V@ZV}kXa#ZtO75}DSE3YvnP%y$Gj0^~=?r{>Lqu!wju
z{Tdt3OS20t^&w{xnS!;Tv{D+gqgBe9Qn%XkwS`eP>hL#4+)>4aXj>l2=)wT$P?st_
z`$EPbpZ0q$t{~T4JK)+>PkJwuhneC{Z5U`F=Mf#2_3M!Yz`kt~yh`*nqSnQJg{T_n
z^-k}3hL^tL2D^4m{VQzXIb>PPTYV@c1c&|njhYnx6oTVZT@o9*lz7WAO$12_ZO?oN
z#j6bVkzQ<w+er$hHN{O^9`RaMwAowc2G3&eow9Esd<Mgm%z=ISG@06^ud|I0=vo-y
zFq|%{=m;&AoPqZ}b9oT2=i22l!b-y_L~!q&yzw_$PnmdvA*a9^O(Ke=1mqyr{8guf
z%K{pan1x*l>x-ogBi<WSS82wQ<`G0L@hYfm4}!~@NpKw#wpAU27!atzH_)Nr#)qPp
zBgMo1pyzrzYBf(VrbsEt?tzD9k#uuhX!siyP{f9jWN;WMPOL-Mta%io;$B?hJ@GsY
zhQiGh6n>A0wRI(#w`O)6u;hYeTan2Qf$?s+64fJX*Y@$em*VyonuIKPZXPv~K`ZwI
z%RM!RPbuK{PEfmQ)iz#+IRS5uHi#vr6ofzXdiA>YB*QkieIK2Oks*u8HKqF##xW&2
zKeu4Fbcu90ggqbw@A0#ToW(AA&0=a^A?6KRrw{kQG%*<t&x9>Dri;>DYKB4rWY?hq
z)l(@$!UmxaX@<so_o+T<TS<I)y0FBV&nas~6&rOm_HfDBaA}FPS)%f7P?IQWTG<`)
z>E_D~(8az*<qb59!ZU#k?V6RV4&jLv(;h<2>i{PH*&wdx0GN(nrS_vyi$bRXD};M<
zN9a+IvZwm!stgPD0%4gR>_iDrVQX<n?b^$MtB3L3Am}qJ9=4G8nQ^#11DiLVBNcwu
zW~ea>C5G;E#9TD(DaE*xGW95MCQf~|a@fkpPCFXlz2Z81Rn23A7QV=C5Cvnh))GA2
z-P2eEZD_CFYEaHNLH3f;Jn6n%0<(2<3*~314ho4%+nwI*jp@z;HOf`Of&9(@ZeGre
zgv62vvrQ&wwJVEXR@dHKNws^J^Z5HS+ML#Yr_FjQhob9(9SIj``;yg4a)QV0Ia1=R
zrd4o{a84L8{gOja<}^@MSV%rEU<7`<n&rlG&vA$;n6BhTn@wp2R($g5;K|CmJqbIM
zc1E&;WO!8Ha^TO{7!${7+ap*HPsQj42HbHOIAE^KAp$4YrnsId2J$oX)eARASb3xv
zbD35G(xzoB(E6Ch>#%QY4nd;=lI39Fb<H6|!Caf0+{?F0J>@GTnKRbwkAxtfQ#SfR
zyhmfsAh#}QZ#mW!@;Tdc+M#=FGss2T2#@mmVz#Gw-E0N!9)ji|q>vE9AO-=`OGk(|
z$vB&(&ouMV5wt&l+}GIR^8PG}g=&WF!Hg!V1?AGX9-=<1GPM3F2pH&|x-H0HK0@5g
zcw0{>0GJ*>5RmTkDa#4oFeSrtq$>|F2RUWrfr4N>=^)^mO8FGT`woz3;qFGyF|Kkr
zFN17Y%q&zDR@1SCCVYc|NpU1!Iuq0BnRxIUflTMSSb~%wo!iRn7eX-rx)sDNxdP93
z<h|`@xMLW&b5B{Bot@qVifI(Dx<kBHrvgI3m0iFUgnEqau9A0NT6%O6T{=iHX|Z9g
zL*<v+I?1QN7%?<hoh8rIDII&XPvukuk&pw&yt;`?YG8wCTgU6dI)v8W40-MaL{>8H
zQ~($G)iraO0rx~Gp(G-)|7;n1T6kmyz12_D#eJ1*$Y(?&#nUfRFmcG;>cNRTD{8ei
z47Az^9}Kr_^9?ZTwt%c}N%*HEO!rs_hM_E<N0c{=EKBT@7WBv&1lY&5k0ODtcvkM-
z`3<bageqru8ud_gJaH-v3Q7@cDP$B18&tn4c^gaHgX|DZCD$9_JFQ|MPZnRq)Y_H3
zdDdgc;>1Nr1yaW+Y0;Vdh~CYp!7$5pA?V2jHOJF?Z#b_jm-b<{$QxfZiDRZRt@X%1
zdq|{~=QOy<yB@Rig7tX0!Qru<a9kqW+G`zVkD8Nw0`~e@wG}}@Jbz%RIxezwzeKSS
zV#c&KS^7la0C-miSUA_Crgbz1#8iP^-=W98Yro8gQ$`_geI*-;f>heiT-Nw|zL4)w
zIY%gT`R=h;yFC<&8M8I#AQ>Lh4XM1Ol1E9+d^|XaHYm~ejL(S?SoC&Z2V|^(tik!w
za|sn?^-2hKyrd^v+B~Lw48aHOQDL;IB|H)jbm9PW6YRXW6s5D@?i-MkM{5I<^<>n#
zyN6RjyK9Sa6E6)wD#6fn6(-BZ{L~Tl!1W#-_)5sZHleXmg@-}6GNG7GP%rygb67s$
z%1M;xLm<tMvms_XU73W9o6B_Kn1K8?eTzv@e&z`u<6;px00!~1lEf$Dak>4p(I6sO
z-X1%@B)~^gBapBT@+7?1;$fZ4ygBPWLO-DUl!boAOI{Qf7`M@_lJ=a4c_b)(ixv*S
z+?IY?UR4LFY~;O{IRrvV+)yLI=p2ZY&z1R#n*iQ|y=b?5SfuIoJe~;0;N8P~MH)}(
z1|#aW=Ly?0(G$r))D42*?1(3rdqsJ1!!$Z}a@BU0@?ZqQ8bY_4i_-|@;Vc*@b_1PV
z!4+08*%cHLdgqId=awZLsziyLD^EKtYxcB6*<mIPkkZ*71eU7kKo%JdEBB^3D&Lt(
z&md=^u~$48)Xx2RsIrjR7jTa&JR+VoHiI<7k}_i@tRhaYg(4ai?W2fb!e`a7^st#$
z@iO$yyT`iSH~j4v_8ByreYBuVtV@JyAH;+01%TM&f|6jc#wVz*he>2WLF51<UcHve
z+Gu3E@~i=i@R`MW_%*C3oafpp*4`VF&D78e!W%7P88j4@jh!L2#-NIDhjxoFLj)jz
zfRORDd~8eN2rnO|fUN8pt|;=%5P)OIL5scBO1^yn5q*iMD~Cy!o;nGya=PBq$iOV)
zO+N?lz<y$m37KsjU?n=rc%9PgMLnwogE(krJ8`MNe`>UNGc6{5J#snb4ZmB-k;kf`
zJiP5E5rL905iE7m1c}rHTs`ZaPd86Gi{`OiT+g0bg`0YnLr1#3;(OZP((up7=|i)8
zP;9B}(gDWdAcY1Xb`aPDZ3)#OC=ZS_B~6M~<0)g6zBXmq9Y#GtM&B5pMQ($ntb~{N
zoYh5+WuJqPmzfSEt|xKHv-a}Qgn=k}I9wZSh6>&JRxNk{Qc$KTg1YS59!_?m;bWYP
z=w3ZDk3)*3Z0S>}2V=m%(nIJ{6|C(9K$GWPO_r9iBCkL(R2kmW)PuxVi6T3s6H=pO
zWdzb-G(e>=1vj=YHbJ~;p^|_m?_f4?{Yjt2&%1^<aV<Qk)i=bs>tnm2MC7Rl=8Odk
za<z0M2WAup(A0{yrD1Yn#fLT{57xIjRbIxoIQ-K$p1!KdA(IxEo^URe90ZJtJD0>Y
zYzI3gcvaLvIL&y~<1N=uTs=4TTuM92xhg3oornN;)WvmMw#lx@#Zm^724Wx(<%p)6
z<5uxxu@dfdy<T>`)=7I_YsUx9VH_Oq&Mtj9&d%0fGB>-bn>1i`At`q}kO>U%jfE0e
zdlHvb%Hyq7Wjwz8oEsuaq?+Llg6`Byb9Qc?*(i%a$BCf$vtwO)l~4vEV#v_jVp};l
zP>jju8|d+NNtYAe&)a7|nq9@7uogJs2Yqk)oh@Tr$z@xT*2CFV9rJK_HF$ftM}er1
zI~tc7o=b;Cu};vpcZ7a=NBR7@PnsChEg3mVswZ}|WHQ#n*=c{lYbqpz1IWYNTN6u|
zQWY{qiW;Wr4R(DG@#M5x&lXB7JI%Yv0#Yx^!(BW(+M-b9j^3)OnJ_NLiBYYL;}(-X
zp@)u$a!lqxVs#a{+nR@zN510L*`S`76v8EuqYn3)o)j%_vz|me7`DaXDfUI)DT<PY
zd+<*0+|J?JYb}Z7j_9hQy|i$Q8CuLA483ZT0xgGOm>hLbd2a+EPy3n6I&n5H)X(A7
z2vFcg68qxiqYI+Ft}^1gcz*Uebs+gTB3s_17gvKF$Ldm8G-|tvtM<`}zfL=v&*4?z
zGmvTlx*@!$$Led3@UR-XPn0Ga{joo-_6Z;CsI!UD>v~?-T<2V@^IpHp;Kz_>(t`mt
z%bIpU=V~XO4jce;4(KSr{>EjTkm-;ZK(i^gQhb3D*lsniMrAv#-wU%Dp0;<-OV<+X
zM!Mhh(c3pd8&vb2h(F&K<OQ4UWzY1MyMfo0GT+?2XE1d;I{SPd!jVAebKAaVN-{D#
zJ^|t)BgxsPSjZyoA@b6lwWCkC#?(%XZA8%DZekXn@XkP(_Vb@J%cWjGu=wM7C%$H#
zwXaf@>Rnc&F&W9_h0yMf!6jslX85hzajCH;wx6}s&YLJeTlka+en-;~eo4>p)x27^
zc2Ax}aN0@htU-Cr5MwoJFx?Z9DJ&B2DT8=YoCPqBZfC}+$si$autcqsYNSQG$fl3S
z40}_X;>^G{^u~rs*kjsAtjz_bo-y3Hxq12!qc&D!(9_axtQVFL^q{>U>z<)3bw1yV
zd-A3UxI<M`h0DmmS&+~7%5`6~AXk}qae>e+;bDVRF*h4hjCMO7=AP#ClY(_8OJ}&1
zCw*cAA>u%dXhYmxBAetF(lFk1(USD2nD3WJ-jXxjE(Ht*TB8)B2cL?0BSpL?6;b`%
zz!#aHC*l?z*)5@^@(GhTTkxRwY<H%4#ivN<Go*qAXuDBZxmwmeG2J-swsSh7LV0;z
zN5K`0aabV!CN&>4SurgXmfb_@cUVr(VGS~frI5DCARr}~(Ilygd_1S0N$)N5nFF8q
zl7$+fvEu=)T5`SfmxhNeM843J6NYSjdTONft~Y%!<6O|-au_b5YDj>kxgMsX$vm|P
zuR%gNJ$BU-_GcG;>U+F&Rr0DM-YhXtIYrBEs&BuC*OfOmsJZVp?k>CzV5ORJ<jn-$
z#ZA5$v(h$s85kmiSDEv3mcgsA(R+Vr#vym`>z8iN&C<aS$C&Z8yf-ce4ff&)E?G`E
zp`j-65C#(=fg-C)pxVA=^1Ul{-*^=uFRKYX<}}JH`SHUt>lq<mbA^@J>r9J+j(kEn
zubeU&wAP=nZdvbiEr^emztr4w(gO1G1Trj*Y*vsAW!a3AO~^EW<1KTRYI%xSK@|EJ
zphI|X?FBBYSyOK<IMIe^59(tspjPjf#3a;wu_%}iwO%NbSef$z`)R$AjzffVLltUE
zeUVnZ)79O2G+-oE0o;wDm8NZ)8HbP<P&kO{5nP#Z*P)3jLa1i^#B1BAU^zOD8VT9_
zHtVfv{+w&HxE(V&yxlSK`W-pVRWH4J08K!$zZg^`3{7fj&c;K+&C)pC?;bddP>Ax)
zqh!9Ju2Ba;`4kH4r=NI8r0uKBb$dbX$gB?xG2T*en9&hTSu=`(dAPNRHKmSZt@;ST
z?(y^s)S$&BtR8pB**fK_N601MVV3|xqB{>uG~mon$VJ*GP(5F%>h;nj)e{{{TWho|
zIl98#fU;N(H>3?^LkZ^_FnyT&>TOIL6YynYF5)Ggx5dNjcG@g@mNO-~r0nn6#wf%p
zLMilutBPiB9Zqt4664s!Te^X~eOerNhcAsbxA@-6d2=qVI(v`jnPWn+m{&(=yM;mF
z?;CAuojlLNxKkKSH;PN8n~stoHh*j!d3SC`%sXta`V11#kTmQy4JH%O_ylOJ3na;W
zO67e<*e*)qcTbkKM_k!M@(B)mBx__=MBg5abli2~>MEZpmo&bssAtZ|?duJDTbvyN
z&?h&+7Fg!7YMYI81MExktlJl^V@d*#IdNZrwZ06ZnIzs0Cu4+SPzV=!`O^GAfRv`B
z<Vm5#;vG(>ZW+IFBYs@|sKqv~Z_*#g?o>VBW7-G}9b^d$Vrfng*0*ffG^U3EbU4oV
zbS_><Lu!kS)y1yaI$W4r?vmBwEt2+h?0Im$wCSp5wS92=_D|*YXp<xl@RwLBZMZZ~
zLbbighzl9r2?S)|!K5P~X;$;9fcx|#+^54UZ-&v#S~zmSxvV_j5(7Kyr&#1O%noX8
z&H-iNylFl6@_r((1=m&QoS{4#bj>y8+{D%cf)Vlr+aK($4?(do<2@D`hcl*-u&2T^
zqXa#(&ls+>ePC$1sGdyFysIfuYe-(#8ca_M$s@fwife6^c-S)q0e99z4B0~JSx-T)
zyE1lmAgN>k-!3%2gCcj#2G*swC|K*UTiO$8X#siNcf@b33$Y@$PP_+NJdU6y`&}F?
z`I#&)yp`hF>Q%6Oq2td-?b7N6GPPm3`HhI!f>WYzCtgj)n^!+$t#?WwH6l)_TAI~b
zo1H&gFE(VL=WLc3J#@)EwA;^%+4>f&Dd0#0a$c-OFK1k=@TXk#d-r-Or_~baVjzIJ
zRJnF577nwFWGh)@a$-Ep?~KnC7(usLgaK8-_h?2}qv+K_86wwdnnI;+^kP51Sab!X
zzR<*Z{$fn#q{<nE-EPb`7KPXJywbL{-CsDuNnE|ED1gW4givgU6d|Opdhdb60@@O7
zXxBb;jTpe!x(V2E0PKZ85$<nln=zsaB&XwTh$IR#VKgGj?ZC<r5_y5)J(v;eM-L`^
z*vfbx(k)y*14e?ehE@xs9b#UYEe1#;1$jo7oLuSpQ!vH;q99Ob-jhNXU914_hp$a&
z$YGYyc?J(Kc#Utc8VJKBLV!4Mz4Q5~tRjr=^!R=Y#y<t~JaB~;<_S77AvE78OK~J{
zYFQei6%nRoH5trhJncuSk=a!>=YWgi@0el9+bI0mCO#CZQMTfNqhhaDBX!Xh*y0XK
zjtHE*S(Q60YltfxtLa636xPRr4d(SO{p?u!6l?3;@zv4u1e}NK+F~f14_f(*P1quB
z3&;G(l<4ZIXPLjutb8l{Qs)Ne^b$o7`QaML4z1gT8(Vi-Y3f|=Lw#n?sNiWGIwHCa
z3f5(u71c%d6mfE`fb|@{zBxe~>XNJ2m-SOJKpo%&BbSkZU=)GtR=3-B=!|mSi2=S-
zhvBaMI;BQlR&0l+W?4B(i3|IIyQ=}ieM-hYqwdXE#$!&dmzOn`oU;7HR&=(`eEpRr
z6m-IR>j>9C)8sN189*zNGrxNrj<sBbTsW49J`!!Kr7t*L&s7tZrIB2suObKSDWq9F
zAxdd<=jPGuc3nj!Roi~}HWJ}wdJqUF6^;?Aq>EJc_~kk9OPPr>)O(iT=nYY&l}D5*
zzztfjlN3+HOffu$@@m{mQ_XXbJWpMX5NzP^+PJ0D9y|#OE2f|##|^IDGR2xTB5Y0(
z17F$p_l$a`GyQEJu@QGe1hPmg`OiVxB-8}(&K&oeJ4V9LqP;tJ9~)29X{M&sjvzV%
z@3faa^L%#Hn+K^SWkhd<M-F@HyD|A^=rza(b+s2nW{H_&bXpbzXog|^w&pRZdfzt4
zKty(z3W8F}+@WYgkuj^fWxOI)i@uqdJj)??%svzS1|Q-B=9DIq8pI>Cl6%H9iE6ui
z!9hy%;PG{IWe@|Gm27BkBIQi#bBVcEt{b~h;>!VntA+0Mz_a5mQoQs)q$j(qxC*O)
zdnZ0PY|3$L!nN(NRc~*W#L*rrm@4tL%0syo94sIQRvn}kdE;u2kDE)yXdeJ8rh<_o
z<9k^7g46kGBX2U`EDv)Hjo9axY$%-FDm{72eV4T!fv!9Zt`-+NN(SzIICs`uBfMw3
zJp6KPp$#7+rq%e62vBD|eD%G53Hp@HW6^yt?$x=zcV>m}-l%nHO*Ee5vX~N%l;g7%
zrBZ2Cap^qT7g*1QA_0@%5a~SDkU(KaVTTd*ScYO@v7T&Q@ZqC^bzcHdfKjT6lg)eX
zbFTTG!6uObC_3$X4gnCZ-ml4_ACHZ`6jHx546qjp;8vWP)z0Ql=T3ir<tHpb!5)cJ
z)aK~6v<bH7<-12V?E*l}xh#h%P`jGg&ns=w<d{*_pvc1c8D(lJ?hd3nC&w-mgM$)m
zzL#<K9%8QaMgW75Uu3;#i=&^yvEEY|%<VD|tQ?U^7zM13u|%C<Pcam>myZ!*=3z;b
z4QU5<y|=HP0nkJRWF?5d!7t$`d<WrX3tz!%_2)FkY{OY)G97p83WhHu$5;dx2|&UX
zW|m%-8<P=H>FYCl4<!xG==B^K%<}ECnFK4vjy*~i!F!S-{#=2cU)HReF7}w5vPdRx
zZq{-MPCN3%6>a7_IGi}=H`Y1P)*6!Qub6^es-gBgq~dVr-b>(l^$@y=(;~H$_8mV>
zS)XyiCKrp4nK~&NL(46H#t4h2`81n{H0`3^3zs|<9V+X1pz9gy_iVb}o|bcG_C@ZM
zB6?ll*}hkM8f;rL?SZb&QD#3Qady<)#2MNEN_c=*J~1U5&a-wTK0|~VyQv2oxT~E_
zfazuA$^KTAJ;0yM&6~AL({JhcXTC|%I%DW}&LM7s9*xlNiUbwJ#L{oO883`&xk-Qv
zNWoW)ab3oeor7C#R#3}@;W@p!LY8H&BPvef3gkM?9xBUn!SHf)E2^F+Z)BO#JG+=}
zloXpW*G^mBo~9+`>p0#n$6gkZc?UU9b>=mKX8=cx0X&Sb<|5%I87h3-k!pxpSb?J%
zLxlPsO;U$(*Qm>`>EpUFW3r^P+~^`_B}i~XovWv`(l{!QsWV121J)7W;~v~DKbS>}
zj;`mG@AS4=p;eEBPFLSfhyEPE5BL&zUtcuw`!n2{D%FXs%G)ay0DOE0btPk?om7Wo
zJ@7cK()Q~4p=`DK;Kh^hwNLTjXE-iJeizLfIO70d4+bD+9F!h7;s|D;Jk79IUFgH_
z>7&Y&9tq$)e<Qvvm1qn&vJHpOJs=QW#W#F+fkuPDd2r@LLO00lZS>weSlCCbL?%Tv
zfc=`;<1l74YA(dLmV6oW-7S?Idb&AdUm1j)c)E355>6Rak_KB8O%wYoo($o(ATh<;
zVR}lCz4=&Hs2;sEBR)-HF}8<d$*;#rhy|M@v53h@dvCFZ*Wj*El5wp;!U<#S03IvF
z8$=H*rx#Xjo++&CK}j!U&Kq}so+YErV#4vFY+vA=tJe}0+hxod&5Ec|0+FT@7DdC8
zxp!yomqvyoVtWcCyGbGrarD017QOG=^~0WuCeMPjz@wG+^(rA3P|{2f0;z3ITOxI0
z<iYU5OXh2%5O!pFE^gwv+P<xq&Ge*opS(f6q!a9is+T1=M@BAwGzx46{UF><-+MIA
zE$>B-G)G{si*HgYOqQlf@_YC~C78oFo1PeWEK8t5S<g;CI*LWez#uf2(=wvB3&k%u
zxTo(F1xujVY!pHyf_NbO^`ruTQ&ga4sfTLto+e>LaTA?QivT1_If*}lWqeIU)c{ca
zRvz-|j8jMOIWwHJ4%WVEivv$g$frMZPeZl5R4afS1HP6J69jwx_C4F11?bH4_UoJz
zQ*UM{Z95F~gZEBaTEr0s%!OZCea~6SpMm+kh`qb)SG_4@&-MoQ9YGoIa}%!(ly*<N
zTcL=80uX1*r$tAQ(Z#K+FJrkyUy?N(w&q|curaW1OWk7nwdP}KLYEyl#Mc7r#rxWJ
zLJKs3)iFAr^18khA0^i_mt{(a_a3Kc9@LxDtQOmmrb3sQU4I^%;4r(ps+r79tCPh_
zg8hKhsnqE?;YD~ep)%^D@Wsm;#>%R`D~Z>E?%qlmU@-x9Q;&VeLnuZkl#p&jvX+1&
zruK#((Q^TNtijl`IWKfe_oV}iXScaN8+iOvLQ@!>B4)%r+-Pg#_@I*kQ<A#OmJd%t
zPRa$+JRY|l>opsQP9IfH1<a&bU4}+O=BI?-XLR1}D!;jWlS*iC18QWaVdHqtr+{~g
z`^*t!xXT3Ss6Fa<{X}=>X$-t@uw-|qwB4(AxsD8h5Zbu(SDv>u+-pwrCM6tzoUCvw
z+?_V@ApI;edI33gqxvabskYBc^hv@8xLCm~x`lLXB&AcR{*D+R!z&UoR)*}(;N@K@
z`XU+lnys!JKjcWshsbz?qs-c5l>Udd!@<Kg<cGDZSt8K&k|1@aG<|_0jtXD3F|@q$
z!p44X_2SiZ-*5^GOBNk5N<ba;1Em|v5x)RU8u&T58?MZNiS&6nRa@kaUMY6$yK`3T
z$ZN?72M15Dehv#U5=H#L-ZOGRa4>ueWYTLiE#D&YPZ8-m-j}`7{?JF|wy9c%l7VNQ
zIPf#p<$^iGfbd#N0-enh8m)9<)XrmuJr`mVbnjUzj_!Dw?}eDBEu}A?WQ_VcYWbkL
z$5q4DL2wMbQwHYT$fcSr<8p7((HfH7r?88A;#ZKDLEXY}-loF?VQZ<Wyj4-+Zac?)
zU<%|dRU;KsOo(il!?#E{Z=>!#qPVxXeUfl-u$6D5w~X98i>UcvOHxUgI9v4$6z`?u
zWjnuTxX=<Jd<gzbZYf|MuO^7(^6t|swMTT0FV*|i@_NTF83|qpmLCFgWmNA3JoBaJ
zJs$IBt2HrtOZOZrF=c$1Ip&d$K*nq9<-y1OWVU-RUg)=s<TFkWb<r3zFkfsShcJ?Z
zvvc=5=nQ-7wypjEMrcEeFE#vSi%;Z0u+OYy7z6k?dcRPxiCH3lYl?nYo;%J)S0l6|
zPsH*b5nMLJT>5(qh#FC0V~@{|3UiNzZL6M4cP#Q;J@!Ywivjuernqy<j)NJ|>Xfsl
zZN+Nqp<&x%4k=`TxH)LQLAFvxErG0#?uEJI?3{d7Rj##Wwu)A@Vt)4o!{3`?g@p`l
zH9!hj)2fgmJvfKgp6|%eHv6s3#!=sKRf{CrnrXuTxhOED_8{btv;S;r2wROJx{OJ-
zc?v1Fyy%E5Et`n8d`Fl^1FtqKk{;jPDbw<pnO~$1Fuca>W0gqmPa)}Nus(|L5K-ir
zhp!tE=cJb*Bc#fLmJ|w>Ev0bc(QN=4=F6s2ofqU|Ic#=sK;(7ZYat%O)0Jb3(R&5t
zJzY^~;={$E%Jk@tyL4wYSyK;WimM+kj4KxVE1hleDhM6OM|2~P=FnuZ7RB&NC|C7p
zT$4_nUV2|<SN2PLK{@c4cMIjo%kyKT;-VBY6IkA>VT1Mb&PH(($1uD~u6#8xrfcYv
zeg2q-IVFbN&bxz%-&&F(JS-ty_Sh@f2c?N#oOvp~PCMA<%6LOuuX&5C`EuLU<>!bm
zrxK?TQ90hzX8kAt(??(9rIVfc^Kd~{d{8IzimQqz^bL)p=*10C>9A9^KZNw}lc^eg
zM{KjOC66ehWYJ2Ix;Mw!o!V0f54WCK4LZM!i|lHCkQ8r>;^@NWI2EB5?of6rT1TcH
z>U$M#j}`F2wZ0R|1U?|w_S6Sz0BY%P0WC<=;IU6(6)Vo(t}z-AK9X}MoITRPy)nCX
z;c|3&G9Z%ELH;as#koyaZ|!wtlelF*&Gd7JcXV6gtlh6TD=W(%MT$8u+DJqk6Fu6J
z*kkCioUBG2qp2wfQ(}15;o))agKzVI(g>**b(;n(95XW_Ud)`w_5?6<npMBWa8IYK
zv$oD-3j8IeLczN57CPmlc=-x90@}69xL?gY(;{hP?^G?S1b@%uK|z|^+)O49d)|AU
zzEwN+#y`d6pJ6+W8a-#D*rCneqQR9ZZ)6h4>0@9}+rsM2;5nJ>S0_meQ05qN4n9Zk
z+H^^~td?<_<-p(T*+EgON(vY6yAHde00d?%z|rI@Mu~2$Fdh<_41c`*67qp!XHCTp
z+tI_itl}mZCVPAjNJ}DLce6_p1D<n3L1I9`(Ew(bAIw8UT!f>0i!a!MOe7+Orop3F
zZbpb-L0?(vcy5g-cjBcAw=@vWjh+O->Y>-=O>Ngf763Ui^Nv78Mufa*Y(H=1F(vKi
zOtfKvBX>p=4_?%4;2Pi0Hur4o-Ap7#3VSfJBIx5wm$-u(D{(G}xS5I$hv^1@ye;LJ
zi2%b*#xR{^DXWebHSgP-{4;jvqQvnfvtj^Hu2%PYSIyXvuk6Gq3O@<y*Kv>g0cBJ%
z9v1_4-MoC<`<h;lboh&IC5i0}SW1fpysK=mN?3e$`AAI@N7cn(fkWA?q<SP`eN{7e
zuskuaC7;Q&Q)FWxywus8E)iB9Vs3ix!BHDem0+B8TuOQ<?Twt0P{RW|44B)?F|gw{
z02_@v*7E0(Qd-s`wiYw*1R7KjPa;mVJ+xRl&`P<IrS;AssPb%3#n<dQWIQz=@78O;
zV?JOvyCAby>(Pk#W`wZ;afOrLG(Ar`Sp6laD2KrC>0Wwhvdj?9jKleW(g|~eN!Q3s
zGMC?AMwReTiMeus^o@c%uIfki<N;VSeh2XQ4B%Y8VJ&w}qxs;{X6<^f1C9%+<H1_i
zLt(<D*wvu9Y>Oy>=!of=GVtq_MDvzr*`;zt!^b=Q`a!*6WL3NuSu?@CX)%Z<=nnEi
zZ#DZUs9#g!nbrf&u(9Td$#bcvIsO)vp0?Vkvzl1VGHX-7$UMN+Mt03&vamd@BEgNK
z@mrJE&z@5mEfmMwEYm<m(i`<n8<nl#kvOT>lKtSUx!Bf@HQrG?dQC6S+Yk06dSdEu
z$QKsjEF$&HI|t`U#T1Xt?n?uStc^e?!xzpK9rNDUi9VLldB;B`#U0L10I!W)z!POF
z2xQefoR4b?D&MnR<H!|onqoUTn&$%U$goh@bpRZLUUQG)K2IbD?^9Bb-!@|*{5kdQ
zHq2;EymdIMjOoPK1Cz5YKog`q)zN&_XM<V^j*;j=scdvnEY)qDjv~7l>yNyeXb7K+
z?#N}Zz2=6fS=3OVZo*KDQ%MxnYh%=V-CW9;=vVK(xYWEvO`f9aM@V}o9Ie)e{?x%q
zg+)Bt5OIv_uJ<w4>jy7rO?iSWL?JWTw`dw)64Ds)MZCmY6}@{i_(ZVxt+f&sWs1T}
z1OO~@^YpMJPjConCRv0e9lF9asT+Mw0t`_llJ6aHRW^(WYGSL~a6R0ktGehGoo5`s
zMAeYv&1;(yg7D^5LxN9NyTGFzff=7Dz^rE-2dWpC!*#c_55W$%@T3$wZ5{-UI@7nP
z@H3QKTL_P1`w;jIc9=TO^LsG^z)y5m;hB^_FxY$kteLs&iAmwL4<)*WzUPu$uKaE@
zSwb=slkQ1K+Gr^Xi}LI;R%O4(?a915Ix-=e;gIUA+9YHp0=pqV0&}H-n_VL#nv1W(
zK-Fu}UVF^ZZ9dKwI%IsL9PR#Yl#<oCq1l2Cj$RfrdUcU4;XPx!ETuNvWUu~%<Q|?)
zmcB;5tu+*?lPb%SG(X{|^SIj{cIg?Fm50NTda2hbWz7|eSqeS&TYM#fFT6YCz>vtF
zLR-s7Z@sjd75B9x>|e6V^vMLu>T1bX48V0KT}|yz;<Y54znb?VF-2=7M0Jt3)qw$F
z9#Oug_bS4X?g?85&!?;iK4q1f@7_&IBn}a?W3J@A@Ud4$Lfa>??6EJ9p>1<lN!Mz^
z!}e~10PSA)tZKn~@RWLXZdhm>g;(>nk0m(L8DO`um7sZ(h#nXs62O*{O*KVyrUlKV
z_^|{FMO<>SU~CjHs?J@a1OneB%et7IHKc26J-tPq@}-`M>8o_9ndx3gOJ5W@$1|ky
zjaz++!ox$<j#$HS&hVIv2zlly1IELWpx_%w=A}~3sR<#DYCuNmr#GeMZc^Ni3&Q!}
z#Idio=_NjRg=&~s?x_Qc1Vka|SIB9v6S5`ur(fmPJEzDXQHzIq)`ey}uOp1GTrf*w
zgu<e3TZb|eSAp&^LZK+Vi?KQy7MwD!E7|-O)@M+kxJ-P#wNW-Jf~5_n@*t8q*hLAD
zOV$?_7g8VkoN>fJYMSAdV{>QJaFs8GU_rG72}x4CtwC^BcL%+dwZlcbdCU250NP{y
z`d+ef=T2dEiTLt}(jfyCk8_o~?vRx!Fk3h>P8LW#LSx6xOshoMc7iHt<Py{weXzML
zNj4xi*9pf`oWe->)IsYtkV*AGW^xgr9X}0|DN((sH^_Ex7eU`^N}5!i-A>_0ORO)X
zxs@D*yl$8_An)}=Re&EqKq{en)uQvf+fz%TvH)MWZ`L3!CL}g38m#@2)-_(+VVrgh
z<ls{(dX0qbQGoRpoOg17(x+xC0w%ok7V;KwX)E=q8}&G92?6hV`gbej&&W>WkL)oI
zwBpf(_N_x7ZZMHbVj!zDmttn}=yU_eX(i<drKWc?TqB%;td<!Ff`r-S3vFxzPcloS
z$M6oX9|YpsdpKCKW)*^&V+D94Q&?;^s8S$R=i%^ZIaHzZyvX8Kh+;5(%C#XPc2rh)
z0K2PSJx1g1i=g7fC$6WJk4|nG^3ro3w9HY2>IFZYl=EUa)WliN(pk7?Ha@Njfes4m
zUQw~psrd*Dn9D64Y3fAY8;*VM1PJF;+6y4(>vwv~%??^kW!zNGd1dhUiBd4Ui*sdh
zL)y4p?&P1o<<EgvV73GBE*RR=bgS{gw~gH1>>dog0D{7)t+#38ZIjOwcNWZ0{3$HR
zOFP5Ci1#V3_Zi-0F(%C2t}`3hZHZdXftz3QWDhAkG<wWu>1ipXoi8bo47aakWUN-Q
zVO%B%A%q3yS|!5fJ#NBwh_{e@dqbgEUGZ`Um;!Sdp?lI~JbPcYjmO&X%Ag9=q>QSU
zmq1<nD)^$md&3z?mDBG|4s4;J+B1$8ijwq3$6Evd{4%plZVdA%AHCX+w4NB}%X#e^
zjDaXBnr>*rCB&(I=KznyD<WWrl^FafI=o6=PTQdIqq|&bx=N8sNp7-+q%*8B#GzZX
zh^CxkECK+Q=eV&e{c?`7qTy1Yh{L4sm%Kp4wYnV47UTFH0}7#z5*I#>ez85nEleUJ
zyn)O&m;vA(C<H^hwW9u7o&tF%^~~+3yyP>+w{MtcJ!KCFcI)Nxc`FFb#IT|P3)D{_
zxNs;e5VHC?uIO&UQRs!U#astC<Y}yN5l0L*KCWGdTx4=o>cvVsO=o**Q3RPi?6CD#
zk)1js!VTUi8DL%pzKbLS=_ycgmlGIpZQc?SHh^X~M6bd}$E%aL;XYT4*(PJG9*p~B
zkOPzK7125O78qSrXEhX|s!QFN#|aRJA<!#y^CXb>NQf>rZQR20AyD$%LjyK-61<TG
zw00RJfPDH8J(ES{t#xu7H=C62dDoion`(X41hrQWtxsV)=#(dRjpJu?Oad6+<3WN7
zG*R4Xe*`rPM8(-_K|#`fSx1r+1(#|%L<(8s5Pt03aKZ3+WcWn;eK$w_4)pls66uva
zio|OoMq<l&QE3EN-RMNaWHbvPrA{1<p-pnO(oIJmSNGmSIgRMDTQxBYEPRh20`bcQ
z#hp`PmRPE{OpQ_J{sbP=3}9!<7HZ-&n;!>u%5uMzV^JfonR#I{W$gizUe*4(jqm6^
zjyEvRLtdDh%Dx0B2|k0PPH<A=B*h)~sop~*GxG5sk7{ZO+d!b+Q9wAAOOwR6wNLF*
zte0zEJTG;%v6nF?4cmIc&~>z{*sBLx?MJR}?nIo;v>4~S?XFAlk*8>#)v%#^y%Z#_
zI%enKyr(<qviehE9w37o_pU>a#x#bpBavYCaY7LwO8cPI0V5OWR`j^#KAfX@?{$pH
z1*=9lDUV`<eM`(gC3bT;-7yrEL!1ljt*z3Nn0qEhgyn9u!((#ib2bS|Hl(^lZyl*Q
z&cb=0h}R7y9@QS-mS`me66~2$pj9*kyIMS#XSo}$0D~}YMS!4go<2makIn0p-`SZ2
zKm&(sfmuPFmpw?Q_pB5v;&z2iTeegkwqqIG4{8Ql)SVylC^WLza64iMta!kh0w8b)
zDnBfTw#TjMLS^-?6q+jukE>D2+3B&R`jclCecWRg7tr0lM?O#nDlCQj5PVCNtm?@a
zMi)GFj@)I$PRyEi##j&-wJ_>pNi9^sBAL49KYh%dUgY^pJKPt8@3}_uyj#!I#e8mW
z_o-D!Y&7!{g5=Ra*h3pFb72b-4w|BtE?lUfPm$SY$PagACyX10kVkk<dZPOdVp)_z
zOUaviH5fXM*2Hfx9ootG=oI%&=Bo5NL>OM{giy)0p||`Rre7tE-a(yIZE&%;9LpP%
z$6fL$F;kw}8#V#6qhW>gd-Ldc3K^TrvW!7VtrEdh!u4f9dk4f*NMj`&Jee5238^iN
zBA&u7Z5X)9z+v@3p(w9$QtnKwEYW;<mpku;(j0`2j}&hClRZXsFJ6ShJV#9AL($r@
zB=^jf;H|-DSV}Jw(^_*5aESnl$7tM>bB7V2-HCA@?lqeR=s}6Yw1*rx+@#pUzY>1Q
zte+y$0F>fd%mGQh5t8y$ptfv)$M7<O-Do*IlkFPTH*@83B8i}-HLphUnX@_o^7op;
zzvF&pDVgXnSgOY0)2s~l39#3aC{aA?f`aK7g=n34rxJFGqU&%o<Q>gu>MW>l*d}cf
zapEmR&X_@|r!F}55OqQWyt=g>a;|%v;yxL80#RhC;;)~*d`ZW<aCoBc8C%eUlq|e5
zyXkyU402$VuJu>eRqWNfCX#mbCkLdP@(4^TFrk`y23Z%0S|w^pV!~Ja;oNIF1!kBx
z-m`0Un2_|I(A(`+zoXofIslE1bxXw76^vQT2TF<1&d$c}XM5rjp6pNW#k>f0Ds}Fc
zpj3}g;$2=fvUA7dO6QtALD}m=n4e9v5_Y*!ho?>Wbf0Q7XN0FQIW<geo*>f;ixhus
z%IdBwLRg~KkxKJGc18SdD>tzEQ)uxS{GXK*Y9?Hjj9RE3ty7~lSSF1!*@j+^^YW}Q
zvw9rwT133Wx+mb&Z;WKe=OKY~N%fpGKRmO`E}VRtQc={^FE;1QwR+s~*f2vb(dLX#
zK?Nf>;m%?t5g%EF@7f`!G=Q=#xjf{jfgs@=NO+r(wbX;vRdr--uk%>V7o@JR<AsN9
z0-oqyzR9a~eNPe9r4=oiK-<!QbziolTEuDa<gFdXF>vqON{As`U_~Inx>l7kdH^ZU
z5*Oey%5r@CoxkFjdx$P5Yj5@tE6}|L7cXogk(vRSw#h-6qb4VNl5V`re@TtJ*pTFi
zxzb0-R>)tXuI_E*`WxPA-F@wzyO4z{jflx~M?Kw-kh7W83gqcDjJ@{H6^6s-2;hB(
zr*<pc5bmK9$jTly?v9SyoyE_Us?<_NmnYmqk9+lQ-lTDuIK=f_sH!Q9t|+z$u@`}i
z!;8k=**&&5Xe^T{%=oM>L!qd9U%n%GXj=6KYj8bO-eW4CT1;f=M~G4!uYjJ5CZ+SV
z%cwckzIyKwhp2ULze0cW<oV|EohAkyKc=8cTBd{}wPWliHH<A6dNL2?%EPj0@-goQ
zX2he{F?MLG`5qb$svrP1`?Uqd%kEb1Em4(WCG;n6xDqvTK|Gz2*&EFsEATn)qH$eA
zkUf1DHAX(W@mh1UEOT|2Q_1$X*u=wq<&Ek>3l}L@s!uFuJ{vNhb8A7u=w3aNXXLo4
z;wTT6ym4$ngXCG@!LZAw#<$qua~Rm{0Sm*vi;Ca~;Pb}uu9A6ESn@nw2Hpaj;7f5<
zcx!IQ6hU=_h!vJC>ly6CEJDV}ghG@h>*6emq);}<Tf1j2MVt?BTuf6ZO<($sjuXub
zv6Lqx^qz?}dZxo-=Dfj+CK!^KT{Og{ZodI!)VQ+l*UMh4biNR*xq;zj>+I8;?<}R_
zQB?71RUb_UiORB?Hnyy8@eC!LYbNo|@PG#%hP`JRWbumUk~9=CC+v*MLKLXpO=0-)
z4R1ZHhXVRYbot5pcnh|OOnVXryo`dw9N4=oGuQmnIv0it*v2t;vgo7VyMN8#h<Z-R
zDVut0ku+tMYb)*@Ws|@&E{z0;bW=_ISU@Nek1eaVw#<Mc79Z}WRr06Y@O$^q*>58s
zweCG>X4YPvYr3;pcYi&^(}8q*aAu+nG0f8Fah$_RtYKM`E|`w)n9$yx*Wr*wZ9t;0
zsTSq-^{Y69xgvT#FwjLy?soGeJaJz3q=&_ONp~#{cR_~HA$^qjXj=TKy)Mb97E`Gh
zojEZN3mla5nIOqTs=K`ERdBL;0aZ4~GpR?3kK5})vpRssc_h*Tmqy9)rAIk9BsnOE
zdLO-X$W=s(TYn38IRNaA=3SbKHf(z%uNyE7^5w(9^x>J_r#n^ovaADgM1{kLP46+H
zN3S<F^CHu2uBP{(rD7`sApIN=;6iML_Q6H@W;~e(W<joJB$o4(Gx!y}n0wHS!}2Wm
z9_A*^gyRi~1(Oj)$=ijus-J?R&jA6@XwI0(sbikIYBY;4zaUcR+Q2`8t8w`@wO_$D
zQq+^9N7)N;D0HpFZ?Segv%E)iy`JmhbY(Qi18cgFNgqFK$TQ!i9jD~9*oH1J2oBv<
z%AE3do^RLFx;wdX*WWTwLTow^!OPn|co4Q~1Lx}*Ln?@*4JqNt29En^P`x16(=Y^E
z=#j*}C6KqmQf8qRH90G)w;~4M;)=dXS})=9Jfyle08!xOiv_t6MY7H1!Sg`ND|x=1
zlQoGzfQYvpjIST^3r|)kaD5;zlBkQgjWK)eF$tv;S;CNd%xeWe1y%F83c_EKGmG6m
z4n|~j5Uexq_wdRh3_OtF#gfnQ<;=bp`+A(9`*mUsoC|W0O{Bh);dhyp!0{<L{u~w9
zO)BU?A1|brM60+wIMOu0K6HPfOHF9c+zUx>C?3#gnmpl3P!{qx;LdUnKrksoou`BH
zD%jaDFpwD0fGsNZUQRpeZCAlXzo%s`bwXgF{&2<Jyo_6Xc&i|+_nG3&W-ZDr9b?Q@
z9@?XxE%p$JHg{x9wcy2I7ga?zZO7ga^+}9O4U&3xH)i>`En!W(*+zrp1;ia(%|qGq
ztzfI37Z>={>qXdWuxZE08Z{1?f(3DVcg{1D<stlD*1#Gf7R|+qkLkGNgd=FNQizk*
z!kfpUC=#L|`|4FWy<+Z{w<T*;Fc=pQzeLBQFJy}+-#QLIg9L$ls7vixr(#Ju??zu9
zi?NiLQz`x_)6?ko&s*1G;Dw%s%IkLc6y5v28$9dAl(@ahco}U{>8i~zEsb5!aK6Ec
z6aM^#=!^{JgH!aESId(fXA0zlo!fnN8W_>qOZ6IplJ5<r=&dAk0+`snvDuZm0-?u<
z8I}vGp3lOtLQHk(bmn>UiTT3|Ja`F^Bbx?C^DL5-U|M?2H?ugo0MRhY)_gE#&S2sZ
zTX>$Cpl!7X2VD=~wE~RKQ>|D_OP4z4i*9)s8#Qik=0+hLQD7#|$8Ib0vAqK~N>TD*
zbO2z)r4tolm7F(!ZVxLBZw@VqXl-`eq9qFvbzF=tum^OpyRCPGjrH2qZeDC}t=2g>
zt>@1?=jgt914|ce_ud*5`xM^tA{9Oj<LJ~x-jQ@wRO4iH3cbtoVLQFvCQ2HB-KDIp
z{FdG4_#l=ShS#0jVUJ~+wqp+-MfFZ==`*9)M0FQW-51#ihHIerQc|CE;#+UCr=uc>
zN}x_1pzY<l9e~F(I}g>051>H1E?aY#js9GpSMCt%UF>)bluyQE;C5ycDemOlnS+v7
z?W4+s>?K1|S-^u<{KPZHoDdv9PpWLzq@<zJ<<%n|uX4aOz>S!Gx0xeRjcthZgbUs<
zZ?du|$CU%MaZ?$Nc#2ky8W#F3za3hhPIf07<(tBJS4=Js1mG1FFDW>t-+}k&P=TMX
zm2E&$7VcO+EF3^`A!<6WJJGaTwa|D(z0Q#_Pr(oPXOkW0<|9(+fZKc3S_6ZYgnqCX
z`aHU5{E1ZUI%I{%-R9F-6XvHoHPY_y`Rx?U%bYi#!V~?>b#GB;r;*44s4|b4h6g-|
z6|iRXofuyxRv7^Xdf%cJE&>WpuA59k!zi~z^9%^|YfZNYhz016Ft48yX8}7pW6>m~
zS3c^{eP`hMvfo<-y?BfWf@`nM8Y!?&rb0MYL)7Xt5&JZlsw#*1Jf7Bx<7-eI7gXlK
z6l6gFj^Y==Q8$mu#hcK{+V4OP2codRRHn@nSxP$JTqQVQb<SL(i4wP$KHKc8_uea)
zeD91sK*0ud1T5b<2dlWbtH$Zxn=SDHZ-GuQ(UGNlF_@NPyl_xFTyhYQeM(g5<}HED
z`_i8;2ntKkreo{X{q($UxxPKAbbHBYW!zC%uTR~KjpyM(IXI-uJ0M&bwd0EO?##Y<
z^xic>rFd~ZgQ@5BDLs9kt+pMd+28KMk^A<Nb?*ozpaLUVfkgutn^()=YRkszU>l1O
zXIG6lVD<}_S5%@g?->pAJ*X;orx2wl&8pKZPGhK{8J2G`L~I|fyxDzDiH|4%<bv~t
z`lXF4zCp;ajJX6m>xrkAPe>V*XNF?RFP7hw!elb3zXLGZq>M+py>%(Xaiw+?joy_>
zdAjrJ9{tJ1iL=oHP~UCK6U*pIYg6l#;Gl`uS@xcvz!txa3{D3idxpId#(EIZ?mC;8
z^}6zn$H}$j(h+tK*(u_7J|!(0@M$7;+Mve0qSL%-ziA#qBZYSYEd8_`!{(>&MKNo=
zrV@rzX}~-_$ftc+N;)!iShNCX0TsuuJ6VlUZm!NI6r(5KB++tQFbV@Ze$TV^Ib1Bo
z2ndQ#%>>)T@(?~z@m)QMprmUHxOWOZ(Npgw1ddd^a$m>Gem5um;ypU#3d9z1*QcQr
zB8VQFcS_IwFrP))6k?(%EQZf?cb@=CK=32Ev%@YQ9HgfMVQ%`sZM3pU3`h$C_Hw<q
z<%mj;uqCn=vyEL(%AKuK6RGs-MEK2sDC~iBnj^g7ipMiW1h={EktwS|32;u7lod(0
z3M?=tYqh9%B&5^&*o_2e0PoSEd)5x5Zls>vz+kV9m`KN6sutuy5!5*7fiEbEYQQ*V
zJEEC)@?=xfiwXrGK)c@H6|m(B;p~eDedW)7$*;5DBO*J5e!()2ngSm@Ml}y;-o<+&
zI_yJWYU>Xux8E2b;t}v8(+xOs1e#TTOPcrHcKvhA82^(<=!xm7Y$u?|amYbm_BbDF
zMj+yjnED(Iq7EV9GO<|YJ9#@BWQQI{VZ#}AId3E3q#lls$Bf+)pr}POm6g^-hgc<y
zn(|3=wIGE(t14j?suvW{ci3)AJxBd2WIS^hqS~)6)ty&qh|OIb;RV(;0v?XHvMvwo
zth48UG=U}0y~{CuLSeBLaTIyEy))R#<-^*?=1*Q?m0H@vHp|x1;tRQVK&5Z88s)Jo
z^5zQ@n0vGvfPjZ6nUPg-r;q8)Y)n=aAjn&+(R$U>77Y1b69bG}r+I@0y#Xf9F?ZXi
z9kAYS5FmSEcL?{F06~_ooOgW`!tIR&3ppFmQLL<oRzW~N2j=HNA>q+aW~f0=YDB!W
z+FY}c1kXhE6@2@je-0d+Naq4x51Og%y`WNMVm6t+eS!Yk{EX4!nDLdxDzj;MwmP4r
z;GyuVF^U2zcmqHu(lx$*9VOeisa2~918a{_&{r#;4AKLZi{a^o^eU^v$B=O<woq>~
zj$n)6uV!&{Ok9EtJyh~@BTwX-vwZc6>Dn_5<aIxH%(Y95yi{pz-o@gaWem!D1oF}|
z5X-mGNnK^0PVnJc%Tk#mcTfuG3cKs^JOiu>9!ho0L5TJz0k6sx^E?mqY3XuAv6tcl
z!Qpr6k3>1)*tP+>cwFUL#-8>Iw^>RRFhl@%PReLYs#{!|QQ(P9dehc&16n^NsQZ-L
zuB7j=7QXj_FmFwVF5g-b?_9^c&^(;BHBUg}v9P^!II3dm8-9}~%G__YdcGwXpQ8u5
z;!f|=OUXf7yu;aC@HgAyaA5<f<}P#V{3_<MF&9kjQEx1%2~wxv>73*f$%B>~&ANEm
zn+TlD2F>!GOPW8u@^_qVO#!c@=<0|JfO-W9nX7EE-wJ?O-Qd1A#oX3Yp^*_w{tEq_
zK;kP<PrMd@m?#RL+92W(qckPUY@n?5<K=qB5A9gz4GGAgmWkOtA?=uWNd`%C`veAb
z(oZi#)GZQHq;DhE9&L)q<}<70je4(p1iabg5i4R|(2DSrX+klJq7lT{$`@@oFDh>N
zP&6*-t#tA-)4-!glwOYF!`rIq07zkajCXSka?sK8Q-lFeY<ZZk7l9uEh$glny@w0W
zMGLKuE#D%uKU|&2c&}t@FT4vIyGKlvsfSA%%~WH*L>TaW*YJV6Sx()zr=sASYP8Q8
z8Yv!+p<DMI_`P`8*T^eRjw{-7WVdRm0QFHl*Uod1rZztD#(m2iIO$8HJfVwn<1d7B
zrHL^R3m`{9pvN+AGCK-Rm2)+-o(RUk2?wS;G_ZLVz;BIHa~vd>B^*NY!2FPd8Sn*<
zD$f|6vukvcRSJ072Cm~Gd846DbM`HRzaj!$czq6_iniN_r4OFHlzGxO8~29yf<^~K
zDj+-v<Bg{i`jn0naQY*~A%HP_#$(U@_>n!-QV(rpn<sL_2!@?q?Yi(#vfOjqA5Lgl
zdEUbXsd|d}K%dm1sRACZDa^{xS$O5zxD9}Ou$(e7!*uwaTpI<da{w8zuf-fK1-@8U
zJcxXlPQblEM8IbVp|9RaZPT|5kv{XFIc1emN-cAciPZuP?~__xf{4)rfPqKtDUVNJ
zN4FY8(hivmW_+WXp9||wXD%($Hu}1=%~@h`yKO%mfu@JE>jXFAieVx&O;EcjaPLWi
zCHtYNC&yCJ9mve=oCzMzo+1tH8%LN-PUsGJf_jmU^HhOR*agi~C|2-1bMc{rw^z$p
zDReezRrt$B4;Xl?d*<*+Tb^yav;sfC?7Du*PO`c1P6#pp_2|m$1XXsBjP=@ZS@T62
zD?a1cOx|{Wpix*44q2e7ILlocsP#d`nY!-CMF`nG?CY`6+t(!8fyU_CM2Z@BBo^|v
zCLJ4AE`HuW3KFX_kS0^dVW(9vN&rhKo+!r~t4VtEG_T_tCpe)blrG<e5I!=dfMF`$
z+&jIP`xYX74kmKFju6S>Vz3Xwc@h1sJap!&fWRe(Bk{h%_t>pK1_Smnc41Ve8W~qY
zi)U>hgD?7f(*wn7UYU=MS&lA2NG*XL6t|(L#G~Tk<+=<{ktRues_SE^z(&+XRR^4x
z@_I}oBaRV_Wmghpa;b@i!)ij5<;44Ws$IZh8E0M(pA(`TpsI@fnIr;8p-<}Z!_f`6
z#-3uKVz}HV!_O(+{xQWQG>gw39F<G1P{hnOqtUFF4pb6G5+rezEW+L6Hyl%Z;>;i$
zCk-4EE*i^bWs(M2&Netl8s+&)RPRAmV2Rlix#8wNQNByiinLyOZH$&^G{5(Q`;^VY
zE1_#*td#Y(W*R6TO8|D&p4XWUud7bjh_Jjeyhd8Jgjfq6d%>t<_-?`bTZ*3}ilWhB
z7^W`nTSbGs$_W{{?T9*!qE~9K8g0fL5EW$wXjV_OTnp21_#Qt8H$u<0vVmZr2(Bfg
zeJO#Vo_pwtq%^9c2!mj-8`$lWtc&LlQzI?asl{QPH69M(1VnOP<3WY;Vy9$b@FKm$
z6rRHtw`Z{8j#u&~7YoK89JF5y7QEIcl?V^p#;1-57*dHdQIx%SB9i(6+?gJe5Lo27
z4;9<7?5Z~AA1+BgJnWwR1S)Lg;4JpZLla@q;=&XSEg(LQEX$H3pL+xptkq#0T*1|W
z(uES6SYrwK@O8bi#B9z}KY_70=xAenYXWBjbeZCHKM!<N@(eGR9mIw1^>N6<^Mqux
z=jdl~EAUL0NXDa-_Hiwf$c7F^S2MrdgNH$XFq^c^rx;m3eNol7Ct|LaQ2HS{hi6B}
z=3(MvzO2_h!=VoPOsJG(Gu|`CGnwZ}Ht=lJ<k{hyfxAqROIeDuJQ!3Qm(A;U1Qcax
z9q5}C!|>!W1=Lg;ikCVNG*rF?i|UY)YPg2?GJ+~zz3$-})q%|_nX0USH%bd&Lj9Ht
zAaKmM`d;I!$7Ykfcjxp9yXX?Im<IQ02gEAr4oz+l+-sZKQkH6yciA;QFKR3Kh#UK1
zcU=$cLL<J_Ft!s3YpBC<iGwz^MF*f<Uyddv#k*Mwg5iP6gAGt**U-L|vSlg-xF>U*
znH<4%oHiFy3YTt3No07P$AQ>uC5VN;<T!7*UbuN~8!fF}Ua8xp?JYg(Qph=Jl@_yp
z@AY*^Qqr~>06=@1dw7C9fMo$1<0Jc&<NF?4c$DP1v%EQm<#Ur%-?=`1f0m@_i&<(H
zBQ4K0L!DwS8^oMEz^N#e5N)yVq1WRISjcI2yw+StkaqWt?IFxf?8wD@z&<x<Y<@e2
z1C;xMz-_FjC;aTGix63;bz#;se5AO`wK;rm3elNjcx&%fKTkJlj7n1u)k)aebbtjc
zI)MV%n0cL@I$ex!0MOr_;U;n5m_mnuAxynAxFDpvKP2#C+Jt)1U9CI^`uUtc)jcD|
zwQNy4*b;$=RidqO?IJcIz<^Y2)f|3@_m(`mn4EHXGh0z;hu%;JRj#C|I0>b2zbGr9
zxs`WQv;knRw2u+8ReuWd7Mt+#QHVLlTy)HU48W^}6|vp%mZY-YCpO}u$W+*mcYB*P
z$KYi!q|0+je$B3M-?>pf2N>FEa=NR43Pbc6;LHRrd~&QDAj@4tBd|RhRBUwsfG(|q
z!y8808Zd0e+qlmKVILKmJt`<*v$a_*KamAU&o}k#LGS7mID=5kU?`dZPU8kkWODW4
zvxPJ*&NAp1{u+6iW7R>cSXQ0$T*x3;4P4@QJmK2r1y@&U6;jEmtl=6+r;K(yAJrWm
zV<^%o4k>=mjIBv82Rt$%2bMv*$m<~c5cE9q*q$708;$S__3o6%J=7`C@d}@)Jtld}
z;*E^fU<p=71>5=9(;!&w^4cTChy%#4<+g8x%lATj4`CM+yzHbaf;cA(#J54s0J`mI
zBUvi${yg!$!BbLoU-gKR>z-$qSx+{!6&E#JqqFuNkaN*PpDS|rD~IklY9W1LEzm;m
znZLu3@BFBrqf9`Nr)J`<Fb7I?`8w`sXHO%9QrVr;vv>Yvw_L+a0s0IItkRb)6d&&L
zgXQb>N6DT7d9?uym|W8>fk$f-v%>pAghUi7z}tf!M+78wl3KI~$K9N=npsXX_Ut)C
zPsaN6)Dz6A*l4u9d~A_5^a`D7!m;z(g7iV6b17;(1{`=T#hW=AFSX`%gYL<sUlP~5
zq|_%8Eve37!2lLR0xej50853M+Aq-XF&AXcjRP@~sVJ1g6Q3~ykFvz7?pWJbaqhU;
zqaD<b(fN5I-wS+OWQda3*D|PMH}OJVvoP&tCv_H(AaKzDwcZ#`a+=*k8w)0Nard7&
zGC_IFydWtNhcmkJk?cyaUuWu49Ueof%B3SJ;CpYxUgRaZsZPnkBW)??AYw0brEi~9
z|Mbbwc+Un+UcgaiRDlTKo7$sQm)9ZZqYwgh>kYL&OY)kuXc#N@%|@$t<lKvWyHVKW
z0-<&kCj)Nm&$%92RcKL)9<*ntGL;B{L`!5gpW<0P=};|`!--(Ldn=(2l+AlLFf)xb
zIsG;Bv2FC!Drt#5Nhnazm!3YNE1Y=<G{iG82gx^Qsq6xgYKqBx`RLMTYJ5>qqJsgv
zgiQr7nh!P(q42$4$`(5rqp*vPc(LzJy$psq&P@P&T?EREj;VFhbEuaPAU$Nfz%Ow(
z$C^#+ff<AWw;+_jxvlX&K40VK=ho~@DbMz(YQ-Y5cKT%T*l5!si1`5Yr&k*6>ad`g
zKlOkFEOv;kAntxLcSqMrPI^zANuFwlb7AYNP4?>C&LHf78Gy&M-RJQsOZyyej8LB_
zbH10<=7j<DHn&e)OtOfZ3<I3GN!?@`4o0A!=4LcM9;ZzkDPDnX1CS@JD3hC;`iwN;
zKom?&r-wtwkqY=qMX>cDxVh+nKq0K=8xgZ|%J97M=v|k19n%<VaeD{sbbW(lhvmTe
zD&pzA?8wLFi>nI{3)v%um!Cin)5K6bEa=Lb5}5Q&5@dXW`kJ$}x`qV%Js+A^;Fc|x
z5>4bXqVG^A-;S(;?SzE{;nTZ<JwBdd@GE{aCtDKq@;QlKn=(F3GIxCKG&;)9#Y~>K
zK`y6r8!==9CCY<awD7Y%h-H>^m84vV7e%=5?D>_a;Js%8OUUV0KmF1VlG~%tRy4cO
zvlo@U`j8po-Ncz3h?+I`zz!?El;E!3f@t%0T^6_jyL*o!HBseLnEpBFXt~007)j!*
z7hYxf#9qB&>om6q&(u#}>+?brEEdiVs%&ab^38y_Ie5g(`T!GXmAC0J2?LB1m%6?x
z1H2e(OFZ9>fm{}UnL4Aii4oT0jP)vOBHyGyFwNVWv_H-7Lk1666wO^lWJ8_25YtCQ
z8HjFEw0D~?Mg}AlfkrWENK;X(Zqk`WK&}cVpkAZHU=p)bps+8h`o)DlvVeLka?x3E
zOEp8mG61-%4<jo}o|rofOx+RexQX9uf?Jc=D`tGy2kSxNcI)W2a@AtyTDD%`p-3I9
za}7LXdsS=gYJ8}mHG(5|?0PRPOMT}gj$O8p0uRyZ*3kI(s=PfT={<c%SjfD!1eK34
z9e4RnZ}!N+o4!&V!Z^E!fBvRHEk>mbV9qZe==N2xC%)59X$E~tGXb3;kKH3l(3#$w
z?Go@BKoTA)0nd5?!$>c$?vauft%1keC{ZeMA4qxvec6XEVJ24^o}sQJfKxMv<0-HW
z@yNoHUECvbzVcEw&%oC*@g6E!8c~ze-4j}pv`qycjoy76oM0q_7Rm$sNc|m&ywLGP
zZwf_x!YIffFBtI}?0}K3%vZsT`JLNlx^eA#W{8GI=oTTHY*D>E;l}p>32e5WsB`$r
zOr-UNt#_#M5;MPg8c65-USsU_c~hkxJSI6zvIV75O7Q_xz1FEW)S4LN3a<c7#*GHG
zEWo!K9-1P$b(@QjHYL09Z8oPqs^U0dK@rFcGiWByv!A{hSUJg9V)^QLXbU6x-38$k
zLXAF941BIbGSc~GWdTZ-9A$FtA?RBvH_H|i#EKUe_#sXL_#A$UTh?A_1ap%xBWR0q
zy-osRKPp`{Sy#v9m+ay3%%vu0B~)l$8jnLtyVN{+H@I;(IoRwdC&0e3_n0zUn)}`Q
zgKjqHa}|eFKs58JojgHI!4e%z+EV9unG~_4laZ5}bQ~3zcXpLeOg$<ZQ_PAIS3qvg
zq%9%!70x*pCyN4L9n8H2O1zdh73>&s*;b-gMHa2Kl@zM$?lkIb3XT<SPkk+Sa4%qM
zARyOCETjNTK(oK66YCvBhDG~a6Xx^r6z-`a?KdUQu0i*fE?i(|NL})&V%H1ALzQ`@
zyhl=Q0~tCzcbWwz9ub*C_y(-z9WtjHzngteZl66vER765Tly)_V}x}G!L};pkWN(3
zT-$y$d#C++_@p-4>qWWL136<1#9Sw}yRDJOQ*#eun;>0$=v$tjV~}$mKeFg9c?`F;
z4VI1}Fbwxf^`1W`&D*sndH{wgxLDO9Vo=g;+j_wejaDbMH)E}px}n}j=t;$|M*4y*
z%bzZLKByW;lh{~hb_CQkk<*AdmQe)&E7_c*pxeDN76RKkgOVCF=XX|@u&7;xk@NC|
zUKVb$F~3aJ$FedUb`1$C{SddRm#OJN1w7MXuwDn+c53Vw)mYol8`NZ*Qd^IAc%|&&
zAU`$;F|ZbuMHo+l@+NrdcOm$$kFg%T=y96f6>mt&6ZWFObX(?tF*XcLu;(vj`1s1(
z52Y7GS60q%Yi03DV$>dlLndgaCp5u{A=T?y8DQF=ERTa+{Mp=ZKo%S#-nEY99*wu|
zd*dk^aFWERrVEz~L*>1w)ENV6NaD~D5te2U35pIgkFMg|Kk;)QO55>gFS=W_3g;@t
z5M#(<9#VORtGkXP9H`~-i*<Xkv1w0Jp@8j?vi8$=jl0C0-9nAw9QZV-^fAQF%~2d?
z1=2RJPlCPS!y!gNJTcLO(%l?hkJNO(Wrjq!>?O6jt7~3{fVP`R7ZAl`<s6eucU+_Q
z&f!kPfkyT$G2dEwTwgjI>YTj60?}P%TMc~`3wMK3ilH@QQ)JMh^^63c3qRi%j$Cgm
zc919mi#MO-$YKV?oZ?8s@tQ5(G>ew9JEy`%SH(3iK+`cz&C^f`cRmehHKS#gQ?zR4
zL&ee4@JB+sNUKx|0NFx}3mw%ewM0BVH}P5kULs&#+-Sq^(a0}JXC&p-#Y<pIRN0nZ
z-f_ie2|j(x_1w`58ftehnG2sVaY^`@;w+VN3<#1P_VIp7l-{RA^_F4!dJ>Z<)+tM1
znMzJzi=^GSWr#ssA)O_+ca`*IvgWf#5k&pUi}MCx5*1jSVW&LI8T+jjz)=%lL!sO>
z!?;`-G($heR`$gtDZ$RevGoFhvh%1bhLborg4@31QI4#BBvS0^*H2~~_t_Rw)`O$W
zHkLUVoW`68>%D&CtmX20H?n~O09cP*?H0yg-W^-bGJ`h}Xe;%z$7}-e5Zuk$xZH~5
z=`F}6venKtXp)7JJ%~sckvHjQV?><KyN<DJwli_7z3_=CFRL-CHx`zmH1<Sn56={_
z7bv`Nm+hS3XHAcF?wHyPk6*HjTfUc0EyIIs3EY`vtJ;32Kkw$wH;RKRAVzx+xGq}c
zjp=B-ly?EtFDzuRPe2cLNqMa@;+;`VKVuTcOT&01b~HEnDN?5IMvrQD!UnH76Jz6w
z8CW<>qMyz@2uz`w+{kf#;HAMV;jxMjUo}D28$cph7J9gM(ji0z7FQ`@YOj3^_4Ykn
zQALDOLKMc{?(-YaYF|Md0CQO}bKi-?mNpi82j~n#i}<{Q26j3Ok(bL#dKg|PS=N*n
z$IKh`fQ8+_2)>{KW_js;LL}JoboD)c6U}2!-aF!};FYAI!z&bdQg4yfI*eHgC@|h@
zFJs8zdFDaJm+xJLk9o2-H=Dk!-E3>oXxzuiLMvqk%>wV-AYgXEB(Yz+G&D!wBdqCG
zl#9L7u6L_X9pL5m$}uc%w@wk|L~vA5L3f7=;auIz1@Mx3S`DE4OQuLZt%#;n8-*;z
z#_|01WlpC($59u2$8)16V_t=>oU4uu&eGEcifKEcub2*}Om@H9{reo3I5{1opYP35
zPT;#bfJM*J>Ua1AIg4zd(LB+;6d&W-i4u3I7BN3HlVR5q*l_9>oKtlzuOhjJo!N<5
z6BCM1AW>NSn00`2(N9&|#CSyd-JoMrtajh5@+Qkc&WXG9H6)L}q@sN@^j_$cd8{g<
zLGRhK@Jy`gd17x9s`A0}7}HmD&Y9Dyh0p6H^n}pUMzRq%?01L{T?0~P4v?NEv_n2_
z1Ng(kSvjU}@*znLBB$SrUE&=Ez04NV<|}Ai5>>--v}+Q6DRfeg<Bayvn`P5`Eh^pV
z#9%YAXF4fm{kCku1&x-;9jt){5bx@k&4ta!VwzM>Q);ye_GQraZspeh%BBDO^S}P5
zIR5c(|C;<?1nHm3`1k+qj#T4}yOTI0TiQ$1rqLx$bi+EFP~R<yODqgdH$IbgNJS|^
z;ygULc#XKc@qn7MMf?N+BPOJDcp1>d#g!bVhx9|-pUMXK^$a;UuG>qjlod%HO){qQ
zTbXXwrCm4`$~IacrFTgyIlJ99qg5;pM6cc`vK#2Nu7iY?kb@vG6o3+TQxQePW)jFp
zC7&~6_peGaA;?wofySFalQ-3-Rzg639!#WehR-sj%j>oO`QokjXn>GtfyX49hi*zI
z#!ydW#cRW$YmT#?HxeEu$$;D%AC-Jh7Y~0Y%`SrJlNTcA5QvECUfaF*yfNuuK*5_+
zOi<Yb4}hi^?!nQiq4O)EA#e%o`_tR@?c;vo$|+n-BsDkIDuI=z;`LF?cMipKv!C3|
zt5<V-qUD6cdhZOfV2H7Npac0S`;EMQ$`FI^axy5%AE4{*$V17oJ`RnVtE0*D?ljH1
zl^3-t=B@Yev7+TW{K_ofiKTJ-=6)6={s<%ety?IV)*+e~zKX%63(Z$=5AhJX1@&q%
zDU@Th(%w~&qg*VvV9?H+PJ-N&LWmI}wvG^efH&_I5uQ^P+ebm)y^ZjYU$)q<k{&;)
zprkC@oYJJXi-RWFB;I{=8ZR4SJLVZj?3>V2JceSTmdD<Ll|3*LHUQ5sAMW@@$Klhe
zcCgiIb~zWg%DVk3>DvnQ1gh*U#ZR6996Pwqc)R7L-0kCQeCL(BQ)`pJK-uB1V^y6!
z+_eVuRTk+?m!fXHg*8%mR2auM0yP6eEyd4+7GU)_VwU9HM^W-=3W#CI-OjsvKf{y2
znA_;q3pHrU*F9*f-D?T2@s{Cwfd}_U08MCua^ZFHlbc5?2<+`#RPX%eu@BZOk#2Es
ztw2Vm!&LDrB<d3SC`;d`*X26`dj14SNPn6*a))4R3m&m1U|3S5N4&x|innN$g1&=5
zF?#ZHjAPtXf`A;W%H<8}RVgg6OWx?}KIT=<OtUpEuU)%Y(HM36YDY%jzNeb?&}An|
z+2p4bQ&g|eu~s-ALXe5Djl;?f9OD~x_a_vcs^tY6M-NhsOJ9-S-M+@{m(qK1kAWy!
zOl)h=s9r&-r{j2wXKd)AzOPREX&Jj?kBG<=x%7nl=R31DTZZio-*XRrPh6c_7Rar{
zLl;%MI}L~G#>cB#M{mU=fk?J+G}DR*4j)2C#x|%?_e>@lQ}dFWUC9trQ$F&q;{3C?
z+#Tt;8;{xECvy0!ypuTzp`f?H%nUVBV@j4v&1!V?@<rg}<e59_0<mdy;9wvK+eKqs
z&njH%Y><W1jGTnQ*;|IAf(NI@&yzV`Kktw7;?qW?_HhRsQ2_0`^&J}iRiHy6qiqYn
zo#*4}$P3j8y$kOQB<WmPh(R-$c3PfSq#yQKTnLce<C>gwLVhn=-l^Z4aezYUmzCp|
zW68yaX&v~*AHt`jq&+2LB1fWQ$L4yv?>C9^n(Q^t9O*c{lbh?}7pVXq0AgFT1Vr?t
ztGuRRh#vH%^Ya73z{_e_gbQ**7eeef(LknMo!QqMs_ONs1ahzWzG}ozbKw>@>`{!?
zNad0TTarpYZ3e*9h&7FcM6k#?efwTpkiGMMy(z+3kFO2;h_2|=RdRsZy$&Gg2pPoq
zLA#_d`YGLuzy@gLE)emqKIGByx5o2TC4KtLC6U{!ZculN^*zMYI548$b)urP(VF11
zynu#2)aI(m1dW+$rRQ86G(bK(FU|z~rOb5;=k~;j%~TmrCOo_`1ds76**WdY)5CpB
zlEbs4+MjiPT8>aEcot#zjOTk|DYmobg!Z#1hQ7Dl0j0J?NN+>uc6x<}xu3!zldB(u
z$)Fce-$<OY&A4PfkmYdjd?E(<!W+tux>DkN@v&|0c^pBxQ+UoL&3;wNpYG$d7_<)_
z&-5T|pHOHFoP+Jo&k$-H5sw3m{9Xq8oD~ybkFpuM_!B<3!<mhwie^u;gwuBQr!WA!
zz%yNNpnP&(WnB;wWl2ONF$qU4cKHBGAYAIJ*7xZ{Ch9z0B8m@Mh~#mVZa{buCgJ`}
zJExIPg{;vKZFTOLx{^G0W^lJBkyjXbpQ`zm1L&G^xV+{tnA>_2U{i>KjV-$*oq8Bj
z5S^0J9hPtOWxqBN^G{~w(~&^;?d=m_S;fn|M{f1T2M?(;Y=3$a2KFAdW&%WER;s;P
zDn6Ke=r<RuY1>D&kFxQdjV>57J`!Y3=XwjM*ln|QF+Fz6<~CibM9Kb4&|~KoXSG0h
z^m9c2&OoFX93BHI>bL5?Ch{ORLG9VZx!_NR6~@Hv(JP}z6I|UZD2Hv5OSNVQXSBoj
zRyMtwDt+`p#O<SUPYPM2o4l;|aLlM*M%q}sA~W}$O)?b2gvTI9!k-m?y43iz-|W@&
z#=N($D{sx;v&!X?$BIDt)0yKsCv20uwCq|@9A+WZhu8tMYz+@;#IuqzV_r_V$e6;P
zyb0O68!|zq6DsHtk<tRiB-$AFFd*KMi-ERXV}7dIzSEL{%Z)8QLd`;;aYifXV)iuG
zk!z;$`xy}xFSEd*FH+9rffYC=@a(;NkqVep<xK0X53m+GytudcOge}%utq?kn9$DH
z9=yG$NEHbXrO~O+3zw~E=LJ!G_Fex@P#_Q9oJ^INhAlPfCB^JzdlrkrD3V^n&s2r8
zkV<r|*9O$qG$q{y(g`zXLE*aZ)f;9_OPM^3BuF-#sI!@MqU{;T*Gs-Hp`P9fCS}%M
znyWb29uF6~+u{4HJLt3S?J6LXID5>a*998NZ4VTCoJ)%DQV+R*_GKm4<|((~deS#<
z)+H@x&=)M1=<wj4nk>#+yf#y2<2M#cj-GK`p~ZG<_O3~1)7+j5qg5yonVfRkjE>T%
zz%bb7g#$h-&zlZ<JUlNURK$}Ny2;wdl@4l+r)1qT<)@Q7KJCW|cl#XO2p^qjMsL2y
zOgn8_ZzGy&nq%x7ic(ADwMqCvxJaF4wX8NguQfe6*4Qd?f2+%O=(=tgb38)4@3Zz#
zU$bg|u6BB{anrmAPdk@WsLghsi!1Ds!ZH;8tp1hj)x}(?scor3UNl2E@2HgCfFM1~
zl4ojj^+Fi7xB&s*7U`Vw3TvOpLiN%qsk|$?UUrUpb;E#SP?%-$=G5k^derZX-9juT
z8L|DGEYk8xZ1`OO26{dd;KyWpCF1Yrv`C0d*NCU^Am;^-k^xzpP%nj}ipQ+gnu}84
zE9Joq!f@c3no#3RdvR=cZ*;LFml8>tE4`p2;w><4o%W*@PYeF4pFX_~&WpycZ(`K@
zuF<-$5X~S;cu1d8^6}FvYm0K(pZZT>dlPgQDZcOoS0OT`p{3ENia@;`L}`HOU36&z
z+hYxcRtdfk==a!Oy_GsW9nQzPy*im&qJz)Idz_;?SvLC<0seNqP;Ooixs!z2=ky+c
zppWB2Iybo#5W*#0m(31nc)u_(1d;)d<QOt0>!(dt^VURVrY@RX4_y)*%@we@vYx6P
zt0$+|O!ko!6=X`sLXWoFG*i1gAWIK<C9QeG=>lQdUl_bk{{v2RbuWZ&*g5B%gY@U%
z8HUcz{lK8L-%$vJYeY8vK5aC`mLY>9r3&ToU6h$ps6XW=K%1&+Ya8bP0o#-@8qnU6
z=KACc-b4>+tby)Qhps&WyQ)c%m?oEwYN10(67Bp%;nNBIT?v+;&1p+^mkbb{ANeFi
zArR9%VuHJ7n%Zu5mioPEFL3LCN0?jZ7Kr+6Hs+~xO`>Y4(e|_Mc_1$hSrYf$Wi5b9
zsQIY*)`$ulH7G0t%juDaXacn|CeedKLZ!B9BmKfbK0PsxuG>0b76L}gt;aSDy>U~!
z2oe37MrPx}R;Dx?HyYumA}B*zui-e_&(gKujFMtnbUe5&My|ffs52C@lWK!KC+i8D
zOLTHrnc0=@Y8>TW_g<==ahfbeI15)xYl1@DcV9^8r#sI2Vew_YGI+4_M7g<qC7guO
zeBJg9%$e-FqodiGKPQ2wzb9O8xEiD4bFit94q~i+8;ru!s^CR*&%hWpvv@S}V3jGb
zMB@;>q+>O>rLvzg^vfX5XOG2^p62j-I+O1LOmC*Xu&_^`R63Nm&G81RO>E#vTX=i9
zCBTA;3_QoQp@}Q;3C^8X(~{p=xvp(OeV*_m&~UJp!wP*QeRmtNgRJvRRW^VYNE^`&
zu*#a(ZZyzb5T$R5_J}1_s~g#0;(&X3cLq$1C<L;+nEgV-KOM7Z`Zn$`mWsI7CMh3*
z4X<olD<Y*QQErEtq`R{D;#;Y!ocFVfM)Grckfj<u<ALvyUR4eTRl*diIIquJS1Z+S
z^VS!-Z=7f9tiq^3)#v_P1a2eCsZ>z-;#nW%kpv=P$6%VTpnT%->7CC`G%VYj@j*1W
zx|8v<RODn)f`_fleRz1Tu99N9K+dv5O)u!@6nRtnVldP0NTZ?(autKls;fa2Nyz75
z)rD}RJ#eEck%9~pY+96qs|X4GWa%oX@6MSY6R2h?I~<Exf<0fA;?G<W-?KAP>QK<C
zZ5Q1>*SZZ-g%D1Y=kM<IJK9bv$b+4pdCbvTwEI@xPfS8p9DF$H)%MLqrUOAj8uiUP
zCr*@6gApY2e7PY4wx~dmJ3G4CurygvIUbO)CPEK*DANbG8p=1fBRPGlC}Y3;l;P7)
z!?=&?O&`>y8`VRM*9B7b7S$9I{lPdtW<UoLQw-b2SW0}s<M*z9rmw8jit|IC7^8CM
zt#D7dch?PsmORO*d52i+VY&eY#@Yn{Cqz?6GhL-v`Rd+l7TuP5dhMEm%om0k@0K#c
znH0WI!B1y(sNL$J<@1auIPXP-Vuvy2s#;Ie+XRAMuE=~<4QXew3>o~M+T^RB9xERG
zR7p~^BdMb!-QPX3<_0Er%N0(IU@D`<WecqeQ4fkiWe!Qs^r9@{7Jb3iV-y5BQA*tk
zEL`fTk;b8@TP$C=(5J^*RwmLmrSUVhx9>fCkPBBTG2n}>I@{x;n;RsTPjFO@8yI{k
z-qZ3O{^>2&<HnYl#ae8Nv|@uR$@7vl2EC8EOy5f+d9YmQPZ=%VHYQFYdLl&b3BD<o
zfLpR!FrjU5((Jq^eg$drYFhB{6PZu9ZTH!YAXAI-yhoJPm3`z~0q>4+v9rb79K#__
zWyHbesSy{!sZ}aMQ`yhXOjxtC&tE6{sS${)S{EHn2T{Mrf*aD*lO}n#PsFTFVEG6b
zIZjE5EOM@y2rFKKkv=@HDUs<0I>G_B*pjuUnqS!Pr|$yp<69QE-hKkxQ3wRWt0g14
z5FWZPGXeH)k$n}|34sjS`St4NG*!9Q>CZ%4qNGy6PeVO9V8b7dl(~7Lc;!w!1@(3C
zeWJ#aYWso+E=!d-Mn*tqOj7))MVF+b5hU5k8Xvz_Bayxi1WXx-FLd6g12Y>Cvq3&D
zrQOH!^w9e4QJs%%56+7Vs4Rt7&e62GQbQ;YhN6-z%a<YY{Z`LwC%K8VknSN!@SsT)
zql&^as06vAp-IkXq-pOWOPIL3`cc4>XsmjAkhpl)EOz%y_1-<Vn9RUo+|F>#WN0h+
z^kVr=xgI1BF7&mxy&9SVYRGYag3!gDH}A3MF<u9fi5~B5YcZAhR<mDIY6Y@{rvF07
z-;)F})nu3%00;3nU++5GmbkLyUgHLWu)xCTGo(ILmQikJQ70lJhG?xgKxG4WH=nwz
zogy7dQAHOb={G4_UkK@^E1!ho+)&}&-Q>HgV-ST#mAaiQ?}b_+@h7w8(~1DEY>NH;
zna9cW6~CnH+tB{mxoDaMRr(lh$7ZSC(G5h%n7M>`r;FpJ1M>#b(Z08<$g_1V!qU%2
z+1Zat1|Mn#Iy6DeIw?MZSB8ogt{@ECY0#e-efx8QV$zoO?zlVl5{RMExW*VKhTtlX
z7%8&9a_B92f@@ZweQ=VniP9NhyVzt~`3t2kMT7(z>r~dKe7Y<^-3Mq~0PvjJ7Jzbs
z%o+!Q(Q0O^dD1R$0F9TIE<~v2X7kNpUY!YeL1<>7!wbR<F?nnLg_3<bHQM7eBf-(2
zM<&qk5FZFr4>$8gN%x!yzIE|8FXiHDjG_Ac4a_rA)>ly%l0||O^*bN#agxVt-9LW;
zEEIlz0ct2H*<H!)sH%kL`ZCa89eDFeddO)>#BkTcBS=r2Bgyr5m^#)zYwyZ>@A=t=
z-mK5#FP!|-v&Szh@dV@bo03D*%ep%k4SIV@mTW!XeIg28m43KPZ>;T5jKVjo-}Kse
z^a?7yh>KrHakS;aIUvQvP&lO0)1}fwNRGX{(Rj0ilnNdKF(KP4pwsLP8MDuAVjkcW
z9ts9Oc!3BS!d#vE`gsc<S?zK!<mbDKPxr13^;c`a4_twbJNh|Q3fg+awPR%_(n{-?
zk%h_NJgoHEGxwg7zNerajcuoxI}#T*KWDM>w4rms$kAyYs+Q8wVtFm;^(^!O^&&lL
zA!Xl9_25L(aDvoF)v>ptJ+`FNPd6;>TKw|(FfB>Wb$c3*4sG>)VD;cTT`$T|#iqSZ
zg;Q;x%VM($3@<Cx+0w*H*yOfdf=A~uY_4k-eIVRs=8_q!LFa^rFYSI`|4VxJh)=ZE
z!AeovZt}TW;vfwqsy}%W*9Naw8FQE{vWRFpEoX8iWXPi{JwoTHid;r%t+)X&(5gra
zwv!xV740WlpN<|$7`2ZLxkk(ZW#cAQ8;-`gvqibgG%Jq%c;DF`QFOh>4DTu*;9gNp
zjcspmAP|MCVEfOUiH`^9U7EDdQ!*Bh@-u%-^I{Jln(xa@vT0WB=rXsXSH|}+ERE=p
zfe{^3FLmFkBAEwIS`nvMR0ZGK7+XG!2f<%>p?*&&N2S3vFeZBuom<mHIrqRlLz3mu
zDH{PVIaf84x;d=5jrx#xvxhyQ(<I7tG49?vdJ;xIyCK~30q_~lREBj@RPhukQ7JX!
z2zsOiE<yDg$1KGQ)DC1x!rls?k|#|m)6vX~u^J;rPKw$a=nZPi4DgDLek`8~qfeLL
zhKn#nKy6J*upEa$ePjaKtM?v)#0_b@N0pi6t)0MDM7!B9M#kec)Tt82QG;&`tY;C<
z3jNGkVJ}=ct}XMSkjmSqzTiiZcVnP9?=7D&)xOF`jdru7O{+Hsqt$R~UJITH`bd0F
z3=tV&kjp&`X+VXcG{7HDePYI+eh<@6(2?0XnbL{q){^TUUB`LYdnD0!DlG6uLGadJ
zVcOjgbUmA=p}mBZ>RJ`Gk)DOEVWp$V{PS&=PNJgV^`Nse8>#biK#XK~7Fv|D^3HZz
z+p1k1jV0Fj^jgHN&Fb2)M7Pxf<kAiWgD(!bFEOCn3PgZY%&9%UP<x-wKTEEak3iQ8
zKn&kGTw%}U)@<NVoIeHLm%P>R)b%3rX~()lg|^sp5^-90q$FKQ7rSc}i&M5o_j|K&
z4}xW_1JE5`za=A_D9PO&W&;gi^L<7&6h~z5QRj<C1&SWcPjB*tBk}f10Qx>^FWY6u
zzzZ{vdYQpQoIVbFpSXSYfZggw2Qd=rI=*NyI80+gX3>#()fm~74{_UjcGpr2mzH4j
z6mOuJ6YjPsY^KaI>>wWsKbumm&Y#G&4?Vh)J8bPiOn8u+$I=b4ERtce@MZ_c`JtQF
zj?A4`)nIAd8zkx#W{7NX6Rwb<6f?rPL0W_KJ)}ik)LFQRFXX;2iVwA<r{gvRYgn<y
zvaXRJ1>~9dR=VGe`i;Nk7%qrxk{33t^|))TTvC&JYtpCQio9sv6|B<h(rnyc*bR=1
z%-CRPxz)a8KbokQ8gntXkh<P$Sm1p`ZKnp?N5-4SA%k?Syl4++50SeK;e`RlOKWQf
zTVaf`Dg!!#67?_azHgAya(Sx9v~bRd&9px0<S*Zjf(NFgt-uw9XmMAj#kFcDn?8j_
zfQRw`uc=(nTb}?Ox^3dC>kwd*Fp!_<InpyI8e}P5tcG@(1{JD{)254E14~*}L&xqo
z^{BSF=#Gd2H&j>8%QmO?3I)qZ638Y<Aj=Yr^J%OdL`^}7e4+P!wKP;)T%cM^>(m%?
zSJiXk+_!riWO&@9DSg(vAl2!Nil918OK8Omb54lB7BQz|&k=Tqm2>)KMI0+U&7U0>
zcu%VYnKI_R%?)lNpu(ro)KtL+I*^P-LB#zKlS2ef;W#Qp^adW(m0X-b1S6Nbz4je7
z>ub5-iKKX#QGon?=X~FHPP$1(oT?;a!WO0wgv-@<e!zrKrt^61Js(t$1Z6iX9en*x
z2R1XbQ2+$l@NCBOA;#IH^mFd!RU>Y|tKV}LacvHSfu&hd$PLjg0Fo24Hw~*ZP=Z_`
zzDi0!>Nk6RpvUeuI%Nrov+$}pqGp3eYYhWlMy6Fz?OXx@AC4F3eIochImqC%my%gB
z^oX)k_c@}QGp7<#4Gmo26HK)kbDitJxgEh`xo3;B<>^_kqD!p|(4w34L^#(<G(w{n
z1<QZWs+>OMV)lv&A;1CW-ZXccY`i?>JDom(8bVkpl`EFT+T7U@QJ^g*b}&+)aDL%5
zX7%`OJhT`{-bIk$CxNhw)BS~Ed`}aGH5L!=;T*h|6lCdlBK7L2HS>VSLAYm<@KC&*
zsVOF5XqZRfg)k8kPJGaCVEoh{fX-Q*L4+He)(I10`fn7uY{Kstg^GY)=DbU&2h;j!
z{n0#O2HD;tbFsJVibltc`u6QrG=*RiUmK5eqt*+6tDxNSy#+1t3-s!j&v9Q9e{~Z1
zzP_GV>tC(0X^I}S_@pD|u;}Rncb>GE*b!24iRnpiZl(n(;0b?+Sucr!9%X5n535g0
zX5#Ab3m;)NTz>_P^XjK3ZV9N>nNm_<ABpE^q@yMjcr4VscfL~g`V^{HpYdA>7w#?}
z2<)L{zJN?nzOs1KC!sP=f&lQn#smk<8jXyEc=?6n_q}$5G}jCAbcNA$>aLqo%e}S6
zR4zD%2hH=(Q}#F$8C!7~8~0Jq<-K~-vtp5KivoMKCn8d>vFpL(7-vbNw{*F`Z*{Q5
zqX3nUP|jim;91q}2+Y~&nug#T3(Xr;o!w6N8thugYomO)z-URtL{jg>oz95!x{~v(
zpV*d=#M4P_;VSq-^83Pzx?Vhf;l5D?Z#FvgNXZ<r!?^dQP-s0f>g3(qa!3`bIl}v^
zD2{20_~ML*gNsINB7wrrl8)A*Z<6DZgXb_C;1`z8KnO~RHW|TWD}-Ym$czMD#|Ifk
zscj<L`P38|!k-)70vo*)yps2@xo3FjU1B+s3BqVT>Ra>zUx&~g1KMNmPb@$C%=M$U
zTV#!%hz)ogEh6J(o(@v(Q;E}*k9K6KVcXd5)Qg_zIBdBrqT##b^Ub;n(BVc4eO>Ql
zO^c$@ROZhUu$Jxmr!qU^KuasK{7m~DPpz7b)GJ2dN38EXe{I$?-ZG<&33Z0nrt3Tz
zMfG-WUpF#0Ub}MWdUM7;x)}n&xX#1~4fMD#G{3LNS<BC;<gJnMtEsdJ6gSqVj|BT2
zVKHA-2aR2JBul?#Cb|P0Vu!BGx93-2Lzsl*Wfdo-6UT3nkE89bX^r-oyGumn?;PH9
zrf6p|>CdD%-xM-vN9Va6=DKW$8KDP_FTudd+jiQugrh+_!c@%d@ks60Cx9_l4rcG!
z-U82_5I7*DC$7IQJm2@-SuYM!<*4(8k8xDIH@bH`DO;6dYZLuY!jlU2vBPoSt7oxI
z{CoiAZk0sISP)TOULV)1R|hfL&)&NkIHfTGi+K+Ww0=)EQQn4+(BWXmg(XS{U2{Ro
ztZ2%b7Y|f9XpOmS_in5a&r%y&49Ga~_%<;iC<f5l@?8R;Nl8|kx?*+Ou7f`D`a)Fb
zTcPb{%AJdy;Wge;PMwwVvYpBG+%^;e$#dVVdUnX1EK@Wq7+MX#IMQ+>A%8)g*72Ge
z7xzTV-c+eHWwT&7-W212wpqTP2`S4sAx$d68g`v2nt62(*<-^A4bj!kO!6oMZRf7`
zAq=qL<JQM`v%}-PMh>pcg0%4t*emF933NHZG`%OnGJ#*1e&4p^opt(R$|HWQBiwEL
zs(2U$+AF=~++nkPNNxw&f-?+oYnebG$o0ne5p6I|M2AnlIa`C=_pGwK?<R<y#?#Cc
zk|eI*)foMJ`+F}-d(xf5C=z%9z@I9-LObA=k+E&!e$Hx;$cre(jT`(dmA5rgvWk#F
zF4$>%GP7D;;DY?Yx}N*J$-184ZumsiKf65FkRzV%Q0c+DV-LyR9jiT`o+n#KXo1xj
zFX0@NK<lo#f*hNQ!3)zUdI20UW*AgA*gSi>1u{IHmcZB@ptNUd<u){4j{eN^$&2a*
zqm7SuW6?G@C>SbiRRLJEjB~4G)B$7$2kgarg2@I#XT@;`42`)sw%2c=S=F{IO<T#f
z@v*#qr)i-}tzWpBe&V`2(UoYC0I^NmBH(5`!ywPB6VX;jG*-3b^tD#&bHHAb^hdAv
zCFzJsdFmCy=I{+h(9X<m)7BaaOoyLxPBXFXiB%wnWqSV1rOILti|tf<r1wn?o_Tgp
zfL$m)T{9@+fTwvC=okp4NCT_l5AR&nL3hWwIoAN`T4WzJ-*vPu4{$HJ!FzNRob}nQ
zzAx^TQfejJoP3u{jWOeBnzU!q&=bH$GEX|X3?MQ98VWisDbz9~SDiFcr_P^hTdBX7
zI0~Mvif4NVAneP;Q*zY$UYQro^I1&r%%5(c6p@5oSd0g$TWaGpZ;hQ^0CJghRM*RQ
z`!Ikt6&|M{@J45p4T(vhS-;W;fNTcAeH_QqQK%%Xj=>t2Y;yTxzOaq&o6TO5W{Vo5
z+H`i7D+JSyBAv?Ji*mS(T$QJ?B9FS1z+?_va^+p+n{u#Pk^%!@-b*5`87Um@c&&>8
z(LkjH^9qYoJ8p;G7}yJipB)VBAkm-kt9(^Pc&uZE#m=X75j}Dy@o@X_j*3YRI4=wa
zr|^I!ObiHuPa;hb>OkHg0owK`!XNYpidpzV&&~DAYxVo8Uv(4AgEv+u@v`k63z<!$
zjgO?1?;GR^9Xfq$hFLX&De1Xs4{N(?rqHZ<6NDab4FLDe=DJyTzR7qBQfe9)7~=)Z
zXEyAw6HtO1>*tgeU{GGTOw@fb%3wQ<c+GE--Cn;in~YOn8PLnqXJcn0ubc!*9@={p
zp4szS-b6jD2QD)#{Q~nTj=-y_N7qOP+@JV<Z}R}mBjSder97|hfoj(*vv?q@99)|;
zl55YnUkYAUyo>VLvyN<WN}1{jakRX$!Fqnm25&K%D)Y_pvwJ=-brcwooA_`;5l2F{
zvf28l_cmWGlZd`2lk*t*P;QYPmu9`kFLs-15t$0qVP)r_z)R#XYoGDsXjw1;WQtG>
zxj}*^wF(62XJ%H+flS-{y8TnZ_}SI;A;@;RvY<4<T3=;CLb*f0Q`C2CZ#1x{Mg=@G
ztI;tovi+4%<uw-ETF+FAyi)K6Y!7&?8sk%pnh?VIT77$&-nQh6yD5pp8chnyg#C$e
zF0YFA#hXIN<wh4)N>!5H7G9`)(>AE!$w$}8{f_ZGZm~dbqm!R3pKPclZ}n+nqAool
z9O<V46Qz%ybGD_2eql_X{cWDgt0nh}<1)mi0RogTPwy6ch9l~b5R@tW&e*68do#;O
zlAZfq-y5IJ6#FY>LG&0Y6u0}LTn}G3R!Z$?mehOUi>K|>+PQj-&z}^x|Lk-*>1*E0
ztMi^!QrYx{8~Uxy<6<9mL|ZY7e7G}yX@ud+#f=Sw5+v0z0Cq#oB0Hn%2~D;KcOGZj
z=fcYKI(7l@3uXT7bVw5%&)pd$J9Jf!>R_?Zo1z15V+`Mn#Hrv3m3uLOx41tRc@C<Z
zbp09u5xoPCNkoZW%7a<mo2gC;-NP#Yet1%Vw|$LIYl;MmYjQ-ihkj0NqA`)+a|Hlc
zYsm4SpT0(nlYEU8cVXicHt^btrk6(j<u2-b+)OJ~#3I?A%t|i?D|55n)xgUNr_n<5
z8AvIq_Ai{@XU}uPgt3%kZJxxrUa{=)EPrlI_AZB6tC4MM^zNy6$+O1k%ThUD%M?GB
zJ=DB=S!-6Qcq&eMR;!LBr6Y-(4lYZ%(Ib5jfo`6RSn?uuG>;g5A&vZaxd)ZT!u2s$
z)~d2|`2z}7(ZFTxys)0^MB9xG8+!yelukZI8&@^5V9q!J2eEnFu3UpaJ%u}4?K$Ep
zyuF`D`}gJ>>fP<Vd1BROh<7j3h!{Ib^0a6P^t{d`#!b9D(t21CWQv4+Kqs9mM^2S1
z5mQc2@rd<C&PTXqJr13dds|UTpsm$$&3F*v&R$?iHxY%l{KC2_0jD-Y6)u``>^+52
zOQ-k10JkCpAK&%a<5w~?`<A7hx=n1(Oy?;^%=j9M<QCqebU!_)61X9bHui87-8WP9
znKVQ{u{QEqr7>|)0qECe`N$Qi$Kf4A^C1lD6=Ae=LMDTeW?{g}@sY)XF^}0AsWn<H
z*$}EgM!vyiI(?yJ%088oVL)x23``n3_yAwgai5pR+iVwkKRtxhtLZHT2hAj^Sy^%~
zBVxpRPJ>oC*eH<gE{8+W46b6War4f4CDaDqbypBfb^#3ZLI~?_P^#+dB3KQY!0~To
z>t{z)ettx;RyfCH25lzqt)S|HqYGSOYrCVyl)X0HM_b{1*+r%~nlN~2B`~~PdOa4g
z9rg@@AT4X>*^v94J1@OX!nSijt>CJtSTL`tFyNsw$5Pav31l02Ip9*|rV&BjGIgBP
z$?Aq(HNPeY4}N+_G+|1$b(;7t?V@Q_9}n)>wg$<-B|-Q(z5wx!7@!>KQmofqsZZ?-
zZ~N?xuaN9!W!9Jz)uG7(SXs$dIop#D>lxUDQ|Bg$tH?wh`g!E7JS2Ngm4FNGPb6Nc
zA%iB6bfmPDUT{Hj2+_2gJ+@kDdaPZ?0KJx__AK~aUo+%pp8m{yH<HY6UfD$(rB5LR
zb^Bq|Q39Makv1wTJqLP5+~uZVkfCDtJc|qG5d{I2Rkc14&gac{TESU}NqJ0cM%d8}
z@rAg5c1iH3cmUdWuUlW4P=^?~tt4D#HAqL@c?|JQ01eY?ivX_Y*X8H;3h?;P(4Mmd
z56J-lyK4AJ&e~<phN9fGz%ZH1rr^Brc>AO>dD_61=&5__126SL{5g%IwnJCe4p<8u
zHI|z7;}x3qK{UaYw-UP0@QR%+ZTV%~$<T(cwKzJtMWgt$L7!gt%>ZDw>h~OxHoO-R
z-3eO!6LbG`6>mTH7lj0?3mu`6;;MNPm`+ha$J`V7k})*I5})@AWM5o5X;X~Uk)5rL
zknC~X_Nr*B=<8JT0msc)k~A5PDR_%M&m;(XoxI|$5j{M5Q%3T%SSVqCdU?KexpRF^
zjnJBz)fOqnUFVUIL52upB1cq0QDc34+O1vTiYpK*Mvv0GpdruvE-b4X)7hO2M%#yh
z=1E7T_=ER_dVF@y@)3PTA#WM4<SqGi+T-&#KF!YqyF_2>EAX>2RMy!VeVw>dQ)$=I
zybs_-Z#Y$@w=Ebj@LOhNe;TqeYg&Tvj;{I%%XaNnGgp%x#i5@b**XvxT$P?E|Gt@q
z<(1iRoCmyIPeF>bnfC3Vfb0h>x>&+9Aa-fuuaYq@FZQHV48pDvWiy%Ac9wMpz?nwP
zwg#;E6&S9uILvT<;BN3f9cIL{RprtjKU#&}+hr`wx7kw=bVxMU>I?y9xr4_m<R|7X
zu^an(uU;DY##5#jWThrO?_RdQ(>KMFed_{^GwAkS+w1L~xP8-v4_pxZ9=y%c@q0og
z?@>PceF-SKmdM9Rs@g%I6^!;Q$YoWb)S&ec@ghP**HLg`%Ll32sUvNz_<Z!(DSblC
zWb>h&$-5Jw#mXkbs{yA6hvoW(Jbq7_CbBfNGT2yvqEEDh!-Vf1stV3~8oq7-G<}NG
zmsD?!j`U6BNZ=ga>{>l6+5#ZwmfR|Sh)i5+w3+y%1xe85PxWxj;_wQHNlIr^MS+iB
z+#4A$bDH6&(ft#9NHxy$w=~3P<&bV%x9mkiZe-xao);CO%OWqErkBpF9YumCA{f>(
zRkg)R!Wax`rC&yg`HP(yLrOM>2U|{W{0n=6Pq#sbSxiMl#9b4AmDI0*K*D>(Ubfjj
zc<aK0k_gy(lC;teI5sZRA>^9q@Y)Tk;s9>mbOC2NlamRGJH~X5k?`^I5L<4hg$1dn
zOkry;c*eFhiG?}0=QUp7?@J91KYj9)w`zi^jbZ-)Z3NGBb+9Qlmjmh7>u|izK<Bns
z-Gy21Z%GcPN1n^DivUH)TGrAYV*M#%fpu&vxZZJmqW{@p`&gX2=H_)Z8Yma8O+W!1
ztS;?>T*R0yy%hxx5|(|oAYg`K7wX9JUZTO%z<04%`b;T_`z&AF3MJ%gz*dI7bt5as
ztBCZtvu?!c6f_30g@;ytYZ-f$Iw370_j7JKvCBY7b6W1!aFj~IxJQ}PMAT!)5QmWG
zkJ(@GaByTo1<iyQs%u*)E@<7Zqa)e1lpIs5-OHprgn5_jr?LU_g+J@3=NnxE@q@hx
zM5!F33u?f94Z#%>aoX2Uy4Yb?UAtrpFxEk{qDEwuUlu~9QidROgBtbl&Xjnx%~7dc
z4>QFn7Up{ox6>_|+fQWjT~&_sQIU|9Z#Y*mCSA_93GvStAjnRgELQ~OAsN$PZ`AGR
zm}T?Cp6IYxs>_}UO-i7>;UkXBSa^qzkbUAI7h%9tmAyAdr@X3MFMyp@;W?f;D}6EW
zKD(~zZeNI|kiIxK6LNey%REOfdK_R0o#FoYJvfri7?lS%`#^z-VLR0n4w0knNPV`F
zKtUOIGpO+HKrZ-3#OP`%#A17%S9AJk)7DEZ(q$iQxjJfacrSPJ8KfT_{hY0cGhf+j
zdF%HCKwfFqRO@N;zQ?M0y$unCB4#oR59+w0XQ15VVqU;yYP>`5uDfmRESnWeiEU*v
zdXOzKN+VE&{l$UMCkHtVr5e17O&Uk$tMOh+(l`Tz<30eQbB=6%kKO9B16)-AT$*}X
zTyFDO#n1|kN>WjzO|!uR+>=q5fg!wDs({N448|yY<t?I8@Q8b_oNVNffEg%b0EPI4
z=bJ)cdq2HML3$fCEz^sH<XK!dQpiIr%@CSiV(!Rp7abk64oB)BKyv};0U$4l@BxFT
zttovRzKh#obAe9He4VcP%oW`}JF$Lt;>EkmaMJGea;^SDz~b%me%f<v1juJj+dH^y
zP8wykR8}X*_8^E9bCF=3s8(H$*3wz^RbMUptt<1<TV=jm4EM!q$v%k`H?T;t41}6g
z0EKlaIVn9eJrD}znCRYDKNC?)3h9_Q>O3srI@DM2)E3GiBm50I!%oG#INRp!+bh7N
zc6te?PfR%TDUYaikvZjcQBe~DZK}Q&jqtMoC1t(FPaeLf-nhuBRFR-vz^OOALQ`1*
z1%3?=gB8evcHd-@GBA$>IEq_ARPBp_dePw|L*x&N?qs3`MJ`OvkDAsppiPGMrNe_;
zj#IA6s|P%><lS7Z3vW4IM#nm+)Ns38#zC70D!|W)j5y+9G9o}07QH+gyghs|l?;F&
z$yi3|M`+8S2?{hu)IAcM#H+$FybnXt7O4{>mnzrGIpQp11g01Wb;J0m?u!Zg?9S|o
zkSx?GxpV1@(fZ77e4{x{rjE<iUR@SN$<#GUDi6Zts`g;&>d+G!5ev1=9FKe*{$7|{
zK{4v<lrppoK6+bF0@_;!UDf4dRFp;$d;yU;K?m<Glq7XzM;B^BC!OQH_{GI&77Wxw
z9jt2qGpBF?aWTaTG?P?du)ORuh{v}ju44A56qz=KtmsQMYAq3=OtreigVEHB$Hjrv
zL{YwgA`S4_r~P}wJl?wRMK!YWJ4CS;P0t&x2cMS_iX}B$orlJzbG^|@Z`dV6Z1P>i
z7jlo`g@g)0?_&jc1*D~oXB1S?kF`LgtBgh%#uWz1G*N(3@WFEP$;)6>-Zun0+e}0L
zmPGWO(hHFi`uQ>%lKcs<dXqaKFKr=)u6Qu_g1APP$R*XJ;=}}<a|Q59%q&!pb?Q_<
zJ;|djTX)8FRd@Hg&8K62Z^)jbk0{e;uL$~NW3Q|8o?s)z)B;rW9yHsF;oX>rZ8ZXr
zvk!V&Wp=76r`#o_@D)=+!+@KU5a2Q}xu-Gvqf1+fXlTK=V16L&gl+j=cmehUVA?oz
zqr?u9OSE1RUJsUi&230d^r*{Fi@>A1@fRQF1W5p*bM|mC?%tq)DnIu=*9%q_-iRfs
zU?MmnhPrBGR<0*LIu&#=gg6GmN(E?6+lZchD_ps+HJjR21`zS;gAa$#-u;+c7#JCq
zUIP%0t0#k#Jd^c-8U~>RB6Q&Jd!6qQS2*D-t<7x0b_Yvp=JO7&c~lV8jRo2}$3$;r
z2e&EA-+S+f7Cc2V#pO{6y#ngtk&)8?%Ui>iv8P1zk}oD!cx}O-PFKC&UyMNb%g5xJ
z+(mRHapn$-_?CD%hYRL0kQ|5GK&D>$3a^6dIovZ1dN@6x^cdSt4XMRim&s&@kE$hb
zN~Z}{Y9WL_8Tstu>BbAK)~OtSzM{?mewL|BZ(dl4z()0gzD``c3QLB<XG!n)RJ9?E
z#*m-ytO54Xpe>Pb^Bdge(q~h>N9Pvzw%oCwGn56gc?aN@k!(t%5u>(_f-dCQ+?%sA
z-51cqP*gehME&=)oyq_&>{P%ddh9*5aF-r=Y^krCLs9Ha_o^%^qM~M87zP{%GE@o^
z#H&$y`Uc8Nh{BROnk<SsT%p0J=e_qLqvyUj!S87sG|)=l#q=Bwjaz#v8kfFPaYOZW
zxJ-w08h@w2fGdj2NE27RO2?6U^-LFVgXBo7J8)JB--}umcrEapA#*t%gtlLs##2EM
zWR-cl0R{-T9i<MgN1J}0W#x#Qo)i2=I!dV(@|pegt|bt1e}hQG?qChn$U^UrXjuM(
zTAVALcgPs~)DOhSl#I#)(-eEQbv%cbk9l2lV<L&4I#sWwu%i--1`YK&;TJ3P+1U@d
z!>EP2xclXsBk!=IImBM@C`Wm!weGG=kGB}TDW@<WS{K4Y2A6PoXapEmQP?Gw#OO65
z_6Fw&?d9QffB2#@itarfg_xrUz04vJAy&Ta;HDD^F1g?@z^Ww_i=a+UJH<yPi#?})
z@p7kW1ACiKRt~bd(D-_(*0h8Mj;~ocZyAR$o{>Eo;}z{)$_mVQ^N?BkU6ORo=+<C@
zo3eE#2}F!!jDiODDOG&&!k;~US<GQ8EF$N%nXt^8DRu5+-eWaGVY0s0FU5DFYkKCn
zo@$%}dW^itV11WPDVRbkZ`%l~II}{gw_duY=4G&xP6e@`ZIB=H@>ROPJW+)`=L$E?
z?!2Uoa7&U`$kw{}APF^a5i}mMKmWzdL+1-MiM0kLKe~1d3$k~Q5HTOu$W*bqR1q4y
zUM<++L4C7*<jEO<#lVYW<+@a8Qt1&-(uLkd2csWSp+e%m`Ft_&v)k+22Eq<;S-`v1
zVXP9E_u8T~g2zbBQF-dwi)RVKYELl+#Q`;^=<!MW2xJDGKo;wY#T`vnnL|<u1shBz
zMG#nD^$ceu34jhpzr$PReTAFbj56N3i)#!@e1q}OO)BVZiH#04?etso(O=xegVuw}
zKE!<mPwp`R@VN(>8^lHP_&$P;L_?7iTQeP_dJI~XFXxQVz)$y{*n2PQ&mq}p2`ua3
z$eyISQ0zdF_9r)=eP2ReWeHLrlZ|T0#8D_ZfWre)dO4=#0$L)no6b(6#Ps@}&{e)9
zWSHeel|gjIB!h{ruwHK(rVKrSF;sx6*GcMq;TtgeLJLwABPG3+r*u3)`OUSqZTn_4
zfR^?XJuHGAj5WtRf+sKA{pUoFMhC49jKC%+8i);6=okkTgY*R7HZ_|-7cEDSCV4((
z&9d$3nHbGb7}R!sGvcC8#_jM)OEC&N9*e5zDB5k<e6b_n34kXqsHjE7AX3zgUP9gl
zoF6~C#|6af7cYT#m{yNjRqw=sCSN<&^uoZpHoUxfJ5ASK4<9y#N$G(pM`6V4FrLWB
z>*a}I6;}e_7cR(kiK;_Nv5arR-a}O@0DJh>IL2=4;Fg=I(K69JU7deB8%$-&@)JIq
zyk2CP27E_;bsF6MwrpN)mqYRt)1s~iC>7sHG|tUsF^#_=Ab-k~lx^qdKCcXj&n=#E
zCHkGpcWTz}EWo&4?_xm-M;M1F*`Zb@vPSfBTexdD3NMQoHr3GId$3YCC{L`0<U|SH
zWuRR?U)2EAuIG(+jf?w)>=oBDwpf6C?2r3g0aHZqA#NiH@JePs9#_-EA`08K1P7S9
zU3e6<!FGfVAcyu4pD{fAnF@jvB2c0^6s=4O-ABl--xRrZ)w`Lgl$<wRukZRzOPEqs
zKTPrAH22L#q1*&|)vx;<#kG}Zse?+Yt3bjlK}XLohU|M+FTTmQY3yM<1?9E25>d7H
z1cQx7SEt7?WYb-)BXB&_lp@F^ni2wl0_h5Tp-am2UZ7HLd7oRMQ6J}E013}2(wP+=
zv@k7~Tt_qw<N2uoqJ|{6CCl#HU0LSWtTDbTLvb47DC4S=5p#SN4}QKPkktr(yAhdG
z?SkN(`QEPR?Vf8tad%hyvomN*hZo?GYc5{FjS<4>j<wRjTI09QO5U`b8Nrd{UN8Gq
zlbbeOefA*#-Ue9fLQ~m`=T9XFUESdwoYe@-FtIpKo4<?j4DP|s*ShC#9!@(p^@HPA
zQoEYLu2x)A2_V#R606557U<1RYlg#&5J=SRRj|0i{gwy09{0W%1}6&*7DG8UmMkxN
zOiZB(t5E7a6OVOWAJf8(-ub;lTcYD7;U-aTX5rP~p^;RX*2<=?p7edZF8(gY1y_OQ
zvAtk@z&GlCfGo?(vknnQFJ=f^Q9~Lbnruhz-D`C4x=)t;)9W-KktyqGk?&mUvmocu
z_ujH$>ytq6yoqL+8e&-}ExmjFHpSOOUJU>}g~wck`Z@*I)z9MDAHXmcv@h$RR_+P7
zaQB08c`ileF1E>7vZ?#JFX=dKkJ$lK$Hv3rCR@=nhsV}kXY(C^<h~q`70};X0~~bL
zeoM_;WN9y>M*$l2abQjC%#)`t#X``j-QwBvO2OnOt(Qv`cw*uYaNj+$5h!)1!Z`@D
zFm391OpO`Exxk-1#b;&^AI*qred129NHkE*ApN1i10(G2n^zW_Jzgrwrq(N!w)PNS
zhfB6-d3WU2px)NJo|K$IhJrg{if$i8+`>26q@HxK%G?pN%n^2*4_hd$Ws%WFN+x$$
zw$esYVV?|M+GbX>oHP|A9I*v4hA<QL+h0s|!7w)(x2aSm8@>_E*Z2HJnIOws7;P;J
z^XW6nD-$KA9<mdB#?u!yHrbeIry4AL<HtibXv4R>#q8>)+sU3TA4~;&ria?g5_=pv
zc3x^AOCu#-)Ywi?MQ{0D<?{Mf59`z!zg>JQqgi2;JHzsTSf1)Si3{w$7NpIvkgOZ#
zV}^+vJBwASD&^EomsynB+)X_nf|ukW3KC1oG>EP^SFkG8VA-B1!R{l?WVS>`uBUP*
zD<!#&Kiy9(a-dD10vFV<$_}1W3Wl=`isWLxsUSpJ)vG~qXIW?fNkF#0ilsxM^p@Ac
za6!s^x@|>7o!mQ5>XjtDM>-KL(O9YwUtHm5j_?)7_bvl1MqQt|67@cTw&$eKA%m5V
z%P&eIYdd{{pZlcoQ{H=k;q?af3JMI20QuR1fZkyYU~R%ZD$k2GOgyYXb#nxbdBf~C
zdjNG0<Ej7{80XaRUb2OS=sOK^nvGU@VE$|dCIuu5^<e|epBIkv3;#LQsz<x|c)r&b
zn+IYs9on#VYs35kPa+k>Ygb|Ml>=zaX(|{Ll@3?wSTlC#LTo?axfe4?l}7Etl)lfj
zUOkj?)=#$RGf|XCBWx~gtG`Aa<fnWT6j(>vPD_{Yh%%xLr(PbunP@xaofNt;9zg4c
zqp3B1<BSL61Oqy99+TbA#W?W2^S*f&LBxf57r>YZ(xnL$m4>S;t~M?y@*=R==eT3f
z8y7dyl%ZC!GpkdB9GW8<uPl)UDfjy49JO!y#Xfv(@$!|94?*y4*3$`O!oC5I!W-`r
zly|)RNS~Y%a|WSK!8>qR$@4<dHK!cZg+dv}hsJAueX`c)n}YYr*Jrk%-AxTXak;mn
zr|16X-uo;yz;k=7AH}}feh0HS&<W^#Nq`Am_);j!#<F4cP8BSf9`D8#V)gM7!@D)P
z>zUD(rlov6Pfoc*X#hc=fcUVA;e(etRPWw1k;iXLBYd47L^FY8qM}T_2VzqZNQ^^W
zkCdL+J9+YpF>1djdI5og)_ECoI1sx^xN}?70FxE(vB*f!+$55pvk|$NFNeyosfEOF
z&+J<(wFRPwN8a+#mU+|Oasbl>`{oy8{FyQ)3vn6>o=w3cNO3vQel)>oB1$gw$X~>%
zCQLcvALLnd)^oRm@_6OS2oXx3x>j4MyQQ$_yw@ObxQ~>v`fYp0QNlA+9w$on@YsEs
z1z4}~P_aO1+_<nW+5LtA1>Y$VJrt{`y+_<;&SjbH!!Rm6Sd~8N(KNp}<6QIyl=F}{
z4|81o2}oc+J=MoJk0>c7nC9Z;MHVlKo`Z@>@fHldoi<@Kk_Be<XGJT9xvEx*kues@
zi|X+_Pv(oW_n9{yZA8*J<Sr}#l10+vcgDDY!!O?}Oh-T?4Z;QqXoh1X*m4GmW0LiF
zDcK=0orb+c_$(q&AH8*nAsh2}Y!yRB59+*Gaw@O4n~CaqCV><MhtjyX3T0*2h<o*E
zSF`&-1lK6hh3?2xd`(iCktt;2v6**$XftO&d)e_K#VfUO6I8i@n0di7B0+Cs$yYcp
zY0@E3$41^_G#UsJj-svbiEiaHwb942;d;Bd6)M{=L~po(W|7>lS{1)olh5SA9rg4H
zG#quVFFWyhO+7L@#<KT%X$uYH)lBQ$vF6#mxbh?>=;oU9g``c298Qs0M3o_ooSi8_
z6B1q;d>$L6Hv_cPJe;rOjlyz1V}8vR$SoSe=BXMRWi;DNdGh#O@I6J-t%LXanZKvj
z2Jj398tOrNf_poP<IfC|$sAs7lUwhII(0DE3R)p7U*wcdHSjf@5NYarM`#pUCt}Y?
zqg?UYil|ybw3o*x$v2K<yh9?YRk#Osp<U=1fAOa9>5#Z8ugtno<fP5QF!jyF%J6H_
z<j&Ey(_(<(m@Nzhh^K)$nGjO@DrH<XAj9;LE6a$G9&bE7o93D~)#eegD*PUzTRL9k
z^hk2ck-Tar(E=1dd1^e}NKB_2=v&v?g1u^+TkvS&#CH4DZ6GXa<e3-GJ|AS8dq@7@
z7js@+wX9RiAXg>gn@^2!NM<dw%)?il*K3Z{0Er&Ewa{yIekM(i+GZg@!SfxODi5KN
z>BYN;?iG&`7&uCneKhx*xz9ABq^I8KsgWuHD3Q@mYk@~XMZ=FKn`h0U{11=lN4Ri=
z6(Wh+hSIo=OVrC-`lP(xk@6|1!X^WGIPTVHdvmfHxs(RB?~2BIX+2125w<wdgi27t
zT2mvl9wc{$v#nPRs`Rq72$v}wc{X5h#b~ZP5*-PePeEB^NPZ?sbDHZc6<AB3+(<y^
z0-zaS<GLC~dUhGE;HG1DH#B0+B1a&vi}tpjw7B7szk6ChV&VK=vSI9H@f#Ernt`g;
z{^HK`lRLrGEACegZLQu4h-$J5@wP;>POcfmnBG?FGjkG9yg0J8jHk?5gO?JX_H<v0
zS?3A87TQL0e})%S-fTx~A)Oc_67!yR7HU^dZ$MdGB9Qj3S>4OR65y7K*F>T@CdHer
zH!@wJ+4%}MonKwOjl6L0?K;Ypu&#ix`2F(ojj-=~u~fWuk$LSt6f5{DVW@qU4D|T)
zQj+>z$jOvcmPBJ}H0nN=NDO1hDq5`rMWOd(Cmoh+rB{W3cvEa;zu5E7gyNY8M%U{}
z6IzW>+=1;7yTM>|MIfDa2wCH_Jx+b_ps@PICi0+*IZDGunBy$xRLOhXi|t`6g6_R}
zM3@=ssO+;KxmZjT?Dw>K1?6#xZBM->RWc%pK?|Qnt_@g(y=@w>=Wn72ligq`GZwT7
zGijis?-77QI%MGNqTWyEG^U})hsFHj0$}bjs6<6p>_nWB=CE`T_$#qdSV^g8gq%aj
zF46NK^tB|ZHL(sXJE{rEnfa<M+q_faboYnk`<XD~Gph(+px*!#8eomUJMY<a;OtJq
zZ1fg=SpiLnHYq`EqoMAn;vgm*B7*BZ%nP>%-l;oJ+~*BGDBkxPm{?>ETNp*(*ga=4
zVSbOFq?+R*_Q*m=8PCZ%wdZmUfSU!YhpOSmvu>fKqL`kiJOK$EL4o9xL{yT5_ynpN
z7U(@+`o&<_G%4ufJFC0H>wICMvaFrS>DV{=BnC*HP@KNW2X|}lQG+K6j`l9s(>i|m
z)&UU`&Tx0%8;b`(HoE~E82iFU<%2;4_>3*7Pa?`wv7~!DRxNil-m@psKFNdI+Sb-i
zX^*_3#NVab2Auj*16<Y4Q)E?LLG{U(sK+5^$<5AGT*$AkqboCHDB+fb?!9bP$1R-)
zS%HlM<a9e~fGzfvhg*)Syfuvhub!A@a>=0x!jy;To!K*Q(zJ%CO)C!XYi9vIVc%aQ
z&PteX_P!N78}c}+z1l9$Y~Sdd=a+EC2(88=RMoj#voE?NO^5l7&dmsBV-~%Q#hwln
z(3qMj9$JQif+j8A#cvWn6AUb8!Gb*FD1e^QbgMz?T%cF-x@1LQwI2y9G_Bi8JiwD}
zdV9e5T;$+H`<aG}XxbG%G!4$9#2ul)quUKRliiV*SlG0VM0$0nr<}9mFA&=>)Y7*M
zg1MSc2BkW%q)FeK5Y*x3^hSBR&lk~a@I7jH+?Ftvk}ZWJtdO}<0s1q`FlTjAq^Ci=
zzCx&d>9CIH0Jv4b+%T`gQ$va<ON1}pf$7t%Ud_1|=xBph=Ka8)jp*gMry?VJC#-}j
zYpW55)%&Co_4_T-wS?4z&{bw#;p@5f!EQ7e!^w^@fmCE3VvN|#CU*jh_j*$cb;y)4
zQ0ghh+2cuChJ*&Fn!>7L$#S7RuE=dINS|)qSj@`g9HneXZJ9NdS!y=KGL7Y%eJ||+
z>fJeIKfUxr3mYy<BP|VGo=p*k$C16u`J^cYtC?m%L<Q<+D7~yF4q8viLH&uB3?$8~
zL%{O74l><y&5?0uQ|ZTN)axl{^;$|;GEk7A3SCwsvXqD%@U6T#3uxHj%&E2ISd331
z=`+_*>6G=3tIF2KY=HxX5c(sn$+XtV$Qc6nVCuQ6Ol*8eQQb2J#~OQuFUZBkhYANp
z2Hz~*lscprkdZ$SL8pYyB@^P;9UbJ#jrForkKy%!686Xwm6N)Aio^93YaYyzWB9T$
z31B@}*qjmIAst-}X1}-aL^n1nkH^V!)#VDu(SA`W2X*!EX(04LGXd)>&G7^(2vwrU
zA~l^*gM%4*xQ_6qfGlkHHld=kY6J2;6Dwdgksv9$?&Aaic^A2U)q5tC{z)Z&MjV7G
zfhg+ftkedjT;|&6h?*2z=*t0%RXHi0kYwn2)kFLk-vb1dcpeOoyX{Cx$g$35Nk!Zt
zRFl|14q8y8>7+a3s0kl!=s?n%av7*=&m%0Ea-_-Lf!0w0mYWsvjd!HQt1~M#$l=iK
zKtW~1fLsI2<WKz79hr)`VL=~Q`ipz{JM0Ym9v9MPLY-2Yl$LVeamOAS&SIII43JW=
zO7*QurOgb(^`6~UIUUAD?Q~=JYqh9HL7PfV8IUGQlaa{iw`AXBzR$1|%x_kqBdjJB
zToEvp@twYXPyFOAo<Ix49DuI3JPYSm!Ok$ZK$FZ$XyI6=0cl*Iehy*MRSbxZgrHcs
zmHo~qlFe~xN(&txE#USApryWq6?@ON?YdUe&PiO(9`G&^@dyoDy}C#G$Q60C9*KoR
z7$sz933!?kG<K11y^TMJAF|^1FFF-Eq{-ezl<VU}SAMS=aF8qjp;lzD*7V-$1;%N~
z8)n&s#m*pPJ|0UFf*z-S0I(=~J3gMO$5^NZVb;pCSX&_9bbiL3b<YA<57gjHVd*V`
z)z_94);7cP{McNX!^2VzngbZ+MW-8}>OM1j+<moxTJMpMhq3P?J-J&)B}KMF%k4YG
zGMd_@X@XF6hrT7pxh&abFAPF=d;*IKOtZ3YL~?xIbt;4r7HCjqThvN|E}GqXJ2bSj
zU|cajn~i%sB8pv(U=<}hKM4(X8Q6(6e&I{6ymjqqVr#7f;x5B=c2uGfy<Gw%HW#8c
zKR31{dP;be82tzyw6q<2HdsAaSd*=m7_>0ibs3d!Lgh06-C!(WI&bN=BUC(b>hh~g
zx~>Q+VfA-q&xc6g0l{#ELKlvfH$QJGc^TK6M$FKZnUVCirvUn~X0-vaVmej1la~u?
zl(*6L0yy1*iWn+;L{q|EKGkM!c>Fk><Dr2VN2GFcP}Jh?bCA(qUKtn&wc7xA8k(ZY
z_c}Y!0zi{`%S0ZH$*BLL)Sesan+NXp^5(#{CTG2s)<p4HZ59)Ixv}T&1lh^E)nU%#
zK%2MdSOQ(`o@~*^;&O47ud&qX)xH-1Zxc>+5OY2$)z2s-kxNi|wou%b;gMJ5OfMf?
zC&{=9_TfFvW#>H|e-Fhi6B}Oha-I7+GWIGy=_?Q83B~otR0MP>dAty#B$qi(QjIYg
zC9O>`Kv|P?-Qp!Rd@Epe1W3xqAdekG5E`kPcxk5I8RCFjy6zMfi!d@PC(TA^c_5H1
zJ_A;8dw|`?o#rTY+%JBS3imLJ2B8I)T-hfF%~j-3q3BF_>b>33-iPosxcg<WkGm<F
z*~{B5=JJ4DyB0GQ?M3z7eAEhWP^dzvqs*wIgyEA^`wT^9yAH47m_o9Ml`OoB3KENk
zDR6qrk;6k-#2JoXaWT0l3gbCgltt=BI2Z^DxatGCX*6vR4_lT<?ZUJyP-Ew<7lux0
zE4gRDzOO?EnTyOR&>q@yps<uImf$@b-?4r3faErO+O48di4<Sm@gPvF`m)iiVK}gh
zbqax6&ty)BhhP_hdbj?3t74LP^{ylRqT#95$aTKZ!7g(RHRB|tlv5g@!M98jgF)%G
zmG6PgID4>=G2;U(ot(@Gf~kJ`JW9=8aIYLeNqpO{f5xLS!;#*T!F-s(gQAbe&~Yef
z57O7)1Uk|Y>=53c*PJocaVqRRP-`}R<x=fE&(ItWVLH|+u*8`o)vQ8+(9du!_{hR?
zlV3bgL2?RE8MZ2sO$)tzCwk)^S}%%vFzPX(<b+xqQqfxhrU4aVTA)U<2Qjqs@M*=E
zj46-MRQSY;;ey-IbP&4wIgip(u&DsiJde;`-#e(4w{CkCFY&d}tYi<uz?N(;P;|~E
zSEA*EqPrwij=(}Q*A?unv{+fV8-9J@vXl^B>y=&K#QG<(OcPR2kvWv^sIxktgXaq1
z0#f6R59yt5Br2CA<*dj#%fL3f!=8Wv3>V2h>V`ZJ=pL+<6_Fwaw}m%W7mln%=FrB-
zi6QUY9+d9V@EM+|&pfmfg6CAj2|n+LsNQZ&4WPVd#VlYm0>@d8p0&(Ide$hV&-NzZ
za=Eovkew8GZLz7n*7IeDhWCrwT3>vnCU&>N9c6MlvyoQX51u`EIO{ww74%6u=~y0S
zE$&{ImAz8x)D(OxM;bQbQn$UmNWoaOIB&<c&I)Q(VLz#j&&UMtAuJ;}<umbD5A;Bg
z!&9@?-o8nRDm|Cgda<5(cGL+lS1C`asfX%jz4ToXjzNR-Au@W2rqBSFV`s~5Q*1HT
z0GOAesJTw^=y)?jcuPO4Qp?sig%4HoRO&r>Zya=H<(}IJ8@F9pP*cQ)x|Xdt;adCB
z6K9l)&=NJ9Af0Tn;v<@L<5oaGO_-kpPTT6+g>h0ao_Ft6ABt-_SN8GJBKzEwN_ly)
z+}PwYz@{!!D?RB>vQ~SyMHp%#@g&PyrZ-}<0>#rr(6h<<F@BMY@O>XE$BoLF1=7Pe
zAq^N|2J|`>dCF3H2ro9SU*H%j>Z{70Hc%LMQj~d!k3Ba*wE02Lg_*gZF4`datO$_0
z$OV(ZGa9@>uUK10s$2wHn42|FX23E$?c29R(pg-@6d)<O5%0iv$pb5cXkIi=-j>N(
zYnVWn+Bi{%qG>;^@uWC3KsLUDNK9RBL-G4XulS>Rlhh0`QIu(Yxduc^X9nr3PnBR)
z8jTDe>c&_&-USbl_b5zbH);?9!T7^{9P9Sy!~#4|wF6$(dC$mpXT~SJ_!*-vb$94Z
zs;VXtf#cJ{NMUN)j>>okaX5Rpc8%N|k<a&Gc2kPSKm?gmC_g_ACE*h5f_*@NHRNQ*
zDq6ZQUYppH;4j(O9X0*IbGbggVz4u_OS#Q{t|3i%&oqpH#M>+$Up*0RR+{KauS4M6
z3gB0nzUg%p{mxhIQ7?>8zu5E*d&eA#w9c@xmeCaOd!c_`^n|RW{dGnf&=j4pocRtg
zaZ@lQiA>QuHxj{4J85`M#Tw8`yX`p|3_e9;#Nho#QF@l0r8w%H-XY3UJtkBBB$&SU
zO;s-s>m5XcVJ~-H2JPE2?)B7@aY`3seh*lEcHb6uwUtOV3Yc-}?X#%`)_x*RJ8DaO
zukDG;WC_F^ma`&=K6#>#iVC-%@}k4@YvO0tT9gSa5^sB$Eig~>URP5hs%E8+lDF6z
z*g?U%fpuPB&wDi$C<_$2fB_>q%;PhQP*MtP=ImkIIPtiNc9>;<jzZqL9PG2t(J&+Q
zX$=IFjqu$g%2mDy7XYRjWX!gjtMqezsyU38!>BQyOmGwOyylMjK_$V$0Ao7H1B`yK
zL#p&m@n^ImR68I<?^c4x8xWZKtaEB7L=jU6Z(;PU3;Ln9gJ)5gkw|zhg}OtUv4W+A
zpEdXOIt&SJZL7Ng%0<@MW>)S~3qPkW3DQ|<;(IUo;zIZpx84IOVSP>K=`}5#FWO$z
zj`zOG=N<-1x&G*N>deZCH0+}c8C(kLly~(s{atnRxE&32ti9*643Be(ZiXm+_Tezk
zdDZXW`n_gp)xgfDN;dwWGR0^%3J6t=JKQl01AESq`UrzyL8v==aRh9z(x&uKZ~&Dc
z=g%Zs+3EruqVe0P`7>n2E4zeh?DsZa6pks{FxE4IuC-3F*2{Mf;>|NfQCs%dZhfbr
zz7O=x8O%9rJ{xF5X4VoQFP2~!iY-gKNXd&F>3a|DN#%A_0lwb7lYCeyjlJM<Tj5Yy
z(Pwdl;tRZItGpD=KIVT$Kkp0|PM()tGb*^`vL`6qMfq&AUSLjaHKdd_vv-xBs>JZ4
zq{r(0vmbN%275m_J~WF!3N3n~GLfnvf~qJJnxNEPE1WRelKR|gS%%V&`&0=Anx>Lk
z6h@swj{McyIUQF}U;uMRuZ+Vd&F?dAZ9Z7%F7)E0M~&O9-2-JVoR4F&s70f%b(%df
zPC6jF&NTO8lkL$Rm%Ke2)-CIOci54|)riq|S{vNJOW@|rEDc$XY_(DdJ*|4j=aE=5
zt%<v1?*v}g8U<)T6@{c5RV?39@5XAY^}{LO8yi>dLpXnMtLSUNI?2;1ojMoHNAEP`
zRe}R1QoJ4?Th+O|--m<SC*<Mw+`<TYDgC`%epSXoWG2(4fH6Hp<?a&k)F{C{T4Nni
zS|3h(IWNZ<BRWc=zUik6m2{o_-nh=Iracm-{v=wyk9uMwW%~r|R40<up6M_<<64!e
z&l`B%{MaXvE&zd)H|097W=Slj=(NNy5J!SX&f*H>mL+ug(&3KI6bB1d3>-kD5xs?1
zxTlmsgcQd*ii)EqAiJ4_psS`Pso#ye=v42bF)}5o1%^+aGk|53w4fm7zA)9cprjB2
zc7N|}?JYTpUNO%jg~!pA#u?9I7oe4YQJr^+t&3RUE0Rsfg$dO*3lD?{vt_T4DE!er
z#dj}(qN4_1!j9cU<gq$FisNI5n-WIV%t-Eu!$Tq-c=a*>W#i>1)%qF1oVECspghx4
z<lFZw-$L_o`4I#{wnuW9fk=nK(8y33)p&LrN(QhnVYwP`KE#=Yr#j*(VH#?bsgNUX
z<<D{URiy|e>Jzgt4*}d39(hm!&k2vIpaxx};O+D07w3H&TjPOP8)A-W5@R`G^wJP$
zYQ@w{%UYSLIVwsP1H_g{MJOfWHBJ?mw7Fp-o(LNt!h0=0$tHaWiwT3vD)HE7rYMBB
zI1`+D3n-cF5+GdcjmHJCp3Ge|+U&8N_P&y7+?69fF~7yYT`$4Ia^P28Rb{0q04d*O
ze}=JcGk^I4DJ@HKSP3$VqS6h_dbrD3S#vs$r{kUA&Iw@=D()fp5hf&si&!`|tZ=XP
z&Xbxmr^Y=37>deroYAKsuAy%y%X(|7woPs<NI>CilFEgP3OvO963!cSTVHtLYmw<)
zX6fP#91Y($9GvCrn+;BKp0l;P7&`ZmKpGI$-U>g`&V0h>v)EN)@h35RIPdqqS^#B|
zk``5QIE7MWFb*h~fx<b?$k5WP1fF2HszC6?dwu7!5N{qjho)eQJrvuWxYC+=+bK-u
zm!*`a5hdJCC;mydea13Vj(UoBM+QYtBpV0wdd(@`%T3t;x2=~PTcK6bT$u;!>g_^0
z{NP<YkhNH|x@@^Ck2(yo65>T0emKU&%|M$5&Tcd#>jt9nvS*TYB(XdsGf}rw5nel~
zyD+uaEm}aybllsP+mOl~w#6a0T0?k@hb!y52vYrMhi&W?u1NT+!-lxk#7pEouF%WP
z9ZgCMfkeXJ@4LvHyl<=TjfZa5;rSb|aI&)Lwqx)lc&5+Zte`tZdSo_F3y@J?hG{{G
zWAu}b-D|;eOR_=iSh)}jBt(*QH+kQ~mVXDdQbE2}EQY>H@p)tGaPbD8ctAiOjzi%b
ztva|*E5ZwjN*Hk-aryJqEXZx>W9{dUWlLx$vR+lMrDUyIbXYD;Ez5d0&XWS2N$z{-
zs?uUzyRWLAUB1pUzqhNRw@qxfZ?`Hh33PFfYGC)}8rHx@(aF2O$(+O6x-np4$5GZY
z=IP=((<^*SoOgKYJ3Q5A(oqquM?c^AqifLVi>S8_uZmwFU_Bj8O=H!4CL#}XQ{>U}
z$~~b)%gYB&abgeycK5*CaSlNbMLUf}i3$z`$D55#*AaVi>D$udJE}>%u~#QE``#m!
zc@1xJ!U*qp`E{KVO&&kIMXk`sc-n6c&lHB=QRr6KgpVlX2)W+&n_e_}M^N%^Y))`q
z9kS(&infD1y}~*{9i?5T%8Z~u*n8dRWpI41;beM!_1?m^JZ)-@zVY2a;CB}c4C3`j
z=qa6RJMk7u-E&+mi*8OJLYI(Y6<;qlcB&D0zPTeeK+P8Kt#SP#9XdTa%E)+@{oOGi
zR(6#Oh?4gkUIrE@W?@B9&UvUgDa1%LY}vIfW`t+eGEwki@!l=>>sxrX%nAFR@5zX;
z_I(aw1fQYp^(B&d00Zf%-p)K^dm>(oB`yQp(jt=`j}_<0bzTieTbBdd4i~8vSo2dQ
zeJ=*OrC^5oi12J*^Lvr6HX>YxMpmuvD2Q2XX0s%#>nX-@a*7r81$hF|7MYs1_Bn`p
z0KDsb^Kes}2J)Fln}VEGIs1$|7w7OQkgb_iA1S%xBZr8#y9+6N4I!Jzuuu`~DNA%M
zqyi^_zi2maiS(X(g9DbTRdktlmxM?o4cA#`%i^(NN?cPxloxsQ0==pGda2x@P9HvL
zgXze3v*tGkfj&dMa+}c?kv$K;Y5$CG!>iI2)Rz{jbei{qM?({=`<OCwy7vxrjn^km
zFCYkFRSjiy!`$5a#a;!t6&h?GXSxo}8%$8ig}wHmcdRmMTHF;&wH@d;p#$}JcAbr^
zBZKQiJE>?Taw=UkRGy}zfZDaCIdCY&ym&q+wpK7sI#}oHNNkm5Ovp$#nQw&9-n($0
z(wl=PF9vQpIe3(#jUvxbH`=T6`7h%8-Utl=8O;K|VKqiD6LQ;?l`ejLk!QXtgM+tr
zg@;^9Gf~dXe`cpy?=)UK^L7cpJ@fSu7Dl|raPTgZC7PU_PvY@2$oZpgaTa*Op+sY6
zxVDV0oK)`8q6w8sQ?Duc=mu#mRAJf(q?00H8q#g*O)Kp_%ZF2}6*I*YT#@}Mb8Svq
z*9dUY&d{<%7pZfeY3&OI&!G`uh_!h>G(P(-#k09@^LF=nL&k2qzwqU~7Cd>w0ORB{
z(_Jx8pff<26n)YqMFJWqwdIKz;pOG73m0YSuwfIJHh^Ssk!EPWsAnE!+6UZmk-;yD
zJo7nWA{9=F*m#fw@G!L47+~LFzo_hZM!kLa1olnfu(tM?6QKp{ogQ4>3kQCHudA|G
zrVrwidisoX+OHtNFvNJp=(#Fx_-!qdis40Kry~z5yD;XG*K>s<Zca|m#wG#am#VNd
zhKo9!-LEcs38nQ=3LCC%&4z~z#a4APdbfkb&yVV2f$C)kTkwo7#WL8=vW6tgDR)i7
zwd$1_IPw<0=%ftPK&;&tK>e)EfmUN5$SpU#-V!0QpcDbVbc!=DG9pqXJnQG4rr`~v
zktvF`acn=|eaLHr$m)VBca)$BK52T&z22aZgL4eR476#5aa7N$4{li^o#`T7C4G2m
zxK_gFMhC93#ol&8ZkvxUlRHP$f_#$CpW#lhY^to6?zSFT26o>Hq2D~XSSVY1COWU5
z^@u1afY&tHpgw?L4$zx8hP|74?f^ssjwr&9^7u-7gw-g^uB14*y7pNu-f$9`cdn=0
zC^kOkvta=>nIUvwd)hgjVh<S(kN|*QD?iABZtAmlMEq3a_-z2h9&N>Q;!!Hb2X?RW
z>0#n-Kh%foZ_JFWB-WmmryAB?upUUQ6PU#1FZz?&K<Q+qqgnW23KG4elvwQxj8v|Z
zNbTz-MT}Q9s&M2@@qB=LdZn#Va2uo^WzIN*V4|kdLE9WhX1=|4>V3nX^gsBteU^wn
zX^P@HVGUqDBX+H(ySG>Kaz|mr3D;ld+8YN$pm2nfCD-#qQ^6jxNwC7L$4+PRday%C
z-JEkEh~Pwk`~e%xi&tA{NRJ3k^LhifJ>f)%@j`_j^GYv2k1{et?R&YEHa$tuLy;Nj
z5(G%X7td$naY$CivJ2JVD9ohg$}~JFa-Iax#jYIZZe$8dMwt>3W{_6$83@Fu5<kuV
z@y5WWuaK@Y@f$1UaeA+9t&nmlyB(Y^Tv?6O4*^BR9s{6}8~c+Yurv}<dh~Q{n0n!i
zoc8}un4RNR5QIPgy%IEg$O892k|oC@{mkhfKS5Ok&@A#!(cy?!0`~1UfbZjJZPdxr
zj*&DOQJF#9Q>w5SP*;hzgQpE%o1BM=<C3gz9F_$bHt-l#8jPDMTNTNH5YxMMB)WaM
zS<u&^=e2njcGjuZozrGfIv~3U5EvnZzyNXTbM2tS?e%!EN-ix+Rl4bE4Oco!^p+m1
zVK;BFzI>@~U)_Qqbms)EV(pa7K$&aW^DI?8umv$4^yqkXarIz2IkMkShz=XM?E86&
zu}L3Xj)4hf2H0h|X!iw!C+P(R&^fJ-Q)%C(OQD4Cd+iRd78>tJT`+_rP2R#2RtOrZ
zaNfrXQ2DZ~EndZfaefkz&*;}_I+XY%BpprtDH?z}yP62w(E17Vdk7bK0ot(ED^Sb|
z=z43wVj1feYjMMasqSr%#72tkY?Uyhneu{k^L)h<Yu`y@8}L3r)*;p0A{VNin2p-o
z5RGil+$77mGNedMOdDxqSCI7Cs~6@PTRUSoijp$<h(iZ)5woiBX+6+ONVBkAn?<y6
z1$+afZ+g#6`rRT+PHIhJchS>2W&VX=BKeu(g+rS+X`gWO11m^<A-pIVU}?RH97UGA
zkV>Wx-kl%5McvAw+-|$0jL{qjDo~%>XK$%OSqpQgfkScHzl)!KhQKo|muWSA2v0_N
zgCKNp3}0F0*%bg9>cJbLdZ^H^-Cq;J9#V>FVZR~R^E2P`dB-XMh7g$(bjDq=HdcGq
zApz@oR8Orv8fEH{BYCqpQHOVPvSFITvqyW}#+)wH=aA4()Mt1{JYR=0JLvI4;NBI|
z=PNa5rBqNvzCpNz<<^f2Sz8Af6hzc|_aqeNV&T0m));PcJMKzqVNT2rypW&w_bQd~
zU}B`+^SCLHB1w^L6QE^bO@V9LZhtaajfs=1ZH84CcJxS}xY<H=XEHvajwsc5VOkN_
z>Q+!%w2@hC-u%hH-sd`y@{R_2n_4|abk}a^SM^eWk~jSfXA{vBJx+rO_~1@`U0*te
zl~aV6aO^#%lxK1Ml(mK%AW8>!w(hZ!V^~&kN4(R*>8SL;69c!%?vd0&*T4*F8%Q7W
z3n`^&oZMn>?sq8NClw>$=S0->X3fp97+v6=V!23jZFS?5B!?Cr0c;tn0b4D32oF)g
zeTBwUoC;8JUy2Wy`9a_V&8(5cpNAcWx%beaG%C`GKoz52r}y}RC2`f(dl=c)=U%Ly
z!Pd;|>`??%qavUki@g%Wo-wYJS%SjOz9A*#VNRzfSDNFW5F9=sVBhph>n=MYESk4_
zcVx?+6PMBE-gMLtU;&LLB9s=pI)n64J>`uD6r9Um#Z4(yp?B4OutG<$?}cbiRzFiY
zu`5$tWZSNDQ4^vmU4iz*^I$^A;GJ{O8Sm7DMaG6p>$qHP%~d({4oa67t1Bf!bt3nq
z_N_yP`>P>4WV!9yqG7hA=4I`N^0-^1XY`#s%!-#@X|FsiLYt%N8DV%?VaNV_3f8xr
zh-q<C(bbf&+;ZV2otdIuZAhTH@aAQ7@;r0b-bZHuPWkG1V68<8AKdC-*aMozemBG#
zh%dpN)SkJ-;yHa&_>73WEU%IuKAY|k-Q)8knNjb0Pp*tgs%>#w(!;Cr1)(Ud@#P(r
z8X@0f+~zn=1I48pcu2Yaw6e(I@Q^RFykKu;<OZua$jF5f{0Ky7Bt^Qb%28;R4ftMk
zzM9<w#$fdYnGqDR?sjO%Pz<Q*<}us8d)TTq$F3|f{OrP&5zd{`A*H(M^@9U8uZj#y
ze0nVx!h*|iFJ7`D2f=`FyI}SJM)%JJ5sR(6&}{YQb(x*Q>nx#cZjIJ3^B3m9B8;J3
z;-EnEI&M539ZPfh_R~d88Q@g{yNYmuWMSBJTDqrCkBDi*-uE%+g?{FQbWy`Oo1BYC
zz1s~-%8Ce7!xMdhA;94d9L8?0mfFl(3gC9xk#O(2eW@OA*zzNm3Mx4p(m;PPblyE&
zMaqcfa{cJ}7PMd&q2L*~LJmFFUeHJB(_YjZ7vkp{aK7XUYq<3a*&?Mkq3FE!#w|Nf
zNFS4IZg<H$az(4wmVT}KG&TpXMq`6<IOhSr$=6a3tFJD6InA<O9v<B!J)#5FAwQh<
zpWOldpuk>gor0&f@q_iiTC$MT!KkFgXWIVsFxO1_@X7M?Tuch<8!)bgp2uehaDonS
z$ZXhseC(1chWm=%!c)Zi;z00y4i0d(T(z*PhSDM(U2$(nV;Xy6?wtaqWARAdroZ5m
zN)=8NQY~Ms=RVFSX#N=dS(v0LRkO4eFu{6?#2mA`fGj|?(qsf5GSD$th(Dm-DqXVi
z=-`yiJ_U-TXQ$0m)s`;_Y{E2?Vj1&P$R5-6L!V2{;u%LPO$wWnP7MUhz;KJ$dF;wq
zO2w~>`$gT1g-Lek&h<0S7JUP3+zP~&VBX99Wc??I=MqV%a^zhSv;0g{yec;ma+Gbt
zUSIen>^3*puE~h$)WyjRM!Mq^FP}{jZo`<NN+8mUuJvRc<e^Qw>GG6z_ymFPb3W)u
zztRp0;cI=S@EV}GGt!23@YORkI;huCu$&SU6rQTGYO66&_^xcZx1P{CI1ToeJ<bL@
zfH(+Ve)mT2;S2UyXWhI514ticp*<E#+L=Z_25+-;dM1i?S<Rc2&xtaP7_?zS^_haj
zkgqSfP^7_PaJL9jX0ljo1UcPc02Hphnky$6yrG9hR_P!d1?I`I36AnyBLlrt?4*Qu
z43}>xTN>0}{9GB&u?FZiL|9hnVFo7T_@zk#NX7GZVu3joV+=QF-f&oY?0kKA5^nHz
z9x(82FMGb-nCg2EAE<CH!wW$LsT~a4PZIAlO7^+vE36$4k2h*FnMbo*&mSv`ZrG!z
zQ#~bpboD&46L8fhWh6XwDHT;nyuh#scr=R!(1W>FfMaA~UzKBIpIRz_A|iOKni|p@
zdowPzGhOvYnM0?bJ6?!naqA;K+|9@LMv$HE?SohrkGc?y%N8siP+SMZC#xXm5LBfR
zR*gy{f)aYmS=N{9SCIjy;lK{P(C@_!stH5Xm^%qi9-%&lzJ<J?tzRg#)8NrQFcN*d
zP7#u^o?EF}QSAdsFsFv#d*`{cMMa(L%wje0%=(GEuC`H{cH0usdl=Een?{wZY^FSm
z&K`w_-zdJ{9kZ7(t03RfQw!#KXR;^~;WA|;-1`4X(Wjja_|bI|lo8=X5j7{%Q~Mtd
znTy2-1`2x@=F7%f2W?BxqX-N&vi*#;Ubxbh9Rh7lDsuA+Ob01VZhy#+K$H_itlALX
zLJjRaGK?qhj7dg$9>VU+ycU<*0J>yc4D}Yckr7ghr*oDdOUbVfY*q9w-mFmpX`dH{
zhc|Q)i&#VB>o;D`8;Fj1tX6H3F+Xc(hRSM0<6Z8OMv)3OC83MITzZi!xY~Us&*a3<
z*n6k^w48}An-h^FCrU&zy&LZ$^1TOL>r~g+WPI20tO_9O`yN5`882acAaV!e5RgKn
zSJt-Tol`!DT+>>@HeqMp3`FfMihOUY6o3G&s_&_YT&g}s7j&EQgDw)~^1=qKQ<q^o
zdagV9pqxnjBw`*gR~?AcW%-z&3*SOYC^|iYmOWo#erf`n_quss4Al&ftr3qa^{WZ<
zDDKAup-6tF_WIEy<h`3~6(oMPZ_+eSOCEa=)e^ofnOW{LaNw&ao-J4YMts20EL)FF
z6wvNYe%>jHdHW4I`@l9+7FZAk%wr)rqUSk}TF$STPQ;=Hb)2gbydF_O$v)oq>a_FC
z-exCiRrq<&<~`l*d)L8v%L?4bpD>s|mk2%5GMX(@eRXs+nc|0JMdFo;APRfNBIc4&
zds9G?pt=DDeDR_t)T8&Hmugb7kJ+Jm%Lif*3c_<-047SoaIPtl^R&$baU7R2-I>F+
zsW$ak<6_}qaL04?9yvi}eWDhA2mCmM8=1J~cH**&0t#%1-$uM3T{!o;fpzDEnNo`Z
zVe6i4CFkdoEc{{+CEMnaq@g{2@NjUNL>W&Gl6{?7rc!*h>$UIC8>SIz9MnE#QCXHN
zKUNhJT9JDU&bkG|j=cxZcsXfYLLQph#HmSxKA-7Dk*8LvuJ@3igBa31XznKq^_aq2
zWr_Vea>{4qEQ;Im=d?Mkw2satI48Mu!<gBgp;QI6*aMy^t~Ne_(5mqsuF+#61!X-I
zp}|g&bY7o^S&&l3*d~t72xbQi8o-VxPmZo=dauCqTIXr7)l}WMV9*JbfI_q)Lx8kU
zs=Ai=3MFBrScN_!+}UvC$fH?8^mL3#9#aEN;K#*_^8%q@=V_kepukoatAq?c)r1;5
z6|7_%Xgjp%d@d{iHu2UOW7u!5#+ZA5zgJ*mXqVC8UOx9x3V5yDi%AUCQ;uQBdE14E
zJ~;yerX^Q)dJdtg-Qx4o8&kbi1~yQHn{mMDM8}F|$mX!LIlkwHeumEsrx88@a-j9L
zh&bM<T7MhheEc3VWzd_MX|_ZwC==zhBg=>ZbKM9w<>&L_f5bP2rM<c=Bz}!A;hN3u
z#sF<B6^(&olc~fkP-D;7UQN{m<8=AEHp*<4^bGE}S3_)eiZ@gidhim<pK?Cr*4s2L
z1HpPv+unnSZF8q&edSb|H^Tt&*vs>gor2s-g5TPBvCu<)xK*iEV~|h)Gj+k0S#~5b
zGPs)va?hvlXAFhr7u~4*gc?G~RUJt>nDnOFV$v6{Hr`rQ>lT4NlfX4%>n^6V+<rrL
zN0ZgpaS839FM_P0(X6p;2d+&MWe!Zfd3?su<-tY|OGsDk6=fwU<M-Z$hSt5dQ-&Gy
zv3=R8x>$;>{HlO9O-M6W!W?m<j?;>Tc9!tMiZ$h6PcXqSUs0gXp%%&$j9fC)i^H8P
z?w4fN^x|zOgOkLNB02NO76k#oa~jDZ224UPd^gC(<%;iKmB5vzS1deA;jx*0-b|z8
zF5Esbh$2DK7~zOh*KQjNU~dDq+|{w$<b@%hUwOWcaTm3mt1#YuAQ^R5&i-?`03g20
zfW&+^K#`24?81Obye8%h%kSkD=Ob0(5XX3T_3q7Fz9)2z+w~CJ7Dyqy40-jP)xFX%
zDcq3DjPik(M)?WE^mDl&w1hocn$8&=lR3A6L~&RnB+4iofUb~jj1yslXY{Dn1jP&S
z97-4YwWhfcy6Xh675Iwanyfy>wJ;Y_9fQX;))Rg7-bAg9*p(`R#yxgyt1^im!{Q?C
zeARDGhmxLOZcRl<h6SgOJrvmy!NhZGhdKp`V!Afv04Vgte$05rZpPH-yrOc7=QD46
zwY0l~nSletGV_Eso?h)zU8mQI`?lG=n1@*FF^gU(r$1K=VC%RD!~rJT=G$lSQl{+r
zCdG;Y?at;hlFH5@q^nlER|r8XZ`ExH-xR)>!~>x{b@nbOLheY)h}fbvS>%rH_esP*
zqv;glDMV$Z6?7_bJT06NiuSIYd>m?HIl~ifdS?B`q2YLXug379u#=JaGm!3l98&X=
z$xv^Vcb*PN^p&U<k#Y^kE*M(Pgd@x#k6(_%R84c|6<N2!72LjbxME=}?~IX{UKTU*
zjG^&U#yoGj(Mi-djd~53+43wo;fWN_BW$P@IOc;XC_~Bvnoz&BgHzlAf7~L?B~L}z
zZ)-Gjq-A$bX>TovJ({BY=EWfJ?;OJ2k&1T<9?pzr_{!lzAF1S#?x?0`)=P7r_flHx
zQRtgT;;iIr_%_g~A)g^RO@W)8y*Ctrs28<ok)l};y7$mHK9R(CNZlGfOy_Galx3Ee
z!Zq+lV+pwI=qYOEOn{ID8G`2WKA(;8%z`%<)wJ(saa2$w_Jy+0@>B+sK_X98y}{vq
z@E*b24cG@x5BGXpp67Th>$FpB#+;&WIt8cJ9f7ae)5?X$s2;ABH>pp2-yUyh=EKL#
zFOFkRy4ZE>j-<1(vdcEa5QDk8>tzue!0;Q~A}<*stzaYeWbvJ)X|2(1VJj@?T&X8k
zOPYp{7eS%X;O=LaDbh{RDy?&vz>!ptbB4&(vT=)T21hB9R^@Ijz&dS1&tc_5Y2q0q
zl(a};(bA^#9gkI@fNH}%V_SSZZDyd4Kl2E~XIz!+6iuK+GUuA6=P^ObXR$9`8s9T5
zj*2%0IhlM9bOfH?Lpn8Y5`;y>i)n6bJTJ{Iv{XjQe9siD1*P?+5jk3=tm*4kV_#bs
zb$cDoV~;wjs1R+-LkV37ARX#brDr*043f2(U0gw~yLP~}U$OLFC=JmIp4u?bLdtvZ
zu&lX95&-+QpWs!Zuf5m0*j$LJfnI!i>=|ClMGbcCn)?642G}9XVtAENN*)|GJCB+a
z{(|D$<)`mWmVw(whV%e2V!Yeb!Vb~7$f4QsN5Nj^9L+~4&><4?AcVGN!*@(im#J>~
z>d8$SK6%nQG?@<csMeSB8_H*JP01WsR@S7~E`6PCbnvc)01m_7W!1Zf7W<rlmf2hw
zf_tuAm=IPPP9cJN?}W#Bv{>oU1VK)LHJU^eNeRe7tT|Vwgv$cjdtw%LC8QktHtf;f
zpt?#EmNbnZQi)eVU3)yZteFJYF(F&kF^B<y8svcv1vfery&NeTa)zGk>8RB_!I*mb
z^4T$XXx5W%iVF?rQ2|A47)b($k)p&pbj=!mAu8@gCEgS4VK6V;OhMrn6~TBYlf>EA
zqi;shwnxI8R2Xf<`l(@Bv8zaV9JAM>!skOdz=4ohRnq_)!imdaDrlOXo!n$2nsu;H
z_Ld0K$NG~Be!r<|SFPFxXP7^r&Cv$2#FT<?HZLyj+LH|1p!Vf=BK8bPOs-$Lvk;Ey
zd*|mC<d!ax4u`M@&%k^9jFGa)C9g?L%`3#bVe6D}4@?u2;P6byVq>~qx=YQxkO0|r
zXh8MUmmy(;(1&m4jrT6Avb3!vGM+B%qfGXfwW5lRx*B`9&&hD#KGG(MO5S+=M4zUW
z-65TBa&CYw_AM%HpkWlA31n#3tXy>nO{|#qJk-1nphrI!5DYfv@M7QIt_wG(Q6vz*
zr5FR4%3}`<^Rae{b!&Anv{B09Ox&?873-ZipV!CsfS<lq2t{yy*HRB7`_8t|z4;T%
z`wX*(EzkSRDBRe<hR1WH!q3_aHD;m2(0%R^)tmN|BHT%t;ukm*r@mS_WaVS09Sy)-
zRA*e(G&X4Ai{u7TFeYm)K||d=jrE`njf+>~<%~bb-luO^x-a*E*}A!f5*w<6LZZIy
zPH*zYbSHrtr7EF7;xm97&Y6*r*e60{lL=bwO5&H*wKrE%?H=Yd&eY(U)7pI6q^EKy
zx-Qs}aDld*q*js>G;Zwp5@$87f_j8<!XCY!Tv8_X7%E?d@6=eJcdJ>jQ(^+t1b5>i
zhj2*eX%AcLqY%R;e|{_~2_s~#<~WA05%!FT-m_D|FxKbpHq0+&FXodAea70DILiOI
zhsAg*_HJOn9hZOt=E@u*aB^*micK+)*w9xm+#F$rpJL2qS_w#-mXSa!(;KhDzO6X~
zjS5JTg8}ZELxO_2Ha9s=UVS~~D^D_Ktk?O;ga6sk=m)|4#+*QIUD9|d))bPRjQ#Dr
zW3m~fdfN#6^7>-7r)k}61@0I@a}ZLVJc2=t2lO}{A$XE-HcQzwlixjPXJ_hbY;ocL
z5l8ZBhKylG6V>A7zHvQ7Wvnu^{t0H&X*O~}%m7cf)$i0c-U1Of`c_%wVF>jTWCkDc
z)i?xUM&*|{QZ@<*XI&_Rgfl|uBArB*R!|mvsiX1e04?u3xA1qsMGJSg$BuE8LwOm`
zhQ!Q5Rbe$9Ti%3k5YST`NlvFn@AOPOh({pP=`Qv`N<5w0%4`mKF#x(1k6LmC*ms0^
zn+<mi19y&<l*q{+U!a&q(W*NHxB4r1D7dl<xPnkj*zPKM=cT3hPNGW(UrbtTSnIs<
zOKqK`Qy`3(H&~q|Z0au^d$dpGR0Q!M1&(=jKPst#jrX>7ye_Om-a5}b&%J=iO2VBA
zpn86FO;lz;JrVj)67iA$BBLtUPljj^%ASxMPCZSW+qV_bGXlcwfG!>-<zCiVN?T0P
zgvrLOhZs1Ayw^6MD&1E8(x!#eS_}H!;F&bRsN4G{<DX<q_edTLL0Pg#lsAklNi0hX
zdgKfOEK@DNNO)H?D|dW;18Xs%O4*(EdR}y}_$!PTFGZ}SkWgOOp!!t_Z|vJ1B!}o%
za=j70(<%nSvd9rrYgfj@)?-KFkLuwokUBa^i_Ro|k8ef|hDfdpK~E-LQ?MTMP+nK=
zTgGe=9$z(yBYI_8>yiKCCGoYezrjt~^_U$F(xasY2PQqCxJ0rwZXF_znv-M!<7TV2
zdQcGT43?_nBKz(anlxdR_t?&!OYfWUL;#Z32*u@#h9`?R;MO&SPZu~c*6B4JB?n&5
z5_x$825ZmQY|~4>u^sFpV5!a{3J;LND*i?z-=TNzp}b2zCb4#7lovB*YfkZGXiPVx
z^757N%hyClgM(;;5`AoR{s@6YZ<jkDV+CXl&hN2Hs3@sdLXhL-W7*QCF{L92I%tmy
zd#hSPBf+2(2bh~+=S8I`oz1&EASe9R1}2MT)VjNeQbD_Gi*OS!4L~Zv&~z0h%f|fF
z5%$3K_#OC4$ienQBYPDd2Hi>z#dPBJlAkq&B?DDXqOi{cX=2KTnC*0>CuG!ArV~dG
zp5LZ#(G!$kY_1WXovOgmQ*su{GNY4Tg^N>Esg8KQcj#?N&rulKQc>oOzKpjbHk`PP
z@5MSh#=NNm?H!(ly8vL=u238`Uv&Irqo47Y7KH@HZFH-oJtt!L2}<9hg+mavrJt5p
z)j=xR^WMvx2lDh$LyZKXQy{)%SE4KG2fz!)(Qe6DPt%J%ScGEmjxo8O2J5@Qh`Q}z
zA!8FgkqkuLco38w!GgJ0FE4KBjgFmMwVkCfj6hgJ=vGrv+CyQS1*61ncxP8|g%$Md
z3JM>3Cr1anWeJ7qdx?}QtR0p$ds?F8Fp~!O(#aVDOI36r>)9Jp>P>T0x-*rYLCQiS
zuV5I|&fo95)DNpW+p>3khsnx~cdX|gY`%@@@GO7$SP`cAoKYWp2@(Xb^j!7E+sjzd
zmLeTpnP=ia7`+<(-pXjZtqAT8f9D$e48l!5T2Lm|CGu(+f?<0BAoi%BBnYgL1=aO1
z-!pjeo&$_{^;#-vqdnUdwg#++Y!>U`*RY~+o@=LAdpstasi74QZ?ueL&`?M=cIK%y
z#;XW-XtxM6M1Thn5Hg;YOtw!Pfs-)>WM$8AMUiIa0XT*nv>2~e(k%l-^d+LM9Ok?9
z)JfpV>EeAO1G9uT%?{v!&0>xTnQa|lB|1uYozm;|dR89{;-H!B#H9lLYqj8+78Ac7
zxg7I`pHF!~L0sNSkWptyt$a6#&o|p-u=i$9mEYB~d(b7S!Tm11Quq33VMW`_qc5|y
z-dR1i*>qC7o2RkH6+KrVWI(vzbo?_C`@C5?D6&*?=>Vf}kU|3xI|%H7wuI^s6oz}6
zk|sr~!Ae-A+@>VEL#QW6=o{m+NNtcWD}fW)NnPYfmL24Indv~{dOj*)YcC&77>Ig|
zL$yI>sL-9fYC!{#f-?OgUYA`P<76iqGT~%I_v)E>9KP6>EqyA*Fa`u9Jr7-~g0%es
zyvg&fewLQ8B3z&tsszlMdXUJKD6;c(LTdC`*#l{?H}Fbf3T|vUHbK1KLgj-uc?YwB
z>nwd1KMw}nB|gq!VIHW{q;JS_7GGP!_$?K9k%3Covxoiy7kH1DAS46bt$-n%yBrGI
z74ZgNqi+sbh0ueM*qNe-NXswz8;^g^9agTIoM+Mk(-Tgml7oOzap#h_hV5WS54h@e
zJe(%H>hYFq7FW-WJ(tpsa;nOglK$QU+))?TZP|Wy^;|4vFyBB71ftw~(@k-!c(Pat
zce-AjUEDfp?6r1u;1otd!FP7)OL2C#&Pmkds&3MN)rC)~gFz-Rz&933V2vd%tCYrD
ztIBA6iJclEN~D_L4&vRZm*(u;u-PbyLC1-pINOo#<4Pz45ium_ZLzH!94Nvh^9}Ui
z-KR?l{EH7s)A_;la|PcHeqH+9*x$n_e)YDxa^e*?@tW<!vI#0!m#t%`sW+Tq(d;XJ
z#+psjCrX{RST7jJaD1HVzyLZx#lJ$f`TO1!`Z;^bN4?6^#OU2VdybOoi5)GOgvB^J
z?HshG@?>xTX^47jVjredg-ks~4b$`nyFNxdIjz>Sg%Zn7^X_K>sTbwpE}k82QK)kF
zcvaO*2$$l-UagGd7CmKojE;zM^vvOj)m7wfYaYJ5=PPcV4eE*cLZ~Ei)Zw@vOTDFS
z(vt{=AzK`pB44DPdQsAF419X$b`IBGYx$nsy?0g7URpRt1TE$a^SIiiK+9nWCPy7q
zm`4!uwAozNA7#@*`Oo<iu+Xj5Lg=sg-k@a)QegWNXaahPZ}Q%CD`RnFI_?B>Fp#K~
z$uK@7(;4r6^J*$DS(LzYtf7%AT@+(XNWh*geE|~q49r@9ZV1eJq`t-v538a3MBhZC
zGdXLuPxxR*olT5h7kgb(ol}txbMs{o6XconU_i~1rd_;qwG&SV3V=BWbQB=xaT$L|
z@9+_TX20A@@r9Q_cB^?cD%)wz9A+~#ZG7ydYl(Fu-8_Admq*^lt6>&#_T_k9u-RV5
zrnl4$w5~6c=Z@K6>UMONeHr1NKq$LyU(?HH&+O;~9@VoaIm?QLB;p<-obIF@eL^*+
zc4A~Bg3h~%S#&}>17X_iKRZ_hhmlAwTA)P?qL8+cg7ge>Xd5qW5R^W9i9k)6-r+oN
zj0-T=UI*Vx9!k*IY+ZnGo`;)DGgkC+z+X|Q0zy#bCn5Zf&LPD4*pO?umaN^ACK3GY
zq;=Mya1+E>jT%h%gk%bd1hW!|=Zmud!qM%_I5io3h#MqP>rXY(qFrRu$76=PUz_60
zz&7;8hDjLH+eoa<1${kZxN~#E%7{@Lt1;+lX*bpj`w;Y?y&&t@Q1*4Q@5Qn3^aJWp
z6;+|KXW%4A=X>S494$yyCSFt^@AlzggH#bU8NL|pc09~I&1sf`b$^yla4Rf*Vgn)K
z@EXzPQFn=KKEIHL@qQOA`S=yl{X*2?PlZDN=k2x7!zZ%?VW}>7Ep=p_^tPWK(<;01
zV<d<Z^?YcEQ5nuH3=!uZksVwX0Le2k<YtRbh9{FZ7!MEp6Vdw&(O?1EZZE7{E$diJ
zH;%gP{M~zn!g*cyf+`5(ut1zAH5vL@(OW1iJI2?1SpL{y4Kf}{;oE)&0Vzp@Ci$wK
zkLNU-^xhJkIna6Uvrv0z<aqE_EvfjN)9|q6JzwaT6NY4TdTLJ}UvK(g#<`%u<q%v#
z)jR=`reaJ*lVP<8ufd0MdgQ7n<ZKsx>U*^Bs)VZ}c=i#z@)s?;slLsO*OfOmsJVO_
zcNbm<uu}bUgl7Wp;wE{<th7xy14Cr+Ds$lX`wvhp2Bqx4YLUQG#eNgZ`%-}V=%yZ_
zJk5Zn=6(tuZEm~TbpjKRr`TvMb5JjujEbKcLl2BzlfkU=)<fm0+<M=PzTcYNH@E_X
zv-+XOoJM&iF)@}|&&cyNS6G?7&a^1#NS2qw<u8*!Yn_F3%X+74L42&7Q*+Os7CbLc
zc!s5sO$w5sB%5)v37H0Pv}I0GEv$$Y?}ah}bO`OOap01g_3Nz#e{Vyy2bGBmUaL3f
zqbINFVo@*|wK$ZXSeerT`DyV;$05SGp~`DZ<w&dE>FRF1H(*by0;n59D^1%pGY%m!
zpl}e?Bd9Xtu0s=5<e{1oi`TZjf~DxV*Z7dkZ?kw!^CzT=rVMl{ohMkQczNhdEYcN?
zwIrK0jf5k0<Qq<8K^*EYaAR~Dfyub~5#PPn{isKe$k&nzFnT)Xbjbut3-D$?A(4L0
zBM*tR<;q+)j^~a<%3z4W`+~yk-GeD>LNPE8w-&K}sUumdKJsAqXqp2x-r_#29(Tyu
zI;ARpNG0H5mjLoacNj}F;LJ~+i?mOmdUC1i^}fkhEIO99)@WIB?+SMV%3?L#@NFm=
zN;utsDPt}dZ%i9Kpv%Tw#7jJH3&!jAw^@%ZXG(ORk~7=JD8wp4DfEJ?ie_#dPEvb5
z!m$b7cLRCLS`>JPoc1=i=$LbO&c#({k7?K(6N<#VIzrnm3<`hW*v~?x3^80u5A}^C
zFZdX(w`XKy&eYskqeHVtcN!@a-7Y0RR}^N2I#-KFMeKD;Z!IQ}BB4uOvtB+hm&?tC
z^y*Ja%%AzFUOwVu*|$C7N*<CdIOLI}ky#Oadoa>**NLmEbf#3&$X8KpPDt(R4SQRZ
z9RkoNH$fIy=CNv<jqe7?_X%6KFI>lz1Rhc1a)7mR#(OjQXgmBFAryf^xCkew`GLUG
zHzg%3g%XQ*IGws>#O3ygshnSnZC>A`Gsx~#vG38_2n`)135!S4lpv(MWY}*^4+Gxe
zI3ep?a7aUHi;dOAuGu<Vm|N~XtHoP<+S9S;LCI;;RZVKkaLbFk0mX0gNgm)YOhROA
z#%>9DOj}kF@`5^F?dfJcrdLQr)44eY$_%>ix#IPvKDzO8DFRk8H<Fj69ZZUF$l^Ee
zEuF~BU`T3qCK-QXlFzU`sI@r<FAImK_1w#wMYsjmRp*?bJQ{S(HRasI)&qhN@&wx%
z_SWY?kr3fAiHyS;y^t_gp_$PKJ+o{CSK2->Z@ONwOuXT%DN$=kTGtv(PYcO=dUY?Z
zwN-+#X9@!DtmhGA%Tv!{1-<Ud*x7-6B?HL2(8LGz+%X$S_wk}&t;cR@Po$*<<aOUY
z;;}Boir6~w9%%8n2Q}Gzaj?(NWNCp{ie{@<!IDGA*+=ctiUaAjVY&H@h}eR^MBh%l
znhYMUU!0z2N$U$wg_kS1yUpP6Sk5{TF4CKT@4b>t_krbjPaCk`4Ry=-Mi7LlIqLH1
z$TJK#1r-jNDa9E?>bnCi#BqghPWt_JeJZEb66s<ffV!`8?N%%tW(l9IWIdA;qaorm
zI#(bB-6jzNR0ZFAGrAh}xE9I~sZP@rDs`h5oBd+Z74Y?iCJsBtn9NC)6AHQAm~Si!
zt?7BCZEL%8IKoL>aa9xm6Z%6avcnf4PhItxL1F=I-`mixWps@gKyKXx>^K1OLU<AG
zJhe?2Q3aCI!5bopLi8{i5#@GZ<sQE01%}5kBi8&FCVa@sXc^xvT(SY-gRzEI3wt|{
zXl1qtAm39Ews%QMm99TQ<!&~hOweOFt+Qu6=+A>8tO8ySgN-fBfKFm69kXDo*d4{i
zlePBr;9LnB#I1fKgR?Y|=z#8^hVjfMg3c~$=NpuNf?^L`c?-jWj`R?kZj_`b5-7DS
zjnL{nOv~zLFqgsF{8S^et7^^x7sdIAV4t_WaJEfklvkr<MFaPWytqc{qAjq+9rQUO
zP|{{q?yRgKu28I|*Xw&>eI(dmUVQ0iN7AQQTj!2k_t+C~7}vGMP&OG_>5NRsB5e!D
z{GRE1SFE08&Y4-sE5xaDgL8U`B8bGe_GIU++l3ohcUfubTrQ)s8QUvhtwTpdw?V<W
zjI(-mkv;V&saC*x4!Lhm(B^f?RV-)yBsGwTp=f1G&@WxKtElSe$;^lc6Snu;cX6#t
zk5hNN@(|r19YnMn)ctmO%HZCs;K#*BmT<VXNyzFvNm$25MMvK=%08p`%~%E#B^Bpo
zjU}ZlvDk{v)|sz!SwcZ4thbI(4fLB_!g>bKiqDDon8LA^>LC@5C8Cc++iEEXrR%wB
zqLMT|m*}g=L1Tq9E0*_C8r`XBG`n3_QJ<=9GxA0vaHhutp?rm74^`4dDtr9$9Eek9
zq73!e5*)oDs<iUn%M_pnE$)1ZCt{`;9`o{Q+)Go<bMSedy4pjqfx~N~mQG_}i5FJ%
z;?;B9pz1ACtXX>xn^MHUSGJwmUe9!<^Y%TmN8J#CB+~jEexbs4HxGB2?v7kXc#(Zj
z+A-kNQ(?wUEQf6(E8Hv_c}i(8{jzdz3v(Ftu!bf|W4M`t=e>4WCH<eWrqO`-N(9P3
zQTb;mH%NxM+Kczh5;Mo%X;}=Q8HP1)4bxNgzHN|!i0m#E1broQhoTMjj7ZfjgX^hU
z^v%TNS<V9{@|kEJWJCs{lzvZY5bvRt92>n!RNJKsil=WFn69HM;}K9<$%f`8zMM&A
zmzd*n-PnZ^UkV6ZEp#si&kkOE!RdkcSawNq6;=WFPJD34l;X&QYTIF}cyIQJqcJI%
z>Z5BFM!6LnEO-v2I`~?I$JLmQno7mqG5{&2f;~k-W~}6(bh_Hen+!P1!(2mq<ny!Z
z$s3!o`=7{IomPf?$Z0Vrrh22+0EEeg-2!nWsAEm+O>{O~*hz#H^vFZYz<3eT1AEg2
zFR~vz7ROiKmnoto?~_%$PgYE#%N)mbuFPjv$j77Br8Uubl1pOxaHJgBR`iuhtBOnK
zz2(4Smlp|`#PgmGlZFHeISM(9sK*i%35oS&>w*v6D_Hk^017brYT{(`*nQ45nGH7I
zGXO<@%j^&U;p)x(9GYotlvAGirD1?^D1cj0YF0a$`#bmd|0l7K#0&CBeD&HK-S%yQ
z?Roj`J)3p`culz^hbd6In%L}>wrFxhsA^Ep!inu=YAWsyq&g+VE<FMVeXz-#amI|8
zE4>jwAkQzdINIXgFIefh%P-A3O37_Hj4;G8BqnOyd_a-iZa^bDfk)4Ih;1K<TWVX2
z(u;a??k(De06T)&D<x;<qr&C~5}h~N5PqMzO5r=GH(B@!R;#nWF(MnvDwFBBTURjT
zj2t5oTzmi$t}wHYv)t&}d#{xH%$QNq;OueFJ%d@gWt&N`Qta4!Ng{YGDdOx3kNvV{
z)pW7P<dj4*X>+rdN^shdCa&IQ^1<Q6Iq_KML|bb}u5-}~a;b*e^N@<eonua*;bMgD
zM`@8-`j(GaQ`To(u%C-X$V{Eo8$-)2XCs8g(`3!2d75@n%;A!!qVvi+7<4^j{n)09
z_q3ckvoCV56w&MY&X&3MG|0AQ+5=skqRf8L;tIv)Dg~0Yn#s4ARC>`PZ_qqk6_}ed
zo@h{Qx}VAb>m#q);<cdyg=Ks0z{p?}uU=rTB2*fT7LW28ucZw<(fg+5pZO|9>x`iJ
zoI>0LJsP3;>Io`{iKX9m6J8kEQa=GIcnZF1gzGYv<P_9uvw~VK1niIN3Q3lz?!BUX
zRDo2d+4IV>Trj*G-Re~j3y&-jdS@5C8-0pRm}{pkyr*gTk~@yJ%dwY4WcVP5RcE*n
zJOe0V41h7hn(7I$WT?<lN2(!aVFiw6%zLQJZ}N2*b&b00nljam89mE)mK$BqNgpJ*
zq0SZSTWK5>rq>xGngQ#G%+!P1<p;B9(b2_T$)~qX3axri-svjubZGs&>w%z@N-0Cp
z-9V!FOX1`8E0RWtvMaWystZg*4UkI<3zsO`+<V1ZQdZos?4XYp^C_U$<WAE*n`jv3
zrp0l6fbxk8Kf`+|5??fJ;EV%+F$_S=IOt<=#1YIwVa+hEF7zR0<yV=~BLS4>JmT9@
ziAI1U+i(co0|L=ibVGL+Xm2nm56=8Oc{fPpZI5{v7M36BdnWbX05&&~$6?H9)Le*f
z?eir}zS~!F=;`K!ePs}G;_23L`Ebf!<<lUGdee`bizY*;EuNU-?a*U=kiE$yE3f!*
znmszrM`C1*VoBWNPaX;Olf-)T{Auqk*3cT<HA)h$HAwiw7&`zaeZhn1f#r|Gs?9Tn
zlssNO4w>`D-TOJaq{Ug3Cl<;dMK?a@pr~Z9^py=q4cshE;0Y4$Xct)qC;~DR#P@pV
zktyjarro^&S$IgP14f|D68q3&X*FZvJI3q#ep?U5o{D~+1!;lzR@&FA<hg)8&GdL6
zwM}XJp86xC!SKRMqHB90<VeCUZsNJxzO9!{kEL~4cu+6j2{xnZWeLtbdoF%&6vzyk
zA>2-x`3<|}ar8)21opc4=1Yai(o{)eMh=xA3Zv}DV&JhPfeK|kJI(K2EJ6mxLvuMT
zdyjXah=YQ9`c6@>1d7Z?Aw(h`4TN(~DggM43e+t1Pz~DCd>B#G@10GH03=HJ6Xyp@
z$o<}{27qc_VWia=e;q;RL~znNSj*KG2cDRatUr4qsXZbA7h50`J$S3Yg86(6Q4!-=
zIg(D_(Tdu%qTi7gA%Kx}m}5mdr<fW`<7zDsOtw2v8nSX8#Z>SBJfS?=Phj*J=$Rw-
z?y|XhQ=YNy4KCk<GFo;MuML!TPrO@s5d{SxPL{0o?m<QuwXSl;Qj2mvYdCDp!B8M0
zAl;U_#q?`UCh3PRJ8+2H0_#P~Z9Aa_nn3Cp9jvsjoZ_R;^~`1Ir2{ilisnJ_oMyGy
zj`S;Znb~#r*aU~!-Bryb>bE*sq))IJp86~G$Numlyy>A5D!=f>%NxSVs=g};?m%~M
zeHdUd0d`YNzT+V;Mkn;)yAjFS2NW^2H^lF;3mB6IVbA7p=$0<01Bqw1xv~u~{a%r0
zhLi~p6Ih;{3EF!ZxzgMg!~^+U53fM{(YR*(|7hUZo=_Mc9@Tv<Dyt7HITYXG-YmHa
zsSB58MY4kxB(l^uG5(D9yItismprKt4Q@c~*=g7~p3^Ddo#L`Nf(&(;z`NHTb+mq>
zJHr|S91fP`?k{cks$H%lLm=dBTsoKMZ4LFBzu`#<2YCLha4X#XZQ?=tS!VPCQtC!E
z>$_5IA5QeihYYw_K_t3`@5r8%PN6#ABY+IANW@r~XLkmicctiy&%oDgb>)bWA|)A-
z@CHYTw4c57Ycg;+U~EHTtX<6#fiBJmsWYYN3oqhcAy*qg3zru*HoFxE*L2@d3JFQp
zyGJMib*~xp-Mk#}3($N6zaJ(RyVS<)ij~gH*ly>=%kW5I1m^Toxx_hS#!SYPwva&8
zrwhv#H&AI8h0`dv^H?fE!iR(;oOu1_Ngsx~JdE1+jm$rhDIYCoue3AzsND9emU&4)
zGb|3oM!HlmXBZG(YxzKD^W=?I`XkiNBZ57bM<(drv#%(+gEN^!%+vOzFP&tJ`Z{X)
zpt{FZ!`4Ai4DcxdQEueEnk=Jo@28_RPj*>h7x%=kATQ%}3&nYx4h@8@rKZwWMTxuZ
z9QA=IJa4HQshFaNNQOCdiw}o4>X_e)<HhZhgo}f%<dNR8=jK`OH63h8>JxgDt$GHE
z$LV<4PRxc2Eg?dO;B0dH0)}ZdK_r)US+CUiy>sMLZ?2{Fj-Po9n0kf|HZ5p5(znUq
zIT)V8gOV40-u^Z;_ywXB>BARg>M?Y<X?JG30#B*8CtH#!^W|<>AFZl%pOBo+s^kCy
zd@_^IxIeG!jS&IS#RgIc;d5|u>gI#aFkZK9bp{xD8(MU!;hZf#kpn?Kvyx#1;N$4c
zp<olU?>Vn2`eAwQIN7@zc{{=)mdEeGWkbxRGZP?cM1_qpo!=|WJrc65Vwvt(q`6{p
ze!hzV$$L}Oxn)N|glKh2S<|*+wZ&-IwwUu2vOwG%w0V%Mlu%0`tD}2i?kGDa*{aI5
z*34GXs#eVJSTLM<iWC+ywABD#z?xQt%+rH&;P&KuhPK(fHXHZ)j;dND(bh~G2A+!o
zz0@9roaf}fpc%!hVU`o`k+Gr9aIxshj0`3l=#aIbR}8?2b`R`4lLAGn`3YG;TL20S
zGxZzwe$BL`Z!QKf6wty@-ztG=kT!in)6d|4FTz7ak!BdV8xiNEmmnjg%Hr))C|I(T
z!U=x20ce<<{Z4f_o{!~_+3|n~cOADpnun(=M;4>U1<!lBqR_;Lib9nhzdP#Eoz)~w
zJ&-A?W?UFoEOIWLZSg7y9Y}ufM)=L4$zm;v;g!5x)qCTb@6;cs_hoiva~j9X0Vdil
z6c*0&BYZ{mQp`+XX|IM1*3&y1#h*Ba;Z;&4*T9&rp-=WX6Ae*H%yT>Mj`xVy@)-hS
z$<rl|y@F*ZP4uG7Q}Ok;gKe&aH;;;&ww^UzZo9htq84{>Fb17q+R5A`l+<e84?^1G
z6r)OLJG$82_Z{*ITs5+$l{_R-(m1RbQ57d$mJtTHaM5m^q@ujlqXIU(j@D0V_P#5C
zS=c_0D0@kwl_GUKN7<d)QwWS(Y*vF#oN<v|O$_;h$6nmKusKRasD(R}or>0xDMn?k
zaAQ(HhHK@MmkD(6T-#F_)Bx1dc>yh+rU8>rVHGLP-mVcEJme?m{&4o54(^TFwF{M_
z3(J5=PRDb$&=sdPUA;B#$bRCM$(rfs4t(#n#7VokC@U+=`9+F3E!s##9KFYHOJa|p
z$8xe7b?i+|L6|-Qwhj-Eb06f*gO~R3)uL{{0Sm{>j0ldI^VpsMB1*GrUJUp2mvz?G
zdGrE*zVnCUWyVlvbG&+&U_OZA=lIy?e2O%?Mk<F=TZyVx0Jhk1UXa!9Mw+(sPR}J=
zgzfYi_<^|~zn3Oq`&j8317FW4HvcRGaj(&HHi{hDoEHtQOlc$Yft)e{f!Y>UZwAfD
zWOJS5TYxghkaO_4$JeI&w99G<r%4W+xn~DOttwx*c;9u{)eAr%!U7ykx+0Y5#tNf(
zB9q}vOPr7lik&qTJ7o75>#~aa!O%0NV|ZE;$=yvZ`3Ufw8VV8v3hoVHcKN|DBH|+4
zJ6_}<i)SJcDQ_A)isWYG5f}88m5%4uh*BqBs!&VA!@1Fuc(8itb$L_Ub&v({9EoU0
zpduqeI2zl}TWL(6HaoqyVSyue_Fgb>)NJ4y-On}Z0Z$sKT1zppE~jwFMopJv)r2?Z
z8ertL>>*W(wX+Ozw#i7Y9;hM1a|CMQ$A)&?@9K2i2ShX=-1I@V6f=lveslY*1-U43
zbV;Nb054aod%de>Y@V;|#3%}}gfw>?Q!~7bD#D{8z^)rkre5yHJ<{PE-TEZ9Ghkm@
zEZ|*bgH^&J+a*6WO&nDhg9QpDx033Si1k&?+`;n1z?Nhawo@b{czCI^Ib9;8G>@ns
zGsC?$nkvCK>$sHk(6={o`s6h**kQojUXFnswE@^@+>w^EM@nf~i`ZJs@Ch`iAf7~=
zXnSapbfA?|B}wa@L%hnfK^0%K>yYu(WZErmz#}>!H@kRdT<g(@$TLFNfVe_QJpI`7
z9qjM-G+`MhVkbRg(lfh<Lhob<#Fqr8oW%AT7d*r%p&9;XU7p;#T?-nz#bSGS>S#$u
z98nJfUy?K{#AS?g%`@IGzy1Ulp9O)+H>~BZ-)J&i+N@pgb-+>K>tI;RVibC~FLpKF
zT((6NKy<|POd0s~N}_p7lkC27MMI{Y=4L1!LQ=)!$eIc2O^ZP^L3a=iz18e{@tXT3
zo@p^qhK)5vOrA@z<~T3vV{NrjCpEE}CDMKYBg25JjpUj|&%*Mw>IrVt8^1N-W@CS4
zZ=oo7vrGdOpWdi%+Nf*=jl@ZDOE$w<Q<1G5Y4E+^$Nf0Z+Yk06dSdEuo-ZuISw!lY
zcMc9q#T1RrE~kM+)<&Q|Lk_2kj$s}<Q6>o;KKi**FYf_Xk`SRbrj;WcKIpq(tWxm;
zQ`$WVCSss*LMlIiI&?Ji@La<H8!CCc>Q(T36Pcf@x+o$RKJcin9W=Y)&-`Y<pX8W$
zo3IcrZ|Zg%X0#@F9nLCaIx+UZ<ZKJj1Ye%&Xma)0pjLuoBznA5vUgD=)oq=QBD)yt
z{Ji?TdB`rhBbPzOO$|}AsG;z>ABI|-N}{M<8=)R|Qz>DhUomrBYF?ryO}%P<`1VdH
zTCESA)xn<%iFmXj;uzIkFB29w1IJrans^qXkeTFLZyGrtzOhFa!HKsjddD-!BG}7o
ztq<#EiUKDB0M>K!^ss!M;1JUEWD)Y|yemwTx>4>YKoC_T$$XEhvSCC}6I<PeigE8<
z)kU}Huu=R%M^}6g^AU#8yvKGAbl3`G7e!FnZg}_}UiIjykeD@QYiur0F};RIoL!4n
zuXo^)r)YK)k5&1*Y77V<ASr7hcd<`&_*ojPEriCgeIED?c9=R2`*F+w5R1+#ut_<C
z!5%wX6Hyt9N#V86OLProc1bE%;@eD;kj%t<#}bk@T8cuVG`oaV+04|QM7yIS6QUUo
zsZOf><XMTpZU{VqxzfPRu8|SVMXoSV^;$G;kGXf7Ou6z73Hd2SyYr2{Bz0<NvUmsg
zI135Ax}NRBV<WpPeQmZ$Uj6?`j`3`=lpE=`)=*xZR9Tj!`3bQOQ@1g8>DenQ4~Ki|
zrCz5mYpzhtQXZ4vB9{bmcz4Kw;d{;sZ7n0c#c4Gw?rZn3f3btY7Fu;xBjl2!gCp1{
zt?w14>mV55Z~`0MFx-1BkX>w}w0SB1@?EX4P|_LIRcAa>hvR;27t!J5-e5ChdG}iP
zlih<)cB#q7H!YDk?-4oXN*;%gaoLl%eG*F^%Yg)Ko4fjSttLEd?<O9g9e2;F7BB<r
z>)E*>dE+Rwn%q8?;P}n}yN#>_&HIVyfg$1p*wSZH{USQk;?1S_kp#($xTGY(*eD=W
zox4N{1iDL-bul|@NY~b4y+xYxeLWM?SLsqS)4h<Ez9@2zXZXf9Zj}{<hUUF?#2Sio
z0w${WkY-p3Fc?eX1>Har?JK36nvh3P4M-@>dQ)odCPnSIAe0Ozj(xTLIFW%1)iAN#
zQwJ0uycdFgg_OpfkS)2t;Ej_G^in?0F>FdVwa_}1%yRN^UUqmp9NEC^oC}%>zC$=$
z(&UZs-a+>6aCC_;`A}v->}~G^aojW!Sv<if;ZMKeeHMv{%S7(2jj~x0ENw6qhDf3y
z7kz+Kvc9mmkjm(DMiB$4X@*yhO`TCgRlY9-3#u)iJjoZlH3&}X?x44_cDQIayp)Us
z&>rj8$4N?^JB8UL;!7j?4hde-I90jp&a*NFA`3^t$pR^UXymw=X_YA3{-8=4sRVUK
z88){ipAE>(b;6Mpr4T-3b<pC5XHq?onN$zZj#$HFN>ne32g#0i5tO-KzDd>D?G)m-
zkCa22TAzbFuN!(BkjFhy72rn<_)1=Jwdk;SdumBk79fZFW(~f@gv5S}25Z0QDVC?n
zgURBd5MVCM=x#oFN;|ngPfTrTUc%mc5=7~Ewq&8t!40M+%UNv1r5Qm9rG!j{rfJMJ
zP!Qnw;S|L&6@Aj9&r0#e`56-pwBo%9?OTUF+@SYV5(7!4sT4DlMyDGnPAgxIywvn=
zf@_2`kkv8+L69)J<j}@8@O);8j|uqjnjsL^m~pUV%_;;l#|rR9rm)CtP^Cbs&clJ<
zQm8`bc|D6;c`pXjr(7E%Vn=0#2C%!DiwTXoFX9y?vbdgB@;kXD$V<;<XqkHvsu#pM
zDd$CUsEM<brL%BsHa@Njfes4mUQw~psmTuvh{`P;-_(gP55=<k1BCNe+6y4(>vwuf
zO%7W9%BWvC<&^;wi@qS>i*qG$!?$s{)JZ?*UO8L6c#ggfP??O<PadYDcxsk$1o4yx
z4a{3sq@G-b8c{Imd;Q|XZJLAtl`)|DHM|Myq(^L*FOvyZ5UXsk-PS+x@n^Y^#h5U6
zyUuJNw|%em9H@ztCVQR&qdg`%OHWIA+R6D6pW*hkjEvPvHjK-}LkJ;(xmJm=VWxiA
z4#5jaw>K{ot1CEnfL>rOA#_igjAt)b+jy)EtqiI_P0FZxc?s0DuYxZ+9}i{ZtDNRL
zIk1I>YR|a0P%od}=y;0&fL~^o$&F#&OMYD2k=7IAbUEC<K^TalqUnY<RPrd*?;L=i
zctr&4kUj!uMF*~=rL>JVe(x?<`dy_+r6l#UhJ0sOV~F!^(IWcg6k$C8AYsRiU1`p_
zmlX|{0`(|N`hMOfWJkwE&5T!-fv@S6CE#M~lWV8<vZ5Axtb^1DmArr(!q~%TLR2M5
z>Y)z`AtN4T%1X1X%D7lEnbW=+>X;V*^2tv=YexHqX%;JaK#*H6l@G5VG(Cb94On>1
z0zrlI!U7?y*>Od86YhmxI9beffJ2_f8r7qS!A7Rqb;w0}j{17B(oWOKSS{*7W)C@R
z@hXzPj)-sr9(@Lwmw|kd&p>(#RNUnR23(uA#Dol>$qmt~kl)ejByPCR6=Al?7^w&0
zvJ6sSKI3}toO%oFT~uc^)I(L5x-pLvcoc^4xX{h>fiORL?_$%&Ei4(~CCxD!kf}ex
z8(BbWm%#^+tc>WHBr3etNpaL<QoiS1YeGEL%GD2QuNbXQVLRR_P3#(l{RHSFU_sX?
z47v79tlwZIToTV=JnC>eQZaevzSJr~Xsk^-NH;HN$~Uo;jNM-M8E+Kyom%T`6+a~k
z=n36dGp>A}0QI|YAj>5_F5?%8*Y6QNvJ8$&dw|uA{@&2DHwz%8{wN$n`^ni#_q*qD
zb<B)%8qsC9YGM{x$V`mzh;u=4=kyUt>?>Y+jZx>$0!(iPurp-~HF28Ej{-Yosd?o{
z)SlPOaF|S4d%&buwR5-8-D9TUfng8fFgKOu1SknQgL|FePmS^^?zm6&9^x~5KHlR|
z{aV5{5MJ*nAe_pjNg{78t6hrqQVj=tsjH1~#+)>4>j^>Ey<Np#J<w{u=gM;@;$)^p
zIOlD5U5flXMeD4F4Bd-U@KMzfIR)jh?xf4_C*^(|GzyD*sm1n!XlIoNk7Mu5NJ&n$
zm4#Pq*@7hDxTS)HeNvh<YO)PkSNH&}=|+uv>77pq3bu7MEmb9LEew4V^iP5}m(%~#
zvvMBg0(onz^d#n<iM@yAZf}Ri<j&`867<<T)qRiG@ioO+I4z5K-9X~K+N0YNt%Se_
zd!{eYDjI@ZE!c%Ecf%E65XP+@AgG(C&wH&*=5<PZb|wMPK;c?oR#4|<4C#;AO0gnt
zSID$wOVwdJmcad>W}rpgiIGO3k;I1D5kp|b1J)D(fjUr$u^if%TGQo~6<;YdRX#kb
zMkyzMOqS{_Y!-dgV;2|D-M;sHpbS(<3YQUlOY~V4%NRx%usTKV5@IK2O*>&M2#i|T
z>mo@lRKR*Nb?iUqput$Bic8Pi3#@vI@Z@5;9nMLjW166?Unm|7o`P6KGcRSTC07F+
zlDX?r9}?=AoNt{9w#8gzL}v|<6M&OF!0-NRpCu&RmHc7c5QOl<^QR}ed=N{bFSPV|
zQ?CX=$GtW28%&4xXLRormnU;onhz0%);b|nvTYtOal<rMzR^3Vld26W5|<<4F=6Tw
zeu<gFYCL2DX7`2^(vOGV(G(Ikm1P-$KD9~&Qwdkjfc6duR!Ad#ICwHKbQ4lr81-lh
zyR>28Dg%eq1LZ||jX$N%#L5y)&b!=U4t;YFIzCdk<t%%I=w7r4hk1^eNQa`eW%=AQ
zSAw<%*|79+CZ@IK9N@kOP&D?&Jt=nx0owf$F5_O4X@DM-I81xUfx}ITG5-IApLIlF
zU^0rPP*}Qg-jT3M8xNQ;6^ZiWID9Rv32tG#X+%$Z_3;BrnkOBvS4pdTT_>X}j-uK`
zw&5rm0ut8K-lRc&GW72{l3DspbO<a}V~{l~!+ipbTM{LTW?fJ)9itGf6Yo^QPEm9n
zZsvJM6Ph{+Di7JDO(IV4Lgb7YlzQrdW6yh?&;VSw*7Ka|m{Qy)15Y68S*kcU8z<*G
z+J(atWj3;S3@KT7Wp>laQ3P^em9F*wv#w&V`1(C*S7$kRx+(m?v;q^VU(X=v;(M(U
zwNGNgSDbN<`<((243GEhS{)|jW0uFe-RgHQ_oNO$qhs9?v2_Jw7L!3=BD9l}k^9-6
zxP&J;>v0T6sJ~LD<^+Ak4<-2Ws*#*Jm@1uW_5@|G4`F^mbTWDA-hncVK`+#v%ytWO
zG{`&|t(wSt3wxl?b^CThaW*7srwR!Sc$i+lYL6gz;Ku?B3Gb<*JqD(E>Rpf5uKD}^
z5ue3`t^A>8!d1zrh3dWa*Jurv`9|s4hF*`;(yS4YdK~RqL~vpq3;1gud$Qxh_&~a(
zdQO@c&+M`bCs|V}>UA~8=A5}!k2@Y2X2>PloY5($VB{v;S&SqiKdbOvJEW8bP_lh4
zjKmrU5>9~+Z!@y?^<Z^X-Lp3CJW}%osVnT@@UTt56TM5GyjoXgMO2qow4?{xmIkED
z*^X)vr$Ljqb{I!My}XqW^KgL_;Q`jQs+2tjNMTD{fXgV$@o_%qBF;TT7nC)gJ;Vxh
zuffF&n@D_3fb_PXgAzqePWI%x@iPCpnx8vAu5^(!ZDWU0(DS3W!4zr{mE~1*?Kckx
z9YVF0!w?MjDT}@*kGE}5S$5OP8ZRH7os?F<(MoMay!Q@dGrl{r!)HbDzQa?y6>13g
z&<P|Zj~aJJNA1occ70W9siI30?x9D$dN(|26ebRFJr}BK3ZpBEE%M0gfs6x3WAE%9
z84nuCWC{_o)nzEu>t0U2Cyb_5JXnM4p~6hBd}=X~r1>FAQE<Uy7tNPW(=Matua=9M
zABCuOZ*!sZu&{3~-DzUHBc>Ox@-4lDdum76{nRkFTpr6X%9V#@zey(A4a^9B+%a}&
zs>zIogDMDsO@3|hg0s8TdrMShNFO>24^^T@E{LZS5_zK;lLDRNE*jM}#4}dDsIlj>
z8{C?kWtpqHl=^IcV%(qzG98cR8D`~W@h8Uwucv#s8K-zX1Z&Z%TUpS>i5`WQEw7#I
zt~x;*3JWf0_7qyo$YZP25qsV>3<|kr))n6vKg-Hy4_FxXT~q``0G&6Eca;oJVF`P>
z4DbS(Ag4Gf@S5Avi+FVp5i2ZP)-%W-k;pSbdMNK@$+|d+;!`Laq^;dEmwJ?pH!h~B
zlct=$qvP)lhgb^B$YVCqM$dFu%p4xP=m+y8W)}@{U$@@?5^7voH}{ek={sKt(%iuR
zuj}N~n|zj1!7r-lw5sn-#}kz$HEnEJ-J+S7aITq;c7_H#@Gy+oG@b<)&E?Zj#GJ6R
zR~Dl1if;<Tk8Ws-u^0uEpXd_H`gjYrh)jDv4B(7{!yMSVEHl^4ev?!fDqtH&)JdZJ
z>}PlGO=jC$JulE~eqj0>$V^F2Zot%z^SmC*tx{Rsau{!*s4=g?h7UeKf5=U7p8j+M
zbYLXdm1X1HsUP@|O*~7+PmcI~JE3geNPew*EKNk(t8@MCY}Vbm=h1ZFyFEBF(S{fz
zY4kYCp?suaS(7f9j_#Py-ksOskoDT&iE_VMlv{4DIE1-+k9}aE>+N&58<z0I;p|Bd
z3+8-xEe?0_45LH(UM9b3aaQ9l$*2}nsTiF(F%JtIl=GQ*l8LYG@~T(CpA`pG*&NNJ
z-b-X^uM5rU02-%}NDJII`W!hu%E2L@gMz5{Jx+&QMYOneUbxEvAa^wH(p0n|+Z*9-
zz%WQo#=-QVnO@eNs^l!|fE-bw@FCM<LiFhM#wJ>%cblu}J!q-eN&xtNF6#xlUMjV%
zdQRZ}=tMJvriv%_rY490Camxx_PYEvsdGz8N~ZE!61PTqP(){e+<WWmu3+U#M7rE{
z-luC^;r$KreHIu%dviwb`Rf>VSB)m|C64zLx;F41Ks7GirZyLB<BMXs$1i&!4&`0z
zBVMds&n)i|T`zWBoUV)pVX%G|GU?-o4SD9fZ^vI!T5LlX7zBmx>dTyRK2P5DwC+x7
z+;v`pmk^r{?*Zp+A25Wi+Q9jG#yl0orwu9LNd}I~Z&1A;*V8ZrTOL1&<$WN$LQ-a-
z7Bx95s<$Er;NptD`m{LV@;s!vHvmz9lVd?{MDf|?(%^ZZ<(05+=VVPHJV3<T4nl55
z;_xJe0#^p%$oIM)wGn2oF+F+d?^(h;^%!miKm}Fvxr&EB@5{+zxyI+w{Ho^Fysf*d
zF+3o>vodYYo4Kozcl1`=GlZ#kASNSeksuorV-K_IU8-j@2HK8R4p}OMzd|k9;yd~z
zNuO1Q+@#_$^wC0kNwkU!!#zy{>_c}B-PaF|&AssH%?pM%nkFn%2}<&u2i!@H0R;19
zsMB=3yb5wM3=DjPXh0T~dYsdadfQcS(ac)rQYQ~A)EQUY&C968hqemBdf60jHfvF4
z-x0=K<)QKG*&+{-XmdxxR0~=Ra#2+z({}6)QJ=)f)Ob>CcVm`JZ3%1QO*R@&I3Vue
zY8YkDw}PyCI4+RYizAF1Y}zrhMvX$IU_spY&S_?{JcO9D2G$U<-dwEsn2t+MID!`G
z3-PD5z{4bpA|VR0TwLXki>NtoOV+AjFfJf|-d(V~$3g~E{kZ}zz!Y@gU8J6qG4lys
zpT|Z(xt|;@@fHWHy+jMSEax+yq_e#C@X)rN6;~Oo9^(<ESPr08r`u1I{C#&}>&BG0
zy~^N>HmP*gCYYASE@(L4AjJu1=MbHd!DKi^=e$~)>^M_+KG?b4SEqpyt-Y_fAzsq)
zycE5aBuW4iJ06=|nJbXTgqUHupz6sMh81F}`%Y)rn@-FbFYtg9AV)S0?hRYy(+AVi
zW4@V1Nd<_8QMTrTF>?kJ{K&%d%mi(#MJV3&0A4G=_^@ilT3Wi)5nXf(V{Fv8@yv}v
zIHJHzo{!yDCX?}j+e^{sL+AiNi2F`dgj8~P7_1+xH1Hf+zW3H<w=G(-5K+g)-Uar6
zE_S!|j*yXFyV?!M_SR~hgTM9sxxSTTEE<d6au9C;1hfuoLp_Gmr)@UQ=bLq6Sm`$#
zkB<}kSk!<E0Z-K~@XbzD*WNvJNXAI@wz7aq1zlBmBZ%_N^0VHE<%QvO=XMyAOuy~e
z1AbAx(^|@AFE&x##Z#9f8^Lf5^f)Dzr4xC*%~(f85cPrj>i}&p*X;m2n%QAgD>{Gz
z?YeBuU9#sOShRA7P<*lDHBdeoOhD~KCQ{T%xibePT<xPu56MgBNo4^IS`mw9jQK-w
z06nR)S(B26N*6AEG+yO^Yk(Uu&9|8&QH^bgkA(_&h&D+{l;X<awNbw^9Pt#b8Z|8R
zTjHI!G@a!BY?N*ahp*_lFbDwGE83^vn0^P|qw@;<e64H)@@3(UC1c?LK9~3Uo!6ac
z+O1k>@O!;Zkuj{`2lNZ(%s|V-9fcM-mCAjL8DMYh^t3zel=bm;yauv5uSPvkcx$rD
z>K1v7M|&r|k0d~jTr`2OsXHLq1&@22l`>an{S&6>XRhQ$ot?(_EZ|k<5xt=Sk4Fkv
zGs-7Mmx)#O00X^mQ41FV1t-@{CZS=JTB2zN1e#mZjRCO$ogd~k>!U0nM<=W|`O+)-
zb?EXLxN<i0BIpGZA_%T=n>D_`I++TgSPfCD(?smkpjTBnMCZX;Cyv~pIxeV0gDFUY
z02D<WK~XpS%EkMkKWo1OIUI<>0#lhbPb4Yn<he?4!0Md2L=%0~Udp!FSIo@ilFVo1
z0SY#tBVftr6r|$jt{SI%JX_)e-U6Lqq9gl`V=yhpXyKq}sN^6Z`}Dm+H*X0fT25zQ
z5EPPln~tql_p^gLH;^a~JiY)?0KiV}Jy**!i-=%aLh3}L=O)@r^KJ?I!X4jGT4te;
z^z)q;qw%KLAFq#2FK9;uPjxMvKP9^QUggT4tGpeh$$59-p8NJb>)w%<fC_}q3M?AH
z$h=wxS6en#2ir*OQFhgc17>r$aJ>?ZVYW9!$52)7{zCMzG^tLL_!~nF&9LOf5V2)k
z;n`(>iTqvw$OYxiYfc+i<Uz==jJX6m>j~CNmZt<tGxK7~FP3;pVKV8d^8wh~d>Q<7
zd+Smj#g*E<X!Nekm!~^i$M2t$Kgvc6K;_#O7R%^LYg6l#pm-D9S;p)qutmI)LFoX`
z*sxc^NDm^~U1t-sxGQ-)POdHY-NWvAc8a*2tWWC=`1E_^Z{s!Y)jQ3b_M4`8XitGp
zfTUT=F>HR$&0<l)KsCX@9Ueunm3N7f(=i6hkHp8DmUs@~8Sj%JqZ=QLjmP%NAMNw1
z8608EkeeA8rna~)szguQ2J)djjnq$^_E~=R#Rv$BPt63`#L_%uQSn_piFo<0E#UYR
ze4?kA69PvnxZKzAviatuIhfxeRUo#AyRwG95JB|Vywk_-hshRYQ;3P8uoynm-F*Tm
z0YUua&JMeLaPYAXgt;k$+h}D!F?d=Ku$Sw-E%#pOJ#2~W#cU(jlX55P)WlbMbt1$w
zAPRdRo#qHURKYY;@4;<udt}OLyaYIZFJD&VyHy~8F<Glcy?gR>TAAFQz#G8hcj%tA
z1F0LSCpR$IYa=GoahIwEc~B2(9Q42!6h$>)9J3wK%sXkaUq6lt1$cmVy+JErOBF)d
z7ZJ+kY`=IWL5)KfWf#?@Es!M*%oBhx9>WkjbtFL|c+m8=c+~xn-oO>G)WWmF$3+t)
zUGA~e)tsFC0G?L8?3Y|vC@of{{K?ZlYtZ;Vq0kf4RoPBJk)x1<zU*;2(u_dF9WnK}
zH;6h9A1*x-tK<{j*?4y7aW8Br!!Cz65>AS7d^~3C_5q4oM8C4qy66zAgi%vEX{r`{
zVQf_;r1Fa61@s-Z+rFNA%@s19xeHP4SC{Het8X5eyEp;|)-?hij<=F74eYFw=YaGB
zOPb@$F=csSu@!MI@^X7;u$9V(w2#bLII&7Cjj_$LwY2C$jt^cbPgbKaxgu?Hn7|yr
z-2enUM9GY-iaTX`JhL%bRe&J8Sfj<&(-s8D+>Zdpt<$_g<M9AJ$}x9a)(%*29t6mq
z*qw*_3n-^J#Io24PqeK+h|^|&BQJSxbvz$5w_c@_y1n3d@#xKy9;*|?@ztw)_BNaj
zY=HUP9zpn6lH&nyh!vO{xb4CF2KrfuDDj;Ocri4+Hs*MxN{`57`j!Ko+x(2s;)syT
zVwK3WJX@VkQt(iSYwShAE8qcmC(<>(ejO#-xT#gE2?J|PDCnz|EQ61M<YH)gA-&4#
zkO?wQ#TJS;;~s21Xmd?*bWGd_8G5MC&+U04)tn_47rkrGG!X7)cg(d*jJ#B7ZQ8}6
zoF$Bx#}9<lGZ4$S(Vx1?uujn7TFbsNN9uSfpey9AN5ckK6*Mo^F$W>qSpvAq74tj~
zl(lpzqR2~;L2!sqou4Qr9N9KN7mcf2%NT2OxXr#)0Ye0Er+gW0`RW$;%_z{s=HqE=
zxdE;HIYTV~wTWw&F-y7-o;jPRl*oYfTW~@rnOQx*^U2F5OF8$e1nb_rC2@|a!AAu;
z_lTqbp0W&>-(rC~Q$Ml9s+I2*AD`6-U2&(E^-^-s7VmI27o2BX94>4i)!b!now#By
z8*{<b`1Qs<HNn>@cseJ^B6-kqqgfZ6y@^0cWY8qcE@{qs<$RQF{Q|h8-qpQl0Iyf@
zAyJhrHm?AP)eSE56j57Gg+@l~b1rl~fkZA)PrMd@n5Y*%wecQ>*h|xAnGG*%{b;G!
zh|!L8c%Fa^YMGcF%hQet&S#KsZdqVJC;jv?MBO4GMfx^kjo+q-Y_eG;Z4`6&2zZkT
zKT^cJcq>9I(+|Zg>Wv`AR&uoAa8%sVp=ew_Ug@MIdIS9Uz4USvAKF$;2f!DmM|d|!
zAO{^SKancXSwV=35)U&%iE;9DY_b}Yg|eWn?4@9mz9d+0rPm^;FNp-JMCdI;uxCc%
zQo6Y|@O!yU+eF@WTw-eR09amqAr1Jx3;Dp^ETt~*sVMlS+FN#l#urRu=+=D)ejJQ_
zjkLmYRMD0ryH)!NQ27<RcAks$YoilyTwbEUN#8e06S^oj&LNa5{RjiG0CE%rdMxuM
zv!mctDOWR#MKA_VC@_W5z=kb=c#TqX93+<{976NJ{E&hOkb_2*W(?2CH9DVF3V7KD
zuH)kKMnj#Z>{|lodJk}c`y4<OZMP3g8Q3^wSo&t;cxW%)=zvHCgvZ0+@$`p2rQ;7M
zouA@7fH7pFF?K)VXN+3vp^aq2BKHWvu(PXO7Z@eWJ-3~4Ld(kY7#F096_Y_(>d;gH
z57!iC<!6^iK-YL91T9jT;*g7L<V=DHFsx)f^#92WSHU!CcnM)bxg1A=*2B=9CEL<t
zJx9PuK>1l~``P7OLd!JuWy-|kPp0@j^QigDDtjrlMDa|l7T(aZ)apKn7(D<O;MbnQ
zbOJlN)gY2~NK`Q68`Z=vq&uCtZ}DxTuRGbCB^I^YHtPuVW1L-oa3ii5Ci12q)NTqK
zvm{uOADVhn?5lSNGBZ18f`_xG_~tE-BTObGbO*4YUL;eVDi8{}pn1xR6+F*eWOVTM
zY8fkq&VE`I&e`Yz15CPS4*ax*ZG+Pa`~b7-nv?v=<^rEQ$N<!PS6(NmvV+e^uML+p
zInqdxjbbxt+lfJ=uow<WpkGmzyEMF3hKe(F-I0rsXZt@M#zJqopJ)dfp=-aVsB!ni
zLU?P^v0>%n=ly7@Ve_s@)N1T?!$W~IIeIfIH2YLu3n6XMh5>rc%;}3szzG}3*e4h)
znD*kG%mVB(i{9$;Az$dotgRjz@6_}DhWb8>lU%POM3T4|EJHXgqVo!)6IBHS?sK>&
z-dD&>ZUr(JuuRy6QJHGbs1jN{YXb><(V3?QiqyO^`5lqmy99Y^36G(u4Lv3J6%{Sj
zWq6A8lSEcsA4>(Y_qtxy0p+D|k7;DY5rUEIN`g%8>-UDjYC@Fc#G5_UE?}{YGOvfu
zAEF(gs*3#&Sp<+mpVTA9(G9r9o+5cgaJei)>@Ro)u#}#>S!83lS1!5oB4)M;?ag}W
zK;^^82l=Q<7U7PGhhmCOoCsv&q=90>MPtdVOwu6B$p+`1MtO3H>M>LWmYA`~4K@9v
z<x9|twBE;UgqCP;e$Lc*xt4I2j(S7G@StY;UgpV5<yCT?PI-1jdAzFu5z`q~9*_}z
zSup{eB=-!=MK!buTAALQL2B<AaMe=>k<<bErutc-6zv^`Vd~=YDjMWfPRPh@N7QN5
z<5J^lv>9_iRFoBXvwEWCT9}4I$HWe94?Ww;27=&4Q0=p~oDvx7xrd(k^o^=0!XOyz
z26p=->EbzKYNVz5YjId74aRvm0g;r~cu=9V*eO{UwD>qNh32rujSW`Z@k)4dv0$9x
zp#5U7fLmEA5g6OXr|vx<NPU!vqU1#rk*^ux&h+TX1B*QOc|~?4yQ+=(|6TI=(2#pJ
z3sl(1!C5Q|qlu7cQDKUP7CbtNEX$I6KF1GUkXDCLPz6;7N*79OVvQvvBX@CGVm9Te
zpTJlgbhHujn!wq>yG-%A{Fzg$$JUx8ZYC&2$Kt}S-w3f{9P%wQWqZd0zZL|!%6n#J
z=(Aw_IQ0?H-7uv9rVBH3q;)p6k3U>;DClyuSHVHwIhFKtuB!U>M9kGblx9Sy@a*W=
zJWOPw%i``C3UyF6d8JP_gV_krWZ3iB0Nbbu+ab@uU8cyT?2EHJ7*rgW&1=2~FUrt5
z&^IfFfQ9J=)KnUZmpVLXsN@BU>X4FZxCZ8ocokgSJyfGQuvsNjl@-9FZvjkR^HKo>
zju}-SH*ztVP14?-KQ8Qgmw-iYa9KMbR-f*?$&ClcZBtuHQf<PQUE{-1TS@n*u^GGT
zdSDkCkypdWP9&_M4#y=9+SC>u;N|*K^wXz!H~Zqj&_LzE1}KtiXx~cN(klfxmO08y
zilBFtHWyL~mu~p-J;Uof3dCM3K`i_^TdxO~JPW8zfK>ZjXY6fL-FqihXSWH+F@&Y5
zR_Y~WB~eKhXgBV?6PZ3Q7*pj$URgXZGM82zWjHG1JfPS?@BQS;-?fTHpRhX#&k-!0
zo22^A^%4J%G)-U3Qo9&wVb=`x7jxMl=FbEC)k}Sdw%Et$#Z&<cIqi<un(GMC?!K`-
z4|5Ycaxodm=LU_;Z^v-p<#If58|&!_KVx-~_bk-9FpCZODeh8j4joS+I=vX$+T&{W
zbd$!YG^J3Tgsn{nSipKGPyib<+}WwqMaTny&U=QNj{?UOIs^=1iqqiY;k*0)5_mCf
z@_Nx-tvm;sea=~R&mQ4gwx}I!i9p2adt2q&^~mG_07F2$zXqgYtL6|N9`Ez$qUSG{
zHnSDw?L3~>@hVr+RQ$<Hq2?$ncylX!Q*Q&nxU`QDvQ>YAJ&HZhr$bj0Jxr28YrD(1
zobOIZ--&j(*8?|5s=X9ogK4>}rSOmjQ+ytmH-T(fS@1;h2w<SMB8}c6ce-2Wp?`vv
z&w}-K`uV%7fC@wO8KBGrDr7lQ3Xr9)c_Xkr8n4Le003QD1&225X=}ic8ExaT3&Qd%
zG~-uLKxS*RT7Du6ke)on#?ZSu1x_F@W-t^@0H<+-Br>V`kZmDNi?R%w!?}@`C{`V`
zie%L(&*d2esewxzjVD~&a8PxnR^cl-l{H)g>6Fn9_EFuTF@kzJMIlAZW@P>Ja=;@K
za$pIx>v<hyAA+7o9vREQw!IPJQ14D*>Uo_49bCww#`J`j#2X2%!4j<Q6>KMyr$La~
z<+VqOJqmb!Ew_CmRK6GDdkDLr;AJOW5sz}hKztk244~Us8=s}(?#~md<9bQV^gMRN
zVvsX=F^NwOrZI9Ku3JcNtZKZ;QkJriVAh<@Bv71Y<(GovDf;#bC`}#m;N&$RgO2n=
z+RWBkkx#PvS+xS{d1@x!3Q?d`m#^cFcJ?$v=qtPP$HwO@yX6{Y3eaazV3odPp~$#P
z3`^JR{E|Ec@@fMJFsY_n0`IL&%nB`s$P-bh0B?`S6cLcG^QlFPP~6QashQ<OW6z#L
z^kl40PqAQD#YUs;C6h(gJTCNC6ONtN7Ec)xok~%I32=a0iZ*jJIJJhmLHA_RFCP_O
zzEl>8mQ<&(AOMSb0xej50Q(9xwK>p`i3&33#^Dh@Q&A`f7N0Q#kFvz7?pRx{ICtFa
z(T>+l=)|5#$AP@{3{evMS_XCOCOCwfgx+3uzWyIz2vl$2wcZ#`Qkos3jRie*arfUj
zmiTc&fX3Clfy)MPkjw$Q5nX~RN7NEF%?+s2>}}_!Vj=a6t+MM)AC*u!d4ilTB@%RX
zK?`hJbJxy9>l)qn$v0a6oU@_9Y=b5oa4$2eKm?Gd_TH)scgXoDgh1VTL#@v~;eJ|g
z2rHInqt!cdj$?T@3j4W0sNIW`0XK4XDn_dct(T$)?b)gHO5}k=OJp{k;#skDsFum$
zL=fKbN+^SpdG7{hraetc=O#L`jh<S4T4F2-1q#aP=_9&AnTPP^(M-%i(#=^axj>|v
zViH~QyY!hFUsROnAOJ5RQvr;ogN;KdWbS?0VkcuS?4lz$mhaTdV2I+}1hCgdpv>OU
zYn}9**ZUA4J!HJVFL5`=noNtq48nj~5K7?O)@Yf|*NFYxnw(w=+uo~Mv52glK3P1n
zx9Jd%=m7L*o?U~uA_2T~^b=cyCY33c?t5FFeyKVeCHD|V54ywN%h^!sP|1<gAgk23
z({DVSoN3`mEhajw2zrF?F~m&DvGFHc`>bE~P+62Hne(-IVZh_f?GqQ1tVjI}1DvRz
zy2&&gj6kvGW;8L4zfBt{T7hi?5SCVy$<0k=dzx?{3MQu0L!smN3g}8ju$2+qTy#L7
z5LS~%#H{>fcwTw*u1j#oG{#!o-U0c$zQJdQ<v__5!Frq>$z;B`y1-aS9x1fM0zLF5
z<^^LxSJsrkq;Eb!LKakR%F^nZC)mtBZ@9oMTP!8|J(m&XL!IOuSq0k(3yFuUcLjTN
zG)3T7#BWZvBpxUG6TLPiWXxyo$n9@*l-R{gSll3&(y8qcWW!4ohFi4ovpt9<l5~}P
zxey%naQTe=%2V)|O<*5V`qeMEQgP72tj{iUHvRdN6pcxuG-;XCZq$gUvml~rWXqEY
zmUTEyQ((X+qjp`*UHUSc`E75zTE0eg*258+2h!#CvOnSaXA#qKg`uz~iCi3BWyoS&
zJY=2b#=xe2%B}2$CRikt9j~%qQ$F7eh?@g`M5GLu@K$O2F+CxG@kgbuTxEb4V{M7&
z+cA(!;+&~7`Zh7bdYrJhvL=!z1%lr2-lVa#;xZC=z@ljGDk2%`<b{~>doKggZR+ja
zCdbHtgd)6AjGCvZs8u)VL?R$p1rt!*=rEX%NGeds7ghb@Lit%h@rqn@7Tms?c|kG&
zxT}njl_f0Z4g*tn4|d$dkNd%`N$eF7GWNlGJaM~qbX&P<F>@_jFYr)&9i(#&G|%>`
z*4owRP(f=1NAAe=I4w(k=Om6?w(tcWqSdXT(eG125M=SoI60}7d+)tA_Iqre0LRc&
zI?8UNV>>X02yhJ7Rj*Y=b@OQsB%|qzlT@5eM(m!4XQVa+epFbG1JEB|Mt#za_enPa
zogk0gBcGttW1j62@EX7;G*SYd#Q{V3IIoVMKCQO~9=uVaub%rrJ{IW9KIDX%TxnoK
zT}c3cO%#r&KsJv?7Fc$1?>(n0FD3H~<dz9$)Msh$_49Yf^7cvErh<<~?=l4?*popE
zr2*on&i6z(bUe}fg(9*L3K9qhAzp(W5WXw(RWKvsbK6Wes$I_v(eMb}dPpW)uXs<W
zks0uT%@&I~g|Ey+T3^_DhbrwOA}-dzcTUWWvDfGQD)oTr$zeWQ&{z6We85z%b&BV;
zCdP9GE<lrUdxKgQ;9CuhrigCc<|0q~CAraUHl^~bqBtQz5y%TOXnLM!Kj$v^0}7@V
ze+Wb8&%~d-+N+93d>cp%kzm2BEFn>tn)i-LDQk=cA3c3EnZ7FRcEmx^$e`dMa5Yuy
zG^z|1%qRRPKkz<)&vI7Ovc{zmME!&aL0goHJ0Cpqd!?%;>*~0~Ngf_-E;TtTq4I{)
zXdF`7rG|xXaN}-ru*p$QfP7<*>1DPwHQzczHyQM~ibE<Ont9buo*<@Ri4Nx5Qm5d|
z7qL$#BPTWAQB+*s*;TTbdQ>!~nAJ;M0l7JowuDqJoO3Kn5(U6InB#?)cr9@%*fHX=
zt?zNwvuLfYe4)DT{zjcl!Lh=P)z@+d_X4&C0&@L{h4ge{@j+x*w9oa!WFJqVo~ozK
zQ^Ix)y0`Db1$O4COR_3<aUdS5442a0lX4r#(4o20EHLqi$ef2fU^RS5lxoB`%PhBS
zY>1_i;b;4P^3BIHngT?0&!f?#hquvXG6HnT`?)1iO!MsJjbXh_da0+mw<f+%uKj>%
z9rUo?E?_KDxd>?w?Pb1<k_f)eWpn@L`&rYR@`#^BcL@{R);3r=hQJUUm+G;zKh4`U
z7CivN6kM!o5iuy~wr#y2h(@cE+MBV~O5ITJd+7O!xJLToS(dXdc`{Uuqe*Nm5jg^C
zn#gIy9LcBxfR${{y?D2KWh4)5>kLY2(46?JE@4r-9!3u5$>S{CBqQQXRVG;(3cH2`
zm1e}P>ZR9@p#s=+2&~uPZTo9%j%uuJ_69ZCeyOcTJG4^9I7mzeAqLi>vIyh(pu8Wj
z`dtX}^$`|7jvjy0yW$P`@`SuzV7e_)z!(_@CKx-X3>{s0`=RuL=*r6ZZLKU`NsJmp
zIAnr$dO|-qF?_{6D+Ba4UY5r}F8%`CgFA9}dP&1VZch+O>lwc7Xx+*XCL<nqLEK@J
z09kyrqkF24?>%6aTaSKX85b?6n$PU*nR*FqynrhlHpT7K{sxSng)MEz**Lmev<l}c
z#Smkj#W23|3|Ds@M>tT+BaU_B*w{4IR45?hr=-ow*SPzLvRhtbI0drCD`kS%xw#jI
zS%Ghx)+fPu=x`pPAfA}$LFsM|tw(CQ-x5J0T=qV-x~pqif`GQ0NEZ;rBc&XZO?O;-
z%;#_?;_ycHEHQblJgzSt4s}j=ut0QI$yP(TV&QI3N-?x%Z0Z@bXt6y(b|LoVaHQg`
z*unP_uxOJdM;0?)%qfmE9Ie^nO_OLTxl<}^bX8o_0`xn2Q^Oi6;ZCOkt!8hD<P@!%
z=umO=G@PHjU3{yr6acd25iWF8tJJ<n<8u?-0>FuYd2yo+zpGncCTwBH!E0cR-7CVx
z6zareQ#tc(H0(o}w2>Bkj#gf0V?9>Ls714{DnWLxpg4#_vLAvam%5J3_-GDeaVCv@
z5`O$iSZ@iYuO~6-#rn$<Sb8NVu=S+fsAV33xI#KfZtv<-&LmAXei83Amlx#?z$7Y=
zIKfVNm=iXy6~MiIbPa`a(*)ykWzYo8gstR@`J@Cp569LE1j^2%t_V)z;2zxe9gR|C
zH9wIeSHEVNaa^`7d|3?lGTTVzWN;dDBCPkC$4SeDdpEM-1pts9x!Ns^bKV_U%@Tq4
zd!Vha*_g-#f)U)!+Nj*>3F|G$CX&_8HE2EyeZ~-xFd{tZXJhYCvUeR}*=%RxR(m0f
zDJ`iHsy7yvp)~eHY!A)UBQH?kaF^|zAhv!?I(PKi439X;#VwiBU(3)SSps$DvsG=s
z(_e^Rt>OQd**DcUOrrx28tgIu|CsiCeJF+lmpA|%L`Jdy|MN#6YGDi9M08SzZmWDa
z?zjR^?TOkw;8|Fs-luCAFrSF&eFq6tyAv|trc8{DD<UAFFo|ZJVF*llGr5uD%HX9z
zB;m1&j9mR7iwE#MSdz!MchVv66<A!QgsE}+80sxEuBakH=|dF4-tO}o&}v^n8~}4!
zF>~LE#Fn-{!t5Q_wq`X0XkXj{pm;#Y17ykJ4X@n)Zus|-oK0&dN9*jYs80iG@`U&R
z{lU;8vUkwHPKP1BePty*4>*)8Ys%}z43B!i!fs&1yP$&igwy?mNU()<mHF{RzcCi(
zqjwc=C28pJ3Po6o7oS>(y(a|}7|iWu4|3kHd62zJ=Bw~A&!_$RnR3={wzX(9F28(2
zD`f`#1o+$_V0OVIvAJCu`b8fT)^sb%#olQb-zuvEaBi>MgT?LEDWaT+7gbcy-JwD_
zSI4;kUQ(>p0J?v!E!N9xFr;QgK|S*5vDdV5mi2(_ctwgC;>IucVWc<75_r2v1hSKz
z=X6(<hdOt$29yTwO5lL1O?O)PEUN9U=`+Us`J8+C(lMHSZ<cZb`RV``Jxi<kkOf~B
z*+8RtqI)Uw!?hEo*QHwY9;=zmb1i`lr{;J$RoB85`Ffte=k%T?CKRDSqCD|?PX}Hu
z`l)K0*c*}N8+2@n)$W_sxB28C=fqw58uE>EQql4ZF^5i>$ErRw=sjZ#&%~-87UNB*
zN(S~AQ!YAxnbWF;?8ON^A;j89HsXfOhsfv}kTP?C#G23!$*&FIR}X*sV)`Z-Noo*Z
z`f=>i+j*du*<#x73L2M0)o>i`n&fc`ofN+~qh;dRXL{VC(w$BZY$o<hC#9@;%NAVF
zXdk(QHP8U!UEO=;^32C#np96yYPAZMGiZCaa_j%*;(z}A@Ba<QfBfq|^S>6!|4GKb
z|G#kCMN=iO`#IStDzFHcg1EdLd*u-Cbg$Zd3sX1yQgx5?b>VJ?I{;Tagx6P)yEl~T
zx`3CQ;_LbJMW-k3yT}z=dQ#r)_L|<bQu&YqYUCxINmihy_=Itw`;#GAO@0C{MU``-
zbD8}lQueB>y167qp3g-BKcGcuug0#!gnB7Ru!+`_)|X={CrXcv=c#vhdL95+Pn;~b
za~!IrI23Yb&0g->?y+^jb%v?c;!SEW##{y2#vIsVFAUYdtlScZdNh0D^1OWLotr({
z)K@^omvHR%p2Ctd26>Od4EL^g!*B;thNAnxBQ<Hyc7b@WE$>j?tKjy>IaM01h*CMM
zLF0;X0R=thX%$V%K#`3uWl;W(9PsG4-WjyS+kClOiZAW3aQ3|$6L35UdLT#3Lb}rs
z`mhi}{8)M1;~rK50twut9X|DK3bkwJJ<5%|BlU$s1IW8pCn%wpZvqXU9L*i=g4V53
zJtQ{5;UsO~m6s;_VC|)4G-t>Jw#abE#tF_q$;S9=9a-;nc$vQhs_>M&fheE8BYQo!
zCH5}IfA)xZZPS{;0PfAYt`X)tYwcb#nXJ_%<ad~dK52V1&242+vX5mdUUxjL%}0*|
zyX$#A_Y>BPJAfHpd;k?iC~pWDhd_$?En~5y$~#JF=Ag!$5oSS}NfHWwkCn<W8Iz?p
zi~>sUqq%%`7J$FnB+qaG0H;l?;`_zdi=Fix7*Gz*yQfml8r2c1S`u5YNO-RuL!)Jj
zW7Vm$a)Ic1KD;3VUq&A*6JEmQGAWg{c~MeKV=q8;t@TOB<dODEO*#X>U47ctMX9Y(
zxNQ$P3Gaygz0Fc2@kb_TrOrX##>~&*C*LTfZZN>)vs46u<sQ760hw6{z)iY$YNB@5
zQD>R*B;Y7IxQmH&&02j?0hUdrHW}(EbMfHD+ey8G=kUxLX{0LV*vKJb-AiPgpzWLt
z9*;w;iTcBQj~mRd$+OF}B&S~8>5NKrCP(+<Gg5aridXZl@ez>angS6MDDQ3a#Hi?k
z#_(J&6hq@^X-^T3#{ev<7nJcBZPhC^DzUt`5$!Tb$JlG2Mm?|~glc{*x>@>=e>k6)
z5kJ!g<oCuo_@%u(gEtgUA6FAUq6jk4T~fR|7{j_N&#glsP0h!0w7DZ7)wVz!o{vbb
z136+w?#IP*6|t6ENcU=b&)Q*Zlc^MxC=}>{nDsh9mp%zT#VDJ7xIoGjWy;>-Px2Z-
zBrds4Lq=!ftVo_Eschs~Qitn#DXdNF)@vRIN!`8DtCG4|!W~=2zNsysg32<zi112W
zAxBAKEpXn;wa}lSR4J`&YuzAwjs&94kLG4^j9A&;19tFmQGmp}Ca4H>$s<{hY1-Cf
zcbK-Q9D%v(j?E8A{7aJVza)X^P@$?&kI;Ow?8r+dZus!z-2i6Atv?gb-g10=y`9AE
zd=k{V{F2#p-Q`_p+2rk6DQw@?jlo=>xYf&h;z_Qz&+yf;JxS*<sZ!Y|uI;#KsC5+)
zN;)0(l0#A#fEW~?+bH?QO3V$_i&k&%%~6#sey2l9k_h_16z58TOgF=d9GHofh_!W$
z6GI`LG14^O4<(L_WwOz<ZM>ReQ*gE%Jv~YA-YZk<+|s7!bbN1MIcAy3dzcvXNe4a+
z#B{oYiZ&LF#Ip80qb%H%qtnx5*;fTl6ghJlsD+-!XYry1AD~dSKYodz!6<ywx+n(Q
zww+Z4xHBEJ2US>aDv;Z_dtXF$N15u4ad6QdS+-a?jF3DDrV&}1x=h8Md&h1PnTj+!
zh)n1rIVg8ofvl9G=k}`d_|~1plC88sf*pMz13f&1UNkbrj+^lA3WpyLTxrL^9Bj!$
zC66^~&D`=<d}zfGC^}4pz1r8-axche+?vLn&;78xUW0VT(vzK_wi$EKo}4sP?ZyfO
zo0L^~I(&zSb%7D1Wt5FJZv5zt`k3Z6tH5D$fm#a?%2Oi1v@=B1I@R~`z{ijrxcnV>
z%CvP4Ka|jipd-NYhI#KKI$DK}Gl*;BHB^Xil50V7Ntj0@c}I;fMgx<oXIepDXLHX5
zDI7U**1cVe+mpAoub<BO!w*Tmzn(Mx{Uvp29x|&&mY6@b>rN;!GJi=L>3xwi$>U~D
zAa5K-4sM3bpY*vuc)Iem*Yx((BW0~dS<|j;j1K}ZUeOC!MK+1DEt?ILeE!Id#RCfW
za4mPtQGFwHEZdBS?fekE-U6i6pddc1d<K&1SYlV!b+?GTblk5Kh05LdDnQqjoI!~f
zsOmz1mUZ0S`MrF;P7B<bT?&9fM8of`AFYYkFlN>Zsq?3ZH_-3wM$p~^MJMK{NTO!I
zcSQP%akF_~CsAEE6t6Nh2RJ>}C>1DMLM65-6&eQ!D!Yx-5Qj-PX}jh8K*@^FC>I~J
zfCQXZU<-v<S;!zwLevbyFz)MN-v|5bR&JnNx1MLQDuT<NpsWEsOgY4hsWX1h^cC7T
z-_ts#D;+WOXq}{59|GANx0>#Eso5^q{nkJXw~BVTs;+_8uwJ?^0I>3pX6fLzv2Con
z-VTRCRS4avnGFnTdHV$BRnWaGxZdOCSdgk}^g`UuU}{e=(;YsFS9TrcYYh)xQY7Q7
za^2QYsJRIR3>zv#26BO!^xPpsQK@!8M1q_=v5t|oi^DN5C+{A5*VZHcC=}l;*M@5p
zA5Ed3SdfME<K{Q?mbyhqiu38qP>dY0W$LHfEOD1BT8f6Y_cX8LY9)=*hTia#qP^!y
z1xu7AbL~}bY^7U=mikVgx`nhR>g<9%B_{g7<a>{S=VpJ-CM8?pw$^oR9fJ&cLr?;+
z501_d-K*DKLhy*L`pGQA8Y4c$YG;e{kOU0{V1Fh^At(J@gpEgqpVnhjaPfyEsWpt9
z52ho!9#a`*=y?+1+werKs@Ug=jKx=}-k3&jaKt<VixVqv;1x;D>nj~zTwvB`{!6^&
z0YOZaEP_89X^FrgQw5~8bxkLKUMy0f<4$Eu(g8-PI!RQJT@iHix=*f}TuI79YtDzu
zo_GKbl7`<ny<3R9;-lyKa2LtUgpLAWpSNA3zUP>L3OF_EJr6R{cm2tmJ#9rOflwOQ
z#^ZatO?hM2BNVz6(ewZ$6dE(@9)s^}=q&mo+-!sym(;umLHc66HpY$cL5DuXEuBuM
zZt_%Wz<n3Z!X!9ummWaQ4T^3Tz<u<(TS)_yyd|L8%XxRzpW!@4nl4fH)W=6pA_RK?
z5y)4u$@9H!-iIR4*szTB1|e{XMzluU)?V2RzsBN+6T<ewTh_L;)oGJ%OuStiiKt;T
zi=LJv=wxHO=j+<#r`vF)U}MnnytC1$9l)Xhy-F!w2&;gUmoBpA%dvcN1Y;NZ<Q=Zc
zlctv&uh-AKfrWwAz*3b@0)5q=&f`Z6tBACh6m!jkZsr}hR4xye?{qoXl-@j?yzD3#
z4Bn^Bya<Kqtnoyh&m*Up&1wDaXx}Q8%Ag~|A<WYrM>~JA1q~mZd~cK*w{PxGP^_+s
zVe%PpiZ}(<i^Ub)iPIC!HGgD~1(XB?3LR+gs-RfJq#ix?)E(*|%NO}z5|XMK9gM?r
z1dc2b%!KolOsSz_eU<n*0?u~+2#6NKF4Hy{ir86<N`s}Wz{%JbThoE|L`rYTcS*RR
zhy7lXUkRG(jW`N-cuK24^0G4y@>2Ur<<?2&Q4$i6#n8M*$SFVWniqs1szw1pyC1)8
zSKGUG(ym8IYfqaqMe#1Ti}kLI2kYHDB_?8iNTAl%o3vGZ;l60b)UO@ZXIDocBFt6u
zfj0sY^0|T_&GUVw{lFS~&EkgXrYj~Ol149PB%it&c!0bBwg`a{S@(cJ7y~ia*9V~R
zICTKW?CQOSB`=6~``)u!XH){3c2x_t7i8G6j}#*y=#orCJC0#&qq1G2bZi~a8DcXi
zk65|IiDf-Rbn>l3X)ys*th{T7j)xrkra1^xuGZ$%4hPEQbtPk&>`GUfr$<t{Bx}`W
zDoHZzDk<u!7g&S77lzi3#gCsUY}k^T_G6n+lI?x|uF9Ex&7Vyh@KT5tdbfb?t3*ca
zcv?5A8@cn6+6vNVC#Qh33~`X{u(AC;qHSC~Wc3^~P<?Ijd>9^?I4cQ072@zdBrbho
z#b<5HQ!vobSVnAa(xvLMAZqDZ-d7vX-{fYJ4H0)nYcyD12E|=NB)mnHF+zDcU-QZL
zZjbQrakkiBr1-dLtEF_Kq%dzeZoJZK6vKCeEiz_Kz+0MU;F|Yt!v?8%hNvxbgtww&
zUtk5KwMbTWzjmBKbN7%#gZD-hL1C$)?}jam4?|l6EWqZbReJ8d%Dgn-&?jl|<V{eD
zro{F^4+UmL3B*w76J0Op!0<OHK82#Lj<fJ&May+_ALYCSjMwF;H8hCWq^gf*F2JhD
zbdlXb3<Y$lA9=pr%rIs`*t*R@dP|Jy&Cx+QX;FqgVQ{c6B&l$>0mf^O16L1r2N&43
zLb`;S?KH8n%m8hG-~hFhEqrC{`YDWD624(xDU%NLj_oRZ+>29-uNh-f>5--g<Zu!#
z8upsx)2MQS9+R5|jCh^+@E%aD1>;!=WQ4|;Bm1p2OVtqF`pbbQjKMB(bTE_HK}YR7
zH}5QC{1km)fQX2h<`~DtyULPvrH~SW-gL<mw-DO}+j)!4$-0He*t;({jEr;!;L(fi
zTfdp+6>otjk@wEyR{W$#a;srlD@FnC?SKm?i5|L!%rx#RmdG)IfCE#$^jPWM4&Q}(
zZY5V{t^_q{)b*Bf1!lcqwD=wA;!D(<1FuaJDi*6_*Ip*OL95{w4@i$ZYL}v*7VK>k
z4rpwhjZv89n3ra|Ws3noC}6?#7=sa|T3t56@!Sg*CtAhjsO4hXLGH9opEfS&#7P7C
z87K7y?VT3s7b)MLV)X>7jF;l??<g7atg>J8TnB(Rre&qdbAMxrb5GP|>Nv7i(l%Zl
zFjv2al(IZw{Klw;JiAd(Ia?qg4NY<4=~YZxn^Rs?<LT3ZMeAa0TiBSZDFU?ZtkkLP
z>80H6eLH*-k9dtoeE2cMPZ3e8C)qA%oss2G*x}Y|a1oxhDo=0OC0#X%db*!Yfp;5I
zu_7U1-{YoX;Ci;c=@ZZyeFN>S+oi=^XYY7`J>kYh0>_QCR*7|vLD{GiWYFhsYqM-8
z0&BI0f?+#~^rC|>=I(lo@MI=lpFF1YNNo*Ncf&%C$HRvfyvP-_8G&g|K}_$Y2U6y-
z@QTbX8JLacnU7o5yNbmZ?_t(G(wn7QoL4CCWy141iJGR-_uhrNA|_u{s_t!2t~W$%
zUt>P4HBv{tylyB!ZSlfo8tOJsS;MRv>uuZ-w%j__lldivje1PEyIyl%b_zpHlbz7%
zL&1%kfE=kxJLisV+X&U5a;7Ux;UQPZ2beLZ_r#hOq>)khemJD-@?>lzyy%%Ngwd5*
zT1aszGQeS9r|>$%lQVjP=UeY8g-OXZowCYgleMnlRFalM)cQIM`swH^>b93-7Z!*X
zg$d2$tb)@kR-wuWo%H&;qE2cIM)af((>h+v8VB)CUAH15zV_$v3hCY3y<TdENXxha
zY=fwVC^^$dqb0EqQ(0pI(1p!DP!at?1u+a?x4+%JzgP(~dy+11-0034tvQ_}Z(`0}
zv-v%@Ib!K&so>dmys!f(j)-bR1OT~<p&kloyes+QX(YXtxhsyq9AYbXz*)oE3<Hf#
zGXjc;^Yy;x6pp$p;RVnP9HcT=MTO4`-}b}c3U^|vh6rM>yoj*eaoCWObBSRpq^S|}
zo6TkGZaSa00d=}Q;d!-m?D$T-^s2ehJIYhU62@(eIhmf12Pp(2JO~zfUNi@`AU7-}
zP-6iJg0RE<Ag5lLsn2<HATI>+6~H9Kdw7V?5QOFd!b6wWcCQ}^d4m$AS+ldg9_$I-
zKI4EhIMfZsuFF}&8E3QYJ4CZGjJGVh-AuJt3kIq-dM~ner7NFsy_fzJsIk$=VQ6Zg
zSHiXrZ~GOQBg{Q-a**+I8HEVm8EStg9^S1=j~EZNxr3PbN)rruybe7wCAVXw4w>CS
zOnDQ!+e`OFgyLLUSB%g4H~={8mJA?NXJ@OCug|hmKO+N{n67p>4kfi`Hers29M330
zUeU-Sh^84uLhXK;L(xXhM+=$8FoSw`*$~*YDcLWl)L#YDGqPSYx?ZZOK67luxZ)?I
z<(qjp2uHZ$8bU<26qT!ZNo_l=q;RHL!jG6&o})ugKoi(|ut(9G;dYiimq4EO3+_9_
zO_V6Yx_1JXTNa9LypD=W!(>l7=80NfvJ8%wYVVb}nt!mO{KX0<9|5tmAPMPTu;7F)
zuy8Fr8xOeJGSgn^AgZ}?vR{$1cCp&)<%Y04c{B_S^)5QzGQgd|>DBNIu)!Q2=mKYP
zN@(c?Rdwb(6&QsI1_&huA`N`}q@(KOC}zF7!w8Li-{EZ8<+>XqI1AWfrBRYvQxlnv
z*Z2-Oi+Qo;I?{uC{s<YL^;lzo5Iee<o>@W4>&Ju(Y&wC9Sh*J2%@LBsH~7L&Pi=|d
zz3S(fwK~fSqK}^6^ozuLAeX`LcAq!^KZ=O0$As<OXlHhm!W?3GO})XPLuD@nv0k^(
z6r%6C@$%b{OO3HTAdZL6EYCHA+3$J845Zsm-}W_DpEcUBK^u0nyD=Y?k|`-7<u0q_
z%totWWW(tOd7BkfLawLu5&%fEnmQ2j^HM}7Rg;AZzG-9Ud@dYM33Z8Hs6bor9sut7
z#c>xis4^Qdi<=B+3&tXMh>c!f*}F0-*1l{O_R8Q235#2~%?5)f3pYcUXZuQn$n%OO
z>?q%RDZ`M?FQRq$ByDRivIl%ro6K=5z$KaXdGlj>;HVWa<Ij^0VU288PJE0titR=o
z@t(YNC-7ztegKhcNe*vBOd&Ogt93)My}Iq}qy}tKpFxa^KUz{VT0nO#8Yz37>|V}5
zt%)*}+X^x$e36WM8BYO+^cl~)^_2H)!>cT@<NyrkwO5x$*FZh>x0W32;2qV>0Uxj!
zeeZo#vlv}=qV$>kMGLe{$riV?znk9M*i(8EdZ9yL-a6efQL=ovC0VseZ-?33LnbEL
zZ<g)7crRRAyLjMbw#u~CC^>4FOJB>x@VvL()|wsukPZk6(b^vtWv|O(PA#N7j;f8@
z{@qo0>m)ASd#@4XDG8{l4uYJ4O@MSM{;1)iw<BP*?|7IPY2S{v2lqT1zev_v-HVhr
z3M72Ip=3&uPYsJ6tFkdPaZM_CGVe@6w+fZ>n=_)E=M^`0NYozVbCBu_@2cSuR3)G$
z-0P=Tsbqf9lo!?4aSy3i<N%RG-Xj6It~|(TL2~8M_qySV$FXw5VMB;=t0=)RqUgB<
zEk6r+w!qRo>jl@$Mdrwa(<&CvUGNc~T<K!jgs`VTmo`uu7V2bgKsoQhdlFpqJDHze
z7)Bz1H?rW9ckUs%SXQV-mK|Jb_W~xwwQToco|Uc*A~?R(<OLk=;6qE?DbV*4n@?jF
zo$L6aOo!L7ylbLO#Pdx#5%!j8h<S&u#n5d2GLvf-(~oj@04$-F8ER3L0}+Gp%%W|{
zx%`ou%eeKM15J>6&)&KV>BM^8<c+V|8+21cyrWak$|>s{7M6p#Q?APJb{%7)=DEJ~
zqdFU-J5aP5FfE>iVzHA;DtEk2F(Oyq>O@qapjQK<MVK*$fIE1PbJ*eh>@DS-6BZRo
zj84mw%;0&QV<<j{ydShUe9^Ky#zaJ>_)1S+$Dg=}G^A4?$q^(>Wh#QshKNNiqx;j>
zHn#8HUNhv~Q=o7U3-uy_az=29p6QjHb|_O$$vf1$!+t}d$gS1f4g(<vZIAh_-%4n^
zw!dtgsMK(_(^c+NetT~W5LzyRIaQ&MMdFTZI3+V&sqady*c@Si+n&}r6APrR(2JI#
zRs=V9-}0b}N)FjGczCyzqSd^9%bh_J;HnCN!*D*8Q-H2h5Aq%+SI@h=P%2R}Om1mT
zpf)+g!FO+V3QlZSgex-H3IieLbyK$ZM2o1rVyctw*N*(y5m~E*OUW6`HaN9tGN*g$
zt;@~U1i)*gYo)mXo1W-3Hjg*0h+Br@aFlng#38=e=8Yn3po!x2Bu+zV$Kd*$u6yR<
z>hb{SUE-}7&J#}=jn(r&+kQ+U{6s7(Lx<tPYk|ktmTs>TY1k#g(?zGmhykM9Spu4z
zOI>C~&Du1W2W$%OT*UZ^+cTax$TGmEdAm5cbD=bt8xvFT^vF3PXZ^XZ`OpZTpK!YD
z!I+^5q>P{-@{8@uqGZ=g>@!;rdmCo8jjlT^r_JFk8;c=8-Szsa`AAGB=0O6y^9GnE
zh+XwVwm!7ll9gqI=bq5pto-s-5|_%O9(z;3QO3*LGQ}w33L(#&!cw7WuME_<*&e$;
zmtxzDjd>A5xsigh_@W5LG#{+WL6nUF)<YwYP<~&y_$My8JJNGE9<#kHa`+c7aeipV
zSDU_VFrbR()14IZwua!wUfme4*1@yltJ_0Ev%>`1z__MjsGUA#sFlOOQ8B6(YdG2b
z>BIQeGpw4ph69QSFIh-}&m5n&dJ%^6<ffLQNAz<IeVck<o{<6XKm>H4MS}J*riD+l
zHeh(ei%SZ8WoM$$scG<1)3wlh)N)E*;-iq9g-Q=0>I)}*5L{2GL7#X)AKxGk^vZ0m
z32?OJJ=>|228UOqTN{EA3h1Ny0<PxST^#YXr12BMHxKPC>7only<DT%JMZV2=*d`N
zi<p+pLd-I@t!U*79*pt|)V7|(_#=n`sm4MtMl#y2JqkA34p3JTJ?N^76Yxm$ad{<R
zM$5r<WY;h?kAtpI%QHvEa)E3Zb4%ar%hwqXd$K3g8;@9>NiFMG<nejrQ)<MJ^R9=7
zKss+kIL~0V6IyOw*gKIUAaoGDH7MhJ4>9`%?=4>gJ}9Yzpn9+JRp1i2J4$88!xkl>
zu%>(HFu7b#%n-#-oGBCO>;My8P9tuLS~G^Ji%kkR-j<rgjW~okih`2f9w!UYE@;xc
z+qF(2cw5e8Xo=}0Nue^-*w_sWq~hB$#O$GXLYV!~FFDod;2Z>VB^u-fpYxC;UMyJ=
zia;7}lS_NixmJx|!z6?vSCu}w0Lk1p47e5=Gaa|!&q5;AI5JJI=cPdqn5rs$@DlpP
zi`4S#fFlZ^<y+sOd4B=3_6BiJ6&fz;NiS+6wKxcdye5il3Zl4qz5rR9dToKmWb+_|
zriJeKNe1~nu0!7BoePCFPXX{_H8--F;+DW+YnYdq)epIwO_r@sy@+4JVZ4%rTTsQ<
zWGGItYP7iu5+JK5q{J77_AqyRup5Z_P_^v^E^#R7U5oiqH~V>*^VmI~K?Wog^v5$d
znZy!ANp>@dtdb6*Er@B9<_sYmdI=;BU@y2a-j0EYyMoPOq_WWQN_)VqvcDH8VT@i$
zYipqWblx<_%a`g*_ktmM(Upku%5e*r!Lb!ty3Y&Ng{BoKsSF-Ikw8pqEYuz2^%`y7
z_H0o>H1!7XN|ML#R=O>ll$up3+u>~^IHgd6JUD3Qho`<5XU%PM9SuU{`}BEPl1@+D
zkiUm#1zdYCL`R$BI#{Q}HlCzuy`tjTo>at_F`X5t@>~dteD(@tO5|uz{YEcO&0BZg
zlYFmbQcFy(`%3wa_Nt}&NB|B%m+s9Kw?a~7Z96d_zc!0}6DIEvtokAx2{edIY=N)i
zfxjJuG#hD!w|D0fl>Gu|X~4=TrA^wf^x@ppy$Cbr8+{}&v{l<Q^QsUQ<f>jqJbyS!
zsSWQK-agoT<#5#g`@!~_hK^dWyhQXZYeI@8Q1jZG1P**iuCgf2BsgzM1vLeyZ?6#5
zde4Ax#o(svT&YURu~>1xfI;9dVbWO19+4x_J;#2<y8QPLQ{*FixYp%T%%C^#actwr
zJtNDwjy8O>rxMRB3g)SqAdMVCDiF<u=H3;P5K45fh!TMBTdf0{4osY6i;{xCb}yB7
zI9?xrWHGnhxki&l&zW|*sPb3ZxA90EIDwz)+U4}FSJ9~XJ`D1aI66pSZDSh$MTk!h
z$Pq@Wryqffpz<jYsjJlVHuAG0rO_dx!LD>M3j}8?laXfOsF~?})X&rp%RG8d=|m%5
zm(hDp#w*4EO0{p>^6umj%6hN@)RURr!c5!<r6PJ1*NiC|Dh|`VEHJB$ctP(`zMGKf
zlzM6v+bDWD@X#^vA#Zr&(m7pk<#nmh(|8H3@0Ak?W=a-2U}0VX@D=&2l?ANI2`qHG
zpyN#-x9J2*;}Sv21B0<w)7V%?0~7f+Sv0JlJkQIL6SIY2e;BguW%i7oav<^>%Yt(x
za(LL&$y-Itlp}dTow*&<jc2rvR_u*f75kPr%PUwIbtua>ti>sYT4ti>XRq2#XVI~l
zUxO16wdH$6AaVXOQLpDt7R>YLTtw+$6!g(?nij>8)dW7kBGYb0&a<|HB)EkEVVG(v
zOFj+sdREzwg%OGE=xj%FXOPw?XH9gHL#b&oD#CLyDHbMApGC6d+#YFex5LB^8nQT@
z4Z|$-tIIjgCzDD${KU$=S%}OLM&G?x8z2<Nq@{U+ud(=5ei?)GWz1`F!yd(Gjnr4d
zuqCM^e<?FI`FsN&-F41cSG<nUK*I!%CnV>)`@r6GM_&7D19pDtXm3xRar20B%@OM`
z=IPFW8?Ef}I~i(e7krGW7e!e?@cKGKlR+*X-z$Gi5go$$=0Q@o+Ov2v<qg65bW~zI
z9|mQ6kT`^>8OG(|%VFrQwJU^(I=((eakP5W8}tfuOu5`wFNre_+_as?ORowZYq}A8
zMl4DT`S@O;+Uel|K*Xq>lv~_-S@1K`Q+5<@c%tFb%|1a)oXi!Vg}mj2R?;Tpz5)*s
zz#4n4a%v*kw|n?Jo|fZ4Q<?^Pg6<nCil;4!ViV5<#8HVP#s+dorjj@y7c1*D(6nCg
zEgir#0PLhBOaceWYcLzZ^gw_aDc|Gm=jtaN<I9b1aun2jL)3!Xcl#idVT<nsE&)>U
z6jAd%s~sMECA3HfTE*w-4hm&fargjA#zW2?a;}jxVP^>5`Xtwi7`<GP_f}#-7pi@n
zT;cW3%*|DdlYk=Q;so6Fs4%<?7S|4vNbN!wff}MBMnsy4an(c0IVylKh8#nE&`%0=
zL5UUG!2RJId7!6EE^=jIr#bFjUJa>%W7_o;qcfV}Prb)A;b{>CbVo}j7_XqQjIc>V
zbL>&JSso!xvJ}ygjqspIB=%UnNRCu;od+_*Nn$Lt@nGbrUmt3#8t0s2EsoQ}DQzsz
z=*~;s@cL4Q;7gfHA~&vXP<M;<J;c;FFrvSlc?p-D1|37?I0(wa6q~O=a>$<QDTm9m
zm>H95d!y;k5m=gXX`_uEEA2w;Rbf;5jwKkyz(f%oysAEtbajdCT8H+|Qm8C$8PGSI
zM7&P2&y@*@Hx1;GEtr(zfG-rsG&;9nFa=d{T38S91aY^rqt*rD)p5AsgOnKcJ5YPw
z-kdKWN8;7ip)$rDD{t4kHg8lYor*J&l*_b?r&8j*b^)xC7YfZ@W~dPhTSRv944&I6
zu`k*#1_2n7?^@2A;HpT%cvZuSo>wnlL>B?-_Q=ID<{=p19R^D3Lf|pqFQI1?-JB=4
zed@2UZHAP2jK!PfZuH4+xwOR+W8<-F^kl5rI-Hf8H}OWE*$|DlH8g{^XP&@`RhIg-
z_DcdXF0Fp@R!3oyVf|^~i(&zv+|a2+n$8%9!~n*87G5NDLtIC-%J8HobwWm03^rYT
z%N-o!)w3WEOG366nruVXj>B-rbwNm3^kOW{W4vdCCBuu^PP6Kc>-1J1_7VGY$Bp+I
zS1Ac=Ti~T`D%>lyxad?Dn#@Y>9m`qSCmRZ^?~?oFqvIBbgV#gLatQlKz^=$0oa{vF
zTHrx)XRtomDSRvrhLZH!ZA|1QuuxP7lMU}7>=ZRpCgRbMgZevuC^BkG+rZn@MZGI8
zc>vBV)86!G=O_+lSwBc6>oz%m!(MZdrdcfd>5P9lBa{lBMc6&#$t;#)J8Mp8`lmFb
zv;wn1bqxA!*s*tNh>oVRa<^fF2QT8@9<6%eiA-2d;v0HK2t4|Nb>Eh?z}SkPWWtC&
zSbnNiUE1>=<sQqVHm~g6O$Ph&+Uiv_N3mvyaM#GoAZgz^d)0g+Z~Gn}j2e*Q)Ahc4
z?d7W2F)|oTAP~it7{l%C?XN6w@SNZIoSnwm(`4kT0F&Y>1%pcnPJoa@z+2H+mgTjZ
zp?XSGQi0Tjwd4fe8_?E|X?2!e#vb$Zz4e%A!+Qh(*g_z@Ik5e#xa)~_p98qh4Q=Uj
zdW6vVOf9SMDZP%$&8U^_@~QH9(_!s?S{cn5&HNHzBiZyOCtgm*DG!pvo3>kQL(-wg
z5Bk*Mf)9$&6LjQ?&oq3xq&*Z265hz<<_Pao;!Tka)lKCAL(aTdwA+(Oi15>VfJLz3
zE*3Z8{!lqe&al*aT~7tz?a84+p?4DcFl%d~-(w`FZjTig4^HYS;zh9PtyP^zDjt$b
zw1TB*DFy^ZvGjD#oD2)gt>tcaujbx8-FhgbZUhk&?En>BoD_X)dB+c^BVZN!6tkzY
z`t{g_*JX;-D7H;ly@HG<OTvT0>VQ|8K%zDqXY%-!B3;O|h&+bcHCV+;ueUhH=3_QO
zE%!nmAes-;^_!W&N7VChyL{>Cp|O*~vE)5Zu}q&q3$3Y+$VMJ?z}k=mZ)|PFGRXas
z=INI-PK!ayz;C7pY5RmiW8fTYcm8}mfl~V+p&w4my-sPmd-tBR-8<vfWXRXl+9>-_
zOFOQfrZrARllXf>(mrk1$LB)(LZrBZSdY8=T}5pxN5INB+k+8ZS@sv3^oqo5pDF-y
zb0|xa`WC#piAUoWMWj&2t=+sE)?U-mK&ueXXz-dCC@>zIL{O5oP!k-U6CSzL4Ia1d
z1oN&(hPuL2Ugj`dD9zj+W*t}WI75@Rrnljclb5cr8nBhfWq7uGsFMn4mGAO;J(T>E
zRVfdtHeos*5#3(ed;B=r%ny!E8YYQfw6vH#mXa{T<OodBt<DY)#kD=peTV0u)JW>H
zxY{WcI6QXP*sMayk(=m{qAnM!?UjJ%`)aLmWf(FN`iJ$k*(vcodmS)|Zc6BBUaJDu
zv=Nacw{9!<9`E>5k9e8`ns)F|0&?&n$n@N-iSRI;OI7;Muh+;DNpfHtugoZ3v9FIm
z+<t~j>iZN~xD!xbJh9<MAd!7jAf}ymv3i_qs!l}4sj87h=xls3&?Oam11U0mEZn;L
za9;w0sP~y&*hqQvrTNPgC8_bv5S%TpJ#@WisxQ}HQ4blJ<_j2muvb%M;lNQSxEx9)
zh1P5@E|9F;dL+95n)`q$B)jV5J>q^XFKTvVm9IEoH8_}_&=w?DmI6Lsf$6JdHx*#J
zV^(KiCjfVL3FG7D8y8l2uHl<6fGuRctYQAL#zg&1mxv-m3z6`v(hUeN!X(_kw8?68
z${6x`3;fRA8jP|xabdMdGoVgyW3etsh5!NjoiFQ*=;K~6J2iC{P*MaTgsORJ9=D~u
zv5>GO0JgcpL;Mg$Q!A5WT<T#OYH7TuQ=MZq{0=(uhDWJtHAXhc^Z*O%MeDOld>12q
zqt9+H-#8ekhaOvsj{>2pvSdo<)k%}X=9x;e9fxCv+S@5I@VJK$IrXX4)q8I_<5_pV
zHDE&5(2MYVq#@{`QkxKx@wn0O%)?@|cjEc^)f?^hQ{36Cn@xB=b%qjww(o+mY0&lw
zzJM$<HD|Lz9GY8tg6Oah1V|X(m6MXl>^;vs*a5AkJOg{rrl)Zw!EfPh^Z>t+M4`QB
zH|+69^_K;c8S<qzR4@RK7`Yd7GMh~sh!3Aa5FKTe)-^}^HIzQ@!B+~;E}{m;C`BKu
z123|!7r94{^K*QYU7|NW5fB+3?F7op{(SfV8zX&vu+U=*6i%5srT37N?kP6j;|cYf
zzGq|pY+q)StHu)u2~~t>)7L(O-3D`kS8FBNcCGy0$rP74R7WlExl&2!g6BMH0!*+2
zUQ*j710j}X5A-r@=P|Ej&of9iQ=vD{(ko!(<*=~IWF-}QFEm7$UzQvv^rfQlh$vDS
z0`*Q=O5m2Jnb$D(y(W(VUDx7y6lXZC{c26dRu$JaN{)Mih~!El@a)mEB_XKDRNyad
zgub)^UEW(3c(RI@c}#A_<AaCP8MgA5H+5ZC@~}}okhJO1yP)94+9U_Sm-J9lLUZ!*
z0a2CC8&8d>^raTgeN|SEnu*%Tic!ta97lzw>o6J0m8?V;fHURL<Q1Y&5FlY;(s++-
zbOHrMtsQOgdzHC#$><LbS=%U)GBa%byj-7g)C1CuSg5jvjAsY%6u8)+1D~+2J;s-=
zyR_j!*GXyqq6i*DUgLEn>>;!LqR}PYwa-|iY_eZk85haxKH347i-g*HCXoz4ORIK{
z6Y@4{<R#CGB(-iBQd${@6F4uoanue>YUQzTb52n+W8MWSnWR3ju^^{9Zwuu27V0g9
z_Vb)rK&8r^_BgDkF3%9&o`vNKuX<(;y;;XH1@-V3j}b-UfraK+au^WeJ9{?ZNJ~&I
z(9ips8WW;fy|_}icRf&!DUhzjD^_Ys@M^8Srd4Yrt0XZCO$=n}RBBEJG44GikWAy%
z1#VMa1|KL=K|$<k!Ph3O`$&mk=1p=UwbMgmkzs*jJ~>>GD$Bsi#(vzm3{rXWuD!bM
zY!fj$<(<x4mn<K7Q28@w?adp{I;qM&h<r$<F6G6L#6l~ysSTh<v~4#r7bF!g!~jB9
z7IKY8ZCO_sXgYW}*_IW?&^tVtN$;)tY%V6RKp0pO6h6KFNu%u{+Q<*7#zhY5U2BH*
zVcSN|a&myBb>Hfi_=7=X!DpU*yU(51^UE8BFK?C<<HgT8QNLC9H4%o~1U0sabHTsF
z*_R-vC{`KZ=Ii}}7sBMF#*kr~6}@K>3!|Qo2;!jUdSu@*P6tAqKTU2H;J3C}#~7?P
zAVFmG3RZ=5r6LMpJ?b@gYOf@<Hb1;VUhQfN*XB+QglC2KK+m@`k#*iei9JnuNwvm{
z2D~b++%Nlpi6yG8iW#=;ZM*Y$<gN)xZ&#`yQyld`&~m*x;!I?Ads}W`9HN{;xk}fr
zYFsdJy{k6sfiO3Y)M=7z=QmLF;;o|IIth40KW(z9eqg8_Czt4$t*M|=_V&$GFtaVu
zmW!_sE>aVh!$b_PQeeV}yMRB8mJ(h?C4=i0;E^CH*e;|a#D1lZT%SJ<zr?iS!kQNm
zkEeBx%TjCMnBp-AWv(glCYSoN1>4HlqXE?n#6CkaP1;Sy1xBKkywnSHmC06CS3=5o
z-AnjDCP)<YGB4|_b;!~)u%(9B9xUy_A!e}JnJU^-q_<YSO;Mbkb&)&tV(VU89QU&m
zo(iNu-O87NIr@~Q6?N>r$YL?2s2R8lE6-ApirXudr8T(Sca#+QMu*+hsdn8)T2b7f
zOHpzT!*Ux}cAqpcA;%PrOwUO8l!Rl-w%9!EQ0BgxX?Qnua_){p#GDX($H*`wv?L(l
z@t#$XjPt%debk}uzHlo|uW-~-`R<WM@`EW1vff?`-$9AV%vTzYaXS*aSt+G;eEU}2
zKgIDcamJ_pX0N6<hIzRwZ_Syla$gBQMWFo492&<{LuBO~tv9O|E(<h5{a~h^Ky^;g
zHOkyeH40cB<E70O+PYwiX`*KaqwH9i%3#i=%lUBA88m2>q>6?CQX1Mqb)`9%l6xQ@
z0gp|Qs<DhR5}iL}yqQ+h5;J_u(g}<&hNF&Yr{|boi2|s4qdX3InIYH5b&<a7C8Q1=
ztZ$`DG7sX=cZ=L5L2+`I`|Zk%t`pbnJ<NCuLG<(j%a?K%g4fW`m*6eGJ%Dt6Ny5%z
z1AFvP?gCec5D?3adn}xUuQ+MBRTxB>7iP0nDE1_Fg^oCMqA=KH9m&&F*qe|>)$|$R
zD}5Fi=$e=3WQhq~a^ie!V)Vv_c8^hMK`yd~2>UVW+PV+XaI;~8Y{9gF6Kx;`6De*y
zjfQ!WYLwlQ?Cm=0Pj(`z2{3_r8P;{7A+)F;uT&?2t+aGNpKI0Y9=q~Td@FA|fLJcZ
zAIcyCu~IKW<}NEZ0_ILVbFnF+>>eo~-g)#;a7>8aY8UJ=&>`(ofVjpB-P0V1)9Y)o
zhfuYwo#tpjILGg5x+g{n#q-jS-~pUpq7?zzd;GldwBT^?3a>rK8F^iKwrZ>7LZ2Ew
zA!2c?C|}`Kj%R1!Nqt~qFPWN!nfuvHA-N3?S<lOuS~lG*>lgXVh^jg9vE<`M_33!S
zUS}9<aU^$$bfa$N+5{ag?{#v)RpY(k)K1pe&sUY{mpNkKa$}23s96X!{?H1#-t#oq
zk?Tj}_m?_-GpX?8A$k{uCm9l}yDqm~n6gS^say%J+u2G+EeO=}%C|-Dgb?*0@#Q$s
zBIP+I07F2$zbI)6HrmF{p7agIvl=rlUVVj8ht-P7JM@yWkHs~X_cr>vy*={O6_=4n
zP?kzIed>Vtp6>0Gt&Yy5Q=}}*60+)XU5iMlv1i;uD%Pv0$f5uR@ab1xSB9pzo87B^
zJ9KbR&p{Ra;j#&%Nv_34L%b<FB8+~~{dC)C^F^y5`S=qg>*wIJd=K$$^fJ}qxspI&
zv<KJ{76izI0y|8Y>yFgwZE`09nt?AS%5&CShx2xvQ$(MQCYkjzVtXq|#}E#TMiQMg
z@3LQBH`C(C%pN?o*G&^?t7!0k(Mo($4@=kI<9QF4h(P2PF#FA<C>x1UUr&HrSk+kh
zq#7+<Bm##m)60%^ZnSnh#|-8WY7@lk$1O_AhUGF2U9IS;KHZO>m=H!p9QgpAJzCT0
z(E`y^7|7@?Cu*!RqZ6rixj~|YFe+%c^>QD3=x!<sPm`0$eBfA%tm4Uoc{6FL9#d8J
zCT3rxUMM)VPgLYKUhgTl@#B78_$XEDEzJl%wJm?QEvtE6=!t?LJ`l9?9J4rGyM*b4
zw@wP2c+N;GaQ4-Jd!G-k$QB;8KhBb@SdyB7WM*j%8c{E0@oI|RDeaP$wWc`K#R@s1
zCKI|vG`SnbL!{j=b)3J{Ne~8}lc^HZu%$-5q?o;I&w8RTilmqDmpgt_P}hu0FPL4N
z0mq-Q$e@Ml6ytHlP-O`%ffwzgB3it<*W>T-l~%+dSI?SSk?Yx@zK1uWQ%uR(6a5S-
zFTEo!Fr~MMN2r9lRZLw`ABeHx(Rhbbo>>$~B`yad*ND_eEY3}99LHwpnc)?mmfE0#
zu8s;l^?ca<&KRA^(&zN<e4%9d?Uhbg$e1dik+WN5VnnHtwzJaP(I9tyFCWh{rXe^a
zj>R^322~i3K*=P02s}+5Zqj>eMtycKf*bU1(pF!&)Slbx@<@LifyTv(^)#Q!<?4u8
zEWO={Q6-+Gy$4~0&E(^$oOEefvsfj1ss~IY`#=CQCn_euynC<xjF5zq9+lIC^Rx^m
zyp0Ri2gN|IySY-6?XIe`cE*IO7+#ZX4cRb@@msXn<Jdw?lOhSi<#_gzQ#JC{Yps*)
zGrG*7iG|#LM(-MIg|Un_!>8X`!0Yyy12`>$L$(JrnumTJe3i^P&rUX9a%2<*(=-R^
zf}YNEVF;7AZwEUT)u_zha-cpbGQjICIDD_M=i(`s)rj<Ar^l>h5560#;Cj2xvF5?T
z+b`Hyp9;|}<K`3KUVN+wqb4JL6mf5Z)%7qZYQ^)2EXXV1J*U@c7_#c3X9VE&@HodH
z<id+nNOUOG)X^4b&0iFio0LQj5L8%o?v0=nC?1E9IwA0@SD1JdrFc?b?gV|hvt0#b
z5@-D0=yidHzBUHM9)BhE?otn5>tFIHw?n<2t>i#-$=I=llD&q9`*iq-E-E4)(6bhn
zXq$Xis1%wuv_x1Bx!6vK6L5l^<*e|YkB!izKUY{WT@Qq(l7zNZ`Iy?4G@rm-PYPd-
z1)1m;jvIs?D9LEivo!;SeF7C-ffiGtRyW@I79}%@-_!DkTpDyh))6~ZCbnW!FbPmB
z6F>kpW?nCJ(4WbeE%ZHF+iU@N7My@kFLAmh)K4OzcZQ3$jt>q6SH{o1DNH~q1ROfB
z6LFII9x)rSEU4Px@Ree;AOmvFmDzg}Mi^en&N^bdK5=JngkRUAE_I>^9pD1b!#DR*
zL+741MX6b(Ub16K5)CP0`556IV)IkXM<8d?0cFK6ip}HoNIz#KWql$Jup2lNPj$TW
zHSL*j`AqSpzZZ6yyHQ2F%QxvEk9utJK)QK^OnAE_rnNeszKM0<dem&HTpN`1fL_g3
zRvS#S97-DaNJ6Kr9xJw!jJP=)J2@NC96C`b!W*(AS8veS>-7WGNVJ!+X&qygm}7*=
zo(86!wg56v3#}(}?qO^xjwP(dGlQNFfK(}c@bKB|zGyIo0`PQ@wP&i(OI}M;d~=-)
zb+hoq6s5c%ij*rd`t4j9T&PtEK|!Rc3U6oJoaSK^{V;y)Ybj=UuisMEu9!MTVoSK=
zYWWpTVIlGu>jw1d#c4ximo#g^Q+Zz#4*`72lQ$j2Z{Bc1sEFrN=q76)S30P*Hzn(y
zDe{*+0tnRg;;ttA9!K2C3uHIwT4sh$FCE3QC|hO63V!1&kAiJLQx-UN+gCzDoLIp9
z(!ms<@B!@bEL+k#z&KLnq&(jzIN8cG5BRN}iWDOfV+TCkAyXmceMYS(!B4_H^zHeB
za25gzQyhNF^C-G%fStrJa<VW8rgkEtv7M?TpHh}K%%Y^qrmk&Xl*uKE@C$^sz9!@&
z>AY$)oLFVNR7pLd%dlQ14}>uKCB5n0m1w4HcfP#^UnC^i*Y2%C?O`feSVkR#n)~{=
zJsDqiikdV!zql6=)jk=tW7tL*=`lT3Z^81V4<k#_sB8$yycK_KARc2O7#8nX->h21
zsM8X!zYWaLb=9ha8lwirxnaJ0ESLV8xbfwJddxD@3}CyU#cJHdg5A<m9-a)AJe6D2
zeiM^&IQ~*=41*pCJ;R{~Lon-UnvSqX!5aAtx<#lOZv9d8oJ)Y<<4QhjKC^3owdZ^$
z3OQYMKF^uda*6l4#=LxX8Xr{Ji<aKd@g5M0XaRUu!5762NOg~O!J=6rn&zqs?}bC6
z1Jp>o>^W)MCo->_xs#FdiOSV@QO0`4GOJoxbQCFOj&D;DAW0;REssp<$Sg>%qABe9
zY#Q{+J%_q?s08&|ZG2m%hiwbF!F=x!UxrXwo0YFWn(HcA<Di3p@!<@QH$;?WR=a2d
zSl(6N_V|}QR_*L+rxzPH{T6|>b6*Oz*$%t7!Y(Q7gTg=c*`(A)&d$VF-ivbl^bx3#
zBy+Am9;X6;y#;=r{0O&kOJ^UxfGQ5zv;(!_d^b^x_QDZNtCoZOXansX=R@&no{bBJ
z8g5_HrgPVp;RZ|c)lRG@$^EcV-lHerQ%IvPz;{d>L%LF=u)IUvhA@^3<T=L(KAu-I
zK3<Sh)Ib(b&0OB-6^A;$F`8kNi(QG*evn&>wbU)wZ=!gZMYC0EF$`8*-nq3{ZIj1F
z$YsXep=K6rr|hmj3=bRP)lol+iu8DvFyV%lqxcM#q~V~{!+038PNw=bNRl>})Nm`D
z3>_UHshX6zbW_4W4HoS+)eW)*<d(=3Im(j|@W85o)C3|67pevuJ$Pr$RJ>F?2>`y@
z-H?7Wi{U77np8c4y6G_N=ezpEA?w1zK^|m@$2Fn2fowqupo~_~Fb+?+sABDa_2BZ8
zkj9J-paT!nBU(Tw>7kA=NE(Ps$X4&i<hN8DVk_jcSv2^Fr_j_CcOqZ!4N~l6x>Gy*
zMsTr=&6y>8h(@6iH2Mpml(cn3C3@4Z2X396G|7iZ)gKQOMBd?JMI?CR27Fs~_=~)5
zhpQi-K9}$sd2l)~nHI9?(iFne=$>SWoY}RsX+3i;^`_%!P7zJy0g~lC3Eq5xt`~{^
z*e^z5hU(E2fvvpolbFiKB8U?fuJ}gvp|{-=;N*u1UA{5#r4Q<tK9?=@#3UoO*~ua;
zSz^QQ0x-~%P2lk(+ba?0_m@BKk*H!ixl@4hM&#@PY{Ys+fv3FW)&lU$^(jn$ua9*6
z-8*l^H+vcGBJm<LC)XrGW-!#_&02aGI)xsRBG!8-OGN19OS+E4m8QVOeJjUgla~Q&
zK2WmAPjG}T%6C^KN_fEz(=)-zv1nY4dKlzMq&l|oIv1XvioBgDLFYl(Qt*1_U@Pgw
z{SFq9)QPhXgE~wtFb=_B&6dtFv1DZ?Z+anSMX5894XP37E$oyB;8t{BIlia5r!d<`
zFi=|}wC4Uc8T37Wh4d!4pPUT9h&kCP%+(VCb}5q~dcpvyq3TQ?q11GSMAptG?4ekE
zPan35W_Jc$WDyEmMqpS!x|(5xE1Nx~!J>FoaQQR{YgZvs$C^4uvx?ldC<p*v<AzGj
ztVsqWqoBJ8yx6yMdzf!#GBM~{F+3}+K_3RkAp-?o&y~+}%i+d2!_sX|?RQc{3FlP}
z=RylF<bhakHlRPza1<puQ9TgI)<Ujvn+KxlmogEng!(8mYmFXy6s+6yyzVy?$@{X8
zHUlL+ZDGe=9#jQL@_K<p48dr`P={gFzULjvRrchJgkgMc8Z<5hGV!$|AFHe8qkek>
z+cM<rMB%jyeLGfeB&*yeJCIMtr%;T{2Q{3dMDq?%6y73$HmZ~9gl1;oR$ptY2aG(Y
zp2OCb#463#5OB}3Q$aS?SYkh?AL1{6;Jj%3`X)xb?;5T93egOr<P9k+<-5mvWo=O|
z`<FnNUC#xP?rE$J025puQea`_7Lzvwpp~+XJ$^HEC*THM!=`|Hs}|W{#MAn^PWZLk
zoPa_X9Aca6hB<Qr)np0zyi4(bsm__$nWI^N)E5PJ<yX|RYVTBAxJHE6o|W7)IC)O5
z@JT%q%X=@F!PDibY83#!IAm+x#_$xUSWh_@vZx1|Og>Fwv8s!UzV({JP?@K8jxVBS
zI+h`HpgK@;@Qg-?UP$W$9boGhQH9NJR^w!TLlLC?$~d!ykvA6N=>ksfA}F@>5Wjv7
zIS#}UVKlF4jx7u$MYty(dirHPK+V)$5KCUM?k){aF4$(odpL*($^`P<L6x@NLio9#
zajOuCY9x32y#!u*rz^{Fk+1EViX)ymjd+or12D`4vq`!na<v7umaCA=ljy8R#=KNh
z>;d_LcAc$3<tf)Cdb^D6BVWm$IN;S(VQMdXoNu3nc=*_|-=(W-Hxh@rKL~mu^dd!8
zG#kBn^ktCamFIR+Lqtt?tMt%|u9dJp88H)=o7s0<VlP#-X>eaF;#_b?3&!+5MCkW6
zHS8Kg1j#zEW|&}Bwp1<NOO8beiLD15Z9^(u`n=}$jWWp+Os@)f(8Bd&4WeW+YwW_D
zm2lT{06iE0<9N0%lpstciHO~tJu3H##6b<_hOwbz_jSs3&zSKWe7Jj+ApDfI9%gK2
zbI*hM6zF|_bq;;~)<f<jp_ZMP0R(*<8R^{QQa}iobX_((pn?CKg4zHmX?y2sVdNV_
zRzBAh(t)E4>NLH5L5`rPYmy{Q^bWKNw_lZ1!T_XTh?~c(nh`IKShItkn$Rl3BP(v_
zjh1zkb5mI@7J8;#xGDQkunE^Zt}9V@KptqzJ38<v!lM!i=;2~lw$2=8W`V?1SnPos
zH&$uN*EA%Bf~=-iI=zYMx#eYOjIdi-_@aREsuE9y)9`5-7>d1zS}$#-`aCGQkyY+y
zMdpk-+CY5^$GD-87`+65^^!0w*^YZq*5(<|l0u_<-&~DIAHPSn+Epla>8msVZvu$l
zGmH|{mY9d<7f*Tz4iI)#*O#5yucGdyi_}hZEAX7*OZ5N<qIWJn%Z$(ZCXWh(@nJcO
zM26?hF9wBgEO8ES895P5{dCxuNjH@f6sRUUu~W1IUNGd7BX_1CYD7MgGXNMP*cpb*
zeQ*yTtCue&Un#g3*)tn6HB%}gn0)>o_y8ooeHELD9?@@jNpTAwH6u`D1M!$60G4PX
zk`ZY?K}$d}CkPu8ruW9*JbISECVcORgsu4zUZcsy`dhUq*fvp~U>dVi-ed=JAg1nw
zO6BxsY}?=!lb%?GCW>WKX|IlWz@Cm<Jdt*Ic*`7F-PkQ9eF88+ly8P~G^>@sg*fso
z703|H3gc){fJ5$H@p>jOa*JPMVpwcNJiorytd|#7k=EY9gVav=We~&X6!a2Z-3y@`
zcFteUK{`8lhM_-y&0x^ld=vuV8j(%?mqJUFZMQLnfow%nBd((@{w!tY&Cz4sRGe&+
zSMUtUcp4EDDfdl1fz8`3k1E7p1;#l+0*d$z%tU1ZSSUOgGN%L7w=R!7Armx=(;nff
zDhD}Ec?&25JcO*bgv9T-satxyo@QG=X?pTNRtv?Y-ZN(p8>ggsc&a?1FDD<pj1Hny
zoXC{gg9>OZLw|=iu)|1RbPJ2LrNxS9+CsT?qu>qDHWn5EhFK3L-|LJ_(s-1+3nMN8
zQq?YR9Wss8Krhc~1v;Sds?nDM1cb~ss-iBVO>ILc)tfI~0`n;?sIFo{&I7Ev3c_}D
z4XD#W)Yh)GIW$gNu_dD52hRyO*u?6Qa5e)2ryZvbUMTTO-%B%iK}B<MgLiv?*^xJG
z%uEeidWegg)e>Y-JgG;cPjoF5Y?PH6JoPA0xH{+fZgdH@%K#SLSLoG?2m7Qw0`hVQ
z8Se}ODW|}u0Y<9K$F4;JSj|x?<5+w7q;nnzLW;4vjh|gMokBex?pLWpGH(UZ%LS{;
zUSlBur_wv0X-^oi9KvEb;n(SFAoW~%u=y5<6JtlNK$xZy`o%4z)A%FRiALg8oGAnw
zU&s>cFz8!xi^)tw10Z7Xvy3Ei3~g!4R^+bmZZaJ_*&d6>mW&hj6cS@q)G?(@*1YX3
za;Ap?Cw10l=M~N!p0PS;F1+K=P6KRb_D_ZUOCjeg!4kANZOQJE0iyFGpM)p`dNfRr
z;I1D{ZTIshMe&zI*RwfJ_oC-|FQT!sN{utpmpEI3m9-xZ5G40dHHmQEm^UxuJ9FSm
zH1LXJ0Jw35ePD33SQ)$f9OMaQj*1i)q>&$uTsJ@B=OooIz3+7zs*+BdZV-%-m@Mhc
z7$OW@1ZE%sl;F!<df8EJz%NlKd!Yx4109E|wC3r?YbYhl&S=fjcG)rLH6^BKKT<Mq
zgh$Q|X+ik>5Y|O~ujob8^Lz**jp$w}@t9YW%HBu=X9_WhDu*)<PEHTlJeiYm!L7XO
z6oXd|C~s5A3M=P|+~o|;T<7tL3f$V;rvd31st6!K@@8IE$)&Y$pRSpP3~{OigV`?6
zQ+pTJqOEjoX9#_61o%7QtQU4_uJ>N%Y@Qqsh}@Y<4x<~sqZ#ncD_PXtiQC7#>%-6e
zriq^5>GQ{cR`O!s9rC*uTvEmZdMX>5mT!Rk2KlrN0JkiMrmv5Sm@O0SCFS}~iDOCC
zc&sO@-$FhYFnLg6A(O9qTW7X<W9#9gJ@k&I^opm+58Dd~FC+9WDy3J5!nM>qWji7f
zUIzBPhoKAJPSYx@o;&nB<DsU#HSCjA>t%+DS5wYXFBRm)c26&3wb9#-MBe2Er&DOC
zeIqL{*ItY3nqk|!G44xMlrQhtu0}`IWE}Sv3_M87G3z0x5MLV$1fbGTw$W>Tqze~|
zdNq|)xDm)zyK@&>Uk-_WITT0NZ5=QR0i)&CV;hFvxT#%)h<;5YvvFZ7Q<{w%jqs;L
zkv#gwsdX=<@GhW81!4O@TV56RD`T=!ZpK->gjWql4lW%=8=Q7^EB8<!t>VVnthF1P
z1g7;C&<X}rJ*N|CUt>p2n-iN*%;0HYcopO`1fv5YVS>Dw8|7>~OFz)tn{{|%!GYs-
zild#*8!m-gZ3o5fMCCOZeUW)4W&K{uJOyFP$E}XY>*>Lx;>$<2ukqPpQ4&0g*MJfx
zxy6z7PzITR*wp;#-ZIYgF|l|{2|dqQum_Z|)8r}3r>=t+{)`eWre|pH%mX?1l7ku~
z@8G3$zD4&_#BAaq>L$;2KoFy2(1snXO6O4J5Xz<JOe}l~W5*CUkX%ij+E#C|ZQ4jB
z<}?jL+-mB<UB9~37kIaCg28#>9ib}_S7h3j&`8&s!pgqn;Ls#`(b0xC)aZ>7%y=dc
z2wuLAsux@n5d;jLgT_U$*-V_t-sJd>EB5nNTypob%D0$J&yoyY^(Y@k?QIZ}#JLZV
zRFtsdfdPdjd4T7WF|ScYmG(|~v@PDslNj#%VvwGRyDG+ekDwjuL8Ct;O#~tuZJMoA
zNRcfS<2(d`EKVhPj<y$&IO)Zt?^W1YPzXHb!L{aql%%TievCvOk7B4GmH9lGt)<tK
z37UbJqJoca5v$wqk{<G~22HVT)0TKY5_|<#)@M^>I+$e`K#$gd<Q$}v?&8Suwh8u2
zBIPfMX8o|<WpWuX?6BzTSH2QX^3Z(UmIvlcmhb3jc199vf%Pwox>R;%VkfQ&W8uxz
zE)8tSL6agJ<i>flK(fAk@cQ-EC_k2aaoB4MTqAjhS|}s4W3h(T3$~rRQC5e}SZIl)
zT5>^088liK$}6v*k+r~0FnVK84d}svAl%-|+Ogv9hw^ycWoH1c@S!T&D8E<45u%Ht
zQfsur{&redHlWy`ixxakU|zj4xVuMW_;6t^k&=kLL3ytI8PGK=T@k8u-qhZM*g32+
zmz=3ZYh9f+ph~VqqDafK-_HlS4|IbDW(^3gu}joXHcJkYkf8uU+-7UW8F(hCd323D
z`7lM$X#w3l`WBu7JV0d}nWbs*+s?_zSY(pPIy`_)z}FyqZ<G<=-4i^7K;`GH6;xVU
zEjMqpv-qh-Vk>OV3#aHu<`KWbS7MZB6i1MQ1ZuOwO34|WJYpIG9jZ6^GEB|+nxQoL
z;Cj}Wh~<gO3r}FUSP_<Hr@gwEhX@ETSHM$O#2I{j?-GPTf6-bstAu$e1dnp7sVjwN
zX1p5$paYJ*D{>KR7O)?oAM8m@OvTuoZ;-A+KIiEaickc`_fV@lkDRcA6pi<)EO1!m
z+^zQkK?Qh$t+3>CC4Y-{;h-<paSaOyUcMpPqxXu7R^nYw0Sml?zLw1~1`|^wauzS#
z<CaOYLDJDF+sx6VI=PKTUs1|iQN!sjh4Yy`RDUM5EPIqMP(<&`BBL*hln#ZrU+_S+
zi4Cx{g}0Ym0xYP=06V4)O<ajjyxeIuEy+J8Bg?ncX9}ZcSxiV$ZT^VUm&sL^8ri|^
zg6_x`Ii`!Y``sgmc>o~(CbSi@yGoxKax<C~OyPx7Mx+fAnsHt}%gHvzoai&ETSJqR
zz(ps~3`ywPP0*6gUZA#sSIF$ML+@T%j^ag2FPtJh5ds5MwG9TPt^_`N(szz8rAz?B
zq{?OujBOQTFNa6iyV5TmJ>j?{&cm1~z+{?(7LfUA_paHU2HWj3AeBhu%JaC{WtpA6
z<-WpU8HrsPi<xz6bj!g7K2Sny#(r{$E~~GUWFM?r%QH*FfKa5#R(WwosdcP-iE2EI
z2XIYuFBM+0gP?hExr=BRmc_e$gS@5@rlgF4FMER(k}Z(k;@P!!aA`t9V6#fTJ>qSV
z?DkrAB@t(zw#r`4cdpPj2M??auHG9*<=c0gkv&xR*txQIuZo9w%xcy|`%ICm>3HDT
zq6WVO=Vux+xdhw^9!9m!?<7XSA4%KjC>K6Oc6Td|Yr~usD#UdV)61?jhH;O0(`Iu~
zma{FKI(ZK{im+l}0^w-)s9$8g2Yj@mqI1f+B3L=NTvVB_t<qeqlb+iNYQn55z#*5)
z1Cc2t!W8SxrR7|nhd`xJyJ{&cy0Fx+l904b9Qkq(OWp&JV69eop5cQO*BW~42XYX|
zfp1u9Oi6(?XG(Hk6*n)|p1en<RvhCcrXkNCeQD(IrBTuJZQNlj6}?`Yq+|k{x3X=m
zh?Jg0xgBbf?)uCZd8Mv$c>nSUlxRDvXCl3+n&1{H>P0W6ravh`$46$tQ?ytNU~m)T
zksLn6l$q&Q0{TXl@>mjkfV;>mbmyEo^I2P;?(K`GFLOl~R~uKJ_4$f7!APE1Ca7DO
zuWz!()7cwMy~nOu6^jR4isXiHCJ%W|*+4PiII}zbGL9Dk{JE?$9>Zk~kyp$x;XXj;
z2r+`;K%{G?K$XnW$tmb7y>MMbR~>vllb%wnq6JE0udl1U-0ca(ZITl#3aC-8HQ;8S
zOo++07Ea&ciL5qFCvUG@aq8i=)qqD6BgY{=%?m&ef-n<|djVG#6t~VqKC)fs*CP~Y
zfqizRokrkKpl@U>O|i>Mg?Ludh1F)435XsMdau@t6#>};Vxi(|NVk5}QPELeCs!jT
z^6;GqdSJ^SF6oU}sU*|vz1jk6_d&ECRDVy>jHAK|Zwk0==M80I(iE=&k=`3Gx9rA9
zyvL_d*VqG_=*le_ft`eH)TnQuv{L-N@x8XpoRw;w_hgk^C}*;s`@>A&X(qO5TkMpD
zqRH59dE)6Fn?pxESMq!U;IdaCQy!5ci!xtxCe=QDDzc;9%{KJ9GhsIYeo`*A8f0;{
zOSR!(=UHL{ZM`<<EA+@U(cQrJ5QQFP5P}rEhwP0V4(f!pB`okH@kw+s1(ZFVH^?m)
z0XejM1(awG`*_Orc3%zU%eeXU$iF;dJJGOg?}rT0;Ob8H*i!N36D445eXkD>&(&2@
zOc%(X>`)U2{VCEQse|uOcCh$40QI3!sJ2fY5U>dPPW8FnJd}I5X^w4AEM}rs^8vuw
z=t?s{7z~%%!wVRbPQVq}S$;5{ERo@DIMIt*ef=KSCHDHFr$GwrD+?({xP4@=V#{WI
zq6|$gtRG#0n3|7c6yoFT2NrgEXQf2F?25`y@2sD*JfN7dda}yi$k|4+#Q|!wbTHRD
z)a8+_;ogbnYcwzz+s%%~UW>L~nORdgRn7xNN6FE=3Jn10+od?vLo)7+C^k{LW84O9
z7I=E@y^1BbaO5*X#hWWjX*hQr5@0v(uX}`O6K6yyFr~=2_`SEKqyi&S(5twOKZ9sw
z^F<rdQ+W{bEYP>Ib;}cK-(d6%+@tHHesq&ETk4w;cXC#$+k8_^=jjy5^#mz}fI01~
zMNJ+((+R^|0aid~Y==M%k@rY-kP|tZHSHNZBMj*(t|p{CqeMRorQKC~zK5wArTXeU
z?RvyJ4&E>CmhOch*Y?P$u%Wcey_KGt0E)&Fj~*D&ml@uA8DScZ5=5Pr5AFx7^P35w
z6C>`PD)A(ZNgGg2VHbv`cbvvBP8UF|gYlXup$8PO2_7u?%0Wh!6|2vJJUD?u(SAO4
z;DlEC%1FzF$WkuH>jG8Qw1Bz*`fTP3-o!j_cUs3)v0IVQQe87!HM(Qed?+%!w6&Wp
z#gU%-Trdk?<(EjIUm^)o>QK<CZ5Q3LYuyH^LdZ)KcE020qwS=EJlN?OelJ>!c6o*W
zG|BbNuso*4JjPR}#^<{}d7%%yFznSchThs}iilwhD3CUNu+wfA!E_H3JPfIh%0Le9
zjXznE6<n{@k-Gu3lxw;N+m}wQ74Tl>dzziw;+L{8d|V8*d<q3w4_*#{y{9Du9v-Vt
zHmI%Ph`P3bql!&&&GlwsE%TY5HV4&vVu3m<57urji)9E=>*2G4O08;1;D^t|inQyo
z8ay1Q3<r``@`HTUQ}lRv?J~E<&W<-Ysd=U**z)Djs-6wYs<uZaJgX4RQyWW~(a@oX
z^AIIUmeBS%12Kt<8<29;P^csE>Rjq>_EhL8Mdg|55*<L4KEvb=wwFxV&P%l(LmIxS
z{_G`S()!LRT(ph9N=Df_7xxB7N@j?ZT>=>k-j;nO`P6+}2s(TOwcYH5*-Lw_F>#Jr
z0K9k21Qj5Zp6xZ+&7(!7@F%6JPXU!JbCyFA(Hck=UOS9W(><&z>lq$ufwpj42YA`Q
zM7pvdxIPpQE?y(QBL|+Ddi*4?7x7l4b{Kxxf{|~Di3Sg!QrTJn?n?m42O5eXm_Qhp
z983DvW!;M0p*K1@=h?~h0pJ{|TroSu>jU4FpjI8KnP&ku%0UIPN4%j0KFKSR<guF6
zeJV;!VrjyS@0IYB@Vo1Mg9!1&^og~}KrE~b`h*PK2!SS^m;gMuG>`I^j-~53;f3=Q
z8ZACddca>Mg}pv1o<68cH!4O9?gFXeMKy&)XBdC{9-sq>DTZxhEG2Th@#CvMCnc0B
znAIe=XY*8^yp018+9@HUR6BpJ?=hy8g?9#qB?!Wca9g6)yO4XhN3|>xqGv4ze8~uY
z3NS@%4rE9>q<&9|EXyMY5S3WW-?Y_63F0m%JomJ{NP4`8il-3>^BUUJo=<Ttv%@B=
zS7jAAGC3pk<1XP)KbtD=+4r74w9;{W8R-(sxf*pnE;6LJ?UBMQ2+cEe>OC?FRun<N
zDtv&ml8)j>OI6oJ;9>_9DHdI(QSazcqMfj&${XO@yV|+e>LydKFhJH`a$D8&ms(EJ
z#BjitRC-#$T(1S6(hN-}>(J{Gpfpm;o{dOf)71yAthn0-sz@xf#BgD5uaody+-e%F
z>IBxjQyAd0N$Ua$5_gk>VR0llaDbZYt+`vuT60DZ2JNWQcW)i6*1e5-H-%G#n2R0V
zWSZKZjz>&nkoN&Km7wW(wv=*J+5|_3@hZM!Ea}Bkw+fuv?Jd>ZO7C@xsK?F|Br?Jx
zkyC&Z3WhKke(5cVzISZ<-mgZ~&vl%&CPh~!);idHM)bA7IK#9m4}xq4l~SvUE_Kht
z5ZSfn=OkK0Ch&B&=s7g_kPd0%>hrVBMLJoR7iTP}hmT>>3N?A_Jg4KG2Hd@<7p+Lc
zbUxfQrd)K^+k->`Lgom~0R?xSF9P=k@#Z$XQ>%<H33@aDJ>vMF>eU84S!6R}r7x9`
zzEpCk-Rhxz=NT+G%n_m3VGnavt*41MfuQ$QWO7wQ+F9&_jK{1t$pwG86up9xc+ZO3
zp!Jlo!Su{+J&P1w_p-LM7k$guq#%8F7WBq^9_d!S0*+jE9?i4D$<486D$md?G#}66
zR9^sGOB6+z=nLQJ1$`|lOdu^cq@HP*`l6rgli}H|E1ym@buIDK7YCC9i)rz^*pgKT
z-mC#*2?pKd!Bb%?JED=KcV3#!zSe4G&nOS}iTBwXx(uSM*X#6By+W#A3cpHvx{NPh
zH`PPOIi9B+Y)tqP&XL`p(u2z493v{qcg?K*Lc*-;xk-aIz{7R0Ca$&3C?FyB!;EMS
zW}`kvONZA#?9SbxVV<%eq3YQ_zVK%ytr`yjEqU^-z6c*U1{z5dLTU#lL(1hmE)Iab
z)sDq&$xg6qda%0Yk5kfBjwTIvJ3yGpf+YiA%VQDH-AAjrx4ik5-7CRZWWqbR1kBfD
z=>Z?D%S_C0E&2hy!EDW13F7v(a>Cg6D+6zFnU^-|E%nP}s4!8@c~u@L9Hf=!PB6B<
zEMn*Qd?$<PbwfMARBn3^JC&jc6Ak6Q#toS3&@2bIc`_FUL0ORglA*1FM3B4l`FquP
zr)5jR8l%RXh^7(Ej>|i<;6#WU6P)%En&P&n$Z$<^;Q8)A+eo=+qp3Gn7)Oyf;-MBc
zgEt=SJF1($_LY1Tr6!D?)$9<{bCj?7TrDdW8gj{l_<92z$WU&CiP!u!f4M~P<&tG(
zB5hOJV^ia0W@N~PE0q}V#a5l|@zKo<l1mmGm3s{jd?}c<eCPcold_|l85cyx)z!@t
z1i?YSK%~)Epjw+JU@*@d&_l&<YZH>iaq?P&eH$-B51#Vg8$5dS_Espk#<a=x(ar3n
zAXscvr!?+u$eC6TOFVyC(aPgAqdP!3U`kX+g=Yr^_IzPqP#nij_9G<qHXpWec`x8*
z{IH6mb&fTj!kTO-$D83>siFZ#jprlERBi{4`Igaj=DHJ9`K1Qd1Q{KJjm}x3z9#|)
zrocpI{YX%#UG3ew(GG{vn&r*n2k85VW}dQ5qQ5}s<LY^=+;a;9<ZmqqP~_FYD<Hqs
zV^<1!=PIoTUcGA6JS76JaYEzVYWg9ZmHEURc+Rq(@SdTAzYACeiCD(&eT)dTSNl-b
z6RHA-$>*NrN%ZhRJ4lr7sJ|Bvj2sH&$3#F`05raSi*%TrFZ@l(K`H@S<i%b9$di49
ztnCiiCIAlm^rfcSat1uR<_CC1UI6Mu5?;@zpU*C8UL+!!psRD;a6%BYky?&WGF#Uu
znkPJp;YnmwG2!Ux9oxQW0(rt1{PKDP{M1Z1?kSI*#Y-!z@;jt53BEJ+%hMUNdcC({
zhH`5#-s`NMTTZH75JyNZ34poy2Cn@m`usVl3p`H$#cX|Ej@YAEy$Tviuvp0hJhR*z
z^Q0IGPEFruOMns#UX^?Zr&lQ>Jls6-3bRLLoWVUS6}KrCiT0*T_fsbSlBwNiH-bzp
z%JY~gt1J7+Uj^{p!^O@PZ*vTXIF%6x8&;!N1gBQ12u)>w*;LCjl@qm*)lTnJQrQ9_
z6O>d+*b3-zW1c2bxB<W!0-#dJrdYS!0~Kx2R6X)_X<|{!IU-^}#J~iWrZ>!iKXs8`
zP#M=%E4cU?Myl1#R^t;RnGMA~OUJB$UdA8<OX+mZthxz|>M19Kb+A~9o#ZB3e2{p+
zx{_|mM?F`?lb8FRHQtoeOw86JG~gDO(MMfn3H+SN(zW|cOkA|&Nzn%7bEBh@c^xc`
zdQaGj&0@vEtDW56x`4Q(T`mD6TdChwu5h8z^RcdXNgdBPn1r4<kINyughriWo-Cq~
z$>orV*<{Z1&1XO*le2Hgij$U7_1wEBMSWyA5f^7t#w%?nx@J3&-5O)@BE?1`Z=bO-
zj$g;zqk2^e=a;pKn;AkL#c%M|kW!%R)v0$5Y9>kIOvpGS92$dS0!|#dK!^vr54zS=
z1ZGDvGQG+R6effn?Sk-8XV!=V%jdqkrt4GbfMj|)lxd*?D)&0*WhpDcBraMqvjtp~
z)g#R(78NO*a@!BzQ1FFaJL?!>u$1P^29_!d-_cPz_9ez?v9#cT)jFZxTH}IH5(jY6
zHf;pOL+*)5b{42DzuWQV2uE!&&n-$Up#v)kwAqHV+HER-XXbT<(#!Zdk{?)iS^I0Z
zaN>c!?&f;A-GcE*@3Nk}eby3H5qGu4oFTP^lSAVCYP$u$Y<l`-6X5c@eFE3pEU+Dg
zKp=0mWJDLjLl<Ty!1xxQuflUeAcOYDy}CI~RjzgVmrnG|+jLzm*fzM~`E$ipSe0PF
zLNu#s#P_b|DxU}yi%%a`GPaZK_%WWHw})#%vK2|)$N>f4w1Krh4^gO%M=efEC9SW=
z#e_E|G{Z<5DTf}HyWPl!c8`#NRg3aTEG?wpdL%PvK4EIA2Q*l5es35LI}{dOE%{b?
z<djfX86)nE>Mhq0Wvvyxy|71qa#PYHK#Ax8u%MvxP!yWFhP!O*0unOONxL3pyP#;P
zIff6B9FO=sFugl>oLF^~$#ulF1jaxGS|+zM>X78HrfIeglCr`wuf6xUP@br!7i+ek
zc7v%rfDMB}$~j+{%kI>afFKVXdpjaCN}R;X0&yjZP)oU>p%6BrEL|NNL1l;c0zh^X
zav{A$auSbxn^Krbm6cZWRfZ)1Y#NaPY5;(3+708?JAZX9Ba4xR3`cjXGX{qdWf2l#
zyUnk{vpQidfS76Ekk^)r+|%Fr^2x7Sequ>;Avj7k6%~DRZ^#dxan-!ytPmmQTxMQ+
z;ckR0^_owfro&YkBF~z}h?@d*ki3|nenm>yY5~d`uO>WR?Yw^S^5n4@SgE)M(rE8U
zz{@JesU9h=Qrn|^DCc!U5A2Ppp{#2h8_(%Uhwp1#6+|m^=7Q%>&@Htn7lb!g(86X7
zxNW%Ilf?H5Y4AqTCpM%x_t_?#@ZK$<wqe47AlHaSed)yfrPF%`^qxVom(ngjVLi0w
zJ*xAu?ZM%=fXY(f@)u33D>a0|Fcg(!S-uY<`S0mTwT0w$p*C9-jg`K&Dbr3eIpl{i
z*^L9x;Ax8n6ZTZ~d2rmqEeSFEgmG*m2!gCvu|FaP)5{>>i)3**6xhs}cvvzXvNL}4
zE9Zlo2t;F0KI@5B@c3~PrLXjm^({up_;C$`WDGhjk6k1cK(zWETX?dDDlG%6<tXXR
zfXFM@b$tZ&rogQsw1jWso*G7EE_1+HXx$pkA(&_t!oH_dsSl*oH7Rfq!fs-^FqPt-
z5A8fCxAc?7O-#yt&NXrmwGNR^YsY6=pm@;)qTgV!2@FuK=`|vV$ty5?;EL<2>rpfp
z&Ef4<NfoGQ@*cc}smGU^LNB$di<IWIG7oOMU)-W0qzVO0Y1}#6xB!AJknd_AGp}TZ
zYlqJp5tmUdzP!Zu@QzbYc(ccl?!|S{<Ky8j?+6;OV8bMho;UC8y#ohL^SXX;e)TfL
zj*fDku4e(p*!p`eLJ?aX*eOU?L^>8mr0k0F@I4n-j(*t7?}4u_aKz4{=E-$ScSyW6
ztld!p1%1PYX>ls64CPIb`0xsaUsT+aQII#4tVKuaM2;I`WCS%YSUOwbt>QXWFClYc
zOyiL-S}Y(Agx16rb)H#G3Pqir3M2Z+6!y@Cy%X8CLd;UswTB^MLO1@{483oP`gBW0
zu$iM%0Vx7iXKWF+lG*0GDK?a!mipsErLl0EIFUm7@=55+C-op<xKM6y;~JU*YRGYC
zLFjs(H_XrT9$p8MiQe1W)_PRpTmAf+QY-LDX!_sVI`V=@Ku3A@oOMeHo)JrNoe({E
zcW0cY1=(oqlw+|_Me6E?g@HPU!f65;E=T!N#}$k_+?y^*WTr{A%lB@U2FRr5J%z>%
z0ts1k*~yR+PAH(!%5gt^0?|^A+Ve~r$Z_zN;t(Ht&6DN4g`N|vXzSi27jwHbP9ry;
zd2TK$3VQ4w^H@0W6-<|9H5VQD<vYsUQWs4UbV-21T2HUGjC`yH7BA>2TP~AUg}2GF
zc<AtyX9Nrx5(8@R63`y)yZ7c02{vP$Fx`07?wPWuhj))jBu?q2-bf>xs60O-X;!a!
z4W(f(O@i9{00QT+q4D~J@QQ`ZQ)r&W0du)!DZ@#3R*4R;><1t#HSUha0#Bj@1tBNo
zP!D{&mAk^34$e0L<e{8)p*8mD0#+)YI@{JT8%<%}bv3M&o$UIw%%B&tR|``ggxgYZ
z-qB9IU4`~cF0ZR$;`fN(h!j^WK=<sJk>Hs}<`}D^J7k+m5ia0xgviU@OLi7bTZ4>z
zf%=*jJdU)3?Y$X&n~g)&Y2bt`40K~ks?zU_Okw&CUnj4_2{5uFGYFR<i@oRAW(NJ<
zg3U{F%Wg2b*H0?M-u3ho>T#=em8a-~5@%j{sN1LK`%p71dycD@TBQ@K!;i!Q`Ff*P
zX+5IzRWf9FiskhieFX&-R2nxh2P`;tk10&(WyFYo38nBQ)JZ7L4He$qP4Zpc15s#H
zsoTl&UZ@okXPGUZRs`U(spqUlAScsTkCU=*LmU1w>WV<eArpu4yjR%+=3P1~z&S9z
z%y4G2ptDEU%Z9oladyM+dF7=-JTu2qx2FoPEL{)PJ!xCP9ZoaA9H+hVP1K_pRho6C
zP|S87zjjmRnDKt`n9<Y-6x~M@^CW6-wF394Fus&~VoH>1utaMQ(BBikP>(e@EEtH+
z2;zYEEMD*lD!|)k<p2t_Q_g|JLFAsa5XD;Am+x53hKg80Qk?7cJ~X}_%;njdj_62}
zO*>vQSlUD9bHL?6#9b-G5GaagdWTUDQlNP*UOH`iU_Qc&)J<Ht(4C}9Xu3wz5fn_F
zT<eghS!k7Pxes$Rit>WkSLkV`_*l6z0SVH|6P+Z|5fkV|YEZKGYV4JvK1bRc7P@Qh
z8DCMv2wi&JkmAHGxtvuJDU-_}`a*^Ml`20gT$879r&$lPt{#hH_W*R7_8H~bcB(jW
zvL^eLdwX_*cD2kim#LR!UWI7<gxm5iUBH!@=WPec^UgwZptr1TD=V9HyO?2cjPs1s
z-lYzk4G|xNq*LVjf<GAyn^qm1ovdK8X>du+kmduGJ{8SDWZi*g*|qA6Q*?Ra2Ba<<
z@}h%K0QbG;O{sHMawJv1n^8MLd#K#gH9mQO58R^DpHjDWlAk;r$5Aj6FVzu`&5RyN
zq8sCYiUjP^h7fOZf;)e-6@0MJ84?w5I#)FLN+=u;;?t<_@8b!INn6^x<L=l?AcjWc
z8e=ap1XtgPk>YbMhu#tvT(bi0gOh|!l+FO##U|Uzzm(cCeiFHlxk&fPd%?D(y;tiH
z@ub&!VI*v@8A*ict`5x~2rXPdGSHa2cc)xvZ;Tta0u(KfR`OcxFxkDyP-d^)V*_lm
z&WEmG0Vulh3Mu25f+GEV!VEiKl|=ReG~1)_7h%)c2&^l{Td~rCl*9WR9{{#%2bMmU
z4Vv4aJLwBhA$52``QB+_JWI2=sMsSBRelc~D5j<4mR@$0sI9i+zy?H;#flTk5aFX8
zf756DK&7Dzb;~LO&zX>fge%){97_2JWGvz|{NUzn6QhG3Kd}~no=~SbgQko+^&W8-
zSP4HA?dMH*1#<{|``kIT{NNR=3D$Gs8wk6aCt@uX9ZDNl6lgMd1QtJ0CY;}5N+}nu
z#_fwUYZ}aV^K#17XwVFA)HGVyOy<H0LV1yk>XAOB2@7gy?&)WF_h9-BfMqM;&ki^U
z=i_>VT5h-JKyE>uLA|O3AvC7S#-iG|p>t|<uiuk83JxL%&{`@Cq=uPW)k;<NE!}h_
zE}5#?HmHF#7JfV}4BVD&(;bXq=gofk98=cU?gsk_Gd1uoJ@X+`tfy>g`i$v4fNqFD
zs7T%m7>=OyJHO0ViqCTZ*ZQ@GDs1ShA|_G}@tBi0f{tv_Ba$M8MGm%u1ealE*>~nb
zBuJ5k4zx{d%|69dP0prX(<m}#1xBN;tTg_R1KYub7T=drre8{-@k=uj91UVJf#ySG
zkVieQ-@7R3o-;vS7w6%Wi>t8*)#p4gY@|=QqAnzh1ShKga!Lc?y)5a+Ba~gGo2#iB
zeI>77qys_f)`kLPCru<}Uwe4MWSfN!>*_sV5lHvojKvnz#6&W38{RYCNQO6$bg~w&
zg?%s+AHAk*hInq^V{Q}*i%9JBWGM4R-`jCd^z)=^vS2ix8g9JuR@Zu_jBP#BqN4r|
z2JMB=P~$Y|j+~T(Hj*K7Ab3z=B@}FdH9_tHYPP>LZxkwS-e&9`595iq>Uu(*uA-AV
zF10m_(9CQALgxBFLY~EmwNNzg2A3}*Kvp~;(24F{cf`x4!xAPbJurr=JUVBCjBqJ4
zS22M{+M{qTa?E6>Ta`)HbCAHycVu2olp@tB7m(sbHWsw2>k+=ej!|l_j07w?<Y05z
z-YGT2L=}R<Zk&?75I_M|OnhVF<&zvv&gb_;NTR6TqufBWp?tEi5Y^tvppCq45#4nl
zL3MS-&^T!&>8=oC2=R(F1Ftr?%~LyiqaBkLJ!<^XjIs7&biV93Q8BvIz%BvpTt+(v
z0r#p_CPDO?YUqdyGa#U7G#lT3;d70V;khs0x#nUz66LgnP@xBsMzcC$qbL^Pa<Sdh
z0KT(UM{Y>)Qea_#TBB`TWplSB%VXW-=-B2vC0t>C0d)#Y(R28~I$plS_RFQcQc$XR
z$O(Fx>*vgl`7}zI9&c|3^R`~SzI;gHfHqUlUW=r1!^Ilkms8GPPK{qy;t2*fPsyR_
zW!;^N2JxPf<+C2}J`n}4N<Z93Jl1w7M&X;)JiRs^y@E;{aq*{Az7~j}lYsHww!xMP
zWYfXhJyaLMCqzf<zG>%kc|n=ACYvy*F;R^;_?Cj-^Aw{HvMBOm98WHL-gl!EH#{~n
zo^8bsc%Sps!-7Zt0vn?<<~gqFFgofgTXw15LrO-skcLsY$<!suBz8m~YN{2A_E*bB
z#_J6@oMZ^2SzdDxBC3b=rY3Fpuu7`tZQd}u=B-+(6R4K=_ApyT)5Zp)9`#D6cOp3z
z=SJ07JJXqI-Ptpez^=DD=F(0{2BvJVohbR<NIlO5y6)Z=`bZC}mOMfl&S#dXA<!v8
z4*4Y<4KvyL5r-WViFH>cxi(#yyOc6<@Wp#2&IO(RN?7ht2v2R>S8{pcT{{W$HG!G;
zV%WW;Q{H<Mo#HQHoG=9ikCl21+Mf|$gei;da?I=8xhU;}ETdbShK^&rXxSd5k)!b%
z-6`r?!~<5Er+vhpAwmVDvd?vfxx(cgWb3=_<#PoD3wY;Kw0L?9Xb1A1->$P-Lo*nG
z>MP+BQC2=)w<EwHir8y3ueNtp_XNyI2m(NvNyYUMy(*@Z9a=`Mn1}a(aBC_xUXN&V
zp=~beU?SvmG<>-)MshTXpeH>8bFMF2uvG?LAk1-Q*;zGqa&&4A_|A2Q=`0XMZp^b-
zP|J*Z*DtjPrp5-Z^)+V`qF&Uz9)k)_d1V-Gjdm&{YnCHw+>QDvRnV7IwV}?n29LoN
zp1qD{r%FLvkGOWM%tTsg9W$~p863t+uRU|`Dd}Sc?PzQ}#oUp&u=&fXmlJSe*LPJ6
zVA>V#8iG*Etmmkh%lGWW;>9^Q_w*F6^0eJ^xIHiRJ~B3k)Reo2g(LQYX$_4HjA=cv
zz<G%;m~qI?F4r}k%-2}~D~A0+PF!x=^Q$`7Oo~u>P22g3-rJ<XComhgd1-p(@yl_N
z?#%VQcN?Z)Sg#FZ6D5hl2NX{7-1i;mU2z*^;d57YEmwZduT^T?se^b;p<>L(K+3#m
z2RR%z)?;)d)`O*9232H}lQOB`1S`P!%8I{~s9f&T=6wF-Re%Sl<sG?W)q=9}ZO=>L
zA|p+a+lE`IGC77fds*ReCey%3??m)P#Gt@qe2lcHqlTf80~40&;DsTU#*Xu-x@&gZ
z93lfAzg>xT?$I24EEK&h%ajkDUv=kWj+vLVU=rcx?ue;?`BZU<G2Iz{r4ML#i@0Yn
z?XQ@jgV^RSi$Y{t_Plc08gl~0df;SA@se1^&?4Q`t6tHh<&q->iC=jVUEFY5fbyfw
zeGkQlvrz>0S?p~=V7tEr1Uj4C+NMn2>>;zXWtoQ8?Q$DJ^GN#%VcmtpqE-Pg=@358
zxJMGN2cO86b<f)6C2EfA^NdFAeH;XCu_mvLUUTsBd7+cw5Nz|a8>TBX2edWOP&Ol&
z2LWLnPI>o6TR4l}T&oJuOTc;&u$mqbYw)arL6SQw&`qmU;d0lrAKX;bhgA&lWtA<;
zP{pQkr^2bW&t*Nc2@EeQ)Y;O+O4xjDy97+<G0$ArEc!rRo0&^ytOlJE9&*|V{-u?8
z0Yk9@P&K{*Y14HEcvf!<d`8e6JCz(IWL}gP(qN-p^e{~D<N&Znoov}7kZa{=0W7h6
z?|AD)+Ks7cq;A1ES6{faW*0dwhsViI$~wJ%xWUJ`Vpaee4zbv;AdcBV%|^7@trOX2
zgcN|RCiY%Lz5_owsdbHPONLkS<WYs0%<O471bW?5%X0%5tyq(rZk8<unP(drV;6Nx
zf_5d9LL_aJNkQ4>Pg3gml33Q9Hr2q9+3%qXU*HkWMO5Q!MM<@s9A&=L_q2%I50|2q
z<1w}-hr|jfWW;HNV<OykKUj)xGiQ|Ns5L}>V=jTN&*VmRy3KbvQ#PidFyP8l`=}SC
z?cPEOOIV6TO|Mm7mR}Fa7A&;Q0l8DB+R_29lB$Te-P0RLsvVXnflC_q*HNz7z6|Lb
zbPN%lRlBivgXDCe^+p0btR`<<`58q)6q_(tzI(akv)6BSUyq7wJqCYrFX!>-qJq4o
z?BJ5F;p?hi8Xy)X%mc#Jg%)Xf;@ll*6XEE?2jY^WDgb$fudOej=)D1)n`wLAk7Nl-
zU!PMxuw!oFS1TUIh)|Q;$B)%JfS6+H3Rpazo?4eg^D?893_OHbcNPqf?j3wOl>tB|
z)TiJ~uTzNq6_dOnUMUvl2dJ}4W3sjtvy76+-uwcDlrS6TELNdQT#^gC(|}ytEI2;3
z@-M9-38R*u;j0mIK-suS)rO<-*V&@4%rq<R`Mu?{J)-Dheh>I68E~(trpC56ULX*K
zt6;nS<<-El3barS-YGYol)1e14A3zaE48joq(@XTI8t5SZ|gX^b#DEN(L?ZIh^k_n
z(NG1<agElqFcdQHSfkRLc>O~C>gHi^Qw!Okv_8bc2$-g<T`5%-LnOg^^MZgn=3OCM
zy%?M~iQpuB=d(GJs}iwj{Q#@cXZI+h(r@5N06jp$zk>5fpk2lCieBoj*~9m!1UlbP
z4QQOj%T`xob`5(W-GXfFcyY=R{N5-r3D7345^1`FIy^cRz4j4^0mj3DFy9(J+Innj
zV&X|bZYQ<RE=C)9IUcVps)LTsGTu3<SLZg_Mnqbry&`;wY_}j6yPh1lZ28jKyW_16
zO+DipSqOB5gE53hC`Ouk4x`i<6SWmIlk3eA0Q5{xTo5g&uhx=Ke5*2uRCLE3^?^~H
zs@fr;u^mV`4;x^-?e?n6GJ!#*-Zgx&w|(xB-Fv0I{m2uYPr7n@R}eAMt%nd1t_gNs
zM4>w@o>C(nwy8?iDvji%(j?qHb*e|LlZFD$NFa61&z>0Lf<1i|T_}?~1@8&f+$r?|
zyohe5NKcYZ>^7C$L9{Xov?A#tqv&J3pz(Q!_%JU@>rjal8M?%3r9-=DIiJQ5>7`R0
z%)MJm-hKA?aZ9JVIyJNem-$O5x>N<;drmG0i~ST*(ZoI5vC;<{z3JtHA(qMM!B&qq
z&ml&)9>~h`doi6~UZH+@)qYeOuLj0sFQRj6nkeTO+%qJfFr7XlcuW4O`jNUhthtT)
zkas^1W1-U|%5<^Uy>-MAM){XmxVbVX%mK=F2QOSy++0ekksU^6?rpuqTjdaf1#3X#
zo5PunbU}9ue{YmC;vR{JI?-F2fsRzG%$g&jrhLfpv`0+LUkJGm!wj&ETFyCn5Lj!g
z5zt$blv5q5%&Da?+I%FaSthUZS&ke(&EURKLZ`A(--WdV)OKNThQZCLmnc5&8EYMI
zB6#a!jYcZj5>=_ecEsZJFgU=`Dk3E?%sYc+c;M)9#LUaIN2p~@zB?uD_ZnQ#B}OZw
zfTz`NiYu4LUZpUssywZ|rMoJb%nR%-CF^6?cw{Z}ntCk^z(Ur-B)#>b!77AQ6nTzi
z1vWiqF7D(g3k8%So>gGj3ct<=;JQwcSF<9-(+J8rp?AgOZ!@shI^Fp-7iJid8-Z9s
zcJzv^b=VMfgWlm8t9T}P-3#B@ICRa^WtUL~@8o1rRuA--BeV_ooCJEtpN%>vE?+Lv
z107I3I?NtX3p<>pj9G_}8CI?oA1NB~i-&Y*7F$%5b7=O?=_;FFp>Ik-cl_#I6GM4(
zia`4GIa*mrk_5b`yXYd%c_~TT7G>Q)bC0pr@MwG~VUr3{#JirPLkKxZJBynXWq_^o
z3tP%JNOH>k@HNWxK~JkbL(>$$(}vmy55@JhauOz9B3mA8?=;a(T}GD&U7-zWvqIVS
zb{M`5NLG%he$Yeq<TkwUt=!y~Sj1mqZNo(vBA~V=C0LHbpfZ_&_UbVsNZgPHGgW4i
zw|2s_BHGR77#R<4s8c13qXyp?SkEGy75dAp^n5lfnOzFjFKH$$`7O~B=^<_=;pAQU
z_J%Ff9Ei<yu*Bw44mNPsJOF=hb@VB~BiN07>OC}Dvd?$SNL&0}#}*?t#%rb-PaF}m
z>?A1nNO?{Thbcj#wHuKMky_Mk6q-IO$i2vDZ`FUQv)c2f^DT<e6U^qvb%JhGtE9xZ
z{LtTNn-a1`DcOq(lhPwueG{ra55w1KRX0|y+;9$ZUV=_Om*%wVK<;{m)3}*IA^r||
zDiGS;Ut0y}la+Z_l23&;JWDCto!ecS6?FYrUU^hbp`2CBa_rUA5Q0nOHCWtG;*Hae
zTX5t-fR?PuiXsBpi{WnZ>|g>7K55`L)2wfSpYL<QENAR}I1#*f`^@)D)-Ei{95Bf_
z(`!kIsHpNlU2J_vO{JrO!NQADg<wV9tZ|vbGWn$|oIOrewMNC)uxYwwz)xzF=W!t#
zIpV99PGWnUjQ0qhGEO|~YvX0TH}v4yJ~uap)Iy;&t3t5Ag<ygr_wiWJsnK$$z$YH#
zG(8R;=-DnWXD!Og5m=v{x4mHSfGp;HIGg4Vj;g_%bSt0lD=Z9GfeZ}1r#b<3i^-j7
z3vbGwSdEkT;ajN%!PV#Lu@QBtQzc8O^eVjw!Lls5O#}lyv4P&<t<8uiyW-^?fWkg#
z<Y0Ujh?Z~AS)6I&Ni!G~dEm>}9)qcGSjB<8{L8FIUuMBH3p&1MosZIq=+^SpF<r-b
z7&A%qoyrs7Q4qX!E=;={f-bgU4eceQRM)Dgjr1&R4J#eZ_x_x;80IoOl(Kj<N<m)%
z3C+s#s4O=?MlGK2tU0DIAP!CeK2?mDOixbNMxD#qil#Xsg<gn9aRaG3+Vrz=ft8|{
z3?+~{F<7~}$~Q@nZ^$m*%XQU@_5&CenXqcZk(0CzGw=3Wlu!(8Ds-pmt)6EY>HQSs
zNvyjDQvq*PXZyRg2jyJ(it7Q<LSZ5zZ1K<=S{jfsYkIIx6SKSArQtI3A(dU2^!cQW
z7UIw3*K*h<PjyifvrTFr#MUF9bnm#G!Nk|jOXs3nFjd4+ukm;0+d#{B`Sz4}hRvz)
zoa-&^7%azAl+nrva(7J$Maw6-w<E<mX75Ids4E{3fpkw8la@h<8&$Op#-mddt9jQk
zoP<tS)yK72h6$vZgjD0*?YO(7vV8JhfHCabDBNGH)A}V}I`KeWW|nn(^b->uKL-z8
zS65Q#o?sVq0}jaa+@+i6Os$k8iePC8dTt)PYcPafimJP%R(ggwOxP@U)ZGDZ2G!pn
zZOK*zD{n)+4(d|c)UJCbfu*=wi*mgMjrOpZ#^;HfDWU!j^iJtcY{ZX}h^^=Nb(!dC
zl3Xu<^B7mAz4TtBWej-@uPNg$nAKC`_lJ_xa!ESW7xqZoW<+TN&iTa}L1Q))lfAT=
zE<<sg!qF6~<OTAoP*$22?(Nvxr)|K^ymATyToI3jCyzlaWa&#ShA*{d$+eORbiDw?
zkk8=?doH(T1Bc?A72a~btp--ti%8avb%zRVF?JGhT6d%*T}c<aYZZ&rXH55(TL;&o
zO2b25kDe??-x>G>RA&j8ax*wC-Gc+R5PLg(os*a@%x~~%EJSBc7>Ge~?;GDN*6!Z7
z>~nIYt=`5ifk>`1h4nNBA6Rg>$}7Tsm3EZ@U;<DZWE}9Gf>YzzrIdM<F*Zw}S%a)n
z@a%%{)e7l^zv9rfhxMMttdMX#d+&iv;^IOmQV&|}W#Q_o<#nHeneM|-!Cp+fR?QBU
z+SX>th?E*LeOVa<5BY#sZ5QLQ^9r+KtFKxH(c}ezTpq%)$`i(;l+Iioa^~m`jK|ok
zFJ2_@dl^&nz<^*KN+rvRvR-5~#h}{sHHZ?sLJ1V~yMEzXKv3)_*9XuqwZ`viTk~<w
z*oGB?7B^02tn3Arg|*1+({kU)#;6Av7PWOxuUwDMC{+}ak)#?=#Z2Qo`U>wQMNtB|
zfsrw+P%1RGhi@|V#PxN(a7#d$ouRPv=QR4F#}K{Kg+vA~JnQgef|Vmt5uC<Gg1M-8
zZ#hgxHlO433e1vHObd7%Bdl*|hRiYaDI-dwSI7nG?$#J4;VgPbZV`#<yxaqbbj}jC
zAfi3LXEPLSMKo}zWKFWmY6^C)vo%g?$?<xnpJM7Ml1{agzS2t>>8Lo*j+;rQ%i;H`
zBTbXg8}V^tmmIu%XU}bk1w2v;y+h|75@JdCBji%Pdy5lLO^=gK_G}|w`|-+U)PB0<
zpD)C%ZgdbMp{{!u4F-p4kMKRwk>P5LY)VGl_MY9f6vL$@*gVA>==T!twkT|-%rfjC
z8RfA}saEHoa%J|jySUU-29Dw}VzG9s-FMgYfH`a7aFFl?F<>d|yKV3o&V7#|6a%HI
zEv7Txv*rZajmU~e^;n+?YJk{!wLQE{4kqdo3PmC|6o*{?-Dv}k*G1de)8sA{%9MRV
zSaZG9i})U`JbJpzr}&B-pvhMPY^Wb0pMs$xa_BioFvgp1h`ipnS!fz5moyhyi<$)(
zCXrw$JcRw8$}~aESjToc0Sg3e3WJoWD^{h(yGP`PHKV+=jNxJ?JC^SdLfUw1I#DXN
z;;3Bdai~qXdV*6TYw`<Y4Zy9G$(n`3_a>q}l1I-p23xPt#Orn8dblQ#oMcn_=wU`~
zsm{D+97ZBE&}1j>%huE>jeUb+#7w~zLsAlCTzGR46z=y9y#jB{O>Mj936*uvdvc-k
z>IJ?4YIkWiXgV7zfD9rHgK&LoHt&izu^qa^JNhO<7h11e?p4VHuaNcPCnDX$B_2*O
z$xKyU2Pth8MZ9m;SvS`Cy~E^uq*-lw{!*&?Hi~PUoso+~p~dTM<m(*vbA?LQ6hs`z
zQi=+E8X3xUL?unF)6y@6e!k6h^Q)p&#=K_LGP!<2QOy-m&MzIp?9C89V4+pqMy2cS
zf()*g1<t-T5*^nh>-;!+2!&Vnk@iuAf#F)S9h?{sqEYNlPQ8H{xYkHJBVrHS%UaW5
za_~`>AhZKbn=iRUzvN=nlAey+5UhEMHI{Xa1SueF;#=u{GwL_a`(j=}WRq~%JS~1*
zYvq!fueT<BidTfA->zVlUYBO${$<yT2V-)c+x#@hPbpj2Z?p)dY4w_D16>0SdNd-T
z3$qEm_7T$~3K7<>*G#zaf{2{V1JbWW-{~}qlnrzqaa&<6Gl|YB%hnA!9_i}<&@)es
z^?2bB@;r@KS=Xd_==Ff^sh6Uyw#?IZdF;>L^>rUc=Bv?I^iDN^z@ZW-Xv&wFOL(<+
z9-QbQNXNT}M&fzEK41?mjs@naQphQUsO_e|E=^i0M}yN?doji4#*0TB*&!j!B!+_k
zz4NG1aED*SNp6R^2{LWtdKr7hrS#ib5%zMERY)S9@CS^s^xk!(dmmgp6V)y9kibA~
z9F(Y0ujg>)T=P~FV7SdigYWt68^5|)0euyC`NHx#!5&r^1(U{}qgctq0$-GFp=@7S
zQ(v8V0a6u<#Y*g$m*K&TeP9l~S{S5b7!1SPPC}Uc*dnN&<wY1An~E1mmT)Q>nVjH_
z(aR@mbaA0l$?t(^h`kg~0K&z|f;^&4c#Cz5>%K)p6}IAH7Vp+d-!r@?8f}(l`yK}I
z^krN*7#(lkOY<vbrIc1b(t*cy4fU!$Cpm&zwYa_LfIX5~i}byRti?>wM<uz%7?109
zgOp{jQl4>ym4&sFvm7^%-HsT##gNF>V|FUn=Wl~}Sc*ILgx2(qo+eBtcAU;*syn9#
za^3Fdh3~42IOEnHb-kB5@+QROT|I&3FT0e#?2?wtQ@uwE=MS+Ttxq~RC+{eDU`pBw
zTv3SD>&mpaR_%PItgr~cC=7T_<$~VI0(9uMiCotq@Jzx${?ZHE+m&D8r4|gK4dDut
z3m}<?%<!_v+~CvZB|>vczt?%DY+kd1);9fiDy%)ni79C3)UcY}7?>+G5u!?*(8X7n
zAz(eI-fni;i@YaWAk!;Y`0xdHgb}eFHjK@CGUydgL?Eg*xOuh;8Vg;K``)D^Mj2e6
zl*B$$d&LHwh5UfVL8>1;p?VBghG*-<dvj!u_TCsrcuJ0eha*Zy*WDWdwLOq=iMx38
zfK#&NG_P6PEe>k$X>5;`fJ$~@w2GWv(`@pL<vdTyb;eZN#w~V@ZE`6|LF;(%1jf25
zTCt}R-9=u-@E$VEVEWEOa-y}^R9B^{!tAH~GDT-40#6Rf51!T|px67jEG^Hv`Hhy^
zY)-Os)ZO+|)QD_DlZS{QPV}5WuxbfJMT7u(H2LxC2|hc{G?2xS=bpDTp;haEa0%=5
zKq|NlazeO9POoP3ARt>1%A`ARiUqcW2>m_7(TahXcb#Z>gMh}__paF{P!wYt26SB1
zn%CWAfKX?nEgRPcO?*Z|?2$cp^|0sE>uV-Lp*Vs&P;Pgf&udEUaniemj%0XQ#kXT`
zdIXp}))qNH6QPhW#VWX|p9#~Zzt<v-_#nsNOkPJm^|Q9Y5@dm@S_?jMV#9~>&fl%(
zK?uuE;K9DQv_}L2B+0QT&+lw9cchGV+ufC>f$$|D(Tmv{;_CwY(#z;eFGID(1**lg
zPK_~lRXwMd%e(i24DU5*N}u&ENOk%{MNpllCA4}E=A01WS;U-<u_Nrx)0fkn6>(32
zHUIQ$^7$MSW=_3H4LT0DMMK25DD%{13IT1aZosP4r|4<GyVvu!)uOaI02qumV7mrx
z;pm!A<lzus>XB6I=5Yy25^@MyFGd*d%PUu%Oaq#(;BaErwLCLMN9C3c+9~7---PK$
z`4;Lnc?~z(PdrUf%n87Z5*Jtj`~jf|-A*!TZfiW&g`0<$i(VdFYSYihR=8BD7X;H;
zUgH$Oi9krB*@^p8l3}Rk;s}*yZ%#z_5N?6FT&9;u4`p^2ZtDqqW|$B^>QNWVJf=Da
zHbV0OLmo53Cmw!=<Ih3-;vTMM2aRJivzavQEIB-1QJH@4Fi~vWP;%9>A|6_>#%PDH
zi*efc9i<%7lXvLCyfjKLlPS*yCHVOfTV}8YQA*~8*N9TCutb<Ym)CVEU20o+{j{%E
z^03i6VqC2YC{!n4(|45JA0`pGiiMFfCECp68-9)0W5Zyb?Yacxj=CDAuM{Y_F*vMI
zPzjPMUcGwjrZ1Y_YqW}Tl?{T^&C)g^^hBo_Ry0e?LEmR4*N~F19ik;0G+yjUl=_qb
zv~I}x)!XDQedP_=2w~vz215gVZUo=(Vxov|%^PloN|FcWjP`(2zy+&Im$Age6TJ34
zAEg2ybirf_rH8K(D>FluAD=#o8yRhvQA<@xHR%+x7Lhh<<0s}?Q$C?gAP^5*tji*I
zCG2H>`Q`BC7v1DToT?;yge{Lk5H44P{ooNonGU}-W*=0K1buE+I>^nZ1DhGzC;)=b
z@NCAD5#wx9n*DXZRioE{S2lkMrV5p8co~e`;gW2H!RWvgl9TIRjg`nUd&OWms)zAv
z8F!Z#&T!D=bZ}Ifi^$R=7KWU%4S5Cj0Z`_-h895D(^Tl_zTiPw)+u!&uSDa?MKQtW
z^DeebyHKwnQXusVhzWE!fyiuVpyVBT^!T!@%W=cyT+)*ceHp3G_>KGT&)OAH$99j{
zy?6nl*v{%C60jzyp>)k~-JDA;A$KRVC{_~-5z5sInGvL18nGL&#Uni)(+rC)3MUMu
zKEJ&!cp%<g5Aa3=DVPN3QN4p#qm(V%CrKQ^(8Pdef*IEbPxCqNke+A^k<pVbHnn#K
z@S6APshR@wK=g=f3Xd^oaS&C#XT$uox!Saklg$VF&dw%mmnJumT53BGZqF+3pgQ)^
zoMf+0)&pnAhn*O-B%X|nWFn8BVweqG6K!E*l~NLx$4iw$ZI+yw2ak@rbD!6i&OTZ!
zxi%o=rCKbjp6$Fb=5yNV?T8B+)=X7k-n%2+d({h$iE&u=f?9ouktb-Fbj*vZb~y9V
zfYhe2rB8RNd+%vMwFzIYHNHTpFgCACqpe|xtCU>!ZjX8v=m*@Oo{8@7C__L^Oc4pf
zBjd~oE#hQLxxpwRXI&Pjv5MWR(<-#m4tO{^i;B_V9a>dz*8!I@E;5X(>+bZ1@D8RS
z)vS5+!vi`aJXTv&>$g$xMBP3G^Dn_d2H7|zvt)>gvQw8G(aqmWC8Qb}xIh+6wHb4r
z>%h4k!FqCRi?ikFSzOVjRt9L%O?o0P*Ge=(qZb9s|1>NH$WHii>*+R1k=DIYyocjB
ztPOWeI!q7?H}4|f0uJO!<!y#v?7LE3e*u}a0}u_PQ|VN1pZ1Od+*&l8z%R>Z^56(Y
z(3~1yT4doswTd9p7z^+V#F7jlUfp&_qMpe!pniPm&aiGSX~0@)!K?Iy)JcmCd*YP(
zA`fU^c!OEnxq{mRG0!1N=AL{p=ZApZM+ibKbd3~hGuLK~^2R|usi4f?Grbipoa~8&
zdh4bv_^7twUQ<U3;cPa!nm|)C6(>beAoCR#oODN6j@SU#W~e-V&d=N@D@6g)vW4M|
zazNM?0})6sS0U~B(;F`9y))qRq{>bieU1Wb@eW&yZBXWt<%}cA+pbYtLlSCFgP-NR
z^Y(d@@?29VOh_oUdYt=$Mj4Yk(L~U!&K9*3nU@TfF>sT#u8>*Cg>W9tr9X_@XFWi=
zat3yev+MlGdZ3IOq)$WmZLqWVD(W?&pFILCd~`r!K~g^PrW7u9;qj2A$|e+Tp@V2Q
zYe22}L`@gZmg22|M~mlp5BL;iM^aOPBkmbKh$-}k6FUfx5=m_y3N7c<5io7CgT{bh
zTuZ@Ac_v#=q`DuOsTS80341ofn>{rrMSe*5LvnW`y%ARRh`JrN8FGz!3yPeu$_S-9
zR#{4AO%+VD%m>&ECkaac!|l9s)TMQI89GiuK_>NK&zE7LUxu||jRoT|&H-~$kfq;=
z6c?-YdjlQ^;hstIhJtgZrXI<IhG7CPgo%)FdIt>$_E?<(bk5=oBHZA#P97nq|E<^y
z!4l%|drkX*5mU#bMIJ-i1J!z3m@6{TA;@%zyZCm!j6%V9oR)b^XqUo36m*=PL;N(B
zq=$4KM9VF32V)dgu6*6E#_=JJ#*m7khS_Vz^s|FiS};9n0Fg;xnpv=MLZiCdt15VS
zWhlbh$rkWDWV+bFDw>}R>IF1omig0^$HEI9NfLs>a!@bQIqp&9hN$OLh68^T1x(~%
zStzV{+G>l5E9Ly+ctG*B6sPwhWaE^?B=t?>`K5U)tb5vO!x6jZZ7ph5r#kGaRLNt)
zrD&(;We0=Ltra#~V7vI`@g0~50Y=pBLuKsb_wLCkRp>37^#djq0AdC}UrufnRSWdk
zPJMFA5MadSe4<m&Mc*Ds`qm_qVNNe{xiVKCMEMirnNo)rVcBf2PM#fHyriodSZI@e
zZb!INv|9_{-s|qVdKn=!MG)1ftHfzE`JS80bK%JJ3z5!Bv|zj1(tN;MQCJ+D80N^k
zOpa;%9-pB(ut+|kT@=?k3V({tfDHXg^EsoMJ{sE_yLa=*7Tq*v*pZnTpj4w4Y-euB
z{DqPUdT1HEdW)eujfjjmg(eRxbU?&Fbw-CS-)1c=+Y^5_IBB(M!f&)Ba7BtHWLVFM
z`m!R}49-t5#jCFoiqoc}J(VS%o#dTrN~jx)bv|jPY3dl0UC6wN+Ix=&Y5KitaL0@f
z#RT|Eu@h_kSreP4=s}At9WjSRtPJjN(qdvqNXaFpC%s=kT9AS_;e43INe_rAOUrzo
z`m|&wuFm7|k@pPOxu9{l@-N4VuxLm9QeGYJT=}k$Qz*AzKZ7)&B#L>>b#8MhWKoz)
zSM8Djpmxq+C$1$_a+rBxh6*Ixv=l_3i!KH^0$qX&MrjFZj$5%<SoB&<TRmpCd6Gf!
zJ;h>tC-@S!2|4g!b+0T)-36m@wZIhWEzUmnfTpUFe#t!9QBbf)g~i>x4<_y6ozSSL
zA#EYe^*v|@vUe-#$5a84NgazD?Sv7Gp5@|;<sO!!j~W^tbeyP}KJ#>))0fgs&N+F#
zComW0Y_maj6uSE2y=yeydH~TP4t@Kg%<7&*y2|W?`@AZBNTRd4Wlvk5X}oE%aHimJ
zg-9j9){V{{GpE@#t5?HDUim0t(mjz0sfK_lsC4%R+P2Y=%K&Kny1>I^IHQ#i;DQ;r
zZys$O2ZL2|tA_Qcj5R|D_L>>f<L0z@q|&(o&wyZ`%=3;0)Iu3T7J&>tEn=DGlZwK2
z3Lo{CEs<S^W=E=rj;`dzXgsP&(I8g%o}Qtf+DNbEQ?h+HzRI1&l_~2{RuqQC?KJfI
z=>sXid2s%qa*H}UU*%4sUmz_{b>T@*U&e{jzFI0kC*3{igK?NdR8v_PR(nFE+@8@$
zOlLgd^W@CfsFUZM9<S+{0+fQ#nxM8IYe@YFvv?UDd4jY!v@^y5<Fx`{2=zcNPWWzl
z+)BVqlcI^JAPxiH8lJw~sYhRqA$>WvL7M9YdAjn@bn32~Qp>%y##Am|%o{Y%sM*+i
znfS03_hI8Q^;{koPtS@)K3f#nt345s;>Iopelh+ejd<yD?Jvn7Ev4%^b~r`K+xs?R
zV+@D4A7^6ot*1u5m>FtV40`#7$9Bt2!ywSeRSz!SgbMHjGk`HU4x%mS#)$0fd$?Xx
zm#F%fdW?e8=qb36+oNiiv23vi*3Skk8{R|!L=y<jnmnxljsg=%L01>4W4sm@h21LS
zcPd7WKu0()gU$n-9}C9#S=ba?U&X81NKwm5$GC(ir@WMg&S5u>66$B*8lal%Q}K`w
zKw0&w<*7n-O1Da>xb~Q=IFn6Vy|clzgA@lg6MEb}5MV6<np?chbAStu8scH~h%<~`
zn&>om*>`6e5C+3nrnyy;_>@L(Z5LLdX!$Hs>mJ92B0YFrWYlmtkRkMt4h8pW7Io0(
z6&+QDQ5-W*L19I_)E?Rld&3VXaLBZaEyfS5;ueVRIUB#N*C_E0lp=V@<>j`L+N!q^
zUr6kPPs}s~#>tx+;U%vs@?1ICtm>!fxFiXL#*O^k)*ChC!e&+5xRRjTw{c76P2M0|
zdT?eA7r~q*=vI`PIxD{C>Ibx0hCr)hn_iV_UNBXMr=z1eaLJF6(o<gRIC3TFbFV${
z^8lt5dzYOp;=WwcyyT$5bhPToeq7dfxcw#xPv3h+C29b2)U}Q?Gc2$Yc3EPU7*ELY
zOdR9&9=}lR=TJ%qeFM%{e1`!nz4e%=0av;&HaGg!14u+W9LM>RjNnT$)b)Df7w#KX
zz_ZbzM@r_19rk)Tg+hzXsPpaKmP4vg%@Ll!oW(twqIYrj=EW--v55o<J4-rRi@wPh
zmoMHNW&`|b*#TghXZUjhb5a|bb;ol<E0KKIXpU^J5<J?drwFh&UIjmO+vobKiECv@
zB)Nf>-xh~g?DBX*7n^w+69~={HeZ{u2uaqV`#mo!)+w2>tOo&lmJb&S9?YZzw3+G_
z`@(S{H5>PnC(IZw$M8&dD&m?Fs;Dv}C$~8oPi|f+@UBnEKnv#C&QLs1b**P1DsO2k
zYiI+}%RF2??VRvRs%5#)9<eC1GurVx1+w?7cyZWqREA#6plqq0v^II{x-6(%=bJ1<
z(q$o<+ej=Xe+X@J!moB@m|v`$aAZNPW+xgt81j%ly~?4p%9|<-MN>X@LEpsfseF%o
z)>GBl9;~sU@nb175L)lvFqN#FIIEY<>rE(fDS60O+W=GqHMGlUr=7Cp6#{PkcvGl-
za5{wLof<P4RSh0;V%}{nn{3e#bd$DtyfciD(ziykRzR0P^^hf)C&u&9dHCGo*^Q;W
z9UQfpeT>Z)QVLJP&X_d(i76%CV_$?ixkD+-M*?P<IvJ5(LGF@|Iq%8D?c<aZ;h1OJ
z*z$C&3`1!#g_jg?;b0FV=^Rlo*=(NN(`USP%nMK?O=rzF4$J{nrCx0!hp|O+z<198
z!RQ&vTY)M(ceOz4Duef^7@4t@AG3Hndl*!$D<s%-m#$tkm_~RB=eUmm=;L5dd->Qr
zudplQs$Rsr__WMFUzg3qyG7RMiP(VmqD5r9%+o>2eJXL9l4(bl8n*4(oq7?Aj>DGA
zA{z4LJKwCU0G-!pq1?qMYg!bIrZNR@0&AaL|E1Y5QwixV%tBh2WdmQd6YagH(L=qH
z-5^<8ZHVLt4N2!CO`_U8*S%}@@@A;vJacI!N;E=_Fft0X^!ZHSKvT94Vottp4onFb
z5;4>^DK@^k<v9W_6EtOYL3A)SzjJ$sMkE77X^xB)zrgWM+r_I{jA<JOZp7vYrWEc~
z&_|^4oTU-BU<p<s+Y*J`oV}lI_U?r1g|lh4QqtR}>cCqg8sMU%u}+;8rfCrmZv?~-
zM5zFDoe11!e8}uQPhAmd;gqLC;SWc}t=K}*BK26>V>;Gl=7Czy0l$6S0UP=PM*&%;
z9@d(f&nW|qIry<IQ+w5hn*{Eh#OoChl;OEiw!F1e5sUTUZ4JSugV$Yr#m7fT_r`5Q
z-f*2lyybZTq+o$Tyw&`?L^a-aA=Z``Lb>#a&WjAGOAF$PGhcLk&sGHTZW;PEq75Q~
zx8fWtd68RHpS{Osk6`zuQiz1f%Dp4mdO<W(Y6tm{CQ!@osF68dIJTu;E-dm9(P40@
zG1_Yo+$js09Rx<OSC^+$rt_5EfXZ1|I#qH&Z|@>LZE%b?tan-kT8!MDu9&RA$zAQ%
ztwNi*Z<Kv`sCPE;J?3npuHnh%>=;$0c^X{L>yS|65tI-I5VlJin=OgkTqxSuFfT-%
z-Q<qpz7a>Cgm|k17{o8pChk!RuwH8=#!f-5KK|6~>6d0%``D<2*T^2%RN4fJ+f!C1
z!R8~Z_pYjg#x6VZN%Ou(bO$)}9J(@j&#%CSFbT=aDo#o#?(yQg7j1V<YqV_cE)kXT
zmuI?7uKv;(o}X(Zy&_bNBP(M~%%&Q~eO0-GebZ+#HkiQ?M>%YOr|b_7xyf!D`jllw
zUcE6L7o>8Fp~2W^6R%+7iJ`(>0~|q5=rv{vL4g~b%d1C>rEbD8O@oIR7~Xfe&l#wf
zyUjA}^>G|V3hfy^+7~7Iywzct-(yo!u@~06F|Bg>tS>I{0w{|D&U?AHowAZe(t=A&
zYZ-WlxJIBNIp_^=zr*Nqqy-qAm`;EU&~3QK3Wq$ed$n&9+kBk?8m{pvCZ~cU)CuP0
z>m)4nwmG@Esu{mVH5|g;V&IFJX8_I^J-1hfBX*W$s#3W(0?^M>vVeEkmg|vdK>^Bu
zAgUMzF#5>ccJFW|+a+>F!iK5dLwfB{DmM+*wL|R%Chw>ScFAxMhx~Ryy=GqXF-O>A
zeT{a6r;xG|wS4vRalnpSCK^O4DZf>@b2<u#I%0*(>IB1BF;V11LL3rpiF3`W&gWE5
zFASPJRH50qH_HVQA0S>PSjQW>ruAjEjIe^bCRft{H1tUIv00FwISt*4cjXpzBt>D7
zJCmE1@kBgo*-6&lM%4rAm%8rbuPO($QY*<g)u?yqk!f<o<N%7uxU>?KUMsf}Ikm80
z$nGk(Cz5S?1m{Q^Xwo!VuCyMi6q~8YfEuZd`!hZ@u0=ZWd@||gkF|#V38KlSQ9_q2
z!<T2wU!Fa^I7pSFP7WV?QNcXAcW+X*D#g|&no+`&3YMS4y*@6s*rvxmfO5A=qGV4H
zQ8=&f6&Ke*j5Ztd&A=&*30Mp>7-+$tqTRt1%hGyCJd=5WGF2?skEXS6ZK#UKl<m~b
z6r)PrdA#aE)sMl<*<Q@!FcH&=$ihcrs7>XMkft_P_PvtSZS@-yKtbZeNqcyLapAAq
z{2iK-E0M1RsOPp4V-Y(zgZ3z#+DKxSfxj^q4(G%(cu+P5Ff#1B*IEm?$=VJ?B<iZY
zJ?UZ7M8k<*<VecQ6QUIl1I7{*daG%@R%HVE%%5ezTu1hCEn~d&psDnF3F>P#1cTIU
z8M44mNj*$L`FQd0Rab9CLn5tVB-xTl+$<KIu1P{Z?{e5;ZlHGsTm4?OQ-I)`kmiSD
z!~!9>jp>>mBQgA>=M5JxXozS6B=b99A>v_8pGxns^{Vzr!g-xQ+`JuHZK$!DcU2&>
zC!TO5Pa^CdOS>wt;96IYzgD81f${WvF#gP{9@frY32TQ3J#2Z*R_18g@0@5Pw4{x7
z#9xed`{}SWJ2^hFb$dwt-YIR1`V{A$9R|;;h2y9dm8t}(i|Fq2xscoD>c^0;D&)nM
zBEPzsMyjFr>h9zgjNjy&_BgQ_lt?xi9e1b7S=Hr^HyQ#vK-$I@>gPN=>g0TKKpAJk
zQSL{~H%*H5xJI>)?j$uxL?ywiJ>}fV%_JqCAX|&|J+kKL+hhyt#s`DznPg6)*R_nw
z1Xrg1RtHiFSvAFV!yB28d*q7D8dst)K1CDyp3vIO^mQ(FhSzvYIdxVFXZs`9bK6h^
zB+unp_3V&2*+<b&!O&_R$B~vB2{{LKS_d~ZF7Anz@l>faWk11iys3u++GfdrnI;WD
zENBV_J#_RATNb4VGf=U%lDN`v!lQOPz?^noY`NGzlDs61oPu|Uxo1PVE5xI{PB_%g
z)cgi6kF6AFMan|q3NrNh>ZFs=WJ&pyIZtNWgF1M@Bajm9R!jsA7-$+zSOcDq^0-M~
zL5yPJ8`vf-9UOg0dnv_N(ZhtiX<F2Qas*3EgTThJ8F}_d@Tj|E&9nXHwQR0Kr>dk|
z3)-d<^a`Ohq2xaA=67VG6YpWc`{|U?dwx|nPeC)~YH6hAAtR=X)oWjiq&qBteZR|X
zl7aCT;-x%24I#wn&-T5y;>(lD_ex6affuR-adFETh?-dt`yMku?OTV_h^tq+4E?ln
zn(9h`tIf>btBjIRiE~vPv3kO<h7<v>-`r^T@dJ2jrgLx<76otaY_({^4;2>#^7$F=
z@^f&Xkhf<vqJkxAys3Bdm?6)zgGbWAcbPOK@ZqvTyLg&4Yk&im)JyW#IuSXbl2({~
z(EI?Oz8ZZ*NgnsK9xTA3kdoaQyBs_!MPM9m+;XF*QeH!JnEJp^x<!W#%!H=jK6)ta
zB9X5g{0*J)GmCtih46yU=M2-$yVngD{7H$;x=J5v4h_}d%8G%UdTZq_!fSI`e)q)b
zByds$%vvk<(l6cvaH7`D>?ldYD>ZFcdqJMF4}nUNoLfyB8ScGAyDWA9dcj*yNoDZM
zG=(qIg3mgAF@@=I>&WZ2$5n403ba>x%elj5`H<WWK8u%OfLr?r1cF>|e3@wD;Y4)!
zB+uCz<T6`jdEZUYa~e-GQ%I7y=BqLKOEpJo<TB6QRVUcQK3}-kin-P`l*{n|EoZ?*
zuUbr4{6QehG}%4$H^<(%I69bdZ<YuSje-0@w!JgUp)jl21AJ{SI$>iQF`KV;Pl*q%
zs^#$ks~yCeNlle!S7&>@Y2CgIx+hy>6p7UV^z_7X9^DmdgGk3?q<ODTkwBt(q;^V|
z#lg~gX$2@6B)IExd;49W`4-?PWS6AT$W+$og=k>n1;_HF6?>+6W9>RZp$Vb41dz!q
zcanE|V(PdGH;FEo=-YTN<n?4~ML!yFY1@n1osjS++?&t+-uUi5qlbj*B>~w3{T?`K
za1i2nZ*JPNEw{Q@9S(}|S8hvg?QZ+1R4)&Op_E&m#H(Jgm$_VZhIrGKr)yns8_$Q%
zP5E8(WO3Rs3IobIF;OEcz%no60LYX>S8-F=d$J3wsQYMaqf)A1+^-6xc*G*+gq4<s
zd7k_0re+toS}A^t&lw9wP$1qAYZ>x}s_5b=kv+yW1;LSy7P1GUI$$yf89Tcp<Ll;$
zH~Vs^LrKAV(NrYYG@6}PO#?V7jwoNT5YLhaXX<-%aVmY6k0K95H)?s+*0#!Av!5_F
zKw3~Sp{;Dv3SLcEbbISEoJ47=%3-ap9^LWau#-S7vlv}V*+T;>SH$%mQww-DqEcxE
zs^-YgE~kp^)N@T}-GW?`1PIO-;Ko)dPd`=jFV*nXkRzV%Q0W2RJrBv=9jiT`9+oX6
zw7_Z%PB;f8(7NkaL5@xJzzfqTdI20UW*(?+JoD`77Rc~)S^|6S0Hr-sE4QJ+IXZv2
z)_IBUTjM?Vg0_6s%yjg`_>2@Kt4b!HM1+8`!WGUFi{~eVRp=Ta2=nC4E2cf8HQ@ba
z1SoOW_Nltzkr&BXxRG?e8)Q41q~drK*OCCsu8Fb1DrHWEXj;y!lA#CwLhRm%2-0cq
zah|LPB6zX-BW(o1T@;Ka1i>foa5E|AMLt@|xp@Gj!zG%;;SZw83SMH!ouqY=t)TNh
zqKYzq&D^};Os5)B<1wP_wGb6#5itG2VeK6K1w996SZsa>n`&8S<kGhUEfDWz&>G*K
zzr57a9?fTzdG~Z$oPePouL~i$>_)25lL6Gu>tOS87^^Vz&XY-A8+4VLtAIB<V^_{*
z2Vkp^7YfzD>9}TToI|3FHx=WU+iv=JG-#Q{!5Xp`f-hnU>@ESDCQZ-=sr^CN8z%7=
zMzjqrNpleI0Jq{Kb!fq)bJN>0HL5*=^$n~@J4$GP9TuEp<>uPsBEH-=5#c<tFSgi;
znsatj8Hjw0o|}rs^S+g-kk_~q@ovIEI-{cvR_6drUeJY#I#r{-8ka!q2toAF%IhZ+
z&%BTpK*@LSZ6a=fUl50Pz(Z~k4Nt9T9lvqU;xQ6H)myQRM$k(&R*c4x*Y#$_)Ip8u
zQl6KnyjmM*aB@mOiM8T;WUskv(VpBZuuK5p9%(z%7yf!ygmWTDukUa$o4vx!+DNs1
zzFaf?bZvK{E72kWVw<)_z|G#w17WjHL|YxvSk;nKZmm{!z+RGcChp}V9Wg0Sy+YWW
zcY_hMGqc;YwT1%I;ioUBA3fU>tH2kQ>1lt-h9Ef!fDWkd;gWkkk;zVDQbcWQ$a4jS
z#8jcY$E~B4EWj(Rj>qvbnX6nQ!uo)i;oXLyB2wF<CY@bjSIIe*;5tiTEs5|=1k&3g
zh<z}xGRdPHRj?=mb+?OswRrTrcOTlZ+M}XsR~hp=pl8!*xZD1WP)6;dtcjT(3B?sU
zAUT~`7x>I8j-Z6%6hSmWdo=>LZsGp46{?JVbsi#(Z5G)<w$QO(ndt?MM|;Rv;UW9c
z??#GkZj)c;F0>1n3Qy;AzP47b7erRNCQ$rP+(%T@HkSl;G<W>MZ6p;L4$?Z3hi#UM
z;3+&GeiQm&or52i<vVMa_afY|@+lw~Km-UXPuNc>#{oz()d=Fq?!BHoL{A^`TMN8|
zYaUMObfv(@05>8a_y)SSIoVAJx8>D)!&gHir-tv~@LuC;l7}=emFTzzaOdpX1J2_f
zytkfZZaV94@I5rx7wG!p1l+~*JsBqE_DT16BbYYYIg-SPQ~4@n_f^QfqHUd0Ay-dF
z@w*&*ff3Etk0z1>EeEt`3_0xix~LayX;}gZEegtWavdbf($rK>t;$Lc@dhzclC@)h
zR&!x6rIEpJr5#o-d<L#t0?M2oxC)f(LL(*g(QSc5l8Yh!67!<DMB6y-IYSP<N7Ay+
zZwEc(w0qd<=tg}Eys-!X6a1OkPw1e^4qS5hlFj)`wn{0rlI@r8E|(f(#?drs&!nLz
z;2FuVbaWX&WB@c2bXroVWk{|%X{1h_vuazZGbfIMXRG4b-T}z-ee|Z}sFk_Qi-vs`
z6Fl=T+v?dNj`}lDo)?daG9Psc(CRhJx@g$O%%K#EvQI=073>q0cLRpPIvy{(0ymwX
zuc_BDt2riBE=Oyht$5rz6t&(HCC?DEZoB|GP+a~IKSVq<-g3hYdf3*RMpY;8!bwSI
zkidJN$u6J7+ntMdMu6B^PL9BlrrUS{LO${`X+b>d0+=Dd3J$0R6B8$ro9p4tJ@XXy
z=27Y8ty;6<3)#q}$kz*Klspdo3`Rq(j%;R%0#rn`s2_pcCN8<*sgcf&UrB9XL_b_J
zMX3XYeD7Y)MPj=Sfi!XGTx#$<ehuPhM@SP3qN75>7IV<t=)cNgV8*3$T*FjRHJLH?
zNbzfxDKngja3fa|){?<~_*j(bt#WL*M)E7&&MSD}VFMfib`Pvg&0PTbY`O@qxow3O
zPd6k1?ILp?N8KVsj#qb2;_{^_KC~JugQp1rA*h@dX~`jUNrIG8P6`l=TnjD0N!I=H
zK*P`{x2Kkm-^5GI<;9F5PxjN0_g43M3rz^de3MZCEUeHM<8^q8amsr!<Q9|q7{<32
z%;*Wn3Z7wIh}HzG@gu1Tq|5TwhXPfzGb|GJ8k|!%wAM0Td8NP`A(S#hK>$meN83Ay
zCh!hVAd*f^pol43-%!ePd*fa6^1&epm>=YHy1{gSHuPE7B8D}-hE}<8Hmnxf0UL*a
z_SbjCU$zB(*#>(_nk{M%)uywvTp=FqDAK9iag@Vl<f^dBiZFF4fyo@U<O*LUPdQjE
zNr3^px0gh(W~6Xl2e&Q;L<5x)3>Vf*?YJG{F)$7V{!6z6U|OXodB^-f>8&s<ii+Ti
zy|{9&bBr*c?MU@u2U@#lk36Nv@)+gy5WILkJ;8R+)@Ap?lU?n)o@;RR>pO0QFl^>+
zR6Qc;;ex{^W#i{4eOC7@-rMQt{SsN83+*c+Xc-}Wqt;Got8|Sq#2xjh5z<qOrY=DO
z!#ZrXl@f$Sle9}jgf*EkGC*pE67Kc}M_-DP_({gq$P+S6)MqT~fjA;5%a+`a5fjOe
z6_KOf9YMtw6RBdV6`RXF?{0o)<#yuC<IAd2aDb54NCt(Brh#upv`p(}wsX*)vB<k>
z>4#}azTqbhPtmaI`Yd`8T(KMa9zQ2~5yH9%(DJB~RsbK8hUo&enLmuT&97~rT+`fX
z7P7yyl9dqYz_YWgE}_In3D2)Lo?Ej%S<Lr>>sCBQJ4A6nx(K02Moj7&Nbni2FpkkQ
zHNW+1!3&>C)|whiZrvL*SzPI?;P!<l3^&Jvo0fa)6dvNG=t=JRu&U$Mik>3@sL)8!
z=C!8BIVb|1$#dfEJ?`m#YmZ{u&pO@&UwEZ-2~PPb%1E$jJ*rv)M4Z{OY^})lKGi;}
z_k4+@W+#V}S`M0m(ZP4EhK5#R(g2}XRrItFZzV_sd?iVBq4mH*-s`YyxDt_AP>Yuv
zb#>cb$MX=`{AHgGtU+WVGC$G*A4XZr>vS-Z*(UafZ^LQ!LpKHZoZRXr-W$BJItk9U
z<0oV`jW#}#QocO+CUoeO*9^021XI#;(->>JYo^ewdJ}~BZ4JQdo6U8z?&Qf}1t~QR
z42<!D_s(pdb0?t0YplO~;}`pIJ8vAce8pZKbLK!9@*AhCHj)l~`rfFiN)n<5$L?T_
zyyyO+3y$&5V!0&kpkC5VPUoD^*t5uZk^@g{O~vm>o>xRhyiMK6n~tQy$td-Uj%PO0
z*qL?q9zz81TZph@)~U+PLQVlAg5IZlh=Ak^Su<}^FMNpcEgRE1jdAdMEi9XrAt<OJ
z^?Y#Ir8zo{EfLFKXEAwb-;*K}4(RH3(IT>jszTgFgnb6W72~VC%CcC!_<VEG5&env
zQ_7_@3I^NTyXQHSeaVAH@CL2oJ+=teebKyJ)vVT5N)MQt%M2PVBCrl6&J*WwUg9J4
zWX869N1^?=(4MB!VM72&*M(84R<VvvBXJeK-sv8&i?)c@u}>xOW#uWmL=O`)(Hk%Z
zkN_2NWZPBr^Hyhg_3XV&eQ(a}_>7+l?aFJ?OXVTKhG@^}h}?ano%lLiT9fN{9kFyP
zxQOGjpwMNy@1c?pa4?}>(K8RUfk+c^Qkn(G$1;`+q}6Tly!utci;WgYrSnV6EXieF
zuSmR3D3#gw<YbJlYdZj;5(60ec}YE6Jb1n1p$OWKgjHWkwx_VIY_L7way7RudX|){
zk}x*?_LvRvk<?%fPjOaZqfN!-Qrqk`^@3;OTB)n>#nUIUEs#~|iP<b26LQ#~8taa9
z58vpUYCD@|7}_+P_KQPtJbwA<n}7Kh0Ok>K^ZH47ULAvK*RN0>_*4$AO&ZCyXWTCZ
zFDv+>eD<s(Tbxp+dO{p6uWYc`PoDuVMpI?-++#cT;nY!hfUoHtZYbhN$X52V{!6&P
z$I+afw2Mi~nwmk&@5x%@WSp~8lLcOd+T(o>5a}(0#3{TgZl>Zp5$EnT35AjzIaRw%
z;YpY5l-n8!@Vm9dtpUl2<+=3s@d+xsU{!6zm}SF9x_D}DQ*9?@RNLXn0$Ub1iY*d(
zaX~zY!$=_Ty|r32_og#@Y^}`2FF4*i&3uc{Sdrm8NT~y@zT{vodx>~x55-}$4Lf{v
z^}2dabVg*{TqUPo$Xei=9NkFXj^~MEOE2&Wu}=Z)IvQxx;FwEor;tFWT^nF<P6M>v
z{BGhEJU)NWAm?J33hLvQl+C0;v#oUe(9dsm?rA`?!?NEpXt{J;Po9Wp1H&B(AeJ^}
zqrcoqD}WmIMJ)?62(JuADmExvI|fvONT7ogm!@bDF6r~EG+$d;LuLz#m2hCKT&jK)
z;;WK&mPwHmP1|0NR|spK0-lM~FzuW|!2rvP;W~ZW4H5hn8p#z7T2#ft(izr;L!0-_
z0oT)Bze=W=6p7IX)zsU@5<qbM=ulWn2nrmuvR!yJjFbE-q!@Seun%yq-g=a~;t@zA
zz+8jA9)I!PgVO}KdKLjV&}`eZyeSiEM0@ydS#;qcSPr6vl3b{}@)g5aDZ7O{=}vup
zGpeA1m;F3?*_EqbJtwd?#v_k)l_MPRs-`5Mad^UCZ5m%{l3rf&ij_*OyN*Z-E76y5
zs9(Y<Bgl5TK0#@MwZ6)PgmQ-fR#d)cJQ~<jqXM3p)#w-(+0G?Yd5s0P)-(0XkAgQ~
zdjPj;j88q(gpilq>f8H>w<S65rX&(;G$|+(_Ale)e7g-(hLp2r^03%Lx)8TxM&RCb
z7cPp@p)({jhNcTT)>3Hz;w<ND6L8Cy51xoL{4#^Ji?FJhbSSGS4_ENLQZPB^bgJxZ
z8#C;;)y9*Q*o{G0uL(9{$yMQDoskT9F$3K5y1j&Rgmb#V<!YqqSb};KVk~8ckK}>)
zYvx3E(358qTJN6FD&`!yIKn(KadIAtT!lM!7LT_Bws~X(<OHaFAxqv-!*P(~P;SX>
zh!#6BV$9BO9dV*jsZR{>rCmm54CKQ%%&oO{2O0tjYK~U7We+#+oS+@aR22DMW4@QQ
zATT{EdLylujmb|?mQFga3Ls6U=u!|_GJ=7n{0vhgeD#*Cht-5*g?*c^_%*#XlVFyr
zr^(D$(1BC$A{`HbeF^&>RljAjRD_syzJX0I0PP*~0k5(aHQ!~xEh>8lJ*3Zz+VJtt
z*-uj4qBo*v%e8|<We|?%_+Cjc5@v1ATkX(=rZJs(#gE>!ca3W#I$~!jxh!-ZH4s`*
zn#B24fL*dI6`4MNr}<pADB@BY46?1T44=A;vT$BSF1tYPR%!y%krW2dp!W%A?ChFB
zC)H!BH;=$;wr&KRsIU_{g!F+nC>9lOs}bjuajhpLz+-XDn^u?}r2T>baPtVzhn+zH
zRs?{JvOpx>z1#&7XtJ%Tw_6e-GdA{S(vc?I?^wQ!BmOdOScPlJz2aUOV$%QtN|>j2
zi?QK|IwS;T%Hy+V)P}v8WhD9hHD4c(&t{5U=j#R0dq|<U-52G0$l+KiwWC>5%;Aft
z?bO=2dX4NX_1g0<<?d7pVj&%rfEFRbw)vP6I2JNYg_RUUx6UdknHMzk4WenFLdw?Z
z6Pr;9tY_~c_#wh6L?uf7h%nbEw0@2y9HfR1fUS{SccMklpP43H1QMUG$BXvOF|$d2
z@4U^mwyaR=b@KAz>%Dlz^mLro4SHT{u-sVrL8p-Au2ia)$s1Umc3#eI8$oq#npoSH
z539f)-oPHaA9gOKcZz#4IjAqh>eJ8zDZ{#{@i<<a&Za5{ju);zx8@wz>IEU~t!s5N
zKVLV}8|%qK@y2`dUP3-H^XMeQ(~?~@#GG10Le=dvt%2&mx)2*Kg>hzv+U(A*UTQLv
z98BV8clpYuZ>cz;YnHqqmivK@<9pi~LXI#*jgM+t9s1hVxK4s&ZRF7;ai(Dr6^m&n
z`!-&Y@}O8kZ#zD-oJNwPD6+l-WmxE0k9lrV#<7f)0vQ+yF0QFmZtl(5o7qjy)MgQb
zBpcD1)Od;l-2(512~GlFS|ExYC56l5mEY6CTQU$zY1KzOwz>X7Yzps`Ou)<R5{!-#
zu=yCY^!8d#gu0$@f?m^9Y6g=Zhr_so2`)<{j#SiJeHLhkW<l_f+uSLyABERj!bR^!
z($#>J;M+^cGNPrzoxvt<*h2J+MqLi&(Pzzdt*%nB6wo|n*n*JQtMu^EO&e2pNlR5#
z?)9x+$T74lhVp$X_vlMGq=^^o?hhn8bXAV(V6o7fq62PY40%T4RPcn#y&eEnK&roh
zx482YVF%Ssy5>eeMDM_RB%(x|!Z53QGu26<dw2!#7*7iDwy%-3rbw_}O^%56&|l6$
zzcX@9eZ!h22DZJSBQt^wk+2GAD(j|j8j2?TUfts~$Fk|ehsz{K($c*`S1i^g#<EIl
z=@-@26^QRDks`)v8QwllUE}AfFwhnc%2WE@AsINk3$tb5;K|4#+P+<1YN5zlbT<}-
z*a-Fo8mGf^bCIfJU0=R=!9ZsmIRLlrY7!xOd1edh!7dFBM2{b;Ej@HNIV_y_%4<u`
z-nOGx5R>*QoB(S1D)UtKR7L=Frs9}{OUZz~d{r}2A@Pj;Wf)X8LxL)ANL%xfCRv~f
zk6G%iw5P-L8+(M6)4QTp76PfRg&c4Nos4+kH<_R&uhiJ=)Dk;0pC5!gxD`j|P7#{z
zh7~R@0DEh8$4~I)TFzQm59P&^#uakkF0p<y3PdyD!bKOZOF`FpIlzROTWo2S@;V%6
zZ=<i|b;xD{W!vEliY%L!8tV)lYEatJ=+0TJg#>Xz1x9U=dD5!n8D3&%JGPAM6+SPV
zdBzuB;a!r*6FNa02Nyj|E}CR=L16M86b9+cLQNggORw!JEv;u^Gai+^*+#xvq8gee
zlwiAs3E>FC0!8X{q!H7KXm!PM`#`hGJ;KzV&tTm{3uK^P;v)|^1Acrtn8VYq2lpU$
z11>MSZH*er(8yynWElW1r$IasW1_icBOA_(rE}QZyoS^jK_-$+9lD$xKp+B{K);-0
z_;St-6UI{RX}?LF>lMo$&vJHaGQOPmv>Kmnjoz_}m#{TXUzW<jvrO@OvWJ>?oV8|^
zil^eFXSM2BQaX~j>EN=I8$Hqo5$NXm5KA~xNAu{xU(&hv3p_UWsmiC%B{=L1E%<TV
zOULdQG}cbCN8sv^(97A~NI<x_mk)CpHcb*BHe{0I;-HV^cMN;6#PY~tTS;DB<M@ox
z1{P;cUl%d7?iH_7#N*my1r0Jz{bg#-HSI{H=z+&{LyTE@T_jLCZ(ns{JOa-hRs=lu
zMlf^5XcRto@OanI%%DnHzzAAolyQSzZuB;L%5yMaMtnn%tA}3(MO;0_Nz=0hi-h&3
zD5c%2tI_+`i2JE1wvht@KF(Qg=0YF5URUyX2=f3#GM-l9(rf4opUYuf1+W$E06CfR
zX?!KRsQp+NS^Hs!t17uYEjf8c>I-+v`lhz%-sB;?A-<44sf6SSZuL<teHhQf6!$RU
zi0Tcau3BE8X0jQP+3^a_OP>pj2jCzHo#*{D`4P(611pZq(6G|m+TG^kle1IhMuI!C
z_L)v1;@)I?Z;A#JoBX`tLDGX4H6X}2>fjD?C5U)}oCtf{d`z;~fd#v7>dv71^s%lU
zE5nqd^CbC=w>}gtaw6rx#vm$JB6vry-5_b)x8zPz<AD<-k7Fv$c=J8Sd(!BD^qvCZ
z^cjx$pxSv$)x4F1BXa>8a5=z&DcU4g;DF3pk~ha1OzxYmbdhC#t>9$DXzFvTXlo?w
zG^a!+@Q{rqD8+8xySo{Grov6sp-h|*sg!cadR@JEl=CT_e@V9i#dmu=ELLrXc*mJW
z^stj8Pm7j7&+A-b+{DWxt>^u?Et2O0I_a-+<WyfJV#?_$9zDI0^O4uG9*6$&^|qpv
zKwGQhn!Q1YJLABTZXyb8`O7+j^Xv3#CgauKkQVXllfAXm<afnZ`I2*s^QueU)JYu?
zt8fz2T;o0T<RlH^l_QhL>d^6u7HC74lC*x=OVyB*hx?*+_r{{nW9VMGQye;I#GC`E
z(veFjY^j=xf{I-B2$+zME3rMLm$_lEB7tb?c5Zo`;n;R`xD1I4c$6<2)?=`hc1*CM
z&>TgM(&z|f1(zdv#pRfZ+QiNSa~Oax6@5~LD_<|SrYUj|S2Sdm7q#|mly@Id;yy^i
ze9!1bP|m(!ViIxzc`_-t#|LaZ5x#9XZqw#GX=5UF6(grT9lJu6D1BvzOpz$(2d#GD
zqs!dYUWqy|H>qQE)tJojDEFGiQ_&qc#Kz0m7dl~H34~O;xs)~m$XiYVe*7Nl7+=Rv
zS~JPw*Ztld6(9Gyfa|bT4?b!rSPXs41=y$SHTf2FNzq3XxJrP5jTzsSuxeBpvjLAs
zOM%XAiVrWv>0ES>ruHUMSg1{_ia!;;nRm(@@LqB#Ml6@!vxTdNwF1WWOpz!A#RNiF
z4G;iy<YLnx1`Z|25){VC^B5goyv@8MGr$Ur$z$TWsdo~2Pz(df9sr;n?!h(3K(5%P
zD#FOQ`Y;7<91d1m9{`mC=U`T-b3<_Tlv9H++~`UWXA9oD)=4nVwi%nmbW44&QMYFe
zRT;wsog5y#pofoO;}Vr0)R%RlpVk@qtkRgcr~ov#Su(jI^*Hc7=ywS7^olTAIwA9c
zk!E4Q%Dp3t1$%GI)<~_<YRQIB1u~Kc_t7bblIioQoD2hM>wNG?V+R?Ki|+M#dGKbt
z2>+$s!SbQ=ytiI*o>`6d3V0RkiV5~{4$;2#?1!EMIzj6tb8}p9<S2F>YojbICuHp)
z6BqK7wE9WV>ma&@SQ`qqc}#VIE4=skO2W;6&j$KwN5*5jmk~g=7!+WSsYo8y;3TNd
z<L$;Pfp%$9oK!i^i>8i^XD0Vz^wGY#MncW1>h>8@hjVaDa@4A6R90c=y=8a2UfK~W
zcA`aO#gbL#mrJwKolHvNqh5eQAi)*FmWEuA&n)MKACp8p@w0o+MOOKc&V6DjAXZ;k
z_C3x%3w@L~D~9Oej$F>iMq54bwmQ`CUbu9`bXL&qFwBPKYbKfJQ_a5fxC!W);m##r
zxW~h?%F>%rq~R=`elh%3b&Ma_re{2f9D56)vhI=-7>Bgl%F-|$LDH*oa&HSCwLw75
z9n*s@)Y1-7%T$^P3XVL4)LYeVfuiU`kEs$uHp_@<mX2pGI_o0+;HB)g7)?SKocND1
z!$cV`2rv{(VC}}jcq?+Y&KL^Vs1Z{_Rd)}W$l!=Z$xmLQud+RDoNkCS4(k%ln#hwt
z+Xm|=b?XC+15nQb)Q-kwLF~~88MI<c&^frzPC}Py6*(yfrDAQ6L3)o}4Cx6@5rLV$
zI>uy`?e=oBYkBx0NQOliw;^D*NQqo|VxLeP9KC{oKw99ckP|JedG9$Y;)K22$9CQH
zsOt{kOFQK+?ewu9QLGity)uI~6Xq3EU2t@POKfd-)R;1E(`DKUf0tcknxhGWmsSGv
z_LW|bMQn$$K@g;6?XV5G-?_gf?j&qG2h@sJ6%`BSH5CSLsLZhxb^r1XJ>H#jK;@pX
zy@2d&lws<f3W%n=HxG(PAm7C-;#vg1ip-Q2W3#7Au_AHt5T&4jB1d!FEF2j8^*cgr
zAMIVyT$O`Tfo_(HIpL=)>K3P@?Awl47wY0qocb8_l^lRA7H~#&5pno?XwVqy`+%Vx
z{Agk;>G>MR!>+u%3D$rllflHsrZ~g$>F(_24dHhO5&(=gwydpu#VlNJrYxZvuv`*y
zyXJz7cCRMgaVTreaykwzNn2o6dG;`e5+W_O<D!*4L>O*FHy+cQvAMURI;g%R3gho7
zn#HqYopZ~kxVW0#z?ktNR=UP1gC(m7+9!w4lqIfF%JimR>qNiPiQswwOz%**^osnP
zCG$<YJeyS-$2NbYRp;rkFWOb^h15Q*=aoa+H{9c@<wnC~+iT&WzN#wjFOcv7Rtqgy
z=aNxrKYIn(ygf{3GOvfFs0;BST4WsIdAD<eKXqZ7?Cuc_7d9&fwQ`jLQg3{!^Q0xl
znzvSXp>6B=bA{c$+XtSshAy7H3cH--;dgf}U<ZJBY=v4KqoE<vzSMT5e7qa;yT6NY
z+okS;D|4tjb7&@c`@&6MwyOG_fm1qrjV$iN)sn?E!?Rq%KyS>+M{Dlm;Y8c>fFfHI
z7$2oN<_<sh(uYYM-G?#AT?i)z`^qlv0TwW>RsePbSWh8IPV~)Lx<~HkbZ7MC9T$?_
ztjyYbiR#c~0Z*Tjt-fr}cUWv-6Hc9*B(5S8b?E1jx57xqPL+TQ?ko~qYWP4CNIFtl
zN-thPz7V2mH{)lu(!@`@?g8{#mKs|;zP^5tn|b<|c%mlWtH5Ob`e4wLn)&KN9;k?6
z_4ON!*=_QJQBf}RBC^uSty~qK0hMFq<-0r+9Rw%1ecp;`YISr2O-!3_Be=U&P_IwD
z#st~lTTo1u7c^+nrCV;#c$P`+!Sb46TYwm7m5l9s$``EV35u*F7z4F>Mg>H`f=8{b
zE4_q9N{`<1wd2$sYD_2aW4CcXpeku1eti89_$j;;WO&MDO?_x_hmRP02Ldst_d)Ym
z*={~w2yWLBqD}V$Bn^JowC}vJ9Zg<yB9t@djJZ0C&2=CIv$%s6HKHU4)hH_JFZR`_
z0V|UUQ8{<@Y9$`}Sk^Z1T1oMX3R-=YZ)?^tbG@au9Xr4t7;SQ_OUaWLO{|p6%IwGU
zl<=uO-))2=vV;t?daS?^X_m1eh{PrG7?$H=s2~*_9OcauD{(pMV0ht$ROMi64<<#l
z-=OF?uQb$BE6Kh~Bgqz(Sg^<L!OmoeX~2m>fNgYqLo3|5Z1S+d+6Hf`6`6IPs4Ch|
zQ!A2`+nvUh+Zz(LWAK9w9F?{lSbchJ<CRzWM93tw2bStGH}0%VAeW$>d{ix7+K|bt
zJI$777yxyYRlrGB^59y<$Z};#OgHngTP=bMx9QNXZi$i~t_7AoTq*2(FUVj6>K#d@
zd6Dl;1!xwHh{A+vrr&UiLQ>2kHCsLfd{`xi=QoD=C7#2Vc;Kvf0NQultz0J5Ax3U1
z371(7(ouIFL+>Vl<`K6=z$^Ca^7G>Yyth14>`&qi$pOG~)$o&?wac6hMY(B#d1Nk|
zg2Um#%Tk$d+Q62G)xDL$OT7^PGH(P-Z$YP77#NRn%;r!XLcEK&{2>Ozh<7E8b~l#T
zo{j3j1Y3c6kS~yPQqbr<MX0sz=^;cLiJfEh<KBC3mTHA^ZWBaLT!HQUYF^FFjyOGQ
z?h{4=VE25p4{+q3wms?RHseAep%57gG0))iZTq5fAjWB^x?4Z*hzl;Fc)dcq^f*)U
zL<+WEUU^C4kiVMsd*X1CgCRIxJLQjeyRuz7jrd6k2?hjCu(D-WbzzCjO{6?*?NBXt
zyuHL1+Q)RYPigxY-W9Os9TqqYTQxZy56G*0(3AjAc@g)VZtt2QbPmt65TaP#Lq$x_
zb}pZTvI-8Nlx&9rle()z1(orYWIHo#xbU~YGK|1w>nlXMH8GYm&u!L)=16yA^6eV5
zEkU_ivRK%xKNWUW2GV>E_dpGV9_>6kMqor9aZo92V`kint^+6sdyk|TT(Fqoy-Qvd
zWJkq<S!firQh)G^gl)bC;4)Te_KPA@ZGPP=_IzXabYkErbh@S(r=A4yHkPpx2{M@p
zsRwxK+gc=s-sS@eBca#cHp|5<4+fpEhM)d!`<}=(u)VPwp0_#=Hd)@@Z1xLXn1**2
zdIkn@h#myzX*xVElT<QIp`7l-RiT+4wEV7fLfD{Z)`j02>8$5WtiQ}VE#A(VnI4VV
z(cOfB-66v7`Zz9_=n&(*(eBlm!%y@4^HuBZ=gv_`u)5F@8Y!-tCxPh{6?E_QL~=e1
z4Y5S_=D_ERODAoLkvg)owGom%j@w=pZ54f;YChn&8B3BT^I{5k(T7cfpx4POc#Vkh
zh^LH%wVqJI@?Yu&u(?i`q~B|<<>}BqRBx5Nd9x~48#Fheg<TQ%o;aQ;E>Om}7{j$u
zh>_mY3)L4CqD8HUMC>>=`HWO);Ha2ti;3LLs$BBrl~Aiky-5>&Rzl@ifliyE;jq+@
zH!x(%JkaA>W^nb6??}<_0N~D?6-1b0F}t1-9=wEAxqfDc9!|WVg>O^S!lrFKJr9(@
zB!h|5AXv03m6~4(9wW=>35%kHnis?!W>^)*aWbYqEm(yBMN6uRimbBXQZr+ZJM4bC
zdgtU-WJNloNG$nI{P~OHy~JjDqazzd^@448Nd`b?*|h4}2*|Y@WJ6Zid5M;bTlyVs
zDfT;m5{?AL8XH|L*YNU|&S)13(azDgyx!}P=Xp5}*kv+Ybb?|&N}gzdbD|X$Rfmud
zX2Ii??&}<0Qf_gI!j^tgFR@&r(w3tsI^Kn^#@5z(K%6`Y(djd_7F^0}4usbrl-Zas
z1}Gq&zigl^CxYd0aic(;(b>${cVcXk?-k6p#*yk_MZlb0oXci9T@vZkR4@fqV827+
z@=ARDvK9h-g-UJH@Zl=v)e%s<RP1^x!6>^PKb}*RoJdA-b`)uHgr$_mF_P~M=4^B>
zzly%O<bISssEC^4yU+NsKh?LvfPF{~ldJ+Hdxh}u#qzof3_gm(iaJ?LZ;&C_(6>&!
zxsWHW`eZN$A2H9DdZAzHm5(SJh44PS5?=D_G=AqiKK<AOyF|H_3;e7M_33PlawqQ8
zRNA%lTL$3h4X3K~wgrO+kM})%&Kj~YYg&T9M_0}AWV?2&->W7&ibFp=vUQ+Wa8-Ju
zum5!K>L&|<$m_)8a=_~{c~b?;lJ^c3j3Ys=Dd+qSPr#-hFd>h*v@BRy)9IPonC9Ch
z>RK2?J~{74Rp*l~AQ12z7ZsEn01q9EJO-x3wIR}F&&ck@tD!x-ke)^}TYOghW)+4>
zT24k?hTq6(AhGyOzT@oeX#(OdTRnaZ*Qf8jE{aNYz)XjR^Cb2pd?1xdqqOQVA`>86
z@SeK)>w0vik|Og!(TqDD^Sbnt^9p7rI5se-#~tet+T=JMuo5^@(tGe&-?*+jAqLvo
zl%3S@Jr$K27ulOBm*}u2(2;xo)EVxc>#KN+mWe@*1eB-SP*^hE)&LXJ;7!xrxs1DX
z<tu^7nUix=<ky7nf!eTKc=2{s(PN2+67GKfsOPYTUAerBV3`ObiJ<K^Pa8%P8##{-
zfq>9kCE4V;rlGl?)lH#MAvwm;n2!ztJf{enxEBJ@d??Gjxa>D#j|UO%219Kj{L~%?
z=>ssHdygOY)9ttgwe_`N3&y~EB26R8mt3WR1~e^lyxRT-o87XC91n=qkrTI8Ne|>e
z2O^(gUhx{M%5$UhS4;vSzy)GcRtK6l9r#WyHWx2>f~Dd$SAng;u^+P4sCpq`fuxzG
z=(D~hPO3(c4y$+%>g_9MKlMm}EWALyM|j&Hrf;ToRP?Q7=IeYA+1pj%&a*9!BI4tB
zM(YG0?iujs3wOk`Rprw8F|9)H?LI6_-s~v|IwYEF^#=iFxr6ss$WP2&VmFq1uQ-i-
zgY^*yS*b}6A7?wC^3<E`TNh}YK{w_$?(Lqq<!M3&7X&{B-YgwI7Aj$;WShSyKCNpg
zd{g6^-H$3>i?*R#cH>GoH>PEI7jM5vfG6V5&Y;u+o<epsvn~0?>$wu|%X-tk%T3RG
z)hT>CiNQ6lM1>sQNdU2&AA=*@*1UH|V!`{u#5clu*_3oQJ&TZ~hn5uF-mnmxM7l`P
zB($ePYd@7WU9V?ZT#-8APHr$wbc*>Huj3I4)k-_(Da)4Os^Ke~C~@LIm6!fhYUSaG
zN|B+&MN8Y|b^_nxDrsX!+S=W7CsitNE+?xDT~{fScWZB7JYBZEINU@*H$OGZ6Evb^
z69L9h*rv3m=ANhA9LT4<0o8d|d&su&B(>n7DyRtPr5!;USPq-v9gvPy!IZ5r-}dM;
zr|FuQG_f~k=d_x_tc4PCw&w`WotqoDLUgIX`3w{(wT_iX+-Q4dj+I=J!N&Z_67lnO
zTBS}nyg4f-Sd@!tP|PP7<@Y>*s0MVS9_Hh7;e#`|if(zH(~yf3j#KK5wt6oEM_Xa9
zGM`v-Tn(~k*)C1!W_m!F(;8=ZhzAVNt+y9MdB#!tq7#6Vw4jGJQ%mGUPP}op<K*i*
z03WRK(JESNlR!#vO?t{2FJ?8ys+msIuM14~qMrp)bv2O0-2!)_okiSPcH%s~+BDtT
zn?4_+n$*X$QR+e|lm2jLpn|d?CdTPWLLSw~r52!=5h02w?yWU)6Cn#e8>9G=59v!j
zG?AsDmBGdW6lKwp7bfqHQB`o5HGJIwX!;bVFR6Hqj+7^IBybLIcC8qTwgAXqOK#O;
z#7D2xXfu(e1xe5afsf$c69+D!M^ZYQDhlr&$MMK`nbXW;jqX3~TQb(3_u@SYe9KR7
zT8fZR>czk#-4J&=3UrRzdoQoGts;SrpEs=@qsgq?0ha}dma`DP3bcBhfQXKqCtjfK
zC3!K#<~isGNY7ry!Go-_sIj`|(A2aC28wGkR*CqWr5%=Em7zZ~dj!hm@LsGxR8X(J
zd6u=Bo4S*)#j7qP%`5^%>cNegDIgt$@5NC}1>z!Brdm8pp<R+@3V(XZl9ba|ZNSOE
zdCr7auT17P!{SsJr583z2d!wuNrD1VCNF&>1sC;vN%Xm?0WGi#4|_JDM3p&ZYGIjj
z`ja@@W_n!!8-Y@-ugFf<#2KhWEn=)6#4Ai9x+`xuaI%*=f+$1X#uOFL$@Dqc^@UZ+
zuG5*HKdHV{QI?#iCpr?c0~*9)T;e#|tWX66(W4=b_Gm8#XUz}F5h8WC$?zx}3@y^R
z?rH8LFC1{CQz_26yN2b`M7vpXf57y(o0u&tGl|}yPD$qa0_mV-<V<C>;Jwnvtg}}Y
z-42i5Y7x!t#>DdT>XSv@ndX3r>1{e`eKL;{OIvxcZ@{LFHiSEDic;5U%0x`i=rjw4
z1p~#;x&7(AvSNSG3ohEv{KbroU6y8K0bEQq5ahD7vOtqqS%WI}n4F;O{_^k22a1sD
zG#p(#7z~jQEfYpnZQm+hHBA87aY`LuVZtC2`a9>ly{(|l(e0xAw2$EPwTlk3n2Lyq
z`^#D-H5U*_c#jxon=J#c%NvwLz}Azbm3F|fahVPw*F*<yH>ipOxZ&x7m+6n3Oi<i0
zrgMzs-P<?xEH~4_g49!{u(cOFW80d<!u+-8HC|xaU;05gu?QNP0XW@p^5uBSY{Z<Q
z!h1sohGf3cNTQ>!ADekNxW`SIDx$n_+AX*X;3b}i?ZZAE$4F?tLN*|LPBcSv+I%A-
zE7E<Bg>D<<qU+W0LGjS83+}!p+Chhd23kcIeU%=|)ZCgji5Vmc6s63O(fX96_j&-{
z#Z$!xL46XZrrCiM-cG<zPrSN{PVru_tlE>;F5LZ`N5Q5MD?k$)Q;^?8W>Rq1!n<JY
zBZJov{*3H0J1@(n)kxMeI@2;WJkTOq6za6xg+$aiDHvvRiJ)qdgjSz63n_C{ddMu=
zL)wKJ5Q0nfDe^ibB8(No2FE${CVsYz#)G3J6#IgkAz<Y)#4<ufc@XmztB?@gQbYv2
zQwU+A;@qWSJL(yJfK|(sr-mm^<YPM4b<^tx#N<YME(3#$-kS>TCMwIG$ok-csCMk*
zId_T_zkF&2>x!eouLQC+`9)TP5<N{&shV-sq-PD`VfT7zQwj>lOH6@XT~gkpB|}{6
zA>riHY<d-paU|TPYe0N?7sFD!{DOM9Lw)Vp`o(S!JHS~7`99cF<r^MKLxB)pkceJs
zKCp@>m<-<g1XU-Q7!KD2J2|bJgY|?36Ke38i%kQ(Qe@&(b(&y0o(yGHqwTfC-KCJ-
zV=c+7e8&nA8*c$?EhkczY@WFR_JttVGbZ49ZpiXDPCoVXFa7$S`0JV*?rJp9SGYC-
z1$3~wv<q?(W46RA3NJ{WEZc&B8H!z~;}hmY1J*#k*ehjIN_u^k9JfLV$qm^0pl{vC
z%JC{9J?^X<aXJO<f!G40mET&%UZqY*i^%=uAER3J61xg1<>a*aDq@C$gPHiY4h-wQ
z&L+a*+i>)F20=A1TL|Oe##Bo29c|e@O*!`K+Sl8yCJYzkG=<J|A-#Q|?2WWSYn#xa
zcSaoP%sMbLrX<xOqOMGnbkyx(g*+4?)6a?G_0d#D>f5Y14TkLKbi0+lOAMWk2Y2tu
z+s6-|2j?3~NY{evGks`Jl3Mjum*GgTH5Y9dGlo-HVDb@Ext?9YdxWrjD?YtOq7UMx
zw#UZq-5w3j*#fcMh2t<<i*8vVmvyi_b8V{!hxYmzk;x-oe>}lct%G3547O?RIzi_M
zzk}b1v2#L<K?wG_G?Y1k@*7y&GthY4o6y}CTsU|phYM0N@LozUo&)!*wv6rrXz$ya
zQaW!Hc953r;j7&)H5P|wgoAce{@`VJRz<m@BUmxVvnRy>Xks2PW_0EdFLOJId4<CI
z>Y##|o<YYg>}_KN0j{gsDBf~KFTu__8Nb(oCxm-c6j~^Kr{arFq=z<#$ZB$88}5l*
zaR_|zUX{A!%b1!B%_z5{&08Q(YZZL}j;ulbrVn7^!20efo&wfU;$_FC_?Ylh;ODes
zeNSdB$DRnWJ#-6YRdBq@1i8snQ59yN#ap#3Q6PaNe76cGpc}hu1ed0iXG2MkgCwl(
z*#f9V7=+x7K6a?fJGBPqot9c{sJjb|I?yHAFaMr?`3FYVK#yTB0#Pc*=z<z>xglPK
zM4a|DOV@MQRo5=r0*rOgtf&!LeVm1msgxlI-JnK2Z)Zw8+UBU#uID|9Q!Gqo#_e>=
z_u5ZnlCLU9`lv|A$~XK~JxscsZ4-Kb3b@U@vUp1IWII`agL6i6&!(`k{mDCg!p$8|
zbz?=-M`{M>`Kw6aN)ED+kcSnhp`bnCR9Z$sHnjZS1i-ywps|zc42yckw6xSX=fjKo
zl>CY1*0T;q#q$i(@JG|+$;;udSdbwltt0v2yM0kbjc6>dX{EPc!|+HWY7{W-!)P-@
zYCyw%?A8)+8%6ZWP90C1i#4YMsj~7NE(Ua|PC`Ae_dK#XJKykTHz}}o8#dS5MIqR9
zPAvDZw0%*rH!ApG)=z^I(($-Af)kE!u_u^cjEZ2VmxiPq(Y7EE<s@;xtz&YAW-8jp
za-I!VBceFPFshSocSr02v3cq9q@M%6m+ki8wZHVI&Or=XEKJ-3ZOE@WrA}u`i!NDi
zj-^6tu<N};ZFGL&(vn_S0rV6Hq3FrIP+_s|I?7pM>v@J1ISzi?Hv*50h6BC&b?VMR
z)NGIF+&!aNUs{|e-6yiPj@dF}Xw7jPRD(rK@8OmzxgElyj8$vQZuC2ZM~zAa&I0~+
zRNg#4GB7qlIH%=zu(`T5*Lf5=Pa(ona((T|^_u4{y+>!Jdg(<T#oB|16txXBqy5HO
z-w1OPsauXMJJ7<@Hz4I@q0%_fvFig~P{QdWGL%9K3G(Kli|svuHhi6DV+C+2g0HJa
zue&olOaS+V@=QHI8d?Nwi7vnKBF_{x3R<!+0hzx9G~MkB(G*gSb2A}F*4g*wh@-~=
zme3!Z$_5-9NoR}-!_6`%JbJL5Y6^$=qU}h1wvs?WAMR#Q;oX5;yc-dttECW&?P0He
z>7z|soLZ#&e6;22sKJ3bcasg$kB;<D1BWC`Sl%;bOC(iFOMIXLgsDTITZ4}!rXG9a
z$y02JfXO@7P_tE>jO3glPAtx8wS=IWK8Fc!NEhD>EvQ9z#Ym^b6A&p@RE0hV$u(I%
z*XZ&Gi}KbPMh}%|vo=6QLr&W-oT|!(vg>+mHr_grXNUR1nD@H*ymNe6hl?fXpb#<X
zW4fr#HqbcQWw54ta_{IpRi=uXrVyXqe4~5);F?!B18zFCE@gd~5$1VsuMpMCM~65p
z5yQ$GeW=0lTo7Rl$2BSVHM~_Tj7i|_IhzOhDi(D}bfgP~rSKt@u2L?LkK#jH_2_<^
z{R9ghufMJhM200;3d)zq+++!)(<y3P!C{Hurk!wvV}Z^=)N6Q+m>mvAO;7y{2Jt21
zTdKG`Mcro<D=4=_$eK^O;timAV}sqrF}%uPGl@>PDu^4^wk=V5V8_~EEP$KF=-0}D
zm>mpFz9vh^N)Hz**yHU@!R&;wxrMIVOn~0q20eP}J)rh3LUpYkQZpZ^ay$`czopCF
z#PF2UEf!!HQBYs0@SkJBPG*a@0*ZUr1>~h@>`Q}y<O>UDWw7ntdN*L$DkY5-y~EZ~
zFlRciAcaJh>;*DJffY0&bu#nP25DX273Nw2kkF|=ygQDd(N{@`EI@ORk3F)*kM*@*
zB-ZPi*X~b`JM#gSy{F^TLm~~P)F?~*WuVZffjJGO8gCVwG>*(ygE=K>`~igHG62!}
zi)>|nZgtrKt||a7O+76xx5-v9v_hkjR1|5`&wv5<WE5s#2rrf@;Bo`wVH9$Ci>MSZ
zz1}M)8#yF+4=7^*g&v0|Pa!<xzZ3*X$AHk1Qhx#gog)a*^Y|E&9v_NE5ot3W5Lhng
z>ejOq$Wixp%<zsiw%Wof$}vV3<_8V?G`)BhUgE6v8@w8SdI2+a2!)Un(@b^%FJ`SF
z{XH#&l%pixql8%-F_o-++nsCta^8C(gkuh%Cob_`97;)YJKdT%1^0B$1DyvewsoD*
zM8I?dooZf3D<jeUq7TuyP$`HXqErxDDM1x7p|$O7TGwR{LEM@VD4BG=7?jfpSuzCg
zFoq=C@M;24&{01gksuR&0n-=#N?Kf8kf}=dVUTCNaDMU}0LOx+j2T&07TFKwJ#8Gl
z_gKM4klPc6Tu>UV$GzDyuS3#?$y~;nBy(kGe2g<7kTW0DF!=#Ftst|^?m3h-CNstI
zIzpSgS<WIHT3rvhWDC1j+@#i5NUz_su7#a2%jh?ZZ00aSP_)o!j{DNLHQ?Sny5}P@
zo~w+fD9;v@<3=4_3`PCf4C~-3fSeecJDrE9bE=~a!zRvIX#vNS5_XbUJ_GU4$tc<9
zsUv%XLsuN2<WiU?MDsZ1kg>6h*7)jxI_moQ7<2Pznf0TGX2!?&j9=NRa~fp{*XAlm
z@DWUV))TnwtS3fVBC3|v)7I1IVhW}u*O{fHtZu_$^Jp6eQkv=Z+#{Iro}QIakUUa%
zSuC}Y7^}9~Cv@)2$K0><vB`5JXI}YIP~l6##k<RJ((d(gt^NsQ!OPyPJ@<?N-<i|)
z4(>B2jj~!Qs}p?25JZZ(NU%;+t1d@t=}(obulD(^>w8DM`rh4QxGz>q_DQ6;fkldC
zAk?G+D6C7#N$HvCfl%m+iSFf^zZ@)o!xwU!*S3<WP=)a1G}^(qFiGwNHAfSD79D=^
z%q67KcLQ?aFI6g!yoh}BWr<s%zI~6=V0)7^FwL@qfh3&liL|i9fU!Kvw>OS>jIk6q
zYU905ReTmKc$x+2o2}LChA)Bdp=Yv8DzRR9PqeFEUPrRGthNrw2;cxL_}TCySXm0b
zPAcUWGq(9^Po=MqL^qmOFMw*|H20G79=ru0ADDr%CDnVlgh}s&^_qJtYEzQo@w}O{
zI(;Rq=ZRzQ;zSqQptNLhyPB9)@DTwCxMsXJ!GlNGQ3;RZ?eih;nR|lAvmMd)SUkE}
z)OmIzvn}qaRWOV$W{KrZ-Z9a|D6GF5O>h_mQX7m}RnqI81(VRQY3ttB=UkR;8&A^?
zY4LG`ymIK9ey$M6QDjze>W&;DN?WX25yQiY<<QRrPq5y|BgGl1nmjCFz-JE``pG;D
zuuTkmVRM_-Opp#uD7f|(c74e>q@ZIb@m0L_nF}Uu(g=BIJ!CHw9$?tJ%*ed0*+!lq
zRxOa2cWFH%?}5pQE4Dlzjal&H07Weo$dZH`G%Eo(kOjotmkrv)4vuOD1G{GdZi;!}
z4`{Bl!?_mftwP@Q2{~TtlIQLNCS07_Q#0v|>LQ01!VR?oI3gnhiQVQ-S#n5jCHeM5
zxdQD;MW@Ti8p0bulcG+5&9+jq%9Z_e(7znixX7whk)U0`DV|=TsjPqkzXry53S>dM
zJei~q-Wv&U6t{w?T8@F@=x~xDa)zQinP@?g3zPGsrnL-clcD8wV7Ps8`l|AZ;Y}=g
z_bb;0-WQzFu?{LVuU#(Vpv?mn;4cX!9j_eEyOixUa6G7KX~^gd9ZmsAtCS2><3O>O
zX=sjsqkOCxk6js5k+b4n*qRq$_;t8<r*rHX^oxRe>C7CDU-WiTS>Jg+8gz20nn#5z
zyQEogPD*-=4;qW1N0&OLM%8RpnG<(30d;B;UzDp~(^&`Ut7CbxzTL#rN?Ld?>$t#|
zD7pts=eozEeP`Ni;|@ruX8Xz18B!mlR8?AWTNzMSJb9a3`34r|*hgD*paeTfqhp!8
zh(b_A+Iv+>47mFp?>tuyHg0a<NPQm6An3Y?x{5mL+Sc%1-;_x?0bOh9ZtiJV@(Gzu
zYRlSIIC83mlaf54pe(gOeXmE|R(+4?u`<WY^}!`OFFN*jQuu7yk6%DH*@UJBhhdR-
z^b{tsvL`HvJ!G8J#4KU+z=-t?h|`+_Q=LtFvNUep^-KJE&uAO@oV(wS9&iBoJdR}3
zEq&>>(347ZQHn_BuD<?4>v-L~uEaB)?SPy1Wx&)u*ARB&Dl1&?ZKlI))J7-1N1hj5
zDBO9&9ZQcrfeJ44dAlg7NRRBhrkWjPo>JU|<{7f}vS_OnI+1>aic!*DJE<@LGjH-W
z#&8p9&e2G7stS5A95G{c-lYMzLjVYppw^NhJV3EHp!ec=&=uKkOtoRo<2_OpTzs!y
z6OIRRm2NQWA(H!In)1Vb5uvW`I7(j<ntn<6JQ4B<bxQ7B`eL-Qxs7l1OOvU4<!W4)
zMNu+!jgtBX;c``bFm-i^g+|0eZ8OIsxx<;m+zRTUa;KD`WxONaf)dc)GU%!<AETl)
zig*_gnG<xtyik(VksV#A37vF~$MKhi%Lrs^njmtJPRfq00@uW6j>-x<f|2JAl!bxI
zh}&rxov5Lk$URCA6by$KXH?#MiZOukCj3F^x`oo?^B_P_$DmjDATc4!W1RNs^xn&E
zfEjWvXJQy2r;}WCx+~|Jl#qul7|(b|lGb60@LBCzKp#iNWeV|`Wc9RUzkWb=I-Sg~
zs7u1MqI^_0HWM#SDd~-LWQ^Q4YD$o7_aP9@BY8Dy$A*<C4;mD3CNz0$NB7xmzP%zQ
z=TZb96wfo?C+9Va*0DD4T{4pQ!*EC)*M|uZw*~N`^vNJRXadMm!F~qVTkA)iSt+(G
z)UbZbc-dDkJjpaNtGftuDD%Zk$=f#2wa~Rkwhyj2_2KGKK1rWWSJS9d4Lj$6Z3%~a
z$ZwObEG{!rj<T%;9-u+8u;)2ik3*9#7T~Md-srj(d8~XWVPLjzho3m`^qt&-)Vx@?
zih43}<Ouy}_k16)gs5)5zUPp3vA9(8mYv^#7ND01fZi0*E_OHMDoUWO584%AoH54j
z6fqsB=^Z;tcsL<G0edTbfpbjV+IsS6UX9lVqHpSozj+FW=S`phX$%t&A;UTEwNtWR
zrE@yx9n;a_wl^b6i2)mMHi5k(K(5-uz;}D*N+-yL;o+}R-|;+O$8n;*`jy)BL~$!C
z+={>p(TUmdL6qgr!5;H7bv9Ibq!@2H^UFf#&#7>{b(y0YpFTcBF^(qoM(aWLGD5MW
zepct9vFWdPw9*@P$q<`-7m-7bA8<&h5cKj>04^XcZ9Jo(isq*UB3)%P@?czHkW3Q=
zC<Phz^*iB=r}~zMU}yW$kn@s=@+onMl+a%qk}m=0V*v}TM5lZ&dQUiC5wVi0V+&GP
z8a7o!&WP5DwW++y=|+COug_3)&vtk-5}fY=V>*g0-cW9ilclT$i8a>QJ{!Jj@L;0s
zt3}kLeeR*i<po$XefmmOJU}ruzyh9F^}|*N<X$EMh0X#yN)m2=i)k6znBZWnv^vXP
z7@RAYFj{pla?qc&YZb{!lf5odoe@-f0s*{9bb<8vEh+BvqHqqW=YV0viM#zocL23!
zJss<ra=sXpm!g4<p(3_=BQPz?RJ!_1_qk6rau}4_Mj&v+1fTeeop_H}C$9`CkqG#W
zjR4zW$qRao92UepxAVG;sj=n(nubd*ooNM9YQ8LxII3xmN#4?odDqdEI9Ip>$=S#1
z6eD<(u2?=jN=%%(Oh$>-N1o;8mthc7{Kf$`R`<QrQRY(Gd{AfN%b_(Ww2X$bnmJ>t
zhu2yaGIbcoVMbB)peSydtNBELUTA3aX^7SOr5#%G0jJ)qAt@Ie7Q^1njVQP}h)yO#
zYWHeLrl+GUKP2ohTyD;HEvs8(XfP}<?&Y&&RXMci)^^~jD~xdDD;hz<tBaRxG^@vh
zQ)t>d6i32G<np{g<(z|adio6_TD_N;f?JsVPRH6G%1WxS!E>^P7SJ#o>``}n#fLtT
z@H&Ohc<h`4Aj#HUUoXB5TG&k2rXHz|K*Ga;FAak}HQej!JQi%Em|B2}-h+O|F>g19
zv8_e`a+aZ|Rc5EEa>`v&3b`I7Gz_>o2?6edNA79wIn$-BL^QM@FPI-lJ7HTghZkTo
zz@v>rH%javxkT$FdF%0HxnCQS6ESreY7uyJH~!_}?L(HNjTJ6;_r@!?G+>}DR)B(}
z(Wi4o?_5Lt1%NQ00#!^ulG2Rzh71f+pe@-I$9)C0DjVoiRUCVOc4*u$w~(4(@C`w~
zXRz4U82Z>F{Jji(Ci>9uO;HG^?|Ys8Vpk5y;I$*CJ`Szo=NK{`dD63ZL_41M7|N*h
zCPWpg9<ZqA2_GsATlX`64ob!sYW@VCySQN_??aR|)qvu4_8ZOK){uH=+*Y-N3{!sH
zgl^X$F2@@tm$LT)Ox%}I^!XvXtrGLSG<)Yu^(LBLF$xRBxruVM=?y<?L$8~injGSN
zFJ8Lf)`N6PWt>;Yyl-NNUf~8gzF9V#O!DgJQo{3k16rJK-$e@TO+d&~2~%W#B&2}~
zXXO&xVvxu){6MUZvtAEvAHEI3D<`DmXVDV%9$liNJq2Ss@zl3)`s7lmCH7$`g<xhX
zlk&_v((QyiYo^yQZ#tDYdEV>iuM&<ISRagWGMp(q4n!U8#`H?GBl592;yeQzd@%U3
zon*>aceuieGsS}*^hUDbY**1#cAPqCz=ND2ZbLe3>b2FWc@Jjm5yx2`(>`27Q&oC8
zYZO8LK;OI>?RFo4&?k|&{w&0q4Y|5w+$Z%aK?hM3kz47mWFp1MIF}7an8!8@aC@?%
z^c8LM?G_l4o;UV+b*|G}t3uBZRVC{SSsl-_+F&w?M@sSGp#yw*$nUj0c=%9>8-Q?J
zJs&s;o2(DiJP=ACLWdWA+{sL@!U?&wHnR!a9W1HeJMVZkOa(#RSfIUgkBCQhaGS!M
znfZtoJVi3ag{g$NfO_7@$Z3G(tzpX;D-m(Ni;0!Dw&1MORowfRh@3#!8pE=EL3(Qv
zlnoMs<9gW@CJ@CE11!;#Hhom!T!HN(ka3hj%>hjYodL}V=*>qUEBRibI9~}@;i0~K
zwf^RyjgX!!@h~Hty&`pJ@F(RAQ`}6<jpriaP4!YBJ@gpbZ-`?f#63M1Z*&YaU$8J%
zFl`IJ$M5QyxiB*3lbR=o5dMT;p<PQqsE6m;?5BVN+Ju{|!~`u7bW$>dl>1)KMAS@>
zsts4WF+w4W2E`K?&<;!yPfD~<?zeeXb82V&@-!zigG}|Fsz?ThlD>L=q-lqfQz4}(
zrSINdEP&%F4m`nK5yJ=<l+cwS!d(ySO0vgMT&aeeE5Y{epdTDeCS4e4n6-tmwl|hR
zCcdz_I1QTSL3G+;iw=MMW~~}=f?=x6JlE6Y4q{&ABTsmQL=U}zunsI6Eou*TnQr!t
zr}8DR{D8%xJ9Xe}HT;3}$UxZ^nQCR;^FkIs@3tJ%XTg-i2iI9oH}%fc$=*{c-vhuA
zXkMwQH9q#4Ko`!SJ0Le|2z^OSEi{0lD_)6nP<9iE=Cc-EJv&X%NlBz4*slI0H@0&j
z?hYfjv=I5MTY*5O>ohfu!Hus*RVm*t4uidC6;GPOWJqJmTDVzWHmh+(-y!)lK`V8;
zRtz#pEa*eoY{#HCjIwx7s{7cFy-r0|%k4a&M3OMu6l%)JE1%%pr-=R~V!FMBR_oLk
zKw7H)0Q@XdAMtQlh`>hmf^sJ=UWMg@LbfEncdFWuMq~Kcch&&=Xwa5OUOyh(ex+<v
zy+`L3$6M~$><`KUpLqx1mXT~qqtQcc9R*#;vpJr#GhGhoc~De2$D%Ix=c{=D{Cr2S
zHC+RtA8hAQDKnDNShwm5*NckG>fO$x4NWLH>`HokEW}jf7n)*~8QwV$$dNl_L9Ne^
zttff*N~>GiAT3ScOxTGxE)14ic=+}C@xt(X6%XgAw6+j#rO1y`OS+eMptTrz+V?dm
z*SsRFbXsQRdfd;RY&_Y1WtmS`^8hFzGiSrKAW`yQ<1kywd+u!jQI`(YMxWG!Y+tI9
zHPsVx2fEIB{rWM;kvz5Ay+%50n+QWY+Ef|?z+z{yct!3rv1UdF3VzEVt_qUp9d|+l
zw~UDElim*{#5Fi;pKH6MYvvI=pHp%i@3FT881@W!9`f8-O26V!;g^qF?^+Zwr0bPA
zHD)(iyh=@zFh<gvw~X$W39C^g@}54`*%2Ct7(Ii@L#z}l1)gbt5{)Yp>qo9{=hiTu
zRH7%(v$vdG_PW#Dt>9id7u8kCW5_GF+AP~=;Otz*o3v<s$1zz(Piy?mAQqWo-dkI7
z7TT!1l~$Fk7JkP#;jL`WDphK&6FGOYw_TXiv_usqz!ETE*NC+62A2qXTp`E@UxeJ@
z6p#d2QQ1!M<2k@X4a#~H1D4ntY^zM-D=!_KHZ@olZwa%j8`%Ve6EZkn_B~rE1#62G
z?r>Ryi~z=aTW>@VUqIqHUOP+2Qe3|{qydbCSyH+TCT*m*?M-d(<rERxY-W9#i27wB
zfCgGAUrf*8(73gyqP<c+6*p90hs$(0r*S@o2e_iR4{746SLt4)Ua{!{Zjc;lbqCHW
zA#>EK0Ji}9gUo%w5ZZoi8mxjK_*8~>0}K#wJ4zi~k2d{0%gPZqJtrQIbd*vnB%A&D
zcD7`#r&gIjZx@3oAA=XNOjd`b$X1*8-G$uvD1ojt!d^$$K4nghCIASlv^ezw$9S!Q
zyns4c;ZM;(hOE4R^}ub;W+J?SsvWA(o*6kmWof>6;83usVp|YEc{4>G`sx>loV<I<
z4-KS^C+M-(sQIo&TqA81=t9GSn@ciAR|oT&L3f=8!Mi+}S4uI$SR=T3DK2*6BF{P%
zwwH7vMk@vcRi6T*m5{_-*Gx<4rIgBJdbc37;m@tZa>wSf8OeB}CXi}I6%(k-p)(h2
z(10I7rEqqqY^w_opTCXg=kjEa+;T`ShHZeYjqh}M`#mS3YD?V5x?KWkBu4YjGL&!z
z#5f}nA}k{4&^5pW2A-r!Q5-zCTk{PJ_VP{Ne3)Q-$spMehWYaKq1Ltzb4iN@PSZ23
z!Nwpo0rBQeDO{NF7+0NGFkL61OnEKkF_w8NW%3LJ2xjaoI^H}yQ_opEVGb>&)3HL*
zBoSXO%2zgbc))sb(^f?R^gI?DE;$z9cs*!Lu1XTUh|cwujad4jhZMf-2w*C&MdSxw
z_8_O5%2%3Jr?74ANq4NH!kkF$PzU%+s<UW6WL)N9&*GTWG#kqzI$lp@z>ZV^6>Hu%
zss?Z@L>RSL0^pDN=9RALATW!|YjWhV%`<r?mIe#T+`&ovhLFv7m`7Vi)K{GzW}-uV
zs!05$;^FHsYN4*z&B=4*9d<N_*b5%zD6CrR?)r$|)<bW~DNIJ|LSTI05-yBJfMFGd
zT~bL8y+*`%aE{P8580iOqcVz)Sw|t}h@tmAk%$m0-*#}*i3FEia1O9)3B@9)lhaP|
zk;!_VQ-4m2#QQj8!qbi7+(Dz7#Qeg~boY(D!Uu6CPi#*@hR~MB1#9;J<rhA97v=4c
zgN2Xsup*9$C4}rsEo-@C>rHJ}z^Vlc2fVrx+{oT|$>wZCMFTAF9s}s3bajJdvN_89
zp^14BeFaDkW~$8$2?(p3px#us&;3Xzq^2;~Y7X})4+*uSKglximn%I#NOv(FpsrL)
z1~dr;W6V**BA?#`z;K0N7zh!z!IYtSIXYTFZD;pxnA8hheb3*)yLJfc)!j%%8hKkS
zM)thWn5n(xXnd{Jz+UMsF|N)4%o9~c5!xLX>_-WakBQ#lyoCpn&(&lXR7)R<R8yG?
zE}USf%>`uk+p%*m+^IRFH$Y9tmGo}taFY6(7@>0n-NU3xSmgw$-b+5lv7)KdSBBs+
zv%6bbQ3D<4am>UgGL!7U>$+6o4<8gO!@F54gBAe2P2j%w1a1_G+ny-C>21@{>vtx-
z<@9_Y28$WiB=Qm|%sm5}-<>hN18LpBN2kmz-s?|e#*jN>*%{}mC@Prv2e?1GtHYBp
z&_LO0w&&_;=tu6B+3r5ncH7r@zS1`(^NQNA4|^FPp|jA#sWKVMnNbpwBS{uL{a8$j
zHHG;QEcoHdfdxthjaLfNV>nuVr5>}Zh;FV)j4<N8vZw3Jy35f$lma3)k8W^dA%v5k
zJz<$7f$lFCAAPyFPt0K}EFy>7Or8wSl=|y?Z||uY$|LLJ<`mzFuIU+eJ=Hh|^cdmD
zc*>VfDVRbkylsS4FSA0Xw>Vu>^D>^3P6a(d+aSO9_Fbh542vr4`Kxf#?9NNd2)88R
z!e_0E3`wYgi=e^yoc%8uyIhzgv0IZbbzI`rz#~vsvuEdH978pRPjVK<5|2=?g0iLA
z!+M{HKj8q4NH{}DdSVFB<?*QYa&kl(N+zHK;(&|}wRYE{)6Nb7=nSzgU(F)ZrH*uf
zub%`x3S1a=4q1U&Q0Y5`NaD;x<G>;El`JA%!nJ_LcOGbs<Xj8<xV@+-U$+_!J10r9
zIl&9K7C5q}mq)rP3o)gBLK&$-4(0)9hwmu~3}eF_cf7pVV0gL`zIvb>4C==z;rIq$
zXaTIsqJ<b;ZR<Rk$*Y$h-c8Jl1?vR-8rh&sfd*1#S!5{83`pgS#%aV^#UAPkbso1@
zdKd589w&ZpYI=oqs}%@MDEi<Ddlw>)5qQNj(h?C}o~|QPHY8*QVnN7zKq@zUg>Ro%
zs#!fA4TiYD(_@}fppJ8XN~SirSmFl4ch*_q`Fgl|=wXog0Wwdz^8;0d$yp%?O@ttC
z$#Ve5*f$<9)l+FbhjqylL0~)zJzDu*hxgLNIL9dLq(88N6Np@MLa7XZkrcyvo27Fo
zCSyb8olOU?xkPA%*fMYFah&WHWTvQ+ZShFI*FVGXRz?DENSr(cksHqIm99lpY2@?`
zJW*{6iNPtt(%Z6FAOIZ<g3c$sIcZWv3FY);qZOUp=$Vyhno_oK8pe3;_*A0j1j!9y
zo2~N%rOCb9at%V}vmyVIk>N{5<!vDB5SInKTb+kh0>j)Er4et8)ExCqv2m~^$Wvp*
z7!(K8oFaZF?IVyGbOKpVS1j&mvdSEiN+_PeWYX_i`>JPNMv}m<Jk5u<?=2T@Za<Xq
z)?HkCp!9Aq7~Q0TcuQ<_plPRh%}4*TF<u?M>6tw=+wIH7aeGM5y3Tu<C35ciF?j%L
zs>iyo6aa|40}qcqDgeta&equ3(q39gJC}|zIa5&=Pb(*8qbiT4Au+)2J@j=08|uf*
zNuEnA^PY9Rso^C67;ENX<L-J4?`09ZiNa0|N6lUq4KrLkJJq&jr*q8rXnarylCuPv
z=ERu9AbWtlh1RRgY}A1<)z%GyHMjju2`lH4>jQ#hB;9_rILal3NysFv%7$%M+S1v{
z5SXFa8&xE8D@rCx9)uiwtZzqQ;0Z@pD8G$rV|Yc(2^%Tt`TWLQ!dVqNNN+*{(V8f>
z=7~Amxja)peUy-taA@$dWbuIz=X>WQ_Rtt|pup#X&hK>B05w3$zh2`i<dfMUcT$tq
zv|yaQgNeu0RJ{QpbHkC*TX5h>)*VKvN{<rMGhS11BEJ@UZcSo@zAn&{Tk)EW+e>o$
ziB#oF9w>;*IJ-ykxHHqpkf3SeS??menAMjldE)TS607J4Ub{_}OLo$#r+Y`6I5+YS
zd4#xFpson+vG!QE3e(g&8<Q1-;Y1u1Wk{wcs-_y1m!sSl3@BceqUfBJ2CERZ%SX?`
z$j<6o?$jit-c*(CRpZ;_%xHvoyM)Fi2M@Rq5<GG+9NJSkqj)J!{eD%?vU!;OpkljZ
z0RlA`Un!3&u2t&<#0zbb-M7lK#(WpgjyOD@;-`)NWut^}WeHN>BOBF{iK9?-00#zA
z;v7?Q0WA^PO@B_J^oaXd=qfo0AI!c*l|l4}Nd^;LVZGiok23TG#!vyOxRccT!Z%=)
zLkm(BBPG4{P3d@oKAvlB+xE?904;46JuHGAj5WtR0v678hre`$$*2n^l$#%8`Se$M
za5(l`hz=6ubmq15l@wkkim+O=h0THX&NE4};xWS0H~Wq=9_bo`<F;8E&I)Dn+T3Gp
zBhdEj?Ik>W@q~)@Mw!*k!KB2+p0Ht}M?E^mK4|ua4XWcH6SANI*++acwVCER+w&Th
zxb}7394Z`3k6WL;Rcz(AtY)<5tu&d77z==K<17z=WV;u`i^}y%*LU4do9(pN5LQh2
z7-Y>w)qM{htXw%4aj{d-90e&<pwIBNa6b|QFMk=!oE3CxgjTT$$?hG+5(H(Mrp*0(
zo?hf)vY#k9cR%5}CtdOm)>4cmL>4yEi~+VUtYCKIxE`&qO%(zp8iy%4VKx|Rcit8U
zDit6~@xCG5dKFivN<E#}J9(1h@m||D_UhK5FdN@&XD>3Jm+KOjOY<FUQ`plgC^OFn
z!y$6rBzQm_Uh4jYV5GQ`D6h7;6y0xc_o~@#kWGo|ZP;YR!<as8+ne`{Z(C!;q$b;7
z7$E4;<8DTNk`8Ys^{{aR9q2>{*h`QtvBJ!6dP(w<3!HUq<Z6Hwc~gn>J%i%T)OA}Z
z9jd)f^VNj1mDG~;z_U8e?jph`(c$$VuublU#6h-M=!^u%jUZPrn?ng&bDrtpOVlKd
zU~;C*9+IY0Pp)_=X}z)Yyp3Fn%q;KG0~_ab?v{&ZWg(y*eP24t_Xg%oTu@Pqib15P
z8*xJ31)SewJAMW9o?mdn+j+El@2TpYIM5`wV@)p%tZM`34evBvdoeOLg-Pjw>5IY$
z?yxtJk=Oes=Bc<6z~gYiSC^<dq!jy*CyW_YtpJRX*Ita>*1_%TM~#+=?&<39FCV2E
zWf{Rq#t_>G0~I;2<v@L!Y@k$2(hl<YT&L1r5IkFV9eR4#v56swnfxxvW~jLwNC%AT
z!Fyxq+#xPLB}dQFdE<e~MJ5*m(#yPu{zN+~0h^%1=6w5v{6vc=gRBkYbV{36xfJH<
z<rIypHJqfNBu(2KX`$d4!15D@a!Tl?MG(^1($1QP>~7dSujrl@0uBg{!jfP5^Hy6w
z6)BWQVY-4eWkN~8ICXkgeGPd#5%VmD*R{MKJ+e~-sWKT;jik}2v7~00dxg&<o>@}l
z*ch=GpRn`<rkYCBGsiOb;*Gt+XSG<beBw0+RvU<86Jz}fj#4UU&k~9<q6F5>bq>_}
zmif8Ga2@Ssgh5gh^2+ljaLu-Awn+p1MY5Z_T1W1=W$deLaKPtBWB6J-GKUs=E#rC4
zab3PXb?;hRq8l-=-J>zE6#(uFn0AMKdGwN>B&pLyBU){4`ALeM5E}TN(R<aJBPK9M
zWVHP(kcs@&$sPw0!+T;3$8Sb}35h%E*%~Q7e`0I|__Ee9YpEZtuS+ZsDEDh7f|Y}k
z>2Th{^r{=3Vq^m}t}9R6kvWk_mBKrq?%QLU5!Sx5n8&w^@1fNKY}R_~osJO=uy2{z
zT0U=;PE0Fe^avh#y$%6L)WI2#MR=h4x#$ApKvJB`3t|o8Gksh_Dh5vA#Vs-2;QZyI
ze(z!)t`}b{DB;M%A<E}aD-&5GdbusHYhDyy7CqQhLuY1KDI63Qt06g20=^8iOZHU_
zK<#30ylY%s7Ba3^Y|ml=lArVIa|KKhK}Ot05_l__&2L;y6N@Np+Y%gL>UM!CXye%t
zHh>%&BeFeU{7c9ok89<Ci@AO8$!#1ze3-NHoE*x0nikcGMy}Ujq3VHMbJ*ewSYQNi
z)mEn)-DxN`7RaXS<ku(|PDeW%=Y*l1#n18FUbZeFxD=Ig6DFoiOEfd&oT#FNg^!xO
zgt)e6rF~ep&;uP6@K_HiU{+RhyYX0gvEB;N9A>zV=U7uR6{dn(K4!nZSgtC1Px393
zX}t%{gdSYk&FoVUXJmpyn*wexV=e&NOh)#pSWJ`pgMQ|Mbu0=lL4qz7*nN>t>gmc8
zZ|>&9cCaBACd8mxAn&q~c~fech*_%ooRl$Z_8n>f2h75VXhD(y>PQ(H=8{TKNwdN-
zQfLDb(SUJz%gZ=>xlPgfR(KCa{SsHK6*%em0hQ%}6v2?M7*PRHY?kRwPvOwnitpBP
zUAI&5a_PwG<sM`+Q<)e0Q=+Y&@V%7hLN?s6MnXE#H+cA#Sn<`uON(Aoq{0~MD19-n
zsdC6S)Yn{Mh&aR>(DWIL3#kyc8BAv>rZYPBzy@WqOE%4Oe_*ga6<2bgTe60O&}gzS
zwyhCtgI9N+F7}k3zo&jejq&#S&G|dYD4iL3V^8x5zhQmuMb4s+8sI=p4W-u`GvA{S
z6b{+VbA^n&>CguSx>3?Q-PR?BXmL;M$p8(yj1|0{WS<Auu1zm8pEx+`y}YMzYrf7;
z*^QcdB3ri7P4j|3CrG0&Ax(Vq-KIScds9$eYby~|dn_2w-stM|7=~=R%XI{fhni9Z
znM6}U08k)ZfiHAPnH~o!<(Buk6&m%u91I|NbBc6kg$FH<_LW>mG|j{FQvpN`NpQ<2
zyS%%y?{Pnk@m(2;(-21)SDlQQduPG$=M-7qgtK@^&|=I_Xv=VO*KuRk)BAMyExllV
z4)`Vt$IQXuH95NOdz_Dp`_M!n_ey-$T=t0%WojzcNYoY<9S3(un2s8_5W*<mVEbLc
zt%f5v0sBBaE3~!9j$VE6L<v-e+k&63TbsI-7eWrMUp(cl*o&}&sL<DzVwbUbJ1&MN
zcTpCOjGpNMeBDH9_l(|+S~A&M&l}lQC8(A6)Up!mVrbX6->XI7c%nU?uQ-<-jopn5
z?FEloyd>!Zx{%UcrM>Yb4QHgs2L_BI{eq#b=I)ugmakFMdrV?}2~#{xcsvbnp1dd*
zJYmKXuAT^dM0;@EE{!~UQEOCQOu>7PQ<cDln*uMeQw@cRT@=*c9KPdO076BF7nqwb
zYKCY;-?DcrQB50l1e}F*YfqCyU7#7i1a{%7&ZItNB%h6D+ULc9U>SCXJy;%dn}@+_
z+*3~$o)$}IKWUaN+R>Ug&#qvg+E}sd23W|_mU^^X6|UyyP4AdYrYYToANlN{EP>`e
zEQQ+5BRgA4F>Iy?X5=T*<c6Yz^Fmawb8D3Zw<JWaJfpCV$HS82Var-m9NCd)@lZtw
zq~l~&+OED*i#c6soaCif6+#iL%g1VIZx3kjPGSrhS4U!zS)eSRRI!C@?yjJ)h`ySO
zs41C-LhDwz1fHu02Jv8*Rm@1>E?u9HCx?F->F{MFTkAqo83#M71fi=t@WEM)z|5m3
z{-(|OB0S^uU?;ckIS=EsV^cHS<C5CdjOS|gYAOMQT25m1o{9x}Kc_Xrc@H6wsN1Vx
zapg7d8+^sDmpKeh78)#ua%?Q0aP*j%LK9Y@6tjuPx~`9D;YRP!UrHV>t^on!alXK?
zF^$wbeW*}7;V@<3?xdR6Wz6ZfjE6OmSgKx}p{f0vZu4!UC`%ANcHtu3hX^!SA%{qa
z-XXyznR+zW4`83i4Jh8Is!cuZM<5b_3b7|qFMXCTszFA`SlWDjP{f|!gRPgouN3QP
z&g0ZNYl)I*ys%es!5uq_X{_g>2n7o3HNf4Wfooy0H7gtbUhW>@#q@@rViFFOyYhkE
z^ys{!sy9W^+ofu-E|DBcDYt+Y^t9HPbfcpvp~42Sv}1uIE3-IQ@F6)Ho_ip#fVQRp
z=njP(KV^g-;^H3MmQ3ihR9%WW?WgoS+A_)>E*Jp=Gz7gGZ_e;k!BWcf%*m9?VaEke
zw4{3HnnUkSA3WAKsSlvo*x#9khSI#3hqGia`oUvWl~d?|%O_>rO$_t=VFT`XSK#I2
z6zAD|=B$03Q2a^;n^eMzGO@#6g25rdfwy_awT}?rHXZ^QAH3wW_4Ve)n_`s2EcD{W
z16z!z=Xkevl#rN?vUC*h@nPXQP^>LdS~$9O7r|-c<^>jVDHh#wKNqT20}83097gZ7
z>wD1}mvPZ6oQJj=ayW`yUBhv^FP_lzUWti)=J!@Y>oIa5$0ARZ<3SZf)10raKH{fa
zBP3N*D&|DNFeHYr>{-&>^c)nQ&R7tn53a`MS()-cvPL)d>TDUzjK+Q{>7Q?H4M=>H
z#aiS$m&z98Z<Lw$8Md+ng6B>2lc}L63#FxZ+`K8iCc-rU#0vag5h`~IuB)E~+YdMx
z3tG-PsFh;@m)FfOF6>fN?qZt{OEz`6`;zXZ?Y-v!s$=6}ag(j+ne)chU1yUIKyo<;
zWCc|2FDJtvX)T@MW6|x<4#rC;@qLI*q-@M?XKs(%2Lw59mLJ7K)X{$L@@=cz;0Cyf
zQLD2>E`r0I7t!-Z%uRd~2?S~NZg)km=~5$**<%;6(7Iw?9<vKczX+m7C4PiXIb;(r
z%e{!EgP-~!6e4A2L+JE)mMIB@^DZyX>&~*vhs0+EG$4pLVSCUm)KX4_&tEEuHj^o>
zux5{H;A}X;HId;2`Qu59pgx9&72X4Zv4HbrX4;;Q<^yS61^|u>Tjabt1}746e>C(^
zrL*%;Q;_#YhrlxA!umbveDAd*G)C^_BHha*weGmig0eSMwsNlktj9rQpjlNqTHdvz
zr@ZZnhDkHstrx%yv7@ivvon!yGk=rbW%x?4jiAX%4e{>jgd4r~0%&%5yMy(X&dbMm
z`*Oe{IqsRN%nCd_x;o)WJ-o8ez*jN7REY$-Od|K9A96m<-2^-gm44cJ9!Y0cv3a)9
zVM}G8PqPko08V0XCWj%i-vg1=GeO%>s+K3ab6vSj@GkIbsPHvu5?nOV(-t`{0d31o
zvDkSD1pG4+Xi$6{@Wr#3rZ)*%FngO|v3`vs7^Wt+kt|{u%~BpJA(0e6GRjsbL$zFi
zVu&sUoRNbcyeutL1$e}Jfu46Uhl)gen0BOPb5GffjCi;(uM)AO5n1$IOp*d84VFT6
zzed!Qjh4@8GW5$y@zIQ^Ru*^SBGEuKgLFm%1|#h58!n5@9xs)Arq(N!w#EqD;gT&{
z-W|C$sJAuTlaf>Tpx}-kMYoS4ZXr)LsV7~mzSj}6??u>cGPY1!%i=>DDVf}PvXwTH
z3d=HhX`5O7<fN$};pkb=!;trgn)fd$M_v?zKBUw{PU`ZeqUtX4vPR|U<m$(wyej2j
zC*cqa&V21*Rg-jM3E))w(8_y)n~J7A^;gyr%_2-{7w*;&N`A)OkDqa7PC&pT9gerT
z-NEAQ*R1jqWl2;s6ngd!UkJE6m8mA~DD+TJYiPF#K24o!s7WQ?!9_)i3?LapDLa3?
zFP|LmwV`=U4(P4Ig9X=NR5PiKxtLPTr*fi5aaJVh1}H!^PkZ=9ayJr9@|YKnKRSW;
zklsYb80{?W*qEbiS-#DxAzWGko8@iJO(+Hnde1`M^u$<I2%RCESM}I>H)h`}%i`UP
z2GxmyA<G;EV2~`C%)(n1!JgSvi3e7;gMqKc^+_f}m~f&iJhKIsm-=?CskI05J%~t0
zVyK|!Bu1V0G`t;xo(VeuZC-Cm4KPi;Gyz4AeOJXZsdI%LQj1Rk@e;`jE?;s!*U8t9
ztiXuTs#+dv3Mh;j#Cyn8+Pk|5gw-$$rcKwreU_-HT_$ud$}e$q+|!1iG6B~qzLP@m
zr7Hy&J_jTObf}nS6B}e%Lm6Hgi?reOOb-mRxdqRlOs1D0LsX!x`35&7<Poxq)LPd@
z(<&XMp<x{$-#akNA?C}vXcXsNq`9t5UUt-GgWTck3V;+e=_ly%9Gqf<9Aw!-<4zL$
zmC%g~TrqInqKB(G^ID1P^mG+H4Fo{^kTQV3q^!LxF@B+A=cNX+G*aS4jqL<g#QTmb
z_pM*`Je@jwyo<atniWR5Gfx=k39GJ?xWF#AAZ><)WZk@X@4>{4oy96umA=$XmsynB
z+)X_n0#5P}1&JknG>EP^SFkG8VA-B1@!UuHk=YU%xt_|Mtd!(7{$-_ts3dV2v?=TB
zX?bBa&|p?(-3EQ{A$h`6P3s4!xP<-a=zv%dGZX|EMk5v(;UR9n^$?2Z9XR%K3>{wW
zJIhj7%52NPQMv}Bpy28%csMf>q-Q3VE<@5Ti(UOV=-I{KGQcV~N?KT>3SR9`^B8fh
zGQq_%m42EG0N&Axl%8tMku=;W04PdhXBgItV40?X%K<m9ckTJSu#}0#3{ihBN&Ld3
zBKKs8o9Ri{QzRiP%PO0`Axb2^sFTG-jiVD6r1C7_<B&HDtA)dN6$I$I++czy<AQp~
z)J%HM<CPX4i>R?8NQC;+s5kGuGQLO&T@#m9WzA!8v?l-sLWFNy!Po=xkRw%uGYCOl
zJ(c@~*zs$(2XpoCDKKoSd(I84#isFsou)Fniavfryvz#ta>f+IiSaN_dYFzx&o{g+
z<*cH)_nizzU#>=;&${|uiG$57G^b29G6aRSl;@B&E|%Yo7*sQ!;SuIphrXy*0TRT!
z812(nx3r#Xfh8bhWAPq$xlL4OVEB7uNUwa%E_A>Uw59~|HCMR8%3@F5a&h!9=o@IZ
z(7K~r6!=wbS39)^1D^M28KNUWlWf8aRt^ZD&w)>=<)OMeG&xV6&AgXZhfeI3wib2h
zrQUCmRe50XaSV(1+9G*G^rY+>=nebj_yBu!dW)g=y`e@GeQ2Kh9>kZGNMBa^iX-!7
zpv9;wn=4T-3$(G5LWc}i@+-e6iLCAPiO24f_E_H@1BMq5>J=0i7y&-E1p&Ro7{J<u
zV=B*!HB3CLL3MKkjp2FEZ}tG{7~`q{9z2{=!{dAw7NUF_<TM+t!eGue1Cs)hh054K
zv&jeJkHhsZE$v1u+vOpwv8pwYC`3}vvq9Q=mmC)p6`3sRjSrx?<Wi$l0?%o<t))nI
z^*D7&2q7RlQQXI*__P{FybyGqq>>oooNJY{grJWFe?d8+OG~vh#d6&k<G5=>d2|Gn
zRElwDM%yF}(4?_;hp_#;;zh)aS6jU)hOTvku3wxX)tS=h!n`u_)U1yWL`*5GuzgaY
zPi*4}HG4r#13bK0Ph>40cbwsY0jZHeE}{0wDNVAzNvb!d0-GvOWiqbDo<=mb58y4r
z@*9s_!VMImhay_`o}8Fw5E1((0mH1aCk)5<mir_zthml*UU*0s-IJbMg;g9?ek=9-
zY8lq4x}B9SJN&?WZcm13aYQM?wrX=vpI!Q?2*N7xM#Os)WZ|74bGxwdBoJx^T&LPA
zgX8rIb#s(Uff6d8*80{JA2gXVmP)^{3PPu38{Qyo9Sye3lJHF!K-z0I5#6>^21}Z&
z*OhBX&nDFO`T~QV#dE%)nG}S|k$P}|E(FT)Jkk1jDXOBuEy_WhvUD56^Jgg2PdfZ`
z$)2;ldBkn4r*BP>*oj5BVDm8&T=tNYwjHIR4LRDlVP$0>9w>G;uxu*Ujt^&M;xHze
ztw2L4XrZ~*sw`&hA)HR@kZ(DG&f8a>qSyY6oC293yG}v-aZ$Z>q35{wi_uNyV_cBh
z4VaEBLwob3CBf%pDbfg=3)|}4sDqF79R&r}k+##)B`{G&wBZ!zA<snHy|<G>H}(e5
zy5VSQ?eX}-gK>fZ9XXH5Zg#O3$b8;6Y!O7SFz*5$CW3Tn0!5|a>WZt4ONwv=_Vc;d
zvFDA88)^EWR<SdyQ-d7(MKoSnA`MdR^<Q3g!%L~`CS4SVd*=970YDIu6mx|TCBU^U
zwI8@GJs+}%2~<n(5x}Kz%}%`0keGp2hKb2--AS;aE)04GV?=X_hF&jGqgK;fF3DuG
z9aRljQ$ccFkSm+`2=$34*}>B)MGwKmJIU>&Q@%wp>;c?1d~vSx45}+NjZg@x5#>F2
z;U}VjV@XK0PJCpU2oFT)oi!pU4Q-MTj8Pu$<8-&G;`F%))tgNddxBePb2t|lb7Ny3
zG_P;)pgdoq<_L(41n|rRz;en32jiuMuHT~sUI*J*3~>w`aS?pxDF$w-bnN?b$%VGz
zsc;uE4V4SFM93o^lpwn|nVE&|Go`As;1XJf6HR3diE_T?2h^HQ&=&oOUWSjw5Xmz+
zeJ0z4DTJCafCKdWibY*)ZB!9Er)kcaC!+N^^hvDMG^zInj=gsaup5yA*;hN^tJ!EX
zp3iKT^Wq+Q<sl=#9Cmw5G%cE`%X6g#{gASd4;4YiySD7aCS8;nKsuR%uU*v|yYbqb
zL`A8`ax=`rBaR<liDQoT1}5tPJYr9#8gkt@P6&vZjaa%<<KdAt+({&jkV%w_1~|k@
z)xdp<+^cs7k~vz|`qF5Uo@@YU_&`)Xb2FwrMFZR-={E*JMn=qN5JO5*^sd9MZVRtL
z=V?5FVB$NOIsgHBy`bYT7NUdG01qnH2dY24^e-=IcT?k?xE$~3>A9;^<+7y)cy5n1
zQ!LjuAI#!FC!oJe0!-*aPN66p%ZAlERj_=-Z#S+GtM4s6;9HZso*8XvT1xI=Iei^U
z0|?3j;`3At88~&Q_?S(EACGB-uRn(9M<AJ~C{xTJHWh*NaHxw(iN*MY<u5UBa)&g?
zrsW;d0Z>M>v0Cz$ya~nvN6^t8sJT-hEX_q!Q5qr<Q96TKcV@Em(vf%zT?Py}Q*Nqn
z<=};51o4xm%ItM(j-ISZG#^lXeU2O2v~yiL0>i$8<Vb#cuSEB~y7$nnx=Wg>w-|l0
zhuaA@&mGEPA00p$f+$Mw0|6C7eW*kT80p+eLvbl4D!nQ6f}P7Zj3E~c*lXZSO2Ek)
zpNGYDsA2J{a|q2vs^dc2jw9flfD+8!IN_sh#}lv@fvd7OW0XQAp*?x4Eu|9#BJb^?
z3_eS|-84~dc>5A#sp1$E;0{wYiP4_z*=15}`LlS{41>$wlYK9qHb;~g<<`;c3AjGt
zIh$K`s%UaN?o(%w0a8cx6AlS{7Y|AS;)%K13(s!35FC+l;euuwT0*kUwwD8Cf-ew}
zkxxfceF1yQf;V-Acv(^@ox)&<Q2n0m7>P*=J`;TEhMva(OP<|qLsd2sCu)<q;{fr3
z;_@1{67W<<ZL-5M!d(XnaT}VOUP`>G1G#q&32X`0?ho{3T!mU!q=gPTst=@{J;X<u
zQ*RKYkWE_rRS#FZ0F+~e+l|trS1_;YEv=QcC`z{P*#i-^7q-ofv%V(@(v-*;nggH;
zGjN0G&(pvfF6a3?emOBJAe!9I06CyuCp`guV?$U6bXT-6`6enLXbC0_wT=b8#C-ZC
z=42sGLjl_qFhPpTi8j;3LlaSQAtvXDQ%#t1#2<NCbk=jXgTim+$_NokSzW8G)ZJ2^
z=P)-294?bStmbXcI7(nced9#=JUn(evjB@54;2fP#_bjM<#WGzfP#EVM2un;wa4_@
z%wJh%`#czx9;`|q^=O(u&3q<T0&LC(Iz3YTQUEH~XH_2n#JGyRNT>(x*v1RbA|)b}
z5nTA@E<%g-;vUq_*i>SR1E%`mJPSgMvD>0ZWnXXs>IBwjc@<0sWFxULNlz-1M}e~F
zj>M|uDml}lW5{JAuK6LW3pxTp(?(-o5e=>t=1ep^OFPH11$=U$<UMNT5=e&CNCPB~
zsG4xCjyJG?V<~WwoO~9Lo^z(kzFyJ`M^`7$*T|d@GEP+|`AC*=nmpfg@(Dw$+~F#(
z7C_X#7wua*2hWybNAuCOz>94(;Khi%^JnTSe(2&m#yB&5ChJ8?SXGP61ccU;Yogf1
zgzrq{0Rbc9p0xEsnzpz#5j}J~Ihqr%l=0Xaf@lCfNkWmX@z6vwz`_{mkr9!j4CT7o
zBO9VCCZ9sZhOCGIhCB@2D^rHO7AfoW#maU)e(I-4JB0*GX`SF)akA%=kcjxSO=0?&
zNjt-jK#+l>cIjgER5P!cNcw8{g;mv6x>2&#2E1LE+G^W#NqixNEWnMPUQ#WLYA+^J
z_|4^Lae2B|xz%$|4dbi;6J38gE99=RN%nY6#xuux4^yG$8DfBg^V5+weUx-S*01~4
z?@e$)lhT!CM<Bccb*JaG>PK4M_ry(0mymZb>|HTe^t(50V-#BJivs7g4idbN^DThy
zF-$1iF6rWO-;7VIy`yaTGL!ksOs0)UI)~ha1wgV$;>TwX7jPaYb749H8fg$VNI*Zh
zhXh;xK;j<BdT>g1NKB_;FA=gu1S%7+OAOhV2S2MAGGeInev(spz1@$f*fR;FC|)Ry
zi>pvpc8$1KpLX?gABcE0N_3$+!iwA^r5Tw*CLWu4*M~N9_LrLBLzb<CETmXRJr{9)
zX4$|RHgv0p@^D_^BEGcR<ceBzc)>j@+x+&NpkQ7sL6Y0=IFRZPm>$pfL>c&5!a<yn
zQeAP2oWUFBwI$rrXfjbP)tU}TA*pb$B}d{n+0c8kz!*{wy{ALr34wICh~_XA5nLB6
zprEemcqa|8<U*d^T_9rga0jg_U%eLuZ@r<OskXTrPrD5Jt*Te{nnH%2j40i5_J&=(
z*YOS&K&*jHwwVDDo7Kz;mO5lkRkuwZh)Jm7yJMkUi5XiQo+fj8F6c|I&DY)O#Vc1P
zTR%nju>>D8C>o3f?^L7q5GQ_k5BfNv*JIsMpKQ~Dn98IAAW9kVJ}Gm%49FH1H`{7Y
zQPiyne-6W&*jh;D%*jONQBf}$CwGJ4O!~s4SlON`>Nt$Yb89r5z;NSx&hqk@cTnA(
zkg~~Q*aNys)QE(~bmS_C7%6FYQo_Ma#0%F$$ggmdTpqmbW9L`sJ9&x^2A?t6o1Kl#
zywTNTc46Dl%;!Q+0z(0o>jt=+YQ|&L6>_o_*WNyB(Pt3%(2ZZ@1F6{bS>F<&R1`yE
z!NExmNnfA}doL5u%6wKE4*E2oMM&(`rKfq9ZoD*c_ZTM~+c#~DiBMM}!W{9`U(xf&
z81qi*DhuBhZi1MskYCRr+)hCQzSq9ymoT%8?<NFEX`wsBhx~ie6#7#0brdTLG#quV
z?{j+RHN|9h56hT)X$uX6Yo>MXp61zcTzS$X=zcZl3rU+4IWI+K5mkmTa(1Q!O-SC-
zAbV_--VD%Ezj?_eJPP}g?LF>ifv-hFo_VUqMj6faqdeiq7w=fnbnAe**_>Ie4S)>>
z8j7Jk!Mz>DQUBhUhqQMd&_u{&ww(3^=X<x%*JS*}xSr7UlLS$GG6c0qm*%81jFsJq
z-T|P{;4PKy_0~X@D5=^r2d{K59!aE>Ly$0>I)@#^va#vK1S4Y6<t<qk@a*OtzvL%N
zDGke<**g6YnB{qBM;p-kNmMDOQuetA8iz=2Hav`L533804tro3VaH-{PncH{;2lv~
z3xya60UnU-+Gt6U`D~>~+?CT2<(*9F$m7)(xaJkP$%N^-Fhlbx%ccou)YOHOEJ=>0
zSVpdfY(Sz>@RXodkY)6p9`IMBOi>AmDNmfYZi}x0<dFG*d$T(XJ9dU%2qc!RCTBeG
z7PLEutwKdOU-JolOGI_Zt`fDU1?{zXta@v%NX`#4LSSASaJ<1DBYQZIuS0Yn-;?(u
zH^uxE*+HjrUIRT3<@Xq-P)QX5-cTRYVF$jn%QD-373=%ZY#Lth18Kt14a0Yj1+{k{
zVFWGLb@G(Vz*}NSyQ%i)q<eQxOZBuSAL;lFw2K$O0;Ru!IV03$lb(ZoR`5I^<OHyf
ztvPJz9Y%~HM&PaCT#1f(+=F(VSA*7Gv*&4H)i-aeM^>pXq7oQhSyZ(rTpwRr^Qx2@
zr-kOZtPKP{z9r;de<Hi@+2!d0tAfdE%+Lu5<rTLxI=Ga&<0obg&YM%{VAHB*<N_#^
zo6pfz38+1v8$Bfaa#P{+g^sJjW!8lvCv6snsXP}e^SDX#b&j^3)&rOqvxR{G!5Wy8
z2_dyyDdVaE8Kz9GPez3F-UjR0^sC{iHjju^dCZ7z>3EUTBl%j6gsYuI3sC%o)!uX?
zJv!Y$-@4Wo>{Z*`0;Y)*+ikAfKv>ksGp{$xKKN{okDTEzIZY+mmt>b;HtK^`sS|vD
zaux(3i%#rs*4^#kM6>1^gfyjM*MgGdJ%+e<okJBp{Koo9SQvvJGiuD{yH@KisR#|`
zVBtk~jkUgU!X3CbDsocqwUE~int6=?7qxTE^Qo?@lg_bay=O02iJA*k)Ya@|0~+ob
z7}|Pkx?4^NJ$?hU8(NGM^$tB+AEsdh!U;cNnB^Rmh*$bJukYbQ05fFub}U#jFpaFG
z8dZ2JB<hrTXw*BKGe{H9qg-c{C8jx`%OmyK=@Pd%##{-uqvgvEe+EIr;H{2YV#x*5
z12@=~&2bG#)zL(Q+GYW&sRkq@DDm8sj~C=xEWoeS^0fw8vAzK0+yvbVJRg25V9lPQ
zc26r<0ypttj2)>OQFY|#Nta`21fR`pih&XAOz>)p4xx-wKpzm<EP$2aI+V%-9C=UQ
z2)4Zk@8;GtLAeT1!<7=~gmKL2TDjjO%grs_UhR3t^QQraqpcw>^4z)!v|^1^M^`(N
zPyviHlx6{M>$0+2*S*iqh`YGxAY5tm^>rVPJ4}eKtvttL7WG-JoP0s==pZ`RVMtW5
zf*%rKW1!FBGSiV7!b2XfckUZ3K&u;q+_bmbmX5kkf@W%U7Dl6wqDnXi>(rd7nd5}p
z`<CwVAt6PC92!WR#9A)M5N@KKZ@k7ko>*GLj_r;a5u}@E{3)k@$*H8L-sq{3Dgh{w
z(X6%bMnXlyk0$%gnnn4~qi7~vIKm2%L~TQ9+{Pv9eOt;>UVNnQ6jWjJ0eLv?)@Xab
zd}`!U8rZ%o8q8@uNN5qZIMIYkQ1Y~<MrJ)o?hI#JuNqW|v$P2JQ8>QYfWZ}`x$;PK
zB<Obv`b380FFVO#S9$sIL|=M37KvuMhQ#Q^1{K01Npw^*%?ANMYaNgE2<y7`uITDv
zoe{Dar5!)p#{zkz#;+K?XOktDT*Sb9oJ^KMUAZ~~_0Sw0JM+EJa&anPWG4;;8dF3>
z0c&<663~H%oFJyQ9`z<hkR<sf6~0Y(vhMBNPVH(}E-#b7LaAD)Lx|Ud($dJq^$cX6
z^@N#FUw2|-@?&Tq3NIi}eXp}%30+7wxZk3{Zh7U?e%ZXfc_}*}6KNqBy-VrkyBXtK
zdBRGZT~s6Sy6VZRp%b&tQV{UT0>>H(0@%pdcw%ARjdEP!`TR8}s{}uI$S(&lMyd;h
z1bA;~d$I=Y;S|v5C1=OtJa|?nWhs5<26VoYcGT<a2^G3cXRTCIxb$ZGMIIs~uQo{7
zD7NQr0Fddm6=u=ts}46#fVMD@ahoN4Lg;(+UVFSy!xxc{8fc1B$1Kh+-dj6MRvUVX
z=1chOaOF;3zV)k`@c}G*wi(i<R6IN?HFE+jWD7Wn`G`=^#1;-gNHBCB#am>4)kaPn
zdT%leU1N6GX0EIzVl84<;pTNetl@egI(a$<XEB_z{MZ5bgmeNr*~a>1Y(aqWZUKx%
z9P+H?O0uGi8;4#VwZb46HwLfu%ruxv+pV?UFvfd=9!(?8{Cu8Uw7~FN?IIa5(_#m5
zjF#E9F2b;Sj}_(1PSa021yiqHb2+rNdMhBR$tnbIiDsQ#KM;GwTdi#7B%pY4WNR6$
z?_~{MN_ZOUa{e-YLfk^zXzpxyLFN7I=vhc7#)!l)YiFT$_4Edm#U%o1@0!(d7M8$k
zso*9O%`vIB*?J?>6`Gw~@X{aG6>sE)dvDiKu7q_3gvH;JrwXN(+rXMZKvZQC8Xa2?
zNLhlF*u*y53*G2WhMh94h{}cZ%S%BUq#dP_4axBkg?pPl#F&&vT!jZzlX{Sned%(1
zu6<`x8*3@QL_2vvzsN3~b&nz5d<rv?+!8B1o%TR8m(|n>q#rZnm|42KX}_hRJz7n<
z*`rq{$ZS*|404NQk13O{n0;Y)JXuSRB)}esiDAJ@o}<mvP=B6+%#m_7wV})z13}s9
z75M-jvqGZ>=JOcPr0j<(+ZlKSZ+6&9FsS`BlU6Qk7R?ioCOAExBo4C<_|AzOFQdMu
zs%Taq87F!54wQm)(9Y!<`QBb3jK-?7R<ErkJd02jUhE(5A`F~(DHe$%aure!wiLIJ
zlcKJK-MnEWk_lq5jrFW3=_tvoFj5X46Oh(8Sk+T~`jlRc`f$fY71L0*+8oEsGqU5M
z%o0j9KfQ2Ay>_hxuy>r7?`b~j5t+=plZkjiDnw%jnarbfns>G)p7Y-1zE-A(?!iry
z5yvm*=)zWBCA*3#FiE6WHj{e1cUWOHY*!C1B!`^OAIs<hzTApwV)I^(-U49}8IpZk
z`05d@U>!EDH7M;P&t!&k+jW0!rf^H=TI^Pp_E2BqGm+J<bl`(ceG%&>HASI1Ocw8r
z>NqtI+U04_RZl)W2qnxH^oqCQCD}4tXb(1;fj=pK>oMdzUwS%!>FJpVM%U{}6IzW>
zuLIj5cH@E36@hfxA!Loy_BizcLt!<?CcZ%zbCiaSFvr=KQzgu=7u&;D1l@b{h%htM
zQJ>F(<YGOdcz(Y?3ktsy+n(YkRWc%pK?|S7R~xVhd)qW%>^xC~`P^VBGZwT7Gijis
zj|spb9WrosQSa~R6E$BFMvVqk6tF-y)bWAgYu4rlGUoF$oF&ByMhP+(Rq;1G1KcC_
z)}qC<@ksn}2hPjWxR(zw_fk;7$u;iv7F?iaz?%R<lRb)rqR8E#&T$b*(zPCVAyx6r
z1c)_#B#me~XZe^}B2l)Rq6qB9@5%+ih$cvs>=})#kXMx83$>E!s-pLbCGtvgvzLA4
ziS%2`=XNpOks@Y~Ob5AL%6Dtu5aK0x*NkU2tLOpwHEQZ8_{-3!(Jdi14H-Y36>NB#
z#&2lK*kLvqo5=6x@{pqXU|{4-nHl8H^UORaQs0*FDJ=@xCii6q9UaNa0bq(!Y4MQP
z)eCRZIbZiC_uP@PymfWW<jgi}cr=6r@5(AI3@mK{p5ck!+!m~Ykr1=@<iqF}%(h+D
z8uyfm$9Ufxqn9f$LhH$j2%{6AaJ*c2liSh{3t-r>haVgpJvD2q_fGebq>DU&Rh<%v
znd%-9m<1XO8!ht0UBF9xsdPqI-C~y7@99f;J7M|)H#D9_<*U-Fiy*^$D|0zBbx`$a
zDz-<(4<^a=-TJZjQsR>r<LhMF;IFx}Ff%47kh6=P_uGS%5L!{!eKF*~vttYkEOr{V
z8|+cG!Y;_Sg?_z+M=H}JdH{|>p2XK_60)K5uyYSW<3tOIjH8V&5xg1aaR51a5uGE~
zJ)y*s6542$GdX&+Uw#IC`6=%L{RW`W0BZ#Jyl2zlWp@&0qqit$1vDkvqy)8%hPt1M
zgP6P!5nS(iZ{ha9J9US}eRz<e-ZD2ldLnb!@=%n=j{S+rd(4j|)f^YGM;1cL-kh9M
zd+y5taI<*op=!9n)-AMD6w|}{CLp0BD3E-Th)R+WS)i(6ftY>i&j~a_G62Ol<wp2)
zcoG^ZDrobqp)Q8bayB4$9)j+1XU$dYScI@7th{}cm9%M|+SV0MgY7IFZ3y5VfxLAb
z1bj&5U0ne$92OsvbVQ+s9_c(0cS;1iRJr75svQ*UqM;)?9P<p7-^M(JB~kT~vTEyD
ze5K|_@1|M8OQEzdip>HmBaTTtdx91CNJqqN*XK_0&B$Bu*F^<MK=EJ{`H2E1&g=9E
zYYguu^H8hgc%>#o$JEEi2u5WY3~%n~!lINr;y&v|#1N(yRPT@%s`Ae0I#$BSW}lYE
z>lD9z#<}aW*D3~2uHCrI1-D^#mW*pbc}TpWUL-vqa(#7Pwl#3J)bEPYc2XT+vS{`c
zFa2cI169aEn>PBywF-pe^z7Ap#>r!?kLAwZ)kR#9bh0_U<N`LZ=b36fq(fUFyvLA?
zgmXLMiN?71o~-B8qZD@*GUGea0^VGTZOnc({)X-)Sso=T4~2MS`ZEt0GsJGlGu<9V
zrrka40B-23BDc!A5G+pwa!l*N;uupk;3v?gNNKE~Lsbs5i21BDG84Ni@Hn%5o>NMq
zE_7QlDX84b6IBUn!4j&f1F+-cvOt)DHeh1VQ(W0AUEs}Z(*;Xg*VcV023r1J3)Rdy
z@**i3@r6xBnY+D+vYWm_euU$Rs{R_M6=l=go*&dHm@bHmoWuAezk?4!5dgjjO=XEF
zPsNh%?O3(k(O@=~XrFw8+uGLFPH9YDQQ~~5wgIQU)Bsnt!-`K;S5SSD6ZKxmS-yV$
zs9xdYx{j{QkfDTI5<2E=RmUwIhOEHG0dl$>HNX~Qee+t5s=PJr0ba3~X1<a`5rioZ
z(K|CXZ_>1es7<RE-q-#F-pTX*3sDPfF9*Wfl^5?W58zcaQ>0`K?UR<a6VY{kV^2t>
zrOd$|zujQ1yNAb8qNF0yHx_gvtdbLVA<CAF6DBds&IzK-LG<*-40hg`caR`gfIjWr
zHl26PoZ6l2RDCS-N~(IQaQAd%bhB>Y2BDxhH{Dw<)zK+E!$C?mpwQGh)<OX2*?`qb
zG#o@m9?{dx5WbknoaLa=z<qk}82BA|9aQS$kU#@yCPZ|Zh%OS5w{&_8axuODS1Mj}
zoDkU620`&Sby`PdnYsg*E?`hYmCj*QpDTL|t(^&wAU;?WiXN{t2nrGs!2(6=P#}0a
zD^I&qwxEU3HkM6vti-x&1>BOa!Vq>n?v$Pg!JA{0Fv&sCah?$&t+)61kr@=~bJ5~q
zJ$opJI|d-q)y-|*($K?&alIofn*aw(8zz)Q#w@d~BT#SbWetsEM`mluTLhm3Zl>Wt
z63%-e&Y-@Jd+8WRuk<xV3RU1+8M<V;vz%jmL{{c(i1`FxZE9wQO#?=fBpk#pS+d?{
z^ESTXw~w&}q#t-r;*^Zhf<h#ux`wwyfZEX>8b7{AAPcWnjo)h=H85K599SY#qnB$F
zCqi==jZCSYR&LT`Y41v07s*{TgCx$LJz{DOUnN{S)U`aZdm8cpFh~%^LBnW=ETkgo
zUbvdpJv-X-8-66NZzN(7Zk)%*Z15XV|3Vb@Wx;~5y(oa5(sZjq>Rcc$;VxMbSZyYG
z3Qg;_5)62<O}qyW*+mXcwAnOdMANR2(KKEjCGH3X9^G!pne2{mVqw!d66w{Qp1zzF
z=Rj=3P)px3i1(`B$)HpRmNY5zgrLsrm)<D6%f5(SgUr;xuPtFJC0hzdo<inI1*rVR
zC{yn715~CR;V!(3V%EAWdp(y8j{wy=A1h?!VT6>-2sGvt1Eom5mFBZr)hYtUd&?a=
zb9UfPdS20p`U-lz9-2m`Q5Ls^*Q>%FvB1>o2ZMMZfdiXakH_Kgu{|COs&3s>%#<g`
zNB$mW>PCvu@H;boj2(tf(P|BA6OXVU94u58H`-toF}bQ=Ga0|60X_i-wg>HE2ekUI
zu^gx7y?L7?FD`PoGn}bjhg@QLVZR4KdMmB@LJ3)()qoa9SqSFAMK185_&sG4OQ9@0
z!eSKhkf30Pam#utX(3RLaO4IW{r27ID};G{W1Pog#sZM@E+>3ah8RZi)pK1n8!<vG
zH^<zxJqDp9StJ7G%GDW(0vLI3wSW;Hl!uv5xt;sWv)MAorzMghZp;;?p-2hSIuxZ1
zd#*1YKOmrJ2PlE8=Q3+d!%rQeO;yU(+ut+`EI;4i&4<L(;P6CpB_3MXn#^SnL|TVE
z76o4*tRZ-OrV87G!KdUIu3inZ2lQ}KHOpgZ4tJ88;SszG!^TxyhVYvQN<bAC+UDK;
zY%kNoU(1*w!Q)3hxGGm0Iu%^6#@!yRLiWmDu&#$@4KJRCxdAj%b9z3bPT|t?y?P8(
z9`4VRbUXk~<HcLip_~~?*d$#$eNd@`(X6u^uLYINt~v1Vmh27SJI+Tn%P)cp9&QRY
zb^FODqp07rC|yfPF@&zZrz`Jzu6?i@O~!DtV@x0w-y3=uv6)To1QyJ_sf9XZ`Y=$6
z72}NGB<+KQ2B@0Cs(O;;LVK?wx3wUBx^-hQEA!<jWkYJqtf|aWKSM0j*mtwcX$+`$
z=akKQ>4z3JuPBYQG<4r=iag*K*}E@Uno_X((F};FK>Y=&ENHw{o?0~rk$gA~lP>9)
zSSefBr7yUwFq3kc${TN&k8$pv(i5QTejLL^wN;G|agPG`*p35Qukq0XlM;+}n;NsO
z;3j-q!cOL?jabl+u!HexD~zc$Aj8buWIXW(l&qxpsYU8kx0k#zleL!}7lOud{p9Vg
z5kY4$9G^Aq=0og(5(wiwbl(hP5{PCbyar2yYw`nquS6@WSWtv(en6-MmssJs&n4Il
zpEp~U+*J;|Nt{%sJx*Pd459Vxdf|aj%hQ5Z@4X_Pq;6g&!l2#CLqbukc`tP==2Xz?
z9RRKx-;1j7iA-1&B7Gi(rXp)a7CI(73;ZBqZNT6~`94u5F*s$h^T(VLQ!|3(XMB<6
zuLp&u(83KcGNH&y*Fv!O)Jlv8M4t4PYyrJ|QDP5E^H#gc>vrJ`9b+u8$-Qo4Yt=x_
z{8lL)a*wDh8iF963(!4Cf-6pTqJf5C8i7%})HK}-j1HI92YQ?K^3^c{=)tW*!vvKB
zf{wSLRM<Y*7ni=B5=2n0P0d=-io4YdHp!*jImDJ~h;%CKnHsOIxvnGE9GS(iYpop1
zU%Nkw=V^HJvbB6Uw-4=xoc$(5d|GCT6uUDI{N-If#!U)oBjtNyk5AA7o@W_!z{0DO
zx9^UhXEdnD_Vbg9$+F~rl`fQ&Ao1EEA{@O~0Z`fk;uVg5LQ4DvDV0uH@3^XLZOj%p
zPza$jX-%fJPDaiUxW}WOyUN5yMvCg5F}SC(SI9vwE<RK^C^E>ibW`e(UO-09Ac9T_
zol7S4xH~$?^)(h}son$b110Pc7L}8_W5s#JiZu*#<QTrs9tmKvD{RgPydfQ3jraU`
zfkihqD({Vx<*LgSj-&lWX(>T(CO=!$bg4DPbkUdXFwq<eJ_B19$p;)2!l?9)^O?Vn
zRVx=KsANuu!@PYr{=@<&?zOqpc$#%6z0E^B4N;SQNmn5_!XPjp0P5}vHDoZaj9#sv
zSd?QQ?*#W&Q*egWZk419q5>cZ^1RC1)g_ahw(3^iGPmeQ;|mHxjOIH1y0M0NO1Y|N
zqjm9G98-`u?Xi;dIAUql0u;e}7->&;6D%*xFksBAkyvF>k*`y9%24>CS@a~r1C&O=
zBgT3xNak=cn|6Dmz~F43LxGuq$31xE$|JqN(IRNJj|rJy3HZ+LWa|S9wd6;Lgu6s!
z&9+bMGN_F4vR*)lbx*u!#Z-;H8jd%y*FlUoLtHt~YDR=w-CaRVo1OLYA@u?Qq0V%m
z$-Q%Z{FZ<h(^TwH@T_iYm5EwB3uU<qd;RPQKYEKoK#YP$WA{cALE(CyOao%QqAR{!
z!q&(E#K6ExCbJzqLtwccjU%;HwP_y0xFpfKCs~)E31ZKOkeX?;0-HMGrIhAe<TM<a
zuElojjvk`qadlp0^ftc&c?8eb^%bdWgl>d6*pAw)9eX1e+A#EW?@eUz>l^FPYgO5-
zHdqBEe3Q?5Y)dbgQd1QCft2@nMGcRV%*xnwmk7`6W!2G5Z=5(pyyOinlDCOiJiD)!
z(AyoH89+xFP$l|FQ&PN1`lR&H7o`YO0#Ve{S*Z<5x$o7oBWhA?q3;V=tjbC0gd{`H
zs~&p%kQoqEf;}Ga>$W2$A;&tKB^7apP)&LUa?pYzO()$MM@`7Ip#w>4`pQ6Edzi3f
z%8@2}2U<r3p4_a6Z}5@UTb)^{!50qQ4ir>I5AfB%d*m$6bw{RRZdlL<md<gUe=nPe
zcwp9wPy@;+pGklvLNYmTtUXAAu2+2fLc0~rCuULx)7LQ`8_QE1-yNujrDQtgM-B+w
z4GVW%PmNyJ1A2}bwFa+XmRpIFEJ9I4A_#bfmN4$j0G##J7PI0k%|1X#0J^CM(8Pu5
z&_4GN+hNdH0)XH4Q@LzpOEsL#WxVHsytt~!T}sVUC~QxjzOlA4d;+0kJFQc9IK^NM
zpx6(eRI-?jsMCr8SdOk#<h0u~*=E0iSMRo$CyJYjRBd(QA?{-ucsAm7YJJa>vzR@T
zr>LE6)%;YmSPp8i#4%6T9arBq8XWTtoR8b+6)L1Tge7}uEr<-D8h}l7r6Np%xA$XO
zuAb~|J*cV&2!0ev7;G8iOoFiLS7-v}6`=f-fpvu$=ym4?vo{#o`VHxOaHN+CdmhLh
z<$ak-4_u#7Lo_^l9d~2<lzkJ<C+#v~;%HRS8d&Y<K;v9;c14~bKnq3+d27IKU{Jby
zb~R${ZBjX|-#mvdSBuhd*k@h)$S?=@^gRMjudqp45K%c7fT<|Fad^}kC&myY7>~N<
zfOR1&!b1__XbTDL2^KMJ-lM1Z;s|!LCD;V$A-XC#%L{{h?JTq`T>FN{VIu_IJ%L)>
zJ2&$keD}tk+|-v&b>TI!7GFtpQ}0O6km@`F3`qrSUJmkcZl#{_T-tnM%jx%+=v|@b
zC#DQvn8tfNtI!cvlM1c~nEH@Ud6~se?t%qcAm#vcy@f6OwF-8IxdobJRzk~*bsCVy
z1!{H(lm3Me9SK3Pa4Vb7C-Rx&(v%iDFfHKr1)!yJ!iq85wq4h1+Bu2K8N=HpqBlbG
zthkOznOyOW7L!;wgi%6vmVl=zL1P#B7H`ahYsROz{THX^K(AS*!-esXn{bYiJsq|O
z@PxKDx6hh<<CcnAqqyA3K?DVq9RNI551r_x5~IlMvu)o7TlFO;0=}0W)$g6}=uG$y
z-A!!OfRYvLwfk9BmpO`s1i7hd_>4TLflOA+362QE+jvs9&r8#Jhkg<m?N-<r1!OP2
zX7mUZt$y&(GGs4rQ6C3y**@{>hxsB204beLlpP;E9tq!@O2nO^f_q6KT*p_03eILU
z7rbxyt;nH!jhB}cg)M^~l{47g?5yo<5ZR9Am@kC?+!rT}ChcxG3ikt@1yI2>6lJi^
zF>&XeIngwcof#H*klg&zX+#uY{3ZuQ1|J~zke!p|gHw38fcBEsCnNnP&Lm(v<(?Va
zN>+C?By5TY6V-*X-Mb8rSNRmRpEt^m_Tj}grE)21zLwP%SGw7Ix|GZrh@^3xvwl_q
zWVBg=H~Dm;2g-fgLlE4zU~JTDtKOp_Y9@x0nJ3(>rUHG-Dlt#km~v8`Jgw)_>C6t>
zS)U@f4Kms@lVfgIz!WuOa+qK|5>1cYasd#n=j;$hsnswZF9|_foU8k7=$oVIgnCg<
zPVXd{6t7~Kk+QPV%;h@uNjg`V*y3}LhbMdCdN0jzIoMSmninzTqjNPXFBLhc_DARP
znm~t6*WOf3lWI(=scNw83UoSkC(tX&*X)upgi3Eb-}pDD{>ACKXMw8+YP<kDK*YaH
zdD2@1tK60q*7my#zh|!Rg@>ga^b2?>9Gz}}s>^1^uls5NwV27r!=5jbp4_dYlH#*N
z%k4YGGMd_@X@XF6hrT7pxh&azUKoV#$O4NBk7i|gL~?xiIu*hQ3pA**Eovn}7tL<H
z9U9u7U|hY&HXFxpL=?Lm!7562{si^mPU*Wur_{-uT+s%vw%|2ZGZt%&E_&NeL*-{&
zt{i7!!s!z=OqH)DYoR$&@r;#+dVWE4;?)GMiQewC@TMh=XL%V9gNc>ZN445bBT2zs
z@P!gTnKwC6I3>congjy$Jc;Rr-RT-*h(^}yrETOEX2;RTCpvhKhUH~$(JKOT0m6Xx
z!9L+-wZ0LYuGV$B5Dd$~)1C+D9A(-)D-3<-3~w;D%YDi*S+4OZg#!!#Tua}afCKXI
zBfiriMwTZldymmYq#QF}cN^ceL+kOOLB5%Jz=I=u*(buNys&BEVl-9n#XEgz6%DF6
z>U|`6Fi#m^nJi^0>h<c2TAK2mY|X+g+NY#WqXj!KRL))GC3=|0#~E{Qd5?cVOLE5I
z=%TzMrkB(w9uEd;^*wwXg4m>^2bPdEk5c#y>Q0VdOGM@X#KTQH@^k@&to4p}!B|`z
z4;`O{GR76-y&6a*c!gY5<c_HJv|c{!l6ObCmCsCx8xxWo%G4((vn^Z0pN#h-rpH?W
zR>~kx%}*)JxwY@{LY4^8=*A<B@XR9~Y;2{9r$Qdutr;~o%g4QTIu9Z{#G0y@b+xv<
zfK;BHU6(COC4#@h(SYhnltOl!y*i2M#+1~ZdUI|5iiy~O(oUCEi<f;;8?$BtU69OQ
zY1)-C>pZ#=hZ_ny+B)Ai@PLG+yiwmLsG?t>-e4?X`rFcNN2p+N>hh~gx~>Q+dFp&+
z>_en{KrpXDp$kXL`>{8baK`nf(R<L8nUTcXQvl6Rv)X{3Vmej1lb6fWC~u?f1#r3r
z6*1K35lsnu$*TQc13!N0FBlEPUPS847ZkO)%MLQy`&I@9LhUvHSVL1(-*IOLS^#KL
zZ<z?wn2h?LPku#=phhAsDF!+WRl2!1(aeMB6&&rE2=>bBJZ178OgPY-6>i^ZM&ia)
zWX`^N;I8(<YS_zTH}7e`t?96OvfE8fjKSDzKnb~_2ej^ZPPybvi)ob@^IkyFaLH2L
zbAQ`8?U=Wv!f$$?i(QsnkQOT8JjzTctVLj<<mDlvC|H4F^Cg#%6=fuP=-bJ&>ab5Z
zjYR;{6ETPMEm28oES*8VlPAH#P*i~m{Xi@qt-jZadO9`dqq`XKwAZ)RtE{RKeT-n+
z{hmC%9E2;S=YVYl1NKyqU5%b|O$WR<K=gj1y#%}Ez3OZ2lCWI)vZdOJaJ5A3@Ll3a
z@>IwZkHFVQOk7rP_FmEB=U(>6lGmP<1XN_<E|N}gv_4>h1nx&Wy+o6bl%9rzJtmI6
zT=Z<XrX+d2W<!oogYR0kU=`-&5K9*44Ac~Mr!5nC*=zLoM8rcPL96D7Cmll2xgPc`
z9na>3zmBDtqTzfk&Cq5hn-9{Vr<1vOip<}$0AoPAD?R$D=6a-^OvW^Yg}8{-QV}D{
zwCuzXnU_V?{$4#a<MeDXue(S1a16QVd~O4er<mFM@jk{Oy;9BvSlMtn)O_M%%UqGp
z%0Moj7_`&STb6ot8E~+rWBh88tD<9-aE#x})p&i~5m<)1{R-Y3UcsxW1WA1rb!h!M
zvxdRJyEbVKG_1d8ROK&HC2|Q$&lc*nWq9Nj`6Et->m(Uh!9G0J+~;pk$C**wGO>aC
z?W=QN$A`U&EPdr+Z$fdM9~A*zO5R(DQIg9XC#lAmjFQ$S7@(|4x^D53ns+N;bp%NI
z?t$=g3_)n5YI;jE#b<~EZt1#HSWo2Pd-{@QBeXmaNEX@PDY!9U_q|SYl)Bd(f1#>t
zL<tc^#kS8|BcVc#39hBFlY&&#tCydwT-XFlkzy;dzhXH-bF%4#clUDD!2N;Qh>{>u
zc0RMUhfg^knc7OdTn5c)Q1T}nqkMI5H?PJ5l$l^>ggKBe+2V<uR%;KWJ85iTam(t`
z@w?|xDUI{^z2~>~CV_1uGZM5pkuwcKOLBq4B#1d9(yvyrY#*sJ?#wfbbe6!4WnM?<
zCU%2js$K&*P<U}0PsvJfsvPz8`EWMmyzsZ(^D-b^T0D!0Sl^>Ja^^}wbGKltV2uDn
z?GN~ACN3LePFotk0C~W&`{cP3b<XWG#<yp|UTWv!AvhO+Y5V5IRyHtf=5Z^Tsp#Gr
zB0S!8rRgR%HJX9CixM+(H39H<d+*WdgU5~-tk^kC;L-2VMFN-)828pLt(TN1rW8AR
z%G>COeh(&5oxon2KFmI>Q^J<WWQiwNPOFcHgyW7u=4sJ;WUYEp+_n%@3_;}Q1sx(U
z`elsAjok$eog;$C=?=ZV31?<GtAz^C(+q-L$a|#6r!Za;Zf#Eu!9wf36(3T?JjC;v
znL<jW!q5kP%JD=kfQJK#CpCrw$6g_DNk=pQr7EbQZ#H!Xou}67BTt#rP@j_533C(y
zrGAhoY3Bu?m3PGc5>6)`IkwWRdYrguK=i#9Z7EdLV5c6l$cN8L+ko1Xv1pGr!tI2^
zK2bILLe*^7fh+D&NESUM3ooOB#G-i=IKAcg!b6{kKe)&B>XD10JUj=BvPj(s2LnL?
zS7o4^M$-oIuzeD#U6_^yYR}&mhoMv2O70mvU+&Ps_lnFZ&=_rBpgbvAEWu+N-?8Ok
zAh`{ncB^PqB1NvdHwYA~zRzgZFdUwXbqax6&ty)BhhP_hdbj??s?`%0DdSPIES;LF
z+8sZyomb#<C?KMsX=}G}vJa!$peE)3(#0^VbhQbH6*mEr#sDX!UoeG9vyXYNsHn$2
zeHNPv?+RO6UJ3X@2$ct=WTmP?IOOxIvkn}7H92^1iy#ncD^P$KxCrO9kiUd<XLzld
zY!fq(z)5d<ujdKb@`j>0C9Jq)u2x6cYW7ssU38nCiMbmZ_ips1JnZMdYR~<KP+p~H
zH{}`VJyA81N2v1>SLvm(8T;k1=BSX$vOLIgo);70zU8JaZ^INt17Kp7mAk3Mp38|4
zlY)0_G-;`+KZ;j){?M@%YRrVA#q_AQe1+?6OD)}Id(UI&L*Rnsn7Cr+lIIj!5BI@}
zoTW42%A!`FYY_6#+3~cxJza=93P(Y|^LNA}xN<S^0OGj<Y-$5oM~CMNDq8*3rSZV_
zcogW^8jl{Ai;b(m(A$~Ej6z!_lgU<hzArc)zOXE!hjX|@EvnBMk=8|FHFlZE#Mjew
z;SH)8tPG=-UP-G@bjMp%lb<mQROKB}K2M$4Q$1czZMyqI8O|ZWYq2ZbtfH)kT*TY+
zjE_Y%Jm5J#HurnXEYFY+BpthRYlGT^0B$@1W8cfCWJE_q2Ht$ngCE#HBp1(9RRBug
zJR0r6m_m#Uv7u5eXmcmVE;FE+?b3%#nbs)<<d3XNaEt=@XdI&qzFBqnVztb0r1xYn
z88hCXD8Dgu97@`Q^mU#<M>>KX!b7&&vqyC=74{g^`q}TotG$N}&EXKHW1Rv^{Jlsu
zt56{HGhB;zWMR4aI2crroB~wlS(V79g<kTB-nfSrM^O((@gtO+P-{af;uUx_phAxp
zsF92zhISZPE5>9@-v~{GPjJjDxE)Ogp{x1}R;h<=lpzzFoTXb=R3w0hyv<1T5)c;Y
zmAb3Um4V`UH^6Dsx~^zG(|l$d!t4siT*9x|+f%ePNrW}i#9mWORz?|X2JbrMdrksu
z4H&yQv6dDi@RUwDvIqCb=DcRJfI=k`8hX_p62G?~h=q|dgl{j5VAVYxx~8oXTL2yz
zpqkcjW?87oxtwVki{D!vqt{9fROmqmO~r!Gktrwk9>tj9s@toD@Gfrw>}QYs>Fxxo
zltvCiuB0+eIJ8wezf03nkSldJniYC2fxQq%7^Yclcgkn>O2)Q?pK3M0yZMpN(p<=U
zHJClO?fgOn)RDl2-?9c7C*Dk<4kJkdZXlS8AV=;@*%DItjQ4}c!p0f_J(_0*Oh<N2
zCV*DT#G)PV+MV|GF*k<!16!-8O4L)NCEtjlMIRcMnM`_etFp^50g}#Q>d$CK30Gfm
zUUEx3^C`LAoL$|=Gyp8&W^v$Kk@T<<x+fvAZ7{NpQ9uqR9=5$B#=(f#on^?Bm!52=
z6!B~*22+P}4;`%5`n@-q?@@7!2&UaLG&^=ShFUY)f;YhHRK#wXDoM*Z04MT5p*2Iy
zhA_2X*~5uJm000A<X&Dbi$^4oe$NnZ%O)Z$rA2rupYjYIY8Kz)dUk!1S1AQrJL0R^
zLytxy^kwcuyc0}pPI_$Ph%wJmU9%vVFhCu;^BY$Gg!R#c6jWpmr90}Z4(Q;y0=R(G
zcq1e6=|-ZylBAp!Ie#*+{oG+szyRhI$uf0A9td;~*2;=V(F3;y9;*w-r$pw^_V6W!
z@VPOR?$W$7JX4=xv=ah$s(A@Md_+{d8&d-)%vSFS*o?rvEGD*=*+|bCrS#d}1l(6{
z?G<Dv1zuav)VTG0pF;!xMeFeRML>47Db>9?eonjQtU6C~*VpDrSbO&5Mk=uYL8VMQ
zU8kn@v2#Uq9VWk*l`V@W$Co6V@3#25Tp+9LR2bC|U5wKn^cHT)aK1gU$QDP99-!GP
z550o*1`C_WN7|UFp<9@X0$a4bQ5;5ctxYa@K1l(-JMl^jP>{-D;nlS9Mhdy}%O0w@
z*?L0spc-r9;DWcL<B5`lJXl`<g@r9J!CgA(>n0CaxbhW2k_VeGn#Lx1BTxEq-5_r@
zdjhH7yHvw<+q-4p(U<UcgG{2819B#br8<a5oCso#K?6k1duBx_PJK#Lfks$|_UQ?u
zP1(Hcy2)%MN)=I1#Jlh$B@wR&Y~)>ImBx<74O?`X9$<?gTAT;x1mzqx!H7t4e0|Ve
znU4XQ$_h0JNn75Yc0NI(^YjW5j@7L9pqZbNIyiWEb~L;u>)k-*t%~Nt6&^w?6><i)
zqn0Q0&JFJb%CY&`<W@rnSU&Wo(8D`+F<P#y%?kymLbKv>sJW(#xR#O{4Sx%>SL7Xj
zvPC;MTu+s8-puUKIH@;60FZMzvOWn7J|2ie)7=t*GNo9}c)C!%<Yw(c(#PTNkrCPA
zE5xwCVU>&9${dp5m$RY|4=3wM?v_2IO{)MOj3Y5XY3$RwObR3CXJ<;#9SsGr7N^e3
z#}D5#ah8e_;(E?>2{R}P^+{{!7p=gIun)m0*~GaR^g!^1r)I73@}xwSp37=+tS6ow
zbpp&)3M)1BP~EJT@)hA2H26EjhhCy7H1Nu?vt_p_wjS01n3tlcxlX>(@qQ1&Tbiv(
zEn9gC8CCLBidmS)L1$Ku-A10hwhIetir7%svK1#>YhPmVhf)z*qGl7MlPy;7h$h`$
zD<GgI%wM>gC8F5eJV=XvJj&e^6^7KY*lF4+qB7u$^PVYL6C}yFWP)P3X}Uo1YuPjo
z)`7QAN>$@M&17qFiLE=Q_g=#@#+rh7@J#wKnH&{$Zu#pQ@=%#XI)zl$U7=@W_GW<<
zU%r`LQeA?DY+x%0QdlUB<HN@#S-!i=j^}RR)^M&bdLA{#r6A`+<c;Us2J369eGG&6
zn9QUhH}l5Ni>BM1J5%9R`(0U*)1^{i)ysT#&-%i^^pRW0qwaXEC(U}Pqx59#etDQc
z;LBrYGU?VQ{mvfsgF=xd5}~2mrclcRAoVwg<a*&pGJ(1oVKl8nEqRzIM%D840X-$m
z_Zn^)$pzUvqi)+CW}k`i>uBX-uM59?R60Sm*JgHF6cPF`YDOQ8=wbDyw9r(nQMKV{
zHxKrjn-<Uw`|=hd!Wdaz<&(TRZ+`ojrBvWRJFo%@sUJMus>!W4gz=D~h!)*hBVW_7
z#u1l1Ab<qlcv!R{9yp=emI6&rCG8Dr3?STem)%QyF`VL&&gQT^<6QN4gm<NPsEs0l
zi|nGEX6sQb2euU}J@9^EwcE<EJf`#_O{%?)yfD419FOGet-Qr3cRFy9EZlg*azXI~
zyj7bBal@R{)b-?qbHi;U#@>`8vp>EmnxhfYhiz(@oe`W7<p9y)$>(fkm=yIA^r;#c
zVWxOxN+Oot`WLPU{DrHR<3{Do0_h=7NCQTg0ddFTo3fN1!i$Y-4je;8<*Mvy1BG!X
zMHxoq=eY@@{TO;K%*_3C(FW0HMS#>rE*=@M(clew#o9Vj<s#U^+^m7V2Uv!uealNE
zo%M<y1xSi+1RwY=d0=G_4M)Gp+cG(84HM{68z<^eG;P)zPl`hWeD<y&5>xlJq4@p9
zE5pMwYfAU5$cOpFRH$SdonCA*-JaA7K+&-jNNgM@O(6;^)TnlFBPoDX!}E78di^ZR
zn|)=Fmdr%lLl5I-1)ev&49RCockFYyJjz@F>@3rjh%Df|TJ}({ON{9rK9UC>OxF*`
zj#W;ZM_p^f+-IL%iKTY6T6e!V2!EJeSU3&{B)s_W&JqM39z0xqCVjQT40SN7XF!-i
zmO~shug#Yvbh>%@uEht=-ox6F>LZSJ2=Ygb)&|%rHHp*F0v>Fn1+0oESA1JyFfz~V
z?R!Jh6Jm{qJNj@rThfoIo|B(>B|Opx5<27Mtdw*lD?mjuiN-b#7dm-&Pj$^LA45VO
zzufW(8Br;$@v-wMzT`GNIcK8PCWiN--`x7};9HzBmT^L=zNJT*(t=UjeaiJ5ToA(K
zE!_$rUu>?L;^-*ACP*LT>hJ?-Q-e!%j`v=by(oTZz2XtReE#@BYzT;p?f}7-6Nnhj
zyRLf~^H7u1OZVjqYaoCy>kL^J&fF&{;@IxY9;%3R*MQ`wX(h851{mWHS~14J;g!)m
z^fA8#wW-cgRu{YRPAR>s9$VNqK&69k6R4se>jD5YvHNxE`nvkfu6f`kQbC9-6k=Hm
zOR&m7l%~~lpQzKFf{I|*^bU^cB7WHId-&X-3ME7fjX`D**h)vZ+jwAjr{A1<EX3Gz
zZ2IIC>5JD(-5ugdRn;USaAYlvlt)e5Q5k#?hqH%k*ZBHHB>OUEH>G$CM35<kKK6T|
zB(KD}U>PW|hMdfvik2>n*CzHPIOntHj+)NEF4y<29@v@LrQBw-Ye-Wbn}!jPc$)>k
zD;CjyN)uh_bqFuF0v=bUZ+cxt^ZBYV^}+}>$EI%>-+Q4*>kl^8GMWNZ{sQ)438rz`
z3o7KLo8Tq(wJS3Qd3vSm-YMV%7@*qPbN(uiQ0aIEO=@h-AL(JrXwA!*C~@Ov;|5ox
zoqq9Tm$*jxCFIN66(wzc8&TKxHu<p|WfIk<+e6GUbO#9Sr3Wt4!yZ>fy_eiq1v*H*
zS;K`xu80cSxxjmdYxQj1v8fR}7M#?3Sr&#Q^VInjOQyh4UDx?71zwS{lo@o5iFZM|
zwqNoKk2mp3R1FZ*x9+iA3P>C%O&SfX^kcNDd97J@LA<5a#-}q-59-*R9nsdDAUiy0
z8-1>@L`{*D?4n6r9@C%-qYoi=+9fCEs36WOb$QW8Q*_!dxe-LnMbH+6JhiU?w1gdg
zxP}!x*E2!(FgI>V&X*6y$CJ!bQ^F7iD&1gC=qMpjbEm)!LSGX|9Y<>t32p{0T@+_j
z%!OC238hSv_==?0bKyD+w|5xe8&dLYmJJ?8?^E`wl!WJl*lxvFG1sx(iM8_r8;0FU
z3W)I06zSy~v{49`kpV?~@-DRCHJA9qtEh%%#KC}g@k-bpmqelLk|u@_KW}#(#g@w)
z#MoLF)64)q^sB{a;m8_;11hWypU1Bkz^O|CWJ)kK5wc_j(qotTo&aTGj8X&Zv+R-P
zm^D91fl%XI-`oJzcsGs+3u6MOC`tqF3*|PG7kX_by#<HQ0aT-o5`c+UcRqn7_yRVn
zI1h^tqQS8DbzTN7Z`teh)RS>a7kiHxp8D+a7Iw9jNHz+Xz0zB@sfDM_B2GJMOYgXi
z#bvStVh+onB8alEC{t14HtSn-V85ovX01h;@I->Q=RFI|(>(5KN<`JH^ilE_TLU{N
zSU0fF3+!R8sX$qv&;<+_(RputW)VtC;hFjKu-7=juZecvll_y}Zo8pO<cz5_$Vs4x
zAZMb7ExbK8$d{~cOni$aoZ@YBp19F&qEQ;slTnmp!v4aUq0LfKwKAB{riopcl`gZf
zGkwr-6`^#<LDlQ3-P(5v6&Bf3cavfoIK}Q7Uw}uBY`UDs?syQ=w($#jU}~ZdpCvbt
zr(BUYX3MLmq2weAi_$1AD_9mm_6(w15*ssKn{iEHH1B)bb5k0cFZMKj$9HpsT2#T%
z(>9<ru$@!1?#^YB(L3fW1K$(6lsB$VF78;F%lF`U(A{0fv+7;07*!MwWu-S2P+2Hj
z=5Gtx-5IfOX_L|N*{dzC)lM<P(`(ptQXNq;IefA8GN50e<meM2w*|fHRUYRXFIdpZ
ziMc#G+iJ8P+j*#Amc@?QY$R_<z~^y9yxV!iR~H6qIT%eMWHPo(ix}5%%mJ;mGid-#
zRs!xLmPYi9B9*f-866CdpGqs9hvyUMigG#$QF1mwO@=i(S6YM@e$$;$u9tX0gLY36
ztXb>rh=DyHdN}vWp`eKrcjA!~jU$GEK#a924?*2XnDDE2r#RaCO1m$Jx3lDCVxVBQ
zfSFfmLZC}i-Rsz(<;8<yzT@jCp0<FuVRaNO&z?BVj71~Lsm{am7h_fP*umumkmSC}
zcQ>MDjtYx@em!++%=~beIuAvFd_#K?LeE9lLB{w=7ETJ0fivPavHnFYq1pi<dbbkr
z+kn7Sw$7=Y5JgNOyoFI-7xY7I2hXA~Ba!f23U!AxdkU5oe%7zA*I`I-Yg^p~P%g60
zHnVbBE&QCiBuHna=^b;viwk*Nuk{$D<S93ur`NP}a<p;Oj`wmUyN7{Nt}}6`&a9kB
z!!l*a;8IYh@D*!1Uv>1j9SwA>G5hQTez`<9Lll1@%gFptCKoUL5@H#5G|K48ua#5j
z9N*iD<{EjUoz{;{fIV+<pxVsUXbfcsutgr#i|6h&Q`0>B=Emu2Rut0VQ4G8+IUc1a
zzAE!{a~Xo&VI5(BNGQ^SB|B=JL^|8RuldPCNHaz!A+gFDgLSU;1c>NVHQ~l5Z2A}u
z`8hosYa;81Pu@H?U$sORb@f)2KHyl?%c4t7dZ-}JkoxU9xG4p}wIkQN_w>#?oVAM|
z6S4RizwCbD7eu?srcSSWBeRlyP@+X@diCkh!$Uugjxw;|tHY`0GaR=HwCxzo5n)MY
zLkV(!qwfOy@@$nI<eV6B4W&x4Cv@{D^E8PX*#fRjAHrqdYq~P8$MgD5pz7UA3?fVP
z3|vc{*YkXY9D9;_Yu|fqd&l#{TEsmNVq~FAi49v+7Bfe{Ukp(AW|7g`;*G&tdsnvt
zh8`<N(85Qe;JmWcz}-qz;IJpu&mYA-!1D{cJ4zcTj-|cM2X$uY`6~25m*mMtK7QyG
zyl6E}>^oVrb<@xGu_=o1<9Sq;79i%zZk6=NT$=)F#sacQqy_=@a=BLGQVZ3%Rd9VP
zZYZa@PHHuO!SneQh@@T;)gj|0%j%pfg~Y|NWnj%3N?xi!gxEU-rT5<54nH^O?aO3(
zH$;f%^gL=D4i4TczC;RTW_Q*V$)!rx{2@WqL_Q{o^*zTv{hVXD>=LT6nKw8J#}sWI
z78^m=TBlg+B_BiZ{Hm(9&ttolPeXkfl;;fQ{AsccwBdVCOMtwd#Dk&Ovb2koyvUJ0
zW;B+{?Wh9e-o2A#tdz!HaJj8;sI2I-I70D-w`Z$wDf;=Cqo(ul87`c#mt8+paLIk1
zpl}!Ev;Fh}b7HF@rL^DkuJTirn8%dFPrdIiW<w;5gL>Y>^k~30iWcy2CKEgZE}f($
z&8lR{_R+3w;Q?*JJob`jw0jE4lFsEkERC)qWN>{Ac5gdm0g~=E09QJ8-{dF&*~^2m
zcej0c$k?y+-Micj(DwpuNx{W>uz3f=uZB(DIwcd5-_Kj+l4MBLMWt7c4qWpNO^GDD
z?!|SAjkgahEp4+T@8L@-Eyx~Sb@NK8+#L(uSC7M=OOCC(m~MhEvTJy)v(y`7f6uV^
zT}C|_b4dX5O6P+18%HFHC({tFv7j<+6GCqDepKstb$Xo)Pv@(h!pt$)d?ne#-qJv~
z^Pt#38-b@$Vly-h*N>Ul1+dDTW|{y+Lx~zMd_CSd!5{}JUo@*UV@CL0iDF-m)!RpQ
z=Ao!hF=!OUCmqtlP2Ow3rkUpuNR8Qt{2r9c#_I(+qUSl#m>>~S`Y@}buht+tMP(zg
zXP9{2`ONK1!@PM<p)=6x!5E>YOCnd{Tc4yL@)gVN!vHOCZX<eHfukDvkPa}p%-ou1
zdzVjNCz+l;Q{5R_RuSn(KJr`~*Y#-M7@tT`BcQ%eaM}UQIiHJ7c_j-C1lcB~Pt(b}
z^R7Wz#ZtwNc$E-r%qXvjQ+DPilQ)kl;xXo3CaNGHEXwKeGNxMNCLv&*q+)a6NV<zz
z<K?S`gavbKd6jWd<uWPJGH|abvmYKyM<@9U@=s=&znI-*SbtsU^^%wxw_Cdh%3NOZ
zi^-xEjlS0D=ZSIB0oiq?xfh$ynC@N)@7X-vvR=N!j;vRW7=5R;@fzL|xcPfe8nPUp
z)k-1swCdeEkHng3P2Bxm6L8lW1!zDOg`^u*?7OAjjn!6b#wp($8`sx|aL#b6=xgzG
z@=d37>Rh~c#HS%#2@aS@!96~<s&jeUe?hzE$ZOt54n00lWc3i)^aw}MCF`Eu+>#3-
zzwO5)hcw;YaG4=RtLNM6%_xe*9dmV;W=g!0oFVcKQB9n=UmmQZ_FnhfO@1)e_Mi`+
z+-W{uVOoJBxvr^u34-^c3&@Y4eDqw1uxxr3U~E~+TqyLpfM?Nam5;laP^Weni>#t3
zH{E5cuXs?+&Q;EJy90U#l|(q0_}eJ29Hj>u?6*So!us5YV3@(f!DOEr-$1a&;7wK0
z6EMLeT=rVyqXJ$_WGB}fk_?EDk_<7_QOgq5GJnCwI_dmK%U|EI(>cvWdDq;Vpa>c`
z5Hgu(dGC6-mk=}9VRDS6w5!=XIshe?-eA8Z8BpuUI9o-`0VyBmV8~ITX153AWFF}+
z^5PBH6C>%`jcKNb>t?TXavq{N$OGg<WWpTC>bggTtIt&fO=86NY$<iAsvEInm3qgc
zxi(C0(l~45h0NW=dLvK@GR1o&G{FU=dS|8^L>w;njym+Lb_ZUiJ5~f+xYBvqT!!XC
z(NKn+*+b>UVtWa#hTGkn%F}B1QeG0SU|Dcpvpme@WAyMPfp$=$MS4YcNxo$VHe7tG
zZ%kbEYQ`Rva0Z2G*a_nmQ-E_0ziEx`wb$BcB(K>q0Vv0I5pTgvgp;dSvXeK)%iGr(
z%vBo@%Q*T?<uhsu)l6uD<JYbYxM^G~b@vIa&=<5QHd3}MV5d5fq{gQ6o<CfxGWFpB
z?tc7y66pdENZ+Ph=hZBU#T1>E_yyufypglG0=az>y6@8Aj?NSZ3swvqK%^19<*mG)
z(gz}>IMz{AFKPm^`;icI)zl<4-?)oT^)A}OM@edd;gjbNz%oi&P!MxDOtmd2DTLs;
zGxOHol9TAwd&8u_FS^oR23za`w7$Qn6*x8Tr7&pcO~k3mdlB*^HE1q`)E+~=U_~{B
zN~g+kl?#G+G`%VVhftD-^~}$-YC(FueNk78V1?|FUfnZEIq<v_ZWdv30&#uX8l`~n
z9yHEgCDEZt)h$0R<p)jNpa+jnD_dd^^d(RIlFJX3?x{bQ7Vwwx(pKXEL}kIf@gvS+
zxi<tG;xxE1kSFGK?HvgRkwMF2s{FQ+bq%x7?1Al6(KIW*m>r?ZL6%5HMBa5jelatk
ztN;wO^vs`FSaGe|UT<GE`NX~R@@}(-Yz!cz1QgB<-PEm$nnQcCaE&Su&*)-r^^Ix|
zV=Lym2RS2xaLB6(aeONT3zStQRL#+Q5q%KVul-Hm_R;CFsc(0;>kAV~a(UR04A05A
z(YPLmxeFA~vWz)G^KB9FzFBCGUX22s+l^kzTF)zjSPBfzE^Q&*Yz`R75cH9>#m2Ng
zd)z@{F{pIpN?Qv?v^2f)=5C!+C|RPSaUj(!84C_GSh6H+Yh0M~rZ6w88}|X(Ho46y
zZQ?p^U>`q{A)uKorG;39;LCbsJ$*}+dZy5HXJZkR?@CP??98U5ax_4+YF-K?B=MYb
z+RN(K`x*})uC2D|!4-j>j!p@;50W3Xml`|)1sW?zA(Y2L-9fv2=yEIu46?#qA<Aar
z`LLWHZ}r}E9YFGPu@pZQ&^|BAynDs<Nv*;cwf?jom!PoeDZX1~OJ3-AulxuCA=@Kg
zn1M)#!qCW28P#}p8%hQ|d4%O^@RAW{7Fcz}Q^GXVC{rOv+{)Q;ma9^P5|za)%tHXT
z<&7{@06XD5DyTshDd1&izc}yP*cuPS+7NS0lNiehBThr0sTET*Eo*&L{i32|F+gmI
zRD@C@xN)jpNt+uc;)y&1L||_D6Wex$p0`2t7Q2FR@xjFz_A}jm8RaqgUbNx_+)=R)
z9=TkzCzp;}V?=n&>$_gQan^|2=hD^*=)?E$0G5$Z87Us6zh}XD1cr|``9XmZ;O>}n
z(^XywXoy|K*`ja7O@ST=GDdaVsAW&Z%Q$nPm?(M7xv%-U@0vlMfU_-;*AjHRA~J<a
zeqqLf^^Bo5_7(YS*O2G~rP3Iw?tD@yPiYT|wr_HYq;EHy?JW~*VwQEn8$M2_(|&Y!
z&d-p_oK3Tvb-CP+9QG;FNG{z}@HOd3GdNPghM3Jn$PJ&6)1pH^OQ2C?xOU$<2_t(k
z5_tG>vpo2SVTWrU#ANclf~AqC_h!$nQeL{F1((C#?zu?K6CmA<aSrML0`G^9+<VqA
z5)rFv`c;W$68a7ntFA7fkx$YKfpbDYy@xL~RAu<pQ7eW!55f8yC7|p&mpa!W!$f`W
z9zCN1wOSD|=x%CLfP&sseDAK!t&HEjp~ou9Nh9IFF+ms2sNnXpZQ&um>X$7~byu5}
zut_o-7jk*;G@s-Q(M!b{V3v4F(cq-;oUM+^4lEf_rm@}f;LL?Z-xm5^`V#L#EJfJ!
zyWzvN0F3M9WpOIdw~hCdnF?Ia>8>J%A&O6f(ziA;`$#+<C;{KXq58AOrZ1lPb7LX7
za`2`KIJ}mzeCi#LS(eMXgtuAjqiQMnjjexS+im8Y97t(dlJk@xvnVRvz^vzW`O~L4
z9rvb#PjKgium~0R5c~)elEOtS92-_%ul5d0&6!i<9svwRWjW3$D~M|-?_^nTP1Ux^
zjRgrPoJ~@>yrKdRaleG~M%`8pFXR@P-hEHHUIvbaFVBmY<?EXbPI8{JwYwNP$4DRz
zh-$p@n6xul-uWzcm00|UH^$-Czqk#{+Y#KfUL63Zggs*FXE#bZrD&7e(4hvV<EwAk
z6{lV<KJdfX<BEeaV$Fmlku`Zz(gyVyYf&~?p7r1XJ!!aDg(g&QD&U)XGj7NV3sr~v
zFx~(!8ZIPpZLbPi7jQxWK@Kn-xjO7H?E(%bNIwrMP~i?m<0pYe1j5|~Ci)mlSot}c
z1JzrQF&M*rFP7a1bo;TXoHPtQR(t{mCotsYc@wxv>wXnejTw(_x6JYI-O2*n+3`C;
zR<0QG-txkzdwlR3I|irC(r?+M9tR1o<w6b`HeNfHE1jLa2Xt2K@7Ycp&5M>WmliP!
ziqz!`Hhol#+r_(4EvwO0#=0a(;W{trwH=FGtsHt_8v@qN%e3b$?Oct)CT~Iw%kS;3
z<dYYnDDn&m4d1lO&|63=wi20jYDb7ET<8pKHoT|$&{u9k4M$l$pVn%yJ~<WQ7?p~w
zNL@{Niu>dV^pJS@46@`a_2~`(wO50Q?`fdEm6CbYLhKx8uhkE*t-ahkl;2|<B3XQs
zoh+?1QKIpd78vziC<~`hapft`Em6GX=PQUVoDu2-5|smw4e9c2#B(O*^Ot+Z73%Es
zo_8O=r~-Q;gwHnMnHr*nMAA58qS&$eN|+D{N;SVi!XmNKaC$r#<j{PKTdv|x%UM?}
zhI3ss+ma9ZY;;}iykx;0Cg;v4-!po!-?Odh7q_M_iWTpU42oDJ8wc}x%_*33Q#QbD
zi}S@+XqEJ<%!76Hb|Ia|z!wa%7Hd|QEqCQnhapx%Z_(y4jy-z)fHn>MxzUWQ8;AyH
z&*amQ#PX2LMBPqB;C51XdDLFFXaObDal9?JA(cDN7Khww4S^pXuB`7ONHx>WvoS7Q
zk#MfVhPc(lOMH8;LN7OWG$}Cz5()pFZ!taOskm_(96ew+FMN+H6JpQ96BO(o@neKN
z;6hI4fW~-<eofbq2P(3J5u)icuMI>d0Uk>iBjyFFbwy2<$BRKxQMN4-EMo~^LFXzE
zxMu*prR0Lh0@03YbB#pxUeB8|#e0@d?4`*`qh``Gtw#n)Dnzb<V)^Pwo997B<5=+;
z2VBRsB=2UwhY?z+Vw`0CNF@gHgcerdpo#D?RozlHFpHE*lp}Y!`&4zn^h=MpX?dRO
z>$gi+;Bqx(;SXLAIA5YECWm4G`pMR9KdeQUgJ3!Ci<2bGY@B(A_u48hK|q6)PoMfO
z&#NWQ8SRxa*hfBh3l99mtzQtn8P!w|xXTgOi^A6jKFjQn$$Wt)=>lg#NNgdmnM*38
z?ohh*Z1;h(lL61dl|#kLS(Rr`yhvz3p!V1+l2|)UMyYp$fQ%}d3-sp2P5R{UV7~&)
zZW#fih+&=?cszs-w0POEKxu6~1#rsOX2D7F3Tqme`U#_ME9ZMbHx<I8uV$gK#umJ<
zRit`=mQ0@QDqgN~1G;tRG_YLYy}CjZKO)X_Qx8W)JA!tPd;ujP?)y}gz3Qc_Lp^?&
zJRqUhQgR{9=v?;{%aXcwi-~W*GrS&AKRbh$_AcExSo`=v@_~944yuPw`b8CR!^?UH
z>iKlD_bn0G+6GmjM`3azckqKf@%IQhmG*nS_3s5)so=X-tOtFS;=^O>aKVEt9uUxn
z<4`z9s}AndiohXJ2_ybSTsFi!3vwI!o;Eu_*%I1`EUxOcl&n>Y4$GyfeX`z-!&0C#
z`T7`LRa&fTm#d2Hk~`1*cvnSlo1WeBZdG0q=;9vLz%J(+*1$&5318r3&f#s{7(9B8
zqfg7;o32-9dWF37@(xdZ=S}sQbW}v^k^Vj7UMo^O$@CX!QA4Wsgg7^=B`#HS_zVL<
zoph8&bQcIPREAZ;&4L`<1}uVoxZd4rmq-;Mtphn&LdEo2YbSMr^%Dzz9{4LU%_Omx
z-|xhFy}q*y+o}+grwd3H*zy*k008!0`5Xo~<=Z@IXec3e)Kaao0`JmNA+Uk5cIHQU
z2q{8yOmbax87fA;M-|3b5}>kMg&>A8B#%>^pQzv%zYe^_kVhhCW_@}=^Bzl9<RRAH
z%W8mY)@j~N5V1Kc^>-`Y`P}Ux60xYcL)(?y%}5c~E8kUJeU}gfG!Nf1^=wLx_d4jI
z#HipXss$z{)okFVJbSvS#R*}xYjCg^{AP$1o%eDR&?{z_nlGo~t!2DrAbTb8T-j0+
zVIC$t;n@aHc=4=bCEM_Xrr-ol2UJm`;jQ~)(>+1juBAbU5kN_-Q-w`u;-{dH-T7#p
zRgu<jEMoTpd2yE@UKQ;F6074!Ba`WQZc0*M{aPQHsUNsn9+boMhPwML8NsUr)0OfH
z$S%R5TxKdJ9#z5hDyye8X3!5LIuAWEwcEwyP)nQ`ub_;D7d(RF=4E<4wuLkuYN-`Y
zg^5Y7H4hcN9;=b83K!hAGRomvc@slphMS1WoRM1!iepUiT(t|4#$)4ELQes`fK1hs
z-sTGx+z0BWSAqcNo2xlpS8mnI?}a~8AL{QJH@;V85<JFrGPBG~D#HytIbno%Zy$G^
z5>4J?yhW{0et6nEhi3}&_$YKMY{Ewra)exOo2M6z_y|h)#^wZv>+o65sAxL~>lM}s
z>L~3xRb~VQ!X9^{m%+Vr4JXs<E9Ql5VQuOcedD`<@c1qsJP<D?Ayzuqc6wVVb?mrW
z7Tqs_2wg(zsrY(5drmb1?3+7s1JuugdF|C-=*q*<0<FD+JZI~=$IgS(LPcv9F|Vbc
zbCI~X!mBkbXt8Xtm+wJ2YSpfzGNLkZw&eLrF|V6!q}~a)@G?B;6C@N78hJNIe5r3k
zBw)A@({&$6W(lRz*?B45zNa$uqU4n@<n-eQZ{%+FNg0qc4@kXk2YxEm&)f8Z4)+{Y
z;o8?L<;k}E^4DCjmpaaH^2`|2Byk%RBRxbb1LsxX5Ti8@3g#X43A;nVS$Xf%<VV-c
z_241hhNIP5$bq%55GMMI_X`6NSX7|gYW8BhvXcn%q;pY_A+fuDmxZR(mD#H%xA>rk
zuLJOTt~_|}(UiRg<zR{C^Mz)nz)Z!hHxf>3wm5^EPg$EpY?Y?*#q)KLNy~*Es<+p7
zy1I(#M;32`RV5Q2i?Td&YMZj{K5L;GsUA#AAGmEu8I5VfEA#a`@U|Rdf`(3^c33i=
zs8)LNaG%L7BR?$$rM)&nVHK07FR%iKUvJx96h;Lg`YQuh-K1tl1;TtU%E^YFl0Jtq
z%Jh7rTEmMNMMJ`yOnO)h-J(1N3bKG=_5y4sl-bY_*0vr$Y3;TUtkoPQuw!5sjdx<(
z#W-rl=?u#uoj5(Uc!+e0=ZjAciRB6cBxZ6MNWhiaqV`(&Q3;fnC-;H_=R-0LtGV|c
z&g+~_9F{mySvbnZ_vkSyoFk&C&cpO*<tON9xt#9{T>|(*m-`aQJm3N8sou^oK4THD
z#S)i+*U}=B9sCsM$aT2pMO&A{vz=F@R$%>Dm6SOKx}{)-`iSssxgT>R*G7cP(8#LQ
z9R<B7HnUlh)y0Z&FJFok^#yqX(H5DSw)Q!QdI0cs@-S{{(?GI$v?<70l|P?xfAw<S
zDv+(2R39n1Ba=f!+uel}azn@_K3J%T=P65cEu;b`fq${fCwf$wGgL}^s{9(KN_IjH
z<Z3_!`mHzx8`<O9R}9KR(fy|Dox8Tmfw8=pcUbrcg+%i>gv|MJ<^UF*32}<H>3Pc5
ztjOf0f)?cIAh-pdJ|uLN(gEdOq-EBIGK_T5LS>ugN_>heAQSa6kkRDXLLtI{s|h@k
zY)=g3@_brZft88KIK8ffYKgl%nShg8Z`)1sLZ6a)PlU{b!(1twHdNP)^8;4O6s@aG
z4SX=ePZ^fpO!GvsMhaodd(#=~iDCGlUxvVY@ixTMtfww6-gRmalD`h!ecrYk)OKKw
zxuMkR2?ofct@QG}=ZT3ys6mqaC?gElPM>N{8Q@;?Fas~p91C5fR^;}gXDYU6XOTED
z#PS+rK`&bCojdM3fjD`3e(Ff-YnYq*Oik@%IOZO`XcaTTh*EFo=P@{(Oqz`_Ou%}h
zxeGMBaO{<|*W2e0A6QU?I^ZgoqlFQ2(oRYdg^EDp+vjVO_w?c@tvniMAVVZzsmvIq
zUp}eWEsxrW_udo15%MRuPbYBb2;`LX8eTVFJlExMl+*G;@{Gop$M9U`dET(23hcS-
zyqU5BGa{j~w{gs4PShR2BDaX%ItcJ?iSGfIztuKn3?V!0ZCU9QI}1b+9u$-W(iM9X
z!*z0J@{~<-kZa00p!dmJ+_^4zKGozH!#np#M*FeFQNIFOwQqL)i`{vv(iPN~7OHfb
z$MHr(6Ri6lW#)A69q8IypE$jMAc$2pl+g`yb8n8l3UDhl*uIzPIy5|(pppxF?LmA`
zWz@7@S1i?bpx=ZJ6u;T^XJj22uTHd+idG`0(nUjsH5~=it}V^sg;ER$`=Hob!8qw)
zov$N3t1Nqj59ub8M+lAi!hK3_4p=w_ZaQDQ(HCtLd4{^tUX|>B!Fwn#?~KFy=^NlX
zuPqGR7wkf1al-1jKJX5>9#+FM1gh)dwK0f%Zt2lBgT&W>K_#wdIc6gLG<{^QOJ`g}
z4JjNz_nyU2R}E6PGzhvHTE1|R;KR7$Y^7Fvy{+?%5t$6OAFVe8Yd?6Lo88yX%UH(5
zEzp@Fq;?7-+03g)fHM^PW*>nYd5I0NW>rT_>!YL>nkn@-Z20hkuc!l35>Ifh?=mYD
zp^dE<VP%i9JF?(Cf9>Vd_5^Kt9$gxu*PTS9zl&#2{EWehH`xqFT7VzobZ<41Qn50l
zY$xqgrB0jczI~2jhf+_~i3m@n^i<r;NWrKgA2a~@)Z8GqInzX_n3?x`kwWablQ@@N
zu_Ia*hhSZAHDE;ZO^-~$Yqn(_istuf(}M?}E54WJ>s$VsR;y`E;&s1V9%`sbu~%KF
zYt3wr@)_Lh%j0Pl8laz4wQ%yn5odO(^D-vSgizzQopzh=3B;pk2RqoQy-JBhnAdIq
z1O=UhG4NKhZ;vEsP6G8d!%%pY*d?FuCC?GOT?a2D4Fcs>h@;qq)=&_QMIa=~Hr|Mg
zpnKMs5RegMvsn@T;4K@wEd_!pq>cioy*3|J!k04C<Q*vFkD+Mv8RiS@_a59_ra{Xf
zL=prF4Poi)Q`C+&SHivO69VN)@Cguvt*Z&KB?ozX17&{XlLI7ag!BzB>KDAu)Ghu5
zSY9a6*cq<vL)Vv7?$V+Ol}c0Gl<(*UX)RP?+6bhRB4HZRZHlLrcG;3~>S@JHJ&IS6
z&6T+}C#`D)xM*i+S)z;7Ic!?Xq2M_*0uN$s*oVev`BFUl^=;nnvNvSxwmXOK+iSrS
zo(C{aJ~Q1F0|hz*gh|mST~Z{Vfl^zZh!I|1?z(VMmJS;>foTIs1{Z0D_7}awjL(OJ
zF>ZRRjNd~ZQk$1W{-Wmr?G)%N>}^T;v%?tcuJyzt3L<`X&07*!MQ@iR51<;W-nAaT
z5#o_@X3I;q2~}n|B^Z`|y;kgW-DB#@Pjh#rNjCbp-;E;&M=2IV3U|7ilT=cQtoB<o
zzmuLFeysAKs(esg@;!i!5DF~NT#($#eNX#Y)~pM!7&@dyoz$|Pwp$e9U8>kKv}{z*
zM(w()lV&}~<gG<MNVwefff!fiA?-(IghR3-sHO?PLCm!8>@AnE2fsr1owo={)WVHg
z)8<)t=_xQetXm*94OhUv$yd9)l9(zFAG%1wo1*J}aT-3zLw*ze6dj$^mWZ-C-M8S8
z9;?wbK9D>xS|}4Wme5pG2AqqOH_RjNQYg}zyw^t3u*2NJNJcQl6IAdiJf41IpodS{
zQ$34Sf5{jbxP&|A!THs%nd>FKA$!iAuS&$Lx+LNO7<t)s>n&<aYOq&9++aDnRIBT2
zoH)5VJ4mOUJLm=8J^&WC9HG3~QC?mMu2+qc?@SPtAjGdPQ)69YT_(?F`c8XOs8Jv8
zD5JL%J%`(y+C~xyM5kDDxQNM&*5fgX3_S8ZoHy435{42_^%=rBRfSyNVBJW+t_#$>
zsj)7Pt6Ommr-3S4^MQw3`w$dV#Li#3T_G5h`U{R&o~N)hPZf*>+6b~djZQx4CH|sU
zn+p;QL+q^>v8&>S-_|}-F}z6ZbbRylxjf7zFLs5a*DqgsHZ}>s<5Y#EF<jJn+0Av)
zODL^}QrK{9Yc_AlP;6Bvqjx(<{QRgc7N|Hop2eHdrPv3yvrj`3=Ja(<!?o&_892Tz
z<mjXf)Ih9V4xnahbD-5&2DyC=+*=|<7L+3JE}h~GjEsm>3D26{(=@zcG%`i8Htw1K
zi7&hzdl9SGOq{392W}|E5S7C8tgpJc$dV?^5fA(F{MHlKsEj%q`WNi+n3z|r?6#9H
zo9#_Mk|j2~8{~U7$+`MGsgM`pEoH~j1*g|?6!{b*^U|KD+GC_5<Xr)}60~Lqq(>gJ
zOd|YJFc7NimC!~(%8^v20pyzna~iH<h<LtMlTncm2Xj_K43`i6$y$0e<2_N(iW{2|
zd<4+1Co`c)N{cEtBg*1A%zH_w=5==CP*jGz9=wW=a798{fbG;JjF__&@hUYe!9pK1
zQYkNG%iE?0F0t+U0E&f~UR0gCi1!S89s0XNAl0XdNnV0vz^$+j(pk26E|06X3Ws5{
z$}8N>s`F*|Gdb!9;_&oYnXK8~&7?&H9!Q*q1p><(+HmbyWr0*gsdN(1XG%o3qLZw8
z>BeASh<XA?7KoKVp8DQCNIriezNgBiuhav|RF~CFQnTnbPr0AC<-6xbgBI(gL+h<z
zaVXKA!uPbx41i=!$v2)BRqp`Sd$IU-=Lq`%%lz3xH>o;|AhL>dTbbd#e2V2-yNKZ>
ztfYe=cOXUa9(dZM#|uA!vZn)#`0n|>Er(Zmpa&d7V2h>uIxz4>rDpJ6m~x=tBP&vl
zvs~<TAExeIuyN9Q9Q?Xvh@lAvoL}H3+{?DP6f>&pH}j17HL^No7Zj4UYLoLl#*xbD
z>*x51@1rk#1<R(&dg*S9$uh9}RtWuu;bNg|iA{94*?L426u@hmY)}~>-V4y1xCg&%
zu{!|KfFp`Lro4BhJ@V8j%dVtezUo@GTD*BlWZt=+a--PD@14yPP?H%#hi9yv(<#RI
z-~b5#h+7{+7Iage@ew^%jeEQS5PP&0?DR&d9x~W*CF^10ZZj(5I**x=mBbord8%RU
z#nS_+bpn&P{EJ^{a)eha)a2r^t>v5Yw%9Z>1N+L;PuwJx0BiZ+T}NVP`ifH`-nDkz
za96&QeMcx9g4}h^2BJQfw7o=(j^!###ODXrnVjH()2Xn#W8F9OQpp~AP~zUB5foIZ
zZg!Ul%Nh5R7(n8Zx5#RC-h6jqu@T{Ex|R<Z=Uu^W+zR=Cw*xzt@7pp%k4%bH<}lJY
zcMqOAL&hUS6MVGY%_~~B20fJ71fH7U;mO8qkP?cIcu}1&&GVY%rmPRunL=9NX@|@R
zv3U*MByrk%*S6qw*Xi`!9@%PC={sN3D5lqwm!V>hOI4dafVt@@ngrK_$SXQhs;y(T
zbUVg<P8>#eH*uUWpv5)4#)R}*udQ6-#f+an%Q}jH*4caEb5zXBu&+r{CzivlutuL=
zlW7+K0EF~0W97Rf<HHNddW5r)l2Ltx!5o{#8@O`=;%c0{-Yw@1{xCFVq0t6*JABUl
zDaIwvS@6+7JfpNdf+|oZLz2=4=h$+f=PuGSud}&1)D>_*-q?nbx#V5w2>Z**7?FJ%
zq9S+e7DINYeS7f8O?lkTTu-Zwdl-tn1!|DVt5-5Zlg&1P%3#pmdv|Dhv<9VHR<kuV
zU;>Q1a*wKo@SfwLlM(Xqh_NPvh=cNQtg!P4Gt(I(*OAPy20D%qvr?A5ig}nuF?9tx
z35s%c%i$UmKA-$DeDUi~A|~F6D6SLM045tf*J`@sy&BFPg%KxQ=gc)82ScE6gp(!L
z^Fvd?9<oWW!YzJIXTm+$A*62pav+G{M1Y*(84L&478(*0!D(J^;I=262tB+|A%1VA
z_pwJAnW6S^Zlz6667*1HM!Ez6lDrG{ncx?am9fu-YH$>0(sE@QSc?2j0_b8_j=yev
z6qFBTN<`iRX(gY5KxCD$zW|0ze2TiU3(fuHmMRDlz15JVoW)nsf*-CU%cN5z?TwWC
z!vZyiVE-l5RmyubG~}wNusIj63y_7OoayB1Z8A)sHR>IO6p<mJoIJIg&3KJg@}SwM
zlmMPm*7-Qza|V09n~0%!MoNwPPAXS!hjy4Up7vs5pv}=!m^q&9$z@p-A_ll;Bcg6S
z?{TqRd5N%cmh}KTK*YbD$;LGF3XVeYtEOS~!x^b#kJ5m)>Fd)qd4Nq^DUX58UffF1
zx;{g&?p~}nv|J6(GE2DL`P_<Ch(l*R&+xY`vw_Ze;xX~!%1(FMT`gd+liM85iJ$G>
zlHxAgGhx}XXK@En${bJ6x5G>}4$%`sd~I3Xnn0L%IUhE7rDL2rnF{X?vEXSEF`Z*(
zy^P$sG~{P1+2mf89RgBd`+%ya5aOm|sZ1U}%2ol&cX_cbTsMimFG3U<p_H2M{3eJJ
z>ng$UvG2rT5!0L*Ri$d0HZ*n-ME9AKgWy5BR0<D5@f3{VK1;K#89~^@JD_c&O06wn
zp*PEcYIT4TJkT6K(3|EE)$Ng5+ZU;=A`^oL+SG+ZgM#E&+jRZhr(fjGssKd@+Y@qO
zeM{<0q={e#PaH)%`~h4VTrD*LOf`(cJq)g1!s?`#sUke00<T5ahm(s~AA9=b>J6em
zm#V%-eDx0H*5@2lJL+Cobk&>c<d^&nuzvwewNWRe9V2NnqB4WHr?0|dKwTx;4oDlk
zHaQO!$0b>59F_$bHt-l#8jPD?wkke{hnU{ABhl^4&4RuTJ=Eq|*jcAqcm6i(r312y
zzyo^-Au#Ybm0UYs;`Vw_tUi~PeO0>YX$@C8`X22gSi^4KVx^>1TB=*{gYKMot5`cF
zGf?K5MxLdr2eu%lgB~4J7gq$+$&pR-LUh=k%hF#2FIi!~O0sG8BdAc2=DS-sMYs!y
zVy7W|{kS*|t_wJW?4YoDs5MJFs#@2kH1up4FVRf~JXMx(fF;mixjIDFRzfoY+fN9|
z*2UFr<sF&^=3rs&S=E{hgyJK|zR-2ui{}DaOlB!uEVEDbWq_7Q^%e<vigfCtLGa4J
z=(|V3<8?eolR`|PeZ9G@hoCR5E`#a;BsN#tQg51WbK7mm!?g(lsV!bAx!p(I;EoK~
zVlUk*V<<{aQaTTq3)13Yje>x^!We;b8Yjx0!&Eiys?>IWN|k3C$3!sp@ZS2=8dxC>
zGl8$NCNtg|69sJCnLlGLI8n0R#R{C|hjY_oxzjzhz`Hp*t$VT20{HOuS*d~ToF@?0
zo2V{0rL6bx__afE+?$acw*KWVsaR4FZu^PX5Mt5QftF5hIpxEE8ptAV>%6{7=0^zB
z`9O^T<-JiJ=IQm+M@_)p+3H2?2RA*!we<k@QK#v_V|>L7Sjk4{`ozo?+Ji`F>Y*8L
z?P#4d`W_^bfL9etF;2tLuA~P9N>0(h>5}gd*shn#Q$Q)xmkNm)+7T?d#fqx<61MV{
zTLWF;Bwl2q#vZ41PpGXU*7+MU@^Y_|K1#W51p<85s=mudxVbuH5(mOrC=wUMxJ#wd
z_cQ~{2-2o|RpjzYRvvH8qhw>rV5`*TA|Qqtyk__$SoDkFPSbgbBq8Z&>ZE7@>g;MF
zZ1dJnpotJJ@&dGBtyiF!70~t8fW<P_E!N_O2UFeKARpUPY-g*48O;=mr<><1o>)sK
zjcve7fUNUWbL+Xh+KJhyy$#XG_RP&^8CQlc5);!#+SnB&efEmNTw`lz3`bE?Ch2kL
zATDB76_OT#UP79M?b<A&g)1NpJf-P9Gika-mYmd@#O`{eb;|q~!Ufl|+4yoiUpGgE
zE>2vA_OgoaWw*WHS&U3e^6r{_)`tW*o94w$hh+1@vSg>gQ$WtB4N6hXbHQ=(#hK#N
zh%wGV&j62P07^rugvr_z#6(0~nLXmCx<^!{@5oFq()=aq>wPHx23+A@1*R&&L&{Eg
zn@#<^QmLck5(*TO&%5DzIv0nLAHAbdj`WRl@GGFH3(`rtdD_a`-M|5{^uUK2o?3#&
zjPlal+>WJWFb<V-OKEC^=<suX9c71{piki`GrK`y#iOX_<dO)&iGWeMfK%A2`C>1M
zV4GJ^9QK5D-K8QL_HAO15uaC|=->bhX1?-?Vz*FUv-cj<J7+PQwBC3w^DO-Y9*cU|
zd9BZ7q{1M@%JW?4q|>T%!NV2pd57%EyHJRcSlNt@t!i7P&B|G(sb!>&Cf){2L}06@
zw9C(T^pe#Wyc2lYTiz46LL{g47{+|ER}b5v(5sG@ym!US!Yhn4$$(hy$z{r$B$=*Q
zW=Urn=Ql}s7<Nxbi{JX|r)WjlL7DMP!$!nIln1W3iNwW9drvn<594JHi=~{L?Ty{I
z7iK>$fMauSPT^qVbRmYf*H<Vw!Pvo3%ZP$$_+W(X!70k>^T{QCn^~sp3FO@alEMVS
zt6FbFz{VWW>@hlwspy!gSyC$k!?fj!ItF_*41(6LQY{?7N`j~_zvp1(FNDvuT&C5S
z5J*OO<3Z@)7*bi~*%bg9>H*DrMX1o!?$i%q4_}IDVbeU=^E2P`p<@*QLx{|Ycg9_@
zHdcGqApz@ouSl&u8fA)}<MU?m_d2|rlMT}x$ms2H8*{q6K8J)RQJ>)*@uUuAcF<!&
z;NF#|<SR92rLUmg^Nol5u-uxskhOJyK|w^VcTYlLE*6NoSYx=&?YJvn3v*(2;Dy{@
z3|nd4P&jr|s74~ekjI1W7nNc*q_vz*#1S_#Pupry$fuI=C>0tG{ZZz^PWN*z5h1`=
zi?-N~{YbkP?@snn5r<3C5)u{|1yBuLYcB|!X4lb>VIX-H_LGaZ=R^T1DohE?MIlMr
zF3XkY<-+W!2bIkxZy2Pb7btHR>LHbEdk#{9)x1Ho<7&&>(}kd+*EY;@UW8K;9jWUW
zd67387+E5)n5qn+HWWH<?oGIru2P>lrb;Cvn&p&2S*O1fYq{IR!3nL4EehoBv4=|O
zrC2V6IDn8>p0~5U8Ortw95#H*k`4garEYa`ZFOm;F#y-B6{cRQG@Yziu2DfJSC%eq
zGn~@Bx2|%)5`L<;$nfG8Ud!CGco>Y28S<eyHQh1<6_f!kmj&%I$0Z9j(7UwQY)iys
z@!~MTw|3b%GP1)aYj|136Q@Z{iZ6Y5?wuHyG^IN$OX<k%bv=<g^eN98PnV-=dAL_w
zp+~#~Z0~LCzJndgp1cUdmvfJ%Q_x4oRV9vOuY6lp#%YyV0fNhYN(n>hOgj!~?L`VG
z=9D7=zls{b+bCY)sNL8H96tpQWLUCyhS4hO*%2}$o=Gv;(nc?G>2&gCLAA#Nz%EM=
zibf_}DI?6N3wSuF+}eskSI?U$+J)G-D`zx_yFD3Dm8Q_%*mYb3kavKHu>)<IIYG}S
z!$w~WlazNfJlfRivG?xU4gIPp1zz%|pW$pGnxe;P@B==$Q(sp~$FTAjAtoGq#4m*`
zu1Q&IxB;ScaA)g??Ky^J6?X)k7EVW{2c8(XMRt#*7P<yzytaY#d43_KFB&Je*qfUU
zrTe5}1pNHH*N<k+&9N9=;7GAtq`9`bktCl(3y%P{%&P%gEg=L#RB&H;V=Dd%P;n{6
z2h98+kU%qQB=IkZbspNghw_vz6pxI&74~jq+XzQ}%Z3)QG3=#tVt~Sytn!RsHbI-F
z$2ejyDU1QZW}I!e`PQ2bM8mEcaP)fEJcdTb)2O^HdF(Y9s0GYWT${Q)?DQxaEmOp%
zi>Gola*S(H6!r@EmH7j#S2#=?O$DKSGLFw3ad!3YnLH3_vny&2sIyo)Yxd!wl_(iw
z3r~cQi5hr&#yx1biZb(@g(Ff}>ojsmUt>8-ft1widh`T)0k;q;&<BGC6~uv36>M8(
zA)MF(N=!gq(pxP`*gR?*Mlb6eR`~fv?ZBi@i`ly(Z0@6ni>R+2jGCr;CGc5m-AZPX
zgQZY9FAkE6Y+X^!G56yfXQg;!xUWD4t#KHEM%v8e9t^&73TThHbJxN_QhzL{H!r)L
zy~2Hmn-5s)MJLqJp(VI!$)-7>!fc%+8AQ$VYdEcYgG;Vu`8Xx==D18Ga*N)B2^Q08
zggO}{w%tN17C~(yw^4fz4x(`zXi@%>>;MexF?riV%?{(K3157+W_WGKJ6LAXuhoo`
z@@YzE<so#pF->4VJ~GeuM)Np;%q?`&blgBILKI)Xf^NVIZSFh-%)@atb~GHY5(~cc
zhuIyR#6qUg{s>;tIZIx+wPV!)Wd<g8vSU_3kwjp_D*Dr$1=Ay$K^IDRlti!I_#pKN
z^A03k*w~YV#mvb5gxKK|V(goywC=Kd59<x>-rcih&xy-ubMJSr319*3O+@Hh?COlC
z^oo=>2wre5dlmOfsS3TT_Jfso50)rIbF!LD<;1Q`aglAi&P7e$o6;3%PdpEP2pPO{
z4m#tVny|>&aA_TvtF5^zhu-nhg<^H3L|&c9k<`*UWVln!vqP5KuB|uBmalnPn^1_m
zMS4c*gfJ^8z0#;WEJB;3itJ%{Sz*WiMKM^9FB}HykV+bR`es)<7O)HeUn1~j;yx3q
z$is(E?G8Ha^i8p{L#Z``Y@=>b5Uql$0eVH&1YR!?<wn6}5(hIE64C48X9CGoc!8=X
z>`&WVwRV4TRmT#-QQS?jrgcs~?+Pbff*dO3XI2j%k(5AUapWDioJZyo&8y8FWNLAF
zsER_4<KDtf8)r+;3?`k9Y)BCI!3>6Y$4})vEdnzVYBRuL<MT;Ijx3gODD91H>;reR
z(ky(vV>inniL)bdE(+@N6eBl-%wv5Y)~Zc49RuCW_S?4ta+Uc)t4rrvTyZ&UPfTwa
zQ1*;pHIKy8^Aut$Q?-1AiYzZ`c&=_N?o|h@b}u-uXKF`IqctrW@bc1@TTJn2TB;Iu
z80`x8iqk!Y*QRyvRw3t*hj5giBkOjM+AAJ1bCSbKL21{=(oGIGstKU^+}OQ(<XKC>
zBPqfvja3TMM-uM5(T{)<HM@i!cV4(tR!2cRVby~+1Ww>^JQH@`ozBkK6FGSM9=#g|
z*Tn#SQ+T#x7kPOd>SYh#ts02h>wfs$;>iUyX&y2RWma32>4oWbQR?Xo4y?*dgq<sU
zSydc%WN+PKxNivZ`7dca2PJziY{l82Rn)^(Eop(!+n_hAdxL?bUm$m2HCCIhQ(>c}
zRXpFI6x)#3<&cG9q-Oe@+IVV8E_YM(n_~Z>n3shrnUHL{Lv)YN@5zjM7m-}qE2*}{
zZAlNWN{WY~Z;dbSUa39gBgSox<1|p*R|AAE*GVhuIUFAHWtJE0&5Yb&700vZ@)G<W
zh`f;$>8>hAd9!T5N6|?&y9bQH>I*U>C}Q31(2$`RP}R+2wtYv~sx`;1EHO-W;mQc-
z{?Z|(x*s*c0h?Dvh9#0-%Z0GuG8_dZD{?#-5N;RD9>D0nzc5Da%m8X&CLXy;=6X4k
zk00soozmzN-nS<NFb$UQNQwZsuljWuCCj^fR5j{(&+*J}OdZ8BI43U(At^&9He-E&
zR9oheVU?8xk+yGU9LmMcBhC)Iaj!^vC$M>NXyf9v&Zg@QdJjuHyPs}lX}M@G+H(Uo
zd1*Tj&xvaNEid>{zI!u5!!_p+FgXDUC>!XUkATA1!$wGsUh?J*rl^!DBaWB(oUrFm
z?LL2SnfcaphNfoOf}ZBk9Fj9Ck(+Jtu7@P#g+<I5*-mKo=CFDDaYgRTtzAC15Q<g+
z(n?4RRg0)+R6$hSckh(&wT!)nG4pP&=v4!J6CiF-NL_E~krKTVyP5RKNB0b1UF7E8
zBwKYdLlH&>35k!^b0x_^2G4r%Tx6d;2DKe@zeS>!CJRGY-?<R(<>Pl6G-*3Cubff2
zMXkt%_L7wH3gS3cpnQtVcL-%~@!<GvdF@EQ!|f~yTny}aTDoaM3gmLC)&#sLu|{CD
zsKR222KOlKmO_<5@P$@lH36x<!%jc6jF9j-@f4&|b+Pc3jdyub936Sk>9<@e%p3${
zT_O?8uKX7FTAA9~&<U$SM_K{Wp^x9C@?+}DUT85eRI-3Kdrk>iFCTa`=y_a3O1(uC
z;vKpi*Rpr-*sG-isqZ1VHitiuGVAuU5x&PS;<<b8JcH?Y3!NRG7>9mgeCeWwb2d2_
zk$SfqmM<$JPz_I%0z-hq9XO2LTrIVkwG_bZvLoT>x_w^}Z`d+DmWo$$HctbcV%~Z8
zaMe>rESGC~<Xg~!T@MA%z!h>HvG#(}OP}_7&2b@qt^w!!Twx8jsE{pEdK2oM*WS2g
z=gCvzC!5<{Lib$Js<ox5bxC7$@M<(R7>9ERkS3|62&=Cyd^ydsC=c)5<fHcvSm*iS
zwExNR{>V&IO$12h$2p=tX>0Ntd`(wSrY(7xGP+it#=gGHvV^dRiZ0b)m^BMh1wnCK
zEqJk}$E=SG-BatasEj>7%pje7wWxi%HF{@f?l+ay5Q-@N2={T564>@)BGK9#xlog&
z>!M{hyaslYtEs5pHEz{St>KLFtJEr5>OR)N#<`f*1~Xer45!yPBB|`<Z2Q7bXn;oa
zQEEJTEAH8a_{f74OsLi+nT&Onz^x=7%{h{z4J0u{KRs=SKpM_+7`C=qyIaylC~Oxf
zdoRd%u2X`C(fc(Ad({*2<4xArSHfq(T#p(A8vCgrs@F`n+uLyvdq&1DwcDSH=_{dk
z^(IUx`KC}UO?^Y#hL6l@6CPGDRv7?I;e#?odI>wt!aNCYf<$V1Jk&gp-b6%XYRz^h
z;PTb&d#=#-gJepWk*0!dj>bcWJkm`9pIOk`sXiLYCE#4$bSccpp{69Gn94W0dRa;u
z<j$xg8uG~EEypRY0gxM(AE)}P^Gq`hI1V;<?R%6h-ftW|H2L|UE3O1jS-gO3s*V>v
zO;}{BXKI$g7r3<p2(M_plR<ryJ!&9VM#~K3De8N&-8M$(g++4)Nft<t)Dv_wBtoSV
zGf5Yx$sRKGb&eRk2bq(pw7~uRWjybF935db&A3thyeUkrLiv`)Pv=7SFr^0a`GMNw
zNA^&@IDWui9B+WL<*J2UHI&xV(G~ZGG=5_w=H4k#Iu`VVHl2b`Dpfd9o@)7Gk^4BG
zpgA!(S(v2ht7d5{;0Nm|5_8P%0<r+n`X(dzkl`JJg*d_Mt<rrq9vz&r*{AR#AK7X1
zRJA4L1Di0-e6fsqD$j`DHKEU?X7P-pmF5eZlTHl;%fN7p*dcahEPch)#Z6H+V_}jV
zx^qp&*`hSS#;x$!63lzKN!I@aS)9StgbW%HjyJ+5w&J2X3r&^>?WkY6d+0sv4$J3Z
z<n=P1QDo=KOeS6GJjCo6B&<g-0;OH-=9yiR8=mRPdl|y3_Pgmjc=8Yt)1#hXP>m9&
z+=A1Kpo_F7F~UXgu-g~bG;2=YB)+HMPna_c+b$)q%Zlv!*(%T6I+^>sgy&Jd=Axz@
z^g{bBHZCeInW;SQTP|G!m3LyG2akhd6M%xWp{{hIAG%mo?Fn{5@MUURM{7Nv2|}kO
z%w!9C9pIM$igvMquv>Rj`!uw)YS?3p1i={&OqRGEPhSd|QF+Nd3T-=skm4PCbTZw0
z`Y4|rFvc_AITf5EH$aT!!!77g%(bAgDZFj>N~Bt3AyD@0*XCmn_<@wkyuwU<D1nXT
zNIsPdTbq`PGt4^}0_j$jSY>nr)raC|eaY@Pdr#{@K4p?-ihaYC>$vTNC0@FVEmzSo
z@giO~_G1h}3$w6!(Jl1mQMhfvm^7>aozNcM)tg303{!1FG$aCqOrv<D*+TYeM~QlX
zD~Ma6hd~l~2Q=q8?@3{fY_dkrX6PH+up$s2689QcO|&sUQ{)%TfeCr>?5w<G{n{Mu
zS-1*FPq)OI1|@5_%W6opXL-38yu|MQ%<>{~-plj^7U@c4#AFy8)vSScG|ADA+qhNQ
zA5^RN({sC6F$beuwNz+&sabG93!fk(ea^=^(p1{<Lik$A6sQ53J0or04pNb!y@R5T
zg5{KW@xoJ8R&6x~3hBz0dyC|)gTKMvGU9Bo1Bip*WjY!?LJIa+XWhI514ticd3!7`
z-_A7pF?gG$KQd9Y%WB?yN&a4@JqB&qP$g5anCI*JTwbKXVsN(z{umQ$jd=cUFaQeI
zsOHL_4BkA#dRFNm90lgdu?dbsu91P>DRxrAJBG_QFIyVaDE=aO5U5Td*&1n++ec8N
zZjif!_G%iTfJq+~F7)lxqgjby+j_!4SDS@mpj55vvCx(4UagJ+C3uI&vP<U4uIuuo
zCx(oY`Nj4-Tb08`B#1Ht@-p9CON`EjS`fYkN8ItmqX!{;V~!7oYyv_=w#6q0(m1%X
z<<YwqT}8E!SsB#ERVGWIwSMo?+n6PiIQ!)@OB<Phr+I5f&mUaA9X~dub*-1Ra1SM(
zS#K4tI<r4{#`5@F8@Pl}9!s$85Gc9Pz4q&Na?*k<eHkfx8li5@tU#w&hZ}hh-i29R
zKYBz@CZwb^w}co0;Q*(T9PDcNjkB7x_>0t~u~!NW&oY)K{9YbLbdfJ_YQ5TuS%);B
z_A+RAQIE<-UwcsM6qepf#*#i?f6U9<v}P~(5}rM2BfwPAJIIj5NIf4(Z$<@4vWN7f
z(g>5&_^f)Pn+k6SE9jV-wp1k<_aMsOnhe%Uem;9;z*SFyfh%p)ssU!og)unvy+qKY
zN|ShS4^F|NrT|5KS@}t));aX%y@PS{6on2A(nmn)n;`&Y_%u4i?b*0gzq;anER<~B
zk(E3eVvrk2%+c88+{t!C%7#quAWK+KS-k1(!#OyIi+o$p3f6eChKsBQXG%Z?I_L&4
zCujKuvm^))>$_K=zHlDU?@e4(aX(CyU;zh1>u%^NLyRcvQ?R@_*-w%QzDVwKQ7Wt*
z4-Xo(naq2$Tja#bq8mn!bgHMM?_H5cb^@;Yq>O}z?n_0LCthG!4|p`|4WI{etpLZ!
z!cvuEWS?3pfFdGzteP4=8lxGP+L^ARQRdJo=ne{zEN-R8hr3C9G=l8!XbECjJnBL)
zE?cm8Kye)qNmfD5Azqb6ST*V!5tPtd&a%E-zlsbv4F`7Ug(iv{R1=1%G504tc@LEs
z`WEuyZT*EZ#i2+HX1|q_(R=DbtCyg;Mo{tM-Y)VT)f4WhU`##*fB0@tg^XR7r={W1
z0GU&mg>^|_Io!j5Z8*FHKerT$Euti1Tf+mn;=&z9vRcAed*xzukxTeQ$D3HLUJlQ`
zm&Q+?&bZK#8A-@c=g7JQc_~KtgH7|%0U})+>gy+Yj9VoEgtClEfGIu^kj{=I#Fm);
zF!aHc-q^_<_Yp^2@L>Zm=5?5IQ_WGqWoKBujPnz4R06XrLgC08fskxC8e;~P3aIE#
zb5sVxS1$;PoLh5s!_A&*Hfu;>RNJiky;a0_s~ouI4~l!vc;2GH*bA5_V0b~Vy_5~N
zWc0<70nh8FaJ<h?&A2t0Vbq&Ed=L*!0q?y{kJqwXOhak4GGH7u1cM?_`JU_>1S$6L
zBm-ONuu=p>1A8VTd2oBkX1A#{&tDVS(iHbdl*_WDW3ni%3F9<5^3e}UAn){qjYfX1
zsqBx{!>4AS(M~i(G9=~cLbfp0LRMut7tLtWO?GTnmABi8&xBN^O@%VNiW(y0r^YYL
z1TiLUtGt@^Dk%lpgoXFH_A`!wr-7#ivIaSZ3L#w&9%<n!dBIYQ<;9~D;nZswFpcJc
z6g7)PH=nhBYFO&Yq1=*jJ+6~!)lwm?z?|(Qm0NsZFE2@e`rdP=fD;vm;JJHv(dv6?
z**M1T*b715DEk-6l)VqL3X=AbS}+ft$)ZSv%alFg)*or;)6ND=?>Zlpy@wO^UUTvz
zHGhMhxmbK)ps;sgzHF>@(6$eH6oH{ew#itF!u4(0A-t_gMQ*0Rbdb{Ic0#5HqMRUN
z)rLR|HE)NWVUW-nKN;mAgk8$K7MI$9cgeUI>Md|1BTp?z=PW_?B~u^Rs_0$Nti6J#
zeO?$I-q7_}#2Ol@X}p{_5FPVat=c4G@Gq9z-uPvf3>1$l)Cf2&bHC0GTSaBBg#<1{
zHR9FNQZaQ_<Klu17|0E6aCuwf&uW}Fa%x^FB<A4td1{s~on+b_hUFWZ+Sx09uN0p=
z&21hPDXShc7t&f)bGGcE1yP>RUO|Qqd}5cg0I=7^z+#J~y~B8kK>Ktp!h)vYZ6rfm
zM0Ey|Qm`+Yf`H1^>GLawM6qJ&vp`IfH!uV;=WM7chDfzp%%=o+XOcM!l~*ai#?rU+
zmRDib_C-7;${l-&Gn%YY!}4ZcOQj9<+&i2X&otGV-ipXc_K{RCuE;$w5~|2-YRDJu
zE^W(v1l;9>4f8CCW?vfKOALrYEJMd;s*N(wgn>k1=6eqSOoXei8^&+kM)~1YyteM=
zrj{b}V4kpuLd|oS^5%w}j2Ch0=fcWNs*PnKUSzN)Wr2?~0oSGvS8qxua%F(J*L!{0
zflW3Pt(z$W8+;;9R}io~Tl{fOQLBdAF{L<E3B2TboN*{QJ+Sl!hJk`DOxYg}Xi4Y2
zL#{yPIFzKo<7^TrGAQkO{eX?6BleN9EM5a8^vuK>S|A=hrU`aBUkHnENkD@!lF8yt
z)%hhvE7>GSE?->7>;^@H4nQz!Lr&v_TaS_?L3Sl~yPeS~f~)mQ%OKB}@GR7H{g%WK
zEQ?MW9@G#!>>G4_qO^De7C;W~y`31Dk(B;q`RNzSFg_5ugK-G>LZesKwt~)I5=5?P
z?ZY-<XWk4%?X4F{v{ef50IjNzR75USiO~h!ru?AmiE?>igVw3bu-zlqog^rKPy8fe
z2$-u5#NTE4*e`OokP?di=t0Y#uP~FEz~)gmFU7o?foE%v$MrSUgn1M<@q<u&ex^oE
zj~?>g&9w?XCR>^`4b&21kN0XH(w59D_Zc|w6^UodmD7k1IGSbav55lO-N|1tbAlZ0
zVdlskKTxLFhQk16FuPK&TbyozGwyf5vXRkmmh+W_zT7jz0uDqhD^`XjD6DkevAo?!
zB8J)b*!CgbdyT_{M>whvRGKGeYS3I-CL2bCd#5m2^3jqb%Z4Av?2=2pH;dfw=^%u_
zc0UN!vRGGqcUxsZ*A0-^Oae2{C9C9FlJf?F4{GUwA1}f?YS~z6x9AcGk;f>wuOlDo
zfKIQxvI8t8o@Y{`e5?LqaPR<<R!M<DA;Z|Krycp(vyix~>Rfa|!nZn2UVD@5$T6##
z$Eh%^D7B+Dh!%Q^_WDg9zJO=-aJM6!f#<*^teRBkwM}eAT4$YcTrn@h80)~sTuFP?
z7RkOtMH+bXwxCgXmWvF$`8+*LY0>bES<rJEA1Bam9>)|dwRQxuA(H!OL9d&+;zS{2
zUpI#Gv*+YC2_WQj@7n3&1Txj}=tOSOAv%^`zLZ$OruE=6^k;N&iK1L=S?~BA7+a$G
zi;ef5MyZ*DyhT$!p_Y3X`(AsIsQDSaNBdrPhPC=(EQqf`KV*bCp0x!>jZp|KE8b)$
z!!32b-MID=#eTO-)9Y^_sF10)k<Ev+*!#7vgryZNGmtHACp|Qum)EUUB@a?4+7{o_
z#hhH@J*bTy#SLuDO|i4?qF2gA=j@8TC_xanXX#;ynr@gGvHDVwbdCz%b6ci<gZ>FK
z^B2th=xN!TEmNhscW*Mq51-W&uT%t4*fSO}myFt*f+q>88(_c}6g8n9y$8LoCMElr
z9jdo{AO@izJjVrKq7)40`XzFnwwWM~<GxIH=5Xy-n|iEqu|OEyL9X5-C#b9>YT<Xl
z#39_sk85rxF1ubpfz4yu2#Ti*=Uz9k?wl}FYB3;e-LtLFnOu^EDF#upZRklF8ZiOk
z;Pew^JUK}Ab!M4L@zpMB-~5Z_iC99_HF^=pWhU*-tX&Rq$N?d9M9+LC%Mi=e_H_=L
zKiKP6aW(;0iH~d%-aHJHkQ_$YGgRQV44G?2JLHp+Y%C3s7rGNXqB{|9i9uX9WWw*w
zV|~z%uF){oOt_8@DIcK*?oAKVbZSUVie8v(75GS;X&`QIO9{L+crdt1y6w?7D+o-7
zWdi#0O5o0lpXf`7C5SR-60lNRmvzgCyGx@<BZ^+>IC=1P5)_jlj<ro|8Ih|_wpwy$
zZHZ2TaMF!b8spp!_gQxndUgf8y5do^u8_H461i{);slloiOh`_pSqd6V(Z8;f5bz^
zA)9lnD(ht^yepLR%Pk=w-v&#jH{B~GdKa;1Ff^#q_!<U#*nf9~iDod@^<ulL7_QX<
zR-+X=wsj-&bVY18DRXG;ji=My4Bb3xeN)RWK4B>#(prxRE|K!2XAow*V{~5A12RIl
zb&-l=5SO=Fz8G;}c(84bwLaGr8;{(N=oH`qu}Lqg;Jhw1OwcEl`6l<u9=oOEOJMd*
zIoj($X=k&LDmXrIi#aRlkffQH(rYp2QhkjRksEI8Ae3ZfCZz#)Q9uj})le4kBrn3N
zdTyR2IR!gqoZwxNJQUjQc_QvZJ)u<?%$UeyU9W75j;-%bYy8e$&Ba7hD!#328I62n
zfz;eb#W+RGq?YF%!<O)DD-=Iz7W$&OUfh<Gzs+fV>*!p9bCUaR7&F^5^i@GE_JC)K
ztBp?}v}zFH+9Q5XL0L~l-e4z4I<HT|EJ!J1Y(I|92xbS2H-H@^B=@e~^j?AIwGL^p
z)l}WMV7!x80t(TJ3<1*eQq{G@S6)7h6su5r4|g^kIr84@L-cfvNgh)JO<>~U#i2kb
z*dfhR92D5<VwI3#Qcb9_Q^88Mfwn`7PI6%ZunAgcjA6gI8e{JL3+FCNJik|*K?1%z
z3FNl-7_8+m1&<V9-r;LP&Zj4Qa;eYFr%u;&#h{FK^r6H8Rt5XOjw#T_C`aBV)eLu7
zTM=bHVi!l9IH>VkWPWW1;m+^za&8F%Uk*rVD_vFcNlOiNN1vER;3RP_pp)I(G!Teo
zS*!wMx_5-5_VV#YZUklBalW^AtJu_*Jp-lkOsvCg8c$5h&~YscsGah86wIum&#df*
zC8nS}l>xrT`0DOqzl$THx=I4Yh}R}cnP!S;aw9nGwRs!7sM(LvqHonL@GeK+6L*&;
zkA}gKj+kaDn_cmV9SP|Z6dxV|kuKtZUyw62AkjNmVr(4|%RTeikk)ffs{z`e*Oa|8
zwGUJ8(X;MMGaor?!_Lq(TErlDW^FFH8<R19h{?m9+1jO=%SVDtgupBBK^<rVum$F%
z+NfIsD}g}?Hn_rJp5<|<-{uyIB_}g`Y2+fRin#;Nb2fsc$`m=!EVNrFPFdaq@kAc9
zi>S^g(SsW@3s7<o0)+0E9%gSWR+p;t6WKWn;_3|{<$iaqjN*RV{mdj!R-R(XZiJl6
zMJiGPh!oM$FvHw9Y~Z6vx&&GRHtlmp0)2eZk6_i|MUbNf+ulU=DZz2U^PZc;9+7as
zUemii&eNBir{qlW%%g<;As3Z<)66_f?V#mVDg#*z?JJrvAH7HS?h|K)FPt;{jqnLP
zhqvAq5yv}K>$CyR$3)04<I&7avn5(VnJA~-vy2!p*NtFPCLfBWnAaGVMs->Em>MbJ
zn$7LT0BtN4je%p6Ux`_u#-6cJP1OYBbU9ty%WRhP4DL9pd2DuyH?J)8fD+3|ISIM-
zHjT?bu!yvc2qL!4{Us}vztX%J1_)v=PkMF=aw`dbYvaZ82$^uJQmw`yp#Wy;f-AG^
zp2W!DZX(E$Phb7TbAVs#yWLpCVP31=>}pgbjSP)=gMg%RPExLoV6E6Uh+FykrXc)P
zN99Y$nHm?gp?&xwEW4IH*>aD)UNxrZZqsFxLx)b}l!z7bd)(S0a?d#P;zAT0Wy{EX
zsvXmO-!vn0xdmeMLr5Zjt|Z0-B0~k^BabkeE!LY(C;Opm<L1*;K^xLVKB5N)kXR3j
zxh~x5<vTWF;Bb4q>f+3tPCE$U%%tw{c%HYIZ-g-M;x#?jD}+_2tt7X5CRU!@dl<sp
zlkljY1TDS=BgWk42X$pu@PO<U`9SEi;+!YZX5oFBrs0rp^F5TX$>K%NnXqyO9?s>J
zZ8sjchpC`Xi)xmyud_ll2xN^EuZ=tn@G$mSV9E0;%=JZnk}hZKXBCpkGGvlx1~+l%
zqNl3bF5ybrCCtEA`J{y2iEM}A87#s=To$DJzUag?bSQQTmv!3gaqJpuSCjJ^Mh)z%
zd_m;Hw<L;9>y<e9kT~}du%I187iW#Ih93gLqCZ_^Yy+*hgFvn9GXR8yGeLy4*pOtu
z{#|=DsBuSLAJVMEJZ$BaM`AR|;#zGlwYGMMOejHWFlPi=869Rrdy07w74cFP2R0kQ
zVQNU`1e4kXgFO~xu~rJC6~JK2!6f6L-py$vk2V;Xiuuk<)bR!OC(s*3A-V&QrC30m
zo3UW+rYdFk-qK0sH_!gX^YUP$hb5$|_KLDTDPtnK(9k++J7t(LA6v>!)x}b5WvYU=
zY4S94CCm{w>Nu@f-p)R}uwqR)*b_`JOsW^?bEt(vf|2{o^x|+Qi<|P9^`oE-W$-64
zPw_eP$kvMo0OW5Z=P_VD^g_BpHZE7Bqbh+bO|Mv>m%?K+OWyoO$6dI6Vh}~*Nn?Z~
zPF=fgEP&AlY`Lprw+V$IpI>=W$GD4H&Q%!i5=cg!m9zf^G&uAN+67J+-diBJ)Fz;(
zYmF2D?sa<C)YoS;Sg1+30|3{Spv-|DQInX%F3KF^k!{t&`#e-0`?GDX3xPz>w>@%4
zu7d*!v;p#v!jJd?JEyA60un9^)C*FJoIv%u;)4N#wQbC80Ih-b6u~OngEGMZFgZnO
zAT#OkcPxaod@p!S9VX6^g!y4z#hTF`bqXuM(BbhE(&!XNRpcDJO6@>eNUzHxXgHoX
zsU{iVWF|!Ip`5)ShtCIt%98fRZ&lwF7qRPmAtIUBPbSgFJpwu2i^FU-5djA!>z8{b
zlkunu^xeG4E?oeOwwV?sGgA_P_g0T>OX5L*T{j+<l9do-q8CviA-sG06dka2%gbod
zJEQsS4X!6}uxF&@Vg)UlW$V1YOF~<G-D?4Rtxr+jEwK}(T?xP{-h*&MJcZjE-3&NA
zeWOnF9**~BuQdkkV<!wMNCsbN$){;;DI8#;w+uvWgStgdkJ4ZpYt&@+HqI@Dy7awi
zsfp<17^+=iH@JepAT&qF27gGIG=nOl;BoB+IzaKZZmZ@H3E1KVAO_U6<z2K}NAYbS
z>I^QL$AX*b-j?AhhLfcSxh?veF>9u=z_l*kp#{OC-ewxg@mB(SuYYvRb>$8_yKD0F
z9iua6)g>#SCS2VdjR#gZJ<)n7(`XY{N`kfz^<})w14*QBpiRGkE`*jadi$nxM#p5%
zZ6Hw`)*il>Q8oZwA=?-y!UklIUabj=7vedTE;6;Ixjb~&31BPm6~Q%GCB?Ncm!~=g
z#5L9veUE6O)<*0~6+z>O9owo*qQ|hfo_10-&FQ>+<d<7h5t3oS>0^W<J0h5PZtYN~
zAW{6TO*sGxJ+X-y&)CiQ^*OJooZ|TmZLgMgcQ7+>U|43JybaQ;-B;J?wc@^Qb`(R1
zwH~wRg>w2A(JtrId6;i>%GX+ZI9kJ|A98M{#e=x*%qF~J)fc<c(`6W`&tlvVp9AAj
zfDg|oNcO{<jq^yrr+}_bci0X4G#_9jDcmI7@`C~=W+^*_6HS5DNGF95KBIb~WeE8s
zB`Jw6FH`C*?>h*L#2e-&p7-`vEa2kOz~*2<yZA8VFwcs_e7B#Mi^@En4OI!ZdxkLn
z+|e|%^xjx^mZIS+G#PpPLYy(qnnuM;%4$2OG0W$cUH2+{-qTF9Z3cg{izF{?sUGpO
zF}bdJ&(Ew1g}n_J0{Su96p_f|bLpU5+$hvjO(i~g5EOQF`R0%=+w-0#9wj2g8y4n;
zRBI<4>q!rL01t=rNh{Y~bcG-_#4XFgD0zd4J#!2as^>;rCHWZV0ZZ{Emsc871>2Tt
zMg|fldwE~^E5;5;OEpTas6HCZN2J<*__kT+cpRQ{BU*~0!wVlG^>%>h6W6RNW1&F2
zvDeX$IRH2jbBD1+EZ-Y*l4cT<Hfd1C7w@sQ$tz@(;o)o|Zhv^_(p37SxwNpK`x9?^
zG_4c~0oO2Wl-#{L{BA<Uw%&6AG`tucnoWMsjf?HfrW3WN$DFn?-;<%q*YqTiA4(Fx
z&895J1)Z>|Op<M&NTm}`oHieEZ6XC$cWrw4Ce(4%1)j${&)A8Sl9xn@k7WwgY9&&$
zoI;B6nw1|#YL~tEB-;6l=qbcgh{{SU=+wtSS~w#w+PiX+IMl{+h9}(g%$mlb;dpwl
z#*k3hpFMFhknSW7siEX&sJF^HqyrLtC93tFat+5W7+TGQBg`O=Uyj36O>^hfvu=ee
zxTSQsVqq-rjFFgL7PIFW^TtmZ^Ss}UPNLE@>NQ|y3t4gki4+e#Y^W7D=7T9H!<PrY
z8@RQDQ``Y3Zjt5^QW5ss8qFMO*`3q3w-%2*`bGH-#USwC-=P<*a|@9x&|xQt#JF+_
z3`;_3I}4qS2h)jA3x#H2a;1Bb0q|-imgGbfxcfEf%D5-Vi}&E&u{9oYyKVBI79>AO
ze)(pGD6`sfiq)b0E<q}f{8%m|>*AfWyd|}g73a3h@})j9dfP{c72-2aX5}&Oj@Y1Q
zS-@=8<cTvB)b06Do?Pea3B1%ze=TPv-X@a|DAiDyjZ5_9MoARrtBqGl)s(`{mBif)
z;h_l8BbKF4?3rFesU)j_&g1D$G?+B(7MeT0d|b^H7Ksn`MD=wy`PICATH1r~2q{C$
z4WT%;Ci^(O8B<&VO-h5$<iO0(J02Qj_->dOJ=+af*P!JbZOqfK7*T5kzIyjytE5_}
zA~GJ2klipF@T>|y90z@KB+K<MJ(ObctSon6IhwL`9*C$(TkFf@HFa%wxR>`%JI_e4
z#w)fO@-=H46-YKuF|P}#JK`P)95B`5+O{)J``H$yO$;@{)>C*FLi@nTqfsBXO{}u_
z(=xe-n}KaeGFvS*?+nhmGu{Js&MHZJLJ#mw3)tedsE4zUhRfM=)g9#Dg&tvb_&lj5
zCeh{##D2rQ{LI4n;i<1}#wqw(P59WH2Z>{mi6Ur9n*^Npdx%=rq%oWi5Dp1*3kpG1
z^JcaNJumLWkQjGgEFY~oP`Al!<BqN!M!1;qfxXxMUU$Vfb>jCN9p6jBt>MFTzV<>{
zW}y_W0UC{cz-9MHQ8Q-(<XJpJ&|F^f*%;3(puwnqOE-(7f+DdL%JP<{GWZ!J@>CTK
z4le=G1Nx<xz#rjWj|+K@$FffQi_Mr*^i6-ksde|j*Nn7sp)sn5YlSA2#FzGXLo*49
znJJEAPrBH3?CwctV`Z0Zh#>}Zbr)qlHh^Io+<IOz^0b2Ou_ue~?3>ma-4?dOg3gs9
zvD&9;NW2INjRtr57t>hzR@AA45Sj$uQ|k-52CCHCOKpCAMl!LGk`{WwQKujs3^+<p
z8iG_B0P?ysF8dx8w)U()91xsp1umlsP>;TQ8)#7l>4Snz*J)FMZ0Q-2>;ACWq)?04
z{KkU8ZD7LUQgu>@A=|8$d%ND$tibIvY5|s7dN*s`P+G1D05)v14kM8?)#m=Hiq5o*
z*S6%XcTi;6bBrp89z{S<kICLctKFQ0hj?@<!9ld^Pi7!eu^2N?EU5MMwnZ~+BWbG7
z7Qk+&W^N8YFv?b0L%`y;d{;~eSeHSx{2s;H)4{0@*kgf5?X>ixoY1t-IiN&1J6i8<
z9fusdj-pOLv_X5RCj-6eb(|kZ0?Q0_^Qc3mCy^)}PRsM>s$vA&3d{Sd%M_4HF?NaX
z7>it?UM2H$A)7Esd_e1W81xA7o~pfqS}*ZBXuG|F9)Tp!=h~~2WBs7~G+*+wb!Fs-
z{8pb|D;p=Jrz(Rh-ElJq-i*-pf<H!bd<KZax@!e}idgh4M^LI8@yZI4Rp3Tfq0&pM
z6>wJiOj5Pqq2}h`9!9e<L54GQa^Vxo<CZ40C*TY@@I(nW>u7V5QqV|XUTTg%?mS91
zDjJ#2=M?>nc3Ros5$RTS=gmW1-h3I=k?Au`8HQ3622_=iOOM(dbfuwza#LM_j!PU~
zXpvR$bICWowY`tU$-kIpfG?&cJ4F*-;xp%(e&jLnl+R)*T^fl@i=%?3ASaWLKu3W5
z2;ZrBKS5YTyqM<3#`DtbLQ7?QnM9^wEhw#&_MW3v%9>KQ8vEM9s2g=SkJ0O>dWC3P
z9{SMb0i;7+s`M;}j6t$Cvx_Upb=MBKHWf?ng}!-@f~PhNwD9E-9hNosNCIHrHVIxO
z`WjK|Vsjy?272-7v1fQG*K4qA*VNy^2G}9XVtAENN(c^{okvXy|AN}i2eKY0l%!_g
z6QcB&jmeK@VrxdJcBK=!TlltNUX~7ScE6|aj*$DwdXs3?+CgF?LaL;$ootQTdrx4x
zDqWBa6E@X3Aur+4o;(o5lAECSBIe?W+C&xZw(;mCXA29C<LzEAKpGe)-XjjrReugk
z6AqB`CQTOVvgcGQ?r|@-f}&)xray#pX-d0Dd$zt93)LkImvKt?%$s>>s!psyVua4(
zCUMI1jTCc>czd@&01`&7X`h@<g;GwH3QCcbTs!u35|*W4Ahw*e(E3rjzKw&}AR9l`
z0)2UHuP<GK$`C-GFeAV8k^${DPX*p6BQu;0Joa6Yj+^m^b%AIok8)+FvlDBUD)cE0
z?*l|xq?|O(PLLTSzb+x}bbr`KERpgiY^z_kB#EFM2`BPHO$JJVxD!|Jp@4Qjene3#
zoR9fc3tK`wb*tBJ!jcCQ0)V?RHD0W1kI4x>nYg-{74=m?2hC$Z2<fLll_7p*3CCn=
zfkmELWs(}qyRBQ^6=@ku?tz*p$)R%&W_G&?$D|?IN=tG0Y@bNtD}8VeR)&}PNk4Sh
zbwzt8QH@a+pwjp5z4NNQz1b(}SrCnHCgzcDc!xcxf%m#-atZ3dbT@iUdD!bb;jAjq
zaTVNy;<@T#D`3`hBqD;O?#zzRD>Q??speJks-${Iw9xqkFDISP(cc|^L+xKsr(_N+
zD{DS#m%h%ncR<(j01m_HvWkw-V#y!8Wi}Uv;GSz2eh4cKrx5Xa?}W#Bv{)a#i3d3a
z)@Tw@Pf9=zV$HcaC0rKJh{P=HN}h5oZ5X}1L3NdWSki9<@s)TL)U^k}Wz8hGj>)rC
z9fKGUs6ig+P;h&PqL(A}<~c*p^>ox~o?uLoQj#5mhh~v<zqrtF9u-i;hLL>WFj6nE
z4qdZ`DMZD+UWxYvdl(Fbn<*&#MRhC5w!PH}!7YziS1AFc9V4O$@go;Vi!LX^93uAg
zQG;|a5{z7(JMXKrByfE<faq^TAYMCk4>E!>saWjLO@x@sql@D4MXbe0I7oj_uj{Z1
zM<<Zjrrk>PHNJ=wK;{#D=i+aw2^>`#K}Bs_@NORA#8FmS4y_$EhQI)C0NL16-tmV`
zD6(h`1^$Y5sd<ecNuPIBg<*GB;$*8U1lo|#V@!^orE()fi}sSx2A1cvy4Lja$*{RY
zak9;uwotdgz~C3wZyR7DlOC<ARuU)Xi>`IHqIG39&!dw#dqr7C8P1OUAozttC5BDu
zs-@dKb1JKeNL{jXI(%=cb&RN_XCcV!h{4qGj=2%h7D?q~J1#3BgSFIVNWEW$)na%J
zm7vQO*fYPH?4{xgYoDbCLDL>|Ey#IiBRpvasKQ$~cu4>l*qfmP2h^^eNoKb#vDon-
z>`DfPp91V-crDMu^SwRk&UzyZvN9zGN!l-=rXKJkzn-W2$Vw)}0$*lN^ThKS05J=F
zBbSdKLL3{$I0h9G8O>b2=Zch>JyqNlxJa?gfQy=HZ}hfMDfqEm4{TJn*Yty}?S9od
zeRCu^)x~6HsdwBUCE+NBd7kf0tj%M2e10A$B8e$tidRcBsuk}&aDsVT@MtVWrz|q9
z`x!lk3V9I5@&w|Dp)Rs@dSDKG2p8d#YSb^PLAz?zHaNqa;BAgJh$W^JgtK{Zao3(?
z*v4yLrV}wTd}4A<>CW<SOo`6VEuLGtL^>S89*}|e_!;BNdM<hW#MHb(%p0~&8TY_6
zF&`YB$+Os)E=qT)843xIU55r#Po)eA8-zZj85-|hR%K~hNn|`-SbCZ4l(nLYjk+3p
zxa7}pY3XS{iAvs}CQ;I~vO9dIo17b<i+zjwHqbB%&jd2GYgVp0<V~!Y_7G}b2RwTD
z7uIrJNe|v6?U<M4t2Z@oY{aVWS&@`Uoxcb3LQHo_#~%RD$<0#)s)0xa5_$9tQ;C()
zE;xmZ2r&4_t+F0xJoTr!&g0f3sK$piPx10(=QYsF&}>}r0D-nJ8NSk)M0_A)?`Wb9
z-t`pc^uv}Xy7W*S@?z<gXIm6GLrn9|Qcuf-x0-<O@TmJU6MqYOxqcW@2(56bSc#C9
zV(BRa6wj~|spBeTXXu&Vny+*thK5|q>2~p1lNE?iAw3*UtbB-}eQon#gA`sL)gdnp
z_qi+ND=y);><l<@(^@{Tn3*E6fjfTtMrW4J6E!6=JMs4B0S`1&nKR>X-XeQp*12|&
zfwnXX`3Q^Z*1_@FX(i<3X;z-p`D`j!X}h+0tZhD`fQMBYt59hyCyE4)fK$t6oVl-i
zZ1Sx(D@lPd*L$lP)(=(SE*L^u`pON6FI$ktvFC-1=YwleT3<&SnKjr5T&|aO5GaAB
zvH6M#!;+6@n@#TZU9lO!`lBl_DmH)9#|+5IG!YLDB57Z9I442v7%mU(V9Tuu6r95w
z_P|7PdwA?~&&Kw_=Hs&+M{U7-v!fJk#}B&R;f}E)ERV{QS&%JV6N17%Re6*2bUK#L
zyVGk+L-QzKqcqd%xi#(L2H;z}eYhTYdZFS+O9sjGP}qsPM{AA4Q}4<*wRxpHwGaEf
zhurW!u_pe)`mlw(&+LU88`$u8j#T(ro1w-mlo-0t(R)SHo>C8YQl^*!XX4aXE9Y7H
z*l9-tFxRUyuIe{7XyJ>`4WeL7)>`7t>+WeRf;KcRUJc3_C&*q>8kX+MB`{kzx6sFi
z>Y$LQwB70byfNLMK#jgCd4Z450B$&EMnYmq<UN~A&}!Ewepy|6b0yX8VgAPXHF)N<
zHlOy>Q#lk}7wky5KwHkIR+1BM+}M#4XEm+j^~lQ!qep*n4R##w9i=sed&QVMVrbl|
z&F34Ei9jLX6k5emHTSAf*<ZBj1c-!gqP%8fExt|A7)o=V=<Jg4B(BWSA(ZoXM#Ckf
zz`G5g`j~G(snDN@0gyM|D2^1H%bipJpG?7P-YdmoVj>mu7gVuI5;v~XVIia~3LsYT
zLiQ1&KErzU%t<oDqJkE)<Sqa-Z`M=M)r~;-`9zd0R>JcjDrBgI$tz=e5Oh!J<XLAs
z8D+{Ga?xB<**iH#;7Ytzcngr{%jV$?8zLh%I~LTh;|Y3?^JN(&0nwp{*}GgZ9(hc=
zRrJorIP4xE&}&3~U5_2N3wG_%Ae*h$xzQ#JOoP%(X~-4Qad(-*d5xWrf^TSf<So9s
zaYBlzOiQX$03L$CRk9!_cmq<16Q}RVT-)o4w3B{){32j|4oKrNstT{yl(n_erS|4s
zY_EI9>)P&je(Ie(kn0%M$rgJHkBs$YNtvrlB?ACEiFj{|j8{B1(sF`Lz6>_ZJqo3?
z#V#)Lz=jeQVM}D~B+q#p-I{e8V{_$J6y8Zf&&}PJpgXH$V~3qdDPL*gx!7s|ya!op
z%)+U(G&{Hb^3H0>m!DvBHrR7`RE`aINO{FwSixtAk$RNHDAr|7m&NE7!7sst-s?S2
zWubQl`&v)6W%rHTR0I(f<=cX|%j#@bTPPaP5b1JQ+gvm?_fM`LeQ_NV_tLgUuozFp
z=mrMdaUZ;ZxiW_coLrlF#ikhe*w9xm+#CQwK)%0Wg-J2yGOYxpP0OA@D?b{q!@jLK
z1dR&FCkF%EHHQxh=GxrkIC+(N%2!A-XROzmgdo`|8~q@dY0MwUtxFp3i#3I0f5uKb
zbo^`vU(q%KQ(j-p_VimfTY)=9&>Vym5_&L*LGXyv5rQWl&Soi_W-=W?J3GI=#ugWr
zU56)BGtU@iG*K-mm&WxFm9fgu`cJTJ-&GDVN711&sS0iqpE6x}S1}ZZ#?>LTr1o1Y
z%%Nd?jpu3JJ#w4{m5{(fv0LwqN<}vj9`poHO0SlVHM5a7^xoFkrG$aK^V%D&OnD@M
z-dLIa%4cnGxr|<epvTj`*>~_F81J@USmX}AMqN4L^aea0w*@;3TbkmLUbN+G22q(u
z9=fk|YD(ams+tF1(>{|!!|`pUW_pRF#WJt)mG0Y%zKZf2lDafbw0K*!i0TGXmZW<~
zO-#I@9ux5@y@4!X{q>^iOj-N$SyVRW%0e}M^iVXErI0xv*X&CMLps1|pk-5J7_iDW
z%_lhN!A8dXJZP<uL?j+%rkKc0xLd|%dk4oF?ml5;6exWKKy01UGZ{@+#A58zg3&Lw
z-Obt+jA8<+_R6DW0{J5H^cl$pGT?Tuo<^&6E_85Z-y1D_P4)nz`;`o%jwbOu<UPRF
z$9}Z(Ld-9odeh^*5{W0YlD#wX8abbwIxu-vk|YToh&C?^We_f(zfpF7zFlB?Y|11W
zNW(Y+49u14NA`G(o?iC^@etXQ)4rUf$H9bkBls9ME5j$n>K!IllogA6-%A)wTSPU0
ztAKv9@5Nlj=2NAo>|hmmHiRG}0gqEp92E>onu|CmS4bM`Xh?073m#Z7Nb=K3CgpB{
zqI!@&M0to319;jVV&@CXvln5H6MD+x6KwuoFrtOK8?j?t<-EKMvUy@=p{lT&jx99d
z8xI~SjwGi)dUSdw9*;*L)8AbzK}wL$ZDlrxPz-=>1-+JB0rnkX-e$uc!@!+mefpk1
zC%!;2je4u@5ZvliKq$Df3%G(%{IK0s^3F?3k4~aX2Pq~kHmr51{8C#d-zhwd7#gh3
z5;k>8#~$rdITb-9e1T(L-SkRoV1sB|$Lqp6gw}b6Jof@3D<AGuz$@~r>-WkGUQdJ)
zN+QzpzsN3ijYIS}q0Q@tC+{q8%E7dy7xXR7G4Q>?hnzes_JlFWHjY~@MY!5&!}=wi
zwpz3!bxf)-sUs^^9zfjNK^PlqF(mh7+&jItH+P=-x){j4ojZ1<FAYxOg)Bth>lyLl
zp;SS)zUNL};kYH0ezp<_1{YQ@MGf6^xLM@31Gk$xoMHj=MV<EIOzyJuVoW6ZJJ@*o
zz+F!ekt8(;eOy}r+!WS#p@$+ssRt8uU?^q567s>M%|4Ka__VlkU05lAH7>ExMQmT;
zL*4N^tPaM98y2?LkTel?K1tN8v+%@`JTLD!bV^y35YpA@V#qa1^#QL%Zx9-1^$avm
z3HZTls$FQe(|$2<Nqcs0YM20vll2(A6K5Y%(si8EDuCC40uu;yKA?_#u9+42(yv5(
zvo_TXTdyDB*=$PVn>66%W1MT+6!62nJmYu6`L-sWLHBDnO2+0IhMl>G*mP3X1YR|5
z)tvDhco6E5Y2<rvy_y6J`2|uhPoNJ>7mu>ifdw2w-As?&7~&!yBc}F>kH8u%Zqieh
z4J&OF-dB|`>j@*uvugJT+jSwY$_aTcWc5lit9rrD2hc*?*#q?!xZcpnX-ow@CW6WL
z-1j|~?h3%*kN`4>m+{Vk{hsVgDfkhP7UTp)O#RpZuGY>LpaDj+=5k4AI;4{=jqtq-
z3*u3uz}EXF+ds)R-FreX56Y4~qP$^bpTx4XphwOi!1AkQiUhiPvvSAhH?S5HsxQ0K
zsE4A1#i=kTC`GKL@S#xHp!!t_Z!B#OK8I*3x!wrhX%z!uS>%YRwJYOc>#=*{^oo!Q
zr0$)hMQ1)H;+s)}c~7njK~E;AU$7qYyu7YlTE=V<9$z(ydymSr)+6B&XCk$*)8OXY
z^_U%wr}y?XIPlYx7nk^Kja%nEkD8NY0pn(?wjwA9b_Pq;agn9_3+>%GXXNb47Z1Bj
znz4Xo4LnG@)m!jAqoS0K^V%|PP+-NLnq}8>3?bAgRsls}+!uyHofTBdJ(3Gx<cNTV
z3?t7KPc%bQl@PBU)Zhl<JiHl-UR8Gz3O6?5R3_BMm%EM#75cV2qK|c`@i}+BD6*q1
zml8COm(7w$dSV-IcDBuX$iSD{(8v6Zvn^e<*Sl#oQmFS_NK6A^X!!-b>T-9Qhn_7=
zSP`|d@(2O_J#krME|uMU2>hPi<=ru<mgbBcI4)DNwmg+?I(T#Z`enX>i;QNoQCZnq
zecTR8tioJjn~fG7kM>!xSIJ5{Pd#FRdli?$?QsL|R@@cK*Hhd3jS)y$sw7YaEHF}Y
zyzJ`tTox0<=FFvl_LvH4t48?YuEg9!At?8KQ1eWyd5vHU4;wmix#?<=baGZt)s}jl
zq!SVSq@0e@^+swOl<-n-6WP@F27FAGn^A9&SPB|U)aRIpdFo6RdEp))s52of$AGK%
z%Q|cia25nrs_DLXgr<`hFJ1v8-&`PWdnNKZ7AX4)l9rWr<6H+&${VOO0&WtWRl6!7
zIc*wlo&sm*MCOO}1j@8vW;cR3ePO0~wPG#<ZlV@y4eG8=FS2f7n?0PUg6DQJ5HHh|
zlnhB30hW>>DJvdzZBQLeo!F4Qf&$UhnWLzDns$!QUx2IR#CDrjwSJ;4-%H0iLZM4O
zeq!y$C=@ehYyN^{-k5Gk<t3FcCG~sv1_#jwCHmOjIX#3Ydb`{K87m-baDK!tp`uT{
z65=^t63dqM8`F0W;vKX{h0&^(ypdqgi37|{u=9GQD4or_JRm1bYXg(TGHTu3^HM>(
zYwO`AUK)T@f}!auOqPxLsUz%x>oFbpO31-Bp*^Dt4})%fgkm~Dz0c43g(btQoJ3(C
z0_n#u8)CN8^^rV#{mOLW9s&7n`qm>s`HOAE(uKf#>9zOVm7VQ@Qsg6%SGZ?;>FSZI
z4G2mnAlt{j&I+Z<?DIr`_0q`m#LREY%gHJq5aLQ<mD6c$+0l-%z{V~lMzZDUt5Uaw
z<W<Carc_~d)4GJTvv_XY@9EPl-c)>*5x8C<;zvB#KrQyLP-Gf+MmL;W`UI=xM=Ut!
zdbC?M<%tEg&O(_od+vG55qqcJppckBdoe#wQxWpVeaMc^FJoU42qO5rDJ>_Jv!^e_
z*(a&RL`r~<E5uEt5}janH#X-XcL+*FXjW+ZJ&tN5MZe_r1k$}00XMKyrjyQF+`}iP
zEGWmlH2cIRUc$YaTi=(qfXF~dX-_V<i$f*gMJC8W%O+^RKHx@?RCeGHUSfDL0GN2z
zbf|&rhy*uel6pl!_pY%D)%3aBzPd+t^YjjRygUXd0&-)xsQ83~;xSkZTCga-On7Ff
zAVm_)s>+wML_zR$JH>;Wx8JDRy9!Y>GsqL}6vvv@5`wUJp5e8#+Noq2k7)SLUcg-B
zTh?o7P<`p1sA<Ey20lSsvZ=EmWS3I?SeQjh%`I@j#1-lFw!88REv_)Cr096EI<Jz>
zif$eXK5RGuA7ESUrpNMRg6%+E*vSnUh9A7A5&^4J>@4}#dID4pUNnK!VENN#Vkkm_
z5}re9RvIdVyQNVq7Ci{qOVXCNc!EO|G!MULZRIbv-=aK$aU0z#Y0rrmCPC?2v~Y;`
z+R{(UtLh;28F}wz4uO!;Yp9WU=r0f{+4a4v*95=|#?fxcSfuI29xU==@QyLLNQ0Gb
zFrsdISe~(oo=66wZV<%Fj$pyuE6R(TN26mWS8Zo03?mTM5W3Z`UK*h=&Vs$fZlJR(
zxWbA@b_Iom-pSFyZdvj|l_>G$3TuaD&7PL%bC^j3r1a+ufu$-skVQuG^!27W>bo<Q
zp23%e_Pl~&P&@a}d7D?1D8dC|$s~7t5Z;nFx>-St80@Wx_rX)rn|nzO49t!4aNY$a
zkaTLi>nw>0*rBAE_l`~dM1QHKb(_cQNAX;#i4<ryeyQ!pcT3cW-fYZj0MaCIW??uI
zHSxr8WvBV5_O;>(BTq8S+&qvcA*-l)Tj=w;*G&WSxQTpHBxI?X!*6cZpTblhAlFk*
z_m&+?!`&@_x9%_U8J3UhS&2_Rc{^9+fpwD7U7L+7M?2fdOg9##`LJA;4QNh%=Oqa6
zlCnpkG&H7AF~6TZYIs9n52(0uD&rU{j4Kr_Hc<_iRiWEY^2r&dS5)Rsv)COz(pR7~
zr66&|WHRIr3B7=emiTaAy=m^<AjQPMc>G4lc$9k)7n;mfxAS#iZMZ4<V`OT3aNO?+
zAGqqoLDwv-aGkL&jIThu3MaPP&DoX?z6MPnNT6%oG-|WK39$-=Q6t@w!{K@jqD7@P
z(e!3syd)WTNO8sE!PC1QG(6T-o5#R6v*!lZ;sW(B7I;oZxhjrCQ;X8-vR2uxP^S|5
z80CC6JljVfhtH|c#1cf&qp-FZ1h3s^qTw+nIDt11!f7Xkst9q3*p|mt=%pcdiU=yP
z&(z-qRl;lHsUXvFU%eDJ;kV|JJRJ9o7`nzuQE8zm3u$)CP=u~9hh=TW9L^t&KOD+z
z5zUtXApNY7y%}@y6K<m~xcm8NL77;W2-PwK!}bC|?7f1LcwmhzsIG@eWI#dW03%+#
zmin~O$aaOT0gI5$Vm<sCRus;2?G$T|$7C}#w1V(P%bpAx%9D+qA+^S!ig1T^i!eh3
zAb^07@wDV;Kh1!XF$H90&u~TY%?trJh8(mQuU5WW28ifOL|r*dy7bgZ;L7RZrICTz
zhd0d*;DOCzjtQA<9bhFo`tUlX*Nb{q2?lY{%y!~Z;R)lc1<$mY`1Q!;m^b`I_r09S
z<mZ%%eb1Xh-(wZFAX26R<=&^o!^Fp!T|jwjxmBJ1=EQ@*ubq5P`~hre@(@T+-H0ng
zPjZLBVvcwvBV>1*^y!eOmL|g3%>fN+tX8duycI|4t#e*oiwYriDDIMY_Qq3<u^;<;
z9;=8+0fU{$XfC1yeQN@3Zp~9D;)(Yn>0Vp_;o&mDiFF3{;NH+E4vhCa&cQod1%uEE
zb4$T4Q|EDDxK=fU);BIG2s1bHP60$gkU`gu&<@Gf9ukIWz^-q;w;E3#Xqo0XD)74=
zArcAG3k~dtdG!<($z4sn)^h`q7>PxTUkIS(hUObY-zT_BgLajn_414~3yby+@cNY(
zPcJJb3mvSw%Pz;WdR#U0#L{1?XUHJcMbBbOR*pfh<%2S<DFrOwlJ`bzd9nmNM490(
zVe{>g*-K_!>OwqlB7H7tIPp5w`n0=!%a@&*N5D7XNtQ(3SuB{|oeT7En1vrlwZ6B<
zSddIF)NztLU-cE;<;w^Ph=l}XH^;<kc(?E7qO2ke3ExHKd$>|aPabl;Lwmzs{fJ|O
zRmsj746<pw#1@?k);A9xVLf-T=dT)@tS?@`S|lw*z7i2i%ZzT3%#z1-HYSGicEXy(
z_d1s5HO}K{=gmBkK_kg}?hPrIJVyrlU|BsJZttZ<s&y5SM-{vtdeO*-k^&6R-12?W
z?eImn56!-VdY1ZJI>25yNTC6U9R&73TS9dR3d516q)ENiV0~Dn+@?=<=b@h9L*E#m
z#n%Q&SqYrT{?tY8$+ClxmzfSEt|z?`w)XPTgn=kxoL3vq3>CVQS1sNEq@YYw1a;Z9
zF-~@(AwQgq=w3ZDk3)*3Z0S=ehB0{Xq=(R@DxS6z08O5EHCbB5ig1Bqs6JrU)PqE>
zM3EiR38_)CG6HEZ8lX~`f*V_oO%QKds3f4tJD3ezXX&%}bM7wf&Yai-DHSXACn{p>
zAh_?5K=Y*n)Z>R63i1kaG-uDoSGsqSL?^VX&+siqcwwBwdv)-rqbNlmL_IW-Dfg5v
zMAb-+JdTJK!R=*Qjj865SCB;pLLsRfPkB9;L)zk%y=*?oOu)2MJr<_ql%mKaRTQ81
zEV7E5R6@Jo8is5JA_-VlLSxnVUW&PpusSYccAZLw8Ac2Yd-U)V>p8`P$ydq{;&*S`
zI!kt--x|rb@}PIM*A#?>+V#G?NJBdboZ-mp=U2u2EKtS@6;~ag-+04jmSW2e$haXE
zz?yhaW(#U8Q-x#`SdxXKI;SORMcV?LWku4AGd~N4G}Ne$@DyFhhZ^s(WXn62inIZF
zl-&*s@szmbF+QZVqqVz}0z+CV#5is}>BJTBh<m~90$cFB_G}C1@WCtVFbc9q7kYeJ
z-gA|s?W0#>gelBe>|xi}MIiyCv)PB15lOZ+jo@22W`f?2seHqOdYOswg3I0EjqMpN
z={iAFli=lvmoF^!WTzAh1R57uhv!Ze^>f49FiP%+b9tSN5aANQli69=NW3Z`N@YfF
zr4v*3@_CZxz#3~AUV`gsChrRZgLnztQ>_v4nh2zCr+FTs2G6@Jf7D|X+a!Q{G|zPl
z4H6J5bKm+)+Z#l<dD@Y7HB<iN65jK`JHqDD$4~ugJtqQ{BjFow|D3y7xoUFAqy?rY
z{FO=$0!GE1OX3=~gWV(GD(WDdet6a6E!Qlro*R2Er5)w3Dk&wMhyZug#dTY@$*#!7
zQU;R-VjvLZh^G6+t>VdICEV$HadvU*q_Nl9y#s$?FJADSUHZN_J6q>`ub->BNds0F
zlD-ZGnZN+wSSW!tmbk3aH{M!R_Qv<IzlMksseW(=L3iq<IXgFOHu}V%<3v!L?Vc`i
zC6s}P7(VE2v8@~&sE7H?H_(H3N%tl2Uwo4rVM?bb6di277+k?azY{xuUT}6H2)g(}
zU<_?vEx<+3;?>*CXZs4~3LFX(d`kzcxSw9Fy(ac6*Nu2-$(&3ADDldT5S;SVpY9c^
zfOD42;A>LGm&p&_V4%OQgAme<(UX7(XiG(ecTWBGt$3=v^GzIpcG(+O8y>qzSPIdn
z@g6<z7iok$4{#XOiymtsN`#X|B{<9*eQD<@wTn~!j!`ZyNxPs`5c6eGr}Zw^19TUI
z+vyCU3QUTa3YUdV8FyCJSqVPLmp!j9Ou9VW0DVtKy0i_LCs+}2NT6U>j^R;^ZWGfR
zaGCb>^V-elyL@kXYzee<u);mFR;a*O?KO^Z>(ry@4)by^X!m5S3LIgq<at^5{5)s_
z^u=~PYYQ}bLYGALa^~D?v`5pl9>@aVnQx3XMYFQmtn6sqz`XEw0B?WMZZ{z<I8X9k
zwi{pUd#m91GMw*rDMHw4?tz$S#+fKEVp$cNxWRb#ni@95TSAyuQwa0$*cZ}#aAMyw
zV?;Mc*-*w(Cv5uG4h*SWEh{FH``Z<i8+%^aP7x2HUCS(|HeIZ_gLZu3o`bztY%Z@?
z9zbB~7(nshR);@mVt#G&%PTCib{h@fnxyp0;(Z>5n~b*+uZ|3w&29shmcZsD1`wB?
znO)^87RKlG@NhxI(R&q@<6w9|O@-Jp%5Tf(lkd>a*}Htyt2|BY(JdJ{N~$Mzv}8Uk
z#@T7-cxx&og9G^Hz22Hw!j!6zDN@uhO>eO4W5kowYCT&hvFtSOCJRWtC=Yk>>}ZQZ
zl{?~9RWo_GFHVeVWgNF2DGM<=BFa572NJ8R$lcaFq&)H!x6TIj#H5f{5;^K{+{99}
zZ~N&<1j9UAoHzA+@$D2vNy9Pl>7Cm-Tzjo0k=zkoRkW8Dj=cvh<_tqzZBn4+Fb^h2
z9aNY{5c0IyT-NDjzlHL@0LKj<kSFUC1em_YC!=utP%ulHSR>w0zsRKyP$M`GpEMAF
zLEhk;0cV<-;J8!d#yNW<<`(soqx;evh6o={m*66Io<*<^hYci`_p1eZBG~HVKK=G-
zmXAFrxN(Pjp&ZJWbqaL>5J7e%^R{~Tv9)l$wTcX}gC2w&l!1(-$?R1_(f2YKVA7r5
zvvmPUen^6KiS-ad0eE%c7!KgHpGU@x%v7DN9qA!S49QWWX>l1IG{9^Hy4=CCfZq%(
zh~@F|(A-OuxfDjt>O62AK=fM7G-ylYNyZ9Aa^!wdx;C{H$tX9xmhJZzSPyDRs$oD9
z{UzUBb2tJt;Q+odq_Hb@Rb%1g6t33ZCxT$4w#1?)0F>=-0g^OL_vh((E1?qfvxIkb
zHLYhg?kN+Ywdsf#XY!KRm6TRl=sYybkD;h0>_XuAl=|&(3Sn@?x;V<JO?Kk$YJs^w
zei6a))=fNb>`lML3UC+22eLttfaI-16vj`~+T3L`>n3W`mHF1EcreiIj`g`uNu&6i
zyET~9$FZHH>o2Av;!GObh((lN1`w+@v7v#+Ue3<*#^<BS5!V?JSt{?OWcHMJHv*0o
z&2HNSPsHC_Bb*aEEytH4O#{vPhGaui-W2j`7e9tmkmw-pvgVx&cBGIXL2@cN)|`n9
zoAwYa%{4l^Jl$KWL7b?^Uw{kn7vNfeZV1eJPkoIE538a3L}{YY`8jK~PxxR*olT5h
z7kgd5I)C+an42%-@q;{*9t^12r)d{-u6E+-@B(1Y0UZUN^SF!?K02fapxKmLDZW4n
z&u%rZMrAv#nZs=6O&cG3=~`mlNH<R(@$v|5Pz|$)vo8mE!Df3Io8G=|c<V};Ja^0n
zQ@5kD?8^v80-@}-ef=oO$n4$;&?_>MoMpwrC*mF=obFFM`sCG^+KD|I5p>>7%z7tp
zXCO?QUH&3m&>iTe<5DOo4Q}cv4~yT<KGu~eGKh!KC3dUq(5!8O&(+nn=NV`68x?J>
z3{Oh8NX$23uUQjeLu%lb94J<*Jr5pGj4>Y<O;pGD>-7*tuUNv>=BA;LB$p$>CLN+K
zRHdX$URQ{Af!7%w;Cn8wl91Ak5kUgcCA8fwq{Ha^PDH`#oXQ)?vt)pAT}RBhp6u+R
z!d(yOLl%T-&Wnm`!H5`xjznONmQpHlR%By>N418q0>zY_!PM6F%yhE^3vTb(3A3&D
z5{8rN+70eAAL*i_(7ZBJfKpboOMF#@G0CLleoSv$6|Dv%&HTLs?37aHnwH9q7im#S
z@QUd8itM;HXzSjy3zXOM#(WY&8rHPK%@WgLD3|A~S2X?H^d2qZ<AoMnAq#&V{X|*k
zp~^HWx18CIU_6!~91zL(=-j$1ZQdS6Z3u*!A#50E4%j{ja(#j9g(Lu^ck~K4L075C
zBETpg#`<I3b+|}KdLGT?P?0aJS*r11gOq?p5)-(zb{q<;u*{!91hp*VmFR{u6JFsu
ztKg%2Z*+*PUBX~4XbdG*Ph!hd`w3z>w~MRH;?=u)3^Ig3hn<kgja!<q9dKG6WB!=l
zID3sjI}x-U5GOx(uL!omjTK5I;7+sxHkA{2>28}rk<G5^0f=xrVE7W)qV-BK8oZ9W
zh!;q=T2b(maQt3fhCEJUL$2Z4XYHPE62WOFt+NJ&`$3G=sKInkNTxiIVAcoXNpTkN
zaCAE}PE7_0apOtUI;lolw2N%|c+5O+YEzsU*oNNNFbU&F8;P~Kpwu&lJ2yA1jK5T^
z#-OLA-B>RyA?QJSLDsRMEOoN)#j)@-!Rt^JRe5D(;7{<K@0IIvwBV~U@p=V9w}gic
zQuSUxLyFOE$HUyyoMtIlce3;cx5CmVHV`5X)QC3px=Un}{6ZSWn=V?CnCiXz3-OsM
zfBam8TQxH#L?ch$7QRUpW>_f98~1XUlUP$*(8%RBFve5QX-YL7)kUYsvN^)a2~}Cy
z9u+wgP4lfd^YQ1bnD81?2mNW0&7=-#?5LFO6M_c}nB7jQ$9R>z^mvG5_fg#;G3ePT
zLDysFQ4`yHSsL4;CK)6^0QSU5OCOZcDj(s#aV~t4PZp1J*|TUJn79#YwaPNh&*!28
z<=JIb;1rKIlb_BiJ!J|)#*MVQop^^jI8Xca7Kg%GmtT)p;NF=OkfDUQPCsA}6wyTn
zOl=WK2UgT9GO^K!y25?Nq~Wh$+~YZIywnEgn~v7^N;BWXmK7kcL6_vMdt1=S-7jp|
z@fesHj<e`@Z3}lDPbP2}ZGtCU{5*!dH~>~3r*vk{#vw;*CoUjvt8-tzdcbs%k3ay0
zsFV;V<wQi<4T0vK9ollvs}#v+&v6L&D#Z}9b~ttg?}f|urY*g=N?1=&NR9vru#la>
zjHit*b<gsmLN4Db1*bVo$KB=F#KQofLAT&Ln3U+&oY<EWV_Z|6kKdjK_sx6n+{k<-
zx|!u_VU@_m?itJ7cn2gZo*l=gn^a*JJ#KxO&>|}j(x@=H%-}ZAjWUo4Zm_e2U^j@G
zO0Oikd<C^1yyG@@A=B7HbGsU2ig~Z-8gd%F=)q%qdf5^er0YIMHjXHP2X74^Fy4G3
zPVj{|Sb(-0g_Wyi9gFG4y>2_FBPtZm>pF^8@h}bx#CcMap~>peLSfl4QuARsvBMf<
z(33*iCWC;Kd=E{Ms>sK4noW9d-#c@7=e=a1MrhCRfL1ME@j0jAVGEHjH06Zhvv+!G
zq{P>oKA3SXXmB|XE}?2j;7Pw?OhuDnwFs|4LOH$XswdCcF8b8>-qKYGS4Z$HJ)m-m
zmfcj}X2$Ev8ynPIzKy#JuLD@ArX1m!z`M9fo-r$J6VAX88NA9I_>1wEz^3g>?4WjV
zp$906J#e}rRS$2+U?@k9oDLoU^G^s(f<rzM9_&QiT_(~;&y5q|Ny7;dIV)KS9>p%d
zqQD^rz~*FbeV)0J9>CJbxTqyc*XZ%?MIT31>Y(jaUvgk1w!$d%6h7)bP*0F_yp(>%
zWbgK=9(N|HyS3yXxz~Vd8RO97JAIiOrfW<m(|3x{neRDinv1TikjhP60t49HJ2(S$
zf!Vi#cw@K#fHWIUZ_M{Oc2^!mnBJ(XBa#TyOY7;J8W*k|XWxY#3bShr5_?DYw3Sli
zMX!T36=1FrK`Xu(%<gUNe0J2KTpL8fR;@u~JR+9WxHdxg3uU(`DGapjalhS59bt63
z#ULL?iyId3^5nLBXFfF0bEa7*jtA;7Se1)sJ1;$t-l$tYjThdAa)!@rGAIRoa~<2n
z%}q5h&#}VkF^u88yXQ}HW8HSorjYZtS59nMj1}#z`D1)^L6jwVv-ZHW)RtKj4nlXR
z+HH{twX%Eja097pJ=kB#LiLk5>*r^24;w{oQ1cN6LD9hKJ$+WxD%qw)FNBES%M{#t
zoRnzX@lxY8x@}m!y5#nbwi!W6<0IWO-d*B($0P^cAP4zUA2{e$DDbn>ouYnNfbi<Y
zd*NCc3q?a(B77BjHYF^a=;<T0>CAHK%$4>G1+fSDYSFNYfu-%4iM+LM#{G+Nao^wy
z5YB2sk2#I<%Eynf%z8%1*IZ#`_Bzv|pd(o*hs!DRfz~?9(=F?rt_AV2a!$=XCoLc^
zPawn6$bJfvp-(pBWD_zC;NF(`lWJi_tRM>I2hbsJZ;b=@saaEREjZDJXb&pCS3s@a
zob*Vj-^HR}GHP+?Be61n3(rrBM>-A>&J9(lEtMm!dZ(+q^=QCIssdg&hE|%kX=WTk
zVnE>_sz<!ajJpm^R1rcodn{htMg{w#<EWAFncrsdn&w}SyLy|b?wnx^@ED6#r*uYf
zDcys(S_Ia#CwRouwX{UU`?#ClQoF?ZD=&yexe=3FA(DhQ=o&rf7DnzQsRrO(gKY=$
z1YBnwUcMEX%E6k5@U6|>=vsZv0#LH^o&(BD#(po@*J){<$r>!B_d9IN%{3YT*y|d*
zn0&XuM7b4-P>uz*-Mi347Hn%XvQ%W24u%dWb<)Wl^)_YOI$OG?EtIJnO4y7dAw=6=
zbchbb<pI89pfTk=w-g`)j^<0K@m(LYiMWTvhA`zt#)ao@o@3nSeuP;q1Sqda)yv|X
zc#NA5@ug~#$(=iuvIXx0L#LKa?a(xg+m`E@QVg*m*1haQrVG<q!t5<Ve7cdDb@b3c
z+tgB(6{yv8leG;FYANj^z>=M76qFb1@X_re%2S%gC#q-qj=L!Gb(gvXPpmQ7(NGlT
z8z3P_$GjNE2w30_QzZpwT-Q*Uk|<MNbhV44;=0zxSJmLnQ_e4(mXyw<R}U5*m-wu1
zPZ_4{qm2vf^cTKOu4Gm)qbca{uu-#IISiZl^;X|Aku=KdM%R`h0JpbAR$!p;Qg1mp
zr?WjCD)n6nb5m)6KaH0RHWSpvr-k(xx0VC#If-w}AcTw7A!v!NRwz4Gya(~7d1|Q#
zOj`DpDa_M*6_n(9fq7yITm}T%9z;8Y0J<PahKG!D&Zm{1kU#yL$2}y{mMe4JILIB}
zQwBo}UWylHbOck@55>Sd+*-t%Qb)2@eS~25-ZTel(BcwSk2~aSoxUn2d?nyvmjFVd
zJB%e7aONlEBJC5Xo?NPWy);S1qGM@mjg}=xSGXHc7OUZgw4u*X!ru*;GUjse#<V?x
zciEVWc!}q2!Fb(Hn?-CnQ=&`yoY^);AyyGep%+|LG;`~4^0g;D9Gl>!8^~MMdVzPy
zX|%cZjyZ?tTwHbb_zjz5LOn6Bj?i`sgThCDQO+@T`BL95D&ofWUb>&dT<7>$j>c+w
zL=NyEkh|m}W1MfSdf4G;JVUd^8t+8lv?j9h>B(Vx14-3LjY;HIGOe0$4n9E5LN!+>
z*?j!!If9gA9IaY%YdhY`OgHAd%~6t~fQL77xQBk6xhT8cRC<#9p03os8=DsfBS4CG
zdJ(jeaE@O4m?{v8)Y^@q?B2r#rB`C{hLLq@yz=SOK?>x#C*4=Ot5o+E;Juk4MdV$B
zNM+m+Zo<R|?e!Kfk|R`>y*w+BGpQ(_*%Z3HM0Zk>t-cxTr}`Air&=FQ1=pRTRA&W@
zSJrFfqdrbuZpH_BOd>z7i|T2_&bi5JW4Rcgrk7X890_s@a^3!}^k+#*twn*Z*t}(u
zhdbT)3UkY}R=9W0RfS*J!`@|N?wyA9?2BE>BNo#b;z=dNed>KM5<w*W!dfxiHoaj_
z+0(cS_qFU$YfqW#`m0u_h{7Cq>OCobs^HEh?8tbFQx9HE;WNWM3^hIs-P<QXg`Adb
z<ZoB2DqWv&xu;*DpxZ*Wb1!W4oIN|GM%j7Esh42j7dS~6K<W)aZ*VoVWWz}?)%>x=
zY9;x5+Ao$&9jaVwn<8+W_KKlzHC%#u=N0-=cH0V85f2<SM$I~Rk>O2hRmrRt1HsD@
z?%m9SanAQ*#u>qbLiMG<9=+<rwFrnMGP#*r`JTy{zbNmbq{qjyv_0bbJS16go<}~7
z%!=sSgOQHAPF!7mXZlJS`6`OdAHMeeUG~<?4gu(sn|Kyj=CNv<jdTOgmxQg`7p`MU
z0`I-V<p68t45FE&w;fLQ5bD7%!otaEejq?fQ&PfGD6x2l)2UnbxZLRRD`#r4&Fh<V
z2HBk|_Ps|Np`n9M!h)XkOOU6$&#-As4+H3M{2}XHa7aUHi;dOAuGu<Vm|O0W)#5FZ
z_H^udyyUd$s(xzAaLbFk0mZaQk_Y(bT#iyjoJ4j970l+_2&2W9{qT+GP0S9y4NfuF
z7_XKUre*618>YkOW@7RpS*WEMIB3$7M+F0NpVrZ$2D4VJ^nx)ZX1EHHZi3}JHyO5;
z9XXfAv=r-p0t=EnU3efgamTsyyk&7z8l+#_lxL(iKrYoQmfPv{eh@|dG}0;*JoBjl
zN*>0$_aJD%xhO4L`nmx<fhBP~!s9aK3iVu=<xQl%rxgI(%@dn@G0Uw<Zp}Qf?5f?q
zeBQJ2&~_IP@l9&#4-sSye^QkoW(wOl@J8Q6CqrhB^^GgW2HA_AG3rRf0s~22f$8Tu
zJkNZU*wKsTY4Kg@4CYYB#ZY=Rr(M}|vUsrJeF?9Lu&iU0o%NMB<>3s5q@y)#xUSD?
zBR<0{f3RoVEo+ZUw6y`>6KEu)0DMGsUC=Xg_#QLc+ZO`;;<4)7l*HY|iql3}oW%12
zHl0P1>!)|d4X>}%r3<3&xaskc(L`aTCW*oWXXW0fGYwnn`f`}c1~>o$8zhaTQ;yv0
z!ArOSuRE(GQYmeuB5{T%Hre*1Hz!uXZJuWs6ZY^53;I|?AB4Iqls@)BdDx<j#iu20
zX86o7c#n7kFDB+fNnSYs#A93pBx>XdjD%<H1WuInmQ4xj$-tyhB<4Pfi`eQWy&mt1
zR(p@{S3KmQG94M%R1`(G4nSK|&P~;IuTRW{zAzuu+MEN*!r^H>_wr^DZozfcIe$<d
z4Z7x<a&BVl0r3#>1lt+**5`Mc_we|MjKkTZkT6zxGou7OvuqEpw0&S`x~NztX!vSM
z)Ee@wYYnESh2)W59mTb_N-*|JLBO5$(1UCt^(<D<>#mHQ9Y`t}K;DIZd{E?$+3<9U
z7X@oQc1wFAEiE9g`;H!ubs<*7)`|B(i^mbvWb?(rlAp=G1zxE)TfGXF96HWEYL`|V
z_^1ub&2L1+7Mv1&JMn5Vc)0$Y%`Gwe7@qb^r6fK}T12)JqnL8n_oA)WGE&zRUzI|$
zi4l+3TjgaSI|>DQYf7C2=MGug_K<1b;5==N0I5o3duZ-36NHc^H`XEqrbmpykCwGv
zd^O6>+UOb83c`UMVVKRPk_qzZcGcsV9_^EHEx_70$<B^NGNNGEyGzKF5u%yJrl6{`
zPa>a|JNV$-yVod3g!+2h8qtwi=4?RMq9!dOwfV?A)Jx5-%-d0{C+W(VExT#hWi^P#
zX)#Yi+Z3*w#>QW2atSfOzME4{N?V?oXo+|r7Q=$7=(iCTg&<1x<VbsWeB{kaJ)(M5
zd|2VJc@G6G$3uJHik(}G&c<*$+wxh*F2ozlVW)APVCyU>Rg7^Dx!)<$D;r!FgzIf@
z8L7vd*n>-5!3!sl!b{1H$#Y6`S1T2%7Z%j&D(JNjh*K_1HY|bgl&?(yS)V+^j_LLg
zIx1mcadMHn0uE8Uw*-K1joTCCh93(mp?B-DzEcvEV&Qt?t%yefR56H^!_SpCOdicS
z&)Q2M5N3(8=nB!*xg(18tM+aYA5~ohRVcTL0)IGX6g_T9borhKPV^RaTkjU$LsftZ
ze)L!euL-digEd(1y-JDEl6OJi=ZBa6l!Tbs``pq6I~Q!AdtFz8OE$X?iVxwuc^Ekx
zg9D;(g|yr4x)+~o+lf3IgeP?J$+^N8=YA@u)e`AqAb`45xppfS4zmx*R<g+C#NNEe
zXYX9$A?WrKd4Q_mdo-h~QN*=ShWP3<O`%dZda>Cr7F_|UFEnx3ImTp8s{Elmw;S_~
zMR{v_UTNFf?i`MA5?5Rm1;7uT5bD_>MF^>@9y3TRpe@mcb}gf8!~k;ZCSb<_JTC-_
zaObJ*hY?jEIUT$qk|^&HMkAu!4y+s@krx;q!;DxnF--V8D|^dGw{Xb@4++K^S}lxr
z=)INMdH_kJAZ&E`@>RP21v(vQ`y1(MGwoPf4q&GVsv4h11y%^;3#{TagBF5~uji7i
zK_$rvC&KPo@8G=C*zxq;ev%@Mj8Wuf-~g$b-rXSYQ7aeZLr6T%h}}r^oyXJ-FFi0`
zl|JW4Js|g@C~!ak*oJ+fc;m9#$L{d(fSewc-_EL&wKefozn7%xmQhLw01VGtZMP5h
zVletm`z^Iic{0bLdWQEk1^~YsUAlX!-A_amgZ9OsDr4|y@VnTQVl^27K?GRju*NWG
z3NisLDMK5Yy6cWpO2~fCA47Yyy?S94?nu>U1e9t_nqB^m6XB^FlT4h&dq`q%r(NS=
z_Fk{Oh<q;3-2y#h&j;$VB_F(sRqZXQ6e=g(ob;7NaVAO~rt{cv?FSd*i`-uC+9p#9
zkXT4n6)Afc-MK;I!k10YV~y*{UN8U|GlD1VUPVR(A#m7RMAM^OI8m^`3U*yfvNow4
zCJ+X;b-M~Vez}BrJGL*_jYWyiH<#0~@4C41c`Ryll*r90PxZr9azo|;hqwI>R?>A=
zt_QldGMixx;ni!XZqJ+Lz#_?HquRZ|p}drsaM;82_W;PBC!s{c#ZB%D_9$If$(ekc
zI_;|_%aSZEhKNa99Jep0M`$mXkxO@(9y2gTJ%oLICU_i{vlBJ1w*!rm-d(%-Ox!8F
zx7pF$YZ_J=yQffUs?u9o&9A;e_fOE-16OEaSkUniLcbe*QZEu-YFXMtD<VwGYBHG1
zU~MMV$n2_`bHHD|?mbxYHVS9kL`I<+eO7PasGb+sNL{oAwzz|mBf`tKS(Q60Yltf^
zR@006D6H=ZHkcP*`q@3{Q>?9XN3J9G1RTb7Z84NhhSqoXOrAyB7LNImDbW?HXPI+m
zR`SZ@)VaYqy+jej$GAqaL+f_o_N=?CG<AMgscgnZ1*~=Gi0C#bSeJ2DR2SJ(^zzjT
zSkEE%%?a92mt4hi)}N$jm+JGD2UIu2e9?TEvk9yyN<Gy<YH-xhfln&kgzIkSR0*%x
z%YZEC46|Q3KxNNMbPH4_S0T1C8F0;Y)LyjHfu7MfkaSZSZTzldAK6>=$3u8XB3xmX
z$Qq#PR5CX%$5>l~JMcPRsm-E$g0OKslgBD!iYzDR3OhsR_ZlK+6JPXO5X)9(w@})*
z`+V^#j-pDgkH#S4<sRFLCTSZC0n8IK@#K136OU{v`@+qH$3ePFhK@T6mY&ZV>FS+1
zy=XXEAV|FB;nQxi24maKXT@ifh)}QGQ1(rMO=VWWibL}e%yilIDinnfVwUxui=(`$
zd*=g7c1kFM_0Z(;hB}DpC`C(<A11txAkTQER(zL$F_m+XX*kc;Vi-X1v|1-=L~Y-)
z8|Y&tlgVTOP3TqireRaRyFg3C<whfQrg<n+Jm_(K>e^n7pqTouK+>KOfP2SHr}^6)
zym|pyRR^Ut-Dc7m*^d&tYE)|+CM8g)!<Is_p3H0+uveILETsiUJQuo$iS7(SK6Dhu
z!V;eE9@a(JtLPOTSxN__E$ZDEjvJ?l$&o5iRf^MH-kC969q=Z41Bu68<-ibH#Putl
zl|wdd&RJQ#Xo`DNE24R-tj}BwEa`E`(p{#bC_{CS(1V%Pl@*q>W@O<vB7I5kJ*bs#
zG=g;0Wl+9psA6fDNGAOx-Sms}o3RXjFJEz9)>yujeJr-3vvua{T$WJK3G1yRuLhbX
z_hFF%v?BR?eEh<(_7&kP97{wWiMG{Jj+d_Is)_ofkzAs$A_t8X(yUmBQX1V~ztQY=
zT}35T+h*jAMBq#h0(nV=V}vT{B9%RUc@B?LW}*!B*b*GQA*!_Uh%yCUgBEv^;)$3k
zhR0A|jeBXTc@C22sjCr!4IEzEYw0uwmY}eD6jbE6@v65>v1W}3`=yA1uWUQBQO|Uy
z^Y+m*dfgC#Po$L`{+!cY6dt9$h-w;69)4rfK%Du2VFwMv378fJlR;mp!V}Uho=ujU
z0<dgYMc|i+DL})`!3>SYRp>7)Qs(88mUxQ^=&r56M#C_um>@{|o>7gQ&yysy7dVoG
zJcYJJueyxK43JzC#S2~rS>M2G2BmFa#q*AS!{xIu2E8p?fc{JtpOg7c>^#*G*7498
zcbSBKg0CgZ_LjEO*^3N%vft3HE%Lotb@p4pQ66VJ3~!fSu|+M=JI1?V;nG$VjWQg0
z-YZ5iEh(8eJU4PU@3=eRnAiZ<U2I#mefkaaWOh~zh?1HhF)Xeh<}@xSXC7OtPV5xy
zB62E<EO{N9#<@4hd-yD<C#q;d-Bv>85iSb#71OD0$E5DFx2A;4&mvzF6+1a25xv|Y
z4_0&TQ!DL_2=s+ULK8qGmWbuG*Z@Gy8d6!p4I~gJF1xCbjh%>SfeUCc_Vc%fn^mgQ
z)To`MuR*!Wy<O$z!Djj8EeOR!sx>Z=%4zOkZjJJo@U;a4;e^cg%n3Ys;#7fML@8>F
z%^2a^ZeECLnAb5!T0)AovYR6+wV||b$&f+-2`-BCc5H~9AMR~ijKw1cOB++dXS<hG
zwb0t^)YXe9m(gV;tjM#%`xINcnl~GsiIu<O<qWN18-Hv&vedDmbMN3~m{Pcp8fKbo
z$GwvE_r&1v^``ZsCq$p9JAa{WkPLOT7er=>nPYTX76WL8Va;2^k5s*H8)P6NyGsQ@
zsbua@w4un}Q+3PWB2|mNnV3AwA>j9XCYlEsk>S0RCXyP&BearZdo+n^yYJ!!DGdX^
z>*&g$2d}JTLvs@;XHwZE=D1upcA>=g1q7}Zx)+0I2QN}^dLR<Z?o(WaRlvOyADn0U
z;-1N?ZHKMmy;%}R<ELP%^sZGH<yLU8fE=FcAhigOtMR+nuT+ed0iI$i7%4tv#!8Nt
z{;oFiCIim$FxSxN`TWJYX8FOflq(?Vd$f;o&@pZ#>CNpfwcWCTW44O~;Lzkd3Aj?e
z@Yqz;%LI9EIr0^_c-+yPmnT`}k|e#$c!mIvj%K!b-vvmgXFuyooERc0I;F>NMi`y^
zP1)!&*`7R8fnYXzGh=f*`hqJ_7>aI<g1O&=zT7j-=zbC2SlZ9i-=<-K$>FMW5Jc^a
zs2~SEORmLMhU0D56w$)annOP6_mt766W@cbMRT0%nrqS$B_QdT3SdPQZ$1pR#KLDh
zjs&QlnB@b#X+m}&@D8I{L0DfeKJKi=HgeT_wn>K|!<_F39A=m%1!8*&H@zW;UpT>V
z^<B60<2v&muif!|!J?Mtt}JLh=x>{!Dsf!KW4Pr+q^V-`dX#&_Oxhi?NHxUoUJb7?
zGuXXi#j^FbI|w}@i%=ScHS@)ON-4*-oSh4z7|gXu+P?FgD`gGOo8C<zkC4pEy9|`x
zN};Y-N-7KRMvK^ATfc`>aH3msJW!lACE|&~`}pJqK5cakB)xrUSJhw{)JcM=I}fl6
z(;4LswVQm9ovzB#U=H_aBvT~88BxXT0d8iGd)*1X7ziAw$`#p%D{yt>A+!dD5`5!W
zN_xo{JYix4;zwvZU{GN@Oyg}6(`yfg3=*);*@EH@mN0->$LZotG}S$b^QVqDi^~Qu
zQE5-rs2FVJ1!3spdlaJE{mFXJC+qw~mpP8>T$#_TkdH^LOKYO>B=?Ca;Yc~MttgdB
ztBOnK(Q;t13q=Cv;~~=Fry+sz9OXHTsK-92Cr_*=TNixZQNg+|0Vu#I)x^o>vHP5B
zG8=3X8GxeGGCKr7xO#JwL-QLO<rGrCGz>5f1#qjEn$`Zyoz9(pKOf7Jpm-jMRMh6^
zwzLVh=jFRcHthmH{c@iira<j#VzXD;qRG97ss=?C{@5r}Q*n17)nC5Yee}RV2{xHC
z&X^H%r8fc|2>C@8M_U~I3H!#_imVrj6Zow*wm>fj)HxdaY*8@-IzSWC+hB{lSB=H}
zj5v~}0S*bKWeJgU7P<WaKN~H;fZLYLJh9=87BDYYD+-WdUp4l1>8W~$5%N5;o;^Tb
zrDwrj{`h4vx}hFygyEDXS`;FgWf#q9X-UA_x`%i)!G+K-2Wsair;S~MqP_X`!H%lE
zR#xxRD2~^$*_5-8^}-D;#K2vXyuk;i+g|}Hr4LJ}!_5#AH8n#r@4FQl$Rh5|Sq6O_
zzZ_d|K|7P!TUu+bJ6{5vcTsQsI3@sHGpl2!6%jUkA0sH*B=KFPq^<PBc#T>HJ=zx-
zGkPeKPsxs{lt?y@>(B*L3>G48U-{Y?Yd;oyX>82Hgiqe1$?V8@j4R=7$d^|OLT76%
zl{ie?wa|s}C}TNn2obX->}&-P(pA)2kkDCh`wg<<;Lr%4tebGVa1W0{7*#{C6F6tN
z%G@O2U|TM?an#k!U{v*ltfxGH5DHeW=4P7!lthe*el|mm9Idk25gO4N{rZwYT4iAc
z^NGtm*&GABE%C!_qcL8$p;oy9qed)xa@VsjL?T(v9jA+eI(I_qW$D7Q`ne`OSsH%^
z4$Nb+rk-?f3!l(?&rNZvpQkS%gV5BlCV+A-kVxfKYC`+f6+;)}^ki2HtD2iWuK>(p
zp|KH2Xhi_PtI|W#02;cHFW42n7p46yd<Co3*=g)Oo0nB4({Z=1V8|Ic_C#=z03=*t
zW{I=h9vKmpa-SJ9N*bII_Z%6_zFW4L1S`dkJ<2D7$C4t>u0ZUUHLIqJJtn75B=c=<
z*1i&)c6<|8w3&QxIC1`XtaGBRH6+)$9>sI1hT8Lxio=~_PI$w`2;KD3BDIv3@3E$=
z&$wWdi$%yxofM6s<(9KOgvHZj&3;3gc2UgXlBc3WWgQH<p0R#x)5UvQ{yMWSa<3H8
z>-x@?x%M=kZOya?y84SU`-}EEq3kprV(b!)d9g*~sxerkObtEdg^cUgudt@@2uK+d
z6(HxiJ7{H`ObMj*-Gz10+YPgZc^+|$d?(E|>fsD0v9>lvI}?<5@9OCdhOgDhI9`&)
z8NZv-iU!y)1{DVic+(8sZwd9z$kOOYO^H4D5V@7s3IQi3U*NtZkhbEWvQ6^wr`f7v
zq0m*!{XFfR+a{hTilkCQ%1EUXPUPG$RUcE=Ljh9D&0GOX28c?ZK7+)Ux6?&PDDe7j
z&GiBA%M6Es>#+`S2EC!4=v<cBFh*9kS>S=!NXQ*(iEN_&ATRa&<pg%BPRt6FAF#iR
z5ThjLx?uIxtSy#%Pc{$Csewh`Tpc|O(MlGRnW(u$SUR0^H)oW3Vy?E*L=}CHqu5~v
zI`OQBA6-v^Sjt7NI5=`z-#Wibf0)u!ZpvC+Yd{qFcCD)(1g`{McDp(pg)hS5^EWT`
zxuw9nk!PtpK^*Y913BCxLlTwK>($J2NsWxx;+fr`dbPX~ZKsRc0LxO-7~7<Frp^Y^
zdymH-WOu`JqP>mAdI7K5t}g?xEv>|f!BlpS&>rJm=)pkG2`G&h#tU?5w#!=K@HA&7
z8Z4TGsRNx{Jyj&o3*VX|u`0UecHPsp)_u5UqV0Wa&Cb-5;pU?xwlj7FoB)xrm>hJH
z^@}LG#G{9g*vQXQ5Sr}-b?KXS|Dyd;w9XzhpT7_{L61ggz9K;dF|qX9?uQrlY+sYW
zD<B15wTJ66md{_jR+|;na(Tc`TvzyH->W04m-H&|)oJ!nS(Xcim!n%z^|0{BzK7n~
z_2@=Pu^;BzX$$XZT2gYyz3p=BeIhb^ki)7o+z6flFJcUUF~a&4$z#b-dG|U}4KWKV
za5Q6xP?>3xI_!0gy6l?rs~fXNmUNaIUF1&*65LSdij`IxM};4C#)xLXIwJGy!R_*c
zS+wZrVz1=W+kOhIdL(qZ$~zref8h?k#zkb|a_(h~?wn{bP|<PXH3a78@mw&D6$G&W
z0Nx6w?{UXFjrtt`agO|jx+8eb8L{c0nk>(~7ttUjRyZY06Lhd-*Af|I2heQdISDr*
zQ!$SO8?Y--t!VTiEC@1K(&jNr(z1E2ynexw26VtnV)(XcX>kNcpSpoEodUh&cLOew
zuUI`pfYSH252G$DKo=t#LReV=3d#}-9m*L|ytTszUq8dMEKv^KMDDwX2$?bOxdvz?
zUJy#^O+;@H>F!CAQ30@%%`7Yy)^R~YSE)hgp%ywr>$<O)WjF0G$7>0%c%IvfPHbqQ
z4D9AQ(OI#BJUMZ0bGXsZ7!bx|I9*Y@r%v4#X{_h!xp!5$m+0-j+^LqQ0Pe|gjYW$y
zBIpYXa02@}h}t_9AQ{i7!sUSWQQ}47?c!okoEYofmfJStfxF`7V|`f_4zGK?oy1(;
zO+!J0*)WMr4qnE}xJrj(B?>)t^0j4>lgVx_dp?W4+UlttBxTgd`+zA>5p4szG#(;2
zF0Zo`gj#fhf>q^p<6|uHS2@Be`X1O@ncN)}#=;v2dA5^uFqDFQ<AyR1l&`?J06jp$
zzl4T;cnwX8b08rVoROS~L!3-Ny>diLa>z6Sy)?7ZvT(iQ++CvHWIcqdq&u~mdDpQ}
zv@;83s2)ZHStg1YCX3Iegk+XkWxI+d20w8}{ldKzA7Av_z!?VsV;F##aZqA##1YIw
zVa+hEF7$cK%2b)sBLOeZdBnG+672zwY{MaR4+un8y_<J;fkuPz^5D#ggl_OXZzJYm
zSXic~L?%TvfX)4$$6?H9)Le*fE%`o7zFR6e^mOxwePs}G;_23LNjPOxNgB_hXqujL
zy~&W*79^&4JC9fivN!q33KbKl8NJh_C-#g{EFbqc2|d9kNi2Hgq`kLT^VZ<5QS#wh
zgM<^t*a7fU3LZocEGG`DHqVr&&x4XUWX>CR?=Rk8y(NT&D|;g9fJr29xTeiAIS&`<
zV)rq-GL*fMywRc2%bv!9zLa;YDH`<pP)ln%OH}VAAjmS)j;(t`jDZkG?PJzA{G^db
z5It>yeEP{{h9lBBjH6~P@Y!S86j?h{p$NGKw!G8w<pF8pgf_p48wUT~!K*b_dr0~q
z;$6o|*A*MEv%Dq{ci7!c+KI&QY-EvVwMk8=sbI#<0L<KAeJZRdvAJwF+HKLvZ(vB<
zVg}#6F!t2YL&tC~Dc{_23e%2)*4KejO-XZs_(IXMotD{rlk~zK4imKo<zV%(zj!(k
zr_${!y#zhMSxwDoTB<(i_%h#)bJwbucQ~b=JF8*$P?W)5rKxmrtqlymu<)yU%wvO2
zaW5}}wV#L=cZg@uljRL9@>&vQM1lp_TQq;b4m<(D+A}z%MA3k3??vL7Tx~08zIr!3
zGeJ)_wdNhF=HR3ACZc6Y2N_g7zirWB_oOUUd$y0BuNq@42CK?U4v!P^3r?QIT!@8j
z-j*VWMhD<y0MELOuw~Jzi#WWAdbk=Dk1I7eJ7-27FIO=ep#{UM3qa1;eu#zINdeHR
zksgk<uOvNVUL6kzkl*UO2^-;xTIP3AaQ0Th90nq<<JsUnZSL{T#4Sn}qRd2-J6g_1
zF3!;)5rJr2+gPc~v@fDL3sO|;sv-KY{AnE%J_piI-ig0>?_lhyX!0yb3p`qBU#}8!
z0VU1!AduRAX-lL|58q&T;pKbRMj_Af3A?z7=W6@5UiKrF)@9*Ay`&RtM%Bv_oFgL_
zKN^K+2F(y|r_4;lZh0I%(k}vgU3`;LVX`z;@-ZWaO1u~LvWdmOW1j>nl=bX1(@`u!
z1_q(IoR$&sF4W_A@p}4BQLqH+nT<k-M9>=u=blsmaEc1lEcH;0x2H)MQLl;4rbPe}
zrJTf>U>|Z5Q8fTm^9tizopI`jcm5unv<}vCwZ(xaCM4@$z$?ntF^-}09_*ZDL4ie?
zCa2X=A*4mp-TDwM9i*3%gGkhk@$#v!X&@=56suq^?6d%%W`mk7^7ELWz^4jpqNIwV
zL^CX2*15cOILT)@1!kBIQB%wt=x3vjhPb)5<7_O6YxnXF;vp(kU2T~33(i&N*PFw_
z39u<VB`K2W{3~O-*N@fMpAhX_U8axe(kn5UJ<qyQ2M#-wcf&FF2wF(J8vEtGGkVKD
z7>{}ixk8j;x`i~3HqDOAo^V|t6iCfZ&}ez(g#v;DitfRn0<6P02vh{|Yh@zbD9?2=
zd#$x0PC@XlcC~ZoC_*4clP1OB5p*geY`8oz$;WiDk!!kSiv{gLMIDdEA%`k3eU!#Q
z?q)G`8V@ywDn{_gFIR=t-O#B5DZH%cX4$Cj#`QVxVwo40sPMh%=eNuNy(jRVAC5(_
zd8;{YC*gy>m#z~?+z(ASJd)^uNX7e7$=~adBS|1Ec<G#$`OZBch;q<k#A8`Yo)oOY
zd+pC(kCwwD-t)bB)!G$(QVDf(TIf>#c52^29a%>F0%3zjDIFACqwj@o`(jGlF4Wj0
zB1CE|?F2cHls|th(z>$)Rk8FI<piEPLDUoQtL(DL7J`LGc7*J=WGpby(x8TvEP&V{
zV+GW(a42=&L?mP^*f_~q27StrKyuz8J%O?Dtia-)a)*5a|L6;N=7_z!Y_8rEGPb?J
z<s&G2%WmSefzs}YcPkW8Pypi3lC|gvGP+*tDrf9#QBJak!`2)Og=Y_*ZcE)_`n4uM
zX+oDBI7DuN^?J)~JD~-d@YFFnSl_yGijR`(nae&(2WEaLng_*mn$==E(p2a&v+L}!
z2@bQntD5;<)9PeBCBbGObt-jYC%g#nN2m{#DSYwr=3!-3-<1S+pu4vc23Smh-4s9H
z@eqp92_>W(k*p<n5mS5fn224#_-Q=s*&Ght(&cn`;@NGkYy<rMBHn?Y7-zy8Yh?&E
zTUoKVu3ij8^d(emLRN+`l6lVgCKz3e!@Et`L5wfz_)PH;Bl;^Ve8R&6o{@uj@aTa)
zP2^$72Z_BtI1^oW%Ls_eFz@<J<93(7XMD&6vE{D@)fE>N-Kno#Q{JOGcw)28^Sn!M
zRqlNIwI|?KPBz5VhQi8-oC&#kDtNtB+jItjHxi{vQcPlS#%fqhYQ!2LC1OIsLr}UJ
zZ-8D%wmb?JyZ|ZWvAc6kX23IF?Y8pgpp9`4^0ZCN?L>*F;!f?I=tET5@gtbThib=j
z$t{mf$Ck#<^mtQe%)sdONV8wIoysOPAL8?{;RD!TMbfiSsj&K?;F!h`C)3QiUkFM9
z@4FSd;_b{OJq5qignfXjCy7M#8X>1d9p2-&@qEj@{l#8f;I$=G%y~r4n||b|+Mf5`
ztc$|VhHpQ^B#P%G#E&k;47C}=%X+SG#!kSkhh=l64wL)k!fTA~5{GRhnj7I6LeS)u
zR5lSW;z5}Qy>y)*YVSM(0p7ME85~)ZHO;CG#)Fg&_70L5-k6#!n&4?%WOy3J5yG5!
zKh;AtlW3CNOEJSX-n;E=2}4}0kx-jM#|ND+_$Gm*@;xqcvBaJ20-#FK>E6Bo<`oO%
zH_cWH4~!<BDA+8n8h41KJ^}BNVal_ca$t$$q!-iX{Sd;|ut9?ug7TAihA-lGyUK4a
zc~S`tZa|IfG;AEt-zngo;<7n{%<D1%I%<!)w|=5K!x{q|4wlc|DQ)+vU9KZTAcQt9
zoy+sK=JlG>@T7zTkdqZ|g}c)x9;BaTMlaw?-Kb`zE7kVlM4u#Nz{QI9M7NOc8A<6B
zs`JqU$nc6pjFlm~GvK@{MPDQXU$fPfdyFqqk`W)?;OKkWWR!mW3>*#^+wd{gu4aiq
z7bijLOlkT8MI04!wLNIz^1{Yux8mTM?wgnL<VhACJ(PetY6hhn$`QW+O&XZLkf*G4
zgfc-YtXF6eA!mBdukOX|lvHSt+Q<n@Do9q<J0&X#5m58uef`Q8LSiJq&b=I&@uf^~
z0U%y`HM2ly9~Q?TUQzNU?%@%}*~~V)dTM?&Av1n8Wr+%$2jeOCrr%o<OX1G9CD0rV
zuUbS{^65EP_DX6Tje*8Id2kQ-7^8e-x*R+Jo>By>^y_GrYmT&cQLF75h%X!7v`i+V
zRx6yk&DqowCcw#w9%p2=CR;tonv<Qx^D<?9DjBcRaPdx?eEem}=7U)307^|veW5~<
zVViY)8ZBB+$Q%(^)%YTIhRh=O$y4EQN`xk=JiD1?z+Sa=V3zm0Rw1t!J~J!$=o&>=
z#4RIVy^%+8KF2MxuJ>;Hfw_+_z?_D5H*1RW(KC!kOPDOe_)y0C;q1Ib#f6iQJ+||!
zpVL@k^6c{IAjn}3tU?Fc0Zz30B>=(W=uR)dG0VH9*U2R&S%=GHq(z3eW_NJwn4Sa;
zn(b2>kx7eqAl<T2Wx-{O=WNG_*Q|u(I3z|G1~Jbo>ERkEoUz>AX>skz9GfNaj_F&f
z;RuS=_V%}JrnTXoF64z*PoYl6sz-(IBC&6AYvl9@L-<gn@O1k!ZMBD2XrjPdJ@^$x
z3AZTuy}g&An!%T$oZ`kcbd#r&s?Ycx*cOb|tH)$BjM2WQWNISujND!F%@poyo^Ry+
z6M5x(%h@aKj6N#2P1Q1#58e!m!()58uVBtFAiUO+KxgxWMk}2jYUjNNdoJ`$(7k7=
zUUUa%GKZL_Ev4@}$r$x@)bc@fkE@2QgLpB(rw`uCja;h9vRCd+I$A@r%L===Cw>Ka
z8PqK=&f9d}K-gMp>f5R)akrg&eP9aYEmb2GQ;!gzVa~fn!r_fNW}-M=+&)RTIM_-a
z=`ABS&m!t~uqCM^k6yOw87Lm7<7N9}He6^4k#`8rCbtwY{8kf0a^EiNl^PSBBd2<E
z?OX5oi}@!`vnLJPuT9X%y5>$ML~&oj#oq0aH|S$U1wn=+Bqfzg_eQDMd^yrLPS5<z
zv%@P>cGN<H?d=4b?I9m?B_UMa)^$evOxj|Ww7O&F`YyB+7aPax=bKi74v${jhEi7I
zY>+2pS4wEnd08I1lgd_5OKo-RK{B2OEte@pKr*;$Zin`67r|bfb=Q@@bYU0NXC97t
zJ667s{BBVClB@7R#J$c6vB2{JIRP>?+H9H^cC*-H3wk*M+KGEjloMU`geSaKET9+&
z+wxZTNQUSMf-29pzIlS;5z*1pE%@5oHXfR!n&ktM=pu*ge12`|5mu@%DYhnju%Dbw
z<7C#T8Pv@y=fj4FylRKMb{Xl8O;`;pO?e}Sg}lc*7dg-AY-|BM9`Bh_F`CnKZj>^!
zXXV-($=B@w!NnKhuPbO2`-#YkHw>|nu7kaP(T^Rjs4~vgqGDaq`w}<^jj`UYQIe^s
zgZg{Cir~?kWY!1sc=Nplf{@zx2xwbl=piHdOpd+-z`5rTm1(js#R%&0dRyvS&`HKf
zcJyVh2jc~~w8S7FucOyAo27+zHc#mpDI9t*96SId=~d%eW1gl2Bc(*vu2&}^C9%a3
z{9=O7@yV?HN^=8Y%v)7qHQWe|<^g;{ZR}V)4!){yW~%Pd6KC$tH}&XM^){MlHM2wW
z?LZ?h^1M&xMZcII>Y}mt;Ju3td?63X!JofwKIjbNb=y{FfDzizdY2l`+2Rv95YJ~;
zGVB5PIC^s^*u*T6^O~X`mgkN?qpK0x5f-sLCW6a`m`i7VfT$4_HpcJ#s4(}QJliUk
z>5j!WSNxpGcQGJ&Z|Ze!*}ZrV(dzVNP1}mq7NcR?Vh$-}fw(zn^Wd}6hgt$z9o-9a
z_p)=6t*TsW&1@B|YQ_AH1;d%Ap29+gwi+M>tZ7xqkRF@^w<jMN+Gg|GY#jC7t7?%%
zTQhAKAQy#4sXYie<j?<t-W#Mtp9E8bDmFz=!ZUfl07^P77w)-@sjZ|FbZeOWs(Nl^
zdK$A*6=k-_Ca-C4ugjh&;GA^vOrAJGl}EO_zGs0!E#~=-Zu3C|@0|EaMu`7z*YTRK
zGDT=rlyf1l-!`>e2{KzagM?9Qunmibo^7CyIsqA1Ht*mX;kxXq``VtZ7PnhxaF^yh
zA}lFDkD+^!!cKQto<W{|%Z+GGw(o7U7Z6uJ*#{YHGQt$^Ftq*c&MOulTQyDgp=w%)
zoKRF-5j_BlSbgmcs-F1_!8BUsy*xf(M|~o7yzWU`l~~MFdr%!`GcJjjOvd8zdhpy7
z`H3#mdYBVd%|dh~KFMBDMar?rh<q<>sH*h3rUfM78O>StJ}i0k(A`qem)BYMEsKMB
zaaLUN=<p!=p>F?<p~cWMD8UWQc)K*$?W%W$7v;H^!2IMqq;%{pU8YCfx!fT)zGoEm
z%!34%lDeLkk6f&tAM76KB_>)riR8wf_$60Hji=u%>y8xkZPax&LCs`6bEHe=g2aqS
zJ%m13t%--Fc}tW>;q32<ho!nVZY)|ddTHxDiLNSEdkeQkgKBo5iE<Fn!F4jD=cvGM
z4<A%pJbe5#h9C2=@x|-cvE^n1v(UHq1g}Uu`01<?TM0g)&cN4i&A1FyB!|8BN|%R&
zQ&$msLVdkk@x2#g9*sKp3BB?c^hXgMB8qQ@k-HIbPWl)7kSYsWQYhGGDTNbEw*hFF
zoK2@X9OPp;&+K?Wgu9Mg=ndiN$~}wG;{x)Yt|&C|dG$i|5!2o4(w)_OntC8pubOdT
zT(O>W>1>NvLFhm-(Ty<8p~+$`is6+|uIkaaCY?HQdS7N&Hm7k=4)A-sg~Gyleh;Z$
zQHq%f?Axn(2J7jajp8JZVR)6Vl51d0*U%^XoZp-GQew#MygP^<uO%4*V+rX#kG+Cr
zC{6TwnWy6Gw1aJ~4{zud_uC@tce(BA@+bAYrsBs+ryeNX-GNr`ECCOFW8Gg*;-$8W
zF3l^mmRGUS&l&fOD5Uo>`omb9yrUD(gzocbM6hOw5|Ct_d&sK>C1~=x_ZgrQHD4|s
z_+~uwxLiz6MH9Jhv=eJ@-^WbgNf8l}uiuW6s)-KTTp6s|kttznUhD<w&eMBcsL@eZ
z<va&PEvP^N)JP{7oAmk>mse3CF<ST;rLni>^74y5zCO50GzJ@ds=!v9K0El{Bw9*0
zRS$1Cy!nN>P17E2EBA1V=yX{7daYCr+{!I8EGtc-USV6IXV{5Pa>-`ox&h={8hj*M
zvoVzucA0~3%60tsxwz-xhU#+KWDQhuz5tur8Y+?qLoau+2h}*nfeA~Oto~E(ZLO>b
zF7)0Io{OlDrdhe5>@fxSQz)^{u_ypwBc4GtAg}7poD$?=8Pn@EyR1v)My$xD>hcF?
z))v>LmWHDmbv8%$%1$mWFEhlj@hIVW&}y}qYJ`Kzi#))_bcWGFb#-kyaO0|cJIhh1
zXc$3OvX7PzBb-L(Q3A_zvjcAl+Um2+NAJv2b=R?1C~RLjCg7g(b+GW&PNOuwd~urX
zRgutJ$m<s9ct(bCkEDE8p<bV8_Z8FK1@z%{xE*JY9S9vh6C;PHnQI*#NIP)4aP@l}
z6vXEhl`=uxp_p7jPWO-k6#;SwLRILseo}Ary@E9hTk?o9$|qVWQpa;IyHk4#fpLq?
zYS15NTx3^2hNR#zilYmgd#MPuaEG!}(K<54sLT~^{1lMkTKR-B;T@1`dn$t(fLb~)
zpap3f@bf9GdWy5RYYz<wndICFXODDnZ_KV;UOBq342a}(kh6uZ_-oVETjP#w61Pm&
zOh0$vquUaH+RgQ{va*~hQq13?jYPyfBBm{gy$3y(lhvqWG&KcbN)OmNJUq^QkT(w~
zjgV?lw`st_F*75AW9B@zC*Zx8X4SkH?&*|u*4BBC0{_JREn1gGIKR!*2YyJwPw-{&
zav%{rAU#%jduoU)q24#tjZY?}c-;)F#~z(LuK-5&f)uEmd1r(o<B~-2w5jHKO$`-3
zWZ992>vFX4FiL@F{RmN3FC*3`Xg!P3(>ZsZju@9yk`qKs$yIfNhIr)Le&B0b@Y+xN
zwe%v+!H7OFhUc6_7r@p+=PimE&VGQvs5V{;$<=ICp327PP}Tc(H4xd#cv|e{M47<Z
zXM65lOM)tUV>2b7(IwDafSf;cb~;Coktb+^v$!LvPmppoxmoneM&$e<Q)jaU3%SJ_
zUYl`8P247nLUx(C_K99r)jW5s&2RukrKc>_heN>Z*>xJ1gYW>r>(VIvX7z=>=b9%?
zMGrRisg-$ip-~}I+a5n4YFFJbIYT5jjOl7ped9r`&ExK?+G-PPYI#ERu;NX|j(JFN
z0m{TUE4_XI?uHfeoVLyVN}PzAXWSoyaBHv;5&Lo4K$<PrP)aj;l@LY4(st~;g|`;_
z&WW2^7k9gj65l??W4*Tzz@=WkOK6dkXwhC2kZ1cq`WflV9ry9QsDqx1FxRIGZ*8^=
z@UcuVlaZ+Mbv@tN3wqs%eHEOGLIag+v=Hg|@-+znT~^{$H`ECNRkP|m_EjJ|$uYW%
z=_eCS*4(%<^CFe4kC-%8`Pn5Rw{dBs0#|^xpJXNGf)>`qC-x3s*vC<$=WNt-XmegP
zxH5eknFMmm4<4v(VfALbIhky(lcWVGa|}5LpCi6DUD7VAeK`H(z?pk?P}HiD!o~Zp
z!>%X*;XN$C(R^1ACAzV~-jK-T&#=b{$)MO-Q?c{xh_NoKUK7kC<97_CC6V0S&n4*r
zp1+2I#DIdM0n9Ex7)C@~grnm{j%Pt85|KjF;89O*M(A-tUs>sRZjI>c#7mXe(m*&j
zdJ+VyhhCRAwOt2U0Oa`I+YzY9h!Bp(_Vd;^rligOh&C*6<j#nKfum*v*WUSG+*9oV
zWo8+hryZB>Yobiau&AjF=nYIJb6RuB(E&ZDJpi;4ZU*l$AiH`XR-1*BSSYZ<7+kYk
zZl|)jrzV`^3$V@gE_{bpxm@xESUq{8uE>Itlr)HtxQ{r<^_eki%X>l2_4;kq`8eZn
z<m0op=y;MEy^l#W7VVAO9C*D)$I?t4_0U@j=vV|md}%?$4j0#S8m7$;XY(wXt4bV&
zLV1$(oxXPvx3|<v$H`6vaUF(I&`eB(XVs3acKm#TU~QuJ-h@}yOR_9ke9A8-UrV_e
zH{fc3GU~ywtBDDs@j*-vp-T?2_RJGx<cbmrTmdMG%xYjgV6Pf6(@7L5d?{gYr1j!$
zc0HpS^5S@$dL&fMaz<!HabuP^+g$_&3LP$<;q0P@3zXF?(-)#7vO*<8m=Xb$?=eY@
zy1Wr>bO1OReb%#d2(hgbH?M`sR;!8C)3EQf#n|);(*@=pu(C9)@`XkUqasrHVqsj!
zrjp0ArkoqmcljXv`7Rq=vLie+G#kYo=cu?%VMb^-D{N^ACCQbCyiTvHao&tYHI{Pt
z5}ggoBi|AkaC(^-2SHTJqbDroNhG?9jJq}HH>k`{J(p(|ft}V(eA!j5(OJ3#P~^mT
z(JWs<GV4=xz$RzAoq{J@Qw?pYHiVkInYO^LG};jJ23X_Gk<`$>TS$I64jF_r`OUq5
zai5D4_b%U43;@d2>R#`v85{DIoft)VEFsMu$FCVEqw3+kdVpOwocwyZiF>5OIl7f3
zwliQUEf(;uvcW20k?oR6O%q4e#bDuuKDUzUk%;wG&D_EA#K4wh6Sh-)_JHtGXLGtl
zp1z^?nwS}m+TK(N##zUuq=(Yp$SDamFxX+h++L1>-D?A|(YSkB&K@bHWi4WBF~cX&
zpn`Z3aiZ;^^`rx>^i@7-y>kevJR4N;HM<TOPfdQi#SM7x9XvO?ATzG@Xhh^0dDwus
z^78RCu_qm@{yE<hlVSSP+mJ8>mS;>G6Jp`m)R$`H!R_g;Cw3MJKBIKW58)cbNyrza
z6QV7H2Eln)b|@bZWF#d*(-XNl5ZcN_04r#~#ZHU~DJ+nNhiXAD$g)ZIy&X-b*G7XN
zN%aI=g0yDGS0XvO##%uUwN4Z+8=rF9iYsJbpxQb!xQ?<{*OVNxcg}7tb<$8j-l$m=
zneOO|m?AQl@smfE$5<IJ6K5on<VY3eMz?gt?vzb#5o%|)YfyWgA+)D8S5nI^2kPc@
zy|2T#z$xEB>v&6%P)It~kP0yC8ncDq835hTG1~Eoyd!&WDEKa*m16he@}OQ!M>lV3
z2@F4f8n-Q=RgEt5Y$j<BTi3v%AZk6{YGW%k@hXM3cTNQ1G&&u<2C^=bM@aj28JhuL
z=p#yg#}3f!*^``#;mc5_2dBN}Pq@0e-vhL(2mRhy2IPtAam}lyt^!{NsA{_hF~)H*
zluu})$hn{R9U(*wHT7=mx>Tc<zqC=+6{mjt=0$1-HHIc)zA%D!(W3a4w%dy;u!-W<
zT!10b*rnc74i$<t8DvokLQgtu#9~_10=AJ-6WYvb45*vDi)GIDGa8}FGUeS18%x{{
zc}z1M_IhSR{FOiU@kbS=MIuj$7+QjCh!X$=E)3q|Oa^XwIPsKFP$$cA;l@J|o1Tvg
z3%8EhVU~;)wN!nAANmFUE8nn|yQa}(xU^Zj-s^ySh19{Ymc=NKa4B{*XfE3#3LrXS
zdZrBgdL_}krJw9lxuPMzo#tjJo`+8rk0Wa)UT<0qq6xZ#aOkaO9|bixC7x+9ybK%b
z7cqG*#hT;1sKnZ8qyE&yYW6*C3K$s%Ty1==S&u9%Ppe39qiForgqw|>%4nfp@Mf6?
zDw5u)Z`!DA#T$u};+AZNvwrn#?Vbi71rs-Mp0^+DN%X|j;gByZ!dXP>nRgBjOU2Y1
zn_W%=iL8x4CqoW@6&=GocB1?wbokz1<Udny_Bx<}smPqXyBZ=-MvQDNOGlY#<2K~Y
z=Hg0DP&(TPr3&w-m|7C*&sz;U#Dgw*oid~qD%LB_4aFV2sR3&9)edB_v)+iUKA)i|
z+F_fM9t@3m6iRwpGlN`Z5R8^#l<Pn+AenQE1dlWP0tpiXgH%+TBU+vo2}o{LSVwc1
z!^#4H?TUmN+FC8sFibt7nw7E}A}f?|D~V{s!z0-8S|ggNdu@8LDPA0~h4?~hFM*mQ
z1mxg(G3-Ms$wR@Y(#hC}1ww8jj>Pqr$7AYgQ?bVy2C3Y-a>iQL0&39hYo^j%B1L*H
z<t_I^^9zaKCz%};ngp*0INS#(WU-_vP9JTLDgl>OQQ4X4(X85ZogJj(U1ATqfR^9H
zRMkA;eLc_p2zRz4dFx@cscz+4To;vs?!Bks60{iL$VLF1x6g09&{hXi@^*xFnIk~L
zd(jqRc2q(opTj;D>Rug?cSMKlJ;Z6+#;2(v0{yi3c|hCJ3l%S$)Jao!jd>IL-m5hx
z%Ce@C2`K6p_C{5U_eCVN93YG8zRJMJ!B9?QpQL%hriEq^<+LfBrJYcj5I$g!!Le<G
z$|fBJvR-5P45Bfk8$h$d(|v)yl7wrZ7Go4bKyoFt@z@2T_z;ef(%TzxPh!OKrCAFr
zk-T<elY1VBIaJ{GXlkZgM-z*md*~yZFY*oelYD->{jd-&Z|Zg%X0#@F9nLCaIx+UZ
z<ZKJj1SwB-G`ae0P%FVP5<MvO8C}$q>b6ctkzI^+Ca)$MLUz#|xr}GruOVs{H590u
zFx28y5=Hge9_n%TD}9*gSIiujnwO~grl^_;Y47AktM#F?Iyk935sx-R9D8-w%MXj2
zfrHlcO^}5sWajfNnnq4S8l!g+oOr9EcRYhEg1x-fN?4RB3Y-W4SmfsEVM(6g5Ymri
z5t4N13e%)+l$!(|M3qP~AHAw<7!lOOR=0V@xJOrY(JeY`FaAP*GkDT&=eUSMo!*w%
z!HpxUAG7J|1v~+M=Uf>=fRg9F>hvCAEYHJnh>XIQ25(n4qUpin!m}~6o7Up$edl;b
zYl%`ZIj+Z!I+$~C(vMen>9$FqJZ9c&MysqvZI+sau2-O0gK<yzq*5rnhh1lqTM2d8
zN&9VK5n&UjzFM0$!SgI(aR6xYc;*mKBDpyTAUJ>>MTdRl8LRHyfQup=5wdX3Oo(8B
zVSB3KW?rS0o(Jb6V~J?fItXP4ynJ2?=o-Tfyc^e=Z7W=yIxa+kbaL+~t+i{L;PP-$
z`MFO#Y9R&F$6`Y!B;;NTu|1cG=|L5d1Cw!$U2hZ$%Vj#`^+r82#9Xa%O1#iMVha?h
ze)Y&5-r(km?!o~Py*gC8dT(_N1CB9~a8{z?HY}k1s+tPREN7x0>X@V*PfZC;($2)t
z6K%~jOYH5E_aLjEQyP1F7+sC|Lz$uEoVoX8&__B<*p%_KB&)gQP?c0h<8hn0MM`n!
z3|V^G#W`Ab;R8$eFc^xNpcpB5X*g1@FC(m-2e8DaQeJeQYP?bab|fP!5*{LUs1ayc
zutTLOiETt$oW65>)ueg`{KN<-2aH}ldo{;Vxci2ec!FtY{X&-UjzcSsPo5}XI6T!$
zi&7;4>pb_&UbG$M@YR`8X^Ys@@V4^gsAC7hz8?^wMAH1&v8?eEeWWk+tu5q@WBU;J
z4R)A14*PM;06Z3*RbZ2H27^6zwtnxGv6vKI`%t25D6>nxa(#T8`6MJWG3i)B(nd>B
zp6Hw1hgI3kuRY(}9UYkv&2UKdr`jZBB?7x4Kmv26fty_;Bbtj`VW8@@XxtuibesHg
zg$^Gw>5F#f8>M{euc4m>9UO5MKJ@A$Tf$>|c3Dbow)wpJSCV5qn=IwVcUx;HR3}xI
zC24;0SchM?F?Q)0m6eCXk$S1uDP_$SidhQr^IPPSKo0K?IWQ!0R%mM(=`BvHS#e)G
z!v2eWd#gsvT4X#A!Xxge9bNM{<CxqCpFD_mQNqX8B0J~vO46nT3y4Y4vvf>g&!o>$
zn_j}qC1FlSnD()yhS&yjWfstK)3if044vAoNo>%ViS&lbCKm(CC>kv$v~d)3xP@Fl
zlT7tsL{F?GCroqmAvp=t_j*^vwBDdBy-pidHi(=g*w>9t^8mOIsHRUuHBX3I1Q9rH
zyU$@bwF$?%bFheKW@Zv53!3g27DNZqQ1ao-6ScVE<W8>{G>Uh2qwir<NpaRZ4IeSC
zlzGZ5Ygd!8S-^3cUS!rF@q%O0*+JlGndws()l;ImXE$${_6BqdM;e=)&CpJ8=;`o7
z<8VQqki}zhQ;lB7m?e&__5m4@rG7G1cdr4hEqz1^3!S&m=*T_Tfov(8x>m)bo*+M4
zbV+yLlw2c>3M5>9zWush7`|5~??EA>=Yh*wF<o)Lf@92(Y8C%o+Kwk1EcG@$1AKGQ
zRj$gyN2bbNI1P2vS}l+DvD*_<K8ynoki$W{nPK5tELfj=>=wmq22q{BoWqgG7rS9d
z{*IEMPoG&U`^LCP#Pzb1hLztIp)-2n9)v|aSvdcdfabY?hKM{$sF?I@TvJ9Rn$9@d
zhsu=6IAz!N9=QaR21^)Ygl7eeg;KnTsPrU6oFgF7p<97$EvUYcol$I35TxxVw$3b}
zdx!AJKEWsZsmaGTEs;1x?>Xj59*2){83}El#6FMZzz1!cyGpuN6CSpA69j0--Lt9%
z%)m-LJ2y{g9ObPhw~r+_(ivd4Ju5-;CJ{X_L?nPMC7WuB=u8WmOYwUWPblK@<r9pJ
zf`_Vemnebo?()gHn4LAGYiqII;+yiNo{8zJbg7x?UPwz{6gkH;r16bgWkq@OhNvB}
z=EeB~ey@n|&9FYeU@QrWcLVv}Qt8X7385F&fDffvZ%WPGq+UBN$V-M3$G+MoPGsOh
zHB2n`)B!~Tq7d{ed}-VX*^>Jg{52;}$BTRe51<TTwg(|RtawA+Dfd9%vs-@!@-~~G
zTUh7~u{LAJ>_ZecD5u0K+M>b*>OM<e1*_hC(|MiGkDkr7(J)(|w=kbDHkQ0K(<tcC
zqir1%^}xAy^hd877js1A0w0`&dsz4~`mNj+ny%T&ogYGL_Dr=z`+##6#w6`Z*|U{r
z3Q?DOj&ta&1@Ec85!c?q<8_?~d^pcG#lhThXx2C!-oE$psGq|5Zrns9s@}WugBGYg
zpgDnEMQQMLr-;ORJ#!S0uR4~W*u9B2rrR>dN@%jvGRuUil`Ohx&9uEqyxYcrh>x1=
zTHoP@MzJwJC!)65_e|;JnKg#ZY~*DGQUKhMJbQcn@(s{i2z&wqLmJg}r@Z%MX>qY1
z03r8N!+6x)Io57?d)%Q>kNb4Jz#W^;47gb25Pe_Gvox;tc*5iDbA8Hj3C{p?(aJ#5
zRoZ%E$8q`U8E+{+3Vx!y!(LA;9!hmR>eaS;Ks!=B>PP4g5%%m(A@{PiuAGFbRU3|h
zbo$xW@`U;8G?sY58x-Z~@5Z0`#6nnJ7o?%SLtPPz^%G(B@a7UiQtnIut#{pXtamw$
zL1IFCY?BY}36JWTzRYD!sH^94SBvtLQ8ZSTi0&DmFX8Un^I=kb$<4$LZ!J`h4iYzw
zUV?T|9=&+&muiUPA;?WoiU!lk>^EfJ@cS416PJnHTN`DwB3RmBDh!eD#dA>td?o7(
ziwmiYK4&jtAT`bK%CTQ()VwNR3c-SE3lfr~;H^RMr|u4VD{F^~cEkIUaRAz5{rWhc
zzRsP(>=N;PBT9!4sNVRia@QTQGKKdn93M^=NHL*3$IVQuMA>$NDrtNrs58p2xh+XH
zAUD?u_oQCRLqb*uEp8x_>VeFBMSymXHB6>N^`dz2+3_xdGB+hns?KhwJf@|m9MZ3q
z9E7}X9&JD#_e52I-(x^3q2g-MVej_TlBg^|4)@I(q{W29rbUCbKk1j+?tDH0?`Yim
zDkB|Qa5%x<Q{y(@bE%@I>zB$kJ5e)$Qy3u2dQ1paDs@8|Dw!{5rad0G<&`LSfWJ06
zQ;r@9w_}bARqs{ZAr#~WSv!am8t0pRu%S=hu+IU3Gs=|UrVJ9Kq0@A*c(Wmrk-Y2#
z8KLV&FMFNXFQxj9=anX7vw)Mnu!(w}E$#aN+mgX-r>8Vo>xBi9A3-5FoSFJg<Eh}_
zAkl>>K^+xu+z_Bg)q8jsK)NYDM)2;MV*~J}g5D#MdmM?8xs$Pp%lDdPGg|l<dr?Um
z_JF3IK|lmY)m-H!$L+p-U1hxJU?=jD03ctRylNStC|(j2UTW7f5oLM6M}xitt5izu
z77wQ;M+Up2tCab{i00MWa2xn`1Z}1-zLt8u@c8wE+;<S0Z$}zB-b-lHgKPA=;mV6w
z7gE#+^rqd0M;W(T7kg9JM33c$R(wH}j^Fc01orf5r1pA+u^{LmVI`dwW%97K{5s1$
z8*@`#Ik>`?5IanYy$r=JT#lqrz2e=b6QL)O4U|Xi1xU)_+j_>&{b5s&8{T+6P2MDO
z3o$67)>mp(3fs7ha;(Cq`8Fl{jOQ3{A!c9r6TI17j_3)W@~B6U;=4-cqOk~*-0Bsj
zs014$n2+Cp_7*#L%A>sWJ7i4W@y#Z3gE2Z;1Q!G|$Dw7Sdb^!<?$@96KmDSg#+i)Y
z8)(I&3GG{lKHPXjDv5zlrC%v#<{O=EcyU@uIYO!F-4Cu2&Olbn3<N>K?2<zp+rX2|
z5{V!1;Wa}bt})|a$(mINW{wr$jZ9%Zvq6;tsX7k_rhTCbo##asw?Y(y=~J!^5wWAP
z@&>TGnu{OW>%Iu8m&oFJTFG>B`yekpm!V~jB2+IP>!h65lS56MeOWpS$7bW>su1X)
zu<jKV8=aa=VDMhKr6Wz92=lyHb|*kMr_x>kIbXli+t<%QtEucYmA||);K!mA5BTC-
zpSU4yT<+_9f6o2emJkWNO)x9F>Q5bq3C#@UTtsP30L{7<iDs^%WgT}P$GoLPH_}>K
zR&q0m(IJ1~F1SOKm*!PmFB#kP3_#CZ+-+#!0h90O_StOL64XHy<|C|7MZFk2-tK^E
zx*hBXjb54bSmeP2<3q?wsVND)S0&YWnI7ViL75>_7#=8%xBZx4G&yB092}5l4U4hc
z(kv^~2}^2lohU(9!x3<8c@|gJx-TGJ1T~ZrW27o9X7lYr;Xt!JVbn$!0}UgBoT^Sy
z@@Qg{Ma$Mpj}6Vt^pQj3(TRLJ#i_N+rJw_49v4iB=OdMA;(2;HSG5xAdZ+25Bo8Pa
z_T%;m@T!6q(#Yu$L%9Hwc+LsuURs%WlPNV~C$~knP@#?lnLwZyh(m}?W7f?oRl4Xe
z8pyCu<d9T6@dl5M<$0ZL+?exnBjtvqB!$|Lvu)O*z|kVUabc=R>l_HGH?BEM82YH?
zo-yn$OJ=7~jK71r*Q27(+1Yc%tXJX9!!l@w6qyo3S8qHi%gWd1^15J0ooY6e`+?xv
zIu5gNfX-s5a^Pa;8Q6m-r2Y`AvFAyEiWWY?@lkgfl!iKIsA6ci<UukwUnZLCw0>3V
zoy=?_M1KC3<#jLsHNTT_+wf4b^XQXO5S!I;9ZIL2aDpd-acmCOtF1WG6R2<pGxh2g
zd?!>J{Glyx$tV8IU--*nOqjb}XEr>yC2Bo~*N^i}_K*Uj5x;kqo|Zz|$w`T1xP2`n
zW3`eE<1#@AAx~hgRU&MdUlX=N@It=Z8w$nh3eFvP6qx%Ex+hJ>vzM!FJl5u|45~m)
z%BXsI3DmW(f-gEB&&x=voaQ?@u!V+d&p28rO41u0ZxI0S%gi#lG0dZ6;@Xb1o?qf}
zxP9YcAc~5n8```QdZ~Wr08HW)5wP==9ylvHaOK;Vwn5`Zce&DZl_HgrugMyc&alQ1
zhi=g#nsVx45db`4$BkWS&N<48hD(8>7bbmw@~<*aZ<Gt)lv2;RGOQ+{^>7H)21G3)
zMgjMhwx^*8Y{;vH?0xp=VJMGcd8C-+iBqbMRUtEOzKD@XYjGJ<;`c`Rm|NaVl;8S2
zu_T>VUEo5gxEr{(#^N2Yskht?`Gib?W>6~&&v#tX2|@J2ZYhu$@vKj4D!?GZI(eiT
zwV+5*;_O~uwviAqHdyF;Jx*@jj92fhOVQ=JcX1!9ZGgE~Z1C%N+SpErvLz*ndGA^a
z5I7_@d||8Lj4pvL#aNz02&Fb{L6&pxK2gPc+y}F~8ZMQ4mnSU4o^zmb_$tT<!bbvh
zQrb)1^K}qq8jmx~MC0zm+Rkc5+XP!`mJC?TTXA0%glL~sV|i}`bkVjFv#LpEoVzWO
zJ7G}(-^2j&WVf7#rqy;fx*enyz4yE5N_E0|J8jqw_KtR;Gri+N;Zg4D#8soz4$8X4
zz;RfW&$4<k2;9t|bXXoUzUDp!m)HbGc!|$|yQ2(DpTv?URzPr|>PaDjNHNN`SELAK
z2QLpE3&YEkt!yx*!5s*-TzE9~VD8%SQ7|2glD4ft)j7;umIK0DrdJ1$EhZSu9<@M9
zTsx@EgEu_@hy$&Bd0M5nMYwRF@(yJDN~6yMAKTnPzQCtdGCTwb*!6Y;paeYe{bD%-
zcfz+<-P)kBnEakGjUZAamWX!sl&7ufG{2Jk<X`BE|Mm^jEY{}%@!Wb}`S1!tKYFmD
z0SnYD5U+43ED*Aq9anTW;VAUNpT%4UIOJ)py`mQ}*vPMT9dhxJqf#$c+G+YTR*NFY
z?0F7byo%4MBO=^@N67&5GLSEl45X((#a&Kdz_s6&m^=gM=Z5H2$aHUY5;xrE>S4CY
z*i(;(%QE-^lZ=b#{Ph+XT~uc^6rrk1-I&J-&<jH#E_CxG5M~mhi%lE1uw(?vH^*r3
zOq~R8WC5*R1_>Zp8PPMJsPJ0ni+lY{%J;l$O&(9Ray3Ei6{GbjYzLjbiCuf~=f@u^
z9jRxNtdt-Stix>2WRqt*9>n&8D{Z?}KegPl(#0T5<GUw24@F@$gd>hp@_OF}z+&rR
z#IqNI$)M>cHanBvQ85J1*W9{=OQ~zZdYIUD;=Ng{QNL6J6gR*F_trI+^_g{p2U-rZ
zokLU2klu7a`hX)SC^6oP<<a*9cO{wk>1~425Xn>H6M0zJf|sYk2^;!cqDT|5*8}pc
zG(1PCZ0c@)neCv#SbGW3t<`IECvghxQUakhwlQ1^LoY#KUh#V`NejBPG*;=}TenrY
zMp0TBe9p%&#?UetmXZQJEP3l)Fut(OyFT8w=hMn>jf}8Fl}^KJMu2uOohFE@Vay?c
z<7`5uN?Zm`jT7`1-a(<~ik9W3fjn|BTFz%&R$(aaRAa9nZ-k0&gS}FDO$wgC<D7HF
z3RX(RCBVz?z%GVGB%bUWel&AOZzA*Bt&Lw}ooC=Ct6{=hVZ}atYr3z|EPBEw8ALYA
z*FZ#c%jCJdxYoNyeZB_NNvUukpc-$4^T}DB-h$anHB)nydWSDejrZ=U)N_s@#ib}z
z=;^?x?h&r09xD;)B1Wuy;~`y1b;Vi9q4z@8LSR9;Qy{W@oCB*co+>U0+>?=|Jfy`7
z$1r#S$D$!G{cg^vF2V<H?8WQ%t}A;%U&H9Tz%|ATxe=z;76^Fi#6{+OFL=pLtJl5o
zzCZrx_re!hE|Iv5DH5-V9@4W6j!GlI>P9D;M@F*%QtI@=F|<j}R=VlP<La0h<uszp
zZq>vru#ovN0zJ+J#hp`nPhzQfA2mjuI}7|G1K63eg_=11%<lzu%D(26d!j~OGs9sr
zW$gizUe(Us_U?%J1rH2+2#2|;EGIxoyfZlJ1ShqZq`2cg)q99!Mn2x-QB5sj8wk`p
z3J9liX_ClW%W9Wmy|0FYz0}plIAcy4w)Nye*U_$GuO4W%AGz|}iTE?qdN}88cU_81
zo}zVD^9<dKQ;=TOz2`4p9_voJtp521@Dfymg&~_b3lC<?um&3+WOCqh(>1{4SZz+&
zMUHsxjsc+0vh7jqX5rz&qnRcQE@CtnWk68aJiy4|iOE-OKs5%nauX9B<$4Uv*~};k
z>u$M(`}*y@1KH<o=LP2TQnmHkD}3ME^c)<Z;P;fYH<ws_A3W}2ex&U&mWJ*rWYmZ{
z&-`7Y=7m>2Fvt#Vuw{wgZ9ic4m-K@D*)Apm5TwPqU|5KU9GmM&qTu5h=IffM!M%a4
z-ROxx0KD$f3|bDbc%_HR_PYigjf-9mAZT3QS1hlmF`dK5TM){J@DhMtfct_<8B+_A
zn5iDdqSXs~O0yj-?*txs%Ock~zza>tmzW_|6kXVU2@*B?q9SBi0-!{f+I#4Dy|PX8
z3CupHc!RghPuXLl=()mT&XXlZ93X_5!G7ZrtWS<YjZ-;OE~p6H@2wTzHYvMIJoc9t
zdd)4@agRxO0ePmfp5nB~!U<qh#+~n2A@D*VQ99JV8j5_&%}ts%RN&`<0&WwjNo($I
z2q{J7#_Z*I?%@xXbk*@amomlMuzg0616+OJCr=ZF;Kczq`I~uKA<WIAT^Y8drMU2z
zBsw#5dIkLPo4gvH>gpv4F$OK7#Wz(|=-TMhHBz35-mc@Spy7F>5oV-UmPgtzY|a(j
zz;k3&hyhR^i%HTU7^LjkkLL|+L+9fBZUO$;0&Xs+JBFfi=;gxm)>i3B%smq$!g4p-
zd1G?tb2bS|Hl(^lypGiGC(T<H@w$P;quP77C0YrA1be0wXcZ0dTrJpzEqB8eU=YTw
z2oTiG(}$>)pLv}=K0A{DXn5gTU{+A)Wen-WY^7Kcw=2)IWlPmzJNAM5LCrvmx<AG@
z3XM-}UOQq4ta!kh0wBB&)W=v3ZTwo(h02Pr6#7*X-m69_e@^@?)mhjq`d*J+TtIjG
z9{E5Ss5~iLM({0BvMQD_j4ojH7rFZoJ27k8AI5^fsD)A2lhi^5ERv~X|MMMy1f8}|
zF;x=6Mf3quSAYXKf@Do~3HJDACo-y1L8J3V(db-H&W??B4HJvhJIOc{2_35J#SjD%
zB@=?^4v$E;RwADB4Gb3FWX&gC?W3CP4jKlpt7bQKOs)H&T%Dkw6(pcAv!9Q(=p+`R
z+JiI=;U@QD4=mB!VJzC4)h3(adb3g8BuN>7!|fI(>-3EB&|WwxU@6Er%j{ZZ2X8S#
zJ&mfG6@X#!i}QT(-n{CZ>UP-#$=>ToOS2_i@^zX*v2E<4j%YHv_X>;DMc(TP_o*pe
z7pQq{xF8;hD%bQhRSFNMOd#J);|ogDHA7~NVq1doV9m2p--|*;2sA%cdIY18FwSqU
zTMAdSPscC4lw+pJS3LY>Wm{1%U}VCA)pHxKWbJvE$5ui#rW%Ho3a_2jxe9{!`8aKL
zA$Tu5dHehllE*0ctgP~k<=(>6ZJ>vz`HO|zSueH)ExSb(^Ky=gp@mR^Lv7~b4Rm>~
z+v?$i3#<aYkQKfR;-!IR3c|6@2$fueeByRUfYyi0T?T^&oPv8xHa8O(ZMOy&YJCRG
ztu%T^kA8@d`38p{vE>AfY;fQd9KeXb1`K3M-_ob%^l*{v9VF>%u?k<vQ-MnY8!kc>
zV6>Sj27hoKi_$I|kFSj-bKEMQOrw^iQ+HU9a&UFyZSfBOTo&}~CK>{t_t^yOa|s;o
z`kXLs9)vLAIq8WmAH+UU3N0n?*Q@cM<7iF%2GgOP>>Zur@?@?`^C7~#wN40?Y#ZWz
z+%V0Rzsf?LRBgO^;&M-TO!##PQ(~sD8qYHUv!i(m>Bqx#ZwepwE6cJ6N@|q|rV_54
z0qq?StdRDUaPVYe-c3ktVHCY7?9zsTs|=i{9w-#$HBS0E6DvzJIq!0ZIh5ugbbO?6
z%USjwqI<nXILvdz#CIrKTbAUWxe{+{kPS<TGcm0-=Kz-opxzjbd%oOx2+;lu593}x
z(*QjvahUdy1BaUwWBeWAuQqUCD6>yA=*9r)O{+ikf!l4+gf{N;oC29?5@EN(^x;9m
zx3O7yjEAUb7y~L}!DRyHT>B^=JuV)3$_gVwpzbMYk!Z=49&XpASZ9;zC2V!l*!#3Z
z(;kUU)nR3o@)1W(Z~bn!-TfJ4=$jiYP0Cs7y+Q6rLS4_qh2Wr7j)hpA%!ngcUoPfj
zbO7|1sj!zIh@RvGXv}AoP>?UkXRLwr-H>uwj}<K~L_MOq-t^r8CKC&(wT1&&#OGws
zU_fvLNJAVR0Dxp8x!<PtL~b14vtBsQUaxywi(?>4A|c$S7!T()(~i>FVJ}v&^lUez
z@go{L<xv2>BUESPcwppS%)TuA9-9<y;zKTg!)q1*kBq@HLuegSq3u)Qd&O=8<ZpO9
z$@fY?wV4D)ax{EVrqX?bWO+8CG^(G!YzLOILm<kT7sLF7H5Y>T@Ev<7gwD-9>og*;
zaBEI8khH8d;<8JG4v2d}!W;((qqqc?Ga-ZlhS|GQQ8B&qC}WYHD2{^Du;yMa*e=%K
zBU9P8g0EEtu%25M?Ls7QuD&I4a6!x4d<%l8(KmE=-s0j*6H3p+I@SeEvL#(#a1Z38
zgj7mD8SU;mjyIY7&ipA=bu#3fy?1W7&;SuWQ8(%iDyphIR?D~HL9IAF(nBw0nap<A
zi}Qwlm9G?0g(NgYy3>6uTKL%p{CgdoSxP244=hz<kTomAeFBVI5+&-*x}ab>Mj=`!
z-l>G0qUbu@40%UCH1#K_JkKU=5^;hTB4^B?)KeE6dx$!r0l03hhy2y?OL3nJJb@^(
zRB>)LPENYF3x_AlY|nxiQnK*M?52~W9>{@Jy4LSlSFu-oO(gB=EC-~U!UU!jm{3hU
zgHIQUS|w^pV!~IPagLi#;XN20@7c9FOh{rD;@xibJIXz&1JLMLw?u4R!I;HlP)daM
z=g*$|*`BzB=X2KM7>-b<Qh&_}O2vc{e0kOQ{B`iF^jEVdD0_Vf^XFb*$sBQL@llH>
z4#?}i%p}KGN+80`(GU9wJe2zqJ>QlX@$gnX+h;GlHwduvy_VAqhB#8nYuP#ogIZAZ
zZClYsX?#ToWRN8p^7L}HoVRG=afQbd9=7YjsVjz?P<FW-pR?9gN(EOv6b`^;CTl8L
z1&KB#V)00=eL`xF9~eWxTPBjmXCaEYGEcG8?qz3ZwCQ`@J*0p;WM0xXn$LU;U$t;7
zSy<=e>w*MW<;Z@?B>{jd<BLn?!td><wCV9}bAecZ#0*bzRIQqm#mVDxPI5SpxtfGn
zhz5I`h<TkiqAqF3+Yi^zwK#@4Y&9uWi;pr*C+29#`m&ptUM4yREgkP^#(5YjnZI}@
z5A0adixl6x!vQ)3*aMkE^`u&$gGTGFfTNdi)pGK*86oHu3a?|Th{cm7F+!EJeR0Ys
zwp89bKGcIivNJN9IyKqtu27>1E#bR|tQf=9h^4u?C4*3R?_#6~%8s&}gr}g<R1zVP
zWW&dlT<}0hadJV6h?l?=ky5F+-@OzC;|1(`Go;*w$0fdZl-QBoY|5#w4#{wx-G)J~
z>U;}nOoy+eCfhUXvenVJZBd?uHZhPzL3SGkiVxoMnQy;g+w}5ziS<&QDGYA-MMFU7
zdcmU=!Kt}{J=aN)XUA)F=1;vIM(LD2$-7MleedXeD~7bauODGsKi0F)Mi8HiVYYHY
z&4jCxQ47_hb!xN*%cKBGK()WoN4BBY<8R-rz4z4P-mXOiC)TlmQ}Y<fjt?V&bV>D`
z^kY1;%PyQ`O{pmAYL3l0bFChCyl0ppmuPeLPC*4DH{s4=BoUdc!guZPr8Iy(TXJE1
ztbrimFOcvyBWtM#tE=kB+PL$cnlDIQVF!nYZ33R?UGn7Bx-u)Gy0oI@Bha=qc)FbJ
zs1|V=Z}Qd-;~u<T-b#oeTzHB=fOV}ZWyAm}Y>5kS8D%*>&gWc@a}Uu4WsPSKu>##|
zaPh(>5~&~Hqiy<Kder1(PtuK-`CqNTG&%enk?JWgOc8YPT5cwGC<EkM+`=T@aTS8s
zoZ_!nIuVL(jijHFh92as+?as)s5=!uaSnLk>g@W^S5#{SOD9~?w4P4*c)SGeHk2OH
zW~3_ao`xwMEPUNycy;aX5V?)!m2g+ziV;8bAi=Z-1+UIThA859q(Xht&Cj)uMQ|uY
z?ios8Ljrf*B-zsx<TZOGyWY|_PLL){U8zDWXB4Xf11|MWVXK#V8^$|?az-#!+1%@4
zSO~2ROx$$mlU+ow24q%uC7i2guc;bmt<$PaaO4G<CSq*odM<_A0{X^{LF=QV6gI#I
z)JPSE3%l~bpSfymA`EP#RfyDLV^yr(sf+cCEiEu^P(1R%u&DR4eCQm({E>8=g{p%N
zbtwhBt2}O`Y|cbEK!C^KAcnOY>-rkIJh}kORryWfU}_U_JWh)V4MpvK7md%U9Jl<X
z_a*flK^43%wVAxW=y9?!O;E*hStnJl=^fa6Jai706QV}ENnI_7`e>+Q<9zwXaFJ}p
zv8(EZIn{~>P>>ZgOb~HA5;+HH={C>M+;!do*UWh5S7+oj=938(jiiKH6BL`Ayz<T*
z+&fWtBlXoIvLrDOd2||~pu6@`u2)w(c=qrS-_gR(se>87?9hSx(wLQ<2CTBKrM*s&
z+bYt><4R*im`mBWFQwkJ?jRTz+*{eNR^aftBKE$+Q@fSd5bmK9`1E<yxH~#(ch+N9
zs!~f8-8bPLdaqaSh9~WXi9=k^g{qpu=!#;C(DNdYao}j|o!xuJgZ5-H<vnDp%TOrl
zUQRv|M$;-DtiknAVSZFTwV3#%nGmI3Z~?K4CZ)e=m(kyqb1^f$5Vh`YE_5Ci_RW2F
znizDC9|cv?K1w)JyNBJRhOy;BEW;>Q9+pj${N8S0Mlf;5*rBN=Ga3%6AOQCBYYPg_
z?pE(DQI&a0=qx<15;bx`JpJK&-e|^8;hp0y+N)~_GFHB*G4k0BZq3cI%+=kOO1A!Y
zGk_V>6=;0Lhy%P6;|S&lD;3u=7eeo>DR+y}J0JN18yLFKwQSRcHsO2CnbztL^ll8&
zoH*cu9BF~`J$@Ae)W~Iy$qtYn<RQArV)^<iIQ3OAg9-6;PbofaA@XbNVbU{MG{A!_
z8_P)ti)B;1Zk}!<6e%vUXOOm~Df=QMjUva#OP*+gbAg%{B7=Fs@M{%IdIvG!N~56Z
z$u75}zE#!w5=pPJ=ANS9NWQ2;(?|6t)WYA5(qeQlGr(D@zjz9d`1Nu`u-)6~wR=FI
z)ph4jQKqs?nOeqa76eAE<CQ-x5e|+D4YsmDdAwjEE|F7KDcNy?QRw|LRUbh1MUpy)
zsyG4(0I*QJ$EZPwO5B?Io<O~z(`hw%Ba!eT3?0H@7uJ}bds5AHDuxixppt+C1p0<_
zRv>TH6%su<RJU3vRwi8}HMf1i8F*%L8MuorBbJ4C`KzjMS<L!wWIW3}>2MCqOe5_B
z%$Vxc6-%)5f$$<{-rf!uoi|?SF@Rc+o3j)%9|qQ2ZYt)}>fbf3LcA0e7J6`fIT%S@
zNSt*-tRBawDo5))2uZ(t>13qRA%`Y)*kDcVAd)G)uynnAjFQeHboUYxW!ief?0G@a
zH1dNQ(JI3%k6i>WsVM_(3yhI%wPv@8_PNxd_g+g7I|AQ($BjxUD4H)-HQ4v1PU0Jw
z?`H71EZ*z^3&XyPig*$5&Kt+ON`|Mfggspbc;T5Kr}$IgHMe^dL3M<P6_zdQ8PDlG
z5weGmP>8Z*UHpk6DU=Pqt=%)1qL+*}E~crIrkuW`<3z(DmclYZ%qH6CnGTDY!-E%1
zFeEX%XoySQegpVW<I1|Z_jx^~^M!bt8yH@;{(O3q&r&LwqUxPi_0e>YsO(eI#+KEs
zH$w^Mnn`bG-hc-lhB2E4S#Z6%Bn?H(2|J^*5Ctl}DGa}N^R^g^Q9zkQ_pz*xw_uCN
zv?pNzXA~Ufz}{t<xn?#^zQRxe+qm~SpD2_4-43d<WsT}GN<wJ((jUI2_6RvFQz~$g
zO>#y{;GV<kNF#U-$j5_u&qm+#CA7&bk9d7eM1qj6!SJS8OUA;LwaPT>7(nk~?Rz}u
zt&?C`-nuIErnBOyt(LJVz?#b@)I4@bu(2F`z<|+k02fe{Dj*RB#i%Nhi-qHtUA@l-
zCQDL(nPm$oI9qSU;tZ#-Hs96j!~ntRQz+iT(`$*jYN^4Z9j$1iv6AWc)(4-cR;vNN
zZbRhF(KjU9or9q%P2#ik#%aBaD%Iq5R7-dYUl4W%u?Zy0lUKtm@lzycNU#)`#qxFD
zn^eb!tK+wP&yjO;z%`AM%`K2`z^jccH9AFEvkjtRVNOc4{myBp_BB01PaJtpx%0eU
zo$%JB0!lyk_6-`b?h3ngG+Z3wr|=L*cH{|53FF!kcXvih3BheA3EPe?x<`U+B{ulO
z@ybA@dd`95R;*P$8#RRCyOVMQu95zPpW&;a;BkJ2hw*6N)-%`#gm6<$F7L>m(Hw-F
zVLra(Dp<UkR3|h@ii@Ras=i?DAy;vgG?;9nbgX`Er3vZ`^x)1dptKG{-jq8{c4-EI
z8$=^v9&su^Elhbx^;XBsgYGWW@%e0f#e4gJs2CZOixotOJA~DHJTgV=#B5RXsmMcq
zd=-A<FJfj&ykVtRwLLw4>EH3q6%qteS8OLq{cH#Lxi+Sk%^S(oy2sM*J?+)GraPN;
zckZD#9Z0taXC~SZ^PV(%+{<}MPs6e%T`(QpF`>OXufrjW+JHp4sTSpyn=1}su87zN
z2D)g;-ELUI6Nj@WJuH}$?phq~f()ZW`Y4lWTAbCmOERj(R4PViPRzps2jzSwNHUS?
zF0XnOoUAyY%I4lo>QN%U_PWrl4tV2lB+>$xM#+)WqZ}NP927*ok2oE27183>dEqVx
z;JKrDm!_i4v%L}S1`LDbWE@PNH`B|yQ<a=$9grg`FMOWq@k8|J^~Qd0@zHIrruU$w
zV(SAy`l}(}TF>f(45~p!fLsT#*S+unGgVaQwgngf*)ry8gRt&NAwqRDl;vn&37AXk
zbH`c~4Gw`ISFPU2eemiTMj<ELZ2Bce=R81}N6>2CHB`p#YlsdLYE{|Ssjhnm$Yr}j
z#;4}p{G4Ph+L1IaVz8We0^fOdB~R7~GbTmTnnp2KZG><dGuI_Q-@{5O%{PU(h$xt7
zPpiC>h=Ygo4U!%LB;#<bB65#v7jro@?R($}C4!|v)lwR-GW78h#=@?z9r+xFj<=v)
zjA4o&POvPzYZ4}1e2TQkDBfri5JWwiKC5OgTm#Y*9kn$93zcql<=_P9A-6DHiTWXR
zx}J3Eq}5XrVZo=+`Ggu|5Srqp=MzSYz`YHXN<FD^mfBcvAS^1*qg(+3Xoa#$rYo6;
zY>M(;+!#K7sssT?YnQ`4kPSN={jObI5H)=ShtXem$Gs>99JZddJ=;xv*M#1oJ9~x!
zNkW07`d-?--DN^HAJyKcc5{=OkqX)QiriaSspgJg>df=aP^`VdeCzjaoH(DN8qqG4
zTgJY4ogOH$>8LTC2!6hFTTeQk(e|rAq?N}zXYakRGI0Sx5=&7oXKt`5nLbg5w-TGB
zCu$NS&}?Qg69CT9!PAr3m?sGA5MCFOP_dKr=0FJYO^s_pN%Ss(6YWjKRO*mXT90&x
zaQHq3P?8s)4S_xv$bd$3_K2K1hTT=8pZGowB89FE`~h5z`)*U43$~G>SdN&o7vfOp
zTIum(?RsW;kLY@_>*91}Gzfz=UC5-5A2#Hf@6wJ_zO>keE-;7}x~r5q<$RvJ>uKGc
zuW{FTA5cPUIuHTpZ67d%t=ho(dd83nB56ZPcs>KiWg1j3$n`V~!4_hYSY86*l_zBu
zYEhH3qIxT004}cRtE9yVm**kXy#a^<oE!^sBZ_33`v%VgEw6-qJ11)rfdCP2J05Z~
zJ`T^PP~gfS97)tgukB&>8b1<BC$fYg^%!miKm}FvxeCI+T0)4aJ}o{Td?}_yGkjGK
zg6@g0buVzwB%i-TNH3WuCA;ug_(AwYg1*a+9@0)$f7a5a8+s<8!w0shH{*F;5*O>L
zh=+naG7V+PgxVSv?ebJXqITY<^v?4{T^<dVwhno*pfoFZNwbTss#6%KPvcUnVJyiJ
zcd&M|6kk|*#^n+56=#o~Pqd{AzV?haL43u#K<0#5Itz@F7nLo2Z=}n>q*hXg5e_M%
zszdAE9SJ*9vopPW{+7r1u4HE{=W*-8C|9i=3%Mu9$!ugJ-$ScmS6V!hea{mfguQ5=
z88UxSp7jd2;;L7rH?vq_vY<kPh)Cc%bHJ#XW!R{W1e*h~ZDgoy7(0fX!ATb?)m$IM
zl&){XO)xxMnz<?%cjz()Gs<`k#r^1+^=t19YkQ1z(r>ZbD7P8}>=}o&!DEREde|Ur
z))Ogns7fc-?k@w2X~%N1R=aRlg>PdOwHSH>p7gv5OppbEE)sENNr)FMPm}guN&Ay$
z6#aJTc}u%bnKa0h7TwnV5V&~OX*qm(9FhoKuV2NQaEd`)${M}$hHeBq*ts+91xxCC
z+1p&jyojyu)zo>c2;e9H66mm4C}q-#bu`_(p20HBUJ5euBTUVi92UVaD3nJvZ&@c&
zP@ynI`nVST5+&zg3Ph@kFl!>E;HufUcc|Rl?9p{q(L**liu-H{?{k&>+@yjS`riH!
zh*oi7IMOu0K6K~Mr6x2s_d?Pe3I-ZY6P8yA`h=VZ+@Bl+2qtByzv-a7is#QTFpwUi
z!Lz8;<D7QX+pdC(X4W#7Iw7!7XIybNFMBOMZ>u1zmre0zvleBR?qSST9vV~6*7FdF
zHg|lOYVj81xu_~W({}6)QJ=)f)F3IgyD>|CZ3%1Q{cJQyI3VueY8YkDx8hm#a9kj(
z7e^R3*tBD0joJ&Df(3EoJAX5i<spwbYhVo#i{@g*$8=nB!V$EdQizk*0uMh?6bVs~
z<>D$QuJ@Yrwq&ge2IB(aucn}`=*LB_u8+s>=CQv^&Wt92;&<yd5(rk=%C0Jk&q0W(
zu&a2AOmVntQ{J<c1p|<h;`Mfb=YTP@ZTdng!*QNEJt5NY4ljp!_|i%dA)#h%M>a_P
zQbo$Ao7$8F;SQdFPGhH=Mm?hg8`wu;u2<ON1S;mM02>f5)0x!|Flmm&R}DfUREsex
zWw;ddb%Z(5f;~eMmDY=5Gh1{`sL?Sxm8#dBwoVFoB&v1^=t|&c;jV~jTFrx~SudDJ
zEzHTU<@(TaE+Zx+P5|E(32M^3X%GS5X!0z%STKWuDZ0AodF@#NM<T^48D+#1&?Jky
z=UDzC!*IsAc@$v*c3iy8i>?*fy0nl~b1qwMdoohbydLI0snw^^Z=C{GkHX4s>Pgi|
z9Mml;vi7}{G@-D&kpWVdez6lTIOpcIwIk=cZmH0qP+4v`)FZ#QsOSFLTIW=aHgQuI
zycGpxRa_{s7IC)Ab^N)4#iFgzo?kvMjcp8Sr~oBGft2Pa&izoLPZ2%vIe4hNTxEGf
ze5^d788y&1d)C-7LBqN(JjxtSHFdC3YyEuZSR>~(Y~>2aBdQ}q3E1bksEL;~$&sUV
zUP$OS0Y*&%WLXc*t>T^w1&SiRbV{Egt0C%3!>E@9^N_+4W+N{Ellg(zJnm^kV;dFI
zG6fnNofB^gN{wRS*e(?G1o~_W{JB&%wr)&`+p7%DXp>4;?FZA+*aZ#e8&7e<**QdK
zWH1>{(K)a7O?I3qkPmil_tj}&L~Ab<Hw5K79!k+$$@db##E!>iSLO<Y_#tLkE~t94
zg<*x5>eA^9d%qKN#tS^)1jvz1gQH=KBqf-Z9`nttm#+ZPFv`|^FlNqRg6Ua!o|&L+
zwa5#)9>8k_7#~)xSW8Qny7w-+g)ug2+<4|jAskU)CeO!iE0dq`fg7bL`8;$0c!*0U
zD)Llvco?h+RvLH?Es1DtcH5#Q3lVi(j4rSTbg{dwcjVdAYgfDB*xp*Lb8uSEKi>-Z
zdQuE9gnc#D$D?O!E>y%Ov$H8$_FNuKC(@&b14KG7c1plB2GvB;Rk-5;G`?DEQdG|b
zI0D%42JpC5boI2%La|L=n!^O%!jtez8aahBqk0_ZQ~q?Qhs>`Si|C~e9!Uo#S9mE`
zzO6@dDbuppEtSY>M{Xn98_wpnyMf>~*@;WHkkk3x{dJ^0jmQqqoRa1OH^bOUGbzX_
zELh1dK8u4hnJ!vel1`!qEmVqa><o__JUpakaaewnrbQ+GSV|FGL|!^sCCm%qg4*l!
z7hEwIKs4{oX_zBBJ?=qm<3KPGG;k!vjXb|)YSlDxz(<?!f#tnt#2({&3)qq?78&#+
z%9%-Z@Hud~n>-(bq2$edt+EiOb#8|EBB+^$16Z`TiSE1=3fhJQEjfmqsEdlSwDye8
ztrs7kIWnTy0EZu`buiLfRM6pG%=Iy6>x(OT<B1r66x8?hDok$faVGR4lnXAR?ix}Q
z=)66IZp=zOQ{1J)<>IhO#Or+P%;__jiWE~)?_A$ApU3XKwggU$!CKk0oOvBc-K;CA
zEa;Dtk{_Bb=+tm*%(F<1)dL5|Q;0GGYw3A`%(4iBa7PufFly8oT@xpFt(~knAy32J
zQ%_?{OFDX)vyRDcIfgd6cit&?5;q|Ay?mg}uzgRR-$SeQp>TLVna^--gD6nAp!vHk
ze6E+p^1|@Cb32TmOw)Gk0aH}(w3f0N#U`q|c<ORwBN(oM9_O!goyhBL#yTp3s08ZN
z0oq=!+W~lQW`|L&-T@S7*JW$&J|hRgdMkGb#TPqX1Lc#!4_^CwCQ`5S<<1<GaJ7%>
zBYa*mB$Wkk(CV>x#+Va=1L#SW&6<=nRJw36z40msTm#&QX}--IiE3;^B$ije^WNsu
zC;H;bf!bbE8IE|0R*f1K`t9Q#+BZLU$VT5y;qcWX7X|^~qIydTj_G&cJvvn2=WAsf
zkd%cxmW+i1NG?Q8=XEEVcB>W|Ow{WyGKLlW;QiGYXtuEwlfo>8@9_0rgI{dxA=Wyq
zos?N~_mKv%K(A}Zh;52@J<g&CNyT{aWM-Y~Mv45TJN8bUx^$AJr;(8m(d*H*D$mzu
zg5^fIgE~kMis<mne9o*j0c0^jGArzqKo%NX>%BN1f2`@;nmVp~TWF={?fW1UCa3bv
zOu53b4jFpe18b2|$vp(83SS00(bD%4Rm_FFoDfO)QuCg39_&7?<k08Om4o-OZ77b8
zO7|R%3=w7vpC+9)Z<bP7i7Y7wB`wjb0(l~y+D}=Z$USwP!Fh(nplWvLZ-e`sXdo|x
zQ5~g`E6Yw=ikJDGGP5o?D?fu(NPepFie@NQL6i&$p9aGm=VB<D8Jp>WIiIa(D?s)6
zlUSevg9diEXEZk&bJ6c@&tqpb2RCqQn;hjug?g0mj2?R4p{k!G6ub_Ge$MnFf=^g)
zH+bI;TzNK00MJ16Lj(uCD^dO-+NMX|eoj6Gx&0!=UIx76Xy`bz0|BmR@7hj(rSsDA
zi1p#waz$(u(=Gw_BxK`VS!5I66Vx%)f-_v)+w;|~ecr_5TK=B<=)9(j8qEtXPtnqn
z9(j2T{_M6}*zqC{Zwb|fnj9C@4?HlyOZ+)Yi6?h4Y9t(G7WLB`bS{*B%K*O57oeeZ
zibTt!xu3oDM?U!08Ae4xnmHHH3f#0yvKF&>q7yk^eKrQs&%FXK>g+TUSpZe$y+`u~
zJm@K4%_yJPyG*Py0u1!NMJ-$e6r5Z)nS_SX*Ao3^K%lub-53xH(3vo=S?OiLbM%Kr
zlayY`)S=5~;L6#|i=Y?$5J7N_+pLiS>trhA#cGIJohD+R#-pmrdG9<}>%@^8RL2GN
zy}=ZGf&ee-am0(dVJa7ILMLm#134Us!U9v7Hcxy~(#dm`;DFURbBQKOuf3FQv#*$$
z%O#o5o(Cw{fR2DApTBr2Ztkjay2rC6KHx3T2_`zSbR2_eIrbI~>dh-T2*^GqDs=Of
z!1tEZ*%t)mNzkTa>(%|$8m0-Jx8h4Ve_Hd#lHIYSUfn&QH)%8^Z?S}+I!91x(NSGg
zX&6YTcEf4w5pt%%%t3~<48p_NFh^1?TnMA<Ftgz_M&(KMlwol>OJC#Xx8&n_V)j7G
zm%2_}U;E>S-P|5NlL8&QHykAV=sKUKK41&DI=;Q!U9xDv^3wFdCX;<#yk3Vk?hx><
z^2q8^C28N3FS)pR28YP$HS&QZT#|@JaJeE?S#ogkjMwYK>R7Jx_lE20+`M^SP5ZUM
zkdBq@<U!ujg}!NZ=XS$JHaV`KXI|mNVXzF7kP_yw&e?*`GjT6j8%v;H0ZXj}JZnv8
zkHvX?#CrIYEO;Hk%DU3n-4E)x0;I2^-xIWBqsm4l35T$-qigqfS2NZ-8-jiwSb=D>
zGSfP5DK15~6zxbhwy;#smUTzCark9}vEe*vvGTT8t$w0NJHS+Tvg-Oc`O0x=4<_jD
za1oc^jZS1dQS+gj0bWp0oP3ow%P1AEC4CB2ULW`@y6Q>4d9U_SzVe~6suvr^(z@<#
zPDcd&)Gk<@yrO~xW)0U9dE42lcAE;5U3(SnVeb(Z=SzL^n%Y22;__19=TK=@(<_!E
z-!*$Wrzeql&qu-?g^i5+B9HpouW>u)9J7q}c~<w3<6MXySyXnTh34P|jK+f$r>F|q
z;B<9L!Bpdy8(7*%4Zg@K`PmwjKR+e4qx5s$T{v>zUb5~Tp#)TTNLFCc0QStQWpK4+
zV|B3YiP6ih8gamE4i_#e(HLf<dG8pi%H1hMiKU<F^b@Bs)X)q|UJMai#uc7jc1mQT
z0FaB9H`JUquE>LsVHtA?cGeTDmn@_Y^vw*#lwa)QDTT>=q|OImv`HCEy1jKN^x{hG
zC>p&hlk#+j>zIC=JH2eQ093whVX=&^v^KR)i5E1%on_2^0$YzaGG00W85{OW*wcfE
zcGua&EbdAkkCSW5r6cSfvQxzEWF;*c@M)swv_Xw~MW=bwe$#IVjTHC<o-}JYhRvVv
zhQRF-d{0Q00_|y^A6vYd0!ZF`bnN|(xN9CgUuE#yxzx2Z0fsmX14aOBObAekbGPUs
z4WwdCSX*8TygJdKo2T2(DZ)x+ZfeAv!Q5-aN{UAc&kI#meYI?}pae0Bd08Cq<s%0H
z@9}!(k^Sr<Xe-RDVi6k-Bj2PPm(K&v=2`W6O+Bg-_ukbK6x-ryK`-bwgue4NM!Fv7
zeUs1C`VRb@GSQk}W7OQMh9Rb#WH+AKejcLySaJ}P)W(ukgJf`{c3ag7C?+AC>RAag
zzG4OJY_tUGYIVFIo4wqbg45KvxqgvlPuO5x6X2XSr-K1Kbtx&<?!~(Y6T<BjPZ!1W
zDPQ4>JBnqx2MrZcBZj<XDNj-g2kX_-bftYV2!rP-d9^#+EtoE1#AG-bcjbGniqcF4
zFU69^l!|p^f)~OjZ)GfLPl#rYW^x+O-{zE&AgmeK6V}He1%y^!9XKUn>W_p^7qVfa
za7A~3P`5+T(O#jxu6HjU3b6*MH;5J{0gKw!+EY8%SBWhBs-D{AYrqxJQMzh>j$N-k
zqjmyp*s&qrA(z2m&BM%Oyfk^e53ePRA=&CA9L^K=(PpP7yNgl244eW>l79RiblIdW
zT-l&7_Pf{5EcDH?D5Q@#FXBdPVg=d-SU)~O>@g2uHpGbQdoYX+=e|}m4KE18m^r5~
z)aQH8V4ut9r5FK0@u``3HnDFASyX&iPa-Jk+5(PG!6$l(IU#VQg3Em!FPm>pnuD1R
zUj<@|xGQTYg$Sa@=A9C|A0}IrO(7<V!eaPLclQaP1jJ*KJ3H+1!9ijj2y;^gx6#Tb
zF(54n*vs|amLn=X!j{Nh%(mxxQtr<>HIYiMPUP_nh{7I7r#S-8tKc_NL~xti9+|Ql
zlmO>MNm-F}tMCNIWUUtUj)Zht`MHq*4d5{yx@YY`>PG6x4Gi|$h>3LErD{PQ6hV!H
z9{7Tys0NH<wj-K(=bLP5;;2vn0<`Omw*t1WLSFVogmO9CU+qCSU%z9#OH8B((cL&&
z7AT9PUHG11QpmgaMg@r&Q_7zJNZPeK^YThHgjKYR?{l9iNs;3hAdA?~p?nXgRk6$@
z-qhul79}S+yvRB+1KmN4x319JcrwvK<S!H~f$rtPfEWVw%q@G3^C?V$zRU-Rd!Cv(
zFWAP<btyH;m&7w-j5flTk$u|Dg2kC37)hq67PP_z+<^B5U=EEBbxvVWV4m~SY3}iu
zFi@C_vtF?0JJQIaeS7GxG+FDM;7L^X5N^pHhccjI9E$F2JVXr>)%w+}3Sl@~%x!p-
z1H1SYk44LYlCoU(4ExS0ggtA!Ya-pJ;#MzA;^<9kU-0ATOM!|-KWyz`njzW*PEJdE
z*}X<@c_rAdyTiqH>xeo`G0XGL-g6x`$j2mX0@Z6f?VhYBoTYrCRGY4k-OpLoP~ffX
z1G(3&NJtwpAmW0_!x@Pzb3${K&O<if971P{l=qsKz!j1$P_)>4RI;dcg~2ijpqD`Q
zEo(oS<`N)~Mnt!5$L*BbSF{0%1|x4(p9LEm5J6GuPNg>t>=Tk&7G<>6O}GiK6Ham9
z%+k6t@*+wZz{>jt*q#%fESMxLmnp|Sc!Nfv;kZ}sk8GqcUwWqzQdC&XRo^tr_8Y7l
zz(H{2Ba+rSh)_D<Koji?1)CSfO?;C&bGmMTZ(F*k++Pi(z<jm`|6D_l{|FB~F<q7I
z1QfX!a?qDO{_bf;AmWag`Wy|S4k6(_dSaD)!aEyehaN{^^D^vmcq8GY7{|wB#%>8v
z)FPV7O6#IStP(~|-$}n}K?-B5DtRhY92C%Z*ltTbN6i&7p1BKA?N^uT{#I$|nY%aw
z2i7$L9*(y@-8Zna{yYby2`t|nUydmYg~e9HQRL<J&S2{+pQnA#oP`ss)Y2H+EL%(K
zUC8kPmGWdY3O`qTn;a%E$Fv)OfQKlVkyUZ0{D@~ZCaVe%gcobHxO&>+K{7WzfN|?I
zZ_pqfc=U42-Ilcj)|&?bvL|+jaR1ypD5s5KrLUUV%a$zYeTsUBY>#ngw-OW0)`g;A
z_8|IY!~_DxnDx6j7Xi;To<*a3;ypvvyw_f2b>y(9RPYj<j0R9;0+1l0d>hEv0rTP)
z1G-5Tgob!*Iitz~Qp=B7qt|>+!qPn8IbQ8n?^@h!@GdbV)teiIqIZm>Dc3KoxOim=
zJznQk*0yq;yi<7m_)z`2RL#lP;+PACbi++9wj-RBy`uFRb5zL2ZYXm=naC#6WiRZ#
zqGD$PT7dJQSagr5ORb=OnO-0ln?o`Ov_Ng^P0FRV4VJ~0HX#9Ws?e=Ql%3>+lDoq1
z%0l3PfXzAY%${-i&*M~!BT6_?iG2EYktox&rrmLid}JS+GZl3^-T||fdU&icFS<GS
zSRMdkJ}T7<5I{v#A3b7CX)8kV=j9LAa10gn2$NwvBlnn!kX6*9tT)uAY2}@39EkH`
z%(PN~dSmw3YK3dR!NVmk%m6#v;g#~YWd$j%$pXGGO;}5fRU)8ORACcFSYopk!}DUq
z%WQ77UE}2H##ki4sbsI82CY#>g<@%{#*P7WGv009GdTBWZ=@!DN@u8FbsdhscU;jm
zuNWT-P&`EQ7Qenrhb|7iae*hKkI&u!&^4zTiL>{TFuGE`7E#SWar0HESKPQ~2gnEa
zh*>Gz1M~SieWKpZF-J+@YqGh|cKo|Rd@iJ4BAp9(G4!K0=Acr2^q$G|EeATc`PoB@
zdk?uRR^Kx%&sKjYDR?N4YmB0R3ix+Wk*@Le>nPdAO|4o@7+B+ng1%bGGDr+hF6K=y
zq*qxT@`H?1v4!HzID##LHrEtK$HXPb&_g9ZH}b?+bCz6OkFGt_K)9RTG1o3J@=~R>
z-!9h6*@r=SOdy<|fmptcPU<SdI`IzIT9(QjUk9att~__WH*A1a@rF_za}c7PC4j43
zG0*crSxfgt)bmng5S+)S&LsL0?%6g#*Be*4mNC}maGRx60Ye0Ee@Pi_Np*`$GYW5F
zlX%)%Zb0kL7SV3q#<ylxG#&XK+dKE?Z*F^unA5@Tf+}mv>cH>WW=%Yh+IWO7^(DJt
z^|Z1#Z9S|J2xm^wvhn~kT3}eUd6W#{d(}O#qeD`Z6}vZ3DqCeb!Z2{#+hmp<jxTck
z)PQ8RE!Wfq7T6$M#D?~4;$c*yJY_5#%4d4?mJ^R|4pDte0<hj9CNM&~=$qy`yn<8I
zzRjWn*XK-NeV7O%sE^&4<4u9QXKoFm+{ggcqCI8(DD{#Z;9%7SMUSfVrM^--9fmA1
z?uBjP<dpY9yk4@C>MlHA8JAVNSIHEcsD|T_;I9}oMLoenT67PX+%Zc{RY-hir^0f8
zOY*^UAKQc3<lstWIlpCF$E0q~Xmytzht|`1Rt4*r3SvTl4cl+y?!g)48f&>`zP)-7
zhwpNvliG=!uIF(c&Zexwa(YkDTB*DTXoT@>;cYkNh%)61qTx|hW;cmYY#o2lT`Z%j
zr6wH&*~G4e03|7yrV>YNPa5rA+#FCL117v3sb<-O@U@7wd`+=MO2gotkvi1qE&B9c
zJ@eIf-iB=e;$gb(FrIMq7LE=(7vOk7ZxqyCAB1|+zLp6~3zevLJk=Ms8in4vJb158
zo;Y&yD7xLdsIfDFDBALf)E#yqZB;1)O(8v4+2!}9>y@<Cbp)6{rZV5@3;`NFd!kxd
znzwoSwj+TcZBIU1M0~EM(G_=kSuZ6AZSj7$y5Kz9;&5RDspc+o>yInuvN0D-jj1=5
z)C8$h@N`a+Me?BKMzbzBdlTX1dj|c4*(J?cubl5?TT=j+6kQ#W0Z^|X;d@oK*t`ND
zRyVlJQ}4C)RA^+xl5?T+2_$lXdg8SJ#6(f})CSQDF-lXi%m&I@zqha09;4mU;UNJT
z)G{$U7SfIhPBKWETNW75Nk6>|QMX7)k-m*sW7-svO*X518^zo`0^ZMr=_z7f(26{k
zX+klJq7lT{N{%)hj*8oNC>oc<E1hrOqX8x+N-sz8dE2V#07zka5AWt4$U#TTpG`vX
z1>745>`Nj*w!(I4iNn#diF2EJ>4D(Rxid7ydnz?%hXaA*&jf%B-y^!0t>{QPY}336
z49q}xxA>wR_4T>2!h@m}tD-ax6_hw;=Y7e|xOUD_w{A4`ift=!xntF)A+q4g{boJG
zQ7Usf5$Sn_%>gHztcbx(yAAs4zV}|tu;UPP87rHkQV+6nP)sjg1!$?TjI)jh_69!j
zicO$6a@?L4u`bit_QuQ1LHHfC98AH8MQZltBhyY6U%zYKXO^A9{$4-a0Cm-k*|yEi
zGtLEjFUBC}F_{;bb_!$f@eIPLUr{vL!2=L7pt5os7duvB<hri7N+zq_gNg@p5N)Yd
zPn2NK`E|JJ64MsdgMHA<WQ{9oc=Q5JFOI3q9!OV&1`$7zD@zkx0@W*T4jKgm;Am4X
zA$`i^KtrgHrcYp}spE+y=j$YBXV#ua)FtCP=QI!9kcq|QfM~odwX8Dv^pW<OSdP#u
zufgIpYnjls-HWBrS3reeXJ_2;7$=m+U^1;^al5*oa6H)s!=NK-l+k!Ai@$pDrI&FR
zb-Pul9U?uemnHK~-tI<KEO(-o%>gazW*jn3PsWR)u?}T1PFTc!0%D*I8@KP(l2Y2L
zc#PFBk!kls)`K*1e7G@>wE`z`x3u0q-jrN)c%e%eC3mIghU_~&T-k(c3a(fjNBsGY
z2>4u5gAd%zzSQMC6$Rf^qh){4NWpIm-Ma6<kAtzV@vX4jt7yxS-KwPmRHkCr&U2Bb
zws+!<%lls7q%V!W30;&M=a82xO%DUH0CE%rdMxuMv!mctU#?~ri(m|#yucJj0~@x0
z$7?S&$3b$RghOZ^m><4)50K-H>YFh<f3DF<Rw>|R8@P^(<c)?p{jzT#I2RG%0{1z9
zD%x%zmNKw$%CPj!#__zppwR)53J4Fv;PG@qpVD!Hm(HX(1TcndZ;ajVF&U$ldT8Ub
zVUeSUVA$E!t_zHk<(}LAOL$p%9^-;kv0^ePOC6dj;QhidEB9BMc(MIt9tJ&ez8ZUJ
zD1g#?AQdbrc|(H`YqU?arWVd#&#7vr72ulHylQBMh`>Xn2*uNyF{7Nd&9FQu_jEVG
zfMR*7d{@fXeA%xN!Sgi{9lb&-Q+&Z#_>4K&u#%l^GdWRfOCS{PPUfm;O*Ed@^Nc4D
z)hibODX|(?@IVq{S>Z0%eT>t{+UeTxdAU!4?Gzf-3sIdRI#?GvL&=MI{SLrmV=ImB
z6!bl@*+^qPg2l<Fc4VztdL2U#Q$f=rmGB$|%--PK2)Viw>`FEHkn4`I*5>))BYeU>
z2Ps+w3%F9h;$jEjrnd#I1?q}gwEOV5bYXU<z9z&qLci55%DSP-sd|WPXm&{N1`#Wp
z-QkdkcL48^#PU|)Y?&x^ML&S3r=}5}m*pcvT(>r4wRSJXG9I;ultRX(u>iA?gR{lG
zM>i2D<vY-b3cL<1*1zx?pfpA*{47{zzXq>D7eQOiv6=TES>*!wC9wHo7uN>5pqm2U
zgG6;`wRs6sSlQhm!+@FT*Qyif0Uld6Q&|aenLgw1QkZX6JuO~79TzsCBf7-*-fKmn
zvqRr84`)w&j|>dQWn`Z=UsGV86j!{!^CiJIT&hq=0Tz%YFi2(ZIter0d4!J`Xv4F9
zZlg-q1hr3yd|Xy)04xpd)qt*al`SLa%Vp<R_fFERnHTfv4K4P=&o+VdxsNcXtTIZe
zeJ{wwYJui0ORX+J#OMLQ08@JkzZ2Netp<^_!}khie53lY%hR3CTw0`U^mTtWXNmRN
zZJTujniyx-32wv{!$fF)71$IwW=XJoerW3XVyWm3WM+2G1P^CVk%pGX5hn8`bO*4Y
zUL?OfRd^`R1<g|^R`5J?k<r21t7WVdI-9gAoU_pb2KecoIWTDp+Xkl<_yK0uHRp4Z
z%>_Oo$N<!%E3Xq&*+H_W*M|EvIntgY+l$S7+x{3d3X9?J2{hHqa+d~bWvDn)*B!YC
zAzQ}29t*wYCeaSGhptVesBuSPA-px|*syXDe>IAzt~?`fIo_3`qGu-rVb<2SZVoj{
z1zCx&QE^~x3!Y|?Z4@|z)d*k_J2g2(*ycuaiQ$g!i^Mm^V~I;7-gQs>75UopE95LH
zh1J7F_mDTC8BcM@sa$57_}yw-w=!1}yn5tU%?seZ4CJpgm5>Nj5;0ME1~);D35$0W
zj(Izr^yvY~%jMP0N3fIh1m|XfTn2YsAq6#J4Jbh{3i=@iD^*9=o9$6mHmA3XFQ#ta
zE|R34aqgS|Gd+JE3kA<z!*6_S+-U%zG5DCxM<@LnLxdvPBpxkap?Tj!&+#K>vZ@Mb
zDDa#tvRX;@4hPPjSkc8Us@tNc&ppssoWYw}TT2e-)re%n>0u6N7Gto&2}z0av|6=R
zQQv^~lpvtu874(;hqT(GM-olQ-7gq$+24lKu8L{eA*dI)KlVUPX|};<PETi!P3*mU
z!HZ0&L)nPLVibY^TL#Z@^^u#d0n8H#d%?WpkQJEy;%H)y_dRbQa1xLP@|`(XTZQbs
ztCV1e)sR=Yi6AOe**X-nXAnxIRq^&sFmamA!+Ah(Rj>BhT7aZJg~n3iM|PvW1EepK
zO86>oCLH+sMj^MUfVqP(&5EQ99`&gUo1DNKfQj@ed#_6orLl6bovpE|<}s}j8;s6b
z6Cy@FL5rN%cIrLET7K^Ym-NYGv%-|W>z0NY;7BU_Y!vjlxR&d6gvci@2Fnos7SVZy
z(ch~I2wZYF67MTyer^Ra7_j`X3!^gC$X+G1c-96!@I_~y9;m10mC1DP$<ZYUsU;9Y
zy*BieV5(PdUtNZ$NRuS8>iSqJJR|C&s)Lu8!ab&u5%&=6$*v^G<WdvO3#$pyCnw(Q
zsdfR2WiRu3-Z>%K0jjE)Ki5D2DfCIb$2htH*Vt1}s2*G{%RF`pUI8q9Bs7a`3`gaX
zD-<!a{m^LEO9v_mBMFjTl`O&?Kb{v;@5J8&**Ix<G2x=I&#X++Aj_W(&XGoWa*66O
zR0WopvB=HqC)$C030jfXOWgL*5{>4sR^jqAwMpV}GT((YB*X&g7E(n!cKZ`^iAsA~
z6jhI+(5Yn7@5ahS2%sxQ`IhxPv?hEJwl#;2Q1@&BM)XW9@R_t+I!|9d+s4o;nt83-
zIPbyZZ1!rq%|p2`ps_(*Hl%E~c)SG4<ZpmWv}Wq+m1w`7)hHW#ilG(LqV)3NquTfK
zkn*|a1K`~YA7-~wWMQk6*vTp=f2Ex-QbOc{<esDuL_?3LJq;6lNU5oB;MfU=nHss9
z^cvY#U$TlCi|XqMEkIB{h0Em1a1t+whVb`*m63=rC6?X@sa}pZsCNg)pph$WKiHbt
zBwXy9(UM!v6V=2R7{=>(<ePyqUSVB00k4`N8T_3_7{36KVonWV0eI035D)uabzG}e
zGg^8k859*KBUCRZ;X|Qk92sIm@f!JgMm&BLj2U-K2=!h{pBM9EkymJa>lzgds?iyT
zUPxZ~gk9voQ-iK`=+(g`(!}u`q!=#qFcGc;dNVnR#OfVw0d;3vTKU_@*=Zxf{oa9e
z<!*Bf2x=kBf>zH?Lku)$I6{Gil~UiO$u-QY84G=6Rd^}WC9L{jqY7ATfOx}cbSxgc
zKu~RQa;?o)veE5?C_bI*Zo^*jD4fLgfLv%v=#z&NjYIE2wZE`~IAXsDj0kz8S3$@Y
z68%<NG<H<!G}Mnb_LxeWu0nV$CW#R3*;}&jR`I#QRx~;c!_>v)RW!(}oRE>*j;PZp
z;!@*kv>9_iRFoB<Sv}EmElk6C$B!M{2tC`%2I2ulyjn6^P6-V4+(S<!rBM|{7zBge
zz;2&>x_Hi*8fmFcEe`8XgK-EaAoArk9#rUC?365ww@93r^5(F`jSW`Z@k)4dv0$9x
zp#5U7fLmEA5g6OXr;Z37q|(bo(dYFhBB>eR&h#D$fkmGCP(8aRyQ+=(t4os4o9CX*
z0u?rLa2CtLXd+LvUSW!c7SOvFS(YV7KF0(UPpiXTyoy&HC|xMAi8YpxjNHX#iP<kt
z{RGD1prh>}uL+zD&}E9(<zLOh2=JQn)CNLQ_Mwr+n!trhd2K($ogDN@;wM9H)BvK2
zc5vP8AVPp}5xP>3!MPyr;XQE!c1>@2Lj+?35O+;2ex%uql?$@Pt~;FQYkY(Kus4-q
zeb~mmWdyXvF!F6C8)^<;1!xMm<PEDB92KyW@^H-);gc*#C&N*ps8~AG$0co^m8DhL
z#|N0a?>)1N#Ve$10)8?Jd82dzOP%&=gcQi7PP(G_0p&xgTK0aWo;<1ROl9L%uNEqu
zI?6&`m%g&Kb*0d97qQx<?GV#s^%2oBJ2$E`^4kZ3%ke1OfnwYr0l1ezdtsEsHN2yH
zRQLFpj5T#bjhb-N1>BN#q;lE$SRqgO{FJH{Wi4_}Z7(AjXG`jdr}%r_%NaBYN6%6~
zM;?qaKT(gxDT}kbNf7L7P<de;FJ8TL8=Z{?7oytAJ*@YJHq%&Ba_w?R?NEJtaf)k>
z<s|}KKI1nrov#KOV8-CRT-*|SRTiy%@~WQWgFLcmNI1vv7Gz18%SZKy40TTtrGDD?
z3h$o1Rc~%89Oy@w@Jiciur_?IOQ6B$2tX$1N%I2$p7qt1hflrao~^vOH_x;)&xI*m
z#l&8%!E+F5LXGMGdyKsW6eQ0jfA`1$C$GCl=T*atYL2s&&Z$zrkwx+7!wTzYeG17l
zt89GtqC&grxHbF%Oi_-gdNszed^U@xpYIA)-=2uMT0&_?^cS8T9h--V{N818_sk1*
zP&T1blFeYYhi5YENjAVXYQlENGjNwFaw$u{{J@~%xNKhY5m1z&b)aun%mWsF6i`!X
zC|>G7&``+>7S$mo)o=~W89^0X+&!;GbzrkfrYb9dM`-~}sCi!j1diFOK5pdVXEyov
z?wq)=i!K4{(crRnK&+DP(BuZeaog0EKB+e0%dYX^sI7cQudx}s>v~`p8j)ASo}EZo
zLmiGw9JHw|IsoPRzGzZXyql#Um^V;)umOtCHMDP~Y#)^Z9LwCx%op+KUfNtpDO|cC
zC6VEE-V4NDD?u#$t6j7eY$705Ee+zFKY0V1nj>gB*>B&27p;V;PZp7Q=ZHyi+$%+B
zv=koazLcwJd$Rl-K{-h3M!RI+n!F)vOS9v;dGnqMvEm6sbW$`ZWJln=&VZz-I5h!E
zA-0gi2g(m_Efo1d@xzTS`-xbK+i!4`8Fo{dL+?SpWJaT+7B!fp<Jn|7^LK*JJ5*Dd
z*qt6ur$96^m&C$xGBgG@JXuaw&MG~wSh&a@*Rq-fcA@7fS`?4lGP~HB+;#z9vo8CU
zvah|IvGwiLqV(&>o6uXV1^pCK0k|GByj;0?ENNaM`nZUxYr#^l@LiS>?uBW+#dEsj
zDbREM9p<sW@WW|;*anJz_1q2$-#Ax$D(D)GmP-UCkD=hwL~+T2&4afz`eG=F-#*mR
ze&kz#C)7fGX=7^oc2*8<Tb+39?X9p1n}tubc@de)YV5)pl{{}pEqcI?gbWecXW|$y
zb3xs^Bx4cl(KFyIGvbxQ<|opKyCoqHDM`r8f-6E>t1;T_Ac4K-;k9QOw3U_?%<akP
zBe$6D>tm$=Kj6IfVup?8t1TukgA^6SEh|)zS4$*i)Vmz`RE;UkP$;7cE?b5a8!&4V
zOCOQPkzS9IOL*f&X%?pR(+kq13avatWo|HfscH6RkXtp);1Fw^HeFg3yqyqVDBwkf
z)1$g3Y|B@|3uj5G%e~+2g1^_=Z<K`HpYYs+edi{rzH@z#Vg0G5FJ`G-jI^+8hC0Pu
zHi$WSfKyQ_A=+XeqZhvlSjcI2yw+StkaqWt?IFxf?8wDrcs@61&-``_2Pl_=z-_Fj
zC;W`nMTjiax-g3knG|<lZO%KMLi9&5Z)=aM+0#uLqtf(+>LhG!I=})Joj?I>%y4I?
zPS-;o0Ce6n+@u#crqCf^2veK}7ld^8s{~$5n@}&htCi<Kv(GuJ?ioE?%NDhREfI)V
zCE6<2E_x;e7?6ssn)CSZc*&#dkyGy5%vKcIAs*_W%9S(~C!v(r9AyPGx576?8vw?o
zeGeg9_0NWJqgib}a;Iv!OF(g`{uZ~z)@e0X?}fg7&aM)m0*Su$QcDp>wrBKwMRe%A
zcAk+=3l@PZnFPJ1$`(^4xlTxgUhJ%gp6lSCL9s1+2=_?oSYb-%#po2;?Nhd(Z0eH&
zwIhY6dXw~c7s3=>JYUPsrH!{&*@k+Zc@T9DC7D9#f}--Em{S?ANmkdR!Ex)BN-T8G
zHM5dSF_^r5@!Bq-(^TmRze<xkLQXiq+{Ypr&B9e`_Ka}uJ=40N;?}9S;hi1_+6O(O
z;pr+(5lDizFc?xeApHVsfeir(+mz=7<p#EA4<=CIRa3r-3y_krCc*bq>`E;>D-AL3
zs>+`NxhYflHaOip?HZd$>Da<ik5<>Iy*=!q@9sc9Bgmyvf@H{Qw<cG7ne>Qu#vdb>
zr#u?=OEHb*^<-U?7^#aOZB;gZDr9w%MbB9`pWh?gwFfV8^70frY!oC4;UOQyy^*<l
z&m3sy432DphzAQ1SY81AT#y9gqf2?@qMQ5dfeBdCM(qost?pTrh<q9K9^RV5P#8hp
z1U@c3>Gygr6*kHM7Vc0M-(Z+OsEN1c!cJ8w)7!NWX8c}`D+xIqOt!QphrXld%x$}t
zt?fP#UXC6`#>0WZMuzC4YtO^Qxzca5G1wLgvdeMWN*oUKgi?&(`Pw?Dp0;TT;G5K7
zFyhAo-sC_FpAADk7u>Yd<aAd76^7_D@G=u#A<I2|0kW@aXau%LgX&ow0H8~&;JghZ
zZ4H=b_O@}^1!0*A&6o-bp4r;0mY>K1q$f|YG4!rZfj<z684N`ez-iog5}B|1kZmDN
z>tz`<hjZiG_hQvStDda-%X1-vcxvDh_r?>hZ8%<arB)%8oXQ%mfpp4f2m7e*ys-yG
zI`u;8F`GSW(#rvlOvr(Kpk3s3kbMYx9(m7L4z`U(9*25&3cnue6zJeW7Bzk(yidIG
zp*2{7)ltEA^7Ax^r*?Vmkz(`$$gkzLZ{(Hlh4>!AE+}}}Nmm5DoG=jI1~midHr7V6
zRNQ@kwT#?JTj64E-o|P2d>~m5dOEHOYl7Y}PAZ6ac6-08$K$ex@@9J;1h~RJe<-*$
z01nJWPy_|7ggU63M3^%NP!V&fLA@5Mk?rzs3|a@wT%m>U%(6v7sSgI!-FqQJX4`sA
zVSV8#=f;z6?+vBOD@B`HmSoj9IB88YwJYeTX_wc|J$rISG%5XXP|(pxQ2c_meH<ar
zD0DmU-nKc-^8yfk%fi_~5#^KAJap^P(A2sRoXFF!XSui}UA=3)6&^WK_n{@OAg--M
z1HD+)(57C9*L4=BjD1)V6ISkt`XnaTpX$<Ed~M|y-Q5szQQ8ej<V5dkMu-Vt+^eO=
zXwXCveapa14nq5AM^3j|F>jUWF(^q>pz%&9jc&^LXn{_qzMfh&?$oUF%$_r{>Qk~9
z&axsw9CK>IDXS#m*F^Thpc}pM=@^fSKXbZaW}>7Sz{(2Cqhx~f!&!xFI5x5h3?uRg
zekIfOh6o-^ywn|VeTzXb?WyWM*Oztuws$4++UjwflolwiL?Fu&F*V5O6V(7sh6+C)
za=3>>;tm5-kO6rF2yQ6bal3N2C|H$@E5RgOwt0#z#mo>~4@?jfEn;ZHp8(v3@|$T=
zp|Uc&B%5L^firg^uI1vh+2L2B`D$!SND0)Vc!*qL=Pj5aKScFGV&IY%eQcL^6^rj(
zi#^yi&CiyhpR4YGB2Uf4TX`=~s>|1LM>~5OA(YDQoY?rBWw%_zOab}~3arxiStv5@
zK8AhQ>rDAP1@dYG9$>zjZV5bEo0yfi93mv5PyyZ^#4jQssgu;AMPA&^=~FYyiN>Bi
zhv>;zpPpjDtcs0B+e>~HSwmdtR1=P!*A}D<iT+AagCF1kx76Fr(csh??grhHNx!65
zd`YP+5-q9z!r}o~3<<Pg^#LpuYHD+!A-`9UIX4dUkW59P99VqD3_QvbtGZ)tx#HY$
zvqw9q`Jq4d#CIIXTV#lm*w-?sV>iJe+)p0uWhZqOkRZIG0cyQ5oP23^j5ZdJ)WzNZ
z++)P;z2n>4i&uig)6g*QdMK`C^wi-5vDK-DabMVO2C^~ZYWQ+7K_4Zm6iVh(52^Ls
zK;Dse9U*Y2BMf%}!VO~&&0~-h0@LJL+Gbyqv-!F%NLwm!ZvapF*&aNcjtMaaEEE|;
zFqV7B(vM9zS;}rNc!1>1%G0`p9a$A2eybjL0Wmww!Jh9$k4Smg07@OldH_*CuD<{V
z4G1Q_CaoJ;U&CB-OI>PoK)a5xs%A`^7l}UW_2A?lzG03Q2zkhB3<9`>fDX2K@12AW
z<mij`S7-2S$r{HcthhSvJ>mE8*&c)AKF9Khhn59VZNPQd;&{B17Xm~986<!`mauY=
ziJ-=H9Yq~Y?MTP{jAV2zOcD<rEA>5&LEkGUo@yQ&CAGC?7s)F*p5!8}Gd7oO+^~6T
zJ{yJ>_JSRgO<jd0tsE~#s}sHZ0eI~L=*ReYrz_gc4aTc@61{W0DLNm=3%YSysOppi
zP2lIG7@R^m4vYONFUd{tJ+H|o)p2535D`{I?7E=n_FkQQqH3v{<+e@K_eywt8^?OK
zrA-#LU&-5nh6lM10$(F#W*UlG+rw<{=tQz;OTX++0ufFDRYiSpR9ay{Qzz{=!qVh#
zu2nY1#EZ)nEKW4?937uO;8nCS2FG#ez5}!nrqjD)M8R@7=b{<(>+z;C3n*m~p$=|%
z><^_TaIrSOn}&bBGeU#e22D8NC^M=+1dylpXw`)~<a`uDpl-dP)@Mn$NsH!T#qw;l
zdPmN2Ebm5PlM95}QJf68J!gN#XjP#_DSFVJo%*Om2qan}v)?J66-$R|nH)~U!#iFH
zWzc8dyMdW$r1{dh-@9iUJ+(?&Vk`*-3d-r}Bf9c34}pf>Ow2*Po3qsC0+DKp`Q9bd
zrO(v(qM}5{FV*r)1u*&@Y#c%%b1!9!os3b~MMrQf->H|uycg#tfW0mPWk&a?b<%UF
zmk=O5WW2yHaW}{MnHGZ?gu!b;D1mcZd&}>9?XjO*KYx_MwntSf7Lm2nCyV!tHXVZA
zI{^KwZLCt?G8bwjC|>T|YOkt+Xf=??;1Q+hyg3rNt3noj?<)IEHB^Kr0|1tT1X)ev
zCYvdRgSd8r`zTjdLv{_jw;XtR6Tyun%C=fCyF99jpr_DYs9NKDC2>@;5O|<nIOk(=
z7p2jh92wi&H_GrvFPt;n8m`w@cer7rb7!%IX!#5|<Xj?-T)CMXqT`_%=A-LWD(Kz<
zS{b`b6cb*}OR^R9alQh^o+rqV?8ilqfIBN*lr%e`8Da{P9tL;UfpK8NG@ZMkXfbr0
zIUOfjl_B`D%0w=nP;qb@D`MirJc~{DCkq#zt?tn8#Tb+dKTWU$(Tzs*^vGmPSZ00f
zR8sJ4L+$C1O6T^mDX$)ZX0dJgQ;&VmVM>hZ9OY~&yVa`l9S<1Kq0Xz2+`(o;-!vQC
z=L*gMo9?YAcL~m$y9B!1J|qgMfZ{gO;=tn?NXzBS<95__2>Q7D(Q#1K^`qi7*4=j-
z8yy92(q@@4<u&XpWq+#48DU92M~R^14BGMlO)&82L53|6JCSamQoMQL5Czk~@p`w}
z-!oSChbg-U@I3Dt73@(%SYK#W1)SsqV$l1^d3ZG@!i^1TF_ec9D=HJ3EgE)oXY74Y
zGj0i!m@#Vz1d|eV8aW+nS2kLn&k<k0XOKwXC^MPuy&OAi&-*1g2m;JnYY|ywW<Rxz
z2c6UX**5HR{cVKGqVFYhQkxeB5N~duxR_+oYcdS*_nOpArr}@&iZwT*AHQ+hw2^u%
zux$Xs(uy*<xv6ZV2?wHJVmdu9bR4PRU8xARGJ>0n4hR&&YVwGfl~ac2l}GQo1b0kh
zti|meJg4g$Bs(mJms}C7$Jvqm%okS|7z>|A%G<{RJ&z`ag0Y}0Yf50!H%agz3o7@^
z(&`!#Y-S%CE^x~hONl0O8BspeN#2oFu${1wAY{EO*n9V;9{AN`nv*RF;$$b$Ytx5}
zN#>5+PNSobUCe~V4RT-lYoiC*K#9U|ixz&i2eI!-x=K<m1V<4rpRr$g3LdiwEa6MP
z`m=F}h$wsXok(uXVHW$j!aDZb3YoA7irR@bwi{%%A;9Yc#({ccv`1v^)bUmyYZp*T
zo9FdGMVID@;D)j^1Tk-_EzqLXVKCkcgaVBQo*ucg;)>R&3VVAgsKt2)=fO4!OiNhj
z&oj8%Cww&@T>68nFyle)ou_~#lfiP#LS7Mb1R*WxYNo@Fle36`(tCvY-H|>$MMNU6
z!;_Ypt3D-j3Agvmv`Rea!5BYe@K@oltC~%hI}Rc=0cRGX{V`5*({l=XSNA9}%lFwv
zqE9|QVH9rW%W}_g7u%LQr>@10As)?C(=flaLqBX1czGI*B4`L2Fcm<@nkiY&MYk$_
ztChL!y%=5c-J;ymkwf(bX6xGI7u)S&{Oab?{X$=Ai5)qLok$;Ri8Z~@d}8U#ydBD&
zk6Q3jrqLP~PS4?z+J|(34_-g&F@2}q2ZwrrGDfExD1pYMAy0;gqCJJ*Mo<>4Yn9;S
zGv9jV2}i!ek$z%F#0#&Zk=PILy)npR$+m+bYjNQ2hz+Nt6o0v*N=o<oYAUb_nvO(K
z1=Eqbmgw*~1jV^z@TC#vtybbL89zAcTaQr92#hR3c)E_ElsAb$TCX@mZVoC1g8}3n
z;O=#{SPx=zD~#%_$vehG^KQ|M=V_E+fo{B6IyoG9q|(=#@BsB7F*#s+dw`|lOdt+1
z-o<C*@XtlKmMhE)BT3}q@G3(V<KlVNX>JT`>ZjbwUTA{#<Yfm{HuX#L&49Q$V0!N<
z118Yw+a`V_4`7^LsVi3*;Kf*5;`w$A<UVoE)ET8sjIbVmSX@~X$&&){Xn1eZSXyxz
zA9%o`XznWFGt|ioF=ZmkKy;g;z1!p%8IVu}8pWs~O+~G`Nq<iS<f>o-iW?mUlirgG
zl;?}8esQ5p7Ert*7o7#SR5KJ$1^{=JF|x9R#oS?F>W*N?P5ihCZcSpZ-b2PdSPv4n
zTSvE*s}?iYvh@NFMe2Au*YJjHuWGGb?Hwv;jo`@Lb3IPWQr|g=doEi@frn^yYiKXx
zuht>`dMx*527Dpz@k=LC6sdldAravekvrVW>(XlC{+_y|_)3=p&?TGucB#E}gbuGc
z!$dzznz??0AUdEgsukdpsRmx*L+R!YWk?^zVaIB_0JDz0+0^S7@giPtyR+kUB`mjK
z^i_!!tK8tec~8W~C(RyV7vYNYs@c6%o#!3PF_9rGqvf2J&xGx;w}_f{Vtm3hUTSP6
z4az;!)mgKGU2U5tzrx1qVybf!WPnX#gK|3ze~`NQ-XsLlv<G`oYZKE33^6_D7p)dd
z{8CZ{X&<|)!|?^GqJRJ;Rs+YeZ#xWW@SVTMg0jUKHtcV08L&>5S>egel$Qc@8k?6l
zLvEvKS#+!626X1i;5Nt#j;!s)c=6q<R}W(x8seqDd_#CdTRij1{j%_}6h)ShosULm
zt>5<Ak`6=at9J?h7z8jGhTj{r8A7@%c2Wtzi3C}+^&>Xdwx+iNeTg`d!(kIH76nww
zH0(FVoeDnvXifWt;(~!Ps+Wh~q!iyaf(YLuCY^EgvL&#4m!0#3M9fOA8so5UUfe3n
zD>8mc&7$Qu^)g8x=swUrtUEUl&5gK$?x@<Q+X60+*6BsPey`9#MkiGqpAxRm!(fFj
zt=iy@Zb-?Jjy`#ACc^~k6RJWl7B2^O{W@)voua*#<7Lw<b3FzipTZ-%SZ0HHyPCyb
zjN1G3vvmZ0wvGh!2YJsuk_7z`^K6%Z*8q~dkrMDM4w#3;d38)mTC@fpyiuZ5<UWwZ
zzZ>mCPMFD+1~$}{1aRv2!toTI4ZV>CmR;N<@^|H>&pZRUWr7)%ERCqi>5he#ByCgS
z7sXwE@e+(=&_dt9V^ZfM5e^+s^rlcmmWP55gySJzgB?7iEAv$_dymg;Gu>Y8dS-}*
zN9Y#eGufizJ$a4HfCM&MEb1?OWhT=4!qz)f-_m=Ji#3qWA9G{u^?6gJ9`GYMOtJ-~
zQcCdwQ@z$H9%@Ytas@6xlX0U#Eer6i21Zjvw{CM0(x!ZF?>76TGF81ed4eL47iQ3p
zJkS1ocla9<?y$FX*qe~Pd)!5j;i%5M%f0JmviMpDN=Z8-^)AEfLSIlC8V?<*yR{kY
z*GVh;Y%!h)Cz{q4wLZ-%bz4`<(~2#*O0j!}jcR>_5TY$Ea%5NQ0S2DrkFe@!aG0kp
z12I6m8H7h4LeDgdy{+pwBQkin3!6JH9U&9_sSTZ;XtB9Fo|1dmlA2%ki!)7QVTDNx
ze9yQe&yi6i$OGZY#Ut0c1DdvHTi`b3x3*@9?oFVb+s^(dkwDlc)DSE=@|cE+cI_!o
zNvQ;(OM^|@RntILQv&ttUI2rpcQkni?bnK;ugiL2<3X9Ufo3^6RBsP2HJeKiS}_^M
z-eWYCJ8Oxi7mX&AuhZTF{|@Y>m^|Tg!jAWfl3ucfjjFkJUoh;1jyl>X8lAC|60@g<
zGp|H%sJ))Zd?&dJVhTPyrwmMEp74U;lHROUtGFYp)Wc>1KK0S)nZDeLl+@$gY!#z9
z0(BsUH>j~CMWxZV@8)_IqcHrrC`h|<$pO`LR-Ll81dB(UkU!|xlL5i}I&@B_k<rww
z#z9S#&_sr9z;sS@awm~E-)Lc5>4L!NJRojSvQ%oZ4(8|S`5L+9#E1|)UgaH^Ew6J&
zw01&lJ*5D*!!`iHcf@Q$vP(~iAYy&IWT?{vy<5!Ww&Wh)3Nm(gylpf>b$y=pw6{PQ
z6AS(6*SmuNK9}S5TGqHU;=Lw$4?$b>6?YQQ^P|#LlXZ36$N4-w*j#FIRzih_)806w
zv`Y;O-{8jG<X}HXIf3UJd;BP~rC;-{Gju<LK38!_1w=Ei+Q}2d6fDufq%HLqoJkQ&
zIvF{sN%x}S^3JZ3#nhvsF~zJXaRub&OxhAsxp2<0UOrI(tb;jTpu}s5Q^AfAmu)5D
zDza#;t)x(0cc)Q*rr=oN#_DUigL?s60|B{CVj(@9SbPu}7VUFQnC#;zucwN%c}m!>
zLHCv}TwrHNU6NI?iv#gcWw`Y1k(Ap&hR&Ni%>omTh|D460juG|_fqZg%`(d^8yjM2
zWcb<ApY5Y{9)<1?rVCwPAmVEXCX2jj!Q)Y}fU;Rtq?D(FI-O!WCwcP9rtiW7;k+61
zBus-^DkPw6YYYi~CRaw#>!-ZHM6PGT$gk*d0h(=i0CzOOuU{zz`f%H|r{rzUS@}z#
z?7GQ$@Mw%$Vdd^I<;F8@h0caxbC@_ty}s4Qp^4Y3knb%b;vF;AlmgVVe2+x)$+~tC
zORvvR2(A{lb!fXN64)@%Ain@QaKS)u-hHut#YUlWf~_l}eZ09MEetumvlVNm5sixJ
zJ_82vNO0;H-dd7w>Rr5|l~!D7kmubLqcQ8C6CoW{5+xKUsaP?Y`HJxRk>uLqNYEQw
z>M1_MjmC}HdJhBjAc`m-cN*LfFv9K>5u%TRx&gXZRX6~%6h6J%dt>sV41ss&>AqEc
zC8(C790fN7_?Q^wRZyJ}I7=8cvYs!B8q_lM(H^e7rMC=xX!88MtSv-*Wa~-++}0Ty
zCr(g|t?ZoFtIxQNl%TO-&ZvQ3W9@0Zw}qC<1y{>H>Z@=8eW@CRe4z$mW)(^1rE(Y+
zqL1Z;05}<~cE6e9H}|w&EC+hnqt~18%6;g{uj1m6Fg65_dsHZsys-yfK8<l{+ur4V
zfZ87J^6X`2HNi5>CRbltaYQhV*MQpdG`v>~J05rI($>z~C#TGPcrW?!P$6x;_u|2O
z@;snkbBjFwZXcg(a({V`$)dZ2AKcb9SUQHlJUA}ZV`nGL+cg$F0K*hqtZET4DCxFs
zy?79fRwuPLW383Cq25R6N%go!`hqOWS@(G|RE?uaZ0vi_5m3`aP9x@?j4A+F$>tmd
z-R_k=A+W78D5*j7$7gj3i`qpPIh-fNS-AP^J<e3+CoA*9t|39C8F8z6A2l&l0GrMO
z>vf=Qr^e=}#@c3YP?K#+ZN0biR>~L$A3uW-18Y%Pgz+ROZvs}o3qiiVhsDIv<21c1
z-jI|h&x-=nZQlzRdxn7t#?C48?p=BNq4a|2%F6j|tt?(ij2c5YWP)~jLKB=AQgP49
zz@rVy@;J!FKldJ1^gBWG3n`lA3{cI-QYb+w4azZW+x~(aHB}m3iJ{%?5R;wY+kQN6
zN^&If6c@H-E>t=3h*uyVwl=a_gt4&7zQhOZTtYhyj0~BB>3LI4G>-aSjN~9`D{6^6
zpx!k0HRjf%ljlq1BF{B!2a6UpCh9#Y#o&@KlP-)xUP`F~6E={=$FwB7=)`Tp7W2@0
zoq5<yBDyv8nF7zvW+qU+9%?KDQ^l#F!kaN0Lbt{x3Ynk@A705}0-r)NG<;Qg@2$Q=
zMSZ7lJ4D;2*oRbB9*94E8T4udtDgcDI&U78yU1LjWCfs%TpC40Z{N(i`-PB@yM#Lk
zbsVbd@CKYyV<k4(a={(gMO1SNSKKVuN<Vk%7jhc8&xFPFR64y2-WGWPvvprROExif
zW6F+4r6}^O>~3me?cEmEP^80)!bf;sc3R_5y(~m%JX6i18*=EAwh6<N%Y&RZt8!jx
zq^czPnn-2|lF)-}sdvxBUY<XEQ}STswwS8u%8F+cbx5YV^_X8qbzr5UmW$^&Spi3?
z1Zv+vI=v(#C4S>C-V%HIVyY&HJplw8z*0G`OL(hCl-#7sQr6V1&(zlADBTtG5s~)j
zrKb9nMR4TZyuCmZNA;wTl*hCP%|J&*V4BkeuM)u$%|<UR4r!KPz`2X{)j=Cq%)8T_
zV37xyE&$*h(Yv1w1V0z%X*<rw(cPj|I9Dl#7(*7rNaY!>?mCWepqBSI){SFh(^ylX
z;2D!XZC1X<U3xFOg&M<OAZt)5KZu>1qd3e8r0usp3C8mdhaL*ziHRPR?&iGpNKN<K
z_aG52dr7VC>iX@2fVP`R7ZAmJ`f^M*-EobW&*4tQfkyT$F?p>#t}h)9bxwG&Ky+81
zt%h>N!rkDH8Lb(cB7+t!HWFl)$G#knuXrnVkSGD`ZL;LZVg|*W;z+~2HCw#tCtCX4
zUn*>LRb0OXXu3yJ!x}2#{!Rm0&1m0~Q?%;$gJtwIoJnXGX_ZO=AY16+LPxbqEzujF
zo8T4zP6W)08*RA1KVi+_xikW_9Y{%JB&4}GmI&kaYBH$NL>|43bI6!?9r{=o3+_!n
zh$=+bcX6z;;LmX4DJqFyOP|~$<<cYQv5?E&&dPyT_Y@!T64OEWt)VRPzz|po5*6UG
z(ew2j?}?^$<8{;ygY(WxX=JY$(&srXgYP-dh^whZi4*3tGAn7%HG3CM19tFiA4Wk_
zx|bX3xH9dOwP4;9GlgYR4$%(I-fdNRdZYr@Yu}-2^xz!dB^#IJau>Eye!&JIkHl#!
zB-JT<%bGxr^L2;DTjn>`Rk%2NOaY=q*|10h!mk$1wee-(8<y7BV+Xn*&J6W<h8e(m
zsH~Db#^Z^TX}*!L#Ym{IcOqU~yRK$P!mqKW9gRcg5z#Ok6@WR9^^L!(u3lTZ9=K@S
zh8uuaZ+zRB-pf~K8^RCJV>3&7AEUi!KMV(<G=CM_@E-OwF4cIETx}E^rm1&p`B4W@
zIEGfMxT2c3>7%kho~JU)Rn!+#%?Sw#j|~xA69yuq@dZ8-(Y>+WNs9NjqFi&Nk_bcR
z7+9SnUi#W?-|C9fO1@-6GkGibYLAs>+zINQi@D<n=i$In_L5~`6L`N7aGN5)LlIQ&
z7k-qpj=j%&VT>^do^p$cgAm=~0Y#*ezJAAPzVIHvGn!|SoRK1Mm%Ec>^`IUFKS?jz
z*GMMn#a@^utaM^Jc{8V<Erj^9h3M^r>FY_%N3l*>0{f`s1hz=p?X?U&5LZZllH0pV
z%9&4-jVXetxx8N908FC76MwK%9_A05*9zdM>0Lvi-1LKSxiaVn%@13jFD6L|b{>wc
z7YLM{M_oNQiGw4!?YlSnBCDB1>bd$g%Z%f)Z6Reb9A&mWnUle3%!#nxYaV}EF5J73
z4HN+I^q#BT!Z_#MJ*(OGz?%rPm70y;Gl5_PceA!vZbia+3$lsNYUdg>$wJ8(A`(V~
zC;e=U=p}pCJuI8;Ox$WOWHEjF)E=rg7M7tj_C##Yn<;u;pupiS+d1*rn)vD5J!&(&
z$N5~`k~y7P<_$hec%4bMs_l3BR}(>fMDqZo_B6Ez%o^X}OPET;&Q?MN8S|yiw^d-z
zwIRFd4HTi+Lwbuf{Ia|8kfypHyKzaQmkvCu_hLgli~^|gp>c*k+{}8yuL7{NkN2c&
zuop`qJ79xP7o}}-@MUv(-eo;xe5AP`=0cN2eubi(_Dl%aL5wX~8a8xkfmIRj3Tvix
zbx#^<OqNH54X}Fb0^Vdw(L7o}Ye~lpu*(2%7kcA_8Ns&7W@-m~tLXz76m}|#P`F+1
z(Y%>w+bn<#(64a;o+P^p&GJDtJnw*(;%l1FC=9__VE}YqZBuMR3Paq!cZ{q}<)ca+
znh!Y83@3+hVM5i;9ul&RyuxP|5eH;E^dcu=Y03Gi>Gn2^khe$5YV#%{X7|lz3_{I2
zi$_ZSQXvkPI&OxM;Hgau!y9?20|j&a@);?FZrf=udL+fs19@k$XmMn+kEZa6+9G)B
zYlHX5wfR(^=4D_%+eaxyb$}6q?_CaJhE@hqFV_hMCCJm`qvscWkefrKl56ko1wD0A
z<}OAq-=K|_Eg#l>v8*Zig2$wi1~Ac!9>i=%#KW6tiWx<)SM(BNrz^YDCx~qQmfk#k
z!Iq^H?O^Tws(sM|#S<Nc5i+>52`3(kLgl`^Wr*Pb?nlF!(srk;Z`+$6UD)1@Bh6IJ
z%G*>4(T=7(qnx6)l4{)RYv1ELPZY{6|7;?UzCUE4+MPTD?w5(NarGWNd0`UGI>Qi{
zLNmFM<I3Qr@t%aoDl&34K^6}n5$qFU+&k$Iq5_MnlrS}JA49!m#uZgWC?!OB*xP-6
z16u7Xhy!3QD`xIHk=WAqg!lmc!O$YIchJC2hatXwWhFfiIFu}F%In1pk9xquZeYZ_
zpn~^=)BS`<u!VJ%`SC=*F&5^dcNK3XY3T3@MOca#pIV2#Cj}H3%<W|la^A3ckiARh
ztMD<;r~Uewa@KCPwP-XhzkEU~Wd{8O_}n01cEKdExm_CiMIRH^bSuim-f0)#Dysu<
zZm-;f#qHK9qMV2qRaDU3p+Y!U$GHGrQmoYgx_`D2rl)ICVa{`WV)5jH<%xFf^LH!w
zb{>%H1%iS}R2S@VWwwiN=UVI9&T#kvCODP8OR*sm270)(B<*jnUcIA`mvU+>Kw0{P
zNSU>q<C*fC9x;zydxv9>tNm8a4%}ZBLMT?`!#jo9MMa5f4X3>V7nX3YGrS#a?s04g
z<l@G-zTFef<Eni|hu+uo5?#ekDp=qm(){3(`t@`gD>m<#XvkCdSE@a38%+SA6hNDa
zn!;0>kkU;$?g7smOu-RKs`%bJTp4{)dQokiN|k!vaXxDXq>#64#|!6l2!!EVNp`}I
zgtC2R{4JJGK?Y{4=zBLvDFRy?dhs&VfOjN7njT;31i=f0t^t}w)#iSW{mOCA$~hNV
z<o2PL+@OK`JB~^^V)AIVNNSUZ3|bi;wYm4w;#302m1(2ky|dYh?d_MAaX2-^g4e~?
zj!U?KLr_87S_9m8P-F;0D+WEpl_Mpyyd0Shr8y%4Ry?$V@C@4W(vim&)0WIv-dOi>
zB&4f$zO<4m!@b8O%L=z!6v%Oe2C9lrL(WA&6N0r*JuD757wqLZkcVj<wA3^a(t1B-
z@i!Y+1Fs&>?8-LxrSEvJ1cl)Mf?u9#doV1?YRkEbIQQeE_Zs;C<dNFDseSI<w&5w|
zYK1L<4=e*v5UE7%PK)oMBQhdhhpg0CM=O+Z<GGQ1wh{hZr@wsZ7|p&nOF4mjbpVT=
zrPX}Mf-j3~pwT?hy%hQ3+KJNZQZ0Iq)lBBOmcWKnbG)3YYvGD~J<s2BdQTG*icla?
zp7_0|11}f-RJBd)jY#tiIyS{>_s#0td~%R;;x2s+`Nlb^XnBU1L#NDRRUaDkp0R~z
zVpR`|@g`Iy1AB}q7oES%Y1KmZ;)I?MVr?WFal__AWONNknK?jWO=ySY*9P#bhd+HW
zeUpqNHHa_$ICkmhtX^h|X}>FIToP5oakOia$0>AD{Njw3iD#ebaf?cKIz6zN*fX7!
zvgR#Ya6zMe<PO$A1BiEZ@0rUpAB$;HJx!_ADp<~-?cK_)|J#fF^Y4HEZ#e$rU;ml^
zwIupaGXDMlH5b;387ioBAAIy)z1uQ=yG8u2M`%;29LuQ$noL=D#FTDKrg>((;Rv7$
z1TaReB<S?o37dm0ve=b@f;PKeS#vEiZm6PO;R`Vh>b9MMV#$5eU_`HdgW_53IakAG
zxsuC!9NQ+sdg52sWG4Nbm0AE{oVC%VQ4nz@M2J$W2er@j-XIY|>?^#P;8&X4te!MV
znAV`J8Dgze!jspp)=kt#&FJ9^IYl;#SL(f4ma)*{<I3xMv%FZ5tX=EEhEI)7Iy3hn
z?*#apEG~#R-v@Aj<tlJ^TsVGx?_QU@E8p0nO@dd`VQ>PuB21ovXD2V4REwN3`k8s6
z+z|V`7dvY%S9X$^nW6LWZFYM=JZ-es(*u{~PR(K>xAk%-blB`J^aa#Kst!K&BJd?V
zYlH#LH#NLZLEl@M;!+?5Y~<dwXH#$bj7T4Ko4H`u%u?n-zL#M2>@mw62Xy;2E~CO7
zqCfLPJYcg~5J|_3ofJz>>MLk}K`{>@kj^N!wJ)ExW^0=GGvo&>V}ac+dnZL0kB*)z
zRv*0-Dw$N<JgdxwlPi20Q|9-wS<aiY<!6A{lb)G^7%JSyiPxZd$B9Z^q;FIh$vBs;
z+f`1{vzDxpxW@~OyGKwTU<JB~6Awg)-(%b(<C-j}+=u#Jc<=+>CvH~I<QauGsM;1<
z(M{qB%IPPzWJmeYTs}Jsz+YqPOr6Nosf5|SrF?2U?=4%LIqDk;Qq^iPy)9X82HupF
zN6{}CwbsPdZ5C5x=}jzq+Pr(cI(|?DpczjbU^}DZI^d1#fyz@OLQqrj;xV?jBkTZ!
zp;wFG;fOO)Y)80H!wbcp%FD^2hyCJ^rNni#0pEM(jEc{fnci8RP4?Y}ih<^94j=}g
zl2-}hhWidwHMmfpJ}3ZrwTzc6!w+pUoe7zQ;dwsGXn&)$6`Q)6otIj5D|vCxLjy)K
zmaHzUvEog<?Rz?>lZ3QLMa+)ED7wMw_MVnb2JTZAq>6joii)bj6!h*Xx-v{WxFE_m
zGehSV1kYR;ne~Y1oy3cWHCPF>6kxrNftBz`D*y&05iv5B<8fM#qt66AW0pDrHc3F-
z1TZ&u2OPq=?XsjQ3SJJ;xilQ_W+Mi9Omz-OaEqQIIPRlaO+5Y%%<76{YgUd6o|=!E
z?JDc^J`Nqh=f5nNQ>P?A=H2V!Dz~={M;ni3jGYbM+m-_(;e9|>kc~8Dqw_AH<c+7)
z=&Oi+b<*>^Sl(C{(m*cNVc)!6_dLTYRnUU6z}agWQ)*YnDt{QaXpe9!8Eng#HDZG5
zN!D1LRHO@ocf3)g_ilUjInZ;HOrVOL%5G<Xm*m|^Ba&cDqfc(q-2)_CI{_P4nP51!
zNr-ryH&EsV^?7m-IUU}BJTpM`kk=oQ_?INze@Rlx+u0*$9Fg7N(g8kCrW>yTA3Exh
z&r^_~MN$Ea3raa>Zm!czfe9ZWBe1abj-cb$rfKgc<f58;$Oy%pDJMzLG2l8M(=@?A
zi}lO_)|)xAFx%PD$1KZG>on&>I;9jz^T2lFmVD?|#P)@ui?@ziGu2Wb^Nfjs5cYzy
zF{?32S!V8wseoXqoaYV@J7OrU&Q-h|j=TAYw@+1^bHFE#tTlQ16h#7EtlFOPdRpUC
zRm_#Ub@H~yGqNcOhGe?VX5~V%KxM@&6WFc$Y{ZRWnhG>(b%NIBLK?G#%Jj?>b00tQ
zP}*!m(Pf2t4Sctq+ipZDy7ugm%Q6jjws83Q*o<sX#zol6N9V&NXt?+S>e`Vyc6m6<
zFC$^%Wd<ZSiC-&^SydlLn5|nsM`(v;aY6M6&4<UV7cVd|Ub%bEBV3}5r+$2h9CC}q
z$k@PuB99)+SQjL|<e31lv1j!XP1Akl8s!aV(|V6GHbXNhR;9sWxgjz<xKryQ%H9sh
zCil^j7?J{j=d50A4kUcpyoci3)Faf86@<1sxC1F`#m)6nxzLH1iY!y!3pbUKCsczw
zu+diUij)T#jZr1e#&2MEJ1$UPGv!SQ!^ly)`Frk=(7}|;-J5oIbletRo_WOmUaf<0
zLa;=>JR^V+k@uJw4I<IE&%HNZN6_QZEFhOa&Ha!B^@|e5zc=}(b@0Nbu8Lqe_rXE3
z-G*roLe$HIDA;!tCko3u@4bcre~+}_oo;T4Etyr_V)s66j^M}R&%3z2#|tRkEZ{iR
z(28hSFNoj;HWMT!)@8<ylnbI(;>4oep`KQ+8gM%#$4z82smByVXlu<QRSgES)>$L~
ze(7Yx92ULa-I{4D4}2??voG%M1m|frGvGO*4Oi%6Xr)2Wf>dTXz;L^0Zb&9r%&6Rw
z;OfGfx|Jvem94<8EfQjTZ7#l@Y_iyn>rB$N)M%j1%~|zwb6>niY_UCia~ZD{wi&=u
zuw@3~m5`A#iX0Kp0uF({AsfTg(+(PcvAStP{EKVz(+7t&pi9M4)G&}^P?L!G^ig<L
znDCKK0pz=hH%8$&!}?}#$n_B<8J{rG1_Mm%TAPoFJZ_UbEqLJ)y1N4Gfl+?@9;-E#
zHIY@jM{tolhNFxVPLov*u=t1_Lm{PSyk`^%r<H3wH7M{%2Du-QKgkN2tXa3D?A>^5
z3XzH?Qzg%DuE@L=>Wv&Infk@T7G_63Enbj)IoD|~9D6HI7uXUVLpRNxbt28Fbg_2{
zp1SH(r*SCr8t+N6JRi<0G|+kqXOA8E;hSIFTS;rzvf(z4%!a*Mz)`cq_@&}LIxo^r
zJ)U;FwR<9-Nrx`3<B`4(3|zfUi#yrKP8h*xda~XK+X!Wq-V^=6<a>{g=VpJ-CcSpm
zC;~5B_m#6e80SRYQ+|(9H^ue|ZybSeT~nre-~|`o4ATvfb#T3Rk;BsW!iip-<5g2v
zwmHNBE;a>&y&N5K!bbAf(oA-YH>@nOXT_T^I<mx(7joGS>1y7X^3a*z>O-QL+aU?O
z)&L>9u!IPLU@Rbhk@qT}7TS%tFS=b<;~hd|amMzw8V2bebVobwf^MrxESY$^OO#*6
z%(0F(a46xOc-*@a?O=@2V^8%`zr6wVtZiZ^9=k>XGHc=&b>@RI5>uJfg|<RYs~bDU
z?2O0BRb}RVn+0sx>jFhd7wl6nNYCEevwE44<(tlAKAlPh8hA2;Zxc}!(wDBJ$19EV
z2{kaU5yqOpQIygJ?~r<`14RXw^1b0BjF)z;vGX`3RE!M|xH%NTd8@=Rt2;(upBksl
zR*}oK5lWpZ=oG%7v_r+H$Cf-`Lk}jw9Pwr;x0WRh(7ewXTQSa%_DE}YyBYl@0t1+?
zz3bD<T4|ExG8|FPu)f#shb}tNUQ8Q&#@fpYGL*R`IyfmpCgF>=q7L&Q%zYsOp|*_Y
zY+k<}-c|?jcj7F^iH!mVD;5?FSRQj$tISU}+0m*YhhBE4cDeZ(K0KfcLRlJVq`p@?
z#6_V5?SUzr?X|jZw!vSRyUoI;YdNN{M1}fQE_!jnBc8Rj#@xL&30LM`yz`3>PQEv~
zjoUZ(_hY9#o!JDfGCJ+@@peQy0Pqoc7CEtzGj6?kX-Xs=Q)_m%3<;`cI*-~o7zya&
zIFsKXwUTmPO6ZGbUc{3{K3vfd0-rL!XMHaljaXw=tsDS(Fu6iKMbAYl?@5wL`L<a_
zrv#E%ChY;c>gxd+(=zIN8ADafg~ElpAzNOGHO?sMYESI|9@d=<2R%cv#xS<`AZ{|R
z9a*#DdYFXStUxI1fmVshcB&h>zLMj2K-yIM$YWh>1eozX*akYy;?_q|==1U*aVMq>
z?lGWlLgyVG?15M6kc#S@c5ft$Ee60<zV|%Ma2fjQg*YB6V2lth-wT%)&8bJ7MB5iA
zUZJ4eaHQo4rYl}@Q2Eg9F{N~*h{o!GCuNh7cpot7M2HcKMH{_@ODBzDdI6*fKJNA$
zMT6hr-08yI$+Ctb2S4ozvqwz)RF$;XN-ba2vcob-3A$0{TCc<!L`Y-s0^F_>VkAF;
z<O)RbDV6evAsuBA^EU5wolCqyoL1ZQh92wW%hi}T*0eQ1*L-g-a|B_0_M9@s5DK!&
zV6I>2_RV`Ida5B-PDuoV+X;cHXY|C=5QGyg8bh&^k2K#{<`q0>^0fD!xzhSmo_C^D
zkGPYz_QcE54?GATnzs++Oi7{x5eoMKLK{(&MXo|-I7`^J3ezrTO=qr;2+JMI+K+fc
zmR!n*#9yF%@Ae1}A7_jGMT!OkZXFJ{Z3;lG!XBvkn=XJze8tz}^%z%<mf>EkJ)&pp
zYN$u*_8Og_`somyj;wM<%j#1Xc_3Z=j%zt1KuXTy$~4k~DPr@|*YPd|t9TTM9SWP_
zVmE3R&_>2iXVu%&VmBxWDki1o4PdpX^vqi^*J~d3GmHl8(RrQMBLK%|>I$&xfe3Wh
z2!}6tUos@t2tP+NsbYX#U4jZ>g6pDot-8MFP#v;+o$poqtkYY3#RZ&}i#J<N7Wekv
z@{K^z&B}v<;r7Xz)FYB)ButCju^3Ol*D;3(FYCaOg0HJuvW}qg`2v`rMn>c7y9>@O
zGE7!CF@#j;F%Oh}&x6LUM>{OBjh!`T(%DWtr`PvPX%L$a<<2YYqINoLF+Ep=8!A?{
z5{JF|a$rO+uvC_$;H4~kA5XzlvszU(E<7`S5twaMTqH3nfG^3wx13~dS_R@IAD?VE
zlg(Ny;B!_R4}hHO#Uo>IeLk%kVnfzt##MO-wX+MSBCoo#!-$h$eFu8A=uCO}U>uf(
z(A-nH-TTec!w8aWIs)m_En6LR_uU()<*4?$@pPzIkZBWqwUt&YG%xC+hKi;K-c9@Y
z+6AP)$)X&W6C7Zugu{l6>E|01DKKRhk)-}qkyZg)mmllOddMDkUyr7AKQp^Vyj0G}
zCL8KWwWa7nPuqy4POt~9U!;70iq#XSGG2;5A3i{$*ht+osMZ-06DHbi5Ugjn<CO-o
zZ>RaadCf9G5d*omvA!guK>bS(@^<dc&F#?a&o>!po@=12y}KDxwdBX~6a_~pGF}&{
zB0vS_0CPxKp#;3}#MIYJ%JE!^`!b!pJ>c2Gh1E_v3#7UbAV2rWpeAu;QROYMt_18?
zh>suoA|^Wf1k%7zS8k0&8kP`;s9_7c5FG=);9K@7ju35lz}$H?49{>+#SSxFmqUXk
zs%i*lQ}m@EJ0%;k?YXd9O7~RDqiV{nex$O7H9n%pLf8}U38%e5lj}aotUWUISsGs#
z9KI&JgGWxmh*PBM55VPB%6S#uP4Bytz_1$h_lB~rydRL&(;^IwvwhmH^xkD<uyD?7
zPhJzgd2GpCFi$zcGFHK>@7@pq<BJ{;0I8_)+lE*P)6ELAl3Cvu&t4-;?9$LShSq!P
zVgB}BR==s<&Zv8DeRd-;Z#L5~>6R&9K`WSJN79HPlX<swJ&t^(Yb02q%S)H7pv4kR
zp6gg5i0VV0J%Gar&Zwn^Jbq5>lGr-(*w3ap95bJ<-HV;94o4tr?s<>p`5SMN4vMQ&
z1=0&t<p{5Se4!rCWI*pihQNoj+bmGuD<aCid7Gr?CCx4#VTpHUAaLZ6ZDlKuBx_?u
zuE{oi2Pftc1{bu9JJ<#1>e(|g1(i<le)KkWnD7G?(JxdG!|-+c+ui$%6;B7ge#y71
zy{8V|CYor~b6WJo!8zWw`C1s@N@Q%L+9(_xiDqg{1BoXI!bLpIU8=5uQwt3}esRz0
zBCpV3m{WYJ&v5UMdmC4Y=ZzoE%*@;On6PjkNLz4IyI<#AjJ4niEkB{U=x7hgWU&+G
zSf{I}OQ}4VsbPkDZ`9-<;6a9{Jb#u&^lUQidi$vgK9M2;`xR4@&~-y#)@fQJkVu&^
z-ucnPR<KIDS2K`=T)Yh^G7kjp)bXY%J?0@lV5o(K(rH^kmo|E=+?`3ck1+2QqcQn=
zBDZg_cLaR_N<rVuC|IFt<#P{n3MS@F-!^+G<Nz;$1G!8$YTtV{4%$i3;#^dvn%9HO
zjJ9v$5x+y1A)U&A%@-umcJ#_qnJm-Ol<3GzL5`F4oq0l|NBb<b$jc=#dt+UEwxo&g
zn1Jh<&_wUdQ8<T%vqf?ZjP>#mbqk(5lJS!oR6HOpbi_1zYpzo`4R}F#3#R?#(Pe1t
z;d#VcNWRiWld$or=QEZ^68nfuup1J)lXf{6jyFYn11*BFk2RD;dw{cC9;pt}+N#Af
z8{ws<BlbsO++q)dX6R;kQuf9Okr9H}3*JF4JfufLcXwe{vu=4l4nLv<C)M}LEo*nu
z(rAkZ29vf_Ho3Rjy0h+?TSaa7A}=S|(<i5~Z@E&$5|e4LPGf7HM0v;~$PZSOzgXeq
zBOrDbBq99^7Ap~@taM#{6dJD=JF`eY^Wx=@*YYf|tZG`3S@ZO3>R1iWk<)P}r3d-^
zdfkv|#$S;ih+J9*A)Nr)GfvxVsWK;S6b1>KeOw#c9=ut7CRjHz3lxc+leQ8u{9a`P
zM`TWzlUNKn(MuUrQr@c**}`XF>}!+FB}yW!{!1Qby#56|P6H>B6TIXl$|+tZlKMW+
z+~Qa7dg`DO;4Q(kEur>}csLcUaMw6^y=$s(5YV!8y0L=TDBbgosOL%E#e>|O$~8fg
z*L8H^_MXocW;)R=xw*S4*n1eN#Lr7RPiuTEW|417=fPR{J26BwGnKKC#l2F5%j=l6
z_d2HD4ITCqCLD^c&~r<e!S$Dekv(lqb(VU-7Qq?1I)SzQI5Q7Dv#cH^)U!y1L&|Fn
zGlOo07x1w0mCUFv%u`p0d4QhXS3s8>_G;3=dJ;m%kS<T6_|?8W*|H`wdC=iD%@G(P
z7Fu-T{v;5oVog*#&81rmH2b|bNK2E?GA!|xhA@EhU`l}Ryvnneu-GE0HSqNCF`aL#
zp~R~w5t+Tps`r!wdHIEoE*0fmhG1%vzRXD-w<x}Q56;<#B)p5!R~}UBt3q5$Vrxli
z!jYzYJoJn(L_}?wh34X93Ben0)2~jAn5gQNOIwR7SD??kr_ArgQ|rB2g~%v?CILir
zz<&2sDow~B%5*<qG5X&7sAe&`>_q7^`SU3hbaR_Qw!3Q&m71Tn=DP}`z<xgy&zgE1
zX8RO?8~9bTKqU2L<JE3Kb+t8xaiMzNqrln4JQ{G)crt0xQfGZH3Gp6VQ!?v==_c4v
z-d9VU1g4s_E$|SI3nL(3xZU_5^Sso9z}EBavLet3khH|=_2kGfiw%5Kxk7l&tR82s
zSl0H$QJ6iPM;)RGpYJFqOY<XGh&q<Ya7o4i;%V-M2~o%Ccox?@yRU(mpRQ$ah({V1
zKRzuPF(v^VTsFmpIgjJR;HStf>IAOy@N|nxB?06*DT>|9j2#~(O7$8O`ASb$NQ0c9
zJy>6|jakDHrwqw?Yre`A=Ho^cnC`7;vi&Y-B(ssL_XbYKN0t_2mepDw+^lQn>80cX
z32y?9fh&-C6W7{V3#mr#ZVR=7-m3Cg`nuSba<Gr;n?~H2eJ>edy55%J&FO{`m1;%B
zalU9SF;Abz8lZ!mY50bURHvj|at8!myNev6o>$fDxQHfKw0PGB6GkO?gb`}I_IOxt
zVSP(Y%q%;WOU%<|dHPDSe*$a)sL`_u7Z4a#cR82d#|W%e()o-tjtRzlWs;NQ@vS+i
z2xH3|Fl_gOJAAa8vsaTX8%}~PVez1+9*u>HZZTg-n^#R<rbO93odi$uyf?WUAy4;8
z^kFE!J0|KYd4ocm4=9zzPrPI+j@q#wHh<9K@I}k+7!whh;wwFQ9e?3+W;EM-2Lyw)
z<gj+}<^)8=Y|RIOyKpIQn5clTl|UyrPjo97_?&_n9@<+@jYo-MTHS2oP})n~4n=TR
zWPI6xb_r5%95}Vd*Nyu~d}Ua>Z$Za&y3sq_xaXA#zp%Hp@2TZHU%`W9t)O8`bwE$Y
zIGO+>-i(uL!DD8CXJQ59R~LH1_$V|ps$3qKy)EyuzIJ$GetAORG+gC*3i<#qgDiuu
zl+xbP#_dyEb9#d4BB+gynQFWk4=|q(K9fZiPjsBRAPaj9L|~Qu5=y0^HGtPKBwwot
z48Fc$ZFHA#BYo@CE6Oe=QFlekc1)loN5%e{OyCNN4J-+e@5Bm|>6z5CV&(!z>>cik
zH_|L3II`G2M^N1p{H$#G1&Yo@4o`r*czN0Q*s>@r9I*#$v#nXUxeQgyrEZ1pv^hXp
zWc)Qszl=0fsL8nI3fSh%y6AeUknXS6@R_}r$Yx<UYyljko-@V^?SxR6aarkn6%40T
zi1E5J``s_z(2G3d4dTsO{lr-tED<I*8eYGhe)PJ!{e{~cUQyN{V_Sm;D{-d!T=WAS
zTC}+0QFzDH5t~n=0~$>^1c5JY){Hg{Gp+!+Sgn%?E*gN3+|CcowcfCGOy0ZQbtvlP
z49YFI^Yw;c_Q^3lxdI%Gu&u%uW0x}L4RuIW3wcz!Pq-O8?ooLQ1?&67#XoV$-I1QV
z@tEypk;A`u0k|h5<WcWky+(@{zHNH656g*D9u;M3(WKtx2)QlT#YNK1&=EY!CLqM<
zgaj<>Xq`1;H@j;$9$7I5)#O@!CRR-o1(9jR{)}Vc+{LLcy5F#sCuH~-WLvyPdM#Tj
z?;XHyKd#Gqf_}#vUKZk{giX~}W!avW>7y|B4veldPmnL|Cia#Jujh4zrkz2$@zWp@
z=Zd#yTm_GWQFm_}d2djFA3fE^#+9?+XcBupi<-pE6zCloSrhK(AxL1zac=L-hb-QW
zGTp1U@qn@1MasKRDd{w+e0zD?fcrEaXjGfWu)#IQ^Bj63B{KwrZy!FEBGfn&SdHeu
zw{I@-aE0>$M*4fNRM}M`HEH9y(>0&x0zJM#4x~5!@Q|JGotUqO;tW{tTyTJ8<(%z}
zvjD6B){(gHD->B9Vn>+_ah8z1p=&)f^;5ydErbQ25P5ta=`$PitU=C}_hOTtmZF?f
z-GHr~-WImfT+i@Hc+J)8D!6_mu@gE%xhPr$2d7&F9!S;~e!x=Gg*4^dw9DoIy-%|c
zE}ZD$t+CFdYXKkwSW?bR<wtAPTF1wEjO(-{+HXc@c8a*3f&og;oOv~7i=ICjc;ggS
zvnzIPdshRh{brxhk;@jXjXeo<t|2fg2&gjew`-Uz30>AiTMUl9^?J&qEAI^w=eTC1
zKVY#Xd+k|X?|twR`o)XX^6P*j3ZUg%-=TSb0fT+0;Rgn!@}4^D%h){xS{L^lSwlRo
zMBQiMV{P^zdwR81HlK6!bjE=5v)Y9?^AUPs9W-zN*&QPrEI|0~J*!9)4O_penNGFt
zDmyRgEF_2*mb{Z#8Ch7&Pj&e$VQ7kNgdK<tgNI#5-xyur_GWuuP1(6Q4|fM4*YkMS
zwp$&R?^Vofhk~$khgO+&E)O9cDpAY`m=YymyCU#=1QQMV>@6-#D93~pQ$|2RF<Z{n
zJg~{Z7u*j9X#pWePTRBFC<3^9u9HxyAGPd?3P03E$gsqqZF-e?5?qEzX88bbb+@>L
z1KwbjJsmdpQ<>V^E;dDVY4tZH+8_f*dT0R%U5{SVwO1tb3?~}Z5|OtSB$!2kK3grB
z1vWF4utd8J9@osBKunw&vh!0kgzof~doI8!aDWfEM1nC6wB&%_+=g@UY|@lMKx6vT
zBW*BpU~d=?1~j4yF%`2zG=Qp>)T+a#*XmZq=7=;2Gbz-#qeKHl_MFaiCs%Na?vNY8
zE7yl4DdkPLfKP^ZL~hTNZO-p6xr}v$DN*m1>&>ViT%i!t-UHFAGh?OUJGF&+%(Xz>
z2k$EUbVg3+fhIQ<vEa66QoM&o>QRH3wl5Hio(9P1crP|QSQAbtj@MV2FOXirG?#(P
z#jS*U0kf5X_7UmMJT7IfE(uHkO7O0P2d9NW_5ln6e+iSuO7@5xiS9Y}E7s+|hZx3(
z4|4{lk_wWY`OSL~9-5<4C&x@W^f;HGV`%D4%w;(;;Fu9PQ;I*N^Ji<b_&~#fPQ0x*
z^5vkx+h{|B!CVsrddSAgeXhZRk|j&(Pb;46aJ-69ogj)TDAmK3Y$F`cZ9Mlk+wToL
zhf0fD3{TC(qdpOF^bzhMZ&0T#=1VwqggJrq0}v7Gs1!P&G1xPWT{Gfxp$uL$gjN%O
zV0XI@qW#=?1|$rS)Z(ne`XtViu|U&Vx@T{sYm(I6CCMCbm;IKvj|W7;)fMcX5NDDM
zrgW|Jd$+K@zHFriLhy#8bM4SLCONvAHOk$fvBw4|PG5MRWx_l}KG8FG7l@Y<4UO(O
znG9j-WVr|cHJZh3NhmxH*=nxc^m6vzdr2+NQAnJDCEYfd%Hh2h6#=bz7&#H`lB^=9
z%N7<VQgU(OL>Kv<_f@9Ah{KYFyvi7SHT7<a9f)*iDE<6I+XPSyIR!WMwY|H`);ImG
z^~y&esu{|y;yt>2Hkrwc0}{@aqUM-OGLLu#ydJ=6fhonV)X?mE^Qu;FrZi%o^dr70
zA?(@feK3Gxkn7~|3Q9PwF^`J{30X0noy{8Y<VhKTzBlfvo<ms^c>|F=(^xBlSYq6%
zD<qq3sXf-DyYp656q&NTh$k#fFDrOwJdd!`&>+KAA%BTO36fQ7X|Z_vruj4sI^@e3
zq%UJ$iyQVRMr)+L5{4~FCHYGky3Kom!%|ePk2Vn;be{~X9G$66_hvj`0ZQ(RzHvG0
zVXcFeo}+%4{8}?-3!2qmy<6c0rUqmd8xW@SYzU!fjE6Vay9K+aEr~;Zc7tmXF3-li
zVtRArK|vOYE!pEo^Tr5dS+Mt71C#}4rnO$dBn}?Uy#szP)Wz2nqdb{lpo@C0YWXcj
z4OOeb(#fP?VmUINUBab>JiiWzdFX7-s`A>=8Ic8~1)HOtc^f@fTKCKe7+}C9>N&yf
zXaT*!d@Rybql;-nf*K`WWtdI~=JAefBe)W{EruX=!uClFP(|P}P#+BPmf~>ZPCP6Y
z($TlEA!wH=)&7#65GuiyRBU8p&#}nUJmD3!lZonw7&`P?yrB)^1&8HZ#7kk$XAxM^
zpygvHHV?$sU%$;m6W<y*(O5|ji+K#jka3AQD;X1_hlUdg1AFO)8=mVU_eSi!n}g?m
z;}fF1+N9RX&kxRgEQxq3=WKPAWm`k2LNi9Mn6YP+p~SSPgQ~6N3bEJJ3J_%00&E&!
zhR=^=+NCs|!Jh!!Lox&3ZX|(Blz9UDOqB;lcNEv()K&<RLZh)Z94OOkF6Ud5G@-SF
z$3@~C1mwP}VL@6^?REpM6hZwa;<1}%m>V<j8xIb$mrwkqwaiqL%rvysUQOaX(2hMz
zI>JQ}ep@4ZZvDcMJ8-cS3M>rZOBsSMWiE-_xVk~zE!OuCQ{%vh{&GePF`5PJ!XyVa
zHu(@$S1w8d>PQVUw-^T>47C_kUW-LR#WuTi+tY+}_NsQ*u1t%&9#HF5u2+m;j9Gx#
z!b~LU;K3kuxIQznuX=AW4c|<ncT?HBS=f5?E=|y9$-&!AQd<NOYu`c-f$A#@2KJLX
zW_`ZrhF1y4O*@PkI!_4|)EMH)#wKR%ElOg(8j<!~Eova_HlunxNf?OIehNkjaa4xB
zq}xOCeC3cp{lsj?23}HCw{_Z-<4{-bQMTWEg-^r)IY7q0!o{@b2}{Ma1>ICd`(Puz
zU0|@*N4^jU?^1iQcslM1YK@*w*2@}-HQ<4MLM_CXjl4)#ia{~qvlI5l*3Bh7`-JjD
z8?aX?C!Q*Fyi$MHMBqO5fX--Oa)m`+LBG{WYYwlim&v-u5@wNDuy}<bqG_m4ih&!d
z>fSw;r$=UbiA11+@2c=95qm@ZvBD6UxvOQRy(fe)j#frcZ#=!(iQgdkCM8#Tgbpe^
zK@4uldEveT*|MY9cw(CGbs#s@)-LSUin#ew@k_xK1QG=GeGO-A6oejPZ%gySq9?b~
z%lApFmOiSiynRA$_IidBU9l{S<PqXKDv}r$2~X1zZhJ9J$9ZG`_e%PR_~A~Ry^+^>
zjDwF)y4AMNFG4sP0y|a1?g$pVPIIHQ*0|d2NT&pb<k(j&gJ%px2oGpp*T{|Nr!)TL
zj8H0g7Gd{{C$m_J?W{SW>0i>g9i>2Q3{$~Lh$?l*gWw}Q&~zP(34h^b=eA2#az*l-
zFK*vi8fD2WVb?43r)N*m9~d!>ym;1X-EvRUMCbx-3Mu(1+tUJ9!-u@p^X_r0!9o?N
z&Re&j>?L{%ev&A(T^HBI#B@82ONRXX$w7lY0yJLR-7SUFlJx1w+_3HB;IXJTb2GJp
z^C&or`_=0je2kkMX!hO}zC@{fT&xEp;n*?FVu|#cQOHaerJlJ#6Yn(CM3=q3l%W87
z(P-q+H2cypD`75sUzyGs_LQ22Jwh{jV&b;1>0va=xLTT?wAD!`ozNqdVMN~?yU?l!
zkK?5I*&A8DEC$ow(kySp?nx~pBP2}3130y@k=%#tx|7A?)w96V;``=3^=Wpg$r^@y
zr)3n}@VtEI0qGiScWm1zC<ySy!^}!Y9m$mKxU}BeAESmX_yo<5gxn<!<s}>P!bFGU
zp<!xf#nXdg<t(s$lz9|AJn>MJ&Hy@*F{+bxkocYNVlh)s;Ry*5NeJW9rFBTV$_ofV
zaAnIoyNAQgoe2V4m;qThm<^{^af}F{$z?jy#l=2^!jo<f-p;d*3q(*}9y*YRY`o$3
zF0?Qq0eog4kIR*xoEK?bo5t(+yfsgp-koLCUW$#;(qR>a)8rFPuQ%YsjqyZobg!O_
zdc9;s=Hf7X$p&?b1Dzl%1k9%1^CivGFKL_>gO-8cOb^ob35CYMIoR&}`Fa9T41+qr
zWdyJ0@JTMe07$re=4LRN8wPJt)x+I5(FwDFAB}b4KpKFqu;R=Ej_1~lsE=%L-hzqr
zEI__ysFLfeS;>L4WmSP(>v}d#2g@g*Q_059cDLi4UiNt0+uSp?+<Gz3&mCY=*aGe;
z<!kiU71c}tY`d=YwuzRCjvFZUlvBu{2}xvLJbfOVyUOO~&QIIKml5y?LVN7+-I}g&
zxAeGlpug3{#C%EU&mzKdFD8}WI3OJZUDdg-4&+AQHY>|LM87>a)v@+nV<8_UTHM&f
z)YuoDwh0R?RiYja!z!^uaL}tR@RT5fcWk8N{ptt~GBjxehg_2NDxN+&GwfJ>10|NZ
z`{d=F8cArgDs;Vgjv0WU0KM@rtXmV5F!Gssc@&)H0=$xo+B5Aw9T6-SS};vDPvbRN
z245T=Eer*AzauO?E$atPAQ!JDCb4xAXT!iA7$ekJF3}zF5?9^iI>+6TsutG#lmYLH
zfqQ2f-hAP2xPo@cONz^D!uz4+UKitv&WJodiAinedP68~L%YUs!U=7cqm=q8JkQwZ
zS*f3SzUWGp&~r?p_tfUGh^c!$;*$5IFH>#J(;=jT#=wD+GEI?Ub~P$+(4?jz*(Jq0
zu*>%zX;J&&I6ac)tmT9=<!iu<gEW3?hhV+Wd79{r<rq6=dzMv^J$lw-Pxi|i<}YhZ
z)ZcW8C^EDV3BM}cfbb$r!u?B|qkynQm=*1poW#bu%WJ6u1_Fb=42NCb23WG<aiuKD
z%K-UqsH1t<SF9=)S+ffF!Uw8apGlLd3AY{gDXG&zYwBnrE-mCHqr5jg?Sc;@A75eE
zh#u#YdF9k^9`bfdEIcz_=NGu{tV2%+x&_x#B#=N_8|`@+>ndtdI;j~1!aKo%?0YC$
z$<#%pwQqxuDBi}xRb$kg7@EGfXeGg%KmyV&uK*v(;FyI9g=}hR2`o}Dn%Wt;R~)Z)
z-#bxD+<b%fENXD3pBTKjdZH677NY5k9Qz<sASn4<rgjPZrII2X@C|uNqC23!r%H(A
zw$W4TMT#3w#Pa#+HVwY(nUa|Rk%$u3AhCN#>kmmLSMI_3njnt|F(ToFx_}Q}iL~E)
zArF$D)l@BTGnE!msH*8>fD?|l4?D9!G1apB7(=)z6VfgL+>*=56Z5K-Dj_y7UncV<
zr?CpTQ`z0~jz$ft^LLe*X!mG#bw~vL5{!`by~mextpfrJT^O=#h60_4;akgtv7L*B
zj}YKFy*l9Wi(yx-e1NYb+3uj^U1}Sg*bu?EuGg($Dn8+Z2x0+Xb}N;&W?2Z(2diiA
zrbUbPR_n1w&BLMhoO?L^K^p1^v}NE7M6#sCv5mc|M}u6oE`23hmDy|)_EPU%T+`bb
zGtP%4?_J+dH%b#XY6)R;hp+{9mM?9DzO(^d-dh%UvWk~^Om4;FgNM`^w(^%Zb-cUs
zD!22+k~^D2;sIC*Xsl(xVO9;&o>`kE!}Cs2g&3iV+C_Zwbo{n$NckuP!RT`8XkJ1Q
zYQT=Lc?v@VO~9+CCgv6t+002btrAwWM<H5I8S0tgPNBz!U#(wp&$PEP=Cpwg+a^sd
znxbYxc5$AMVVIJNSxT0qVV)7aM|K<9%trN&@G6OkQIk|_Twm>z@DZB{gd~;sWYE$|
z@FZsI;utuxHlKCQd*w&)DEUUN^^h2tuZ}X7jR|kGk=^IqDwz5JFRtzIojGw^Lu8(g
zy*S?IruF;@>$W=0X6osCs}B%RS!<9*yNS{&TL1%ueOI*Q3J}F1YPE2zPuM+4Rbe3=
zrqg3jMKbiQ1HM%3C7Yy2`~dw8V@F3`Xd|z)=FB~HHm4=9Ky`u>Ti{mMh<FSa`e0o^
zI{a8|DUs;*2I1kTna6oRZRl7jg_HLr%Dd>ssPoc+0z<uccxZq;k<FzO{$?0=?y~yc
z(|BhhK3N)Ys?qYAFnN5|svl*icC!#kQintC(F03^un3v3T~Gj!u22!AZkKMyG?{mF
z5GLqvqIW4?wMK%rhw9@{dKwFOYy#n}G-8}Enqnz8SpYmU-fu#4FS}mUTV51;%vSBU
zFRa*oJY`as!#sC9EC-UV+*`KKwL2}<_<4nU1K(@pG~qPfc>{0Qyf^m7gc{`Gmp2Mu
z-YhA`3y%R6^;>mc6Jf|rP-B}o7yL_{)UbQ%t_0p!Bhs%Mo5A{BnCC+=Uam+BFw|AR
z)?LVICd`x-b}zA|c%9>U44~4e$Y2B0b6tZ*cWVHpFt(TE(QG32-laTwDpLXAw7XD_
z#7z6ts)t$dQ0RJu)oqq@3C^w+uIo(?He>9ZF$r!vv*A2h-sHFH93cppo!QeczI}2p
zoWTV|tPN_B&5{n)yEg1LT{h8Of|F}X{O!dIwUj!U@!HzLFOg{U`T`Z6#cM-cnpAO(
z+Ly$`jt!5})wpq?CooCv0d<3O$!q7lH;^_@ph_v}UImaX9?5IsVaI%&<>Q6QX<m>D
z9n$z%xSDg_T9y|9%Lcf$-vO*vb8%G=-HUch&T)PQyhw7=*EgQHz8*{udd8;4Y8Wy)
zD{D(CH@Z2dR5UwaYnStCpNAEkr7}oVy@$!B7XBFC+|v#WlgQD!d=^0<!2@R|mGlBq
zi27Yx!DBZ^6xkVyT6rE=jK{pF)zTEu*!OVzy;WUt&zUh;i!0LIC7hdM$k)Q-i#--c
z&R$H<&&uI>;5MMr%L!U}^EQbvY>uKzML0LTkA`BKOYL1IB($=c+^gvYBlq2bH{sAv
zmj^*TW@Lrr9?zK<u4#|k`DGJL;uPM5ym#VaHu&@w6;s{sT}59pO+f5bIJn$ijSne@
zr?Yi%yaif$$`sIb%OVDqFRB+AWk#y|Qyl*iXMEak_G)@#n3ucq)|}ZY_m%Kd1j@h6
znKV@Zf}y<w3z2?C+~-nQA@7m--Ox6O5S6E!P6f4HMEJo0MG=aQKA3v}_0CW7Vfq?Z
z@EfhCiyc<Y2NDcE%OR|kzVPBCVC1^`g-WWvd$0CAx>(V=XA=l6!qag*o3v(_vP3(p
zm?Lb8@<L;9`y{Inyejkb(HmPaC^EKf;C`|;E1Q%J4-}X>x9@oYD1<XB3;@i`o6hR#
z?DogVE4oX~d^$RP>?XU@&AVfYrL>suxrTul?jqSZi#~XKSQ&39ogYGowmdr6W=5_8
z%)zLgBxplM5;WZ=pp5g2KzkAvOfO~*p6O)?rl7*Xwe+B_mCY3dzaAk5WdyFl?hVVw
z1Wzv6@OhKX#1+7)kTb+0)Ha|Byh2mARy|4pFe)XMZBUf(Nin#m6}NuBy1w=6dYza)
zf$ug8J)k{z*2q?0E4Y+2hOSf9xlw?&BQtFO2$do-Bo{?(L&P?qP~Jz6vLCPYaE_da
zddEH}#}|wZ#H!_JT`2TM4Q<7Xx4U|bGw7{@j#J(fdLc(7qzjsc;!=j9v2OhaGjF|r
zxgcO*>Y`=bAVgax<?SJgw4*x8K=+hK${1p*2F4GHA6>skiwa||8H|!Z3Ud?4PNn{G
z8&;`cFxf!`fN{%u`ffTDFzd;iz_3mf1%86pL|P-p{Ytg4mB`BaRLtf8g@BMV6bBgI
zmpP_i=7@pIjV&^vW+Bk{Lo4Wd&(mB-t{;uxU+SE@C7_2(D`&kCg{UPYTzh9(2E!Rp
z$EFG^Ps(VnA#sji8~Pc!Qq>H$@sw%84pLRaBl4Fimx_}22o@XVp=_ez77?Sf1`fV?
zzV~9bE=eioe$20NbBrQ6P5IOfboPV7C-1=wABi%Ty;~>KR(&Lu;@*bl^I~&e`;^p`
zrrd**0Ca5U)^cwqOwL)M(z!AoJRGMj0=+s{^9f<5DW@Rx*nAxG-jnv^5?lA?3oN7_
z$ajU{56quyWVd@|@XH>3*)x}}k8j7{3niuZ6nU@r#VE|sc;RWan?*F2ZB^MYSc?*_
zXcw)|3!w!Y5d~pBM<}Z5-+!ks!5(Im8mRSPdvge0QI4`IgioS%2wS!ILuJjjS2dt3
zp}Es7=D-EG<!C#3F|7NH`~cpNYlW!tLwkyQP?FOC(}kx`okCP}j*_uM;HlLNNu^Iw
zX<6<TqT&sB4A4HQ3Upt~Kt`ELG`avK<p8PmUEG+IJbCr9?~0k9q1ZH;4C$lCKn>Pr
zU@&aa?U7fBjzDo0c5%=#hsCvUPympGzR#h{IT^BMESA*7eD_)OD>Y7%e6Rt;00nia
zsnKOwp{i((YkeT8M<n+EL8T-b-fJ1Rms0y4Sm{a_xI{?EWyw$mwgO(8Y}n+HRj|Ce
z4FQTBDLbl=e)7y#P~I%vMqWExI=TA>Ypl=o@!FR<&R^;z2m{Z_REcTWQlnl{%wD!<
zJy94%(o6Wu9hzD!y=Q*dqM2QCk%o!1^#nDTj)tX&m3(P*Dl@s0oJJWOw1ceU)tlDA
z4jm!CrmN||F|$`wO<J_V6rj&N4xC9DhPNO!j@m#H@rHq&4>f_<!OX+j;YEu{V`5u%
zCqxKs6$i4Ic4W+xBH-7SlC!uSRywRb%H}A+h|1ODgJ>(w9#oo=f+7W~)v1_4@zy|g
z24HrSfevY4^14sKU*Hj|82Lk>ez1mSR#tH@4m2vDm{Zqz+*Dz(`a;~2WJ}^4x$n}u
zdTng8pA^};ft|`pnO~vSTBA9Vi<Nh2GF#;}_MF8#f2Bj=#P#}#Y!3nJ!#!LyEqSTs
zbd&dnh+Xj7s^PT!r4GmdKe~D>YRO(JKPZfb0IA_9^buFGl=1V!XA;SYc@(dSxuqWI
zXsZu-O1|qo%q8jFem<@`#x_b_QF7k(ynqb_G3bu@Zn2(}4ETmT=7p#+4DM_mRU_)y
zr*f~Mtk`cMiQ+Ar7q7OjmUX;i)Mr(2gL2cvtISVAF0-{C)B5aL9N^r9t`et*a6xW7
z34A8ympZnSgkqk8xv-@%VY8OkczkJLmpX_eO{y=wAXJ6*nE?P0$CM;JdauskJZ(#q
zdFyKLgr*ym42oF6btMOsou0P(UL9~g#EgW1HcCwkMBS?7%D%N@Ezt)@))7Zy`C9aq
zE601~*H4Y|bJ_{|bZ5H?$Ry7Az0vCe4Sj74iaq{H>fNOtzSh6wkzkTrDU#S6TVQ%5
z{90v8vId%`^kU&PItTf>nS)fUZKLRTV-4(*Enmh%e^iX-I61Fv=+&k=wlN77ZVP4r
zm_5;XEuEBP7B#EKQmZ*laH}&=%^vkem)~sjo$h-{+)7NC1m(t1iHomBnQdvbdndaz
zD4EsU!_QIX+{^PV5JUAS50Tk8iz-tWQk*N<R?2h8cogv{%z$uil##=W;e1S{B>Cc$
zc4%+?;Z_E1DnNAz3e{V>NpgE9>;R3@M53k+5tWjiV-ogQ-djH|X`?8n>+HTw7;P(=
z&GD4Pfk701I{Mgj>vg~*xp&v>9m=Os6k>~n69UK}+b2CIZB7Olb(}$rR=CW~%;ROq
zyDlhPIm${8O;Gx<)FE@abKbqu7y~x}f=e?<ILpvjE>xrGH0Yl4F(gV`&o%3`1;-fe
zT>~A%1A8=sxhDwPDmmV&H&3AP9SsmY8!E2Ielsbw&kS#c?KNAQ)j7`u>^(=|aj~Cy
zr)9ZX6lCBB6>1sbspF^06piiJD-F;2xmhl^=po<oNfNhTJTU6D*q5)CAtr#_vFuIM
z%*%xKope7C#0}qyS7dl6N6ZzXg_GWve$VV)w8MKMhhs1zX3}<*q21vP6cNd`dlS4u
zj(B+w8X~~Ft+55n2*hqxHiWN^yql4`Mw+&ea$OSwX`Uk`aL&z#JOuD5Pu_G8zj?z6
zp(377p_{CIT<M_J-ju9+rpRCRuq#r%<Yx@TbppW<SFMG#z;Sc}Dhb^Wn`3uI>~1g)
z8}pR(<*dEprpPo~X^?8j9EJ{H1Wk<e8<8pY$TkaL(a0Vcr9-c5@+3Ek*wfA)sK;aq
zS-Fx=l2+|p)`jOpTI$vxGI%3zQbE3kyE%&SirX}{opRARmB4!4rt^-g%?$SW^(nk#
z7U?JfjI!~hju(%iwuRVM!uoojYqEIFaHRm)z^itudkDqpJ&!z<mM(Gqa)qBgZ3KO<
zUK<o)g|}(s9GIx}I~|V%&{{6aAyj^~4KRz_an@;__TKhX?`!d5L5!7?c+=C;AvIv&
z)F%@aiJ6G<U?0%pwT}*6zk*ADocoG4yqMhOwI^1PYHnFMKNWs;m#4vMW4pa<M^kM9
z*GGFx7D)Kmsg&`#k9Y~NnDGNQ-$P-S<!8x>N4M1z!42-@Z-P1?Ogc>8!vVofYT9(S
zB$$&9SiUyPcm@v?g>I-*TN&YMgrY7wiHh6rhM9Ty@aZ0uBAG5z!2lB<snbzlTN-e7
zhSn3wo#c5=jao0qEvmKD9m6P?;Hlyf?pt@PIwqCYGUSIP(-f!33jt&FD#5krfnWiY
ztz)haJ(On5fJFl7^~9Dm=5s0&r-X=6yp~HX+DP&sSb<lM()rjQ65!-f<)(LqFFZcW
z(x)P;1|hVY#`|V!2XHf{GvqyV{<O!x?6GQRS3AAfxaqeDteyK(sLgiR#T9l*VILI!
zsgIce$>QQdV!O&xiIo+<9kn|Enj@QqRLVv(Jr7=-nxY^CioDfdAt<~@MzA6&bvX=e
z)e{}I$SOiO9Zc1hhZu;bUn-<RI>yeC8<0Y7$`cL0C>ej{1b|Q2Rt%hNFOEfDJjCY~
zSj;&TPG|sd@FFALy926-EY%dlp^-%uu<4B56D|ydCEa_9?j}g1tX(<A7cpDlbe0o_
zOB=h-^32MiC{5oi*aQ;AdP%}Y9T5~X%5=OSc{Rt<d7O?$d6O~_T5J}N6;=2#4!A_r
z<t~RljgirPCQ28X{UVa_-FeW(G}tQfOl4skUBb~|X81NURbkbcLV)oq?w}6IQ*(`!
z6W;eqXm$k%Dzca7RuE+eI8u9+h)fl0W@qZmvT;}txyv3;bXM!*0KXH4rfgK|$}AP>
zdV<fp<{bOvp>L3&Zbx$;$RZ0{=L|Z;GZ7Y7!iIo%t65EvgU0A~Ffv*XxpO7?LR<l9
zUT9TojAN<>*%Qh*t{`3P+)zq;3@C1Q)jDx``DDAX)O=t-;4GlV`?z%T^()oaV|J|o
z+$8qMN%TkwWRr2vlIeAu*gDo&HG_xyWU;J|J}T9i&S7zxK7H)%Ekn~Pn4FCcdM`z$
zRxVd!1ePj}<U9yq#=SCIqLDYj!ZEl4lu?<ANgi6wM!XzkH3HyAg<D6D83xWgHYNRi
zPClq#`dqfq6O)YCW+#iZWQh&G3&226Hi5^FY_CL|-(UVbodg58!Iw&j<Rk5N8m=#6
z*XLSgW%0tALsCt4oaA-R@>vYa#6E7no;Q+b3Xl2Hw8$_6HRZ*y+Qn^>&OulBbOJ*t
zP#}yQg^zAL1=w6=wjSD9PE#QT<SX&4;bhOM=aZ7%`8W<4y6Od{8p!gZymm{6j<<o-
zfmG39T^@yitJMQ#FZw(Ny@V+7u3WtQSt~zcm~KB8c>*q>JC#6A&bDd9B}3Ay2Hf-J
z-X6mWBMh_}>xJD5m|uo9R-3U4Anv+j@3meOO{TKWfL-qk&ro>PL@$#l57aas4&RIn
zHE8S6@jM)M;WJw1P2|`?qdFAo8Sr^8Pu$JRm(+Wi*NOEh<S>HiHE-0!u|l8Z5O0DU
z@1tGH<H8dycYG3Y^kydQY63%&p+)_L`(Qd>U5DU2#h0ab&hv~iIbn-R{qCZk<zUvi
z8%YXVtl5g(BdGB@jig26Gn7IYzvJ~zqobwB62OZz?%|ocj1Z#1W^ctPRE_Ktk&_i7
zoX2hTv_)H9zs;BZfEvTb*q$U_QAobXeLil-g6G<gtkfDcaj;gPS>C-)>8NTs^RZ?<
zxmqmdeyS*u=N5J~6s-j$9$c!V`W}I~D-8Hcakp2#GfVaWiqY)2Fb(!d#1!E$if(+4
zHRw{<6VMZoPox6IZ0CuETf%!gzWx?0Wn`YRE0POuA@GAQe~7>Qf%BsA>zf$$zH7AZ
zD?~Ghk~gHRl<ywvm9<5=?4R$iA(l6QCH1Zju9{cRhK@Xt_h#*Zn~D0p$>=1}ek3Fc
z({Yg<oK5huD4$d0BcRpec`idJ<@`pugz9yZ7verQCHCTO4H`b18P<M!WfWw=ZZiJl
zO|bCux`Su-Y~KdHccmiHr?Q3=6|T(4n7HBwMP!0tdYl)Dd{i(Pe#d51fyXD0qNFY!
z>FtY=+KkfS9*o*uPc6U2zPI_7MB5fqGo+>BJ<awW%F}t$W?CZpL|?Z=fMy+LUm94h
z;pz&Frde0UhC=nyyhdD0&7o&*eELu)oCvH(dN#9O%jS~jTY1V#>VYC+gy#tAr|<v^
zr=r`(ZviHPV~--7>{ag^AZ0jlNig}tyx|}Ua3wx&nm2@g!wf2P5+_g3>%DFF?zb`J
z$%1do-JwE`!cCivE&corc(_GTJb~%b&SDNr-$KqyXXi%`p$Xp@zX<i=VCu<7C989!
zLvc*i6Mk#01_TcL90n$qGal|mCZe4iwKe1&tsEi?=9#>H{*ZYURuxC55HHPFm~N<J
zj^j-#c+cjj#zHP<kEt>Dr8>AX!6k9>D_v?d&_tMG_3^aQMekK_-aPEWim~9lU@;16
ziim0S_e>t<bV@A}Ni8}_J!G=IM6RV0fCe;v?{&=+c?*(*%S-0s)u~5yl%blwnF>h9
z+lTj_+r51ZF)v(?mg;PVUihPqt1p4x_gCl8*Ka-KP7-R_i5Wo9$B~iFO)dq5a7ou?
zvjZCV@68wMm>1Oqs&b#3gz-?{6y%aEz~#>Ndj>6C{*Yp8LALpMLITkv1?=~7lpZRT
zSE0hm_(^+ERkDH(#<Rrb3os`F>9d_Zu!f!Noe4R1MX`idUU=~40Z{bbQx8Ufwa|F?
z)`BIpHzKF<Xy0&gPRj7BuqU%z#6qwc?ZDXCo1U!_8Zqbe+G-=$X@shaf|FmGU>cq-
zRJ^E*gI|&#kR}CzcquvBb!_2_8PI2Cdui`6yEvHVj^4&gJ)*@$uAp`6eqGXhV`#wm
znuB9yKxc;eHXxg~Hka|GRc7H0RYc_-GcAg2@D|6I?9EIxRFyVvYqoMIvb2eq``nhP
zb^?jcMXPvOwJJFHxyi;pueTH?{DwN<QL!*8Ui7X*LE6P}zzZWEIwWM;Bx*MB2UaTa
z`Udvoo+mEFEk6)Xdr}EBywiZtK*yydndgt-L2#@iDHq|(^hB*Ign81EPorGB>Uej3
zP9y386$m|)EDotCa@%l!1=33Piu=)Z;-Kr$96O%y6PbK@Z*8+U8X45Zy5b~Yt+0Gk
z$`V?p%5Ka&`AQ6Gsmq=mVW&jodBBs<bvS<(C1|4wXJ;cwk~aKIY68$?uTLK8;cG7l
z!l-rzp|TsQ#t~7`n~FXR^awMw)}>6iDOP#VWQa`q7SL{G0#V-0BoWT&JLD$W$1fJ-
zWM=ARhw7I>44+fbOLTQFgl^b5e>n%~?BE%O{`@tAL2L6-2!v}yHuYZ$)tlzWl|$zH
zBV6Yy8yU5Z?dqAbWb10#^4wS~E6DDn3JcjmSAW+fdV#P+&w%fc01i+#uV@z(9XB=$
zE77WDoU4hFMj9VSU<YU#ju*k{_Gnd;-5SbH*7RZXVm{;gWo}G2HCr44xLOqudi)7>
z-cy-$fZ$_AFzCB{oUU^QQf}R3HVzotuB||ibbViDFV@-tK5Yp1%S24N3(O5hi`eGb
z(2Ya2WpHmNs>*KGxqM`EMhG4CFyrij=9)YdO4o~p?Sgl+WsK54Om!5m(~jr0neOV<
zY5=+d1zopxd0eri`YEdHQ+JtRP{ZA4ME)eOI-sdIg^8RBU+o%hRq`TP*qp>In{p&s
z9->ahF)kdGRw$j3!d%jcMuyd~F-Y<@r?NhE*cb4+tzReIi;bsxy`2sZCq0(g>e;<=
zFpZlA=AgjK!z#b%?VZ<X0!ou>{!UPziQ@)71a1SS>PNnKB!-<SVzef^?<C<wq69GT
z-gY(KHN2>KQyFjuV41U{0e4Tv$N2^_hRKT15R49Y1k*Po(-Ty0Ps=?}NM#&4$=_xn
zh?Z6-#2baWCHH+5K(UhfLOSm43w*;xR5?ioNlthEI`nPW;hFHu3@SOs2z$S)gqIeB
zFQ^%I#Yp8Q&m_z`4mP~0cV_IYg^H0Vc?FFeI)rU5;;tTO(9VmXxWsRT{7WI{E5RSD
zr!CoCGC*{G<dYDEK#zv$5#05osqKFLq$vJ$=q&l}w5{ZMyt>K|5DA{UduRzk=KWHF
z2+QYcDsRAd>DhIY(RN{*8Wm&tY}*J|xEFV)N*{$Sj_{;PqUjUJW{+Td5{tNxv)=Nk
zF>el<$y`8<)Pf<^2=B2@lZChmS(vioX!*rJ!!2?lJR=d<KI3{_51REI2?S)FO*zk_
z6I{<-qwwZXu;qC(78Q?u-#c3Iw1F{w!3~9Np-g?$56n8jl#c@M*wcHAUWYs~O{eI_
zwX*Qq&iB>}uAzpRh&#)p@;zRm(cqW3oo&?ls-2`pahf}KF_9MJ?L9;k7M<kB#+K=$
zv$vxA<W_BDP0<}k9dmqdUXHW|Ke#io;LA-Bc{hQ{+h_J**9jyu6Q&|^XQ_oGP(uYd
zchJttg9%7;QAbVOGx)6xzB;x;IZPHm&>ertu8hGrSsW<AGeE75AyCeS-nj>>=yvql
z<CZlUMw%#>!V+Y?6kn0@5b%3kD?yYxJ9koHZff*iws?@V8XX@Ol-VOqDe~8abA(ni
zH&=(Wd|S!1^cr1F7OoCRV`=0i5Eql{Wq`Ugjj!6iRH%h9FzT1%wQ-!!<Eru&1N%Vt
zE<{1nqhG6fWtOQ}1{}T8vOp#rLN+yf+NEf9$d0`T&(v4a^F8M<-%LNz)T1?u(FYdx
zb})(zh|SejToH{}%?XppjaEp-D(P<K6oi1}%OTM(hvMkEtpjEuV6@zNY{SqSH?@lp
z(XVM_HZE*sO0#jJ5&nFaZ8CJKDy7AcyyQ1U&LU4B{QP(<a9Q>gq1Y~9;K(1uHn7!U
zi^^F9$=gTyTApufjx#anL>-cKi{@4{Q*rrK$)vPNEY?C3AhA{`JmLhmdifyU9$3$@
zOrSI+7u*?)a-$+PS}R3uxKKBP=Pe;!KX{Fy$3zJ(X{64LzzR#jR|>sxG_sTuv3$7i
zvRsYf6nANQ@@%nvyqdy~p(0+_K>AMA!j>CKX^Ic^_7Gm{vjSR>$}!njz6VV;g<|A>
zrthFIfYkxD(KUkw9*NN!hR`FK2Sd}dl!1a8EjZB3uFPXD*(zRefRE~Rhq`k!&TLMU
z7?a#I;2TiWu!ft}q?w0#`>?w&#-&&v$!PD4Lm6xv8kvtl^J6wKa1YQFv!*S0aGpbj
zo|qUqORDUFA__y~XFwrZWWc(kZ&RyW-&t7CB4Pp+M(T0Yv~3o_0z*8n2(yvLH3K*p
zg<_8Mq=_SmxBZbBq^S^`G_0Itx312a*v(qZT8=kAAQzN!QsjY22WNm5<CP4jfxckH
z8j>v)LQqDbX{&n_A|Yjo$_RjT1(<uhquWQ+1aZB9=<Z8V-tU~dD2^!?wz0W&xPcVo
z0xC1l2%{E`kizI~4!*aYwlD&0KKocN06Z#pWN?5*-zo3QH?l+??qfLl=3FK~JMub=
zI`tv5Q>9XiSg-YZxbBxk%3l)A`eD7x<T7B`VbRyGd?lRZq4~Nk56qb?-_g<Rj3m?o
z>t7bJN75ub*PJ*vbniW`rXoVuGcFXxu^7+U@NL2XfL9R~GI@K8E=cyfk@vPEy8)S|
zGT$9eum<siQ)?<5he-ESe`Rk0sz%M{8Tn@TG^PpOh`%V`%faI=7Jy*H@{0;)%C@i)
zS#+|3(i=)H+&D15;Wr`jUPMI-t%+JsFDIF@Il(ylJJhFuz-ifjPl9{Q^#n6^(1`g}
zXLBqb*Q4bPlzd%d+32?#xLi^9<Q@*LUozn4GZx>f!Y*yzh}MFKt*zlWAxyN58F{kC
z4TOFSFH32Jmpl_u??QWFbRA5Yz*(pJLOL@0vR<+)U%Zleu8}r5DOKkf#)zScszt{q
zv=0St9jHT_EpIgAl+Q%?_Ki?k)MSr#2m^Mc`5{X1V_UN`vh0xseAwsV&G&SwKy4Rf
z`FZJO8jP12!B()5GXt^}N{CsP^mX4x#`Yrw$6<;)_vWkxYO75ugi>4~bdQzpreK3<
zRD8r9SNtHTv}3PB(7LCgz=<<N0LQqPMM0I25s?qJv@M}nqdRM!xUlx&+_TwK+ZU|a
zV~_%z=9Yb~1xDfV+?@tWZC7nH(mQLQ{0R!_d(|mv+O#?q;x|buCaM~P2$E{<asC=G
z&|i2Bh3+_DLdn6k=iZDEh{ek(m-Nw1l)frWCzQ9V(Fjc))b+drdSUJDuRuZ+!4P`j
z!(SE|eOaV*D7^iG2dYhMfTb<Gz1$LDK}81GF>Pq#N_^twPOE82{y7<mdC|N=E{uL0
z)BB)v6sekStk*{m9$y{LBVS7~*qpt0p~R&^f)_#fXh>F`z8aN>L?a{yK<A*-8*iXc
z0^=_Bs2{vG_6c(m_YT-s^mGJEqi{3v0j9w#FWtP-CIDj@DeweKjZy-xeN#{S6v<Z3
zU&KlPKJ<%&M(@2Kz^-}th{vs0AEdINXBseNy`@&Z7xXau&05vEM9)i}0E8$Ck*hVy
z=f~1q&e*oNkB(?dV=C-4lZR!HwgnyX&Rk!k-C~!`-Fr64dUjGUwdeSXVMgu3rNg{p
zyIa&{LE=PK;FZ({v1ugYExNr;2F<o0rn}K$d5_0h@P-FRHj{kux$mpq;!%496Gm@9
zVecHpRK@KYvGJ+Nbj!O3o2UxY-URPazB`bmHOO|tg&q>XM=3Ggd<<FDZvHgjvb@GL
zULAt2pSPus1czMN1AGCF(QfTp6U<ELGV8_N=A0TZ#+3Zx?B&`z3FRAUSZ-j1+ra3t
zly@#CM2*k$jS5dxu!X+rqj<IbhU86U`OS-D&&P0{Hzpk>7<I=2Dgw2B*x1&Or9E~s
zJw*@6^Jvo7H8D~-xca@xVWicWS;x2UJs;HOemo3KtBakAm)jMOhj*X~5@TML`{tvw
zC9^sg!c2Q_j2K?9y_YZX#*`lGbFoEz@8Gi6tNih^>3-nLrxrMF0V#av3wr*gk;9ip
zMbo!&hp|-jdTo-D32ffVwzVQsdJ^S!s7bo(GhgJDy2|1G%cHCve`jRxUR&Br0}z!%
z&Fv~!cthqAoD`Ssub!(%E=L+MVwYa0j6U5;Z&B!m=fyVZ#!OLbEs#MdB@lkWh_J`|
z{M^T<u-V_dO*Zo5S0od>&>mF+t=g9)sdRPnbZg)E+8PSQw!HU}oZc)`3mgz5cSK(+
z7OoYysX4i^6Kb6nvWhn%w@_KiYoUDSRZoEZ@hgm$!nj1dJ{fb<I5ecy^DC)`4QTV0
z9t0Myqq7O^fNEqtUk{i!<_>9CP(;W9&(|>zxVhW9E1lhdEWrEd1oqyj=tIV-it_LQ
zEhBlwAhwYj1EfiIGRIzZbh}gvj~Irzg5}+@OA#SCIVkp)aL+Va`z${gT329c3n+T+
z%n_|sz$jRoEY_ar(+3cIq4895@kroNE(mc`LX^fC*1SE|bvMkMSK=L1&85LLGHmJT
z(CL#~sp7mcQaoCshVArL&wRYpQjLY4)~U&oCtA~aXBU?Yszu<CIldMF2*H#!2iGmP
zMju#G*GCGcfe{`jTj;RKKCAgmpkk@<%z+*(fWZ>#JbUvNcHU&dsd~C2OqxXBAqVfP
zL93^+X*g@I57xF`APLH{urSw}qxlr$#Z_~yy}`})1{4l0aDVZbC-fZ{tmNL*QPhBF
znKf0oljgp#?F9pzPS0c^mLnZQpE%YIxW_rZXAnl&tpIhhoAK$9e|f}qqG8$I4;iAt
z)t&6IrQ*vcO2F9qULPKwtE;4#E|5Rjp(YOcQ=}O7p4kA1cjqu|&RV&B+%|e{YVb0d
zfonnFvDDen#ofDjz4&OKZ*2l*X<%i?dGPCcFLTY^Hq75bB5oxOzDPxx^Hkd9tXQ$?
z#j{I{e)Uc>-AmXGY9t$$=vfIevY@?OpWV_^(9T0)={RN@=XnYam4a*%`x*x4se8Wh
zvL>H#2F{d)$ZW`ajch?<&W}wAH99k%EalE4<-~>rkbV;NO1w%gDpFUrSJ3rhnzTbG
zDZEUZ1D_9ph1YdCzX9zd$ixu_M64cx)_F14^!6-0(>I=wYCyY!E4@UBLJ@9fIFwa`
zY3}#-)i|0nx%ImZzw24eJ(-jSc)kw@5&OM&>^Z8Bw~MV=2;b4mh8A<{3RRg`54S1d
zE?UBppV1ukJ|5<muH_JD6u{BEE55vgwjBcRDcFk+)xvrSAoQ$NJ(a{)tuIRIDPjg@
ziCK)2Q%;w0h?fmZgF42VZvYp!h}AYfG~l}yeaG+!S2?YlMG3K_!?Cr)jWw<p0n-so
zXR?-v!8bV8mBmzi!A|j{R_j{5LjCR*nCphjYXZ?BL6YHC<wz&MhCmpx++p4p2a5__
zLnD%qENHWZG~jWm)w-)o@G4qOnj))=)ovBFC}*i&U6{^uAv}NOb1q5nFzlc-H`(62
zz89>^({A=6865$0Phc?li4?A{ERH_Mz!^tLVU{nELcc^3q|~9HRogDQW!Jh5QiYJ0
zChUC2%}3iw1$nU3GyGn(7VYv1|7j9q55GL(S8E62kWmbpDPe0A;zPVFCzQ0964mmg
z32d*cW4u&S)H*>XS%Afx?nb=RJ6{1RT9(dXB=>Ws;7l|gBkzhgI!@L2WIO2axxw^^
z=oB+yW2@+Mc)KfGQ+>$wax8X=7nH)F^6ISvj?8j)9tfo_SOGmL=u7UI#TD+C(A&1o
zfXVZGkucs`*QgS{vbKV9U?qaPymj?`*c<QGt88;zaYDN#-_EcTR8uR>c=9mEZB#rz
zOc7FA>n5q$pog-LV*C_o&QLjaAv0h2yW(&zT|_c;-;8_1AOYjTC$(ZA{BmY|--D_o
z;J_FQ#1%E5y-Ihqc;L2u(wkwD?o$SO1)k}NP$_3L^nj)?0qan%`xQus#xnqc&K5l3
z2pF-6d}aY9OFG~sIt!VXid*zt-G*Oikw@I=kiZ2M&QNykR5vyx23G=1viU%jN=yI(
z#GS-DO+Hl!IyHJ85Fomku#4>@*z=<DS#W2Nxn>snz-xSc&3NF?-XNKb$+dXKL&o=3
zsgW0i)wabcLd``TZ7t7b8q#0hTQ>+Jgf$#{B*qRzOM=0Iw89mIu3`Pkph7!+#K;wg
z1kJlLU<F<|$AdaU&b;2h-tGt~QhKfLP!bPLz&TFr1fJDyBZv;8zA^Has98NBz4veq
ztt20#*;s)fJbS{5J&$C!-=kZgbSeBY=>dP46!!Y4c>16&-KZEbxC^9;7u6IJonid(
zdw>okrWm%3v6RU1#*eT5oRpx1V&(}poVC2D%a(i(=w#gkG$~e9Chvh5GF!jtwd&b)
zpnb}vQV*U5yq2AsBt}|r?&{$aOa|gkT@;=)Xg0^`YxAcEy0WaGgF3WWJ1`1YPs{nl
zY4Zw&FtE>o2MG^O;}N51*?UuMvG_zPiU*B!U%V!2r#jqqc}9J}DZzl=`Vwg8s>p+g
z&`pkD+TMGx)4Q-rU1CF({4Q}l&vFjM(!v$5*mpQO41rt6V<-R=iDCq6E-RI~%$mc~
z$MBTw84)uJ3CHjmYh*7j#rBI;SQmZs?kYRQfk#!Ltx+W0;tn0S&y{n1uzioji?Ilc
zodI%=U!-Y6%_v<}lY))QF@<D;n<(IQW4~H?SVFo3j_5x5ykHs5?szO2o4cmYr{1wP
zz|drjonJndIE6OG$kx+9wueu*cdQ@Nye-KWr--{#1vB-wkaE-xYc<qDDg@IW_?+C7
zzgnxqQh~+}B5EQvORi^o3*8HEjGk%4bv~ASNY6p-{0UnNGX?8q@ghad3`3kJplPpL
zKE|qk^7=gAmeEREriK<$p)OM6yB-M}S2n}uXJ+gCo=5z00W*Y%<}ZdS3D@P07UB|i
z>~-XkqP>cK<=Ikr&2`pp2U?P6O4^CCdln-UESx>`(v;r?I^t77)+_WLnCUmHZPYfn
zVatq6BxzbAiBUv4l4e&}GW?|y(w9mOwOc*3?>vJAhdCk?JM3Yus`WJSCJ^+#icGF*
zNIQ#tknxz+Cb|Cp#=R9zNhW;DIvC?!=UO}xJjlg_?O89E*_4=V<IIB$PZH6jGfG>5
zZyi`O(i<`3E}n2r2i6=2X6YrKCiB2Dg_(z)Jf;xOscu|FN{(XPRb_&Gd_?c9=eXFD
z*bLftweOrU5Xt<#(V9DVz^Ihca5`pvq;6Jko+_DI>joC2UJSW=ZPJS(IV??LPwmM@
zGYQiWzYHbbxwP2_0$uhLXov@&>1!Ib1k?v!$1QK7tvExngh@Dpxr~#x9-O)tUI#ue
zu`AQ8N04nb>_*ndy<GG7`V};7!-mw%z#g2O!Oi2=_JD8-bHz7=kFNWk2_rBu%FQh2
zJ@q88ks!enSmd#khfr1X%*}C55sOJU<XR&sRhh4~D6;!90)1;i_~~ve1_o<hbR7yH
zR>|w$5%A{ThH73E9dPHzmdTm{bcDL2Vz#14QOvlv_OMSIcJrS3Nm7XGNh%FOWs#X5
zf?jLCy*gr{HUX9q^L|c5i%e`&OqU9mIsvhe+Ymc<7tqaEk1~wJkeBf;<DS6XYXopX
zl*jMcY_D^|y^%R^iFh?{q)ntkR(H6bUhf)|dLEPYYlr6={(|6vxp`v(wv0LDxwJ=n
zbrtLsk#U`&(bS>lMkV%)W!Pv@H4W$y)BrzJbVPwLCCsPI*kSI|>J<_qo3apwW}{l*
zVQqDjJI-!tvB=YtUoH`Rxnx<HNZXY5*wlEL85wfnN+kw-u~lb#d~|bz<dOwP<zB-B
zUkYX|-+6z@WZpI~a8q(ueJhd;da%0U?I2fYdQF2b5KBv+yMuezj+`xl;aOE9fxcOA
zdBLfHvkNhUlS{h`Gr@sPuOK+u4G?H^m+r+9q|!ugNCA^JT!IKo!y);VyoK^w2xx4l
zgHoO2u^u>m9qF=Y&K&MSk3yXz&k*FCW#LE(AW0#Rko?w;NTp*L$8N=~wnw16jAENv
z+Ij<@bVwk#cBt#|OVK_RN}VB-PEGfxf@i*dU5@JOGk#+Z_T<2g;O$~QC`o)Hr)9nQ
zxV!V!yr)IrlPzw(E_KLOP`n1?cJ^k0-Kz6SccLEvEzOA@p_F+W5F}Q|@q4IPY1hHU
zy-zK6Lu4GDJ|-~rj<$WR8oI&TU696pjfclTTic)x=B{+OG}qpv*Ys`?1Xplw->B3x
zi=K5SuB-GceYeNPqwKewe$n7>7gqcHPECFAgzw=qkmGz~qK-imxN*SX>sy6@T^p7Y
zcczK=*zQp1SSE@fw`|tB3D}lRpTMJ#cP-u0%QC9jLyOpEmjjbNeJFQG@2O13J(&&i
z=V))MYceKLE}slSDX&!-$_oP@cTi+W^q{L@G%ebQhk{(&Xg4W6<J7(vr(3)f00S=&
zWu$O}VckM6{l*x{F6BjlzBqhfkG9zR1e73Srmp~RG&mr=1VQ@R@@<kafSw=`Ha$^7
z62~jl(6_eVGWnNG?LNB^WNJ}Ae<`ag`^aAf@ZH13&K7TT42L+C5eFMqqgMo{R;dV0
zWq;Y^k7_TsGvM|Z#Y{O$A3Hjkysh0wo9g~Rr*_X(W%RDKB}un6w!H%qZqtQ5UPH6H
zBuyvhni0RVC%}I9up9=H+xb9bwy+V;w2ozRLQp+IL^5yFHIbrucW}6`O@V=Bh>)Ot
zK~K%%DYLvsK&escuV}k4a_3E<_zUYGntmBj%IQubjFmDId1L1^)e7%WwBi&a{k7qv
zgz+3h0%?DloI<5UPrx|d!o_8UJTRrifR1Ykb?8tm@V=+BrIwLwbQe#<Z_0W4Uf(&l
zZVbBvXKiUFTaMCnu)fBJbvK1%7pL$1&V6EYwp$AppjE6_c&*L>D)I^1n`>2#D&Yi;
ziCv}2+o;zTI3t*Z5!}1*E}vbdjHsZemWmiP)=RWKp;M-|qTU4+a=JC9m5Yu_0eE$&
zrdeS8qPy?T#>#ZgdEZ1_CTSe7NtbNe6v@2$Wlk$pAD6g<W}AD<FFBKyPY7|?z_;+s
zyz_ZZaigR^95;<jR79A$X3zquK9XWl#D}5q8Z8-;xQqHZSgfdXvAwCe3U{-+1*PzQ
z?>&2@-IRlsyQk(gbvGVWxKEs{mqM4I0GxL-Aq%gSZLb^X;apUd<m~8VJ#LfLt|idf
zeQUv)OagE<{;c#g6HuzSgWmb!nMMJJyT^NGuZOtQz2M9(sf=?_$RtOb`#tTs!kVDS
zUh&>9o1T8z1i1WepTPAt3v5Rr5Xf6C8PSFC(1n=^Fuuj-tMHr<$e{gkuWn9Lm1~{;
zr4w{{7Oo=4F%AV9P8Bm3+-tDgn-!ht8bpC>en0PH;bf-;&STTMVN*Mn9zAW%Y@@38
z2vabx>(ND)41(YeF)yVLqwz!6ryLpqW?-?XZuRs`IzmR%yxcN2I8rpJuewosuQRo&
zOYlG#j1r`guF|y-=E1ACx7q0Df>PHrg=jRQ<sH<RH=HB0#HM{<uk4D;X3DRqxze+s
z<*~7g9p16^yh2b=q_Y;~a369<^dR;gd?TBW?GP4^a4CX<Rq!!wO(m+BD?LzWUNRml
znvQ9mpnD;CbW#IY_^z!j@ASdC@RYu7LA!Y*I7p39a@uIq<q>f8q7QRksT>_(6tM)B
z;~UXY#SCBunQ`RI<@Y#!_pC2jq$9ZBKCBS1Ygn2ENKDA%sqX5jd+}aiOK!)$;(6^W
z=N98@a{9o0)itqZWc7)+I9RI2d0fEoRy{0xp$#ZBGIgpl<kb?7tm?K{^>9rLSZT+@
z^Wi?%S&`>c0&+E20R$b+$x;0x)Kg=m-cm(IDUO=y$m1A(kNW{r!$V8T$Mkr;OSwFT
zVqbdcx<xqAiS=u3dr_}RUl$ko+k<n72hz@im@xyh`?TA`bafM}2bcv57WVe>)5mk$
z=IS{@TP=bkeGOz*DCNS6d^y7Yo*e<J4Vvt|slq4M&z@QZYUh(R<cjcqB5&k4IN+sM
zB$s{a#Qdexdj|BLL9&<9E<a&CwB|jk^Rey0;kbaxQsD9zO{*(4gu*Zsm1J4I4<h;R
z=_xKb8UZH)5ahLa6krO7%WHoIHv@2X+xW8XI<T!k7YT8i;$6cC1!6Z+X7r9et`|<u
z_uOEe%1-j4ABB&+>g$(pmfgdp2Z8OOH$9AsrEC`ys#j1+je^$$-Vuvv+9?qtHZS!Z
zA8s98KJ328E2A)c&n>O@uJjb|9F+=tg5LxRZ`V^=-ELh{jWgClCJNwu(-ZIETZV`9
zymSlEP_>@%rRO>`<P&e)v_dTRo2gl`XW&njxr`bJ!`KpTEnec79n-1~jfPa?gsAml
zVi~`FZ}&lTafsG6lNRVL!Ch~78eLD$!)=+J*kl<FZjW3st1gRB>yk$m*4=2}Ta@eT
z4>}t{UO(O;uMPM0h@g&x_G|GQS$nKgbi`F9rl1d~KnTV%SNI+W%_%ShY94SsI6Gp8
zBC2@VY}YbN-LplOY)t|z8j>6LR``kxgu29$G0+iYK?zaxjw?s=$(&SY!d3dHB|1Jh
zL`#UffO1nv12RRf6^$!3m8gU1!Fy$ckBIU;zgV%SBa@@>2t5`#hG;}xv5Zm_GbY7k
zjNnB3skF4$0E;wwS=pOQR-wibgM80Z3Wt&gAo;l|zCo-^F;qywcU;O7XfGBX?HE<j
z^yRHqDn7k>jxGj<B+#c11VQ4W@)^bhnfLZ$+ULC+9VTO--N*ij+dK%!d~~Hq%^RC<
z7~B-Td=mQdNj*pyE|lBbxQ3>H8gkrO5W1e{4fFH7hu48*qWAW;wH}rDRzJU{)CznO
zn*R5<C-iM!OnjlQA4Uyf1O+d$#G@yo^A<ZnHW9(`#z0l1v2!qk3^-&(VCHcej*b?I
za8vh&nbw0k=t99ANVgscd(vA~@Dkm(JaLq^;YyLKd~nnl{Q~D=?e=Ih!mx)maWzM1
zh~JyL4WE%%=(tD8$?>v#W3_04HAN@+QSw`sv_KAtJbH%%e$p*cuR&GgfdgR!@IhX^
zIjKfSJB+j)noeX2Bgf$gp#imm;ABwecx!VJ3=j0>09dd0nl7d70G$Cn;kW!Y`nES%
z0iQ(zd)iZd83kIv20RisrL&bB7BO!fgc`FRKcJ+f7gX|6u0q(9e232u#io2Lq-WFK
zMGz8&2~q-+M#0E2`jUmzt?9;#^XfRlXUI57(gz_&Wx}TeedAm&05jk*OIaE!lDs%R
zdpg%RJc$+Qed%^6`*=7VpM!VbQb$G_LSlspp=yNgtOzV}iA;`Av}Z(B+>*NYQ6B{p
zi-Dmu$L0k$Y(m`;*$%VtlYL5h4|`<Ytq(aMBdII|bC|YLinxGwjr2kmS6ylPfj$j?
z?LHkSPw@z1MiibJbrcWhBpSRE4G}=8K=M0l5VpCUGo#g)W82PF!J4Y2%K%V7ufOxA
zJ$?I?fU(?}Gd}bhM5$DcQl*Zluy?%Hq+O`M!(h1~y`jdSYw$uvypt?z0xt~%QU;E*
zJrWF#rChvRzl2iw66z!r=Y|UJ?k4%J?tv&Ys?_adc`wuoiL=a>Pb&g&+0=7ZBaoBn
ztH(*%x1s&_=I&HpBq9I?>E2tIy8>hq_u*yV;UpxJhvdy2%-t&RR&E#(#owr1-Eh$k
zjT5tNxXi%o;>qY9-#!x1Sm$D6Ol~pJQHmdMCJG4Q6QTJ`=K7)N$cZlbjo+(bi>H7J
zuR0>?;;F>wyH_DOkcTIW#xW-t)*-nC(&}&eo^9Myn!*`nF<;+_#_ofBIq_DboGu%H
zvx?ZGz#cbuwiISO)b0nzoXr%-xf-hBt`yH_V5;8urKY^WGZ>OYlRiht3BaM4ezgqC
zhmrEYyURk3`Dpto2kS(f#LzTO6SmBtQdxVCRIML(`YC9_o)jy_X1pTv>1o>F$0CR3
zJ4%<vhVckxOxw>C%q|Eb;~^fNvjYVCYo~Oo#f(d|U5&w6iOdHw89`?dM;(cK_1;uF
zf~O5p&hvOY6e0OiMtpk8m!AweL`>96x#%qP3WkftqN%73Q!gEgCI}~cwQtL8z@~NC
zUA=e5g`Jaig7Z08?-(@&-DpJil@?CIgUz}V7QLR!T!VGNN)BY|6!HlifL>%b@e)3u
zc&jb1O&Cgq+#gW^N-3z#pf+?FV(SZoZq&-la7gbrJ}GxZPsb-K1d}drDXxu3EGL2?
zj?tGvT>NS<W3x0KgjvJmdIJRM+9cw7F2ti^CSqfc)Q3pAe4l&JytM-eIrR*0EPEm)
z`yP%)4ZGd)eH!)seLO)iX-j`acgJ1=F*F+27<-8!xcWwn6rXcB^p>#TniXgtoFr_b
zbOzWiHrZDGrBpp6XhB^|gBNAzL+P%?W_%foTn=exh4<cI@nz;1k8mtu$V%yBDU7_H
zt$f)dIco$U0M!*8JnHOEZ1mE-FOXy<2D*CPbks4`OLKWiW+Z}#L(5wEpaO|&vmZS6
zO)Uq9cZb&Ctc!7xz03F(Z1v7L9I)}><XJvF+F8NA7{YGY(Fd?Cqourh6-OBr5VOUg
zVb4cl^y0KzV2mTv_DFfDYIIs1oL;kJ`n-G`B;xe;YPqwO8s>TOb1%G|hkMgf^G1mb
zL2uy|C&LlmJ77cxNlu3iy4MXXZK2j>d35i&#q`CbtmT~JgTSpPwjB*K5LT{!OJgXF
z#5s`6OQn-@QcvOXG>weeN5;xDi`r0yUqURM$%p~MOWzQWT=4-6;OtA76JEVLz#StY
z)w30<2)cTV%%YC=KxG*;al^-F7Tsf@jEn)X6X1ze57=;@KYEAoMxBa`GW><4LWa;Y
zb~=EW5hCFCDA<M#e4<>#E_#I`=bl6~Gb|N9IX)eDQBUxyFud+5%u94u)N&PjYx@ZC
z6{ak12_+6nZPjZI2Fp=$+9eTmiHknBf$@W^r<D9+Tb?i!7Z7i8l#uLDDCrah4ZinI
zEDAj|^@&{!lwb|{GxVXftnqv1nl?uzNMMlEky!Fr?8sWnC6Zc0wC)5lEkH+DTg_Zc
zeH-WA#_LvS4fQXjOuv*u<CkV6I2y!c0?qeJ>7$<4?_HF1&zT^vi}P^G#nsq@>T@0#
zHqxhDQ5TX$f)iDLIdu~8-o?f>8$YJ9>hj_lt+WEllbxYPCoUqZ8cI=eBQ*z>#~b`M
zHA)O4U~^uMOb%#gG}MLNCf;*%CpM=g<}qWied}-Jge>u-ZoG}{8oUJ!mQTA7IivgW
zhGvtAo6}=v!Mf>!0NNJHxOM_J4Cz6@NM9*<%c03+N;ln=x-Irb8jRruYS@It;|qWE
za3_>0p*87(FuXX_Ak)sY(NONSgR-xJR#=~bOK4V%&$JD^m`yyM<sn+#p)d=`u{W{R
zR9G$YP^uI*VB3-|BQ1z7C3&5=)|hsVQRAJ2h+*e@yLrcZbK+MG6@^`jkVUKFo%iro
z7jlh3c}l7Gy=Xjsks>z<C&Bte?6n{cFmy>A)t(65^KrX}d9>jrv2n0!)nX%Yf&{Gk
z1kqLMZn3YK3LqOsgWWQ#TiI*I3GgW;zg&zAF_=A*>bukdfKb|anDc0#W+3_)x0zj}
zj?3fF4SoI|^;;b)NI7^=RE*&r^)Q`!5si@=nFD#vd7@yd%kw>gJEG>}V@DWqm$tb#
zaC;AmkI0A~ka;VBKgRc(7cp0*I+sA>rm<aL&lup82}~~c+_R*Iyf3Cw19xmV0o=+#
zY?rLwX&!Pmq%k?^ZBBYi$q0#92u;%6vaIzZU*LW{iYenKi&!taRMirk!*fBLZec+Y
z1OdCZ6<gok>shZsi%+MVznmJsti%%xZl01u)62R$7Y*V)CCg_$;C&(rUX^~hk9e%@
zP>jMit9g2DJbDF{IO5{Zci)t#m4~3RlHkK~;4t!pRIQ$&BAaJUp2zs)%}HJ&%*Azg
zHzLgB1H*jsF!ltTun#S?q#wrc<??&$NfPl$S`hm+yw$C;M%Y*Tgau91<SffDHb9kO
zZo4Pv%=)p+Sa`NAmF@cL@EHv5#HdDmNB|t1Txv|-^gywv830VFkwoPZ+a9JE%Yz}O
zCINb)X>#z?CHV$?aN~J()9Bjn8v6{szz|60ywO+oc7(%24!WM74Fzdf1Pj3|BAhuD
z^s&_ySl?B5>agjsdJ$PY20iAkd#!sK1V!;KTO-J(iw5OAfwuNa8s}leeVqn76OXVP
zo?Gf%ITK-^K=AHDlF^acG$J1QvbK&>k5+iRM~Wrs4!3hdFN@Afdmo2+>}*&!JRVqJ
z@O}HrWI}Lk4qh05QuN~Qn6zX@n-1;jI6CE~YN>DE-4kEqEEYpLsKz!n5u6D<qf`oL
z*-(pQxo7csZHb<FQWYmW6q*|rsPHjudT$Y|#gM6tp2rgaBOt4uiyCyw2fSV+a^x&A
zq3Q<yOl4UwimQ;P`WaU-;3iC(h-DY4bA}#S;9~g{1jbWwf}V#`_F&Je{2{TJtw`dF
zS?-{x=v3~KbH|-T;fG?^tPn<{HEJWzyVCa21qkMK16<Ep*tOHcr%<V7+at}RZ14He
zTRbsmjYSbZj&r-cCGRoCn$<6<g1)4x4Rx+Hcnq%a>~%CdRSMdA#I<8(Celjln309a
z;4oHt?U{Q|Ngpd{M`PP5=8nXL&EK!TF*L7suMxAB2}!j=1Yv2<K0mz@Ety0)vFGNp
z+9B}R0;Ga`I%y4hC}qXi5ofABc+W0<`!Q>qhZR-PsHdXoOApdV`C3}@nQ|tam>OD6
zO84Z0%I?WCG=_&72;Jc8WK?QGNI|z~96)+GvuXUEI1_FbAcET<3={a}`p78QE{sQ*
zR*yv@9q)Ky%K&;5EbT}^z0h_kGSgR6Cp4lJw1CnF4s(38?eN0qYV1A1xECn%4uJ+h
zb(mx?ZZY%awTpB6@knr1y5<P2;iZ|!Bh}_s(A4LF&6sKt$|?JD51Y(J=gBa_b}EXV
z_wC@DoO2+`4wSgS*X+-8G0)yMsb9>i0~dWU8b{rN{bEysgZ+Bw`9Qq1h$Gdj2`I2*
z#n{KR&+`V&UD*_}5Tc8NV+H+zlv7TR`mJsd4Q6H0;G;oU$gIgTKj<st**){FE+(p)
z74WxW2dKv_YOyf_2*VIq?^aP*+%;A5lEYB<yh~CWwkkR4xu!~B^-ev}SCe+I7Su;R
zBv$jgAl{do>ukS+Uj{o}leXE|n|UZO@+J-w9)Lb13e=lat!%;8=*^Y)&Jsl<UxhsF
zc>-!%7%=2WThs#{^A@MVkLFfV{l!TEm+o|`J@RKm@4{uVJD52ecn*rHriyuq=fxZy
zvyIVR1(a>Hda^!>9evP~8*E?(%=9%?F~FBqwkSgto5r0Ar`kT3^~@$PysS`XOA{+$
z^R?{~FrCLdb6vCO19@#`E}5|!bWV84X(#xXR*x}L+D*3j9m4u7xq!I1tGK}`WhCFR
z)P-3E+dwT^(R3M)xWkn^)Ru;l#kNV}@%A=a=}FFDkU$!wZF#7QxW$m`oB_|^o!UG{
ztFo7EP0bv`qhrsy7POH$2`*yp8Y%q{crKRNGj#U(w2qy>M||~?l(agKL3Sn3?wQKO
z5xJY05oxVci1X;esWAV}KyvZoI`C;FEi{at?#l6I*lav|LK93*M5;DneC!Oj3ud5V
zlPg}8Q*vxu(eCu<%BourZzoL^;F470Z2cip)Z6Ex*{Nf`FxKMaLIN+<+|<pcRU-PQ
z@Kiaj<_!f#qAza)Zd<~m?4$HY(31PuhrF|%wo4C*PDwwg#B&b>kX66Hv4SqhW;Tsy
zgT{W8y^z>~lmjNn`>+f8#`vu?g}&FMtU2gTXj+M~*6mDoNl-)~2%v<i3wU<NN0yom
zrh3sN@pzSm^-xc-q_<rK$ZKG1I&bQY22zW;KBL9uoYroic?$_g5v5X_EtjjYP8jBv
zzIS_F0?W`|jr|7RGo}f@doaplG~kiDOU@n^cnT4{Px!e^`6E#jNW3WRHfC0pst`ra
z)zuTk-i78M_j+3oFWLsU-XLkBJduY2a?oT5ecEfOQx6aLwY5As4_52N({)LN%oBFa
zmm2bVp5VC3Ir?o#tgi9VEK}o+E@8};f@-^dYUN*AMG{6WKf_le=76&CBf8;e{B^eI
zD>KcCdwy^EY>z0qnBN1wN(S63s;RN<jTZ<+;VRg!e@<6P2E&ts;3{)!?_jE8jP}f3
zJ=7ke_B3mxcSU=wj*lQt-JM=OUkVcINO1ylgy09z;NCMyiI!J~%7bs8!Zz?Fb8dLo
zRT!oEJXyWneYuL=gvM@Tta$cNm}3cW4D7rIHm+KEf&i(A&}7vtAMgac715Nz+skt_
zOW%Ggpih`Xdo-Rr%qgN;h)Tm^LlBPY86DZhofjq~-e#s?B!kV2y7%rC%Zw8OzgNZV
zPO6rK!oz4m`Ru5yrCsLEz^W-d@<xTmUjT1|^Wehc(6nQq+sZgI5;mg%7KgqoTuVqF
z_9*Qfov{AZorUElpI%?mLh9Kf8bW$)zh`O>-mN=74B0re!ZJx#l2+RnH#yrmscCB_
zGHJ#n>}6r9RGP#XykNbw@PKabSPfTu!srpBy+b}pg<*cDsMJTJ`IZ*aj#8^~vbW{9
z_zh={LjXJ@3a4w!bHZFkeuMOKQ_IFhKo}=u40s$T7Rd>=;jJ@2SKUm9l*cLIPaF>?
zukDaHP=@IuiQSFBn&?r<UX0Jq%a_x|!|^WZW)u|f#gTWuVh=U#URzLrxm;pPr46n1
z)R$FZmV8gnpJExdi+RoHyC;Lzo5=cd!62TzV^w=<2bWM<TDn`8z)`FC-V->(jczOy
z+d=P`fW+j%$1CzsMK~HAfXN~&p?P!U9#c06yqH|<=*#=^3iZpY_M_5xH83W75uIDp
zL^;Rco+0^!>GT=FTk==ckJQa!&27|&y!&|=3!NrWri;Dqts|B&%D=>F3Pe+H7K?pu
zTAFo`oDY<BoD8q)-n2S3dm}7ky17C;z(W9g_cq<?CLX&mvJFzqRt6GZYm_cUlOZT|
zd%YBMd1^P?&uN~@@F=XUz719szF;qrwSAb-Su!NGX+7Oe<E2XgP2N@<ti_!ViZu+j
ziczl7C#n>h&oLi(ZC}wcoQ0N;ULarE;bT=U-@Ul&ROh15A+1UftYf*iQ|j3*18vdZ
zMqF*1eFmiObwsmG9WQtuzhqCrBvFFKL#?{yUQD4>D4tPxLOlCCyQx-%7*24Xw#s|s
zl2&j9dXvipY3tmq%oY4rx;dL&K>C1bd;O|7E1*!z@?OrqB|bNtq;Yk8i2&`iN*5gc
z#NZ0i7%a;$RiTQ>IT5+=)X|i1_m)_@0W~_UA#PQjGYq0i)>;}OpA?TQLM*;F^m^|u
zmY>%up_pa(L~#_{17ld*2hZE94{Y7D%hWECUnxvJw^FpxyYuvMa~6D~9D6U3DJvVQ
z$5G<=N@a>zQHkV=ul4C@;{;Ec*eY8*t~Bdlt+D}xTxs(KK`~a9fUe1arw<%LIcm=i
zh715QP_$@3raZC(GVpltC}b#f%>1po(PeiTbaf9g*D1jWM?5DcZ0~wbu_n4&jFR`7
z^g>8p402ViXv5<YN8+5Ymqx0lWk=>~!-!~rqoIzBRCD0=u(=C)v#!3xBK{I<8!o~S
z0kt(L!Ezi1mB|FOSC1J%;)XPssWOwiwG*Bd(QY=!$aru=oho4*HTcHBdKTfV(BEd|
zwY+YbT2>7^<&n~QR)<qIGoT~98<Xbt+H3-6*`C={%LqxOH}c34C)Etwo0WHk)s+i5
z7q3`I8q#bqgp#mQR!p)Y(>)SnToNcTmxl=yU)7e?P#QeKXNRE+qT1x#gXlzi@w_q6
z^wri2+T3@emt(eRB(!T};VZ=tJrwuURzm6)YT;?KdApZG3-mjy0X9%Q?pk=5uBOaF
zkyo_})_Q5CK-qhd`egPMUX6CBmEwEAFqo<whj$|3y|AWvp1mFndJS~s=zHE2mv?xq
zDS{=BtC#x0>UHWV&ApnL6}=l50aiWshC!~adafsx(@6~D?0cn}P4ix)a3*GVNt?U^
z$Ai){r{}&_PHpyp@4><=nOD~fhb1VUJKI@o9F6usrjH&b@FwxoV|pj)=*@~7Fe*E#
zG1D?(Rv1UR+%e_GM+%hhq*k)Lr44$j#a8M}44#?#Vkiw{YnZZ>gg5Kxi?)QBhh^PY
z?#sqfM`kJ@54_25roj2s6uq1WSTKt+S@;<Nv2j)=m_t0-H6OOE;stAE)p_UZud&GX
zt`U@P0o`FJZNxA`WP12SMjy^qy)F^hCyXTAFbs@raaHf(wgjH%t&}pK&c*QqcqR@~
zJ4m_}>hY?x>{_y=JLgI0cmpDd-`gRL)PmGzdpfLEyD=Oxj9hFo@r2R1o^F_^Nc)#r
zkG{-;X%=*R&pIEa6Va{Zt7E#3^Dt(T=sT4sz@s2|>s*+2Hw0a5!y4L4NU5$>Q5)%5
z*cw(kn(zJjHjFhn87||y8e;AVQJr%|AuX8=ah^vGm6Gbb*)hx=*f6~<PBzKgaA~J7
z6y!RO{lxTm=@MSH)cTQaTm({`01Wg9$H|ICXjm&AFuW$^=AsGLnYvq}8}C$paSb?l
zhR-u7*q-u;>!|euII?Zpw<Z_ho>Jz<0UW%w&`blsfJs@Y&$#RDdsSo4wy(}%mv}f_
zP6zRp_;zZqp4;$F9p~aP#Ht;FVI12F3-x8t6fBsm;*A%0d+;vKs@X6ep%BP(4dlz&
zXMnbI1#{~ySlmw<a!b$CSBFRAN}g{|ol0NOBS|}QSO<;1xW1lMgc>03N;fClpw1&=
zC&t$rd~ukwDy4S5IFFV~M)2Ty(`AguO;I&E`@XdjZtmd$!sGVJJ4H9~h_cw@L{=|g
zei|5#m(?KyreIJt;sJZPi@~YvyyE<nD;of>>sb@I_!%!I;HK}^a7?5~Vw{9pd3Z}1
zjvV#IJ6@q)E*^lfW?JzvY&70@q%FC)40SbL^K7a&o(3o(aTnXDzbRr#KJqvaIuA!;
zhFaPoF9zVqm}--HR|xQGJ+UIRmYEFF-!wr!AElNs9EbtEn||l<EHWbK9o5p6svv{y
zK0B^<u(vPN-B2}$50V!}+lck05dXrbbV`{;g8K+1y53kMb-ncKY78|(Wl|?)O@F%z
zOfq8xcJ>s$)MEHjYnEIqnLyVIKn(dDuCV8FYc_Bw&RO9t=i6#vb-jpW?O1oH&=zAS
z5vO%WO45~dvAb5WIDN)+f4Q|qyj|MS-IKUK_mWiomA>TH>B>tl)6_9J$nvhnb9S8!
zxQOc!j&?vKc3l_C%LZo=yLHYYSzvaT9S6aLttu9qaKeqoNA%#1tog`7kRMGl$^?u=
zpCP+wbR|&Uqx9o4<B?@m%a!1!ZZ^~0O6s(cQ}Y(0gjY<OMUMo@Rx}yJ{8`^FDHwsx
zrd;6bQLY_`wM(Oi?AeL$gs8+hFY@UcuPdXRH7K`<37WFIhaBu`s)dxGQDg^O9fYc9
z<m@&^NKly(*(ec+i<QX&uF}3C6FZ=056akR%0RcXdozVvmeb_@-idph+XcrKq~gjg
zKg`#N7&xheWOeNkJqhNvMH&MXdJpf3!^G)>1&wzUG*l77%)FxMG}?|2qbFiyrs#la
zgP4e!MMfr0qBkbzpw=8X_@=YkD0g4j;p-X|9bzpdhQubU99=-t&Q0ui5SomA%3cjS
zmLRzBrb}?C*>fMYJG$#*AWSahoaUm=NI~@BQVn0X#(l$0sv4o^CQM9(e6PS9w0*O^
zOJ80uB)n1{eZ!g~@8Gdazl>WE7=9Zo8s|-wRn$N-&hKnQeRj3ll;#yrIh5x^jOoHi
zv_82-ebM>wT^n!qX30fm(+X=pow25%3W=nS&hQ@O*WyIg!Dumi?+vmhDg>%~F9y}Y
zOWXIj2Hu-e%{RiFev3AA()H<<f4&g6y3s+5gu3osG#DJFJ;L`yM~160vMCvH+k1A`
zQVf@tVDl7jpx;Zl+oG_UGRv@oWR%A?rCObT%4LE;8KT1DE-F%iuxjS#X;h@Iz=fHA
zviNw=%j*tmsSe+jqxF%ui(7V<E@`546)I2iw9OAVa0{`xmbwkQbAXwql8MUs3Ux;)
z$h^f;_~k1Pgh8W6MP=7qj<qS8x)G<G0yFlqhjayWXB5)hg?%c?GF9tz7~4CcTj7m&
z3d+6eV9(p7we5G_TP>P^>a?l}PR_c%GtfIOsUtaQmLY0P-1ZJQriywR9ad*ta_o%~
z*DXRN^ge|!!xbn&0IpF23X*sL``#OL4a+wJ3_j0VmQ1=mxwR$71sI-6y=1Z@th+c=
zg~_oPe$g^H>LP363}RNA=|rc<#ndMzifORxgnH3E<ArcfStLo#`r?^rzJ0K?Xa*F`
z3;A538&ENXBeU$4(AvslD5kC4XKdc%5oLIBm1i^iw8dDUODx_#!wz^m>&Wk-^R;gh
zJ*<;^7?>RDxa-IAjK?v}c;mcvS6HP)t-2T6Y@IyXh!GRpPZ%gbf%TX=Z{15cWxegH
z<slZPHNQj%2DW&TWJTk#!3LY;qCtp<s}r$tJ(!yhFqI51-~?x~RAB>BU=RRa9h10t
zU%{yD=z}vJy<=UmyE1w@A_gx-<l%Wt&~7$bYl6Uu7HbW#YC;D3b{H)LTSj03aUS8s
z1(hNjiX`rVZ=Dicl}bMd*Ow&sYH(tE9DSegmt3M>axrR2PseQt);z@;%eqE_6c9G?
zt#rQ`^&97XF|Q!9NjPkt7Qe2wa!JkCTa!M;E5gxlSFlR2OS5tRvP<Fhm8`t+*FD=s
z)Y2xab~2YRW#h)HLk_cmEFy&u0D~sVG}y__Lm+#Ko!6~N@2L(=0mt2X2U$c2-#(mK
z(FDb%b4Zy)DV2nd=hS8aTf4q$`s^`CHCA737+Y9ZW`rj^l%4>=I@MSJMRbSU8TV-o
zz@YJA7b7h;w{XRDc^plEHsL`UH0yH@W&3UMY72O|0MNCqjye8*0m*d+9rCW&cAS81
zgIxI_zbV?&@>gyy<k56lDY&6jW+vPKj@?M|X1UM%=@1GO>AM76j1?5yY!SkxU}Ofn
z>Qdljrkh@yjgA=BF+B6Zig*a`<vkCEF;GEwE>krn1=(Cg7E6U=u9M!KXxPYT1(-A_
zw-Q?}X>!<?DeBd_FWgJm5kM)t`hs4FzkAWL$1hd{OHp<59)`ipS(TP8s86myql_ii
z8@?xQ8CbKK64R<m1Wj{8&ub6yB4*giZ7RJLB)sGy;A8boIh37(rQ<hzyq9Wk-81J{
zj8dRU>Xn7O<~!*0do<7ZreEWO?o->4teJ;$YcF5~6;A7c-Ae)vYtz%{K6DgZi4Yb#
zz?{Pose7sB1KD@XE#N{I43mMG@6uDMz1wKc@(}Z2F&foQ;o-D7%(?hG3IK_dtZfan
zvpwPWLY^}*J!WA5uH_fr1D)D~YdG+Xj)+16&y)?B8edC+hdJoI&)1^zmtE3wd8+ql
z;rt=?qxDHA=j0s)4@^m0fh!8pdR>_o*Q%Y*lob{M7=;0^sa()oS%41RHj(Q(1fEG4
z$e)uJ@sj2|1@(PSvUm~Jx8peo7+j%iy2m6nkBx-uFsfW>hB+3{X`_4z+Pj1q_HmcJ
zz<5%6G933FMuzh~d>O|(hG5Na?AZZo4Z+y4aH;`Dh-znrHxJ0cJS=j=WZz1j1B`fD
z(7NHTpNLK04HG?gm$a_LXWEm4QcbsqYXbOsUUs_PESI7l)$K#ThnceLq$dR|I6T*I
zur-@qPt!}YLdV9jC<)INqGbd8I{VV}%?>}srHO4<k(e_~CsU<84H|*hM&Z^SCmA;y
z7n#lUu#RlKm2>u8l;EAsv6)n;rZ!#b1-=^$yeNyAxdyYRZ*i3z;bNTHDWNlNSSm=Z
z&?3C)%GQxEr1J_A+#hzbx!3~iqW~j#Rxd-R!yIl(=vl0x!w#&os}7S{jK_&yaQe75
zD8K_s2ogDezL!-4erffXwtC&IYc|OE<<mw!#phZbm!e8%N&8}<2UQjpPM@&(7CE6c
zZrHBPg^sQwzd&#6TMBx*5r~7(ChCT397~->IL(IxlUHac5_r$R!;m3T*pS3M&wBIS
z(7=E;JndXQ({h&+sCSE)FYW<%7*L%Y@r)z^=*F$)(97+R@O@ldz^@>va|a&vyJUKx
zpzI)P?-rgYWbdnSn=o#_3YmmfU)bg%mUfP+0j=PC7z826239A`hWK`0A?J01rq(_1
zsfCyRrI*o{UWRIm3sj3~of>2As(MZ@mv`?48QyEsls@ZSkm~e@il918OK9~T%sC;#
zvxqqzV@KGXr!S{DE8?C4YyRcezy<XSc}*I6jgKzbE1zzen9k#t%D&`{iPPEivx3qx
z*3+{<-t~$m+3E}&1zdA1ijEkV3`%TQgFp|mWGTu+-KYcTjdZhpifdsPf>@D=nq@=~
zW9w4~OA!%RXm7by7zhO|gD;M|ZuOe0UcW6tLw-US+b|BbV*3K1dgGA|!rb&4RL`SE
ziW?cJZsF$YFgi6+vQSpNsBU`^Q_jpyyB@kd>ArBWV-(>MK?gMkw)3_(43ya+69-|q
z3Qg~S2(x$83Zf7Uz+3WtwDh6-UsB-K11SQRbn4HCXEdE+rk8Lm!`)0Mkf9nf`5wGe
zQ<oSdbzvpf#tJ8Y#Ct+5Plo{nGOw8U<<mgHoqY@s)+2Q2?omH_h384AdAy3qu5?=s
z6oT9|bc8O^eWzqmKIq;kZ{(I;crX;MAq1ilR&S_P?H%I541_yEkgS>*_i9-`;fKa;
z1eife)8gU)41C!KV+A1Hu2yZHJKHK@Kv?|J>=n@Iy?w+YE~ShIZ|8a0)|1z#p=@uP
z_n7Adhg3+?)lVUfM@ND8wmg(s#O#_2aMDOD)d4F83?9xiP17|wB9sd*J9vbsEIbd<
z;_cC*7%vd^@lN!0t)}CuOxB|qrK4kr+P<f<JVMY1onX+fR@7sjc)0+%;>&wM{Omci
zt0!xb6=Z4aPoXuhI)!ZVWTZID1-H8AY)DUH@}zJ5?bDR@n7wcZlVuu1JM3<JBlhK&
z!<S!llZ-f3NskFznL-gR*FyY&389{i@IDbAG>-&hf3Iv%TFwSGGptbo6#3!38Bals
zdz0GY+|6r`xB;);{3qBk&U)v(m(0>E4imgw3@$Q<+bohkB0WRz6+pz110Zp1!K9X&
z-84HNEb4n_Z)d0)4sq7r@xGLa*J>TdRd8K0yfWbTjz^o}YG}fwNA%d7><q=sF<4cS
zxeo9_Hm^w|tSsw;-E)~^e<6}4Z0RV|t!$zL80IZogEdey&saqr9JDScJ4_zjuu3Hv
z!@WDdmqkHNSs7x584JeEXlcXz^7S@dNvTnJ#2J~OR~c@}#YW953hB3<PqUP0OsH2v
zO<<)8mkK2j-qQy%y_(Z+-f}~r5|sE1dQzYZ_V((Y+G1D)>XpO`g8{_!6H6`dEe>KL
z=RIb+mj&ZDH9y1&0G-jTmN9Mb-swpXy+*3qoq~s&u(o)%tWWv&9Y<I{&1D%{-)Ad)
z5?eD0I=g1dwtB=&lP9}kRIilexOR|&t3~HR5wC%V9?K-KZSi><RlyoDFb2muKhY<0
zZ)$^A-;U{KBcQFIJk(OjbxzdFwtWWr=DlV|l)&SFhLTOFUJBwz>BhWdjnIh8fU7T@
z5h8%6>SVx$C5`-*&zWgWT>*!_-h8>TdkU6?_wta{x5W3|U59}+nXUB%a6f&Imezek
zMO|kD5HU$%*XSB)p0>7n*K6R825ZXf*s0qBN+fu>dXYiHG`*(eiTp@+YM;Ji2$4vE
z4JJ2sA8&|@x;lx~E2nS4{7bOVL3xszSvn*{*=Z||=+Bwc2&sk!E>INH-pq5G>%h4k
z#bP~qi?ikFSyItuuO8rwZn9J5+*fK57QLug{;y%l6WiMfoCs*?DwgxKU$G+4XjTCb
zUg=TcDVGKs$sU|FMx4o1ACoS>lVn3S?=v{A$vDL7(>vP2l!gKoD_svKkWF1de5V-q
z=;(A70bfz&!Xuu*6o#VW#_)GDBzG`y*s~<gNp#KcD6AJP!W$_<47e{#O2USjxkz`!
za|*YEEJb>B3Z)4isr#XBKBZ(#PtH`0WZmijxZV&)#Js0Oc{TT14NMEedIsR8GG{p*
zhNckcVa=JKADrX6jlgYC?M``8hKqStYj?(BSs)M1A%wZw^PaK=NUVW2HUN3T@PmCl
z(72@!ulPkhed{%ZnTAbEM+E~@L-RPhXa?M05SI(Ui|Qw5ZDCG`UQ|3cd>b;H&$hhA
zye~t5We!RO13~O*#p$Y@w=L`)(nJv~J!MUZjY|Y};4*5ndAShh%aM8tdR!Mg^mZ2u
zO~o!=9vE7U1hJ4N9^59HDzl`Lw@!+MD<qIU32P@vRvahWoh-3P_J`<HF06*S-i7V$
zI4tJ@GWX7L#P4P!pezmye62vUk>NoM&t<Gn919y!1Xi2dI+Psvdks8MxR4ky(#(xW
zVoA_f6mOB<HEZMz@GH!K27!r1xc8FJCay)3{Jn>$8tnza;zhvM5{d7@V;Cf`8Q_XF
zX%0vRucqf=3{gv4y@UC3*5{$W^|On7ro`7yu;1Un!oCdahczz*PjC)Il7e3PooY#m
zy=ETpI0*MlQXUG)nVMo!hK3OWFNBHEaN>i8gU4bn05<pH9z^(qvpQu$O#fdov16TH
zx#MKn5Xn|7lPrT_lx1k@jMfr+I!|M9UCCMFy|N{F4W#LJK;msgEkOxV{#uhdz=|5X
z{i2T+c&Zk}Ok{`b_!YHm(V&&8kJD1J0Bln2M#(_33DyJC>uQ#)vA0=sn)Qm0p0~Uq
z*+qJan$#hcp_+gR;k8#9WC%`2%+7>x>qOxCq(YzZbs93|6|aeiVc|SKZeNgbgDVK7
zi)7BXYK^&#J=__{oklmTSAAzx08HYt11~FD5n4UYC``wmvD5Zj)n$#-x_n5ID&^cH
z`bcwLSoqtM4Rq@#>xHG<2lSMg1?hP~S{dQIYx7dIgW|;uWu%iEmWO*-$IY$V>ts<B
zsVEO}RwMaPj|`w(ee=Am5P~`Suuuzjj%@)zBB*w3vCv<o!47Xws!%#V<waTObWNBO
z!PNrJco18d`%nzEU+dASG(WD^tYsl2sm_3?kuwVmg#~f0e&L{zAw52>G}gKrmez}O
z2g?5BL}SgtsMQp<J6LvSaUX%zEQ0hgcjzqw54}L}GAM!PQ=vphy+vN{&7QBUMhB}>
zc|$bJll9y#E^CEaXe3_R;*bXcUiHX*MX?pn?x6|_Pd^_$ZP^hZ!k1izV%F=>okaTP
zy{U>Q1B;usp3ab{K6+8SGOI7lXJF5{F<KWBUSX8$wZUqz0my^q69dNQmEfHpiYdsK
zVyCa|XH9HALl0UM?T9%n5)*Le$rlqlN=B|RJ?YKOw4en%;c}QINem>EW%Yd6d|ERT
z*M=p0l=<Ph6f}-h{^!_x^(1Tuyg8U_o`!QngM`$KlaU0cl<G`(o1ne5x7l#E#_+Nm
zwV98@_=zl8r?r9%2N&-;ny!q*7MHC_5Ij=`@$+(`J9n9W68uECuqEBSUq16T9xWY;
zeIn+MgScW|s$J^D20Vi-x6y~bEGAA^FSf)6El}_d4GHSX6#Cgn@oMo|ui<S?Eky3T
zlMV#43E(_iHDz4CU;aYD%T@?F+iK?)x;EFUiCmsldjo8)@CdY1*PN9YG(Vfyh$g;8
zj#{Q*StHC*q@zBfJp&09%bM;>iZ{(N;s|3JgD*~FYk(iV8^$ya=|$>MwE(k4c6aTf
znypGOwx{}fU1G~Ejys#(0Y<Tj%FJ@<0j@f{Fb<hZpp!tT({sx#<xnJMHrXWTN!Gl|
z64Bas=4QgKc23G6wXdXXr~`cf6;JFca@X@!(mb#g?}BQfC@>+T#)K_ak~<V*Iz<<K
z+NftI$s)GFU9xUv8H|-=E)cy8B^r7|ppo>@xwz5?ve#Ff+-$VpXaP_8)R0ufXl&W;
z-4MhgiLwr=RQN>%j>|1(KI2wo9>MJ<=3oeY(_7EO@*dn{O*(Dd7vhjN3L#vrfKq*s
zk5w|?J!CX4)x;I78PKcBXq=+90O6h3O}YHx0o^6((}H<f=x74ytJ3nawZ_8X=7nV+
z%#=_+5K8g))@yl|;>$6lFUK~>a=jqWRvDj7-E~u1xwq9k(+iH_!RHw@8+)9IjBU7#
zjVsi1c~Ua{^Ede|D(uyss%lANmw<4Lv*sgNy4?4lWKI-yZLIk$#?90?tllHO606E^
z^M`cwn%@i3PAgU~=fH&=Z-&W-*M9KOszS31CIQ;;IA68TA)`Lj4bsD{t1F#HUAz!}
z(14N->z*RSIFlGMm%gma8fUPn^HLWE*ChRBDdc2_mN%S2Cd=82+KMl)iy|}|U!Fa)
zNRq3Ej84qyH0>2E?G{`-_gqq|SbC$2Z}vrA*QHs*8zi6(m34{9X=og+d{LKA0;93*
z?xxCF$X~mX5~XP_57RQgraH9d(j^+v_f8A+u>29aGJ#-)1r=<op*zZp4wA~CMU~Q*
zm{)0pa^^Q+ZxAAbG71*yC8X8!b#-tuS9@K9Nv2GI#9XotwFtZwicdUo@H`3B)zTDN
zeGYYfv7ed9Dj7<aOx7tTF+qk8X`EB2AW@*0EKZ<zRQV}6F<`A;;B+gzLxFJ<s+V@d
zkLmTXpCZ@`7j@;n1dcoDx+gK>z%*tG)i0ZBJNH`cQRi#J^s~eoi($f{Y+QrT;=G55
zrx3LOMh~9hYokeKwq|f^j-u&`$#=xHk7<wT0*r)7p;w08%(L5jw|4!t@WFd?G>4mV
z#-j3`1l;m_q}yFSa`Fl#T?>Zoc5_A&2qt+ZCB;2-CR4O@&n04m-+<Mv&AEHLbn<D8
ziJagzq6ISEC+FxFge?T%Y8~4#Y~2xQ1vMJi-TSDQ=SwnzFUio>i^nhAH>yBpqr;Aj
zo+EZV?v+#uD|wGPdH1#)(v)hB@D%1=9Mcr>#XTMlE*gCk2^8;M($T)?o8-9U;5p0&
z_|GykBwKou-e>@2KColDaq?Qw^fHB~WeY3fZfBZ#4VRz*3k}-k2^3u1Qrsk7>E4lJ
zOn8I5o`F737!GrjRY?}pR|5^K+E4qv)#iyD0^Wz$^jy<<NTouV-YYWNh19Ay&?Gzh
zE_dXn!bWeN6Rhp+mS$|siML_2_@h29QnaZehsX4I$%0j6>EYPHnbi6;v270!HUMzk
zuu;13G@E0gSyz+5lh8#E;1vr2c6hf&d~D+PA`bm(4DRkd(19l=>wpWnBS!}&RFTyB
z>r?=hM&TqzLh#eZM#iUQ=nz=$P6_)6bk{h8Ft)2NLpTwJCQ_ljp>%``fY06@j8aZr
zoM}`UUD^WJ^C}+^2^0568L`__#nbFqiV-&o5J-6$+{S4|JOBeJXkvbo6`VU0h)Sll
zoFW1<0u*=e+$Wx@5$}5!!cf67xk^zRX~pmgi-NK=(6>kmMZ;C4q}#|sF!}*XNWHGq
z;;}gE=}~mN0bY3G1HQPBsV&<^EzjR;1Xq9DfVM}nZ$&2`4o}4taiMbePDVzSc8|A;
zS?^Ie0)%foTXB2v)Bw*pX{aYL<yqoJKrcv(+PkZW%og$>niwzAJo9D~<Kav>^XPfc
z@5Mghg(|&ZT^rGh=hH>GgEZIEDHf`xYKw8CBOMwY{#>u*;YbbI)8TS?LeFfpQtFP9
zFOWVh^Uv313(0QLYxG2Hz~g9D9k1u<pyfW5I87<Eqe~6jkKdhnk*JNsmg^!uluJI}
ztg8SUZhT?VC8ztWC>o#X6z~Mr^1J>|v%TB}js`)xUO&~deeaQbY@-ht$Q3#WOylZv
z*03HYC?QOk&Q$XDG%9>ageJmZk0xy#eQ8xS)Axm$rk$TY!j#2#>$j7tnB9SBho`Wi
z&T)4n^rmsby?`v79f4Hd$cQ!Kkc!vxxho=$@-Z0ZlX%o>`l8LT32JoYr8H$IarL4K
znBN>b^67}CkBB|>CL}{yPFshqzCFhk0hWcM0lFT@)wM#HCfS6jkg1mEkDqzNwDnO0
zR>*rIt^z^QrEgfB=9RA~Z-})%q#)N)@#}WR;$_6XyJR#BLGxJdF^T4rH(|ifK?d4V
zF1;ZNG2dvip0#9olu18UR2HJ-Rf@%^$a(j=S?mHNkQUP#!n=34Hl8Z-OR|91H}76<
zVd~?Ihb^hkpi?=bYfb0?!6aTL4x7yMWF0?kl~*%mfOur3CIj6k3#!xL7S-gyfvXJ!
z44@N4V$1JMtHGchXQ(@v%i}`1eamstqzJxAFD87BFo4!zMz(;-Z2j?YL6gidgINT!
zTMHwuI>tMaJcmnE0CR!ogiTCu1AqloVV{!~og!qLjuhbrvl&8&CaflG`ykU;2%{a9
zCt){<60{M>9<U)=(XCm&=qds_)5XE(l#9^)uvT$K<e@L!#t=n6&<d%jw4#?Bq^mkf
z0sd6o+jq(n-R!bsuig~}oke==yhq*UpPL!mmu6YZ@~Bky(POEpd=set*u;bsTaK`p
zud0LQU3MgE%Q6$)0S>W4SElUw6}%x#Lh^bQr)3kzvdG8L@2+Vdtvq+vh)Vs>voq=9
zum|{D%jDS`IehudcQKse<&)Jx!*};2nTZ?X2L;fJWyL0eSLGf(lKapLA}b%_EoY<T
zzIn3%kJhW8Eb)R8J9wtVW<9X4@Yoz>)%EOAr9U*lb$r!hOz$|~<(p;AvxE?zKAxRw
z&xb0#t`xw0_O4CsLT}`i!Ah8;hi)x6$(+LZCWu2RY%!UTaJttX#p%ga0#do9&UHAb
z<jJ6tcu!6j8es731M}X8ThEp$dj@7g&Wc_ss!y!(7O685#xoa{_6)@hdwzm@cBayq
zU2v48Glo(JRTE6JVAqWENP{7Yc+N}Rgo(Cj{5TTcYVt8jnfNn9s+Gi+S77&As~iO_
zCZwMC66Mw-i4IGOR;npgg?>dr9kv-e_5e<YfoUimd(3w@ZPu^zf?w>wgmy@E0XPNf
z-J8-)tR^+lJuVf?N1k`mNzisq?ssq}^`_3*7n8SDjI-Rko!$WF6Thk;dGRuQ7^1Qv
z_A#N>dF=~tR2(K6Lxd)WaV^p3I<7Lwkq&3#@dCZkqUJ4LD-8fgM1xD6MOoO|JbCLH
zGc>ksm&hE+p{_3PRZEayG0^ps1$0kJM|OqBj6vM2FH3fZ&*UxxelZF}1CA66qPR#S
zc<>^C4B~CS(|nlk3b0fjuLJ9_bHx$c(PhGdO%<|caO_1FV;(LeoxHY=T0DhGwlB{_
zzC2^QI7ri@P6?mKQ6Vz6cRZ<EmHPHgw4jD36|Atsai5gD*d`VqK)qWdHF~UwsFK&m
zB_(wbV=YhQX5ftGDZCgFcwhzpiq_*gTQRAQd1ej8NLm(;A0FB+i-D!Smt*7EZ)GJz
zyx7`Bwqw(E3(e=HCT>YRN^{LEhkOc8O9(njxx#qD;9j-+^o}w1V?mTAFIs{F(>FnC
zS%8IkJCjjyt~U$=vs~d*>{$V`1|aHeeTCG5t2Md$D)^Q0Ys4LS_hw0GEAG)SDYuS0
z7ZEcbI^N|NqzX=g8{iAPhVzLN$&gaT!t@vQ?3(HYW6}u&4icuUx#4NM+;stRT=OII
z(({z&8wqfTK9Mu8#x>Joi;;OU12vlucR*2^U&=$0UK9&@^khQ8UONEWP8_BdBtq`P
zb$$skwKC1>b7KBDXd;TT*K2b!OwHa?^g@HzzR2}X6angbFL7kqE2=2AhzDOqx7j@~
z*0ff}+UW9tTxafiy{r=69p~8kOo9Wsa{MV%J;dX4_s1JM;^|yg)C#;1mdxiQw<X>E
zfYzz^0Inw3@1pi>`5YD{wpf@QEphnv9e_R-4C*dTFPJyNOs|wx<z;lg(@S!@*le<m
zwZy)1n__jwdzukI$@~1QE=nG`v$bP!8_JKSP4}_ZQx%DH-by&VdnE@CTnKDL1L_=K
z<829Rs2Bmiyt1&!z}*Vt8WPDVEK|7-PbjF30E*(#nz0x{_23wLuRx_&b+!+VnOt!p
zpKKo0@s>Rr>B19x1FIZ(;R<-$v|pkreQ#*(?-_S4c81q@YdLjRs$@Hp+xgot1SHRu
zS@Z1BIbEh`HhB1ISmMaaA1S#6b-oU1YFyk?t0z-s+LX<T;doPw1J>`Q{AXGQfO7gh
z_B3zwE`L{<&JSu(=z$;&07~nu1Nc=vS;Ii51QBW^ytgD0sRbC*(5vz4aNh8m45CYj
zjVOVqn>^xt+>J{@_t2jswi2B?WS=sqjkDIE!gakVLpB~Fc)}8QD#@#Nqz~y)Amn4_
z&=~KgIEzw&)$LA&x%VQ7joFuiR81`ymdIWtr@Agvxi>vgs(o6skDo`08u41_)f4b(
zMGqW><T{sDaBn@kDy%0kTkn>=IzbPUt4h%}@^&Bv&#yN`5W8H)>qc=e@S#hZwOTPI
z2IK;j+ZpvF-8^}?4GbHyQ)-POK$=(?^@37Sr|JY~n5#?_ophDbU%hf_k=|u8iwip*
zpUl=EMtY@~rL8-{s~Id(Os&Zeltp*LyIV=4W0-}y5ylMY$&8U7HZ?Hb#tu0tz-V(g
z^^0dla3zKTt<Tj~G1{*286<->OT426z<!8K;-|ccDRnW$56E>_1XoH}G|J8`pbw!M
zpDVJTyXu^4R3B!l<CLWBl|K6k+4OkdAX#VDyXwj@n%cozYUU#`fxPsH*&`>-riR-f
zpCjTz5Jr3rhKK!j`w_QxT{@#I7W$@j88=YH*d-UepePxk!+EZbe0z%|ai;Z1M`ks0
z;bF>I3S=f(u%67`T=FyM@UC^xRG6(|KwJO=)T?y?=qoHM9zr8P8GAY>B%fQF!Ix<v
z_d0zsRfwf+l)E2G6%V6Ad!@IYJ8YH@>FprD;EV^jwM?K8<aXmLL>r6~(czOa_x3@q
z$g3>xy9r{a@qF(YBxzjB)jax7HF|Y~o`6WIC{<X`SDi8k?GcbYeq2TGE-W>q-XV13
zKyvWqQ$7XZ*B%V0LPM{S8u*m&-oqZ4lVU%CGI(XLPcVRBSQ`DbhHHdmI8NRmdb^}@
z8tdX?({s557N})H0<}if8=^N{N*A?H^%qqpf2FhAu=@D5i%V7|)LOUjgxcXt!9K_7
z)qT!n#@q+NWD5XN_~;pfM{4j~RbxUJB-#<Y6O)Tg%Da6`1itZL0WzTuiQHH=92ilx
z49|8I!o)`k>eR2JX9h|hRA@r(cyfl#7Tvo((_Zj&G6on~@ia%kXieW8vwb&u2jL8k
z>?MonZc3gRJ4}X;g9^?TnKQziCug#m+}Q!V_BN)?;StmcF|NCdn?d`YB*kM88{Y@x
zyFM=Qa>w(D7o%&wSHxaw3LOEV;}3`+8k+GI-vbc3<(ejSI=yniElpzSl8!QdSJFBY
z7eJ&_(nga)a6IUtSF{DXoILjI-Q$~TuaFT>Rqd6YRS>OHCaveR&?I!lJ@h7wGxh*w
zrcw$F{K)8CXBF+7K1hii<@XA!9|li!cN3ouYtxj*fX?|y`YMW1c-hwCENLZz$Mh51
z+q3E=D&eb$-K?3+XKE%&ry`r_+AFG2Y0im6z0ZOk34y{DvDG95ibEDw<aDBV8OMcN
z@&;Q~s%fd*qn9wE#};#>6}hhDpQ`znYREO@h-W)gb|81`q1n6hYR{)fbPEYzU^Rv$
zoP!Zq-8EN`V^cABVLpmp07r}&2D1%*o;}?P8J<o{@Yo%otY>QVHY_B^=3m#Ymr&U#
zm3Uq~yK=TIQ8#-K(dyNT^LFiQw!%ZolKJVgg2{_?FmZ1lVt+>UlJ*r+W)F^qDZbr7
zp-i3DgeUL7SC=D6+~(;?ysohpj~F|xqs;6;kF>0|ef|n2TFJRxU=_VB3plvXfcdcn
zDb59J0?mRLPhHCNG|mRFTt^e$RZPumadw$IMnJ03(~O>*ddSh-tfvNnJSIF-k30|r
z`H<|@VI8Vl>#oJ*kd-p31j{oTX@_PRMXVW54m{@}l8f_mF2l(Lu~wn#=ZDJ4xkGP}
z%t8Gult_K($sx8+7)xr+$Xc|)^x=8T5wUO1?Q`x*Q%Y4qw~2Lz*Y7=kM1vsF?5Ik1
z>TF0=<7ch@2Gq;pYS<Au^sNCQz4tQCUKtW2sq^iXJ!Nh%CAU6)2!J9`m@kEANkCUO
zXpH%g(s-A)TENjnMdyed_>MSc*K9Khp2HyUgn&D&*O^z0qwe*goyNkrdLHww4Eakc
zU&FSoBU`j(mEt|)_hc6^Q7o`fVjK?;(o~PZH_SQ$7HhA|R!I3yxK1AD<?~GUX4|TL
ztYt+PR2c&=ANvA8M+wz=a?1FXHG3voF;iSX*fVs#DkZ?Mf!S$?X{&@OnMc{CBC6QU
zUc`9|02z1)=@Du}NFX69ynLtg28&)G!E=Lz3c}f{+-I?>4>@rR@vIP^*1(r*&put-
zo#;w@kpQtx+p6I2@eG5?d!2}HZPa4TO3$RN+Qb2SNz;X-SCVY>X?fZe!shS|M$pd8
zZqwF2RG1Dw<D6#Vx2LZHIbNpc`%ktAT4&s-)0+s%$A`}%Iw3pvOxFo%wIwA~Elj0!
zN{OpLgt1;ABn#h>%84+EYe`zVKft_nk3wwGRxU|wN%Tk8<~k-aTRKZDpom8?V06|8
z$Kk-$%nTwu>x{stniBWkorhSycLhO%efUrhh~n+YSwRYuiW{3?OOwcyzguxj-g-X6
zrLTLz9#MDIDQ|bXQ97v^X%?^=-^ydSC++tf_|+`GQT9nE$_*4Ohw${$H&3oN6CORW
zsU2@A;tMRE^@@7T1J->>*XU2426SWtW?b6S@h(LLh4AwTZVAz#CN(@ix?L`^H-7bA
zVwNillPg?6c`FV05+??crQw2lxX|{NIB1+7){_`DUTRaS2Q6e3SYEIgdsK{ZG;gj+
z59T4|v(8|q3#wx8^O&7*psJUnrc%WEn6wM~?6BjCP4)zLy&%2v^e)!@`Knb)?dGye
z%>l(qAkO)^oR&U#AfsIN#;P#)_{FngKLMS{O?z!=^BzA~el^d5#Y8j81k@g}*)$l|
zvC9^0>|-&z(*g93N~IYxnvNF_x}-cy?76%qo`fp|Jk3|Jm5SMG4T!M=+%Hk`I_+8Q
zhy>A2S9bM_vMFM0gXxj1s!M3(hAbX)$nAW-6?FhPK*qmt4|~ns^3IweG$dn=2GD|9
zjZD)vNUhndrIpJXuG!1>(09D`;e_ncTUQwAFWFqaWUJJ&SGvu~ce&IUGmg)a_MSHM
z1n?sr(T=VM5E%ds1)VP`>}6=KIa#Dlor_t&G8ai41J5?YdwU0<?90ScdekOT&x=NU
z785-4KilMW{fLp=;(G@EYZJ>RizSu3c%@_L95pXd=Ril7RjKJIw#BQaR;H!m^kAvT
z9uHT0C<;@iV<$3Ew)EoB)q=uWK2v_X!y8wqF0o_STy(Y!=}J838(Npk8C=C+EKEp;
zP40-SAwo~1U7OdOBJo87pIeI1RMts^0L7c-qv(vYUDDl?sOVSxrbQw$25q>QCMk;p
zvvIA`j>DcZU81i-;VO*{Z;{B`CFm86op>-0mw6nLV1xM}RzmVA52^+vMWH_Cs}3f7
zC9l|A5g?Os6ey<9Zr)OGE4J#YEUM_c2!POlJ?~eq77;|b9+#L>(M5xJ%{$s84H)L_
zRt2vys^x@0Z+tQlt-*1-(c&7^*F<m{M}GR=dov@PnO#GihUxNnr27EbW5dbcBd2u>
zIbd_%DiHze7mgqm$3$E(r?4F+W-39ut8QJhqc5KxzGsvazy@-T1UES0n78xBa#Q2>
z!A$RCPr*|@L#&{;%`=?!)+3>yID|Ko^2sGN5QNM0mcDmZye~Jrs~nGe;yJ9+h}7&|
zo|xTazZ9XU_MlJ#DY&X=PomT#pmk+ap(c^8V*qIA#;$^vMNf+EAd6S9>RFikUM@o6
z@OIFa#bc9B3wqJAyT>u~8f=Xx`x%hWz0`~+=N&Ik`(-kgR_Wo%6s>XbNXMB=AO*Pe
zdpR3Vjmo}k3;MDR_L3}H?J?S$&dzd!VA?UHGrf~2hs(${71LD}>N0|-bJ&`za+NaW
z@M=j59su)R5^>FF;c$nvEe1pbl@W{-7N>RG4#_-t5(e_GZt8bv`_Oi!<sFwn@yg=~
zM19Ym5pFCe0c=7gdMRQ7bW}28zfmFb7~q4Kb7_cRPp3<GbbQ;QVfQS5Ns$YD3wY<#
zdIY>4DzFu10(TB?$6%ge%kTu9s)6jKiMMuEBEw_6rYdDcu|3<AJI>d~?j~=WwAo+S
zLw{098f{s{SdtC_wW*nJtUymqUgzfIt7I+F+ueO4)v(XTH?3T{1%ZdvF{rW&$sC|d
z(-u)4#J<V*%<37I-9S1Ma5>eJ^*2Jc53?~ZR|8HC48WD&zE}cMfY(Q-+XK~@uqdrv
z&Mp;`+X~ndt{tvUNWD~%MM89TZx<FEZ!-L42BeMROd~$-u3gZejR!qElS;za`YxIH
zsb@pV${Uc_<5ncZlnX{O6h<nWMhs?~S6g*V+SD>6kKR&1fVv9T3YfO~$;R^W!H#=*
zb5PeAf;k{DA&e4=DeU>IAl5tEsy><ty?2{E@FXb|ZH4w~`89EDWaiq!;$j<?px2$k
z!MsspdHN!sW~T>^VwX}x_<Jn71b#5CiqtNaJ2pj0C(4Bgw<J$pse|sYiiKlh?0D;0
zNi1>PBX=IKR~LhISA}KfWA9xEgh0iBP=oDU2C0?hW%9c~&j^NCS@}(dpG;};s}i0x
zFsHl00qnu8iw%f}w`llm?k3gkp~98((Zdx1+EHqpdwx`>^r4#pd~R-a6U>7*uTDd<
z-w7+dH;r$6G_`zXkSA>DO!hs@s!>c$&&?-T+g&q-?^SPtlJM35aNlgMzt^2I8DgMi
z&jJHuyny-M8+Pdg)ZoVY&o>}EuztvXW~@ZjBO<Hun(FyUJ6p8-lb5Ip4gk6kY2KEP
zTh0gjHMkG=B$fCv!YDsHW~(Mci>E?BKH_&lN<8zt5unG_uk{8`0v&}!-XfBtJ5Dr_
zIXJ*%KN|}W5m6uIWgRjuT5vph(6O%Xsp;N3Z)LdWxktc}P^6sXOR?4rH)MAg_THKz
zVJSX!qJa<^n5v9>CW>+uY;18)m}LDzp{^T)k|78WM3qQ%_eIwwV}S9>Y$Nj`Y+C^V
z(52y4lY6;<%sNh_B455+o1!+XmYlS?nUazy?cBwA-KUjy0?CmVv`I!pt}t?P8Svs>
zu&INIKzW#PKhPw3M$x|H``!({;m9t2HA%DgTwWv1J9J2U)zAHfj^zgWTg#n8lO?Cd
zea1xT$L?xv6DkJr-mRbIGdKxE6acZeZ(%bv=WVoJB)$@(ZZFYe@UFD?u(O2a1YW0g
zCqGQ<$H<)xs);<>FEDg!LL%il8lN@U+UWMNaACyC^CX=~)!UXEL0fv@c>q}D+58^w
zbCRlTY%sM@4wpiNIK0p)$ee{P<=Xewz0*0})Od0I0pdRND>k%BUX`S}n7e0~Lc6#Q
zF@q_L{nD94NDL<f_T}jHsH4-XD{8+fNDw=SVR(<P8pUxEt|}-kZ{Trdm?LJ-?oQ_9
z^}c?v()&~h+jXNcujs)b!J=D!`sQE01;F!&xZ!3k&#MzK>zZX&4`kDW>!*$6)-&#x
zikB5~Q9gUGBU_zPr+PviUtYbz5<lYyvKUR3DRV6E#7EM`fC0IQ4>t^PG;}MQU;iiE
zR0At?XYRhUMb~F5tew}d+jOfPi{2z1db)egE{34j*~wrrxUV`%of!jpS^%q@WGLr8
z?&-CH&~(-w(H(tC^Jpz1`+!j?<}r&C`ex~jUHI73Wp;<NeKByw`FvgY$QIB~h5b=7
zvKpKNN!n8b<SEWVz9KfmVcrWR*tB16o{CE8F<20T$OC{KN`H}9EOcs+o<qkkFVn%y
zHvj;KQ7g%8fKh25im+V4DJ}U+V%^heA*IY}e?(<LkYLf_XVE5g%~-g|12_YqBmy{c
zE+L4B{C3HCZ=IS5^)^))q?zKaC8qm|9RPq!4g{!TMhJtWX(kO!n7YnLJDIBVIt(`e
zi=e;=`(q+gIM>Gtj?~t&W-zq8tF!%h=%tD37(P&oU%|%6sfN{dgH?8oSZ(PH$K>)r
zVY68j7nK{JCd+xe_ZY)NrqE{`4iRb9V2PDyqiM?OM#!07W~GTVp<mYVJna@LevhXJ
zkq7vxdmiIq;SmlzJ90fd?Yvb++ShcQ@bYNwmQ6ADGO#x33FHknWxuxvT-CkF76O@(
zZyqywT<Ft{MKOGt`vhp_xjaPar&}UScTK|sHEM|Og4_&ZI&h=&2PBvr#E~gi251*j
zdzQ_6j|jLRZ;hE+HtunylqubzZ9I*u2RV8wt^)nG&)R0*;A<VqDA88&dfV<8>#1MD
zp?wKwf}q>!#){em`}!&q63QI{#L(pU$yi`djVX9$R-<EFWV@77<uw-EzMiR8l``-K
zY!8q&i}5K&O9<tZHs4+*+18Y}o6<<Ev813(*#C@s*`TjsCOw7|0J9?A(F$lu<6wYc
zU~?*PL`F&!EnpWl55bffdcNEiI!EDF2L(mZH5gkQQH@(ZvC~ZC#|pFsW|#)vjLuOl
z^DaelOx><Z`6@@l8?-`%$2#YMx0?yPxT0qvuVoL28mk}KE5XKRQY6v7uUK9kfX$(V
zFJpJ?k*Z(Vy?eP#JeJ11SVzoAjT=iSX3ri&sF?VpSB9xm3hyv9NMR&W>B2$GJd0Cp
zyR0QPpJNOJuWLdgvv!Z13LA*oz2-LuXWFZDuQ;qEh9fyM6K<Igls6wDE7om4Ph8Mb
z4V8JIR*xNop+xEFQlGwT<a@WwRL@|%<^}i4xf?Pxuc%{cgr1wuQJZ(sHDIZF#7mVd
zPjfk~vFEDssEcb<GK}CJ_6>I&+>t>!bfNUET*erxb6-{=)e5z=NxKdn*>Hi0W*dO%
z#k%$bcdmU0R>996zjJ2f+1k!*K18tsh4W&AG?cP_v>lkdB86cO`ShtAlEm5cZsn$f
z#2wQyxFTOPG_i7rqcp6&&M`?mW-<~9NRBzbsJ=98M(rat21cP!d&~mthXZc4P?1tO
zJ<*cj0xVu5&l(_K&yBm$I&4Kca}8CgjeD2s@PG-Em0yC(1szY*c+XYxa>DXf{Oa6W
zP~+;CPcQPZrN8t@)HFvzgxjF3)AD<7)4hq{DZcwMj^xX@5mTup_lo0sh)n|osPR0#
zTc11}HHU<tOl7&pkNRP6W<Anm=a%b}@!3p$*U7!0c8nB;+kH`PhZ2sJT054dB@(`P
z)=q7mYu6|)THK!hDR<DK{169vu{e>SE{{|nEN@5<ywj)8>8`ds%>d?gW(50?Z<{|F
zybhE)uL5Gm7I@^twaSR`ETq>&W(LIv_EZ|)8?`b8OUV!{@Rx?eqpv(y*-0jSybmk}
z`*coh83MuQ$uat{-(r{_szS~S!ii@)n$-rOymAANlXKrCKTiZ*xaR6E?q#t^W!p=>
zSZ&vU!`Oc74?Hg@qm#9B8=vqIxlA&wA?Fo8RCwElt@`9Wta-ww&Vo9=B4B$QsIUrM
zOU(Hk*WI3R%t&D2DHFb%#cQo#d)QbOj0-Q!W*_LF(V^^dhpxRA$ifB}WQU6kG;Jj!
zdGEI3Z6volg3RmPDE>{(61ER8d`P`w862F;$&TrE@hzpsH35iqI_fQiYNvZTUa95l
zfa)MZwk#+<USKIBW4U$)=XW$WZZA9$i&;mnk{*Yz0&&mUAq$Y8LTpf5N>O-m4Kr*P
z0aE#e&d%8@^HGMl#O#=IH8mVtM>9)_%vqUz7>g;T7`eSrBO#b<60}e+y58Pi&dE+&
zvPesT2_(LQefMAk_Pv=ENGH)ZJ?f^;XeAZ=ybjb0G?!zbpMnKdP!$bY=?N3S>^XL~
zVNsHGZv@r_hq8>J1~GYErFo`zoZ@kUh}qMaH&|izJgzHUcafmY(vO?L*AkVP2v(B4
z31>2;=vwhg;xyW&_)9saFXfOXIK<r<G&^ifkLqBt(3_$IZet$GjK-PbDV2LMfVa8}
ztBQl!CS6M-Afk8RF{v7nqzcU1-b{5;*dAU1u;6I{-u5+$)f6cf*W{>L5B=vH@jczC
z9vwZVIKUNEpfZclzKYa?C%&;*T`W?@;g75G#SreXm3L!}C$YZqxjJs9N^59Z54Ni?
zXOHngc5i};(?@mDd%+&qCOr12-BfGrZ8r~WhbXlTCOnTE?#EI=hVCng#bYjq(vUi_
zk9sH(TKm##r=e1hv#k^rlGKhWMAa=E&mm~R=~2j)i-p^;yB>SBU5HiyY?X>Z$WmPP
zY!=ou&b!67c3w3ahy`birRv1vt&w!9*sk%lVh^x!!=;4>vMZ-LJF+jI9J&+2u5h69
zI?ScN(8POsus0GZ*ZcG9&>tIER3{KUzEh!`D%)*jBtM)d?Qg8DL?781ZR*>RV8U9v
zRJ6iOVu|8*O}%*7vZxQWayD;hJqh0+x+6uOM5^4lI`CGp;XFPVAILYVZ(#AYk8{(T
z>6OO;p4b=L2j}3r@7*L%d$f~5q{&;-yY!)JHw-Dt7u>IyO4@@Fb+aNL2)Kg03nEPl
zVrxV91AI9WkIb-NSTd>aNJy|U*IuMX(wnY6L&?oNg4#p195Sp+;;UU6mwA>4`v@OL
z9?;xF7$E3!SP!iuFxTN+!`V)!VIeS9^aq($y~I7qYHu3zZZ8<43X_mVsWK;Mz#^Hc
z1_*@UhGp%_E*=7P<Z=6ZSrhpJYO>zG5Gd>hd_Y4hy_=YvbOg&KK(A)nmTuw8Ie{<d
z{9(ep)MIO&#JOI5+2dI*{+ga#4zpDwzpb%5G4)b;jnkK9dcZGJ{aE+V@=mh$y-LF~
zb+UW4=2%)bnz;GP2jxbO_CW;t^JK(QiL|jiV)#!w$fL(c>;lj0yta=YBS_>ke#$%L
z(TTZK30zKlI<wxo#A`v})Jg)ZBVbcGe&zA<bly}Lno`2pX`|1>Jv>Ym97qaq%}gA!
zp%ylqd@J}Io8?j<`TA`jQ}aRJ-I2Ye>i2Mlg3OlMBr@dqP_O!7s$rNf<Wn6P$bKqN
zvGzncGG$PQZXI*OVpoECJrLv~q>TVKi_Y?qO=P*ti)E7MQ8xg*Sxq6*!qs5dxFq#v
zZn4AROlLH_nL|jN<mt&ge6zXFD|tL$x<4eCNJklUtc}rNA<6>g#P_VZU)m(Y$T+Vr
z5@bJS25tc?^TEz%MM;n+cW^859G0|%U121&GBESen_64)viI8i&1BtHU*_2>-yW~U
z5{;TMFQM31q-6yOG(&Zez1P~+x7q`*9c7u!fZpaBQggt2?FjqK(jVoEF|YPp-?;?o
zrFLM_rrQE8ZD$u!Hz<;{Dw@E$)U$^`$!FQaGuFZUYL+*|B94oNah!th1-l!u6M4;?
z6#EgyEs12UJS?=t>V91HD%UdjxzEC|MAy?tF+!AAOr6`kcP&(}1}vmdh1^bhQWT%E
z3^ZN73g1V$2TSGS3sshS>9plQO-~U?t&x?AU}!Z4hR66$x0&t1CB06Ip;I>}8&2GW
z@Sf<-AjW-Cfg2HflSpTL>F_K?Jfs9%;HFxJ^cT;2pVIl4bQ@4|w<ja|s^3GrlgvlN
z*h!jaMN44kb*?e~)XO7Z4;z9`k+Kiiq;uuynQ<jz>e(3{vEAtTD7UW1p>uL?8)_-^
zYjfQ9co5?5NnmL=5rwt>XWhHTd)M@c_?fkzFar2XZk5#ZOfcLc7`BHYBwS_GZvr5~
zT&j-EyR7P=1GQ1dF{wvTL&po%XGE!2sGYD1N#=q3_yuh8oVbQll$<&DJ8hbRTk!3B
zRxz?3FUvt0CJqNlsD$uAV|YJTQnR_7Y<&V_m`W|~bYe@9x73eWTN6>=Y6Tm@K>CVO
zjLT0BmAAJ<Gx78({E&G$DH}z-S)Q%M&PQYTU~DY$HSlI!RB*(NHFl+u><h%%4G${D
z5#!<%39+jqv3ZY;VpCjt2nu*STga<D*I&1z(}bN55#(c}nK}$SQJ3InVS)S9wR@gG
zGu*y0MnE8TdmYIKG!an^Ii_3>ry~uqRxL$F=4fhGfD-DJ%`=hGr!orDj;C>j?_RU7
zk<d#QnG!G;t9~-MkKdBqIhcaBwy<KVWClU!0M3l3hCwb0pFA`0v?)XL8=Xg@ya@<}
z$RYUXy|q?E8yqG8Pk}B5uq)Hu7&*PjEHv@r2so{nVRmN|19)0qtso^cbPcktZ>o)l
zsgtAOZNDZKPtmwpROVth2|E`BVtcg?F^~mq>n2aOXkKzkFGaTxY+v~+F{7J#9vJ~F
zY0_E(_lyU^-TjJ*#kNeO$#1O2s*Dy!Gbiu%pbl!v0n;Jw*}Nzh14C!9R|;xM-gn1Y
zDF@py9b|WXP5d6PwwE5l=%;mRpVmF{S)+OCY6{TO@1>9%QjdciL-QdF+ZAE7c0wk@
zBg?{o)#IZV3y*o;+eh{qUoE{MG=+?m!DTv=FnY#5m6P#+`gJleS?r(yO3`tjmxpY&
ztIB`cVNHv0`Qcj1YkfZlyaBdjEkL}MC>!kcG!ipDOpASw%NV1eZh;&RI;&(7?`f+u
z6J%H#-TKTS3^d>Khd``G_})6bTPXDe8ur$d0It{L1)UCnMC|-%T4(YBrjWmZhnG|o
z@8LaA@m}HVf}_=xVC3s(TY2mCbdm6YLRRoG@pe>aT;8SQ?NH`>nn^=#g7a#PWYZ06
zv`M;evhi*%TZ~?FxTfH)Zs}X1SWK*7q_&$B3N+9ms}up;L$JBh+RHav^c3I_6T<MV
z_gxJ~Zs^4BKDMnC%oU4p4|(avcUHHXgtVI!6c0!*Oq8cNCs_CCA+_c^SZgFgu6ebA
zFb}rkxskYV=X(?yrGdT_nfzY95<w2JjJGP5k)U-5uiddjA}TiErP=EqEN+vrC(EfX
zY@7LPY$Yl84Wi5wsonP|-s3cS4aUfvyW8^gT|{iY1ElbL&dn4oLvg#JOCZifnS7N;
za4`=W#}m*wjbV8ochMGhuuRExAYg|?i#3MIgeJav!$#%rTCp~6!>^tdM!nk@oM#9!
zJQA1hu=ARfj#loNnmdJ)IOOflNV#vC!0L|%?ShO&B&2P;Dw66hjsnXLh{shk^g^GT
z*~*{=1r#u0YZ1mPOMM#GedB%U1X&5H=XeMVE^u6X?y<go=Wk#aTX`zt>^Z%MFav!W
zEOykRJoTlW$(MG<;ztzw3g@`qgMLp%R?%$1(G@PSt=-XL>PbIap{;Pf?4oBmmN0nv
zN?~}p?0R0rc073y1o^Ud<PEvsx$}~A681X>v<j|@iiPJj6%Tl*o?{u>{}))lbXvhj
zJ>DnSIXuF+9GlRV?kXZcrJWOZJl<o|?g3;l;gP%GZ?YsBf-)qY?(%5)0~<IzC0fm9
z1qLg?lEO$we$VU`K@%VeGHP>!X515(t$MI8)O|NcCu(aoyLpMM9A1fG(3m83x!X!P
zqT}m(M;O7<`bMW|0G4-&rSwHv+0rPB4g0g6;-_RJYbq@3KB|l4Lh(A+NFubb_}Rnq
zXnpI?uGnzLvyDY9c${js79gA7tQkJyAkf@Xvqr->0Xyl!j`v<3HN3OnWnCeU?3%#V
zII!0WBw|O{i3T(XT{zDNeY!xnrDVb45k9Xh=>RZdp*uFQ-gYEN?Lk?Lhk9n)c7`zt
zJ9XGGQ90>wP(=s_A<w|I=h&IRu4gO!8F7!rXy7s6_*4j>Z}J6{AJ}VNl=mJUil;$|
zK&REd#1K9e;isc8qEl3P%prmShaqD35)b6wijGEwiZ9^i*~-``Y4J<bXEEe3Wm6n@
z^fJa}W#aYgg}hF#?tB@~*zWkLwRNSd&S)E{KB4!v(~>Y0=si%U*RXOIqM7=Zbg#<v
z6v>B?P_#9D5>iHN9JKi?`>s&2KwS15@ja*+f5F-_3nD_#y1h)+rTo2Q9LKkzVSH?a
zd283JZ$d`lJ-omk$iiyFnRwL)yw%mzv~B+CfhJYA4$Kxo*P3XU$e<W=n--~kdH3kc
zJ1L}hvpV~j6V0LN1+cNvTjOj`J}i0gCY(AqN!?T@>d?<4Z&i?<I8_2JxQl8?*+T|P
zAnizPExX`?<WQn%e^2<;YLl>a9Ru{fEPL{T<@%Z-H}mX2@dRaa+MMYE6Qte)SToNQ
ze``Diii%6IhY!8q#7W!EV7nJ+ARO^{x=MxgL$ww{B%?<=^*C)&ofWoUa)iSq2BWdq
z;4wq<Rrs4%(qd&|Q7<*Ntk5K?>Q%$SlLkmsQhY{oL@BB603vUnf{yB$zXQJtj=@Zu
z^L<>|*6S|ziXon%g0Z2Pk^y67$C=s7e5hy_t@mIRXx^Z^`PmF>j1Q0{2;^~RDf6ag
z=*;UP08^zG*1EVw%_TN9aU_n1CFFfGNd72dUq7TMes4Kca$z^@Lbcujs~AGLn9>7H
z(2xev=AIfXHK}dko6;b!00rX0O2HEG<yezwDAUf`C)zk!8>}>-ho)6KXfRE!^g>z(
z4&LCRpS-S+ql<?DAyNz8Qn|`cwHOABipS#V(;T%M>8CpaeXofl1n(6nDZs9FzTU|U
z3<&p=mxP420WXdFg$_|rZ;*`&9y4~`WgMEKjY>q!bp#?K^r^}C;Q>@oO<Xo)c0`8a
z<}yCbAyD=83YG=EQ)fj`6SFkj);>AJ1YEv_9@`{`rRVG(QJwd$#(RXpA$)1~Vamof
zsShxsA5@EBwAm^h>tW^)KOd)>^qhJMjQl`Hkc|82W-BpA7f7$4O&dW^bD7KbERgd>
zzOhIb<5EA#ey4>?$EOaR?*!eC>4D87sudMpUkIUMv@l?a?`y2Xmw4b}cmURS(rr>t
zsY4(6TTQskYS50l^BCfr02(Ig7Xe)2*X8FY1$ewNQ{t?_LwW$fZWex;v+puz!%%Np
zVVIulrs7C=$ck1bPd|7|B<9{G;ALKj|CtAUkqHO#T!iNWYUi3nA3z+hdV%c~(cqEO
zq$Dwc5hp2(x*WZw5xoaKY4$Rzn`~Jdqg4wnBRDrEJjCya&BhZl!2)$xAJQPd5gYMV
zwy8+cnsdL13_){V7AjT2TyZR{v~-Vp*|m|T!L7^^jrGQ^{o2gvC0*Wg#D;^Em;fQM
z3f(9(U#}t^B|HdF7pzy5ZBn$XaV367F)taVaA@BG77QVTo0&98Og}^x6N&5hDtBd0
zg+;p2)6sIG!=VNy2CyYZ_Mjh7-}rM-1P+9C?BTOM8RS6@->14N50*H)(@GIKHSQ8h
zi8JQiz0`5N$}L{aXv7J5*?N-=Qc&-$<h~F-3v-D%xC_Q52Izu_gV}Q%XHCzOQogq4
zVXtIH^~4Lcfb~{2XfP;P@#ma}O8{5}(j^?xLysIDY9{RD%Y7>4iF_`BRsekdrgtk#
zgZ)}q2<`1<Qo2Wr_XVB#kF}rbhCNtZ7cz#_v}3^LZ`Mu3kPY-U4$M}r$M2p_`c+38
zH@`tAZ+u)W*=C;ELy(2bCldLp<zx@ivV624A9T|^u(CEMd=F=HUKhm?Go4V-+*^)U
zv&+GwufP&BhbI-g{BRIgc<83~(OFz54%`IcI}xL<)qa3?hd`>RPSIPHJK}y#_QGp7
za;(?=n1KQeQ{5NetH!P(+2UYvJT5~+`!vr#U$x$T?h=IrYYQD=k?Ll78kkN|LC4$^
zDajZX`Vz%k0@)XrPWu@~+UU;KMrigpZhKYqtLW>r=L3$Lv84HQIHo`redK8n^g4Nk
z>?0C9lBq{3R;-k;@}GKCek#N%_$JEfO?WmA;nr*HIbrc5zXLBjF!osKCPr+1gbI=B
z?sLHRPAX)Cy3CHtT{pduAy^WDln9>1V6)Oa8h(D9#=VLAjIuZNiCJ?Vy1z&MsL{qf
z4y+C`nGhdbW2Ot0AlF@7GF{_>!MS<z17YciTXkEXleRe=v=>Ony00pn$IOXzZZ!c&
zFcB0UP-^damu`o?dN0O0vE$6uv$te}-Xciiv_|U&6yr(S(lg=`8-bBWV<Tmo*6Wq>
z2vhT!&LT+5j)RwM&EqjhH8y_qdVwB4gf+hMq*2qBaAGIER{*#o?fS6XHM3<=&P}m9
zv=MiTHKN8fJUST9&FZ!BIqV&>PSGtEzR|fud7)uomz{7+v|88hBYXz>rUJJh2U;bt
z%!;<72sQziP){I;PH;zdObjgy=#k+&rZGBlk5>uYnr`|EXC$W%&R1E2B0PvvUKP#r
zcnWlG{#s1i^BF35fDwYv12nPs7IE>617FG!|5$#H#m*h-m2VH2z#teAGCsyWk!MDE
zTUEr+0aWDUBHDVq35>Zf59G9nhI3!9dRv!l3#w12l35<K!Wl#%wVo)wbGCB_dGFO&
zJDkp&C^*K~rD?{)^^S>@4L2PHwMX;R>PU=Y6fqsP2Q4x$R6S4pjaaIMgyw^O*0;`L
z^qA|^i}LmJe4BU!YKSxUrC!*VdgY@gk3wY`uT+-&I-l^lj8C(8V3(S-NrB(1hsHKr
zW73H`HI?sLn^yoNdc&zIz2CwE29{+;cCpZn*=MB)a&*<AtlPC)&0J0IC=UJX=&b{B
z!ByF*asTIDD*@mx<B{e3B+q#kvCEo`&*$Nl7Cc6ZP^Hp0M=7U-354BhqjFTjgFf$(
zUB-L2O@wETQCjbUxpryWgv;KdRX16_X{^FYE`g(4AQSD=nqw4LkF4wsvV90y2M3Qp
zDKME0{bg?F1V5Z)b$h!$?xG8EC66q2LI$MdC6~1r)CtBR=g^ssv6DFH4w>X#XYAXK
z_oQXnEY!i=8WL!`C!F46(-1i6+SC~>sCKz<Y_v=3qp`!JpzToWH}Fu}JaohIwY%Ws
zHKSggLO{P#q~7;<N1jq&)&+=?MGy_*LvMYQA=$r3HApYoD06{H37WY~5RO>-k!$Q5
z2s1b%n7nRc0*WMXw^XH}=xzpuNDe`lM<NChh@I9NwsaGymtM<n-j?79FbJD-ZuFDs
zH+J$KfLoupEdp+M+*oQGEDJif?168(#VzH*t?oU*v^3d;fpg?US$#4JvV=iFjlg1Y
zk%+TT!I_$B7RXSZy4q;RZ}P8GV$(6e6YpIn0g3nHz!%*R6TA|DJI05S`ifvLFaVz=
zy=r(DNZm#=$m9h~<-sO|=zA<=h3OTVux!`m`JO%?HL#5p*HT-Tfwe$lS$LFVa^>r6
zh;A(K<i^=ZK&Q54JQHbSUBG;oi=y7?<6bN!ljwwLyr<qca=KKH(hbL$>;S=~tRz;R
zUrCSe20euj_a4aS3wPAB&GgcRh1Q_=b{Pv(HhT(!4vFU4oFU-7+`;2j^3&(8u^TJB
zSCWr>LySp+UfI(gImvc8lPR9;TUThDL4P9sq_=zGR;CFBToL>PWV3AiM5$DSQr`S0
zAG<Xdrji_Ob2Rf6W6y9n-i*G(Wgd{rR&nxHIibC0>}vIhfL_E%&q;0{JT9-;Y>tDo
zP*Kr3gBjIcx-3!k*`BwUngZo7DR@{pWYQ$%3@p?LnaS>C+$E9^<2mMKOf}@dLhYy`
zn$XjcYeZwu<LnD<w+Lx^S&t4@ciF7d_c$5=%&=yTSQRtb{8(OzlF1VZ>qYr#z)gy*
zfC3W!L@Y6QatT_BT?QtC%uy;c-IxhNtm0|(tHWv!ICm$T)L0-t6YQINL_9@MEM@Fb
zAl_B3EeR{@GOev7I5fGLP8$%kLuT>t23?2C4C5ghG-yi+Rr=!kGTy3tLuEQ9)e+z;
zT&Rd@Hn==wM(uU)HRUF#>dQ>u0pu-@OP%DnmY9g;28A^uB&xR@TocUosFi~XP1iu#
zt86J|8B#+YD32sDuxIWS@|0J~6&I#y$&(3L=?m8)0jeYFd{>Wndd9iZpU!a`u!6gF
zmL=8zT^7^fbVB#|i(*9#TRg9BR>o{oHjrQ{i+yZbUWTjs)U{qZ8^0JJ3Kuym9cnqo
zv`XreBz3Ka%54BT2ue29D1sgZPhQum?;M@nbvoQdq}06j?&a!iwoDzEH%&#1spak%
zp7RiddNQ~*_eiXdulA)G-x^ed^!5XB=%#UQm&Xt9l;vgcsDMV0m6e}TujLJ`8h^@%
z^d%oY)uo};!Nvkq6SY!~r+g=9rZ^%NzWxAc`V6Npsbn7=nM~wp;2hrUz7j0j0wDiY
zSH*(J#AS~*6GdB*6kQSI2##4Dq=1;TY&J~|_*mj(biAI^42wngzxG)bdW+URRB#d8
zbyP6ic}^!)ntjT_)luc7*DpE;NZTeJjG>;8E4o@(FOh}C=z=Yp@OfqMso~2j2+KOL
zS=xQWRF%oBM&5#lcMLA*s@95YlMKdDsgrDp63^zQ0a+E#n2`AqXNIbl7h)Y~i0Dfz
zaxXx14SFdqNPw~GM(ALd8Rng2Y*y~lLT>Pe#%^OhNY=*ZS>zj<4ZzSWn_cm+tZYV%
z8`NDxQoPQ>VOLjrOKXee+n{xB8k;P-iqSbc^IojLkb+m+X4{oA&Z73cV|kuJ?sKX(
zQr0okdRPVzZ|At>BEz82&lwO*O3v8`js(b1+5k2kuBb?=qP*UFRmp&mjaO@!i(YpZ
z3Up?OSl)>XbM~+qG3^j7-i$Yiwp56fPXUiLygif_?Yn03wMGi@5#%@Kz+$lx);KQB
zjZ@`)y&6RLP<7fb7FX4~)GdBh=sP_}eSTn2#EJPdYaI}-m0d}uu~db}<@CsVRx%Z$
zJb^`tj?VCWIn8-<Shg2r*TszG>6ng9J?*ip1;nw#2$^TKtY#n+%!oZ82*U+LzgoLp
zVP17(Rama*dP&DB2gr?AdBG))XI4~gRl*~gN=xd8N1pRQuh!}&)Nds?Ti!fKY$>jJ
z?5!B8J{M<(3~la=`R0k&D|P~6M{v`g2#?3Qr08Y=m*{VON$S1&vX9{NwTlk3n1+am
zyH8yzsilBG!+Z2e_IoQJ>&k<g2-tR-wAv0hZ(OHC$t}@A+8<QK0o=%R0cSds(^FJ;
zjOm<5%E!w?{Bkp2ydd+`DQxQn&)9xV`r<ja=QUnnzW?-7Jf3AxMrJLbhV-6Pa=qG%
zJVRe$Mxl+3hs^E<R3L5{@!-`8L2j1v^kt`cw{=@GGQ-nU^r0<m1vtp2h4Ks>W?&7e
zV!vzAa>y%R(iR3uS8`ZG5)a(RaUFBMELjs|G+n|BO$|r1&qZGGr9FEuyYYB@oozQm
za#P08kjWG}$lXDjyHgJvki$q8!%cXUS||)a>8koX@&HEN05UXQ4N`I>b8hbz8ty7R
z4zCH+tTUk}w$fpm?`@#%1LzFUt_MVvoL=5K%h~rdBLPg!QQ{rF+_l0J0or_sy;dX|
zRBimux$**Oco7!zEpTrz$`zTc-c7TbFg!MLeodZNOC3_<k;6Tb;*Ck$>=4lGYh8j*
zP@)e;T@WN1=glOp;+!87T4y3g#xhZKCKv(77Mh-n&YEA>vmK_x#XvNxb?!2DxouH$
zbstYg_l(I`ji<BbEi|zdEZqnQ)5^N-&p{la0V14g&BTgZVLIz=o=m^zroczB#fPe%
zj|EqP#qY7aNE+U?@@#lkr#ble={R1jOck3JiO1n<fr^xFgtJ*-DJjR~k#m%%l~tjR
zEp@v_twwe&Y~idAM%z&2W;9h7Jv=bdYo(W;!xgDGQ+EbjxC6)_0Y`>B1tK(4d{5C}
z!rz?J3DeW-SDp;s##67!Ln9}~*M?qds^Xe!nQ=T3(}_?0{7b(+R_Cs{k*>xE#)bPP
zpnwk6mUcleV%}SlRRa!E)|I!Q@E+>BFh^FA#0O%5a<Nw?&nSueUP|05C8RW98$;jv
zqgRes5$SRFx)G;S@iFLI5PapgFJrILCbU)c{_{@|g?lly@WD0lj`F-*?=(D)*HiWA
z$nYuTt0C(<HA2dMRaoc)KoWd{j;`7LfagT;ok#_r<TIDyF+V>L%E!$vSXO!o@B)oT
z+_5>Tw=-2d6^P&R`5eK8n<~ZgoQ#$&T76(N<rAnTm9iD4z!glTSIgtRmvy3)z`MO#
zyw4?QT2;3@^r0lSHWmSP2`z#vb)?=R;PxnATlT!gfw8^qbF6%(PHP)|4*Ou08rWqQ
zG@d6TvCIrMjRMX#)Zvjmu*0@INt?dKeIz=st}1NOF!tz`^w?8+HCBrFR`%D03VD)R
zJ*0SW_zK}LtS>`%xYtnBvs<;BDxCx5g=Nk>+;~1>sB7vTD)&abu=;_P#9Megx0E$X
zBrj+?ts%w`n-N<@s+g&$V^CyBLg6^+xxR{v9GsH5irh1;UTPxQjoWyx8r&V-PX?Y<
z>9jsA*)+Y>NSo_5mOW>9)KyunnW>z6+9gAck%l|~Dm%%cQv22<nwq^Y<K7bs!KHd{
zwv5*(<8E7HP?@6V4bb&I028od#OTu(i)ROkC)ZE<0i%Zu36xfM<YTa>k{2aB=K!Gn
z%IMrxpX5f1RKRFo1xG+<310I?81=w8$m_)1LXNo1Ya6@nGb=ivz6xdXi0;KqUnklP
z2~T^?@krp!ZFpE*%tbGgr&J_PE}CNH6;m!notb_4$M)qPJh}#AfxQSst(->})PO4u
z!4(>D*4Lt4?67NYUAhGr>tI<?qq@eDg^+2Kp$Oezk9v4#N<I3`QQ5m5W{NW`OcBBD
z^q0)-r#dNDm7{%Br1Z)+oU0g<E@%5G@qYqh!LZ1zrl5qu+MAzMfB`tZ9!<J6_atO0
z67P0IR>#~4-ib1I&Olsyjga3oYfxxxK&T<tIQWZKx2MQ(b=`RVsMII8T9N|E1yM)0
z<OSkYLrSLl(@ZMc#l`BPFolQCnaUBljzQa&t1l*U@X<XwO$>dN2nCn2VP>}*hFBo}
z80cxj$=HZr__#rE1Y1W54(91RibCvQaAmRaXVEBFj<*ws@5Z$O<FSJ{iF50T7LV5^
zHEqD|(Uy3Wg<E=HH5|q6TMA)TT_NHoL7~?Y^U~vWs4?*lLctSc5{WD0hZ%J@Sw4tN
zPJot&_tuxp;UyH5I7BtDR<7I0vwL?7Kvnyep`^hIU?0-qsBEZ=Mjkj%A~CS+;|f<P
z(T!@_tExv%Pk35GsE!{^h%oVstxZW&i+JD;AgN8cH<r?Cw;@dl)}A0@5;{jDWU-8J
zIE^kd{I*wi#ekhH8W`^aa`^dU#w@GCuFQG~7;=>%@7lz*_+gsMzQyj7jgz5AsGe-4
z8lt%35L(<2Og>dg{Y<0ZqOpRgzc3nqscTThEpFahO(4X6310E?9?nMAz7vQX7z$Bc
z?9~uvbKTp_?XCqBqrzu!OIq10(wDYa+T_y-@B$`msO)n2y<Vy8*K3mT^2~PwxtS5(
zN*e8rbU&rZDPn)GR9<Kb=gV^qUT_tMAJ+XPpvaei&vyGlEtO2-{5>T{v03IhlIU@O
zC3J=}-GGB5?Tj%MxLE-MCWh^_XK;ud{f^9MD+vsYaW{hs?+)~WZ&V*$Erq_=9`R~U
zA8Xo@v?5#fvDT}j1_zPcO?i-hbY%Y-Xh9E`!T9wm8%IVusMGnz1TG{-9yV#pGFnP@
zU5m2JE1OcSnoWL3O19bw0&gHW25c#>OxYVri#Z_OV1b#Ri-2I<1sY3r3hj2}IIQZL
zjxfq&brb{kj>@ep2XD+Mnip0_RGFzVK@?6%`w(!|1{0Dfy82?lUtn8}m~2HnG*KWC
zZHnN+p|orvp}`XbZ_1Ua6TcSVD?e6l?c|+?XdQ`Q5D%llnUW_#Ubjnc&horAx5#8?
zAf_Y~vUQQv@F~`CRtt8d<5_DnM`qk3vo1;UU9zLlhxtxAiWTBXZ9!&^2~7mc#@@ZR
zgKTw9nl1{06%BZx8dVtnZtOY~nP?@YWLKeIzHVVA;Xnf(^QghdNtJL~;G`NPLr91k
zc-GK-Hnz~o;)pOlt&^$kLKvQ{+d=sPB62qICSeYWb=@EG<6@*SR22@K>R4>O0C*k4
zFQQ4NCBZ`$pFXg;Hy~Ry786ie`VilOlsR6Jgy?Z4&%DDx!iTCRCJHceRRJylo-a0A
zVZ2TQjq@sf;c)ew7L`;v{ER%HLkSb~p(7K*b(cChdfMQVmyAv{rP@+fhng7htlk()
z_~Uk8w;F!~z5wb;NYA0&0<}{$Rvou_`i<6QMXLat;X#PY1^8UigqP{L3SaRdP*dwb
zc@*lZ=|+Jpyn86PtO!(7pyq%GP-yUFpwg#-ISpkNyoOB{N6*(nBsFQA0m5+wfashf
z+eFx3U3P$*DS&HJPpj)~%BvV!r7=w^ihR@jKmhl23}#>mFP19casz`g3Z=YNO$&s$
z_sZ#w9uhDEWelJaOL)o@0zdgrL3#}K^z>xv*|5;&y7#$S@q=)p_m(8_LKhxxL6eV}
z>V)F!N_#WQRB0*6M8hvfQg$yO4VG>>)m-q^J{6|Z7baCW^HLK{o8;I}z_nXcu~}<i
z$&4|44rJHOf#>P2Zdakqt28tV7N&x`c0PLR1ZeY?g{_HQ2J>b4Tj_o3sp*_@W9*D$
z=f1KIgFU2gM@rCdu}Z=LWU$wJvUgS}Qu)BP-Wy2El2^OAi*#FC@J3jcEFXrxRXsT-
zmr6KCeY1SnzOdp?resZ5NjRM9MqkE081z~WaF&eb7r2&XEciGwj5EX*CmmBJiXTyB
z6C(z0CLphnG*y^}z1(mc1tFVoh7FR41qZ*e&7kx|P`TiQb7{mn!8Z$-ub@&r03TIn
zR`F0bu`4@K7_6D8dQpjm9(xj%K70Ba64OQa?JJ`f9x0$)D50{Q5OYL?V{PkhD!WPf
z1n0PFY>(1gjOWE8qJ1>$E7IO}bXy|JLyYjt21n-cEwvO?$2=5jpuoDgj`t9sr??0{
z0-An={>%Xu5LWpx9xWR~>GT4jvErIPRm!8wN{dKYUT9_4ahPU%H!$!>eMTd#Qim4q
zat%@!TAYMmNFaCiT%!yD0QN*eyo_#r!^i-(P#&T=8!yn2%6P+*0=ocWJz}o=)m)tV
zv74PWbMAW&9UN2fJ%VPL+`UwKCitbG!Iy%IcbDO0-RtF6{S)Ygtayv{96ti&drsRs
zxcr<f>eW)cIz@g0L1dVV1nWe#=6bX*oz0~BYT0kyn2%(Q`ED`X7ppb<G*bP+i`18a
zP?H8=u&$-2W%r&PD1~uMbg$I>=ir>(_{lzVU@Yh*ZHzdeZ3<A{bONZi#bE0|?Q_Ik
zgxr^4&CeK;3q>D<d5E`?McR8{L`tvyjW9v@L05M@=F}lCVC|e#qZ+twU>Z8nDIe+(
zzhc2`DrjwsXrszfMOB7~^(0jEymNr|9ibALea&zbYk`fz+WV->9vCpZ!NO+8pkJ4B
zcnCHYDZN7}&J$S@y0d-u7ks`39r0UQ-oaVTxrBPnBuubmL`;b?oDYo?Bpmwcz+Y{X
zEUV3p=gMpp7(v|)-UZ027YDc!Wg`!c3Z5BFD1aB9x6-6Nr>NIM;MGx{To&|JpVrmA
zr8w*yXPOwm9l=#a%3i^!pnG@;eR?mJ8PG--WA{!CJH+X!ixDIGCfl25UQH78I_MfB
zB5v=<mlI;>$gIePxu-`_J@g@7gX4MOpfD4cIjq+ci!Hbrv4_G<LG9y2-Drrokwpm|
zn<G%<_88dQ?xdnhW?R}zm6l&vPoN0rd5a2pyl1gFo0}ZTW*a!B8+2ejrYebNodFtQ
zr)ShRsxep$FoCpo7ii|n;tp%+Ehv}6jqnm3YI&jR<d}Psg@I`RJG_kv&SuqVvR<Ly
zjP28G&VD!WqA-w{#~)>}VlJlIK}vV}0HJo`jb60qE<QY|el+O&e8(on6jvbgJtaC@
z7R3m?Y9@Hsa14XRvFmIX{4m)*9rP~;EiSSuO*Lp2a7w0EX(}tAz^_3t*nnQpu1qEw
z1M_Hrqxvg|s+AZhi4G?nA{QvS(}`A8y?A<l)U+=H`svV0ItbiyoN-lN3Gl>{cXPQd
z$Z|+V$2yqSaJyc{K|c>Pfd3@q_CONYi8DG;Q!i~CUYYme>5BFhLW?SL(A$g&#Nrhc
zlxf&a_VzS4&sfMKxUkB0=Eli;I8e7)Cs^KO4TutYKHDMlD7&<^Bdf6a(RsZWwNJ3!
zU>{M!xprpr5Vmz}tznyZ+^IU|oSH(Jpe?L>x<{u$w+VvM7~n`C=&L=pl4&ljXO#!D
zvX8`5V4~JWHQ#!ZnX!`(xP(qIUr2VpeJhbK4Ud%^ZM>yniH}VM1U=WL0phZlJ4D-7
ze8-?#%;foV2OuJtj8ruc(lj*61kM|M0KIj&!Z8Htder4)-R>wMaMVY-EKg;84tQ3?
zZ*VY+y{f5D->brEj>%Vn_15^Fx1MnN(-wMFh_Env2X6r+JH`=)nHeDIJx?&UpTp*o
z?Uq{|Z(c=1h)}bxS&&x2N`tf(4<gw+ICiAe+Vw>@<q0n<bsK%GBf}lET+gPoRw1&O
zz+gjV;$3@L3b{gThOe9x!U;_=Q7pX0-AQvPd4Z^E>CJKl(+v@x&+)2LpImxilN2i{
zb_|RQ#WNQ3t^-0T8r%-a;>&efef`9dNEzEuYigt?)v}H;#y0OBdrdxbu9Tj6{`iI9
zbhccJF2ATTMcOPIl$PVsC!X9V`jB7HFv>X|4xVQ3*h|RB1TtYhCQt@rTD?a|RL0o{
zcvRh!Q6ty-Vr{08AI^2%V|n!@;j=FZ*%KjIsZ(?3(ifwD2_D~Q&Zkqy<@Tg5i=uSu
z8a0gv;d0G-Fl}u}lt%T1z0Dktlnxh(=dYj`O**w6z6?H+Ehq)+tp{Dz<@2a0A4Tv5
zMCJq?h%A&Qb!0~uT0$qC<4OGcItEn3!ZAP0t6&I!@70^oRjU_(Atws@ic8_ZH$8-H
zRVq7DH$-c&s}!@Z3dV4iW3YHVEU_AetnpI7O9yQpnCNTP<*~=_Ws&1Udg)4&VtflW
zv^PTvXi9h(<)f<tD5<g(4^W7q9Xs%4INyp;l)SSPgX@+|O<7zf>U)wgdBZS_Jk)Tp
zHJC2u$pDA6*3+=@u<F$vKGNWRQ{;AH&m$_5c!!sWY79xbqUDzIvQb~3;~j(_5LW0R
zSj;nsFgC(w^St5RJeS0GC>FUpliM_<b$8Xxk&iPejr93@iU1ju^JJ!%6Q+w^K7q7-
z4JXaZwvww_AP3UFnbN~&)e|zu<t{hUO`Bujoe5|=NlU~ukmv5nIfK-*FfQ(<ux%g@
zBU}j7o=ClS>0nh=VJUBilrd<;O5Qm6?o>=e7yIb5$GZN&$<8U}*{OHF<8-*rP3&x}
zW=~^|W_U+DO}b2s5JHI8Zm-~=CI;2z>P}N>n@f#k+EEC6#iew>qMoO|x7`i+Zl`LH
zqmfIYI5Y>XTNQ<YC`zqlo+gUA=QDle?@2eY3{Hz3tjRtX?IV87&^#nWJ$u@P^8}yZ
zB*Sq`1hCG#*AipNC^0}YV0f-fJhlKTQ;$Ql{93{Uz21Aks^uy-Y}YvZsP~v5o;6+C
z^<%N9hvjfOQQA2G-t12-RrGoDVCa{HE}vWBc-x9ZHL|fBqCSZx@y6GK;`IpiB{jb~
z4~tFblCer}*rkWq<hzIxdcq)~VM@>|YyeU~R@Qirf+||r3RJu5(I~^X!5}?LRG?H8
zSZ+R*3^wDHA=uew8gf}uH8~>*)l&LTL!s0_?Z&BWwYw)yIwekd<xeRBcSg%k2Lx_K
zivbP$DLx+^wez&wD8ziY7z4W`n5Kpgw<Z)YQ%aBefJLr`cvFFOBB_P0FT3=RCkV+w
zkClT7EfS1;0M$fxL}C5>;Y$p_(ImWyb2b2#5KD?q#@SkP4z=r!bE7KF9}X`I@t)$f
z&+93;j5f463w$AML)MLno}w=AHlG2$(Kk_Jb%U$DDIH`W+3g0TGy|vXZY@55{y?SX
z7K0;cZM5}4IyD2NsdDY=BD`J35Y~en^a@g?ohZ4xkw@L)H217*GFOFZ@HNR(5vh9C
z^Ma9kP>i5)s95|>V3Vf2oE5Rf*~`~9)U=(9#t3!@JE`x*rZwUDyyyMvr2*dRiCR6G
z0q?gx>vtMaWGY}Jl|{xVqD=BKL=8#K9M-%mu$<&AtR`3wo2?kA9^*rru5>I7xJs7x
zHH`M-z2O)ti|)4OL6;j)&!`<!6z?@Phhu!G{8-6aA@<H^j-MwWy+v_yh)(2mmMcyy
z0Af5Vi*zNvM|<jk3Mmd6ju(ab#68;`ss+#yR7D@Way=5YSUERohBe!#kV{}%*PBUG
zB0vgi-WCuVke98EbMC`y2Q*YN1|bG%b<gfzgly@V6o50fOWbqC<bA@EJM3nDgDPIk
zoPcVM0)^9=0E-Snv2AsGMo?fKK9lpMVbG_BdtIF;ij5Rg3sBK}(EKEZcVh(m)hIyD
z3iPz;>{L}wxoc{n6jMUOfIlZCz-3@^&&TXSmv1$qp%rD}`GK|*_DhlQ0&D?b+Boz_
zi5;Yu_<BisJy=(o`yn}zP}f5%0*~&-|2(Y8;LV$zS)u}p6GJaT){T34sm|?{*IY*3
zX0PReboGp6n-Q>Kf(2yxx;|!YRA`z9mrYGaV=yL<a-Tti(|bB9?Yk`sLO9A+m?5c?
zIu1Oc_#pC~*4-M53WLonqUat@kEsh`>*&A+OdJT4ahrAXlG|KcE_V$|*QJ_v>d{sT
z^L9O<DDb2;T)fPN5H+xEG1`1Zd9Gm)o4E|6D_kNT_X_Dr5M4epjEc=!I%|+oH!k44
zXXufR6}1y7uey~LaKoC|9@qmUU>kT9nhgeW1#9_&-Lc1ULf@;C(7R_*kEXp~RHgU9
z?Ks|W?x>I{DG3IN5T_I(2M%YUHITlSvy2QF2B|Ncx%o~nrePb*n>&bDDrOlJOPv{V
z{0&suJ&+=V#nwc7<^rU7@dBT|E|>(xx03X*J#u%qRw)cZDav9al^cyQ06{>$zsn;p
zdElniX@hw6h=K#So~AStBEG8aqeYZj1)cTIHt@#TY`bJ`Q=dnoa;?qJB|IEBonzE=
z5?t8!0UTHRTtp3vX_qvvyW153t1L35QCx>fAv}}=uy~Gy8;{>S$oHln-@WGyOLN6J
zm09g<`o<psf#os!LveeFm0Z*1tWtp|hv@}Tr{bWMfYl7Vdg1;EL0tm56&cEe4>ikx
zb2@nfy?OLdH{LeAn^as`>v}9ec{$+robat!!4f%tc<2CM9tv|S10$o6Gyvhac``Vu
zJY65CVNgmSLI(~%=@cQZa6&1o&1}MUhnLjM=N()lR1nmS1=c&qL^8UA+Z4}5M2={|
zQ#Dgvg-S^ZsE0>K&jMcFK5U&QMnsZ)F|o?~7F=w)N_zhjab*IMgDUI!3>&vUd97~1
z%IXJ-yB-kFsCgnwiVo{-DU>{RA#O<pf2oC(F}t_uHUMrXGjM^7*}WdP!t?9vW3*i3
zmVJYyFb=WLFJ$Q1o@jIXo+Q6)4TQrPz0mOJVDIo&eGkiKG1vS!15g{Ujzr$^J!({!
zx23v3Vf7H*aiLw&Bedq-)8@=*#Ngw5C9k59IS-;wdGS;mUr!jLw-ZiDTEBfU^U%$u
z$9aU8H*?VRmh6&1>cwk~V^)t1YT<qRB39G&W$!Y=njLmTl7RKekOfR`gF*LO28?b=
z7jj3_x9W~wiNP!F<%qobiYtR5Yt-|F=}F?V9^FKdSAtKTg<P?{r<VZ{G3enTao(jN
z49FQ>`|M}Syqed6+Bl?`L}TOk?BTp8_(X%v)Uj3lfoZE|Zf-V)xcjpm7+pO&K1g@~
zrT_!H=iR87WhFN1Z|*!8vVEu7MQcdI*k7tSX#%h<-rhb~O68QsC|%J!%fS|75ZYbj
zC=$u{6eqJsI$vuiJRK_IxU$@3)tQmoW<BJ7vQD&m)WoT@MNLZ(WrScDT2l^(v4_Ui
z>Bvhr6DFh`zi7gam6)flpBRl2uAsWjYZt#|1XhhPEp|^BIF~zXNpVK6WH;#5qZSMc
z3&tLg6MW2-^_Z^DRk37;Jo$zWXHbS}^Z|%p))<g=xNKMZr-=R~V*2BSw%2JKKvrhX
z0Ddpim}DegsKQ3|f=MSXUd2m>LU~DYd}h{=kLDqZ@9YEYqrtaC%FQyk&1LeYdXLUu
zoNT#ci!;;<<mVlLTaR>88y_)R+ZfnF-kX!Tch6P=dKii-=S0o*{xdO)jnd3sGYYTz
zl#VVsg@~vLA6^mCWnOQZT1iL8q(T_PzKY0#YV3E<soQIYnpz@(A`s$SNQBaac|uVu
zrz<uL8#WVq0s^cl9^k`0QVi~qxT`gTsD{%A)XjI;nXXX^tFdDOZ({Q0(1>iZRi781
zcxF9q+&pMXPr+rzANQL(+zOyQXNWSaE1Og(OXs^*5!(6q=IN4SbD}6iv=NlqLtju|
zeE0-RV(R3%t(S9Sr1rqAy)s|EC514f3G)*|B9aob0a@|q{h;It#OjsW9i<+VWZ1rl
z?rSsTBA<KDU)qE{Pz&=n&Z2jC=x??t1ES4N%LBT4ZqYSlMv2K!7l#Y=jKeRQ%N_D$
z7^N^s`skYB!b;RFR$wJj-h`yo1TA-+Nq473u{@La>P6|pYrQ~Jibcid8M@q5!;PD{
zH!B^y+RJrZ0Yhp+dqz)SH!qdDgw=X9e4|f*IeHw;Zn<l(SxX~eO=xsUpN|JOq?m%{
zNsz;+NUyo+V{XiPT6OrV!?Hl+?ZPqN)H<Z#y1_UAS<*oBHPMrf#9C^2txueam&2)7
zCA2Q#qBIePs>M#HpYL-tFIDQ5vFq5ohRf8hguXJ%h39M2K1HI@Nbll7@r(7BWUo0P
zb<rM`CRzutFL87<uVRL6zxUX1K%D_$B;h>{!fEj`u4Gi56z2vW?JpD2zDxwLz*i<0
z({ng9{@T;<ahaT{KQv#5%XB!WaXAA9Ts2%qnz-sUI*zm}dA5KXq(@fWfwM*^61Aov
ztsu^jxf}vv?bpvjOc4~>bYwT+0RnDEnS<NWrk`iMa>Px~36{~0GHQdA_x^o5j}F0;
zeIqKsBRp`u&zrLxmud_!f%z30XVKCkcFVy&u7(xN+1xJer2-+^jW;vsZc%-6QPP*u
zbEh*mt6ZRCTDn6DfmqJ9Ua{(?YOd+S+>e|rajWr2B!xLc1d3$(+5#u?`7!Z}8n2p@
z^Pg#xuM_*8T+4cM!()kACk}^+Z6}K47OqXbEvWJ%H3X!$gO~UOFQAWfZXYx1hyb`Z
zEAhl=Es`+quV1{UryE_U4-b5XB;S@0cIK1jC-=IiXSQTVAH^dgLb#M*aQBYPJ+Ni#
z=Pg_p80O+#@D?Wo`(bolS)Qi?%1*{y6oF0$Xp!&PQ7kn@pXg(J3s}XHJ-#e$@5H=M
z@KMw*E0Z%1%IlR?LwD6954PcyEn8qGkT8_gSt!tAd?b*z5ZHU3Wc?PI92RIW(u@_D
zjd`ztuSZ`l+4DAzBBKK|lh=m5Iy-=hq1bN=FLAkQ(7_2Id5E$y+*#Ay=Gc&OP1%Of
zVV0&8fmdp=Xr82tlPJ_-#mQx$8!G7O<2aLf?OooQoOEu2h8HEFBAR$+z7^@V(4>Pk
z&<d9(j4dOzJ8{Zo8|VODJiQlQ;(~_hla16SG#B*T0K3QGo=3e02fEH05<0V|W49{c
z=Jf8;_Z8I~a58hePV#U<nbl+)^lau`?1o*q7C}olN9|YPo8WCc#J!ss@6DHrBws2X
za>t`q>f&xmnIrFbM{|h1;8Bh$X0`5aOu}1?-jq|Ag0Blfkij)v1s?&%t0?T!N@DaH
z)hB~<girEN+yx~nqv%9z3}TK1dYM%tLSOl|gFl-{aLommfLE<ySOj%?)~P-^S?oFW
zpNpOj3(!oO5`!<hD(psZ{mJG5Bn%36Y0MxSv*{EV96=+X2F1EBRDyb3v39a}@d0&_
zT8~~{zrw+MBHF}`_Kr!D4Dnv;QoS7!4h{CyUIiTMd)`r@2IJ>K2;0foNIL?dvI*^b
zY%~krhj@MRnk9MEjvk6~jnO^P=Lc5U9O|_;{+Mwb$>BkhNC1@0EDCXv8Y&2?T{Vb4
z)y2|4VhMxA6uDIC?7|nC<GY!|ewo>jvgKllUP7s4fWFy~3W76804->NBpQ%?!AD0n
zrGt+R{0hpN+xfJi09m3{eFs)uv18Uyd&^vsJKBs9Lw<NqN+NBrTZb=dA93Gq(YY~g
z9V$BxJ~B_epc~W?lZnN%Jr8qoA?RRxh0;`S-R*>0I2>@{5MvPBjxwTj1!$jJ{g9~_
zKtuH84okZpST2-KMz8T^2$$#h6K=?p&c3wmNUAH*J#%1JHP7r;^ru=csbxpt=-HCi
zqR2Z$#sQPmRynRIhmo~KW=C*RET@pJmEl9D;}fIeaL%fCq$LyCp1gG2og5Fvx4Kbf
z_D!XxI6>Qcmor@oRF?MgU>XdlXSFh%`_%%mw%5*Kpq-*Hk3){X5=U)oj+YT&MFUUk
z8t#!WP9hvg<{GMK8nMYS+fyNN1Iq%V7ZL7j1@o|J>H^*pVux|E6Eo9T)`=(#BZ9-1
zi%efGF6(pHiWiY1{hqRp%#=CzG4HXxhsyN&q$SmNqHB6a+|De{0X;?~GT7wODHT)6
zRJI>s6=zoH^p>PsT3!Y_*;EiKz76tYUcO3K7*R9WbFT1b*`1e^5&n`?3i-7y3M8Qg
zE`o(1yZC=HmWc-N87(DnNWBS9CF`}uN1DJVKkX{$<;XQT<B371Z9!<%v`#=3zr}&&
znYON}@-v(utk*4J6TlgSW|bu=Y*lL;#4rOFn6~o*-J|S1dd$9QY^RcUt1(KQg9SsD
zm7WwG<WEY+=owpFi$05FChmCd`Lf6y9L>W}jHq^aE(u-&JDCGv3`voz>>dM2vdr?0
zWVh2Br8_!IDS^WceUHK*&WH2%h%;njd9N;c&8l%nq=jtg?Z{0+NmXSVC`>;bFqtK`
z83!0x5_I2$LXXI@fo!yJ1C}amPr`mV@4#Xo*kcfd1F_MI;s&#}t_yEP#nloWD>&ZX
z1AZ@eF~&IrJ4eJN2Y$_dlO)2i%kEDloZ$7%kL2Voug(JXeo*30uZifn*#oldUeok5
z;hJPfPP?trtykd~#(nV4ZjK;#{8_YbvkGYoo9%9rWs%nj@4IO)xo4Er*<gdPnBKO_
zT9YPi_plqto^DDHK_ODvB8}*r4Zm?dkY3fvsW_GPG+*jx*{YdWm`sdK@8!~~qbD@r
zcRL3@#|Po9ZBQCR=`oat3dPrtmm~H<N&#pZauDJ@dnd0F-igr2oTSX7)!fckl>9v6
z6fU`ECs3YDBG`3@75TWJZ?ZsjII~EV`jN<vJ=JU$s#q(4E{u!3-C|^2;3vHf+>;{9
zXqyRTiyQnUqrjJpCfh*Rp{@&fw>FGb3M0}l$|86k*>g0Wk|!ZALD`-d#-KW&<rE2@
zwvR$)&?#iGt-iRU$*Sj&R7$}QCX*t55v-o!j3foH!Du<WWnL-V+-B7Ig#!0681W5;
zpg*l3+0r*Q(6rOC&&U3?5p{67C5p6Yd(?iuo!DdQ9KKMEy}qi!7d$DJI#GQ&k9ZZN
zkm@y->E>0KylK`H7jb2girLoY=Q9gJ^zIQ!-`as?7#%z0A_$62H3{kM;=J6)pi4t7
zOBXnS?$z!uq8>xmvB^teQ#Hz-B<SjXbJN;3n?5r|Ai@=-EM_Z9sBCZoW)tWW>^DOo
zoldrr%<6*{S1f`sqUZaZ_g&Y;%jg3%U*9zWYA>TVtJN}h<GIxC@Xn0~VQ2Iya7LsU
zu;Sw+m`0f6wVE_4MPKy|Sv3;V@PI>nQe1CdIDuK<@LgJvgg6B|p`oG6qQMcrMiM;4
z_o8P@ZpPK?@$sDKfu3-+<HF{sOGHe9+`~-?l=Jaie6!%za~92b-6dX1{v5B)r>`GE
zwh#{a25*K=N!qYCj=Xk&>*8~?Wox&w;?=P##%9uf3DYUVp>FSl?clw(hgcOhT^VV!
zZH#^umE{z<0(B2s6~)Tm#N|XfNAHOdNz}ANIS>Wea+}GRX(%xgr|pJAS=6RK;m1Ui
zIAg?`PtZ8b8zLkdnh@3G**G7STfD?lgcmx&Hg!#XYi~yYdmnf|WjrjIeY&n-Q{Z$H
z#YJL|gPnx#PL82AUg!As(79LXNxbw!6)_FM4zZ{QSBWP&&pJ|o$TN8CIa}B3TRPIz
zQ)@y47bO&zd_<Bj;~CSpjs9h$hDv2AQXkVBv(ky9FmwP10Wy-DXXFZ2s=AxbPHMy?
zeWG-gl7tMiyl6Uz&Y1LIqAOmnHw{yUox(gcfGX)E^S<y67?ZGqG{Z<uZ{sN&PcW9b
zwtm~b84X}%Eoz5F(1WqhF^@o0vfbf79bX>yus#Zg5`puF-OTRxJh2UFEH$9#7YACX
zFhIzXMWQ}e3({$qOh|wIuFwoy`$>T#iu>@08=$OX!BEs=QAn@{Y3D>d7g{Q$0mWwu
z){Pz#SEj*-sY(kbC5!qj=jH1opoQ`a*t`IgHzIpzz&IQb0+TvVnl;IyB<Cc}SY0Rx
z;7z{w3ZzjR_@1%Wo?2t4!yD}4^vQKXcfuCww?<F9&SacK`JPFMdiIt(IvTM^$US_g
zB+!>L#fR9K2UKKnaL+2H+ILL&itBZprwXJfH*ULTU91bf!j;*WHbuu>CI`wI!w0F3
znKT24?oX*7kAR7x2Mr7aMC<S^Y*!}_`I%OLCe0lRtzj3qUx3?iOVB=U*gMXv=12Gg
zMVX7(1Z*5$ykK6H;U>(r!g4&(xSLmAgIoUS#;6-A^psu9Jh3h?<w;$|W7ethmS=ce
z6>Lku#HOTH%5vcwC&jH$0xa@;FUfpkC$_>(Kx6}^cTSSFE7lEP%SzV1E{Om|6mEvP
z$HVcQZG|YQdx$70!hn-kHaDY&n#UwzySV!`RP(sKenE^?)!wutgtXIMqz%&gHj;O}
z5jb}x$MS#_&>9opBlnZUcT148git@evW$nXWX<0WS5h?^AHEK-H}D#rKnC){Qn2T=
zHrmQVf#&rgIj@r-6r%F$4n`4%XJgRwrK5gdV0hw!idsz{M5_5CNyxi^^J94@TtLiz
zAql+0w06v9cBc+BDeYL(3j^!cAbBG@P1jz6f=%(X?BE$kVT5!%p2*1S<%wZaHv(V@
zSLC`xvmv8cMwxgbX!Z)=3Ccc>dAD_N%gxmIGSNNVod5Ij7v;>Bch8ByPa%&l-rGDs
z8jEWn4%o$4htF`k9uI>15L+sXvO^ig%fXu-MSO#n+=7t12|*JclpETw;=N!n)qdLd
zoTU-)EQXdjG4Z8%EC{qt@j0gw+K#^G!-2*y_ylwpGVJD+vxxXDR2%lT0!mt56r8Km
zbEbV_;T8q{Na6vr6AcT-2=j~FvSt*pyg`h}%I)K9UsAD($9CSb9MNv!Wl!d`&uSg}
z@hVMcyci}&0;rhtiKwzR%~y6tu(-0O>>21C(X-aYj0y)HR`pZ}%gHpengknYg4bA{
zH7j!1YPn6DC1^j%rEPzkIQVo>6DjA=FJ4eQnB|IP@PKg-V+cnbeYwQ$p_y-=%~*;7
z#sTPIa6f(}O2cFl>BmvH1CZrmn6?FS7O`o>`syWn3vp$P5Gn<kiN+oU6_X?y7%BUD
zn<|_WH8l!28Vg*&8y$pFV+^lC<tV4s+Svzi@3PFcd=f;97+7a}_<Rm=E<7n-N}QI5
zB`aH%CNI8>Nh~tkMZdF=wAIKn3<j%XV6>a=dRM0o5NM6=OeZ~rrtzK#;vwklu+DnH
zNI|JQRS{S+Vpzo}Gsdv6wX8vhJ7ttzbQvysj>qgb!^^?ysweFwK!_@vxAr8SMhxU~
za4MQT&UnyQQ4iFeY~H~&#qkcy4&#ZwfHYpseu19S+$AAjKHB#!hH<^*V!;SU8HXs@
zp;jldM(uK2xobEIFN+v9?V*bZtQHQc=&K<;H3GQ|e3#;D7J$|z-gwuzxT5r=xa9GR
z1xR5R?sEf7RYgJEMpEF_%oZNEXNg4=Z~G-Uz|`%6P|yayBkW(GpCHO(5d2Tbdsf2M
zqziR4PZQ<<l?DXy?f5k0suprmpL48W2DHHgLEZAb2N_UDpaoUTAgoy>Sj9{+fV#12
z>n7+m_HcloF6TL@ZMjpfVBk3|7%|7Ff+|^-P@VOt91I&N=JP#z($z0sdDx>)BI$|>
zSvC_dHe&XXaCE|gV)q5_jYrC*>;0Z>6z3-MT(hH=21T+1R5`2g2rV2lHklN<Y7RF5
z)i?~W1{0ajt@M}y92Fj+9@>L>DT=fn&4UU-53@>W$-w88WB@FH1}`YYy>_Q80Psxb
zQ-5&`6Pk>X0_x$<K~@2UkVa4|VX;ZzRb;+$2+=+<SObH|cGsFW#?evTVK~-I8FnD3
z<Yn^Ym1c$Ni-((&xV72x?s;(p?H<*UgAsBliAS*PI~4>2+JW#lE)Vkfk>@+DWU_kC
zSuJFl?CFYe8%U#1$;#<s)_|IMn3WF#;iDy{lFgmse!MRQtl4JT1jT|CMuVAcW3|1K
zo5WD1hCACArN^LS^O4+vMh9cP=LL}5wg_mAEm#ad2ROk`A{0HtVt{hMOS9ND4f=Ed
zeNRB=qBD)FB>+|66-aK?0v&-(mc4z%?m#pVqm^<t`YaUP{4qUy4@7AU$XIi$I^63$
z^t0WFivvvq@`WeW>voMSSt(ski%OB*v<j<yVpdV?H+=oj5sfF3OZ`wdvy9?>3Hj(t
z$fv%^xB1xP@f4KTzSW4TJy8sPJhnDH4?{QI^*RE_!=6zDJ&mS>0H8p+0$=FTdUg_M
zlw02CukcYH=U@OS&l%FaS9s9Mv|M@}(KL+bX9|cGn&2;4cV%~VnWfocd{>9!EYwlQ
z%_bw}_+AM7yG6D?=)NZx884jP;=r9RPIhq8!XYG7zLZ%Ibmc&udgIonfG{N}gainr
z!(w`eWN%aF+Bcx5WP<rp{WNu*p-n8GtkyX^37vQx6g@QZj1vqsfXe4+Kr)6@xjI8E
zY>JYZw$(}vX%?YtXc1o)kv)rq(?wc#SPu}7mfmGlE9t|LOS)BEf+?_ZnJTz&=43WG
z6LC~~{RAWw-;~eOGlM7g_I6-Ap5^rGcVx;BQ<a{*I-5Cv=RSiqOx9xEuOmHlaNI{k
zDRCa{%c(nSpjJfL(HGIOPeX)4>JDxCIgL`VU=4Xp8nP{<5b@DlcN@<EeImA2BbeoT
zW6w&#1zeJm7pjt>ajLn+FmJrHVHYS92I~eAvzL`E?)j)PlG_!TU&zRwLZzhwHEmHn
z5mT&(r4dgEC>`9NL(f*{p=WugujU3hL+nlIXd1`7cCI~ttC=Mu!1pqSXlJmiM<B|H
zj+sagG?%ccYGYqQAzCTWWbl~ETMou&d~&s@@TP&WD{l(?M1nYMWSDNwgKeM&oJMpX
z6!)B$!<%@L59;t;tE42bRL?t|NpA$83Q7~4eEaZ?_Y<mjM3*IjURb|`Q{Pi&Gebgj
zVdp1ytycxM^ul)6d5!%|8^XhPEB)>mZTzvlGh$mdCFxUA3mj9s_a0M8c#OZRoNjyW
zwy1b74X*<Q^Bn7Qi*)!hQeN9aQ#}cBF%3dDcaVd7H3~CKtj^QV<sv+Td$3d5_FP7A
z+Oeqxj-|AAErZ=&aZM$FQtN4~9h<&DZ+6=EaF`JSiMqWC7FW4td5}xES0o;sE;PIt
z%6apWRifwVGibsp)Dn5>v2N@0tZ<`u=>Kn#$&UwfMDbpv6u#;hUfPxs7JY4`xS_rx
z=c9XUutjRUx})G!!49Eww9PP^O%c1PWFBJOB#;Yz4drS|todH;NU5vAA>ySPLxklh
zf@xZYzIeeRP1bPL;liX?ChZYfiBqdcl7wj>`@m8`o=^D(A93^`j&jkVd4|}=i`)wz
zOYY4Dria`lSdPyQk15|F)AsiAwLXS8JD3iCR>AaI8n}h>$u^-aOf8VjpuOFYTQ2~n
zi%MYL;kDZH>6tEa@743clBotvty8>tqy$FJ{eXNNkP{yqOiLEROA+eO0z%1$!!<AI
zb&Ge_TFpvordar?k^17(N^HAVYx8yuy0lt?thZr8QixRLwuk1KnHVjSUUJiw%Z498
zXdy<n1nv12n^|(zDyFUUa^E07O~OHaQ0s|3L;$f)hQ&R0v;?jqoR;~l1Cu54wM3tu
zymt-wa?pjN)nO{HLpJPjJf@kP6Q{VC)axsA#k>sjCGZgl$cZ?^3)8n7>K1-8IHP-n
zDm=tKpe=16OE!el-QND3MK<02kRCrG^b|!b2VP#=1n!w4eX_>3CD2JiSBw@;0b9|4
zZ<s7u$6eCB!^@+Y*G;V+zM02D#JkT*w@_Z*Q^Gntr|0yFUz!@P0p?Bf3mc!5L2$Vg
zqaMi%i*$ffB7VBmPo<6kK@K@X?`U#T?a6&A>7Q?H3rJ+j5-akZOOqGmJSHN`58Ffo
z!Sg1Xb!v!pp{(pqS~k`9sY(q1iGeT|p-HFWy7|43_X7^*1+8Qq)ar?XD|ZWwtGE`G
zyS`1v(*5PGFX=en9<u|O%^QywH`#`sIXrLOZ8qfqG*@y!SHblDb24!N0=b*OYH6_9
zo2aZGQ-ZR2duB1XX|1wwE%)P0tGAwa7O5hnZwlAS?7g+_DcfT8gdGU0j=O`Y^C(<p
zQQ+q$$aMM231((S)4f8u*I5oTJ?hl13dkPJbzD+-(A}-!WTjxJD|DL0*-9>e`OB3&
zPSm28vf`1F37BiN#Fv27x9n90SS$>orIQ5RRN}1EMWU??mUJ0seZ?eYvo&doOoSM(
zNVagB)MQENNnj}ld2F5r2a>3dvo4>X*n)bG6_@LPGtXLJ;)3_s6WUi4`eu4yL0tXD
zB>c5mS>@$Ra5|<@R9D(yOm=!fS#r1dieo&``woD*02{h+@rJ3&3urD(o{|!;$(;3*
zauIqM&GV+8_Qv$8Jjt;mR&wYXJRtMKSPNANK-&<{hk|!vK+KR3*7hu-C}yh4&kW!_
z=o(lKFF+2a0#ULA)l!_GgIrhEd>a^Sb%ePO*nA-Xv`~(3V%b=aH4MgMk!7P$<i*2+
z!OlKaanal-J;C?*@-_rLs)+`t!co(-1Z8F|<OY;;yO*n)dmkGeD`yBxN?caY&0Fr;
z$J+}gvz-hpwSa}ldS?v0qU&I~C#bczmm!{WLeqPq1WoTz`?|1~0U`%RJne+(p%-2S
zWFw_993WSn65-06v*SdC+TCuVZ(ZSK=JZ?MB|;UJN9nH~!^vvXmy=;%PO6V(M74>!
zlN6~1+Ix^L_(0$hcK40ci_IP{)8uEbS1aE>L68pDY_;<4$gM%Ut&yJ8oI-|zJ7S7%
zA4A+inQSsox>#fGh*{={cbkH(l&^J>@r{;F?yzp<8%={19lU&-S<QOdRFH7QFNiUe
znW$y|lXA(2ttQAS)*C@@0V4ViL*LHJ?g~Q(dO~<x7c;|1akBQ1`B`zj-G?9yd+gYS
zRL<BA{R%7inclNt1$)f-G#l2hbhsJXPNpAgOS49x;SSJAR%uV+lU1JJ30!2totqa8
zXWT*kR+E$)%UfLNK)H7Sm<9B5_0X248Gt0M(2Uc~DYEV!&Dv20HukNCYG0|#d7D-+
ziw1PGm}eARHol)oiAwioXEWuJe(I+PGA5$%y#VEYOI@0Ip3_~H{fGfP=w6Tp)M;YI
z6TQ`7>4(%i?39ew;%{$Z?NF>e)o85*oaL6F*=Qy7Hded+;m*()vY`a+8uT974tvQY
zh(pO-nw{>$5jh0Z05k}8!3Am-0Ca%Xp3H%Z9!f@$Km<nQ=&@E2;lyzg&>$?g*#cfa
zXxtw4GcNZKL8k+j8h8Z*gj@AQ-kHIgRW+m&_H(5{=W?(ESIxzcae&9<a6Isurh)b0
zXxqSnJ<S{S?JGjur1zNDAEd2Yt|It&W3!S}go&$Q83yYUV}xtlh+y5<kvb@{@K}$!
znaZYxip5@l5&`FXFSn0uLJUL9BF<StpoZoAI{P)zQWO>Rb{n8`i=?J8JV$zs(AX%5
zL}W_PTNfiQ-_-~J<%m<ylE=Qu;Y<&#N+>HTy5#3WHbzm>E9A#dE0=FmSKA82gM2#(
zB95E)L&^a8lCt))^a+Q}J1={nOQWS;)Ywi?MY4QSxx9YW!!~t~Wfx_2EGr)6&aes)
ztC+2my27rsB5lSC&AMSeW|+8n_hOBz$~bM)br!WYchk;?K$1MvKx4_62GI@Y3f8n5
zUbZJ{u={8;y|+Y<+|Kk)S4(pn|Fx3Wf{WC(nS#unI$mv}!H8wAW*uD0%K(?_n<AR!
zHa+2okJX!+dd*>MkV%9`p3C!OkcU{ytuOR=3-Z;0aOZ-piwJLN#58FX_u>h<WF4-(
z5LMea%F2jUHlFIY(bNtU&)VP3yoF_Vsd$*hJZYU*rrlX%y%Llf!y482h6s%vbDTXq
zX5-e0M0??N7ZS&%CXbnnmLDw(LIW|FWy)J%xPDx#TS;%6$J7u^0BiH{vUNk8=ksbf
zxp^%`CHsc$WVxHs?G5e{ynMlS#iQ4!NM?~|TycOa=)S{Ih(eub`uv`IDL0QXaFe!*
zPA?x6@DsJ=eg1%hP8bxgX#Hl*xE)yGLhhx~C}OI0lR2{v?vQkZc-w-I<xVXwI5iwR
zb>rn}Ad6aU=j@FP&%<5Oeo;xrnT`Rpi02LjTCb|7Qstf*D(n-f!KIG3CMBtm_@Y9f
z0rTbFCh-zYvj~r=F5_KZ+PhZON3VT=ny+~FjWx2cpD}TH)a!V9traj1wZ1okRlNac
zY@L92wVcI~2`4ND$2^x3^w3ifAL7QoVc)D!GgU@8)?q^e;#ZsEyF0BCqy_;qyPhR=
zWERNSR~pc!RlR`TyUD#Qk>2IJtmwUdth@#90^k`y6Ij2qvcgG{!zAMaj`w&^FXD1-
zqNo@RFyioyM2^KM)|myWD4y{4oP1e{^kt>5I*MEdz8G_p=SI{k3jM^%phE{Mh08BW
zBWpW-g2jFEu^8_OV0g)(T|vQvM}RDELBZ}Y2Cz2agv#?`A0{5wp!stIi;-dWn>~O!
z!MG{_2F5vic#{0$g_@iNIn73!3OtuL1Ct7xg(lcQvndDTEaCS58~pik>63K9cHbi`
zOM*lIBW0G8+to13A~Z2KRLqLo0jEyMK-7fNgNW7{sg*qhr%`4?s&b<P7a}#)aaUW4
zqZficYgdnW2enzSmk~;NEwsVS<KD9sd2(e_Q*Tl%BWbQ)H9yI73zx-3$cYiJCz5&@
zo=|A`*u{Loc4eKd>Y>+OvSVj0`bIpygEzex1cfp4;+;#+w9?c_l%yElU?OD?n>a{P
zKy4O79`LhH2p^HvLBT;|JA=n+an$<=`Ap#L@-uT-AA1%;gqX2cPi-%zQ$U|&4uQ+%
zLK(h!^yY<PBNH0hk*URm&1z2iE&^8HPzyJ+pNGELCYB{WO-wj5-rBD4W<{V`Yy_-`
z^%JV`-PcN9Xo?V_qW7w!no--`@aAnDS;b4m2*xyCD6o87C_Tic>|7#A2=5m2Ai@vz
z$;72Q`n2Mh5D82TG=i)L2NyLvh6sa?lRpAAdB($ayF^%*5fjfI;KMgUDBVlfq|dmq
zNcZfKTh&{Mr@@5@?*-Cw-m?f!S%Q)EoO!t?_fS_4+iT3%19@T`^ohKq$Jc`QAb|o>
zw{CjH2m%6t$pMdgPoy1C*G=c?)96=(_}bRDtn_hsMNq-Q<HpP8C+!&Za?x5$vJ@~<
zbYEJIzIw_IcS6I;97il{38OCY?j_Pn^A?MvwPaQ#4Vx;wXru+*Wc$*R;B&K7ZG_E*
zZF6a~K^Ehqpujq^c3QdwA<Bq;I3;-~GtuvucT(x*@c_PVIGWnWGR}A~PB37j=P}tW
zu8#vn&ih7Q1Q8eJT>xVuXqP2WR6bl=b$jEQsuF?CKF1w<-nh7t&lqYAJF_}1$e}r+
z@#-bgAmv{F=Otq6%a<qW5N^Cc;;cvMR$Y$ISdgZAOZga4`7zwwG*fy`EvMJm$a}uY
zoY!Fdi*R);=j|r<^SeB~WFUs%e&NS~h>1>$M(79C&l?zCKiwjvf}I?6Q2;Vr04F{n
z9+zsG9KLI7%Ce_P(tUF<t7jI2n->_5;o&H3zoCY1DO({`!idh6G7a{7`#?y%>y93^
z$=guAiidIOnbC}K-J&a(15at6pk2%X7$2tB2`{55bAwpR(LPd1pxe!@>5(~%0&Mj1
zxosQ@ys-zBHo{VZTL$LIrtuh@5MI{UTp8U6c}1b~;`MczN?N~Et-u9CHFc%9lrwyO
zDW|>16#NV=@=&;tUqv|<J$_+5WPRiOD4Ws60JgeldciW^5jCjhD<gXNrhHNLVRjo%
z$oM2FT=^QSgpzkDg8~yNL6F|Q>jBf6J=lJc$$oeU%HoES`V6!~sz+hYVJ&D7@ilTK
zt8re5Z2bNgXDj<ISvlTZtKYt($()|+r?!))HOW4<xaAm$;Lyh^M_KR18821$Gj7j*
z+%}GwOQoc=cC-CrY2%H@!@)g{r9_c+*>&*O_BeBnTdZZRal)C_ygKi^ab*ruMP)ec
zJrIyzSyVg1SafgrSgi{TgfZV~VOd{|K8VMb0={Rxhb5|;PcZNxZuf{GF@eGy-g*|Z
z0B0<3qAB!H-lv!T<t6QITJWjs$&Q_!yJ=OfytDw%?RhN}E43{LvpCQR=zK|l30)|u
z6!qq1!`hu0ykrvIjVr|J<0S^UeR|h3W35d~DLtZR++j3;V4|QtZ2C|@(uPV-<f#hF
zJd5yk7Kmm7%|t_;5&?Zv5lD<fT|!2pPfkVu6Vn&Ct;9<<uuj>eFBlOYi4ZB5?WkAi
zpu7}&Qk}*zPo3aygB2nR{A%A;K2VViW^ArxmRC?B3%6_+^&-NUkQ610)*d7CrcU%R
zI^Jc!dm&HbAzR!_K=;FB^Y?;C-SG8O!amxL7bG~o!J-ueO2UafX+eU1?y8lBrLUj%
zdcL9o40jl6wKklF<<3s%F{X9Ln9jRkHVI!GecWhdF*IrlQQJHEq8*wKVg*gXaq|U2
zl@Ia(KfZLJlkhwY*gBu5rWu^?VP3bl;M){~wRe)69^Q|)d$sUw_1W%u+A<Cr0K0)m
zL~(>EA*s8Q4W5Sussc#7I=PTo>TYQk4o2OV*-ZhG?_~obC*|InoQ;v@+f#WPanl$4
zgaHz}QTefiR3jmj&uD2cNMS%aiJE2PN&?OGgFByN3{>(A+<21{5A<bT0qe_srx15<
z#l)T>$-oeEM3znQD+i8Oow?%WO5g_dVs9QzsGhPRuFrEy@_rPjIE+tRVdcg!g~=bp
ztmA{hs#lthSj`JJU`KGky{PuOr_}@PagVQQ$Rj}AwN!oMQ3$d``+!kP-~pCIKdS@`
zJM#=u-90kmRmOQdsF?4VP#|i?(YZ748oh1CxN$4x9lX-w5s)SV=EwUZbjZeIZv3>8
z?g5yX!pq}6<EemmaSvv?kd!ozoPNPS!7?5cP;dSclkH2)$wHil0(ny)1gWm4)<P4E
zPu0kkgj^!dEMdwKf8=G+y`H-rRN>XDM~F}+=2rd6++Qktj!1*T;R+dJwQPIFQGz@)
z9w$on@Yt2i0xW4fG%PS0e_Ys??0&<5igHFog8C|IPl)?H=X#m#!!V{jSd~8J(KP>>
zDY`K8t~YftR;Su}fJeQlvZWk*9is9L^wTc4H)-3`(OaGPURE^I<Mz#Y<sGLF#|8&w
z2RhI0GFJ}kZLKMb@J1a(%&7Eo0^vf4RN;BCba@{}>_idYb;#0n*;N9M!a%z;bqF86
z#+uk|GZKPbq3qGtLnq=2$|j3qf@%z4RcIX5db#Q#n_G7FTA%Vm!#x*+6<wCga^h^*
zy(A_9=@;;(+*b<cN#2{(q-8&+3rn|DusPg^Z;dSvFI}sXNu!_NzMl0vwH^|~h<E41
z#aJ7z^>}3qrjBhmg19RqoczJemQr>DWxURHb6;X$lTqV`51PsGDS@94kuDVmc_ama
zW~liI*-cHpDi9)Z@S-DJS%;-VKiL;xDhp#PZY&@sWtZX|dJ!oIwxMas&qcl5*i@|_
zz`VE?wRjDYE<@Xb)i-KzkSK3^O#loYa=IzncAF4~Em|5AaQ7lQ#J<TXtyw{5@eN#t
zY192pe<{kMqPJDWM{183HLXX2UrSKY!JYFAXYUcoo>?ZnM}~$e=uUuPk9})GElOe(
z2h|xV@^V)$ki1nL85KP=L2PBTWZ$5L7L2@V)3^6tD8fVWLel|pITq_^iS*e;f6I+W
zo;Lcfx!$A%2o*n4m;tH|hj)v4`bLw{OgdncAF5E1hv_;fk(lCzIUCAbV1T9!cH`JD
zGey446xxWSbI4s-0Hha5!g7ys0f!|;3eyqrkp*Fc1~kJl5^Onx#xd!7NNRRyOy|R1
zB9s>qXhO2CG4$qn2)~M<M*?-;tT~m}+s#BJo=KoZ!C^G6Zc16%HR@h{*46Aj5WzJ@
zbYVLxhSH>E8JS8?JvQ^M58uqa|J2;W6ex6zY=V~9#baEya%ID4-!PcO)M__-()tJ*
zj#SqnqDS=6KwN710c+N-UMD`%3-?e_<fVN#ok6LZPaldFEG7}>>yd>)AKrfLRm?<K
zB)PLG34VY@$S~@Qp%3Vhs9C%@cg~_X89BF^y1|Ke2<Y_Qx!jeZiXsL)ql$W@YWAK6
zu5BgXik?3Uc(lY~KubjZ-rRUMgx2H1BF5u`D37M?>3V{<qYkb;&v>Z-&4}xWgN!j;
z%2tMMRlVNfi^u7wUTZdw^Kx}oTT3jBKo|8q-)Zr7uW7jM)UCAJursU)b;OG7v1Y24
zvsl=)Vi+q4jHLx<Lv-<|Jp>g3kua03S60pTTAaGboC=dABSBFf?DFI}h!)IVF6<$w
zqcbEn;XMV>L5kP0C*@Bz0A!@j?dClwC&<Xe+aE$ssF?>aldbQfxS|iz-nHY>Q`5s^
zex63qkrAbk$AGM{;lsE&z%pIHEOny8y`2jgx^i$Z1_i$qzRZJdY}v$l14g5ToEBx?
zt5@uF_m(sXqu;If;5;vRX22L{n;?Q754O1U(%$oN*&5;Z+KZ>in7Rzj7^j^2%)2Fl
zQ{<T!IGv|n8Q9g%dN!L?3^;O?I^cuwjH1!Xi&jP!#e3I^BIoI`%`(Y7lU?v4!?<$Z
zf~So6EQ=u(q9v%m$9OX5$f^+`P@kKo(wCatQDUOdaMZcJ?8N6aCG_4g))VQaEqtI-
zGi`InmiJEL%9EI&n`_P&k~S%FI8|p6O@}aYcBT}clJe4^cx;s24A4^Za7w9+!E(xD
zmgX18trq%Ai^WDgnr)^$6_yJ=F?_alAky+&#9luDc`(pW0__Rz?Wm6SpPLnlNMd7*
z`8tj{5DE3z$PpMaB{WvUkCx4Va?F<4PBy1w{iPXQl`ey--a7(ueK_?HCyJaslyn;F
zPJtSqS>4-yNoMYS44a9T!~;+x;EVXw>R@A<$uw(6%h`m<U=r??dSJlwo$ffJqCo))
z(<fvCuWz*!W$_8ZF)OwJ?xOLa$5T=f9DD5BT^i3CZR;2!Yf-PYP>YS2UD2xiT4CB^
z>qeLR`qc}4*l#*tjJ|k~3jw0??7d>>nKuv#@i^CXYyplh2(%K$!TNZnG`p@e8)uI*
z{h6%<VF}H>isc-oh$oK$I)+TZ`Y?1l<)uAdViJ{U2VlI(gyl&ov&ooyR3PB-lWAux
z5QlYm0iKg@J&D?pMKgUH!|e7J7-MauauN=$#q7AST!Ctu)TO%SA$i8Lw)Q$2RUY;%
z@(L#h8eAi5d8NDH%5X=N;Y!(v+-fkhXTf;3hN8`@q^E0Sv2U(N8Wdlnxl5a4Va@ZA
z6jb04j%p2gZQ9LRqqJ{n;1=4wsDnCy6Q-VyRyGfhr6v=1?!v0J;d)ggBIg^=9VlP~
zf}Yn3ELPO9du!MPjgl4edg>JqD&wQkW2zy0CG%cB1M4dV2T(t?RqTy>yl<X%NQ$Lw
z;H%T8PH*_V$43`inyMrOxjEr;PLywV2uazOir$>=61uD5ds^d00dzcrk<s?$rorb6
z9oJOqy)INe?f2qgn#{%Ouryh6=UBh9Vu0b8Eer$*vA~>62(6V$9XAWecqZh=I;v#H
z8)EmSxkje?c|@!!iy-<-$BUdEO>R9>sdiE;K=o6x$J33(bhd%Mb#1NKYj1N4geFek
zZcE(;!lFgq^Ws_YL4I>`<O2V0ocYw^c`sJKchN41iUxB0ddF1?fXU}1#cjjL`b`>y
zAEvRx-ng(_Y83FxLT?uL5|9Q?arTV0HYk1_ES^c-ybuRyg$M6;d?cZQ>n8B$1VBD8
z_eb$EFc)dD*wq=7E#32SCLKl!<yyO=B?7IxtK?lg_}NgpX=kU-gN&=3`M@#ko`i|a
zpmH+4cR~_`q>}GCs8c&ha8%k7S4}B=sPe809}f{4kYFn7u(0|Kl!^)TT`Y(P)Ese5
z>hya+0=HG~`QSiFaff%lydg!>u&p_u^Tl25CzWK$x+qT1<&0bgMlbPowS_7;ko8C$
z!#LflWAO7?WK?iaRTZ%Et+J}}**euEFFj<1J<UU(?1vo*w9i0g^T?M5Nn_U@NYFlA
zEUp!mpt0p@g|JErrG14PZ|Zc>4Sn|&##_7Qf@CZ@c*xJrTD3R9tLBnlpFK;GS*IiR
z=W15sWPyT>uOEYqky0q3Iy^6NycBxSG-Hf;`vVAl@NiDJ!UYe(9}btpiaAV`N3XZ^
z<jJC?cu+cD(93=+n-<izhqsnibUWP6!Kny8-lf!TP<=%+)J2vs6b+h(7wGB~^Px5%
zKBL#qc@(&d1l!nVmPI({CdcV?g2+Z92=5G@JB6maf_auF9PeG{ZORx<4#X0pZ=x+z
zixf&`mJtaCH&^T)f`Y!J%6;@Hr+>+5WM|&!X_2M@sFBfPwZNlcYT-wd&9m=C`Ol+h
zAzV1Z3e`mGhuXM}OVrC-CR$!{WPAo@u*pCkj=MG1-kfZYT+0I6chy29Uk?(#h_^V=
zgho)xR#T(19;9~<XWOnC%t*4V2$v}wc{X5h_0e2;Bsvl_pMkOJkp5?<LCjk^V;K;A
z%ZTv^I2KKG%{Zv11_fm_y`AH{hzvdZajj!M(Tb&Vc9c|l_k7eHG46>;UlHr7O)T9D
zNv%-?05^~A<y}XA@M;k-xjc1|5SI}x8#bQUy-2{Um>$6AykXdkwkNv*-eb|PsbE<R
zu53n4!ovi3;2jVu$9c{Xb;`1`rsJLoXA?t0hXnG5y4-l)dqKtqLk_o{M9$|BZ^ng3
zAzGIu<I)SLDg#iT^6)+K+<Txb@G@Xp{7^UP(Hx#Uudp{M4b(nz6u=i5egU1R9<{3)
zfT0U#MH0v+*mPGylOSB8;^TCFaO%Kn8zBZn1vXPqvl8+~lJwbY)4@(46c3fbV?KC0
z;BKna#N=jSVDGZ$_?3>B7p5Ksk|jB4b*1?`!wG^`E@v@)u?xdU7C1K<t6ZG0HHp21
z+|OsFCzD$z+D22_EVY!0U%u6GSZ|z?FtsHwnp0??jcRpBqg`FQM-%2Ktd;qop%n9m
zx*H(|M$}l~QH_9v$(6_u!b|hTj2?qEE|<3%{d5myFc5G#aQqww^sElTtV3ebCfb+U
zO&i3#opdScDmn=sD0+^wrxhy0BR(TTdT;v;QXqnWgaTuDS#yOB4(#<lx6yDq8$g1I
zEE;T>iA@g^L0}QeXKN0U`by<GF=A~Viar}-6r!3WZ_0P>?7esXVqrdC>(4&zR7|_#
zmU8IV=52szPuC!1OD*g4nn53vY_-XIP6~z>M{i$-7<1O(rH1DdTS<Md^OU5Ow(+^k
z!wV{Jen<R5J26HzM#MS`t*fUupk7=ekoE3+b&`dpz^xV1L~1!ti#OYDbh^T_Qwlhp
zrLJTnFWh^(j&e0#S3tb@fAc&YFov-j!sjmq0hh?1D&*`?Q{@(P1`bJ=;b!+a7YynH
zXv@$w;qgsk=b#wkSxt0|t)~x<y%!%JKhJvf^gYY>kR3$0pd0%ZEA}eW^~J3%0Np+<
zhns$!L(q?20dN^Prq^D*dtIcWC!}s!{-WbfiN~_<!I4A=3vK1pB)wrY&!^fn*W3|o
zaLeztC&r<eo}s?JdzLt_J?$z2L4DL|^k^}5)EU{Bpk-1mCbm*6XrT&Yji3#H4C)Fx
z^j`X<s6k;p)JLxiBz^b^!elMww00JWm{wg0<~DAK)nY4br#(A)n-N3!#{8`OSlQNJ
z+$>tM>OORRD12|=btJ(%8N>1@CssK~pvSqL$cD`q5_?T4TH74V>uLMaZ37neRtNDc
z33kE}6T4I4Epwl|+a#N}_AdQb7Ks)n$@poj%j5=AE$)(Tx9%DaBO)db?$!~3nQjZ<
zl2^G_@EB^DY!2KWtmQq@PTh1-DSepFWiK>=fD~_uEtCcsENC1bP@$bqA8?OTI)uMh
z;O~jCrntspD%wU1vR(-)0<cD>O<D-q2y$$|0qk|opz67%WMMC=oOiX$-dsKdz7roE
z+zm+?def1ju&iw`(I>1S9q3dRw=t&zC*iFfG-VE^N88g%yKjgdn;KpkzIeb-&o+4g
z?>Ls0sN+SJ`kcev)YB4DKZ*R()8$J~&pdc^y`D5-)d<BM*bcE943Dk|wDTQ8);MjC
zQy&NvR!eLm54t`_ZP<wCILkRzD#E?k9&c6Ay*G~tGs7H>eHJtqi;05$#Hv?Og-hS|
zlr)*qBhnar;j_rK0gJG=O#@F{CW<iGA1r0Yf;C|#4RrJg0XU>X2F@<p{p%;!V_>>!
zQ7FQx*Vbg5m5!0!Me*v9^n|u5Ib6MywNwN^$D6SQgfMBNYsH2u6?h>%T-jrx2~I@-
zXp6OYe&ez4WlqAAmzQJNMHj|Z^6an_wHpkiSMwFRg4J#L(>ifRk0EnXMX}3z^_(Ed
z=5FKl<Ckx=cI`bSX(<!s=zRuVl4S#Ym8d$P$dC%7jhl}CxIIM=ubi8<8ZjxcW=1r#
zs#_mTY_K7=Bnm}2(B_HkVx-_B;RcJ2aMI9#;EaXUx<j{q`ts3(Wgeh%eC87ZD2H$F
zGP!7iZjT?VDz&HYQL*Z4x?rf+FE-8^^l{ydt1AG6$^@Ah;__G(gBEx^9#H3gO|3-*
zrI}c;Bj)d20hyRQvPVdm210@%jw1=Fy8yVjVDBv7E^bP>!vNfK)XOmSoR~3T<Vb$S
zw^d^5nv_p!VVlaUw{HB5?a@)=5waq#A-28O6I3+TvcfN@mmfqfc6KrX-y5<Q0tub!
z=6P!rChCq@X^%itYozF1m_9x)_wzY=%;nrd&_#ecwcWOWVy3Srm-{6R&FbcPb!-jf
zyDYfmS0n^hhUndD;IH8H@zrkBKubMPq)mA)<2s%m`*gw2Z3rYKfk&F;bzS7WCb&_i
zG#zLUMkKK=ebnzIYgb2`)(YIbO&Y=E)0EtUTELb$%RRsVd>BjxycGucDA^J4%g>-M
zKb0@gZvYA(V2y&D_iQ?Fb|+yrdaFrRKvUwI)S!N2VeV(@piene71w*17j6%{({@DN
zM+OCoSEPZ7Rp+pkQBCHZIO|hp5f)8*j*Hl%3!(LRPS2@5mvaF8y<qb&d$=L5TWP5%
zrbmn?AfY2DkbIJeN|O*pp{iklM11LAL93GGqP*NYTye21-H=T%$yV1w<hhH)zI)zg
z$CO#%P81rk_6o#7J*mnba=QR?624bzEb!`_X^`zIJr%5Yp*h=)>AY<Q)E9?@lH{q3
z$#}y0l#l>`8g43u?;Ncf0r5Mbcs)|I;_WX_vWgt-nNb1L8NTso>8b;hJ&0^dBzmr+
z+JYDl(hzc1OrCbb^26+9k>c9LNAq~&Qu=Pt!QjEZKJj`))7$XWwr~?P*2Qu5h-)q+
z0Tg=4#q$VDqBNLb^knDis4-2M!D<<gjb+szqFRd#>UneYJB9153U0%>AoX($!Q2gR
z$lPZWqz2a#{u(;H>)`cFRM_H?tn+ESm(*(L55{ifDZQ`&=oZYBqaw9%7ho{WXa&1`
z-U<t)6&jR+XgA9ayRp{q+TLB4BJuTd(My|$TmE$27t)U)yA+C#Ml6g2`Ffq<N*A#5
z;OKTPedFQNXBBqO{m#!HOEWk3gobX@89k^Cf=o)eQ9EZ5LczvHXK{kY6imfQ20!g`
z(YMyl+H&ypfq`Pap5g!$<f|y5nOI0FH<Q{Y0bK&Z**W&Q9n9S}wFRqv92Z~{yI)>u
zHOr#HHrdM9_~=1vvQd(E_>L6^YC^EiOX62Wl8HWoQ%VnOQRU<mr%CgiIOBQw2%cCj
z3dw_<mI3f0gCM`hPF3K|1SbykK=W*OJ_JPo_#!k-G@?8WOS`vY?d8so2hnJs<iTz0
z*RP%O33)}S%cZ>yIP;|jxT+m7WHVbu^GQjx<IsD_&CXO@$WqtQl^Hsea7#)jl5OU=
zWh0Ok*f>B=w_^{m^@;It>rs`r<zv7r(Px=ldZ>yp<)L=>o;+`|d<{{XuQ<G~ofY_$
zeg8vrMy_8R7mgC(v)3C5=P{fE$stkm)Xbkqg(|Tcr6RmO(VQ!e(ukNBJ=`^gXGBFs
z3hid{QdBUKgmX^zUG*)|yGx4DN{*Xqtz2}j=k`FxjdAbr+`G%w_z+11rp3o!#jEr6
z9xo5+-LVpG*Jt!{a4!HgK+3-zL9|yvZ}%NP=u3HCU6O)N2AL=FfxZW{4~dB4lzV}P
z9N)vfRo@yXZ6Vi^d71sX0Mc16A;g?dfj6iuASGD`R!$FacGmgYDOQeK?>RqyX+GDn
zncThRv^+}B?djl45{oNHN2z;wO-S?5Xvg8f%S=V-(K4qBtq@Pom>0X;ixoK{!)t3>
zqS}YyK@T2{A9*NbE|lJsk?$xuSm?fVHq#DC;;lhrWqa{<?J=WSo-rQbS>qjtj}IG<
z-P=+0+w9m)yzq_Xc=o`Kwu*%z&!p?QCy8M_wh8oSH{$qf8f%Gq>FWjvjq1ih(V}|K
z=9L!Kzz(X+l>y!J_ECGskbNvH*uiSG?r++4Lr@K9F{VIy!_)wKb;`{eGj`S+DIHzm
zFvWTrRS-!H5|_ON5>OTq0z>bJK_yg9j5D3|ZZY}2;Vzt_7elMn?>0fSkBiI^AM^>0
zG$?v?tYY)I3Mi5BFt&o*6Eam=>)cy@WG~+%O%a1z%6BxOIMb(^W?34um}dEIP|>1p
z_c4c%GkAl%SMZIfe<2FXS+Jn;I0~SrEdA9WbuN&UN|&xGthJD`LDTwM4FNpeCfNf<
zan*xUYk3wrYWc2E@L6ykCGIE%9^G!}J>4CZ#KNX^B(keJJL8;Hmq6@?VK05_K`>YI
z>7Z5zmNuElgrW^Mr#GtXiZ7zqpa?Yx_e+>c&DO$EHppD90MmbW(M5?2HCTh0XOj)D
z$Mg{iaJGr@17=gMF#zS`P#>7XJ)GQP;X4y|^>-2>ni%rJ2{L@n#ih4>*}&8L4XTEm
z;pMr?yMjs+&Pu)wp~b*4TuPTz@sxVDfFkv9!EgXqOUx*y)paKcEv)Pw+V;E&UzJ-4
z3o5;P`(y_dom)~Kd0NU%yI!h|grP2=V4E7stm1ptk5g<gmUi+Xk(EBQyK!zXM=oRR
z*|W-~(i4X+jVqO@frYyR<+yurji>%-yq*^?FtggzAYDqkdN&>Xe3*ca!wz(=2a+)O
zE_pIkwnW6OL1o@}H4%mw639C`Z@p0=R*<m-JGdTMLv)9JQtdKtw7JX{@J;uNJ>3<&
zV4{07Zk(w?E*#^lJ4{4JEVc~#G)m0L7C7$GlM4EwyrxVMFd!qldQo5zJE%L+sq!<4
zH!_rTir7=pANW3h5Tm^d$BAJjou!1~JDTbp{+{l3&GPmmB$TO_;n<EN7zfCQQ^fGZ
zDs}4^dil8%Kb!OCn$rmjva#p`+fUzfwz#Kgr-YgtH1=9ro+1R0So(23j5_D#VuUfg
zoT)%80tYf1D&b?ij^)&eCvUf|-O<i?IlSW(tO1;G;1J@m#BDcCgI){4tvx>F@Vj;L
zu888@t#y2xWd!cP%rQOz+Aew>EaLAJ?|Mqsd3>4QWLHn?JGZy>y^ErK@1k_Ap(PNu
z#%!y6J=Z?ijZf#{WXC*(G-MuPjM&U3cY+rpy=jFu^o%i3OAO<l@FXomLIYGyVO6na
zxzZk2<hB*0Pq%F>W@U1YQ8uKt&OXywYJQ0IES7IpB%c7<-8p58UHajRH(ZpDtSoGK
zHdPsfBYT%qv?&#<nPx!M6zV@nm;Jf!1e@FC6TB*0tu+beFm7&tbT4JSeN<qZ&xu?N
z)JTUZNvhXNfK0X&3r%L+j?uGk!tEW`5l1*Z1)<C%u1UZ%AR`j-&{vMDC{GWyrx-IR
z-Yy56Ij$IN1169hIwL|q@+yc#npuyv(^)DxZ+sJu%NwnXYa@*z;wfph<gT2Tbd`j5
zuYIXkR%RK`3Kl84bP~}^QbR3LI2s{zOQ98eoDsAzk&5quTgcmd>=+jLoWaj;Cfkd~
z--!yO@9S(2rp{*scy4N#GZ5p<Z0L%;6;C4vcXwm~b}-t6s%;>5fQ6ow**N<83(VJe
zLgxmuUO+Zttjje;uM@7w_bI+QGpdTn<>a>T9LS^t67YSNdcj%O!CYv8>9NaOo#d{Y
z#yoJFGSvfIpk=;rGGq@$ZW=s%RtylGDd(3b$#*aw%snGcoho<f_?}dP^YFwiyxEZR
z1->(zIIP>JAnPgdG_cZ7>8W4PLQ1D)aJ=ZjQ{9cJ#8=tY7VA8-BfT_rS5V>&ZMkFm
z1auaCp9dDVs~|nmSdUv3p-vlZA}$a^d3CcZtbMYVd-Fi~@wC4ss5gxLhF`!NhVo(p
zm8#fIhk?AT(rpFh2^qzAsJ<EM{Y1U*;dQ!}!An-kNG?A)G+Zus<+Cb7H>n(?nJ9hR
zlL{}nGmR5x`;nERcgfA{jwQ<{q$FREQrXn&9XHdhjoAVR3MF(QtI2$AlaVt7{!8}U
zRVFqHQdIZMgJX-mLJ4wp^`XK+)j^r1n=*&=0(#^Es_2x^x%8A+x}$^KxUnS5>=>jE
zjIc*VO;77i42Me$YXs)VF?{(kDPV~kY|bd~kd3Vcv!5)8+QvrZ@i@I)bG^cGeE(5u
zb`?@aCVF8vs+(lE;2E4*`<xFAGVc~1DJM3M=(Oos-fYYvVR}enBKMB0js)4$nq&>K
z#6o$ajBmIbVq{ph8moxdjEg0P&+I^F_NAGj?K_WxYIBX`Ef=72M-M2%cu{L-&^Hxl
zO*g9#=0#@=2}C%-3iC{at~AlZEwTuHT@~gW30(Q|9$C&2*Sn;1WAO&@Scp`Of!n(4
zI_7z=cgRyX4q|C9^Nlgf56`Ei?#R*>!kl|>Zl(>o@wO>%C75lOdK(^z3#ADX_d8+p
z7~FOD$LEom8;_wdDV}*PtVH@NrN+}7@Oc1xQTmeLbh=*?d+Mt7CMWFTMa`<h(F=Nl
zXYkhXiMVR&A;fK<`>R$5j0m&2B~OMMyxNRxA&q@C_mFiZW1NZQVqVsAUEz_*5~sZr
zH3(aJrvg_sItS}BrD-Xu+Y81cqvTEMRO^R`i}(5+ft1q-oIz8bLB!PDn9R9)L?tCq
zlKF$>+fHkE8<8V?!9zGrPZ#qB7ukkR0)<M3z_;D>0%t1KiBP=FUFvm_^Q>le%X*br
zEf=_hkXSpoS`^JeZh_ZGlWHzHMW#`1NN9QtvCjlA)tn9rYOJ^-TsxIM5+DX@<524%
zR2EDewuh`n+$I7cJuX_{S^d(xMvlwu#QEvmL)B`{=eQR1Xd8=jWw|eLd^qZ$r0|nc
zrY}knrWB&6r?b);jB=T4#Stwjw$PUY7OQenJ0a<z=T#4}Fp2<zX^01daQ8bhQgW<&
zvt+975N1jIKo43`wdu4w<ERORHf$hipK(1fw;mxZopPkf-hs9;1=gEY^$j_);<cI8
z8su>3cA%ho#DH7_%;cgjbw|(i`NM)fc<B-+`TwzrLKm)%TT2nfibUA4c8=h@nkP{E
zQtIMbXzDDOPGmX*pU5~;SDbNVG!H*(iC*qE88BpTUWkLH;SdZ!zc``hR}1KE&-Ilh
z(2A9fCCXDULNLW;EOG#0Lr|AQ5lDD7?JAHhw#M(?guEA&ra8S_FTmJt@r7)FhIbkZ
zgwwYAagpR=Kj5nh6r{u4*Tl)4_q?U5j;RBhO&{5gI1`|?CdP)CYrgJXeugfIP`hK3
zZ^;Hz$YAg4ZQM&p=!f$TO}fKgKP5{z+&R2c$t^@dh<nAthEtlk7n{SFGU8!fZmKq9
z7_*SQ@EVy51;7xaMykC}&bJ|YXeY2_l?0H;a66P=akaEP1VA7PcD5zTQYGnlaoCur
zc$G<6#|L|Bj$V_;ueW8aXF5D1r0y_V)Q#ULd8OV1oP|1B*;oriiL@TE_o^nGP!VS?
zO$}QxN*)hY0!AN}bG^*us$CRZx@13KGS*Dh=rjs2pAqBeK7E1c5|#m6`DWJrPQ}4;
zJt{e#R7^v*5|Ci+((~o5#Ns(@AWL687(Mc4Z7mQKEqyR_U_*MMwRJK}&vl*_RL9}k
zMQ$zSD#8d6I`kg$SwVY3=RGrsMD;5>E`0mQY0-ST5@VlDJr`VdDV5_aih15{Zm0%5
z6D&Pt{Dgv;l;>4Bl_>W)#W7bz`KncbwHq?ln4Ep@r2=1=2D8i>bi}Jk12+UrW0W&l
z5%tr%5QSEVIRIO4l^4!!ik<QN1wPHJgjSAq8qmfCYH^6CUB!UtNC<|7TiJ3xk^CH&
zrmWCGXaTn`0AHFUtUi&q{jO^*-#Mx4JptY&A|9pTS5hZrLT<=oC8RGL;!#3&mV)Oq
zg2pcLE!h}`Ye6>L{*TjG7xunu;#8Wa&Taww;K@)w<U(}kr-S+4`L#DmN_li@yf}3W
znt&;kxw_8OJ;;WpK|5ZTwR;b9n(Q*b@wgBcD0vr?X9cEo7T-N1ujD0IRpZJrt7fXY
z!rscK;h7>1?UvB8gTMyfy@kM;$mn$96IW~;$N*4js?n}$N+sJA16Cb@;%ZT5{obkP
z(^pTMYjlt9oau6bU>iFYqY?2X!aGokO|t`oml81r%@k%CI__i<71k0Gfy54|aG@B1
zx$l{;CK=gFPvOpIxzW0FjPqLQs31DFP#62;oof-)sCLS`Z4fV?^N0kWTH0v3M|E>t
z<-mCerHNHNuVgV$7b2R7;h_p3wY}uHeD4v=1F&*S+>wLOG84&*N4+D8qFg+yukdob
zgdDPs7Iz?)F#K@^)s=#Yv2cs^a0{)=M!y3+%+$P5=QGzNxCpD)V9o$!fj#6SD)*3C
zn%Li53lGy8a{yRG`?W47pGin3RAty6LcL>qGmJ(&(<mDO@8YhhO()H4z{1}Y&UsER
z_LG`?)z&sj#>+kLy?kB)1XKKm856D9=LyEP0^3b!c^E$y!?kjDDayXE73<fLWh30S
zyLCqOYV|_Tv#cmn7xb5Sne(Je%!%fnV51&%ZiM#kCA3@d%%Z}Uv%BQzjPrSglC4$a
z{qR)Zv$KXxSLf^=47L2`)W0}g_bhPpKnu=P*4`pmlYUw8`pvM4A3rzd@OY^Q%>j%m
z(diG+Y~{Tt+<moxRwCr%@z__$PVd&y$dKRR%k4YEdNj35(*$AY4t-0Gb6L8}UKoV#
zC<==POtZQ&syRM#od)p;3oNLzU({-XExvc_?a<K9igCp(Z#GVNR1Lcv;Z>CG{0k~P
zAbDuz8#)N`oRi-<t=Y(FLFKx~JKVDtovh>3AZ0RS0DhQqLtuakd^YH>cM$C5b|IFe
zlqTa%%}G*WWi;#-G}XSxfX{D*H9#B7A#b9GUUeH|>q~^=IzDo(a+qj2><2px5f*}j
zJ4DKE^-kV<jh=verH9~FOT>FK;Ix2Gbw}~#Sn>+-1_{c0h8<c@&T5$ba2i(mp=L5x
zw#&WM+L_K%(<eq&#M2~iAa{M|y=QRB`|eiksYxcIMkWK~payD?#x#@CgoY5Iw&RXo
z-a;3cKJ|OVW~(swZtbW9myI6^xB|B>aY`q2uoyJ#JY;`#tlbX>>tV8_10jG#A$8}A
zt||~`TboGKeV)c%;4kh8urNoJTyg9Uw2zrf+MDqx0xU5=xP08JSGnu&#$%+k1rB7Q
zw_Ooxng^b8v=cDi#$$1^KDH{sVi2-nN(3S$h$bmxOn7)(lu^#&2<upO{?d^A>^bU6
zo~5bNCfh`<PFLZ)8>mSdbsjvcrrdd{EX|xg=sdb}LdW1x1FtvcxyhRY@DY3iv!g&b
zuPnmGN(E=1&fwE^f=3SgN*R^V6+52r4)FQpQILxjZ370en<}a8hQUHOPQ5ZswxCit
zBVfLHkrXG%*7U0OCD*ILb>!ouoy6WMig+=BkDz;ybfAUjfqPIj`@m2<kZ1fvUSf1X
ze1fX>1?mmP0;cnpZ977Rs8g3;UD9<$P$`?s)e|2glLLa`3WF{jD{mHWDwT}u%}318
zl$ntv+fx87Y+3z)*f5={+{w$8Ez0}R_5wKFf~h_<_K2p0y%e)%ZV(nu=Ma3Lk0a7J
zIVfszR~&S#msbY{!rpBFh=rw^@kwU~z5uYK-g>G+^K{JrBUN3GUY@<%B@uh}3ba?i
z=v9G@01Lx}q|w8eTym2hk$vgA$pRHVIiLjNjn-I&S!&d9)3<gwE9VIYxE1;MZYs-3
zMD{)LN63S(l5we;<F+40ya0z(!1hHArW|z#fY3;Ekyqi5wI3&?pJYg+-=RMxSjz}N
zlXvo_M5wOlJz8I1qMN62?vE(LhhzX5yigOWA8OWynkNeZmfKSTsWZ>pT<-$ovF_M3
z&x@5F3%YpdSGrmBAgP{Y8F49LNrCGF=<G#gG(WYBkTed(cWldO3KVq+kaieolx|_=
z>Inr8?I{Yw)T@Ih4nnV~CjsHX={{ecohJ|d$xML`g-Bh2h(Dvq@CECZ4wqbSy=S2$
zK7hT8I8QVBor?CkRX)-3995HJE=aFO`#e<gU6FFb+x9CSu33ti37o148D_eTdcq$3
z0DYZ=n}(Xf^o7Qz3~@4st6Wi6g!GP(o3pJmlia3Ct52zBSfFX*Q=KqvL0cSqVxH9x
zFi20*p=u&CCY=VwlMK}#Qd5O9I7mtlcA_K|iOsFAC(>p|BfRylI+ndqeD;JD;_*Ix
z5lM>sC|POf0Z?E!A7+j~P6sH|UbrJZ*z93~mkq6tm)Ofx0V?86Z?U`zxgG_JKH)ml
z+&$ElM%Ed^5)dl_JV8|C+zg|raDPMC)56dE8XF5~Q#wUMbHw<QRFf}KHF62c?kyDe
z%kao6awbWE>m(gF#XdZ-Tz1~GaS>F1nb;uB%XRMS$k=Nr+E*TrCk)qxsR-y&^LQb~
zNH24ov>IbFO52)XfU+j(y46c-_*UW75g-{Kg9<x_A~aGp@zPAmJ;VWj>9$i?tjfr2
zoHQF@<$*xDC=b}cp8$3rcRok0<Cgdj)zvri=AJ0XDGfk5yfDU7p;RVAnD=H%>dphT
z=BlIoNLeY9Cz1xBlNP1lyEDV$Op#@%9v&$~NbfDvMTNNugxC%7yF=^&Jj?I~1Q=rC
zQ(7iorj6TIl{O-XyUX480Es5GZrdwpA0fs_VHYME*)(*$xRR9)_LO{``NF6`5|N@L
zA)`g#9sBw)zW|YyGA$=&dk_^WfIZM@(g>$RltgCF6E|h4RTKhTv!(@eH|H7l3$bHH
zfvop*4DS^H9tsY?DM5f^AzoAV>I4d3bv*=pR^6Vvqyy+AhS``RcAO#4y;zaUeP&Ll
zpmwi|8GA^T1ufaYPNcMtjnVs&0$vipyJwXOwyg*XUi8L-`ewEco)*U{V<ib6FFh>1
z2b)&vd7BC4WI{ld)WXorg92f}*-DCWA_ah1m(i-B4UcRFci7tN_0UmVW*{vY@?a}2
z4YZvXy{n!v<j3%`=31p;t?hcj7}$-{_qKPDw)}OS3vt~ZVB3{HBApg{oiCw)ggaxD
z(GgQuA%GPb`O@z32=Y@^#j}0r5A@xfbg3s67pL)&CqCv#XU)fTgxi3;Cq;E0U0jE3
zk^YDyRV>ZX#_QMi!qLPRYcJi*bocs%W6a*^g$GP}#p1rj9PoSkx?p+R#=HDR5(Qjr
z`I*DBVWFFYTIoX8F~2<R;LEENM}BUDpQt|iLiN2}2dOxw&@5u37haDF5{rf@aC*y;
z!^2qB8IGm6m|P8&@f=>%i?oe!c%Z1@W&(86_^d%a-m*qo7v{?Xd+fX=@z5#XYVJK?
zU+J(x=A!2m_ypf_pt6=Omg319-+3z|KzbWK?XRNIhzzCfcn~PoeEHGr!*F2N*Qo^d
zdM0y1JruhL%)9MBR;>*}b-FywxNQ2J?!5(zPQT^Jh%}os4GYpyeYX>M@*q&)jomC0
z5SPBCU1`gXSMZ*ZTsG<1BA;NOg_S_c+|x7cQ6-#kY8!}g7HWLSX4}SM%Sv8keHW;;
zAwm^f-3)hhmNT$Ul>yR^A3%3R_MJF%9*Do*Rq0B8%4MlDb}+Z54-XJ^{qZY!2#i2n
zRt59IO`4AxjrKWN^e*xB%B#SVn+v>fF-aW4eG!B2o;6lEyxBE-1x1fRrIx}eq6Vp6
zI$W_zFRu+|U$_YSi&T~Ev<jO8!vRUe*WtO_*t3|I(R)TS<~A8vMTLjNFRG^Fk}0h$
z!t1^DEhq(r=SF$?Uc><U(jy2w#m*VWoKk;#_A2cedW#Mok7`T}MPxPE_CuQVOO{IJ
zx)XrGgYz;L?bAmV<?8yp0Ul*w8t=JY3_lNm9!%At8Zm|`r`Qsg@#uXiDA|dRTS-}R
z^nz8_VL5bPpxQje42FB>r4uKkNger=A2B$$u5Vix$@pGy`|Z(St!yU|wXHQ}-<XRB
z_oivrX+c==xEa7hHY7{tJqfELMmP$tOX=V&Cv(E33MP#flZD&@8=LdHWGHOhx9rky
zg<eu6PsE+4nXyA_W7+e2Lanc$xxiiG#*_i(kR@WqL-v{((e@3zCt$*iHzV-GpWqwh
zsuXgih&)pm2Ga>e<Zo6TzF4jIaJ2VyFa<MsP)&FqIu0f6LHfE(pd%f@4&kA^+IviO
zoCbRW_L?6{xmJ6RJbVs^Fdgd@SnAA?_Fjbnq2I%O!ACD%ZnA`cDUwrw>F}#k-F#t}
za%wm3VI@)2gHghSniKZ=Ar;9gFb$Xz(*iZp6NsT5L9vQ?I?s5NrotyAh6`@T(n0B}
z{)4rfHWOs`Twe6#x|(hIT_OUcz>Cnjh{%n%vr1-;(<}jocH|;71d~BX(hH92UXBu&
zJ7?ON2Sab2QVJFaJB!$vnf$PPQW)A3{F$X2Ke%-9d{G+VQ`~n0`YLR3X&3g0Vmpz!
zQC0lHIRXfTAH#}ND>cXEG|ueigkA*45kV&dn4t>Hy`70Xex5p#7)2Gl*3VC(S($|s
zN)IuRsg#ihK%8*^pG7j-&?(lLbQeJqHub%1zp}Fpcwk6YlM9A8gB(Wdr98H|Wc><;
zRB`f*#5cy&@v&2Z3^4}{g0BpV@T}(aqsRRS)6bb;`_}QjY_Qkqsel$~`xpSWdKy=D
zjXAE}Uh}-%EEg2x@OhQ9NH`cCm!gkZ)nw!8dyt#}q|pifz!01aGig|60nR)7jp(qh
zW*To=EDk2!n=B51QCz4tW$`3c6@UjEsnpyI5e|c|a|jMmjS-Tghl8I%->RRT=d2Ji
zk~=vh>*AC@aCEM~zC3k$8&+`dNsB^o3BJ6G854Y~5he*(Lup8NeU<15hrv@6uOh7*
zhaOD4%=Po+v?8<6EHhzj0$Su4;~7qp_uQWK-trO_(6+3f_KlhPOQaHk=hwrryCPM4
zk|B}C4RfR3M_1IN2S7^&gh6I~4UCRY+-4t?kZXEAI3D&i97ffN$UJFM4w%O#n#Jqm
zaPSSQf5OT%p#>G0L+Oq-YXdfTZUC;JHQp#la<-9ZT$+@#s^_c&+w2Z|3J+koNLQ#E
z@<5?`uvS-9ix~VZ$h^96WFvYG{TMkhRL-A3*)9#=!+Yj4g71_-oN741M~;X}c4KM)
zRpb@3!kbYz&JvQ>IveR(W0XGIn}EyZuf2laX@S=kKYP-4zU<H-|Iv!{B160U74{sR
zr>DGL)q_cXX3M&*-WP-muY?Pq^^Ntqf+vA@jGYRSqAn0?hjP4>H<VJy$@-?moz9}7
z1EIq;^_<XOUAI_`c+X6}Gi}~baZG*$w0F^nR>k*RYQ*%()krKxiLNdU`su5ElkH?F
z^0w2K(yBxXz%Ur*)ZC=``2s<r^X#sRsEKdWh3@J>^c99Jk3)d6nu*wTS~Z)85o+}!
zYC-O*K7J`e_)`|tkEGc~j9!$eZvYObgAoG&37AjBcw>28+3~77*X?m*?x=<bDmHZv
zZiPU%6Nk?xu4WJ`9*kzbk+*0W631Z}vbnUiiC2%YwvmP&OVi;#G3lgRdIxNEMV?F<
zrmvrF?!Gv;qh8%R%$zcxgknmmb5DMUV>ZZhvc0CDQ6pIwn7no2lz6(4HfbD2JkY*+
ztqtw)FieTCrC#*x8<A^LKZ4F$Zgw|v#ZY>J*Riqw8Y~O?y!>{o(ao&2A8eAw<J)1I
z0HJ7=LVfroNu3vkmh5Opf-)|j9ER(yQVL<y#k-Jty#2-<4+aV@7{u_(!wMa&9|*(i
zJ#%uFE_E*32&-XCI~-TH5wsicz^&8>*4si#-1i2K7xWxls8EjO=;chv+vQGLm8u2w
zEAOOtH`pXZPak#Dd-sTywJQOcmo*6As1n&TaYe_h+M8;|b~HJBF7K1purFFc1YsG$
zDdnk43D|)mho@!jla)!0Dm&M;l2}i?chm_mSE*vu)I)W%UM5$B^Ps``5E;GHQfYw8
zv9oozDYh7E0G^kj+H;%avGHbx@Ya@BWiQ)g3I$E`OiM&X#=&M*PyCJY<9-(}s3~H@
z-0H15;lB1IQD@YOuu^+(f^4$&6(7;0KW+mAw1oK&*OxT6V8wZ<QWAo~FRG$nI_y>Z
zfH9PJ;)Amy>NBl7G(W1eWpc2!eG|iGqnwOUP3`5G{rVi$k=*bR#XQT^ker7N3o2M{
z@H~y?;Zg*xs_xp=W`K3ys^9cOz%beM<^~;T>NlQ%^%jky`izLVLHsS-Vw1{~MT&ZK
zcu{#{3->y1)@MX!8fU`HU4TMbi=zcR6Kjw|2TzjNd}44F%^^6AACrpSYDh8d2A)Sz
zyyav*<=RM00269_lMf6VVNgkr1sw*YpI6pdVY^v+HV(!$z9u>3P64Jdg_(TfO9?SN
z@sf~ql-3?JPD<XYt-;LmFz{2@Kw*4alZT|$oi5SK@7Q;5J;JM~un@Yj$a8b>TKwv;
zLyHm)jGsaDs0Aog>G4AZlAaB!+B@vW9cArP`LHOH*fYsW0A4)bD;68R1z>Cr%m>Ft
zEv>gWNyGhkrCKQkU^T+cV7!rDi*>&n^_Zd#rJ;lORsgW5ti*P8)lx*Cmy}OqUNSdF
zNbl>FC>cjb425SE>~#iuhWX^86|_y7@~Hvt+vW@@BGkv=RU?k7oOR<ns!z+w`$*o|
zFyS5PRVImE6hm>~!^OU1m5L)6RSerR8>SWuzB!UOC2zMar}v`tHi6GG^cbf>Ulev7
zJ}=^;XRC%Dg3q83-wzjOe$s(4HbPwbw6#T}G;=IzzHmj5FI>GGH!5cq$PQ&f8!+NM
zAn91-sh8SAc(HLUf%DMNq$+#*fx)<wp^hL5dv1bSvp~<qd(ZuB@eQKSssfp-UNAk7
zM}s%$75mnaDi`4`%*{S9X25!Q*0-`m+F4x06ricL5pv+W<bjnzG!o5|xApX1TRep>
zd*ehMhR<58#*^ak0rKN3h{UwzeyD!`@p_eF&XN|P!JIjBuBCAXTU_sz=CD^2rW?VF
z@gbtu6~(>0y&e<L4=MugDZJ6<RMU7OVx=;|<et;LR9ESNvL)fu27r}lA-_;ea`u_)
zbS?KKv_=>o9At$I$APBB=-e>Do<Ph#yK`MYV>^9QQ8XuP6S7S%deAT!8dJvLA-Dn^
zVkgbT^j?Cg%j;O~o<2mLZJn+?%}i{qz{Xh6-7-5{3&-d63g{M~Jf=Hb$u41EQ5(ry
zY<!x8n=GefP|%P@Ixlz89EzaC?3KtpI%MVQhjZ4Q!eU!03^vQn4#J*MzSb>oZP3T%
zYP&Adkm-yY1C2Ez5H##HEk3L#hI*nlw1~Lxc6APb@RdZB1U;y|)tc)?acktZ3|Yn`
zXdHg81%XK#Jn=OR$V2EPd+VCijf*cQ*<Qn$W^+Es)LRsO&JU3Z$k4*{4OU~hGzNH<
zn0ZJ@^Lny4>&dk6U~Dk?4kQ{2u5M(NL(S}Ao!*wtY^nh%D^r@mTUsO+huI}?&Qoc7
z8xOm!)Yv)Iq@ZeO9H{LwU$v1@XlUUZkmg*1dt9s;xiYLa0?48Z38VO=TJ(|HRE>*V
zq}27ojQFv(o@b!0VG?^p3tSqf;=v#qEE*Zq$s`6)9$?#Bk9b9yw-_D+$S&3wu4vN0
zf*uTOcmsAZ3<u`%#9%Hl{Ed{(<1+8OPhOF}c)hgUA(=EYOCkbCvBF4YYTAy<kb^j!
zJ=}MV+#HeOE12Ds>M;;O&nS$=kHbj0^mV}sP+$!?y~n0jwlH3s*puLr{Ma2WT|iu~
zkFOZsz4tElHe1|6oATsYJOWbh_d@teRIS-)qAR@)fpaT>r80ff>nd8#*Pc)>j8aQ%
z`o@!E4ntaJ*w~lR6kz%vuu=x00FL3Woth34t70oN^3fux>RSq{-tbU0Y|GH#hg+B(
zi5w^=f>Dx?2;#*fM5RoI1=(a<;Yu69Op1#t5jNXK82P|>{1JKj{CK$yN!X|2+J3}S
z#Dcp|I4;j$VzEYV-U<aU#>oRMiLQj4CYh33cYs__GienW<z2++lS6$pnXJ0vQwD0G
zHMv?x)OTgjfDtT5nV}Tu#qK*3tvv0QP3YDM_g=QCa5ldv%-)Sa?s?kj3m4;IXzbjf
zf(9%MnJT`KG2<6-CS-golu>?W5!glLC7OBWe2Rl12?*hdFj9#KuhsCeljhBfT}Wo>
zeH?*0av;`@B1m&emUAaZ?1**PmZZXu)>rHRz|WY;_=SVu1L4Z@Yr^G+S`Rr(YH+4_
z6s}@)EVnM?Zc=f$MwYalib5-=-}xbSK7Z2*qO(*=`GUx@Dn!rXF(nR6ax#&R$oL66
z`FN<W5xU}ulW0K0!w9FIDmEZ7ZSsuQBYnv{ww0#IXF{Gm{KhQom3M@N#kg4l-PvAa
z83|;mJ|-lCE$J9yzLUkK;O$N)o$L^v!HP7JY<}5;>F7iEBrBrGoe!Mfy*DxdsWb~g
zvZvZl*#gbp8_JT)^ut)6-gpga0s7z$5MMJTp8_=9I=&oJoTKF?KV7#6&S&t}2NdFo
zs(a3099BJX0)MICgl{rGfhG6?HmW2KOAeypVJ~-H2CZy8?)9|OaZ1<6ECOskyRwB{
z{Yo_(72e~rTX|CpY%QuzJNB0Nq@SqkWGTcPma`$KiHe#~QQ@{2FFJ@{6U%#TMVY{=
zA=|_J0`n|Sx|$NvEGvDCy!GvacTlkY;B{VLk4Q}g>H>u=V8Eyi^Z3jnl$HU%=j`#g
zaYDF>c9?blBUZbrgKvkx<VhkTz+yZOm(gk+u$-U>yY?V&T&tVD99<?eJ$b^L>o?@&
zF+*et$d*;3JCzD(8&BDBq`5m3OfRJ;o0zRQSg6+FK^B$9RMzx+<xgm(xZMtSV+Wc_
zf#DW&YRS*(A>tMCYjmiHkXuwJJVg<3%+Wx`G{DzeegzM8hGwm}YJ2D=rFmmLO{sLU
zWS}@Y&s>n5y$i#D1oJdftiAL)1ysp`dneVzjpl?}o!%BdWW?JGV!Xv7-hp?Irc4m<
zk;dD+(t-DK2hB0w5i}QIH@8xTs8~Isk}NesEO89F0N=MSUp*j5KjQ}p^>{&SnGolg
zm1YY^V<iMu6e-fo-l4(Jj%_{Qy)ZIo6<E&b*CA=>Pdgi;Wr?<XCzd*GS}`mfgw9^3
zqHi7#v$tmVXw$4V&sj+lJx;iCcj)7D91zR#BH733$2G6hw1+U8CKU25+dz`C(Q`k{
zB&&y=!jgls#|1!@XH0J-m4YX*%h^{5DJ1Oa9J<zn@e*oiz#|WNevonZ*w&nVw{=wn
zxzp|)(J5w5zT=Iyr~n9!s1|+=<6xCLYtvYC6;+kO*IZZHR|1|fzKxADsN~(0c_?yq
z0WZ!?-%CjlN^p&*RoJC7)$_>btkR;3IK3u;&4WbD(qr-kjxhPOssr4*afH9U#z$2Y
z&XxgKd~$pn_f4#S5ld+AfDpag2!uBvFil?P)J~`&rV`%5n5--Mp|yi&QM^a0;kgv%
z4*4D%ynNyJn)`Ykh7`B9&0PWYBJ18}R<76!Kc_AYvRQ576G^_fP?qAh6VOsNX*y4@
zY3-EgCs8}zE0y9N4~%kMNIGq1^;8>HC_@LAf;v^M#M0%eqsQOTK*v52pJfovCAt}+
z_z&66=zEg0W0+D+Pzlf1LHPkyV~R-cS!98FMZ>8Zxizx)0cEmvSuAvQE1jqs@zAT#
zcpYrMsgv76&-dw%=c^uZm^t6$C>{g{9|DpGgO2D)sLq~n)+%q9<TC3S-fQnYF{(v{
z8HpsDlNIHQc+Ge{^vGddtWeJc?z}l_>A_sANUy$5r?azX^xgvxdX~KQ#y1OA5}Fo6
z><Ya2X83Z2y_+_+y&9hiJ-t2wgJl%*iUZ$JzPOTeP=g~7SSjm%bz@D>?*Ow>@Pt)j
z8ZtrPt+un63Kt$W$>4&@Q>K^VPT1H8>aNh}@SbgsS%l4K0=ek}T3C6Y>r4AahV(#P
z$+N>@%NfV&!M<*=on(}8SQO@>G~R6itzF74^v)*stT|GdsoF;-(B1}d4+f;)8>$Tq
zxaaLF;=r0gU@q9IeSu23datwRg=bqBMW|xxi0&YAhxE7+#@j{o&XHH%;B|6|ZS)`w
zXKj>y41AHS;jXs&oyZ7!mA_Ses|r1n1WhgPsLxmh5j}=scBU%e>7^Yg;ZVyRtc(c)
zSfB1D5@Y%sATSd)+e&RUgfiaM(o|?_@3eVa-qSVHEV%=|^A>i6-x8}xj5PK^sG_Vo
zF1IJ@=1uNl+-xz<nqkzg6~1E3Fcj$7x~D7)P4De8w+dqv3giK@j$PorAv6QBw$~4n
zko<ij%l5g)O1(>{#unL-D4b{bhOy)kbnWZZ*LEo<5Hj)%)!wqlcAK1q`3jiKJ(zR0
zlsC{1nb}H#yjX)_D7Id{i`2Zx(LND;qLtfG1t`6Hrzu#ejlJM{Tj5Yy(f8sA)fag0
zt?^Pc`#eWWmyvt8a4KH!n$f^Dmp#GYF3M+{?E-URt0A?lnZ2w0%ru6Dl7!9s{$n<-
zo?U?To}~B7=$U0wSsPKu>3gC@7NOVGNW2g2;Kf2h#SgrmnASY^kfMp_%%S(HK__$x
z1fx;s$!=Z|mmO9Ly^<oRT=u3jN2(|J(jKx4vCgrf=Tk-`79>O-eHBeXvMYI0(G9Bb
zKwOi;V12a@;~_pg19^^aY9s|un;Y<w-bEQuQ!MFo!kwUEy%&PUuc_J&Ks@!uvWo(v
zQ>ROK?vvo*aC!FVCFL;Ta~-0`7pLN9+39fk4zn9kWOH9bu6lDzbrS4O2RA>VP&rx(
zV{!r)SI*P+V@OP4W`0tVX6Qcq_}=3?OMRA*Fvo2H-5N^B&pW4(xW*nQ$mJE;RE#N)
zLHav#7IU6>r(;WeN7+j`kb0f{unT|*ICcS(nwMYkVxwfQNNU;&7cM4TwdWPIBX%Gj
zxpKQ6!hn(TP_WT}E3vcC<1k!)Emg2Naxa#7-rE`&7k&_hgy*FYO~PR+F@*l+lsdw8
zGaR%fx#ixY0N{Bw?=EkQUEYhaGBnP4ZA>ZPL8S1|eUoU+bwS%*aWmT1NGHT_4=m43
zHu$1MMGk;O$YfgINd^YNZ37apzEWY3?ST}X@ic$G{+-zoQCrv6y5YM9D{==tap<}Y
z7@=ez4966F7OwAUchGXCG4;u4N)!QZE<H8!<jz+$5<$taqmN%Nlr+<hw2aHdqNdm<
zvm#&2ZVIe(7kY7$P~&!6_dq>YPT`m=YPINVn`Tdp(+<e4dzO2#$xrBxOJ(m3+t%xq
zJM75fYQ*R}s|{}8CGh9WtPNR?{A#rjdfM!c&m*yB+7fr?$tg(JJ_@jaDhf@1RIz+Z
zy&G$7uLY-kZ{E0ZAHuo7t)cG=wn?5&?X<aIK9aLgsRRd1q>vt;w`OyB+y6m3inQle
z7!8*t;Bye^y?5}|Nu#H`4jK&l_QtP=L$P*3s+$2oC&vMZ=w*wNq_5F~FeEcO6*q$?
zNAzf|JBibMG(l&yM5a#=7x|rtiK4$c;PFn3DQAr*y^ONs$A?`k@VdoKAq~@6>5`?T
z8D9Ccup3KL&<6U$)M?fCwDJj*FM?~MRKFJqWI*mE-VRw()O%;5*Ycj?*xWF1kXY)z
z^TIK^Tv)1y_^3%nBYM=?E)Sv9URODbgEZP8VyTUX;kLbAo9XZ<$c8J9r|LLd^8kb&
zDKnaDg~k%)nL><obd`@RLWe(_ITM31%7VyvNd&+iO80;?f{%||H*=?BB8zfE{M0Vg
zx-W6s9<;n(46&{1cX-OLYi2mu&23Fr{ZJn}*sjo&Ez#mAJaB^N55tdMxsX5<^Q(hY
zlh?*Gz^cxEO7YOpZXTnfNgp$s;APoz5jm+ma?fW~sTGeG*;ml%IbTkpMo%FMPKQE0
z*b{>QRd}{<uav1HL!<?xayL-6cK6<*2NVSzz3uXPlcWXxW~-GhpPmBAtFnjSFJZ1x
z?|AMkdG)=(BYEf^$7&;zoCridMa{kM`F3S1AJUuU6C+$3=ktfsFlNtK3=$AS9RZPe
zqnGhijq35%$bpAEdAdez<ES-2$<>8aKA=8(FJsnA@<9R&aIoVTPFn-xOPDpv{DfBN
z3tH4ST5m<+o!LZ^J$W|F&bY7YnU4%eHw*hD(gh%p@uptq)hy|YDLO0l3&hdj(R*<P
zddnKNeCcpU_Y4OMRv$QkY9o3puX0ZrgDM%$>nJLYnt<$PQi86UnxvK+ceSbB#mC5$
zWG^s$@|*!)MrkW5Vy?t9>lc(1O2F<SvbDG5q;|zTLI%Rom5(#z#V$Y_|3~fBioyxf
z%52&knn5JCD)LOL!o7J{do8CIhr!3$?yT5-g-sf&jy`v*a|$`&#dCStH?MBQC5`;7
zqe_<P=;4Wr)m1<(Kso56MiPBFtSZ>=7OwM9Ez3;B^G$%LKjia8*hkv>G{9|`&2@y2
zcg(5qltuZ$yTx}f>@koo@s`xpY=gn57?+iOC)5IaA4B0BorE7CBsI-~Ok21hB#)Q{
zQ>?i<z1du;JZjXb+IZSAnaIM>BA~)KAx5Hrna0^NfV7j#D0AlXMnYu-F<L7WbkwXo
zD@q06os>_|#O<~kRV*yO8#m#AH@>gzW}hpDnu0p;<Kb%y!?+pXFfcG#m$tSQLG+a%
zOqv>W-8UPc;CK7jVFx<`-@>xbl8uMpSQZSFToUq>6g*A-byKQeb01+k3$`JuBIvtV
zcoNh;K|CtVc6^X2B1A33OH(i!PH67&l*ysM5m@k@Fq-<|){;Hq=Rk{F*Xc$;FDY^>
z=X@v9fWvvArfOY^CsNOivg&lvS5>KDc%QykVS$FkB?^*xgz(OU!CtxNECrty-|$(e
zc2DHIMV5}!U4yg9=fISM?K%&knlLy391#r&<t^0VytsGDK<4%+Mr1|ur72-KJ?Pfg
z?P-Vh9#op`tY13uCAe3;$+x@V(AFVu-YLRt1=m682|I9rfID%fZ-qlI9LOiN24B=V
zTd|a)%Cj@%TalNt(0p8e1c8w4ksR-VYKOtl=ukbX@$7!68NkYf<@SJ65N8&|Y}8ZZ
zS=ggYgB<l&E{?NOm8z6zqVL7?P{3{FQGp5&Cp@NtUx2khR$Tnzyl-P`JP>O`pJP6a
zc{%Y&@*&XF>a+K(UK>+2M@8vkfW9R%RZ5MJ#;M}ce*Q2KPn91af=KJX*qW(t(QQRO
zjyrrLx2R<BgJ~UJh(5ulwk~5>Kdor@V^IZsHIAt}ej=DR3WBl&6;1Y5={+|PY*{{^
z>^___NXXfT5oaFl2MyBgVvK%J-YkVgRpIP*;stBL_=0`zSx4I_P+czGB)^$T1ka15
zf!DXCQ1xP*{6^DWNAr7lmkF<5%DXhjL{>M%%4Y>HPHs^qD-woNR)?|$PY(GBW86hK
zPCQUVF*%)#+!$k|ORqel>+PhH+Q#&8e<#lo5BFs^y36d!6Ud^orIPbTY{z~pP>XQ^
zNACt7QC4VW5=se#l@wxPMyYbk_B@Z=i6gpR^;`_&G+I%Zr_u%DZN7W3Z>T9zi~%x$
zT5ZP%C91U9)U3;s=hD?ljZ!@5&1{R-K7}(5ckF8B;Sz5opFjjZO4UbF(~3rAO5MPt
zr-2)GQYDc3aIuI^LDH&hd^}!0b{EjMIJAX23&ZMKjnXrh*ULFNmTow&&#Ck<@3|Pi
zjHnkEsN^m2>=7JGaw1hiO0`Qo?OjHDBm0PgHYn666nIQ1DKM;pWgoV&kmfu<C)gJ=
z9Yiqs`Xy!NUAfW=UMDIG)W>q$UcoF<Rc+RaLG=!^th$XKav^pTj|z%lg9!N!qKH({
zz0Ghm;2lBWb6YcFK)H+8!!*fli``AM=~c&NuKY~$F|Q%VW1tKZmaL-yy>D#&3)}AZ
zTv7rlUzX;u5o8ucr9XJDhr67OEvMsnI^-00P6><9aPOB3Oh^h>ec{-!%DvV*qBZxN
z8utibC@RZw#>7C~!el4w_108vKfQTD3I_Kksa(0Jz(d_H;k?ndO~MPMRi}5EwTm-w
zEPQ1+ILp^J8=Uk!XKQycY)+6s8xZZuDhpX>it_m^c9p*P5&r~7+WzCV?~TLkxbFj)
z9YrrX00{xjO$)WaASu}cBhVRgiG2wWVDg%iSm5=@)@Z3yGnJ`IE7%HJ#UKZ8a*hSD
zIN7o-x4Kc~UepBdu_%(-^JUr^ty~DhU?rx}T9xcac=PlY(Ub*K@Wvg6IA)Q+R37H8
z^~HlOOE{pM*>uC(y9-=vT5;NpYEr!d=w7__UY?W}TjbCDSgmQ#`2-;0pw~4F?AVQx
z^~D;*toUK?aJyw}GLRU}M$#)dQhebT1KCBi)(-*kU`DhM*Oys^lj&)Zl!-|=q?X-f
z(MCI{_9R-ZwZWC4r5~@?(@>?PIV#X{vD#ep1f0&o4N}p9;%=HIMHYSmgfnlNLTcjW
zd)oLUL5|Lz2D;#a1B18vTLK>}iMK>S1kElMA+jfUhH28y3zotG)yL?oyppy-C>O$m
zyP>ZhuB*dBqH|k;21y^2L%c^ll@DN(Ekry^?Kpy6N6N<)yM1gOfDeJSZ68MmF7V;?
zgc)T=EI%sIYj8s#(^ZC3zI$Y+5zXubSz^9cO|6OqLI(8kR;(c@o+f&A-}p=AqI|nc
z5Sr*vkXrr5Wc1znUK%+|EI_*yJ)F5k-U0~rR|u-d1^Y_XdMzJ&#k4yV(Y`P<6i;iJ
zctxG+=q7g}08ip6R2Fbv5R;?U5GJOHfjBE@vm7~%h8tI$1SZD-`RFIN&%U^Q#!+H;
zcl4l0RI_m~ulG5HNN(x|_}h}?*b1xC=E^)+H*Z(6VF9@i(0#G*)n)5ldDLO(D<xih
z!-DgexEW~kfwMoF(e(#vA=xv@Hkw!-nwe<ZX$aCz=B`Zbb&D^cbUIG9^)|F}hu`9m
zzuJc&jEAf1y9in>w8L+n6s~Hx)L}#1TH+=09#`1q=8h#LhC(9Y|NHGtN!OmcD#=5*
zu)`7$h)7?(INhV_?j|lv!>D$=n7T8r$To-?orKGmmkn#LDlAoglP{?dUPuW_t-Irh
z?nu0u(&tZDPJtyEI-k8BPsXyKXTsVMZF1adZ!3@6;;Oe*po^~TVJAE5_7Hi$ekLIZ
z2yZxIXUwqLL*59FR*PU3?Q!H~+jFn($yPBMweT}AG(<^fu?Nq<1{JWKMdSfv-)0b|
zYqmRK$WyrTl_Ao{N$)5C>uH<&8*oi4c}umUdC#?@3?|vD;|!m|p%pDyXJYqzokJDc
zI_f;ISUqnM3dS#e@-4(uc!TJVITX#7HL$W=aZh^Q;(_+K0Om^A<L4pU3X`%YPlZHW
zYc(Qeo&6Osgi(x^vD7?h>CoCo987yn(&=~cyoa&C&FtuGE;c0XJg;Zg+7d9g%QzHL
zN~*79yBcrvxKu=?s~-iWDLHi%%xg<fzH7uYcb}xH9+R-nCw+Nv5^1NWwkWF@s`WTR
z0F{viWW=fuI>A*0-h<cp?AV%fHQdf#xFqwDQn?j9^`3e|S7U5oMJs%-4g#a=;tehP
z0cNKchqDlNioASYDX2LE>Ts*J9O(F-^C2p8`#e}KziUbEo^3UXx1)FtgjyTkWW~ad
z4Z}{`JWY$ioweP9$pH-AR9M-W9_4!+Z^o{fB#L_RWwGGPj+r#tebU08;QIH0tW1%w
z4U3_#Qhj9JI$X%0s0Re};W!k|(VBz%v>`}nRKhR7>bjxNvmm#jkFCXpbxUa{vZSi_
zrDm<Y=y<s_wXEyiIHCnMliVlhX4?9?cBQK1T}tOYKiM_4+a`XuvRjpx1h%+GHLxqW
z4{Knf=u|FnGUxENZXPhP;}}~#=IP?PXICgooOgKUJ3Q6*w4);0j{e<opZILFt);u$
zMzf5))FLBg)bRq)_sn|9mCt8DUUI3YAQUmZRU;OCH1#&!tpm>H80&>@a9(IiD;d+g
z1s+m0b5cE(hG`^|-SAk_8Q6R;-BqifY$BK)0d_<*)EW;uzB%S8BRLh=Ix%i3akW6U
z^}t4ON`7lOV?os5w~91DY8>7Clr5R$*cF1Q<jFCz$y?K_Bkx8B8QMdYpk9b|5#$up
zwzy6gKsnT-JHFGpw2Wr&ve>6%hN9IqEk?^}*HiPHwM8l>bn$E+HRj8Mjg7~k8WN$(
z549lQ&X%pVw<arFXC;)qGmI?8m+5Da0O|%BQG<y)1b2gheJ_WsjLD=Ih!#6xx1De-
zrLJ+~iBmUoqSO)$pY4UEyh#V>#q=8s4zQS0Xap3kUGf)kp4h^}uQU0*++0mcjI~KR
ze2gT$1DR?{nJmUsi`cj2*W8g%(xUl-x$L1ZWt!RL-P#K^nn&-RTNoHb1`fodW-Y16
zp*J~cNwNUy(S=*F^1xD_wbnfe2%Hms&=+xMIki|op`cYcj+&#eHGM<`9{jG-Aw@YO
zIwb()fhBiyhW2H>gQgo=V8eI(;^xXTP=ub!tdWDhcsV6Kd2{vB;;5iErj;RM+xrQw
z2R(H~YRPN@SCe3Ufe*PPDl}t`P;chR1=#s!zCupeOc9>vDNbyXRqpKgO>TUj$~0u2
z)alHM2$_yF$mGN$yyIo*IwP7q7Q98PFkw7vnZtVq!*Ue16>q{v4RVy+Zd;}oAITAv
z%FUZo9H~QoIb&+=pkh~8r)Xoe>r|N$6bO6Ljb0Cq&n=vuU0;bTY^zvPbM%ex1_H}n
zFfgc>kdhdkTRZU<YMnT))r)RUAVSyBVpCr)e(Y4EAilYyH$crVMD}t0hc1GF#S5d&
z7Zr+e%b9!Z+7Yj49mvOgw!pKvp54P<G~ApGZ;v73Jzy7N%Hlju>%tM<(;;Xqu5t_^
zZXl~Ys8cy{fUfh6r4hJDY3tf2{tTc_6rXeQb5*aTN9L*UBoB<?^r*`NYBC<CWSRCf
zzXn2`!iJ~}BY|2lyU;`RJ~!@0XE8TZBBfB^HPn^9y$Co7b>3MIt1aU~@hD59s+?ek
z(dOB*$0LM_JK@Q$(zp%_Zoc%!yLu{M>R3Sy;T9h#zrfgjje+_C#TRVec+~P~ySFeb
z`wiPT!IWkQn!|#Z4!XuB(`%<ag`C3iwN-R6B{1n+YQx9;cG$WGcZ7P5cc2BaYcXSk
z7EZQ@`&_!L;X&{y_Q>eIekwfdT5&=^;!nb!cGkvK`8&0CQzk7ZYZ;~`FI=fZ_c$7W
zN`HHRk6<3}UNyUucRmApZEDL;eP*!tF)U?f1FLL4+!v$VFsx)dehnm5-eXU*DByO-
zdM5*uA|IYMlFQ@mkX?<WNOoKWvAw<YTF!fS;Oa9fU|NDV%X)@RtfNGjSxY6gMveP!
z)@yS@?$u1?m8U$!h~jF9*!RXU04Tbjf{#9%Vmvk~h}A}9EYL^eHj;0ol=<=7l6k8j
zGvG=KFOCw6ic`t(X^0cOO;W_|5q3R8E3N{!Ryhm=u^N0%yBkLO!T>>n>l0l9_(E6u
z66tvW1KF9~&Is}oRj<WT*8y&A)yWQF05?F$zr#6l8>!*w*X8hwV3ECo*DPjaA~Ddd
z1vAt~g!fjOMIxm(B3y??*IwOG5VO9S&C;wcF^uEn)K}CO<OxJu^z2z%pM#nQfLy1H
z;HEVVq&$y)270f`*=O9jIEUAO-oB^RM@H@_<Pg#C?m`QtA#@WN7Ak^0b&0N(OyM-}
zKX#ANI6C1%R2Pvwg5Sofzo6xLT+tN@IkgUE@CtL3$Kfb3;`F_x=g1FOku8Vv_MKne
z^}!k(6y?K(ny6qe^6Scw45TB8tH{Oo;`~)%=0h30Zha$l<q=8D6`^kDc;c?JX2H|@
ze4@-4L*Jo!tP3}aF^Kl0RS@E1P+64Pm>MwmfI0VII`i$ltY6!=v$3Q(oPtEG@U4?&
z`m&yZy$<laUa^}Xk9cJE-co~loRa1OVG^YQI!A5Z4!~LZoe}Z1X3$oj5j++w<4anz
zjoGE!L&7&P9Dy1nt3*{wHxvp;@(S}+Of{H2Z#{~<*PA^4i1>+!MNmrJ6)dk2uRHGL
zyU;g<Atqr>o4Mf!L9xek#=Q0(!+?qNdw}sOX7KgvaP~|E;MSUwYL$KLF`~TB;+gsj
zam^|oHGLB8J-P~$(W3Z{F{_gOa9+aY!jPkNLM6`Ks>PfT>JX|un}zFB&8L@oZ$08b
zG^Gp_XM$CMX|mO>)mp+mrNQaSwVtH3r@-sQ1Zx&4T4yH5PLrl1zVVEUuvX)ZJbyyS
z&+s*@SSy+@l(4@iVhc}=XN%{V%ETtO=kjc;w?5@#x!Ez$lpr={J1AD&(AneKe986{
z-eH_9q|E^DFa$KY-ZO0R<l)vA+DGrDzw0!23EjIn9fYfe=K{?~K;sG`ms~B_vn>Oe
zr&0CIu79yRyrx}2efh$S&hjL9EG*%5A5&&d_uhf+<MoNN3kZT(vxhpi@%*{B#9jsX
zD}1nhoar_+GMHeR3w!NBa%?*Gthg(dYCF(x!UjrscAX!+jts6->!hO9$f<O-FcnKj
z1$);op96<cjD+~0zI_GbWP^3Sj>NCB9uqRsO{R<zK9LLeDZ4okl^D3`<lr%meiV5R
zZKJ&^#s7sDq)74nFyq$W#(6=FrwOVVKItLUmvfb*nle)_0dRYw<V8Jyui01p%^i+2
z4B%vixf}|6izC&ZPXce>>f5(vp5`mJH@uJ!#^7zghd|0cs;o`H%%M!7jO-EGB}bh1
zAWj>B*Npb<w8)FlTdjU*{i?;O2YQeXUzYeVx7TIb%d#8>aVnegN-d-SQ>%4cEERsi
zBd>8__f>~-JJO;*Wlb=RqRzEidE_D(Poyo=tYVe#S;Ym6<etxUfn<0)T?tD=h^<!m
zQF9$>BYE$=w^wl{NLz@<w&HSm1i~rMC(_nD<j?S;>!C#Rlo-K46cIdvXD?T<3gWe!
zJ_2-YjFcxU&GW$0*j5M>lK7c5-Ek7OY|Okoqm#Ft_VDEKQi;Db&8q8s(mP<h%=a`@
zH$t5RsyX0Q1#H_%9J|cv23s!5busvPcH_Miut{@R*_)=JswWjh{Yqjb9xc0TSjmB2
zrFqUp65XObejGA4cS{GubV$ydjuBSQ5KV(HvP>iOs(IYSrLx#$px(0HsmTN7E*5lH
z;Fo4Bk))DKnSPGl?@ASApG_p-g>lGo0*C-di_-SN&1re+OG-6>EXKSWT+|U0I!u1E
zov>}N_mp3}95b&saa0X7OXB@77;)9Y7SY^iX71t9VT3SaS6@}!5ed7K8UZjrmZo=c
z`{<d~M87K_{Dc?n3tkuMR%ZoK4kMa(5BDvj8z+^!wpv1^(UdeLAKf7B3p1F01lmcF
zFb(N%N~Vo=<)z>hTg6N<1y^KCW$v5PwtWP+`0nA$Qd^|Xk!Q6M2A)Hsz!3XJd}w@D
zF4eQSZ}WCnydh(^-6ec^uN6;a7+{=yX1Xf|3Ty@llcG<%v`E1MwYEGFBfPxaZQ-I`
zI&8cN%r}7a;3D6{_aD9f$TPH5Cmubl2Uu7~P2n$#L3B87A)a@Ly%rpi1~75!<4(l#
zh9PRhNMA9f+**6Lar1_i^%-;fB9@!hNUQ3@c_wQYv=pTsY+&?Qi89o87rKa1*CVmC
zMfVvOiWZ_-%ER|uHiB33rA1t}v1{nd43xTdwe{{cn&Ci=gG(Jc=_e^2i^qv|Am{VA
zQj?LHgyXRq<*h$y0cHfZeHjll`&qAxQ@sKTdfsW+_oOs;$RTZCXn?gepOUtAvD2#N
zLAG{m-n0@FWIs8S1p+=Kh+8wk!HI|cj2{rlHA?kZIuS2Jr(?Z|4LR0nWn(e1By95a
z$CdX4ALxo3Wm$-taxxN<p0ecAvZKKs5s2|~p{cox+k}8KdoTD+9;=)o!_Irn^bj+l
zUyq1S5IhZto!7TxuWGb==aNN2jbvB&@t9rHago;Z981jDxQu)#n<ONFhV4D>M{@h9
zo6%tO%#YX~%PV!*5Iq4bC?HM3jd!~ZBhxKNLmE#(#G|;IV7cA7Vcd^Q1G8M<MU-w7
zDc=H_TBqe=;vUxOVHh4oPc3T-)a21K=vQ^1xLrm}G=tBda&ZvlN$)}4NvJl{F=dkv
zr%1iS^}gU+Q+eynGpwkwK^ezwD}9ttJ6>lu%wwu>Nw1fd7v<>TVYf|FwQ0~?Apvrz
zQqz7-feZ9@fOofV2keE#C%q(J^jb?n!o$$VtB=IZaKmqFnM@yEBz8LTu(2y+E_sO?
z9C34UdNwvG085&|(mY(W;p~>W=q1#)LoIB$e*50=&_jJ|HW|I!LF(s6b+JGt*}*S(
z#+G6k-p;axCd?UkO~bX>)qCK`TPV><8EAo6yAnVxub%_0#R}*xH%M=(61|{Q1-^8O
zd+_KHks0B=7WaG>-Y^!KYFHb`@87+*V3!66^)NJ8hJxQH@vtA}q4G5fHOT6ii?e9h
zaRmek279Uz#0W|a=0cb77L`~tN@GGoq3Q@z$ZJM7p<8V&xv_zjCd`=DkSPLXcqO=Z
zgMxyhva32dYWBLHXbg~Zr<qcZLeQR9vvz>z47?ki+%d~*djgf)?|Mwi+1Wh(4yJEO
z3r6gAp<L)<<1}^`eI7TdME3$jvwLa!R*g!r+OskgnB9T5H)15C`OeYMV=mu|plCfS
ztPqc-CqX%ISOc!R9`HhxqMj~7C4e=S+3}fCGt7A*g)ZJT15Q6M00cMcOq6+-5RUI)
z0yoIF$K%HL*;*9uNw_8I-1SaJHp%LeKWDS|7!O{ApC{X-B2{T6^eUJ@Vk(p00>4v#
zl&<8C>OI<KWet27q>V)C*;2apG<zODwA^g=xM*T6pj$T1@GgXjgc7;k3DzvI*R)#_
z(dm3U8}?40nPVb%L|nhdhMT3QGFSPKMOj7Lav#yjWv8AVnLK`884Ny6Zvtyj*^T6W
zX?hmNz`2gztz`1DQJ3<fwoRTTF*W8oR!XsI$5anLCLSau@>B-5g}mwT4n4I+N^uv)
z2OFLHfKLIilqQ85vSY}#J&|)B0fLaoVKhUrcaIV5xhM-@C){qempYJEwXHSvbN2{;
zIGmbnJc{EHSlXrFdY+@C`EbLvc=i)trZ0RI>rK_`rMoSmmx0~4O6WHN7Yp^4<f)Cc
zydG5p1MvFw98Ca%Ilyk>81`;P+yRIN98r~p^7zVnl<iU0yVBz1>RNfVc*9BbymLME
z#;{SC?+q*1(-}eseqx=|sZWsM00{s{+E^e9x~cEU5wV!Xv1|au9&Lp<@fa1Oz&oiF
zJ51bdK@(h;dGFCHjeTO}X%A~J*bcPT37*E~fBa%B$2}2ANmy(EHbx;%BWzF|Sa=7E
zxTm$~Z1vCrx?mR7)LfcXcjIVnO~bhy0ZS3!I8fhAdHV$QV>1v7&T2IYZ1o<q8Z!w;
zVO1IEWf=p6M|Cl<=$lx8o^L18bf*T&k&w2Lv!3W9-{EBPP1IM>QjDSJU0yjM8SepV
zh1@zQ9KVEWlvUsDXDY>P8Ou<aL$5`!&+`_7k%?G(<@NFvKcWaYYYj9pFNH*ILo5s#
z6i-yF$c~pD$}zY%bkTN?PAz?iQuP(__M2czTfyR^#`ikoXuBzKa|8@$u0gU8!>3@$
zS_*&xm$lG;7`<So6vKe+^JthfXL*c07)$MwoDe%`jy#lt_YzXF7N~>oF}&MG<(HKz
z=BCNWFznkcVXNZlTSKnC4Uqa4bs1h`vJSFpdBxk9?bS5Sd0ic^7>+t-Emq>`RCY5i
z$f2e;(CQHH04iAS?HZ&=%o4Pw!Xbe}yqeiL8|q>Kw#f%xsXTYD#u8T$^et$WzT$go
z7%#RgT7bo8?~&J~v(ss{PZ?h|_?m*{I8-n6!|M=W+s(p;_DE{a69B3~HGIyJ0eF`}
znIv&<^8u{gNfF|`0;L_T*(eg~@F&~HQH-AakPoLB%!D*+pS9%3JK^oyX}1(z++Y<6
zkKUKF`Bu8PFA(IlTx`zk@Z2!|5flET1b~+B@RMJGFMgdhVuDZAaGkIQFy#@uRnwj9
z)ky9bj5^`EWbTu3cnB1ZaJuAne)vqWhu$Q-!YyH^dn!HHp=AD?b0CP|RDoQ8AB=?5
z7Cs~)g0sBdz->=BRbsp_C1GCeW$~y-@1gZcZsnVvB<P{YjC2hGB;^b7nGg=m%2;-#
z8XSX}e7QOeqD9V=0Jhkb<J^r*LCL67s>%%7Mm__9D5mlL1=#cG-C{|ur#yJi#o<WZ
zk{@)i2~^KCvna0}Zz7A8rtI)0FKr4J3MbLEnF7uz%{`Ka^&=v7D5>;n;-j!PkZRi`
zn4nLVo^y&JgdZ6zGkc5zmyWAK`x)HWZ78=Iqp_AnfUumm`T0gRKfq!GXc~vpLK+l8
z7smh@Jk)&8`W7#rC<0f6UUd5UQYRR-CLi9ki`Ny*O3K^KNyJv{C)|VDOm#sx@Q#Ga
z8QjdkK#Ss<Etf-@P)V^QHr{&~oD+yI`U+HW5qX*)T?E;aoa&|t$gS2#CGAwA(p$`d
zPzHUDg_Ww_w1C?<&hK_v$_+^tbzW^fR9zLd>5w6zcW(l%qFIK7k+#SXQXGH;6`g=z
z-g*?p%<0VA2Sr}nl6ZVu^QilFoekF6Z=Sz_Ov>X_pfOQl&MoXadFyM>!ddztDP1dX
zBRxu(fvVc1-Lvdg9?~&7Ca4ABSvEPgKU&@*)PPo~Ks|PR<PzO3sFmYrIJb}-P0Exk
zswjf<+(~a=fYh%DKNGFhOuIMTwtHd12yV}@@fj)#j-bZaq(E|N6B%R8)H?tWI2aCu
zSH))I^yImsiXZRr)ByQ18LDCXyz7Sdh6D6YsE#``mK6ye^1HWA4|n4M;#;+0C{_wt
zuRwL5iHQK9CsQd1UW*#)%;W;{9>=t7z{L_&>RwSjwpmm0{s!2;0H)fgQ?icHd^&16
zgScm0@nXQ-H2NKoHF#}G9vY5oiqSZ%C<tue37R%MY2j=$WCun}@7mGm_LUYzUxyy*
z=ULcUXI6L4o5ksX;;O*#7$Fn}SklO?gA=#cgJO+cTbHYB)AKc4*%&h|6YRro*%G6q
zG+L@#@PqE0;5DqB(iy1dmXAEk%nsgyJ{$Dtpt`ssm`;go8V<FQ$F58N5uED;`m%M?
zq8m%MvN^P1@5o%CIV8{Vd8y_&xWC9T7PY7wA80+6i{v76!ZQY^)}dyiV|kYr&obS!
zFJs3!c#-Vh$(t)BZcu|sWqrXfpNM-YUfNUVe)$%Op#k+ukC>OVp2*RaIRiZ}B)<1t
zTF&4>`vvHQiCfX=E%K}N(T55rulr3m0OC!=vChfFq8?oEdq(XKm9z1g=#D*gEcT^h
z@rZo$$TGGY`)C!zcQo&ik5nWxF~OqOlcCFOvBCv_hTxt>!-aI{MO>f^lK?%z(UvjB
zim_G0VH(V-!NVB~s`5DTwrV-|GK*WOp&;tDWOOl5P-db~T14*fVg_~{YbjHD46Me}
za}ZHY2y}rub6gAIvF+7cK+$U$PqGD*Y;5|SvVf)>XCOms_vSr3CojHt>WFVko~0NW
z3-Ot6Hw(Rq3~375do7J)ubB82^(;JOj*V8OM6gmjWO$*}>OIOUy{_|KBa=6G^Stt%
z`0Na==*x}UHBbj|Nzh~TfHzkGm$?-u6O9I>k#?@cdGEFNcpi(K;EW=!SX)H;MQXZk
zcItZ$0Gh|h57Y_9L2;ggf(=kY6o@?F@PQmA&Z$f<o;t%k^NE|7qsV6q$<LlQc*h`6
zWf)9B=@67vPtJP^!{<F~8zE$GF<{>DBv`ZcJ>@7XeF7{ce5!js!w>G!t9YLTt9=pN
z`D{3mG&CKbIT=0xb8&mB@`l$>p@|SK@&c@3U#~)m7@*tj1JReU{$gL;$Y7d#KS-9x
zhVAkyVa76*f^GAB)e~#!w6Pz^5}??yS#Gf_*G|kv?QN(<wr6hg%eZ>Tk(iiow4b<v
zrq5ncJh#}|nTKPjsguMKHi(OuRfS|lV3&~Z#oK+eh%ej#X@HHU_ukW{TNKSnt4ZuG
zCaW`%{}ARVq+6qUIuBm^qTgbB5Aks0qSiaHyDpM`kT`Aza%)x1Mot>aV#)lZpol@w
zptt6|SwvEPd`b+;nguJBfY^pAXG&<j>S^j~{q_t3$=_R%9a4JDz}`tfr6RiV>KtE{
z3C1JMTER_Jin5tD34$5tuza^%WT4Uz%LrmxXPWs+t<c|_keEp@&{vNi1MwEbN+-U6
zG0XS3j^(go1Q3~M!K;1~E_@2~ylHyfjVuezksWxMKv7L#W@0Q~Yr)+4O^Ila=~$Jh
z?40vhogA~j?(k*DHqBv2Y@g<`6lwy#p&Y9gljmIUxG`h+H4eqOg5gFB*$jqe_#AIR
zle!Rwk?Y&@7!y9PLZ6~{%u$KY*A+!TplWZo5Dna^d5;oXLct$r%WAvwiqE{~P70Hy
zo?x}R7{E<yeh26C)=xFJ)Vp9zPxr}{E(2CBkvgM{meX>>ynfFq6N_aXYLB)^eW8Yl
zL=oZ@%!xAP!?$#Bjb@H-DPu{J(brO@481I!of2y>4It1v!MCc3BscOkcDKj#r*Voj
zFXOEY9w<I8=CcQN+yYAu56SN--B5&Xa~gP{J{5YpHH7MfDF>26IOD`DSg0v31C3P0
z;}mrfi%z%i$<SUuvMqkb-c_Z9cPNW6kNe$Kjn|7UH+e9LLTnBGwz+1QZJk8+If%+6
zrtbqKNsP%)giXE>zGvk+ZBGb+bWAoF!UpFd)vLUB1%MCjfQGpU4VwBF8-zXN)MtfF
z!?5S~e9wnYOaUH3WKQrs>56^xYVUPuz<M4R*=vtRog#K*Z&7FN@NP+Yn9qS8@t*V(
zNmuT3NN7^?8QD=!>M#)pJ0S$=U1cL*t+`jm1;y+ejLTU5nxs&yZ9u?4)n4zOhQVAc
z5Os;gNI!okUCFH?iP?b{djByT93#TVnfDxmg^IQfAY(A)Ewo^0$Kr(c5?yFlcxF5}
zxfzOl+c7H-6PtxboM8y&TC*<0&+A5d?kO!m-J#;VPLa{7ec9+4+l{D?Rf<403%oG*
z6@wV@4-6Z5c*N<{wAl6zag<)T5_qeGAiJYB_ZiVkOS|ljrNre?FQ%n1L0xr^RbQNT
z(^tSGHMrRZcRuB8PwJ^Tv-nuV^8>MXiG#yyLoq-Q()3;*u#6M%w9EsY^UZo7*5Zhb
zezYB6^;qi$n=+ZfE}<h+-l9R-W_c_W2OPguuAsz312x!4hD|;I9RxT~!n`9$nuVNI
zuCBdSd?v3Qv)o*Yp305U>Q2H|om%dWoJ3H<jSN|CQ`Dea(UQs}yv5cW;BySgVg*Hr
z@Z@U51K(qAL$Da^dP5KI&FdEd`qrAV8;5Uv#>^J$H$v^Ci&#}Ot^%yicQMLm?D0VS
zN%88`+CG`ULxet08QtuDsTgM_9Y%$i;tNE5rXy3bvI-W8iagF{(a-JXT=GTkP0mw6
zN$YmnblKv>$Ls!vgBXmltebMkTD60{t)0;E^f|$;`)r2gCKbUlLsK+Fnkcf!qryT4
zE<CYGfdEY7h8N~BMeVX;*D6jAZrxLou5^=LtEcdjd*l)ot^FE3m*A<2xp{)_PV>0E
z3j=Iz-&NN`NnB2srQ1l%h=fmuAAK=QTHevXv}x7znD5#j`c+XXaLT6N!`Vc9h8|}j
z403R1zHXF`@ya<upGxeJa4NmHCKIcX28go3ovkBz>=-Yrq$B98a5^eI@brPd$nMd!
zLbt#S?l+J=>=#<b(Kxv!-qLia-KQ0!;OETTOta6QV+p##kzu)NOKo){X|hABi~_a}
z*T7pVB?Lk=a9`zlrp^UuxRmMx@A*L>fo0Zc;(rj|!a6M5nk^WDIy&oE<l_K8oKQ^1
z+29+h)<bw~v*+plc5i3B%HW9`?WR=0A>)b<HQ%(CmsfD^NrTnJBb1YY4gd&&b2O6$
z8FxlIeoV!&@4{Sb`MnCbc`O|A_T`J)eKn^~U$fh+4G^&22sk~~Ub^-0L$5i2<2kKC
zgLy&2iE8SyyFo>dFH&iT2%Ry6w%|~Fu4<|Y!vIVMHWvF<7QA23yE!}vHF6h>0)8|+
zcW*FB$-!tCC*I(@cish&y@2TNA#6-jj|+8sLnI8|vIq$|U+>d35itYr+!xk(#;zA0
z*TKbjxYKMk)V#;_a8QmE#EX_8_2>mU-0=;RGk9n4$>2V^ccT3mIm;Mz@SrgKe6-{}
zp$*xoVK!loXNDY@PR{g1_98lqf{(0yqu^q!qn&DZ7g9>rc6g8Wap>&{5gpIH0;WxJ
zVUXty>?=BK{9<m<$=^GtH*Vl)@}^Xa5)|wO@~nlN%dTs67oI@?-SgK=Pv9L&i|Cf3
zM%9_{o?+-59dSXm;Eslx>By@<B7Oo7Vyd0eZCTGyJzn*!p2oWc1$k+`H>4CC(&gF`
zq9^E{@Z5r1Ee%N)1mMAYn6e51Y;)LABunTT;3>Rv=a|!P5JvTR0i;dEm0EAwC~81q
zPe%2wTh}-ltG>*<dgmzUS24W>Gxm0E_f<c`AlQ2@pAb8ILX3UWl&`zqF=O%2?%nZQ
z@tnAfe(uf3O#ln{cp}1hv8yxKh>J`%2sk8Hyh@r=tHSQ8{a}@kVTnR5C#&h1p1!MR
zxF~PC&efhWPuVK8C!U8eLWb;|gUxuSB`gXyT)vLWwYFT-L+{{prC3`nRjyM#(pp-F
z40o#GcPM(>wZ$Xyl3P}+36-Q<wP%b@3A2LID<74|i?EicqQ@9sudrkPqZphMw-R<y
zBq)yqp3#CmJ}SXRe9>-b{@_wGEn0xs()teLm?-7Sb8E&lTJK5^GnCi#+P#GuY585<
zjiC#$9vowi!@VVaSF|49u{xQW1O}Y2DR{XW`^?3}(#cvB@E~7$8&RJoz2UbJz7r}3
zbCYc8)~nH;KF5=$llpWHR4~Xw*bk=R1g}`YWW}pxZ?}W1(m_k7<K4@hyIAn$k$Ov+
zr~c%T>OrKGvZ>F@HJo^RLL7#MT}|LH{i+@Z)fJ29-a9D@(w>Vm!Q;A1J``v`p@B8*
zS{|GOD?rm1`NT`DJw_|t#cb-udSG9^dZ0`xV<ypp&#noT@r>?Oo=)shJR^ELwq+>O
zBApQz>d;Pte&=qB77BJ=wWH>jo3EEtk;V4<9^7a%l_i5ds(RG^+NeB&c8aH<q<POf
z#jF%XOubrAJRoX(Vlhj5Ine<J^@2l;@b$)c!;Z2QH|^8LSMN4yBb=ZEa2@ux;O<>H
zk#&x__B`_xEbm!r?e=Psvd6vJB4_LZ9kHtKxI{a)gTk?IikDy)1oDtGXijiF!QUHD
zjk7zQnChfcPFYGXd4%4V6P=dJ9(05W6Aib4DF^hbNy9bd<v|CS@>{1@+%KvUkKZo)
zk;m)W$jT7*?v05@+hjDX-posDN9QO9OJ4FInsyMQ6f~qZ{4}I{sNSd@@HfT&MX{_X
zRSF@!=?=9$IX~7J^DZL2dR$ul7PmD$yecUe)p(y=-f`Julq11yiIaR_xLgB-oa<zj
z#SVvua+&1?do!aqSS7)aT{*#zL6t{SwY#bum1pIF97QM9>>db)m@nvzqU!5zhlUKp
zfU0hp_qOi{+pOlqO*BU6UAPItxpO+CRyR`<9LV#k$asll*LtC%xB^E(DTWdZ11jx`
z*#j8e_aDZ2a3{2@Pz-PcWa3v#)8IlJB0{0&tfCL@`KvHxOaRe-h8`=*Y{8CQuOO9Q
z#WrXrk-gZkel@RC^##xL<Fe+<<b<IDo~MSxgxAIIC06=t2%oqfY~XqIs?x~F{LRC{
zGVnSSw-9?AX)(3_D)e9<ARurazO;f?m}2l*01-05Qfzgl4O}Bc<}EdB5>xFMjV3C~
zO?j{~#L5a{SMCV9Z{`}DIW}TEpF)}7I&Nl(C3@%bUZw=UfQ${H-LeSSf<>t<yPnBR
zsA(O0wd*%?7>opX=mQ0tLi7gLqk7kxf_JkGhVzkJ+RY^A8I88I62PJ?jll5&<33EE
zrPs^Dq1IU&ZK>5`ui=(-s%A?cK{@ez&r!GOz0!~ll!Mpd;Us-f2nIVaQoOx<Wty7%
z$OLKaSKTqlYh$t?N~pogXCTfnEhFK0hg85O!m1)8&ZeLbWB0szNGzGG6Z5HI@Fir(
z)`q7s^=iVnFQTS&4;C<NzCu$x;UgLvN@ZAb!XtKYeH&;&a9Qyrw=8bvHRmyMi5*Q1
z%4kV#DhdcLpl%1Jr7_o-yf^#26jy_a$6r41a>nFW53(OThBmN#?GC?QHDWz_OX?Cw
zwWe;v)c1~Y3G#7t7ik$aaO0Hb<tuD}0^pfwtxE|5bA}$xs34HVRNPB_Xzmg=ni40E
zc`}nibC>KB<FGG`FJ0~7+?$+>NW0sOmz)(5Xb(?~0z*N<9VDLkb9-qmVr2mSE;|yA
zuG^Q3WaF(6i&k*yy<rP<isAF_kt#MpEZ1vd@-1k^E=I+B;08HNV!dF*>C;}^5*O;{
z7I41o2K#V}3gty=Z$j~T?Tx?eJY^$c-Q4a{I(EZXZLLjhOBS1hS7WguIFdtvG)b*R
zSbcTjEBRg)<>B#7GBF>B4g2A=|HpCY5ZcHUVh2E%vpu<<h>?VXfGCES1O!z8V`Hfr
zP<BpaKK$O2YRydG3zBGl7FoOrF~Ryo-bP%sZ;)Jia}+;+0bNGXVjU>kFKSA1@3jo<
zC<K)eBzJM04aRiAj%?rLbu>uqOW(;J>%injou~d<-7FTe6&DrDkQI1}@;V{c@i}#>
z*CvtJtGIoAdJtOtta5H*tDz=$svDeX9CCZc0wart(ZnW%tXpgnS2=t}o^Hs^RfZ!)
zd&J9<owX#8#@BgKXn|;ODQpxFg^jh2LI6SOrvRFKJ!H3VJ)2_+X1cNyJw#Ja*=al+
zp4QNs4+$)CH4C(@q(*Ltq>-^i^3uC#r<2*$(%`PzN=T{{OKrHVRtm7EMOVhQ>*je|
z%X+T{{1EwN7gF0eKkN2={G8rl{K_sK&&=S*65SxhZDN7JIE{P=+uHh0MiV*Nm&{NY
zsEL>1$a5jgq9p<EU3T0-(IS|$up6<-zKAxSC;jTG^<LlYizZ3+YU)K01ko!%Q$~Fq
zAzDUO+{367L)rypA@C&Ek7D={*lPwqtAiHl?OJ)OO1`ic%a5mwS5<CO329k9Jf6-2
zH>I41jgpFOtLq8U6ZP0MYlP46`W5fh8az~e(vSny1&yOTb&B|C&0<*#<Cr<Qe-V`h
zH+(H`6|>ll$1su8lZr;KR4^c+9KJYakS~rmz~$xIi+9yfR%~Od?hW~b=aD}5PKC00
zL9Ddt6mnW=Dv8Qw<%>n`<8q46Nx<pF(|pF&qWublVLer2PQ+b77vMM7jF3YCK7kkN
z1l(I?%Wph7Bz3dTfFqgSS<6)QOG<_}@hp>L1@lb#k?=L4&!uI_jN>ayjyI>B76>l`
z!(YS>iJM><mr$29McvGcr`cgU*YqS?jRxdN8?d~D=e^RT>;Hn>)S85<S#mX;9Pw%Z
zc4*TNBnUKZ!OSNi7ACVL#H9eu*Pgwc=WfpO=+WAE$J;%yoFAoe7iiCC`>`vMWHyWA
zOPdkagmj<s#Ynk+x_+_6!q3(lyI&|8F+Q9kn!;|Ki{UYNt5^6|6dE-N@`*PKq#6p5
z$3o$@bFb692R2iQBu`^KwCh!%5><;WAeL-}2fcBFfv6PUJcq%%x#&(HD`kUhZ#s~T
zf@V-BLo8nh*YXXwA#Y}=zIB*BL=qcTk(1olrn+LLGOegcLVfwl2wEtfzQR#@@bGp$
zpdWA6VGSC?v{s1`?nrCf-8;dP>Kz%zBGehGwbW3m0h^o_N>)81H?*nv^)z~0Nb0&g
z_(J@UO>$o?-U~rae{so=_G&cF=$ie-RRSAPU&tG{p#~Cz!FjAJxV@N^6%Q`sxlG$T
zxYv}NkSYd;#RwEvrh^%24pDNHOL3g$-PF%v000hNK!i8k)@5oWrdsbr+*2}_Je%uv
zrU0x6N40*u0I%Px6TrU7lC^4eD(jK=uDc3VqW!^*t&uTTzzzcMl)QNo1JWEr)0sRY
zFF5q=4bnWX$EQBR;O|7unS}{SmXSsx-iw}GW2RjncR76+1Mj)zYu5}Dx^2TUbCwHl
z(uH)O;&Yi<H=00tLA;y<t4Xlv5-#Uv2<oGJm-(PItE#gUJAL6kK}P!Ak8QN6tb;@4
z+UOZj1GIETzTq9DqKA(UiaH8bQiFrT(@fXiS_~A@)m!N;QeFq=!QOf#+3*e^4nkJw
zXzU0n#A97-^9~+B`iLm+iE{GJH2Mj6zn9MR)bL$a%O)o|bLL|KYuGTOXYgX!*Oy&6
z^1)(Aw<>aGioUi8cD}&?DBMRiSI#<k!-U1J(m^E(o~OhnI4ZeC270Hy(^A=axN^hU
z+F+03Kaz{PSz4Sn1ZY!}AiDE(0ADqtpW!Oi&aScCsP!|nwVd1$8lZzmS+a}c)m;wk
z1#rjkXnNwIq1{+g0U)WPv7fW9il7S_;~?EK@YpKz5N+1$>v}*dHK`EoOjV^#vTc-N
z-s!GcZ)Lecv6UT?q00`L1bi4TXSVf$1C(#6XYRz-c*2;Wk8qUOIV0LbRrA!)H#8Np
z(A3ixPB?D)FvHr2Dz$&Epzu?3+lN1C<@z+ArcLSj7Cl*;;8IFTMTCZWFL4Q1BX%IG
zo@a2XSUh=YgV(aWT)BO|$E*$qFseNlNU~JBQ|>73r=$3=&ope7HLo|Mw@Ghx%-=hK
z$(Ev_n@rg7Yw#)Ho4n?fqzoTeH|>aeW~a&$W$p?#uO494@6XO*tTudxpVYVzVjCjT
z3{)iPUJ_n7$UG8MamN75SLdilU?-V~Pg$IhT1DAw*B+OeIw@e91{fyl6Ork4X(9`@
zjaWrek{?BLTR=zCW?J4YM%2J$@%-}TOCNkVBHFu(kxb+G2rptzDGa3!Vuc<TNt#3S
zWkupTu98E$>~L4wND&h_)C{m3dguutRPKopJn`_5NbFG$$~~PfDu@vyK!tF5_(DO$
zA<4y7eWr*u;}WiGIVa{WGlfoWPcmkl10}Rl9wco!j7HGp^Xc~W;KoYofar4qPxNNo
z%I;5+3BE|~b2Tcg9S;v0do!8Gvs>gOCTbgxm~5)2w2!aIBRc`td{Rfl!<N&~l+_C!
z7K4ms@c?>=)GA1fE-Y0!M)uiD129AckF{qHndZ@qYwb)|(U?fs6m$oLYL>JS%i(U4
z9F3wlA1y(ws7GBW#$_v(3>dBhBIz3FIRsZ(#H&W*QAG{Am7hwveia#T77pUj3r!R^
zXio*A=DD-V<S`lv^eyBCZ~ccdCT(fHWiso@X$u>0n#$3Md;H!zt<cHgjkXLndU#0B
z=#JM1Cp5Au+k&|YV<-Vhb2Q{VL%g^^x?mkM%2``n0YR!+UVw~fu#^C+09Va32%ULr
zh_Wd@)0oeW+wbmXHJijv8_rdnarc$@oF!9lZ^H@+=L_oP>lLWcEFx#0Z9~;|d_#|p
za}4Oz_x!;Cl5L{r4IV1JU~DE#ADhHF12Y|XF9&tcP}L<#V*B3kBX8IkzJ{pt;j4-v
zgG;$Xt{Rz2b5;!)dz*E671YHA!g^%;w#oF~61*p3i|TNLPu}{&c{#Wd)R+OWVBX2+
z<r(xqxsP%0Ej%3UR{|nOeTFk5zONpl=0Z2Q;nZ6)2ATuv95G<^0n4tpH1G_y;rO{#
z0s(*r-`0S;x@2cuZ5+zEwtEQM!y(z|f$~c+18iD>VSI156kt7*f>9n%bG6t#>?hIW
zxIkrZ{GfOMX;wn0u(%D9G<03GQ&fOlJOrN$O{BFvFd=DeNO)W~;IMj5(A~Qc-EzZ^
z3aVP<wH}|!_<O1isnOv!;mc^}haTaCeYuQOA!sQ^^xTR9ArQ)KFf6D&-;Tl<FDWIb
zn(Ej}<S{taR1G`}n6{Bkq4Rvz`lcK$C@SuppSEb&>6>7Ui|aX0zAWZkdPYK~6qXP?
z)is+GBnrc#<%m{p*D47mrFuyBjk15COxeqrRgkny_CjRno-V3JxK2G*Y5S3eKJD^A
zh_92O9y3l9b4v=7J?FvBTr4?wV6b=beC3JNLBD0_F$94c-KHm26mGor4uQ8O4W)$w
z(?QEp+6jdi)FeUmRX+q;sNo&rhe1mBgmp}Y5Oyi^T3u@c_)>5&%v<3`N7-JG&AkL&
zPN6<{Yif5vvyThd`n)hayrGLl^))n7(|EaTAUfuWz3QhKga5L;_BO5x)Z7fVQhcx<
z;5;?ui8qlU`yMo_E*+oEM7`#oeh+V*w*A%KN@fvOzBZ4`K1B`gqUZP0Q^v8P_l0-U
zRVtw9Zow?PI6z~go0UK#=z`=X>(bFHh;Z2F{GPPmP{()xY!w2}<Acfq8c1JqdPDMX
zisE=|S0}~@Mh1C2NDqU#u+7|}?#W)*BM@R=2n~8+xT8TjnDnrM-ph)amkhIb+aql?
zVW@^)_reu+-;z8e>>$sMT06&~66EI_E+>@|f)4XmwCiP+%`*6uvV&Bg@MJea7H2r>
zBiF0!D0I%0*hb&*jS?870-_TrLN>uJTJ&WGUg?16lg=h)Q@*sWVYI3Q8+T@X5f`@4
zA_&RRkc5#}D~;t{#N<PW5CBKPDA^r8*`a4VrkViTHt5{xFW|`$zp9oPfzj|gs_~OI
zFcwEE$nij^gu_Q}MWRoY&mgRlv@r=?6S;a-MQ>pCRt6ExYaGk9QwtP`m|M7P-B{%5
z^DR4gvP-*Hwbn`l>xCe83^GfdXX27g@|<VhdruB7Z!7yTu24*67ffia8SO+rycug)
z)6h;Z?kB!|7eQbmc)npB2F81a^8`!Ah|2aXZB$-8_AGj(a5=QCEiX15EGovHsWctZ
zI5A~;#%t$13@AT{rSdbXH<`>b?MIfpX_OHm%vbp!=~eW->oQFGWSQ-YWf&ib+`%{m
z<gn<~eOp22oCJ~ktd_B#ii>OpqV*O>5^a?MFyO1|BU9B&GZJ(~e^Y+Y#cEPs*kE<$
zI`WRmZ6^uJnbl7thCrn1K%Fnk=lQwHEu@B_GcmO8`Kk!nQ`kJ}mZcc38Q`~%W!$)_
zCZ0!0lQ4uK`#pQq#Kb6jH`k`fLT_pES)i4Ycre#8(w5Gw^gVEpD^kzaE2mK(aC|S@
zPM#XzyF2|4=0_msrgZ!UN$V^~ManCo-8E`+%~lE|C)HfrN}3zXlby6E$Eu4?MYyEN
zb50+-U*Cyir%?n;XPrM{m6c=;p?d7yBa0zugi5j=ita<%9eZst`w|~i$CDO@3TIf-
zxiE-V{9KdH%I!E-L!T^8G*#g45HXGn=3b3X@AB$p3dy687#NI64~M!odbWZyV*oSv
ze4RLWcQqpy+Mhm$hhz52-8QS%p1xGd3nx3%eVq<U;iSZ8h%TibB&NmZRJrE2bla%!
zZ3Qbs?5u;J@$8E2)oBOs%b4cM7d??~7G{-r4fzN=B?ljyG^YUbI;f#tromHtG-H>`
znD)j4O{|{GcxIq2Jg<C@Eu#SL@mxSbJf;*{_FLYL^Xq_@>gJvJpv@vHFG3#<%6nLW
zC)VbtZ`ug8LZ+b#_&lIyfo24Ib>RHOS8j51@E}1aBSme}p`1=+FO{dlBTlH2v9~AY
z^;+sIb3K?bp*NgSjP0DWi@Wf6!M26iZ&x+}DE!&2ZKuvYTN$P@Rg=BWWU@R~jGYwQ
z;uYa^-RJ2`HiU)hOrC0a0tGJz<FPCYrfBL34{lS(-c`TWnV{@FLxXqRH|f=nhPgpB
zt=u^t^~nvAQ$o&iJRfx6-RISIc0=*DV;PjhK%A%U#agrGO*O)$zj+q9ma^m$If%3~
z+lZ_^+q8XU{Ry+k7tGDXR*z@vnNb}dPp0}Izhd=DLr{agC#ugiqxPnNHNk8H9>@hn
zO_)dTK`+;&W}k>d^_CCBAQXh>xB^U+!Na-cM9H&$PZ7s)In!Mv+?s3CPAo1K2tzu^
z&3p6|O^noD_#FsIs5A;o&F#cx7Y7u)VWEwnU|Tr%x`B0<gqgAz11hh3wvAoLHARJD
z5H<S^vF5`^LO?h;&1!<D2PwWTqEo59)<x}`|IwU0+Sk(!%q+$P^e(Y5r{eV!xM&^b
zgR*fkFUgGJm%6zYZ*2BGd}a5V*B?!{q>(wz%(L-l`XFpjcy=z{QAH)&W2v}PM_ZCd
z!iC3l+KEJ25+?5^Eufrp;dVuhv?R&E+Lz6G6c`ga*acp92%(_#iZRN2%_9<`4+5=9
zunn$3vyn7;9a-#YOegf#%rh=S366O6o}@a-(;+fEyI*9e75l*~A`(BfEvr!9)g!o)
zln@G5pC`OhM)NE{hWJJ&JGSc%#Z~I)&7@-#pOO$VMS(u+=7`OHEc5s#s{B!)`LZr0
zOTfIkOpaAv6&4VExh<{jCk?k7%mK<KwlYulFj2s^lE9s)e9dMBp|3|G#bn}6MGd6M
zI#X_43eel479EjFo98j9IKuOONbzFY-G!E1Xb$5zfON=jPBeAK)^BK#euWdgeL)Ck
zWL9oH{i^L8r}X9N%Os`Ns?a3XCsxsJQTfh0U?GQ3XGb7H9zGs;I7?_dSjf-Co{}kd
zTVHZ3B~y-dLiJLl7Lq(|kP!ESe35gS)1nA#V!jWhD)}`4XhvW1Op&lL1tdu2Rb^0B
zQPZOJOpL&T*J>xxpsn<*J!-SLh+~#q+@2wJ@{E(hdcT`fqJ?$Yl$V@fsxo(H^(K*7
zBK6ohMV>^o=%lm+&NU)?kUc73Q+RirxNqT=@Kxw1%}QT17sqWmId4uIucJ#T&S@^+
z2xhit7*|0p_JC)q+Z&%iXtN-~eN4h^U}9&gJlF}EF6+}U3tA=^+bq!;A>x3+1K2@I
zdVIyxdj+1?He?~Mrs~EOgHO2>45AGM0<@LW%&pW{IT<7MRTwej&W58z9?vqOr(;aY
zJbPdXLQ=9g6bJ=7WO;^z3R_)b8ahH|2{rFbu~ObZzrz=u<SGjACTLwSM*QY#o=ES1
zI1_WcK5YZR>x@GME~J!q$Q~`t%7BMY-sqDOpDlXOO*bzl^`Q@pX4mt4$MBpCUnVVZ
z#fd#OBUnXB%am1Jsu1OuPgvh-;~JsW<Rh{7>RP(9d3pLImvG*yjp`2Vtz9W35z&St
z$6P;->!(qxFO0{9-azRP1o!C)vAnbiXIi|i5`7k|m*^WjQv~b1M@L)9+-8TXPY@qg
znY6?qdA@>-gV1C>O@fTD<coP}p2Y<N=dylsBMi^efz0^5fq6hMYj4qK2~4d<qud@@
zM-)!`C22V)UVFVJwVAwbdn(XK{<`_SY=q$;_g(<!$YV@wcwPdWZj2AR&0^+J*2#!>
zKguJb+u%r=r#<g5bhyU*94yXM-{BR%YQHFZ&rKJGxMnCiiUfKng8j+WjNWj0x4tqW
zYXJ`ceG!th$VhQw$iq8~o9Z9{cKVb--XW4-lsDwd%7>9C62(aalzj>Q-a0ZEzPQMG
z__AFb11JD&9*_90YA15?aO_ZU4&=3Owx5q+JR~81@40Uyx$UqX7&DmjEi(wEk*c%y
zsAR%xKr>b-SG@3}97?d8R4a5i#0o>JQrrnox*e^ii`{!5mh4ZZ0#$fx<CXK%bgXw9
zz3Q_vo!4`Y&MLSf-C^gdodYCIvgwbJr$ILpCz!{U*f)w3DvX>sSY&-2OIdIXwT#Cd
z?^eEXHu%Ch!+BIrfgO0gUqqbjRISqnxSSB7a0b)NOv_7r1@+V<-|@?cf#<dn@=VBw
zVkw3j<K?5eEM%cZO1PHi@8$u%d1?3rBsPUh-wU+Zd-ABJYC>?joUR{dwrF~WbR5;N
zymy8-Trcc^63fXX38n2epVR}zBC>u&5V8H-ImM`)%kpLfAV|DCiQgIMttR;G8!u5N
z6vC}ado>Rd3Sg!#q%!LrYm5%=CW0RM^wobn^HX-SYZ?#*jmsbvq~SZbK~i}nv(3H$
zhY*&>HjvMN0~kC4;6nSN`nI>FH&N=1Ll={@+8U@u=ETB@4(B5~e`|-X8V_*Sa$#S(
z5tZn4TLdQFq0U-8uj&fBcm^Ivmh5{NunTPvQz|FIr-y*@jE>pPXiM*Py+WXkxUBJa
zY`Md%u?182IOb%x<u_heu?85l5hNExq3odr@64&0b#vjIL0KMhA*0Y|v}&?=;wt;v
z@SXUU9bNW|yY!wZh)am{naA7gL9W1-N+KXQH3nG^&#yGL9velKq|?i%E=ABt6?TOO
z6$&-n{t(}!MZcYdMiVV-Z^ubb<9IVpnBhF@!U2Vy0d&ZU22<)6_v&TG079>i)jedR
z2bT-O5poWORD~315uEw>h%VQJp36L4?9%M1Zi3`26dyZ2d?-L1h=f%Fa(?=3_d2o%
z1Gp}7s7JPtzz>C|T}*hD^uY*NCFA*Y9FudA1)h_&<W!z8ZqeZ^t{YsGG@x?F0Z==H
z6Zz8%)O*OdXG}&}HC`vF6N45p9xSZ=7-z+wTKfQZ$RG}mxXetoHmeyFGrE}H-Z;JI
zeF5)IX-uhl&b$d&;!FUnO<-TD$ZX>+J_t~|o7j9Kr~&74rko@9<jDZ|Gp)<Ls|3{9
zh*9EHOY88cM9j;DcqgNm#s`uMfsc?@Hc$MUXaC}PWw6oXC8V46s)@1I6C%2>usZ5@
zCNT4S-coj&EtX-MP!;gzQ?|_2c#gPHC;3X0cb4(um00S*o?^noq~buILn~BLj9h-t
zE)I9Hq$&BmW(wLc0cVY2Lw1qTEe-|%avsfL0Zc|Oq#Kkc<%V=rrEq2G6$`|vGH+(d
zTX<~TRoW*8Q8ic_BOGz++TX?kJlcRQcXRB1O7T$6uRN(^+|^#rRXo`x(2TlQF8=@i
z?3jtmtRUQYj}6A8AMo`V20VFbXsrtO{55mx<D!doo)vmIzN=seNmm6gJ80zssd%*!
z01!kjshjVx37y&=RRg1Qo&t?2g9wiY<cU5s#5vQXYXyHX;2UEm^L+Fi=Sk=r_D9ya
ztD>0YKIg97EeR}O+RDUYDF>tCWBNq1Ov0S|7G2vUdN+~g#X^8AHE5{BdFXWE4$@%H
z0gN(?m~yG@#r64cbw9Wa<ap)pSnix-xM8+HdBkq+f{X|QK*BID2KW>f0c{^Y13lKA
z9kd<AlT5!`NK(!u1jK0oYHe63%zj|2Jasc&SU?RZ-kg^)7G-@e9~IsU-pP)P$nJ;>
z_pMz**hO#%?)BY4v8xFeHi{_Jcm_Mi1Fvq|G8)H4HhjjI3imyp;0gojGFH*I%nim7
zIFvRr<C%}#`DUKbvTP?(Jk6WBq^*c&5Es}bHOid=mGXisTq0`}BB`taAw&R_tR?u4
zdExvpz^m>#FU(C4f;vOUV|L}&aj&dsFu03?_(D4mkvmAd4RDJC<(c8VHjXP$a$I=i
z6=<z7;m0<)jc0f{F8e5`EY%4C;<_1jAK42F5-v7mv8TuFhljq=ESR^Y{GO0ifhfK~
z3BP<v4}l`s?y5>iJfGWU!6Wup5lBRU4@j$AwqzPyp5qacVvmn^Z=!Be^J@=ds<OAA
zKtKBex)5695id{YjLp+Ie*=l?u#b^Bquu~?g>GY<syv{_#I;XRy%5i#Y*DB!pDUxg
zO@O=tUsc?vYh<`Do-3Qp1CpB86MalHQTs;Ul^KG?kvR6NdKx_sONy<Ns%g%KlgTf)
zrXn=sg{03TRNYa<#Pin<bp{$GeEm!UpwJVWMDU*Yd%}G#tEOjoK117UW!)Vj0umT6
zGf#Pg>}r?mI=xoix8FO8A;embS@c3Z`*(*XO>^h9KnH!<E%Vmgct~_dBlLy7JXv3j
zZQD-PEp{-$8V*$;^EBVedBCZ7QSxR$J4wy4rd@dtJYLsG!lc#424a(~15WxW8=$~#
z(r(bRCvPza{Kd@^T%~-|ez4137~y0Wjl=O46-;n_o5dNRQtoZOC$<9{q6GTh&5-hf
zv^*kKLNiPTAM6OrfH}{|K^Jrk9u3&12Z!$#M7Xq&p)s>I&R~^&4TBTI0@ysM@hRH8
z+iIQ*ogEj^?IwdtF;r{!QbJ#Ky4~1nIr477hrxEQwe|pfUe2?8P|H1h@Bm-n14`nD
z1}~h5cdu@DUNwSm^b775x?py!iqVUQz!FiD#)iPasS575hj6>h&~mH;DFesW*a_AH
zE@4wJV5(eWNG?uD$}tOL;i(MM<nQPzXLc%c4={8=VL8lQ;no-X(fRTr9!Yh!Jk{V#
z@+|7MXuh@M9pGdiFM57s&n;f^+1!rxDCMPWguG6*!Jb3d-V3O-J%1BT&-CcM*C<R(
z+G5h?s``+^!F#y^8KD_a<&`}i2~YVc&!R@~B)Nv$<k}0Uc74-?3h6oTJlqKA45-k0
zKrkxmciH-Cg3q0fH)rI*>u?S1OtV)7le^&#%_?ylGxs_eh5e=LFu0<%$z6E&Dl94Y
z^g{@GGx=O*w^d$?2qic=h+5dmNTn>yqZs5*qFug-o<cl>sH}VioyHPmg)_?0-j$Oi
zVQ*f}$b>(;_nO9`;beNR<{_bq^J8^-pxsFlT0<%P&~8n3$Obg}O3jMdq()*F9=@6h
zN0>nwzZ{3DnwHKhe%%IFa7*cMB`R3n8KW`1qVKV143D1)=6UmtO`_2>+BINiE4`Ei
zQY{%`Y^YT@k%K9yhnxpIVSf7#&Tt2uq*Yr=$yCK}Yb<lLb$8BqZ(p!@G)MUj#URN4
z-=SgU#ad%OFO4^A?~dW17Kaq4-R>X@PDb0#q-Jk=EZ>_vih7T(vv_xcMTV)GcMPo&
z&Z1AUxL6*<aR?rV;&o!;<4)>%@Gb?*SJaJ#-_tNRtv&7b<UXZ_?a9~OFgKp*z0mWz
zG4SQ9isb45m%J6V)oCELD87`5ib>$|l_KJMeZbt9UNr_l#VPt4W?7Snk|AN;j`yPD
zNOeS_SN1fo6!kq0)F<ckaN%u+JHY~j@2VB<W?->`Ixu8e-YlziJCBmp<kG4Z=E%x8
zpxqt{$*X=7+AIe)S#RQQFyr=~VJ_hL?Ba+$#Yc??ov3Wsl@YQBMjBT2?6p$T(-(B&
zg@J|eJj@$kaK_LRG@H^OvbX3&>Uv$6@mNMmfln8^;Hl)BIC-qm9k^g(ElK-Sl0seB
zct_gX!Ct%@1R5iPS#*>&Q-MJEWoBQp*l;1)^(da|s*$EuXV#O0wW!2<nljpAq)Vr{
zNYdM~Y59O$J-L9px}X4McwDgOrN04cBf7B6<ID+5qu?;00A)a$zobmO824#a1$H$c
ze3e<IZ`U8&TTm8VG$duZC>v)Gp3-oBi}!S#%2A?%4-vE$xlVBj4!yTW=lp@agoieK
zZZPW|;VJ&w6XT)8zV<vRK_PtQ`l1=-Ed0ij%aDp@?A_V2Jao02II|aVy^CV>D0nku
zu$d-MyBu5l6Y2Oq5^jwgrpvV#>WV0(N)6ChEQ8cLCPT}d2~d8)55aO}$!B9cvw#Mp
znwM@C#}rj#DNK}CrZR*dB+6734UQ}U5d-Z8EP*rOUXLqzj>n2kJI7|s8TzJkNLt-7
z_`XM0xzHHZBehDCM(Rs@vSFEoBq9_iv8P?)Ht&wLv$3-4ZRkS`k?JnWpJgyYgInyS
zqihxOSUg32XL;IcY+L0O7Idx_>8oYSha`(&(D>jk|7AKgLV>h-CWN26VAvf*Lj{!<
zlwxTNG<Set7CuTe*O@LZU=nmY#HD%DWv+Pcp0nnlB=Ks{S`H_CTFl3pSMp{kV|jA=
z2HiUfm$fpkLM6_<y<b0JrF<m>jes$<ujhaaaMd7;b#ubH_1#jW=7bmB9Rn7dK&1$F
z)sDX>?=?*07z&Gus5R_udJC|V<Hl>C_axuWgGdnz!6e5x=0}TOjcJV-TO>VbX~bO@
z=xBWughSV+v)O^i3wtCNuT#+n?Hz@RN}dyV7O4slc}5o24eUVsK;-I+dWgmz6_shb
z>~2WM#Dj}QZ_w<Wtdg`E6-014yvl@i93T<|iIj$F-wu6%8(kopfh{aB-VFB4jpez$
zk(-baZ#A<=linU;J`YRW?~N`BMDbxJz5<NaH<}?0sGRO^lg&tZa@aPus|aT8tscaQ
zqD@}#GkgG5vJg`4J8FHwdNHsnDnn>~tEatSPR`D5IjSXXCQ4S~$i7VvY8jAq$0dz#
zLHa6Us@Lj4*Ax>XT&PGOh{S{8%qyc(Bt9zP<8pf1LxaEq=5CT9iDj%z$2hd66^-#0
z86(ck*d2WEO~>*CO13RL?^%Pyy_kv%S+%A(b`|u@($mpyCOIfvs<`M5(ujxG`jTqU
z%?(5sBsrfn8(8_y($Y#S6(3-4Nr|GZg|d4tGxj#ReK9QnUrcLuswHqDKbM+j@|a+g
zd$E+RjYQ8%qJpL%CsU5VMuGeY`RsYKA}k_aOiN?qd0BShOB3WwqG#}0QQIgVv*WAO
zeMa5(#P=<X`J)b(dBh!6T!?SW!x&u|ARX$`v}YxB9;8@{xVnK}ckO^%Q;GIo7!Nar
zOl>@{Le3*Ptk=?`34nduq<EF+`-s{WTME%E&`ZuvJj2VRxZz#9rTq#U5QnT6BWr?M
zN^scXGWN9aKd9pl)_82OhC0d~QurSDl^c-k_HhcD(TM3dAg)NOt}s&4i8*9YxX8nD
z*PF+X+?<)l6x|KBVJ@to!t!*yZ|TtC#pGoHS7aiaXWo!$>kbbL8tgH?I_)Gx6S~)K
zBdwtz?Q7$EI!gWC1JmfhTtvdn>J>&G^&=CRQycVv*pBz+>ChX}p}_42mK@1j$SYxi
zXU*u|3{XyQIS0?q!JW}3<=Mb9vs}TT1|P|K@m5(xiK92g^?@9aSxaQk+p#w!laHD6
zUPK8L17?o9^8-F$w=nYaLq#@<J8*YXdrnO}!XvC<lt5I2ar0L4yjGx(C2I-?rm`&@
zUNBP6jTYdb*;+8q>XSf8BYD(X6e>?3HOUCyM%rVFK6wQC0LLp&*9?{z7p=<Q-duOe
zhSQ03j&hL)r}NyBV)lAV6p=P>P!QqB)rwMA?b6w5+;j8uXG@T$dR{nPlB3-l2jyWl
ziby`-7M|l*WN#QvfH+)FPggvN-$@y}@LPCtDSghsFsUxKCJUUzJG6_mD`aAW@U;8_
z%MHgS)2pW7U5#4yqg%J9z}VOWMwEAR9YpVBy2^x5?EDP{L%9Yz_G!)=%j@=66`(on
zFWbxWO+M%~vaaPtUPRSL&tcf7SB^6+Lru_y5TfEK<nWc=LtH#$W5lRUmlE|Ds7L;)
zqz6LOWXhNn`{o;J|AIO-b6~~9lBr$$I{WbfT`L0|hSOyg9pQ^5XW$iit^y%F*RH|{
zs|{xm!M%4X<1$uaOgzDmQ}7y}Migr)=t1mrsZI^o1$;#MUc4)1lUUk##CwD0rp;K|
zJc`JrUIlgSL2y|!32yV0-<r*X7*MD|8R#(Z$A@Z{qs7B6&~rT<wU(zCQ)HC%PQb&m
zNV_>MEL_GE46$J}85~B76YJ0|YlK2g-HS`TC&c5yQ22WW2LDpM{YKHM=-KY8H4mh9
zyPk);;G0rinj#fSurBw6*%8rTHJ?zOuZS?k$<-3gqXVFG5{(&UpVwpp$Pwl4B*tA`
zN1`tuIGk@cP=X%ot30doS;lb5synkBaO#TCM2C5zT62|`>0D2GLdCtuPy2e&wu&YW
zd{ru0kVQ>=;9B(okodc`g8@NzbqnvzxDkBVee4d`kg-p(uGFkD;4O01^TgOU(5=E3
z^%%IH)Pz2is8&#AC=yE_L1PEvaxRzJ?H3u?LpU5x^;VxcJ%<je^-f17^df&v4k@&c
zXN%M25a<EIz1XDQ7}?b~Yhg1ulE?=UD~o+n{kk`o`lYD6r$#;yH$AP|R_v#uYGzKu
zDwcMZ>7{Q(cABlArJ}Kdx=BpSsviVyJ?{iyn0oV;(Lu9B0|X>w4v~Q2CCxgcHupM^
z1a1}F@i|`~UBtwx#qjbm9dsVe8v}iJW#~NgBrqyQO1id?v;%<B(b72tvr3U5C-MaH
z8HW#J!CNsAr_1bTuWsA8n+T^URotL<WOPG7ov;g^l{{xBi8hZroQQxf?rqt_gb8vu
z*7YMMG3Cd|_1=+<;v>R?B;2<)GUVfKOeHe!u-Wl^p9tl{h5~tfulfNo8JmblhHzOz
z52TlyAK|<sOU&f*ekuKWOP^d*ky(#}y>U+E9I=?Y&H(rA6%K;;Nj2IR)nHw<_BJHr
zIRS5uHRwxBEeMzACBKoJX1on<U!hZd^pN%GHKn^K<2)leKYzjg(lyfI5cYr`c#q!`
z<Scg0Yu0DaEA)B8)|ucQJWEW5!+XjvHl~ZxU2BFy19aD+0nO7WL*orXAJPns_pX?U
z_FGL9JX=`eOmWIuHN!?*i#=R&ez>&6)~rz}8`PvmmapC&^4X^32H0ZXqVWbkjKX^g
z8P+wcR~^a|tIv7}Ew2NZ`2P<eqD!?$z~%c039l*E`~dM;c@8Zc2`k;IYR5r6xGVO|
zo5{tZOOWPjnyfsj<I0|Urk+MDVmIaj%BGL@E;#r!%dEj6&4*Ypk0p~5xok_{__TFq
zcUEp{a6BlPz~pkn+=a4LJ|^Qy^O<|vv(Hv*Lh?$opJ(lOJoicu2N^qzc;?b~I|9Ye
zFrU-%HXbJ4A)TY*24=7(xDRC#Bew9(W9&Uf1@8CsIqvBrQSb_ccsAp)UAHd^-=QNH
zU^$gd_h!zRq4t#z?IykL$M2m7VsdOG>Kf5;2A(@JJ7Q0|0ld|>Yf3L(UEq7|;XNLT
z<&DJU=w4H_2E!!5CmYf%6?dEf9{fUc0m#7+6gC<-m9w9}=P#LQM*8V(H`dF>wMmAx
zNU`aV_Q&Q;sIXi7@Tt@2sw-Bhg?5*qt&EG&fru~6LoA`gvP+oC5!kS{vRHdn81PCA
zrWvFB05#C<^<z^#Px8}{O%nA*<2@KPDmHb<toDuTUc-UtajurxcCz++Q}YbS)xA1E
z-+NhBnmV<PW*QHRxI?CLy%afb-W-&*vsh#g(NCu^)~EymZaXFj=TxO9j#Lu+%sB1D
zO9-BL76KS;b;|UL2n_B;J*tyM!g>Zzhak3`W*Hiu^xe62ldqVhg@y&T*;Ir!y{J>@
zrL64=>1tO<W=37vK2x}BdN}#LSCf2Ueb`Fg_a28odGJQYbF{+m^?PVB3#AX;=ZLvz
z+Ea^hCv{3Fa3;=tt#bI4&pYdA0FmOlCsob!24DCh`-3Q$r~6uihr4?ki=ZDqDOn53
z87IhIG8)nD%O!Yk{rL-Hd1wv>iALL<-t3L(&I&cgRmy=Z_W*7rXGTL~NtO9cCRnu_
zt6x^v-dt(5dpzfH;Rer~wwAMIJJUn8b;XW^3w$fd_DXYt$A6JXoV9!v+@qWmkC^`B
z`rS}WJP42SgUL~H>+#-qx-YmK_WX<#?4BlKTyb`B%p>cmwUa<OPYs4)NXW)zTXM}E
z3Fu+CHBNfSSui7y^W`&1jC@cvk)zc`MF}~^>2f&^Vm8=uiaf$>%VYg6*hHHz8L~B1
zN{m36h)jofYNfr^OUH8)U2W*nu^kub=xxqgs2`y0@Flm4q$v|_p136KQ{iDFqj%KR
zlFov9$(@E)(epOF2Or4^Spyp83idiaJ<#x5$=tx?LmF#0jRNC4ZIjzk@g^{)IB1=e
z+^d`iGH8iqFWJZ8t;qo=XH2e?nDlcoDi<o4TmZH$G0T2klf-f~Yh;7+OwLXsJ#Pz)
z1gJZvGMvernTa&bo)6u`D%kd#A?sS+zKm&3Gzz_kBCrFpz8tvI$g+Wr7I83)=Xjll
zpeL?s*2o#0G)3rB>tk|Kv?L@(Y44UZJfCYFJzGV{NhewN)|{Gfk3DjIqbyHFRu~O<
zAHMCEZ}4?^zGkw9lynZ&e!GnPqDZjmC~JYei1iI;ObCoWJxVo}E_tLn9dw77^(I@!
zo-Q)7G|Am7P;a`34p$c-e_ad^W!*eaGj(4yMVrsv#Dp$C4Jre+l-_M!mfiN*_w&0P
z4i<s?;EmWmek|>b4c%0>jE!;(GVb%<2(v}pZ3YmipP%f&^~<Xkf6`;mZEc(~%!AYX
zlWV3gu4Cdj-}We$;F&(UfdO}11`e33=MaID`=+?$83wXE^tB6rj<70Z7;~Ag6tth!
zV}&+h8n45?tvLjX3P{$20qL4UhJv|%{`4eeje5#gNi%0&uL~(bic>cFL5R>iXV6>M
ze6k$-3{sq*IPK60zZvABZ3LmbzL@Q4UVm>D?gYVd5K>8rVGx6WNzxHQCK+e5OrB*5
z9YMRea9?AqtLUx+E7c4?ff-A*7nDomc8Dfe_3-t-VDBXbM`=v^vC`}3%Pxg|Nc|RF
z%wIxt;!WIDym<5Ikmr0cqA1YPDxGd#2Fe3Af4dJ}+xc@*5t{APIPk^M*%PmB;VMj%
zCo(bv1np)<FPD&3?_@8|xKV}%`>F(Ff%WmlAOZkp4XQnrJ;9U~Uo%<8(jZEDRY^8f
zoc-eTJ%SVr$W=`>mONYGo-2Q%u<P9x@FY@{?U6!?6uecr#!lbH&hCyEPf<nG`~dOg
zR;`^1YO<0@2B}^F@xEp#Kpty(vk`=XL2;zTDLfh2=dQf%UMV!mg|CkuD?ZmMG?!Sb
zG>0d8Kq2XBfTIcC9VAs@)Z=Au7tCHBE}}23q6k_{!qowHJlQS+x@&pNsOb8LOP>-x
zemz&c5i{j@?&H`GTMsB(ryNlDjo9QdRt1B@lO&uBKl6w)a#)dQEY;rP1yP~_c7~T(
z8z%J#vY0XPQ7U)u;gfVa5IZ3!7{rh_Sd6xF9MEo?wL}8G0N}@A3Hy#mu_D}i=&oAA
zEpA~OIGH^$eId=5#FF1^BI2x)1co6>gdq?SkCA6RxO%5tE>s4`PiO4Cm=Lnu%3YOb
zMrC2NYzPqT+|zqDUTuunjn818OBeSU36j38MY#!8*mg$y{d5ipi0UEUi+kSFC9W$i
z!1i$U2=;BBEHoI4jLM?E7kG`Oj+qTDdm%5o%Y^oMUwwit-v>r~;qH&bF|KkrFN5B&
zzW2h+U@aY6X~H)cm<&f#(wUgf?x_dMC}cX{#S)|j+1yrUODM$v*j5m?<|>HqsK~ZF
z+<6$db7E}F&Q5ZH`Yejq+##gRsen*%br*0Ip@gyBP4mvn%8pK>%LXYXUu?X#q4G;>
zo8&WKj2IfM&Qf{il#V^tXL_cJNXUWnyt;`?YhZ(D+s5nSbttXN40-MaL{>8HQ~($G
z)iray2iy~3gqn!N{vX-#f@qx{8kf7pL_Sl=6=m8ayYNsWMI}Hwlvj)E=yMKa9urn#
z(O$3t2m?Yq8IWbWL+z{y*eT6!Z45~??plg?NH1cuH^T<?r3h0p!SObBRayDo&hiFL
zMB%<*j|$Fv*+p;Obi6)yah<hx6@a7}_v}=G;toP|03erFEGa5tI)HNWgdBC-<n-!x
zj3_9iQa3#aaaoyOPi4PeS2f-8BW^*Jylt3Wbl(_P*-@)be6lFF*8@AiQ9hH+$t2WU
zk0uaJoX+bhB$6p8$J-&pc|Eu8=SwFm>0snzmd~Co`N*0#Z@iS(>>^iS7PNX|CgrKl
ziO!ajk=qbD@N0W<j+uJ_a1_>)0kp#!d9Q<MrZGfHj{#3cEno?0MTacFD<N8Gtdj`B
z>m@i8fZ9Qq2MXdqfnaaa1BRpvFv~pkPGx;8G84H81>+D*8@>d(%czVr7=la!McY!Y
z(uCDCjRpb_eMlh`wMMi|^?|d!*XT|oe&%lzHr)!en@^V+W~93Dt(F{h%Tb%W$2-R$
zdMVz@;20F!$G9#Tpz1c9SBwO}c=t4GyeH@Nt{J=K%ZHu;6}}q}+$7Q7rFhj#zUMjJ
zgrEzzMNd!)%UYvft=?0JRUI{KCMCZ1#zr#oT@#u}i+jTWC6T|<vBaOL7U4}>z_}@g
zCF>!3m9K?9B!}CRuy3;clk8`EtOUbQFU2Fu8%CEkR<sp8as~lbxK=0<=!$3cPR?&&
zUrd;BcITrWiVjhy!l0m3eXWIzO7RBGuS#WOX?u_zqN((HBYdY#AE@Y}L`?0wdNT5Q
z-myAy5mJHH@oB#3Oco-!8GA6ydR+*1Izi1Lb|S-hUAeS^*{U+W_B4)}>RGKv0+VDS
zwTjc=ChvO8js)BBa)X1gopM|vzkSj+%pNtTDGE<oUiB-2f)E#YX*RC9bpN4E9<9_I
zAX2^B>%#;~*}^mDQzfZu7Cy?h3?d{w)1-K>(DBrBB*fVu9yx1YlIcd7`q{madNn~~
zzE2M(T~1zyMZZJpQ+$B<>h11$y|<iuV5^i<=Lfr%131gux{s`KjWNy7?%1R<@u^IZ
zvzvqg!ojWv2P_D7L)w-fy9xNKdzG5{644yIM#78<90i~}x{K1&w_j)-yfz5M5_8nG
z%12YGTG0*MnJra529=}R*1F<jcG6ljXcmaNa8T`lV0&OAUP-a!5e<7X+Iq4ST@>x7
z&(leI#3%*O*FDPKBx43ttK;(tkQSz}mEn_k@1Pq2;#Tqa6`jY6jyKsI)IP9qEt&ul
z<QGN;x0H7DCQ%t)p6cFJwm3@1iHMOhn0UNPTzv9wO;=jLlKsW`($;F<EI-quc}ZZJ
zwlM5vWvLg}yv<!$ti#N1n@@LoNntebCBC$-7*u@bB9E@;=#60w@JW?$a~f-q+deLP
zgK6mbbgv_q2&qcp&0uvQ4HV)n0YhcG%(lRQFiAVBG#|I^yqHJ&$`d_WO;hk5<+8eF
z)C6|i2&0Rm)R^33V1w5KRA$JvkF5r|IMdtAFYq`#{WR0+d`~7o-S}N59~?Y{9fPJz
zIGbMI1ADrc4`U1XHtA)}8nhNW?g@}x?@45ns5no0MJY^9HzV|*w&A{n+)TSqwDtSw
zI7g^-DJQJ2{Rt|?%zOKsgLHVFZD{2sl?o*_^YP#yzCn#Xd3;Wcz-qTE9gwjKx)08e
z#5GKf%_||;@sdQhta+aCF$5p9N5!KxE9KD;u!#fAO?c<UWvHDkyE34sLi+|LOLXjY
zcMqq5b=MZ-CSE=Ot%Qfq)?l*UJU?@UJ#agr178h2*d~1ZsKVnxw=tnUo1k9yd(H7u
zfGa0a#fLzfg|i`MJKdO+A2-*tiDLrt+w?6aMg5O$;FX}Im1gC9LZVMJ9CH_;3t@X6
z0qQkBBOF?If|yyVlexLixA|EY!IAl`00;TAq$ok-=EKKyrGB+!{NmhO*j<r3)^x63
zN<EuO<S24`ylEB)VcSYJ3*d6qipB;7FQ;8OEr3k6y=~tSz&tDszRa~p+>qe)I-88=
z-J4c^R*Fge+5}kR5ncvoDCA2#c*kZ1*Q5PH9_|vqK@7Hf#x8)5AHtRQt>7g2JHtV~
zDtuC+cnp)6cm)U4R4nF^kF@aIGK}P{ow&zaC0UmVtnN7Q**x^vOP4%KrpYG`IT=o?
zFVdOrN8jzJt`Cf4K7>szsQ01|%-(iwoI1T5$T_>T37@@bNIqVd(OmMeXT1-2@xWlE
za;0H{@m%s*(|d0o7SO@m@C<-~v~3lW31w_;42uC?J<l~j(Pb*jp=6`FGl(wQ>uIy+
zSei@m?0_V0GTwB9rQhqVDW)WsC_@y=x2ip;cZ%tRL(Ij^I&l^wFRN^*RM8?g2{G--
z(;M;OD0AaITgl1wP=<nZIUCE20(nXv4KBH~2G5@>c`R_72u$s=QpIo#Vg~~}hLs_b
zTL8DP@}qZ_L59uH`d*0(V9^Hbs58{CH?p7&#zon7*b(c!1brBWhu(0U@!k{IIPH#J
zqqES9jC=8tIq8bzrBSu9ip0v@799zN*Ay!4dymNAVn5k7`C^+Fl@-R{*j8zKPQ(Z)
zYTx1uhhXlPepX&p2WkAsdoObcl#IBcMuX8g5Glot`HGtWWZ_A)zZ5L8^b!wI<rusZ
zOewMuqZ^E<+a6JV^3+Z>1JO1Jg0mw;G53n{;)ZE#-sx4pd#M7W5U(L@tGPHIp$g8z
z<HT;DdslFU6-@663JJYaqC@;;DTf(RBIl}D$IF^MD>ZhQ$p=X3>;i#hrZ$j8kA{tV
z^En#dJ=2~+&cerDAuwp2`ybra!EX#8w4PB}qy?hQEIv{!yMBiFhVb#i0}}AM@g&p)
zeMdTv;Icvx>NvK6dCa^0>7#zvUfe;@kDwu0?!^2d9@A4^UvuP%@vLUZ=G09-Q-~y5
zz+?}OxP$;DF=e#c2MSmZdaDUbd-dJKFY#o0g@DAgq2#ebEG3)`Ribs}Ng*Elng!t`
zO@O@f)ojHpria1FaNR108P2*|C-D}lX31jt04qo0W%EJ^X}y)v(PYtzo+dSOZl1@F
zsH~VzN$2JW5lo-#aAL7XKtrPEW-1zC+ZgbuXD$_v$LU)KTC?+fNK_{+jdSdGQ7Er!
zWWZ$+gTgyn^03-CAhQW-a7x#FGanloU<x2cD(;ajG5J}Kl0R8Hl43E)H_ABGIvY|j
zM$OuGY9s66QUtYNN#d*VRCp<xQO4dB6e2CEGvQiwNXVjeEb{|hd!83*(;`)B55?97
zI9CJup7k>hPZ_PNI5?!P2XFgDl~Sp=PxWD97;(pY?-&l1oA=@BMT!e9p7Od2VaN;M
zj;T`bxu=~&@t$fukhQ=#(ybF#g5I-vcq5oO^j>CBRl8NhD@)dv#`N+AS?l)%*S#0R
z(-d4V;*q~q?juRM368_udyyS5{ro+TTqqVPQ?HZYvq{_2K%~8AHyr5;eJ>s_0A0Uq
zQSFwS@CIP$*U#|z;Lczc(y|19!~N(B?q(k=sHd+>m1+e-V0!@|_PC%l7+#|&n%iL#
zJ)j_RfKjjBm&Vrk=<TY!1}s8(FV@4aVb$O~_nl$w$voXm3#%Z!v3jh750!OeXUJY-
zP(`>y`-^xF5r6;!LdWx^@LN(xkQ7V>UEO=QYREG~0FI#ttxwh}`BnfT`V!Gr50frE
zZ4#t%x@2i|V3zTw#Q{99MW16rX1@-2r8dTRo!aX~J!=GmIQZV%iAw`k!Pyrw)B4n}
zM=$4j!+&(+vvw5#%MJtpBk{xDyFRE+6hN&P90g#y8tLpu$Q3(cZJzvIHY36ecrL4t
zG<T2<8KneRW0(^S4FO{W3?5L)qcYa5c_p6n#KInKx|%bSXGpXZ;6~mI>~q*gI7-{?
z0VS#T);c^`(6%18GWk!P=|xn94XX#Ja*$w3h@tiBtjHk8-nib-aOH~$D{hye%?o1%
z7P?~YI$fDYns=|PH51M$m)s=Tfvk*!W=lDY-!O4&lGs+g^tb&$e6F`~I>U#F<4z4U
zJezS~A5rW=vei5Vs0gf_)_e4{#uR3sz~s6RF6JW!<c?L!6Y(VsjO_>4rz5R5?p|T`
zY)#8rX^53?b$C#S^RXZhOVXV&bwO+pnc6im*Mh=TmP8B}xQTGwi&C2l=Wct~Vo*RY
z2c>)w={)>BR8cUTIVDq?LCFLb<o8TwSI@(iuRF=^K^Ygn9v`232<FdDHn)!u{pm<D
z2Q5VT3Slr=WpK<r1wiNK1CBv;8-N<NtBU8W*V2z&bh5%Y5{R+sEjK%Ai9CM}JtlUD
z`l=@7k-m4CPH|qyOYM_*&s-nIdBx8ljj$Qe!D>C&@$+M#WnYnmQ+#s0#iYC&z4@3?
z6K70yBdtm!x$K=D>ItT=IFEPuV-7T9A6?(8O>eDA0)U~JV}{M+DcnedN2^sgqc;S2
zp2!Zc?_qq>?eImn56$vH@k?XZ4tN|6TKE9;9R&73zl7>gRDmN)&8Nj{A;wr`($83T
zhtW=v(Kp6tk^4bXR)Qpov$^WAt~e-py=Mc7>q%THuf2RMVIYbGhiil1Lxb*=wHG`9
zsi@NwL0#|q2~Kw6Lt&hZ=w7?`JPs+AvbE2&1m*z)YY(AoRj{=a08O5EHNAWpt11PC
zVa6b0X$Of?iK;tf6Ix^R>JezeqX8;|DY$tnu?gx;3zY;kc?YwB>!N)x{=@q;IxVXe
zW$x{2UR0o`vTEm==1ga3JGj}-qG`w}%9|aPs0#GAa*E12yn9V>8V`7J?@77kwCMRP
zlPSR~O)eqg=6bM^Q6vZ6RCuW8>d%-R+v6w;CAUrAzLoBrip>ocFEUZs=&XxUNi`3C
zVMQYil1at&1jo*GBfZP63T6WDDsZFl#i#{cw0X2JYW6ZW?F*KXK<88jEk6ZNB%yhn
zMB1uvp1;a=4;c-A?Ij(kKuw`HTO~o{s)po7Mw2g}r@sU9g;&ybPAsx^mE2wr@^x+i
zaTS0xdWzVb3sZY&D&ur!`2<3%5u0MNQOgprB%>Svs-zH38c0`Wsg=ORF$t}oVRvL?
zNe42By61(1qC<O5UC*P}1jBwbH%-!w>2i1H+_QcmtdXsQE<VhzB^aBR2eAi??;-@^
z9@AFd(|p(cB;}yq0K1XF^Y(mC3wNJtU|V0rE<Kgq-F(w=#ZE_hssjuZJjy$CF)@?d
zC5VsM-xbDVG>+o8oMd_G1<dOT?r_&BTiF$&_eMm+8H8?l>*O9xQypw*zRsBB_Jfe>
z;HTyZEN)wk^s-K5P$Ao<p&mG-pt~RtJ{nsq8^_23_fA#vHx@{MUOMljp(!mMuQL5c
zH6TEZN?NpU5i`V7+nM*~J@?|C6a}1l?vk55%B8@JtN_g;IeB;27D=1AJN=Eff9~C4
zQZ+gBv=yc&oXa!^0i)v1HE|!d!#gIBD(WDdX1wb0)@xBW&y79TvW{}DN=i*9BETJU
zb=%f$dROH7QU{X;VjvLph^Cw4*6?((67FohB)g<-@`=~J;{)e-92|1@E`2%f-CLJr
zZgw+&+JM!CWZWU36Bytd3#G76G%l-*$J?sv@%XYhH$;?bHNzbQ-I<r=?A*wEW2_H4
zP8HSV9ov#rLOoE`hYY=~Zz~4}iZS{5271UY*>ZyX$9H=340TaMc@JQdDkL@mgBPce
zL*_Y%JaL(xYm3sRrmJKGdb9>M*jI)F&zHsx4inUp7u@n<p12y~m<;ynxk3d7!M^8!
zki;AS%+sjLkMiI>L+mKc5Dmv3dJfo84{$sPg(u<MsdfC`fz_jW2=8i$QpN)Y3&8c=
z?As`G2lwudv{#K(kP>!$*^i#bzE#?JUB_1a%Eb;!hLZ@>DPBtLvqV!*RC&d8%5sC;
zVpfL^+{geLeBR1kstm?7Sq+?BY%y>B^^D=>o3hbxX!8Te(IG#D(vpbe$CHapj@UYR
zRXd%;xK9j$9##+RV@{3H9ZTDNFH3e|Ou7KF-?qBtFdQD&DVUMDVh}{eu7DRz6|U{;
zyfUuN_k>dO_49ebTns(Ea9#?uY-U#pO`TcR1x{vy`J{nXFXq6|8UX3B_!ECkTNb?T
z=t+)U>VvRwfq3aVsk6tuNyvur_C?}5^;K&jqvM(xe-kwVnS{@%h3`S2X;|=3osL%n
z8`I`Mn?u>wDsRs17(aR_d@Ijf&^;%O1NU~yQsX_C6tDsa&_)t-C@$hrX&}|G*Ien3
zXy(A=5ROSX9yO%gX<;S4^9qu;G>(_Ja&Nf?O!i^&$)UUYfB?`d(XOl9*KG&VNLp^M
z`&f}%-~ha-!w?8c<DHw-9kIOf?ddwn6@$V+O-<bj&td%JJM44!E+6wM&!>;+mL553
znkRO&W-^xG?6gbpK2y@c0pwxst%)T}tqPqYLyKqW4e$B{@${_P?k$wQ?0nu$FCgur
zJlxf@qhA!7-jS@Cy{C-Jar&rM$8n3vL`l#QQIF|4kiNQ#+-=K4$|GO(*V$m6m=wyT
zkz)=gO`=81+ia&10>f`{c#3_IcZ#C4;RNLD&fhs)d+kdiy(7A+XfG?A#|*8{1%{;h
zX@Ql)Fieg)n2L-d<XOveT_?`wh4TLZ2eTt*#M>Rh0UN{JQ?uD^Jooj9n2fVr=2c+A
zt9y+t>QlJTu1)5;4%X_-Y^O$WB6qABmXCD!73MpXD2Cm&oud}p^?P?%ilbT85StUZ
z_XORq685&7=G>Y=>J;<}=nk~-#ml$FDzO#&q|RIm_0~|U-({&q()wmAvR%C8;CKsx
z7jIr8j<1z*Ko~Y8CiqZ39e^%-(f+_+G)YPhT*>aCzcrwEW^OD8R_|!S%eAL>+l8i>
zu=~|>;_+jqJI#76GI4HHhQmUfon{;qyGbRlqo1D#j6%u{2)r1%_cDrsuR1+lX|!vh
zAm-lm5I%1g1%7Y_z0dNt`-V%3#rlOY3di^hgkXJ_B{|E_nMP<H{JMe9Zrp?vuT9HB
zr=I&MYdwSamd~QFsETUHsu~9AF+$u!j7W7*PS3Jo?#QR*{YHd1nPGri>ny3LSNP~D
zTV|_I%<FWH_cP2oY#zO6jO?|0;!lwJ@q-Auyxw>$v?%&Q=k*XBA?p~u(;6keWJN6A
z>rC>TL@Ga`sM3&iAVW<;9>Ts!2&~68nNa8x``$)QxCkC`kexNyY^PCG;F&P6(z?D(
z6!&s+f@348W!RTB^jz0B#*(`dGRSg;l#~|*U(SPbXzW{wehiC6{`TbEnv!bf9twDy
zoe}k5nYi3G+S9{)lGn`=d-B9e#C)<&-}?ewLB0UD0`!L<V#ntDgz&H$x=)QJ8eQ1M
zs(r!-JL=xV*ma55HP<;8+laJW1`9*p(;f_{S+;x^bZ+m|(}4qE&H)`2*kxSD37HOw
z0W6zxE7cb$f#0p=)tGMQYms<whNqvLc-g+hy3uZ#K9ZGD+MpT{RTp0g@`BCwdh+a+
zyMfn@GG*>W9!%Yi&5Exe94Ul}zwK+Lq(|=^p8|2wBh6VcEM!&pP?dCN>*!OidG<~p
zzfnb(-NY<D<(+|e*5djf;nS3?2F)hYvSS(~&>clj>!I;!yBE20Tt2x@Nl+~^U0<I?
zw{2F4r-*}eNLsOzEoQp6w1TsDH*(u)%5D>>1vax*n1lD=J=$)6*dj_Xg4_l?Z@iBB
zX8KVh4p*2<&xwU??P9uLaAd@DpxhO!+LyHus4a8mExZMmC`fGqJ9~aZcp-zfEpLR-
zycx=qo6_I1I4cnV2=w-|c+NUwmcF22Qz4u^ROv#JZ-B8i2bib>IWr2erEwv$`@BN%
zCaL!>n~%Ll__lcM4FIi==tM){kiXQkmU@utNa6Nc><%}41c-o|-h%t2f-&k_sFi%}
zWb9i;9P(0QPz$d*O!KiwJjC1GQ^GQAxsZB!1*qs+{o29^;1HTj-xBkga6=K~qg{Rb
z7T>mm6_g~BUmToO9#V9VQ(;{9qcgfh5Vfx5$M|Yiq7ruF##uF%i9pz2SLu*}3DOhs
zp`!=X#jm+jOCmh_RRFt6z+22GeiN%63Aj6HSNsH@_v&i{dd$KR`8=!xuaeK3wgcbM
z&2k8h!41FKn=}cCWH}wL+1<9;$qDw5jkfd<<5!Ns9vY8ZXIw~_tTgBmH<&t~Ig?{%
zK=T#nQ_1$+Gn8qDX#>w8+sqOw@d)I1GD0gTbioho+}k_6$_jNMf}G{KCcV4vxF+D2
zoLo}eWR$ZS%V`h2U!*s*(<kBheYy-~Ns@<BBene6J$VwrX(wN24XQLl%&V~n(><Y?
z%Bmq^4C+a7FMx4uJ2TFn4ie%9Yt%ZKMZRcP-SqL8VQ=bZI5V&fy|M8$o-l1B*5-my
z&ph0@xe*h@sExH4^nCelUN0;m*g<<i*2zO%>J;CL6P0NK?l4m`<$CnMS&`58%55cD
zk*l71ae>k;;bDVTF*iS?80&UC%stC#(SmiSm(FmjqJ8=XLe+s9@eOfzscw>AXv28Z
zMQf5!G2efP>u9dVdyj(j__fY+e72|@RHJ-lS`?&p>M?WiCTLfXj$B^$VrfbeDQX8o
zLOywsBYmeK-ja`P4+sy8T!Ec8-*fh;(_?OBeZ4q{gE&jCX5iT)u%O3p)%_J*TluBf
zkv%m9c;w<sHX);76@=tq66}%DXoSEoHzshzpeFscCZEx3bUfdx_fB}$>|#vza9)?0
z5iRm%?^eGo7HjB-iI)j;WEv9=xsrV#jE`TG<J9>Eft}gg>Y?;`Y|m`y+GJCNQYvAY
zao_MZWTBzg1Y}galq^%VEr>~ORm|q2hf*tD5Rxq_2eUO8CfkRK=x6VVNgE(|`djx<
z5F?8zLNs62ZJ9en@wdSxk$$=ByViUM${~XT9l(IZU00#cIsmm9E+#>ku_F`#Pt;@R
z^_t1hSdg~^@7j*3mKh$o9g;){y@KMA#z=qAZD6Y810znCi-gaNo@NiyV=ScCqB8iZ
zhUwmmnj4KFBJ2+0XOciX;)xJP8ci(|guJYRm~Z8P8~yp}vx___mkj4K*+Ej>eVvhF
zVbACRhC;_XesTma`viy^R>&0F6q*^flJdRBdCr`Xudss+YWv+h_bKB%=dy^!$_A8l
z%Z+D;>JTe)?ORTyv-&z-cMq8J4%C*tdP-?Ex`*Tw)t1A;1(KWV{cK*6ECcBX+xEl(
z3sVFp#$cfd<>@El1Yd~53$XS_@yhLGo#?ZT<L-A(M^vbi*L4(J!5D`H>N065(DaIF
zp|IWwQp;gEiNij~Al5?KrUwD3$&62vs>sK4TAudaGT(FH^Im#kkMObM0j<5{l5@$2
zhpj}u(3BGo`SID=BO|%q^udgC#Rr$ea0yjI3arf~n1)YB>_vDD66)Epo1L=DyXZ6D
z<E5)osg96YVxV%0*4;GU7QySvn>T2=avOISUI(yRO*twvfp>9}GV@+pKa~s&)xoRG
zf&UmUmJRcoL0j{FxMM*;$=<4R&PJE)bU5369?DiQbeFHsA8Bvn(7Zf-W-4K2!s`U4
zX6OAQr-i0W#qlXHM%D3~m_6hHg`&w;UNp{T({;>T;F=OBdjrpHXRoQ4<8~iDo1G5m
zphC+>wuZ?oSy~iN&@EEd??`2swT(b|H?B)7han2F0&QobQU^7pAglTw=SyNNK@i|K
z2+btS7ctG6tOo8EK;czUg9_J9N`SAn4-63}ce5X8bsy<Eghy!ly}hnNxS<wdB4*Od
z4t!MWrMIV7-R%=>I9rCrhF6<B+J}7d7}s;;)LzvdnQFcuWDG_|AVA{P%V~N}>qJ7}
zTjBlKE+db0lLw&lCPB9RKt)QuC?<7;J;MT}6Gz@rJ_;m1gH<~<mVAuNjS0e<0$1<O
z&K*H38D2@5ycn3Sa!5VQhoQ0y5*tw=vVyxFvr^CV`ExUaL`6%kGkGuO9!ZT8h?1xv
z_c(a~3k=1;^A`;O!E&`yayv;|((^)F$=A6OF@rkf*)lzz(GgXC;o?z#x6cq{4^?h^
zL04+yJteiH=f8=l5}7^GYr?s)h$&5$lgX7UUSbrRvS&{X4|VfBD|;l+L2aSi&btWl
z{Ccup>T3&f!$VzN%Z24>YIX4t(b;o6cS(gg-{-ydnmFtgy%LOLs{oy*i9H;8bsbWo
z=4|=RxPLLO?i*48Dp^hFF=tU;$-;v5Ue74`J~vpMz0Q15(2=5)BjuFIV6`sFw)J|a
zYe9WpxuoTulNFGcC(y&P$Yul0FxJgD-Gs~saJ==LwOYjxD~Q5`0XmfT_DSHfz1P%R
z3r@75)`KR@1=Qv(NlZ%37mJE1XeD7x`sz6^u%DHTb{ry{KQyI&X%hLWce=XUjs_lS
zRRDKmSmm>RmKleT7*IHf<`G<(ao1sqrb=k<v8dPfqk`q=IBF#1=eJq1&+<RWX~a7d
zm=EZ2?>-~}Ox8i+ej7+=$YD<TUgvvy;Fa$g!3@x*yP7>#eFAJep_ANu!yD%V`ZNUz
zxpCi7T1!1bnlXGG1t~b<_M|K^+PE=`k9yx>!li|Dx&S61A-s3w*rQ{qLXwTciI^Gh
z+@JF!TJx+KHkW{R#=9Uo?|2bZ^q9+~83<sO3t3BQ6`0Faz-2X%4qu@hWupzyy8*hs
z!(0gKa6UM>-ZxezI7AL}6)>J)Hr}Val$vM+(+U9I$xokf3tIDwo7UXnSz;2ICC;2?
zuA4B32Q(?~nL8$)y6@smxB*=`WBa(iuE&!K9g$ru(=P^&>9Use_DW@HBm_{BWLvdl
zWP2}0>ScI(&4MkHtQFPNzS><&(Un^d@nJ?agn)YddQpafI=XP)F7NY!dOc}3NPWP5
zUO~%xuf`V5B=zK;?yAMvYrzy2W|(WR^R|AdM&OB9V-LKDjuCZrWFk&Q6esLey<oi#
zep$3j*gP3rm^>FUGX^l0>nEJ7=lVjHYqG{^WV?g7pgM5VwK+*6PJ$$KJ#*v1qJdtS
zP+0{phrAM<=R1~ad>Mn#a~CXaIL}Kgx1LJhZ684HfH?=74yM$b=vG%sxu<%7kGOp~
z3_IwUAcePy$0?}gM3`-#3rWhF!aS*#w+*`KV?k;_U=`EE2<^cd&JR}Sbb_<XJ|SoO
z+{ZmM@~u?n`ja4cWHy0^7_t-`@6i!Vy=K%0&%<A<zNWO%tTi7c*gc+>Knq%2!s>B{
zoUJpi5<)Hok9P^6q_!hiY618Blw7ra0?kv(%&wOvsYGpFzI}}^OOLK_H=tgug+HVX
z<A)l~H}Fg_S4uXf9~1CpV=m$)p7#sE>vq~Kl9w~3wq)!gZ(|H%4WSHr!Ohe%w+<({
zJ&AGNge=`a-ij3m-l629%`HBW9GP=<v)L0Kd5#Ii`n)>A+Fv{<WcrVCyQdPPzJU|(
zppk@IF}5s+dLHG{TW+1Cwh9t>PCQ6Y31KI=LM_N00JW-7_K^oA+sH_er1;bf?R&Dr
zR*&P<-w?n=K94&!6#~O7nFX){e-h1D*`RMGFV(T_o?12E5m&WvBZ$|KixY^tx5rvD
zMr^ZB$4M1J^|q!Cv1O4X^2!R2Qp~!L9HMujq+S74KEg^dg}zHxGj;+LUx1|ahVqjp
zn5rdc6k92!ki^#!O>=M4=mOzokKS$pZcl^BQ6Q$6RU?oT<}JeU%yZ$IEjK6T$k2NU
zYp6+R?UDP|)7*p1UCybRQv7w1g|?|r*@JCzTjRXaB9Ty#c(u&n*qv~Lk`n5<vK>+;
zw4715ogt35JH5+N*2u?zeR=MLpp9|__M&v(3K=&A$2+5f5DBPRwXVV+VXEL53ps-{
z=^Ctgl+obIZ-;?pID)wx<l%%Ds!=6UM}?;tLGZp9l2^B~tI>0Drp%KYO<83o{3>8v
zw9r}^ePEEbwU;5&xICXqXYhd}F9UL7ykwd2JTcCfx#FYPZ+E9fOKap}wH9pT^^3qz
z+gIb{vrCxLk`~R?wG}8=!Om3c8Ey&hU2{eN11eMRltwpj!d|W3xeM~a6g+VpWU2QE
zU_n{130pYdHS7@_siX+|#Yr?dvTeOP9g}rO8bN+tEC@y7G)x}Z4eyh3kuS=-D2e4n
zm$paU*h5nkhdq)lGAp8Q4@NugI&p1{?-`f&uMs8B8M%GEVQ-7GLjn5qCin%`^H_VE
zjdTO-ODeD17p`MU1CKdzCE&G52GL9sZ->)kgkmrVSCy1}exN``Q(7uosIhp5(`j3e
zrTh^KmkYJN&Fh<V0o|P{@ja%Eu&_bactNbq3CbqR51Z!MVE`SDGm6cHgf^tLzIk=A
z``$WSJb$@MuNH5StfynogH!TNS2f#Pfm>PJ4Je^a(mcTb_i|;K4h3v0^b0dW@}(c(
zZ@l`Qy~iP1-f7Bp!50Ouu5w%sL%VPDSnoF8B0><-OrAc#Iy%RERElYKjT)dVPK=L&
zUNvvBP=?J#L7#?_1vp6abCk;A6m*GsnA!V~LC`rx-Wx_Xm41v}kdepH*`B^q=FWMq
z<w71oYG5?+!^T{B^hoZ3(aL)&U>46xoqO)Wy98gDnRFENGj36aE2C+m+*jOIGNr*G
zbcQ06FEX2tdz3GrUKvYg*^3=|EZEM;7qkA169$}HHf4*;8$H6_T0Fq#y=2KpBRrT!
zD?>Jh#zy+4P&7Su_sW|+Gsfb;7%HOVE-yGVEq9`g_j$ha-aK)a6*Jz~u^jjKJ>b*9
zeq6LJcBy&5O5X2qke_#Czg{4Xpy#4`X^Zu0=R|pX%ppC}`@O42FU>t$AE$1YiW2(i
zOcsO8)pH{ZQ51WUN=FA<go-u67Ei9U?7cI>yV#&a=x57i$+AK(>S#Ii32*!DuAEfi
zgks(kxu^=_L~a~A)VQz;7~qG6tm$XMiqqaP*O12!;lt_bJd+;J5x7Vtv@VMZMOMb?
zJ!!C(?yUva)C!<!4lDy;J=qM3Sx>bo+}pki^4fS!yf)eWVvibhw84+McssT48QCFc
z=ur?ywx8&mUROu0bUuhEoZc77)V3hxP~Lm%+l0KtPgQw{Q05bJr7z3}tv2U?vT$VD
z&b_=vRa$Y~Y|a_VqrvvMrJg^1>jA+Cd5Y}<d+S3`tju`As^f5vDKws#^2``P&#XL#
zD{CJZnl38Q2^zVYQhN=_>sEv5`9kx^u8!i`+B5`vrXb+%^$<h0l6jUG*mYON&JHA%
z4xsEpvm6w;V>YlY$)aMd$8K3q<jWV3*L_DU^STf#V(Zj<pw;6DYO>|xV9D?4@`9`u
z&sML&O9>knAA6UtB#@~emOsBy)wkf3=-Y``lOZGZALlZ#s`BV^C*Q_F(6*!+uCp!~
z25Y6R4We$0v;g5F-RF$0^$vlK1|_5b<8Gr)mDGt^;<@v|DuxskgvZomJ4@H~%`j5P
z<myw(DYYgZQ8Pb&5XOWtoKdSF;~V@4NoeYg40aFExtPD@5M2U(l_d7SBm(&%-CF5H
zR9U+OHJ2-|ICe%e6|VsfV;hW>o^X;t!9%>czJ|=UwAFLRqFhAcdundR<AOS++r<Eo
zS!7OX?mi>0;i|MlGc!aX<dMj(boFJ;GbS4vc+qiKEyp9AivtMc*Z4s1Ne|j@?lGLg
z$}yBKG)HAY!ae*XuqR7j_FGv1Ryc3)$FHorJYS2?D6na|HoR2QM$I$b=Avxu$C*|v
z%;G${{oal<)#GGnd$cii@SaaKL8T@u@^)|unx?^;KYW>4I|_mmyCQ0cTQlt%?<Tnt
zlthVqUaP%Y?A4*lr%7sTxK0`;d@Mi<QDKP!DC|+*iy?+-ij*?*&dv7m4q0J~$^yy-
z;0z;=?jw}mmqsnmX2@4iX?NG-7y=F3PeKlA*O2Rxg`I@eue?Zh5OaPMC16goI&k>%
z8ZM*h6?IstCTJ_$kaOsJ&Q-zf#|wnXFb0Yp&M_^X4;twiqDVM#fgQ|<K_|{cKyLN%
zb;e^FK-w^cfLGTdk7ACTUao-Zbtj4K@I0O7vY070vro<qzBu<YJ*(D8*9Qt{OO^X>
z^@YPMBfZrudV2bJnB^Xy8!&=xvnm6cf$!0btwoX4LOn#TvwQ}Xw$Y0%ezE8VNPS_6
zBQ7yd=d{WhmHpj3-&j=MXXlk~+uB{i5l-Vus-ggd(FvjW9a4mnx!H+;#sa=2+OVz_
zbc+~3Y1;(sH~{uSpa^%F+GdQX0?p}=4b?<tCX7Zzy&YIRLLx7Ccmgx}T1a5RhhIHj
zLAr%YdB8|8uc7V5qa9*ioh=4PA_M*L%*mB*|AF3bGjpL6ArrfRNP{5#h}?G@R^20O
z3&Jv-5uVcodY*K7LkhCX_(BVKDC}nFtasX$zteSl4p)H`+&U=v!Y3!{y-iOog~itx
zd;GFn(JY@N7Qcr?0eyYpxyBMxBQ7+awQY}edpKw`G|)-Hcm%k}L6EgZZ164FXiNCb
zL&Q3IPWRLuC<$^c(IV5d3&u=<!#13j0m+)*nJ-4?>RsgW6JGWUpkc7_+jbC|2^0Xn
zFfh{fBLr!-=xyloVVBqB0}2kbTgt6@;PYS`C|&@@16XvbhxE*F&Mh2Xqa8zRfge9>
zZH5B$I4mh9A+7}j0czZi!hLxpOqbUXD|`2*?Nn0<!CN(=YBb@UFc)vh2*(I-z7Tkq
z4-uI<BX#MNe9@io*vmuCNOpw;z?sh5H8TfpQ-utdO4Z~|-03l96VkqB?+!DMew1=5
zoTT=~H(vzuqc_=%kIteC%|cd3cIP#kge1jlf7Xvl?W`Eiy=>88eT}BfMg6E#&{`50
z-#tiP64PoGzJiyl=w<rQOm3rTC6+QrUrsQ)MS~=EmO%htWMQMMTydEK9s4T=3(l2v
zO?-4~j@&{(Hmi>Ui^o+G15cGbxOgOAv`c|EzjbKLnghNp^)M5Jrt%7fq^D=@N(W#?
z#hwxifu@<Ol}{>I(&{1e3gZDn#05j?<<JW_B-?M${S$QYz*SlpQFLTNXudJl;z;1M
zdifY%5n;ZprU!EwVl8AAnO#+L4!Ec;#|%r}kHY0`qM%ZZ@hcuUD)y2Zt&4tvt?ppt
zh``C4Rk^de4{?=aExo9Z;`Om&!}F3$zjv&ChP8F>D0L*BfFrnWtq*lmppEbGQ+|<e
z3+MUKGomXo&w4JISt+Y5X>)^fc8RKpEVz$!ht}VPKYrcy%F^a?1x?<QM+IVa=!ocV
zP_ZuKUQu0SPZ1~AD!iUU>6=r0LtT0mD_Q@OeyZx4LwzQMZ?%({F}4z*W&26JiWKF+
zd5t3LWq#?KiB_)6B3T`vyB$!hWsWzVl1gF_5w&Y19xe7zaZ?-SweL|yXxxYlJ{)Dp
zk<@1i{j5+P(hEYzS7`4_7!>9mohqI0dpnATSpWe~BeEQ>RjgfOY8vFIlb1c822T&s
zw#Pnh2@+K5H&{xJ7J(|sOp0L}Zy!%mkm4Csn?Epj6(ay@BvX6~FhG-*#08xp2wQ>H
z7`OdwHZtIey!2^2XOP`0TlN79al&0-H%+ab1-1pud6LEP@@mi8sCAkUQ(pD-%yx+v
zzB*;LJ7=7Fd(rz$xX4vOMnchWWZk6fcI^%9<&e8KNO}YvV60M_G2J8OxG|-N>!|$l
zYGdCEZBx&L=At&)VyPKeJ&aAlSGFBWa6KzxO$4tacSF)L@8s|}GBD^(-Za1JbbJgf
zsdA&Nb-;uaq4AUijsZx-CUFq4;o^1Ba_EFD5>%+433ti1Qrl3Y_*z0rJSJ9C1;|2t
zLfDef2MMavUNYqG%&zb4<OO3HihBHde_}4_kTG?Ynd1r?6&%q^hOYofK)1hC7o-W1
ziYW<Uo-!o2x;-x(@ja5ID=WKzk!u5W&<bF1#qgq55T=QY5S22|J?I!1$6!R_d4tk0
zedoW1@yPUaEHTv%+0q^}3lZEaj=h{L>WU?KyRz=^N&2%d(r@Nv2y=2tUe>(i)Me4P
zYO{6E*QH)UK_{%YjdBe%O)g{61875XW;x+-tmPu)!g-14qtS1zOoG$x+$_;p8_6~L
zDsu3NLB3a_M5&GL+&q@uZfj^{_O=COBM~IigFrc{a2}y)x@u*QU!MQ+HWT&GPF{ke
zH$;_H9#N(OH&{t08J_BUhT$=kSL0rm_B;p4^UUoL!W%fee%#vm1Vn@46;n`=;|5o6
zJ;R!PMA)3F4}5joMIQA`XS!@3@gwer2xQeZa`+E*S0Y{Zm=hIscg*MXo~sWR(zYtS
z+Jyl=!M#cndwAF+y2o7Yy?xwQZ_|m4_x$u^sbPS5aL#gA54UrRR^W(s;-m)#E3WWP
z^O|=IRN~OtmPvEW1Xn~PkTY_#j}7eQTid)`IURiLCna=>u6fLIyGzb~xoHFpOvkOw
zL*&K{^qdFPXpsu~@f<^VZxeX6tJb+>G%*5UjvijsDkkAlm07i_8j=Dy(Fsqfh762>
zGSwqnPGM-WiPh>JedpYRy_}kiGu?!9<N0iW6Tz<E+fv;*j1&Xn(s|&l?WUpBVk}Re
z1=zbRs-#4`x_1;~0x$^4QaB~?N(;xwlOeTbt_8Mcu%;u39pFiJX9vhM$q}i%jM#UY
z-O5$Ybs?!ltDzHFDlPkVK`HA(uk}tT>~+#r1-<NhNRK5d-wj!|6Er&@yn<yxH_JGE
zt~4jT<W1pmASrN%0?ft3mivYzefhmify%ma1uCd0q`4@eri^gPq_B8NJ4&=H;wY;z
zfyi_mnaVGfuuAGVc6I5Z0<+4kB`G{grB)ddU*vOAzRn9?m(X}kd=^Rr_l|uqW#52b
zUhZ*rT?;>aFWO${U}syMTeDmdz05txQfzT(QG|}e6XRY+><h+q!kCBE!&j=q=^JV7
z_7DdB;`S^72Cw`%Sma2`GMRG0E~=Z6`RIF8BN5-IyL_SkAO-4bFNoet%$!GO^<n_u
z!+0%QBTQ!Aw+%WFk=<pAU{pGHsMb*Qn9clUNRio#zL}W3mqQ@TJ`*j2g1_0PHj&mK
z9^orJc}$aNZ<jAP$Y=zFucIr27`R^PhUF$w&ZLQJ%t^Uz>_Vw82L!Gax|e`whb&S^
zdLWYME*q}F8sOfk4-P-$IDX2t?XXp{H%sdHgbkh<@wKU--YO0jkOP|yQme|iJ>lc#
zGJUiHz=mn?$dFM4D<wFcuQu`~1McNv?!!my^B?PKn7lqd`WBXH-o~b9*{SDlDn$4C
z6S!4bpNh<?LdkhfmCXGvQUTrz>!iv6k5kg>bEw`qX^16RAC$vqmKiUd%HdsM&Y22B
z)#>@mgM4>n`n=<1DWG^+p*}=LyxlNLuV^03$}<wd-a>#mPG5DOTRuxxD;8fy>I8fp
zg2Kgf_>NTPax@<c78*CG(U5q&+gPaxGP>0|3xax)Re7$~%bwRyE#Et;8*NVDXmD|;
zY{xOd^9t1>Dzg&RYA}8?5{ZP~vflZ)rp(J-VhF_>2>WTB%Y$J<d)Z9a?nvIUpyrRH
zipCiC-OgoI-~kH{*{kE!SJkPn2}f<2qYHU1b=8hD;D7|D8V2U^2~?6(*60Ewn`Gq)
zy@xEu+X|2B<#wmh!V`#B16_<3GYv+<2VO=>F9=U>I+$rAiq-;nOzRwCIv-eT!v*KL
zR@CjLfPy4X6$iAX;3MF8VgB;9Ti<F9A3T1OSOM?+LU89q&e>j>ZhBQvDY+)^_~N}S
zxCT(RMg`E7vx%dy$O(Idb^Fp%oFw_7#vXXVwLzOJ`i=CetN?Qh=B#xQde58OeP%@U
z5EBgo&8rbLN6rXi^Qt9iS!-Iv*3E>upNJ`#1%<2+I=v(XI9>)1ZWJe&CRw)P62%SC
zsGH6;Lh}bk<kb_+n?x;#1LVf``US@v<C5=7D)PQh)`LD-7gk%5IH_|Jx%Ud?WbAcW
zO*Ee7vOXgmEk}8)MrGP&>e_j<5?JC&k$}lEL^i?}8mR23>@aE`%TTPWuP56UeE6tf
z-Io9iV2o<wbo0c0&MieAY!W>HL#GvS2!L?&mL`W5o;N0`WPbTD;7J&Ozv8s4c7E=3
z?)3Y~qO3u|9*I=c&(Yt~CcHf_-#vQMt^m}W%X*j!wQGqjUilWE9y6LfD0<;6k1{O{
zcL&m(lVg{O!NCYNMKbP*Am(as1TZN1MV3UrIQkEEW`W|DJ3|L;b|lVO(`Fs7L_w9F
z660aN3{vw~A=ZJcRZlaE260V{;c;Sm@4%*W3O%-5*TISy9NLY{E4zx5eOcMXQ5|Qa
z;m#R@1#@mq8XS_KE@Uq2Df;*@xwpi&S7Yuy(nu&EEoW@%hRG!jRcyDZHw!H+*VU{{
z?g#`Jz!l^`Jv!MJX(u^dpxe4&6v>wnHAkskla%M!H7M*(n2aIdV{bJ=S*R|mWYV>!
zPq;N{bD~Qw$y8{wL1g-Y>$}6kzEB`56O#%{vExMc>mn;9T}z02xC6TSa!!&j%Mg1U
zEEdpi=T#gXO0y%7A&r>>?}4in^|R;e4{~3v^$PzOd@Iiyas=MNU~VpwsS=)Wj&&a%
zEws}rhh|+1E_h}MTRIpxFNt-wC@FHCZ*;7@S^I@37hNXY2Zp<Gb?z)Pym)uW_PKAe
zP+MW3kOd->c%cr|i?o`DyJ-z|F&-A4R3V&8axPo|#bN}r8?%~=m$(4--uO*Cv_9cY
z+?uLu3YRM^dLtrvTr_~`CP>Ky0V&F^8A!(={P@5S^4@TRjjPG!We%5nKftiW**TJz
zrKqdd?Gljgaq(o4#%J_q=6qIF0ebQb?x-H@8?q8d_Gluen_c1Dh$2D{zIr`n?hPhx
z`Y<6XGD?RgTOlgZY@qdYe6!h@Nr<IQpFL0Ld0(&_d>=}iU-&9kn~T#t<~N*GPp9K<
z-Qb~Q<UCfzMFP-pgPA4C^2hXus7(6a6G6=f_egq<9?bHsyqSboh8=s9tcoX^sxEFo
z;+HjR&lY>0p0R2sZ*JCdDNZ}`#1(C(92`!Zv&`$9=+_pS>rza?uGLU`9$Im@b0P^m
zQi9M;oWI~1tsIM`uFtq)lk1DnnK~_+hcCBW9wRKCrC2r(S-y)B3D-PR8>-hKVCxy{
zCvUoB&&s*;r_f#*qSy7^Tantc;I}o?9_Z#A_1=H9Uq`ElK!7ja^UQ#CcYo2b7r;HD
zFcq>|yD*-8ma?LpOlb&h1Tk@%BHLMGEF(G~rxRk;!|qEVJODYK)?!W*t|vM#ENj#C
z1Y<Y?s-`swDI^};2$c;O8!!6aYXDN%u*|T#$1qD1v=%iOP1^#M&o89jAVF_06r_j;
zbmLQs1eKkR*Q9kX%c{9URm{%RZbhMrv{@qFWC*FJ$YUg*sXE)M6l`?iv&g1$OFiUG
zQ`*MpOoSU411&kmUVLzIhhzPw!DLGitnK7f+C9a1Gb$c|t=cPoFugLJS`qGyY&6S0
zK3xsBAnUI(wyjeit|iwri4CKr>SbxKXF)w&Sl^j=0Y$bfP8r&dDH)`3Mm#xGcYXmb
zx6D_vCSU`;=%HcN-kN%bNjc26920Ve?vt9ha?~9fyg>!yu}EFAc5@!BO|s)WW~bR!
z1!>9cUZ~itNIXl&LxVm(40MG+5odm;9h<bOgt=o~ai`1rW*RF-Mr&RnPe;j}aR}Bn
z19U%smo@{{hVPU;whYt<w5~JJ4xEEe4yW}-h)jh};@-p64IY0B*0N@teMQ}DdVDVc
zjnz!;f_9arZDvu#X{p;YcJd*5EVrgG?k%K0^8u6t9Z_>#c~nQVtWloUE)?Sj;*3(a
zCy__S55f068C}7#V!z1;a7idyK&*>X30&<{$KSO37wwm7b&sLtoJ0L7dNe}I6)76%
z)0ckR&3N(nEjKA}0U7w(V_esH$<D!TZ&uODl|h`Ou8?(^>xhbzxB|J(vWMzrxng)Z
z`YWm)Q5juk^v*7(8zaMJ%zbCAvS;~{QaX;e%dwYLb>tvN%x0t!JOeml9)MuPYc5h2
z%`oNTj<koEg%voKF+^x0G)WzgyT)91p9$B^drU9sUT$=evk@ftLz^oxT5TLtVd{)g
z`+18f!acZMelUwKI=aLw<?OcEpv{hy&encvS^bOqBW4!h*K004Tf57LQZNWn@N{Qg
zTRe8|g=2A@dxhAND|U!-!FnJ|fP;WmbD?E~zqm2Zd5m)PhO9vW42P309xmmJmLg{M
z>!2kRv!+*@Rd@@c35jsbidOU9zVX)*0DRbukIQf*D_2o*G#_!(nm#P32OQTo`KVFi
zi73+OCBc;UW6KBE06~a1wJ?uFTbpdgpZ6+FK7-7F5lvOVy?kQtm1{n>A~*17MJyzP
z-SW%;1U4{ccJb`jg$ba<(Z*?udQiFP0i_nmMD19FFw>dbnbrLsta)KoYJoS;vuE$2
zfd@&t^38itlsn@iRJgCxx<MkA$iyDgPVQC6GZfHz)|~32J%hrrgH>R?v;AUvj(z#@
z4!#$jisfLY4P?_)mAsoJ+!a7_X9rUJu;B@DFAWqer2`ZpPuya#0N=VfI;h3g0FVZT
zM!ET0h;!^HDxZD!Xz=m**1!wN9)?IViXF&&i&E;wim0jHo1?Yh!w9;xrb01z&xvb%
zvLe7`ag3|l`0et`5u>;I7Il`jQ|ZbD-ZQA7+(CO~o2CW*sG^ixJ<$djlIZmW9mb(l
zYK~O_q`s#s34!xmB!^~2x?<c6RghjM7A6UiI46qrqsT4SwKp1X+wK8$OdIM^&7~!F
zWC43Q<^aQ++`R+Bt$kUQ@+twS=`|%hLj-!)79C|AL7%vzec@h)EEmliIO72D1O^~x
z9E=1UaTK#q#WJ2$7y7V>300={XaMKAjQX}#;$y(kZ8(JP0fp!)zTvwId^8xG2lt#v
z=?0m-ABl{>!V0kwJuRXEY-whX!<ezCxlrF)@?}i9TPi*D^yiFy^&s@r(_hCW;nbr_
zvfvj*)5I>tlcC%%NT1>DFo_XlZwl)wm5}6n#AivYkDs8vWa)8IV#Ov+EMju9-dn8U
zeQ?*P$+)jU!wF;F0SFs~459~?lf<ijo~dl?K}ixi=Z(AfAMgB9S-Q<<pP#>SB_uI%
z_2;lCoVqamMocia@U7^gKSH-T2Srv+%X`3$_9}?kkao;Bl$AtgBGQnrgpb~9XIA%n
zNjXQGgPM~xw)48vvY*=%tS8F5W1#)cH#vPN(?`vH9_?J1G`I>0(X4um08OGV!oKaQ
zL8e5wWv6_bkRctb{f@C;%>nv}RG9^Dn-rNX<{l<z2rjd&yx6OyYLC~!`t0<uI@(6g
zHpCNudG<HBPIEK3&<AP0ac5zrqa1Y7VlFy|k)u^dh3clUu2yySm@=|q=Mh!u7B%Ux
z-Z_^C%`j8}-V&TdlDAUXk*mV3+TgPnkV_M0;%&C<p%&FN@&@v!51bv=%kql|K`q{0
z&s<L~Gd|>noz-^i0YHX#SDKsTfSuQa1u=~1L<FZa9Im=J_m~d*$Q~+tF26@sT=JfQ
zGZY8zROLP>rNbjcdq!=pSFXfQXaZ8`bp)QnloKyYScIq<!XtPhHMDXSEilLrXKVTm
zV9{x<Xag}0#hZl~Gec8|swr0)m!x@(0_)=8E-z%*UflVT+&hq-N1(pVpxcB_oTVu*
zH}ZTC_NJChDC14eh#WpKB8|6F<8I-XPmhFA)+sv;O6bha#emuwuj2CYhK4FCUNE}g
zVa4ogzR;QH=D{U8b7ml#xu(pSsR0HhsJ9$ct*%?r9EjSD_Px84eDU5P*i+HuS&%RA
zXtjO4O34+BEYpKPYn$^ekvTE)V0hsr^Yx=pc4Yklqn>N++jiMZqHQZGgLX-$*n(!4
zr8q~AT>WSa_&sQW@OLI6G~zE$qDPw}u-DZ$DGese(ll8FB}{`k9%qy21CM15G^p3J
z(?UnF2pJfJ&-JVxk?caT1PAx@ouOhW6u&nHp&CIv5H3Aw0N@lAXj$g*1LZ6UBZ`~o
z-n1$}qL!1o5G<oK5mf^~wX6#A+Kf|2@HsP_whh)w^@{^fOh~c+fH!D!T&2fhV;$4D
zdh^hQ?ipP8V<XI{qlyY|ofC!WhavnT0_SB2$4deW<Xm(@(ijF$ot9BvRhl{?f8`c(
zP=+q`_>C^pBB}ShJN4DfC_R4qP>?yaoVmNz2$o+#njlh`kIc)yOHQ)|k!D+BHa<*<
z-4)-mhkTX2NwH&`2U8(CR7KPcSRMn)fsNJfBDG$JpducmImC}gY*_GJ5P;bFN?t-E
zrh~qc6uOko+t#4-rt`!7rP7ct+2@*vZ=U(yV|)(8Li=nV48s$>%4?_rczfqhx|p8f
zJb-pzdQ&^4uj_Wx+!qea0bO1rh;^O3rAFF@6hIqYC-y*_bbqs1PI_T_!PYPGF`Af`
zcv5+dx<?I&I^4bKz*d;`ErYx#`=m<F!|opU@L;Qkcw<aMR=eQ5YG#*Q8G{;EJ(8co
zK$oX0Z_H+f4wU&KAK!@ca+q$|>v+LVXTm+HtSz~m+f|dP*z?k(y=Y>qq25I|Hg2-&
z#cg*Pv1lzvzCn20m9MqMj?j3jaU%@__KaW*l*?V+_Hm)FqY+p>I*PX!V(rC1Y0K9^
z$@?-g{ViFen2};HRt<qv<s0zZBEN_}dNsxC@}i^lU6vof`;|KKaFi3x4Asial^g7>
ziG{}Vp^Y3Rg}bvJl)!tH4N>o9oe)V})fmr~21ep_Sjv)3#XJut$WP#zzJM2r*t^S?
z>P@95Z*Oqr2<q{QKlR!`ZTG~xRf;Gm0Cj#TR&)dzUEH=N8OyCENw49sEeFGZ9|POA
z)-9%ATMBCvy6(UsN-L}vuk_mqE3gDM$LJ8_b(2&dBe#35%ajfx!l{-AC3BY5`gXLb
z&~;|l#bXm3W_Q;tleuYaviLVl0WzmDCvn1y@Mc0|G@<at%NxeZs=g}?=|FdHBMf*k
z0q>@SeaAy7#wLuAZd9|DfFq{%hJ{F6;R#zX_H2%XZP`jXuzGesH+ciX{}DgFr?KL<
z@d}<v1VsggRJXp(@r6A=xG@FBMlb2>hG0e|P|3yTf&<oU)%>&zFMOPrE}G{?rQ8`Q
z_u;$*(13gzE9IjkNYW<`)!XK1*Snq7vB<1;5jjbW(YyuSv0SAfJJa`uokI~Tp#&)(
zHK(`4y)a2R+MQR9@`zIWEpOVgyq+d?g#ctInO4^3%kTx)LwJ|ML{w;RYmTbMG<z*@
zyotwTR_VeloRdf7MQ^re7QPqq;DxEBsMM<z6|WwBM)8D9`qdV`>5`jVeN<x)>>Yzd
zfFbVdcQOi9Lq#zd4K#{@K3Z$*YIWn&+nYt3aZabT%Bydr0J8a^u<adt_yz+8&tMX^
zmWqP4b>OC%4opN)ZA2VS3rnT?o0L7!DhdOCjM5_Dz0m54W-w4X_{4~5fiYOf<y`A!
zvJ1hbZHWawyv$nnbL}<BcY7`bIf)mQnNl4*??r2pdGg_T>g%B!E{vX$HSskfRcbsm
zQ9UMOOrF4Px|i-WH?W1=QmzF_yd>|H^1`hyJ~>b)^RpzW<i2Dd2*@>XXO7V4#*cY%
zl0=0m3pix6L3f;lyhYGwHUV06^(8)xenSJ2&+&W!{q<{R#Fu=h^0-DD2~nP1$(Bj(
ztY$1t-7bJV+?UaPd(TJ~&)n<1u70W&TDHxB;~O(jrhO-i*F>jg2c_Y4Z^!nNc!4kC
zce~1OE@jdPAKZXFdS~&*@tn^9?+jO-Bj|9~Q=p^vsN?lh+ZnMKkZ^d(?oRo3uiEuG
zG895-<I<%(Z)>>sIgLzeH~=}l!mV(3+QftOdzsM-$Y~qZVsvHJK9cB@gaWu&!K}80
zbo@xmrqEoD7$Czd5;0bX-rWPqyE61edf@xs+Ul_&M`{Wp;|-26ThpWTYkuHxAlMIC
zuy!p=6}lt|(q_ui7bxPWP^uq8tCSZuw)iUvsp-DqR94n3I%3p-I%)x<8_H3?081K}
z|Bw$CeUOgWWu;8W<Z#|#ZE=T#Z=bzF<MX_EW>2yKJ+bp9WkSlL`qYneJ(UaL#j~tU
zYeO5?+zPKoI0}3(Sp(`egim=$k(hXOUyRAcA!CfZu}YVIoBTMa29-!AqzY{!78dt`
z(N*)#yml1yakTZPR~_?&g(Su!4S=fNd&~Cj1z}Xb%TD0M3UOz6vl)I2Lh4uD%B`N_
zoOa#MCnkz~BBuC3EK}od;4OpRqXNNTZtq+>^ERR|_0hoIC`5p<c=Eui2~(6v-t$44
zt2FM~NKC#Bb4Zr=aH4WKN~WVRupwn3=zKRQj}oXuNvNwx)L}v1lPtl4cU^Xd+ilrJ
zE1vJIisZzRZo|$y5oogVjv?*WClZne4%AZOH0eN!_XhRR<TAfUT9NVW9#lOj1%AiO
zqg>5RN;#2<yqT|K7IURY&N^`LrFdk=a1gMU!``zO`?S*{#0d|T+i0xk?WqSnW81mV
zJv&e(0MeGKN@8<OH#!o@Vh75_aUpa`Jv|l~#Nb8Zh=68Bac@ko@WThM*`q=8GB8dX
z-)5san6N_5RVdRIWCtQHsgYtK4meGb6IdQ)E6Rg6p_Z&mCZRhk8{VYPg<gqQM^xk%
zMZtBgNW$tbFU8MIW~UjdO79{;Rfxx{MwHVuOJz-a?mh0bPzJsmdG;`POpok=-46D#
z?i1*5<oy$QljD`_)pkK2)7z$M9ZCkC5p`gBY|9064+Fw$UlQ1Cp3+#Q6Qgw=Gwit%
zKSlSRrQ+xg$rK5Fo^L6A`7~q9*U`!c%{{Ifwhn@0K+YJLb0e2(vL2Uvla1Ao?ux-K
z?x|lvUIuk5$9X>+9*DOuEseJ-O5NYiaUVPb^46-+iYX>Uewf3zNI0@lCqfh_i`%CO
z7YAD@qrLUWpJx#@A8ctFDHCU#-2=mubi8b5k%tSdp~{Eg^7NJhMtChjHJ5kAuIvfX
zIZB$h)be`Af6P<UTHf6>!l>Mnyv$MM?u41-Tut3st}R1cX%xX6S;exqnZ#gORUC*a
z`fd*Odc)vt^?~wRxyYmkJVcaKdTT)E@2ph1Uxv_gc!{uTwOSO_JQH|3z(hxZ<L}hC
z^0XePvgCSYvySAMCvg}z2%IG5P86>qk}&YxR^?7*vCiwRVIOhY6<so{-fQK7B%SNj
zxiaV?do(OPf-3&_f{OX_%E3HCMZFr)tk|04Jrk}(jWShJ8GNcYx*V1j7Vyx?Y|nD-
zfhb)qGu660g}Rqy@A<0gO=;x9iH~jboh0679o@adUYR;3i|Gkm?u;-R_o-;5=TCkk
zd1+H&PK5^(AesJjDAL_E*LVZOur12mLG1cHWWpOu!?eQ;z7D<YM|EyH&vt9>pvS^s
z9$kyUQ_f0YlB0P&j~|^NkEFyt!_HYb4a7me*AM9odoi`+;O$U>&}h4rOvPKQmzDaK
zj;6x9OF%Hub_o|edkI;P+QzVlTc}FMCu?45hUl##9j!@oq2rsVRu>psw0o;d*=*`s
z=Lj!n2AV9&6=7}>iD(vUk-M8xD_z;#Um_;tW8QL{;72jyPaIA4l(9}S*GK|g03qHs
zgyOwxW$hYQ3tU*(-E2v9@iff!u`whZzUoRA&3dXW>ms=GT=`C{GsPj`k>|_ikg#R|
zs?3P#fCGuWm2c+NzL+2CqIt}~e6fKX%192*&fRj*8Bf;Vwz&X|(uNgZTDWAZPvk(b
z&#Y!V2Jmt8mN0k|vqUcY4E?Y?cbp$xjna;a>dO-%xNL~IbP)zbi>P?>gwKx(bB~qZ
zR*6n`Eb?3lyO8f<K+4_}cW%AoU`Bj(##z&E_0^W(!+wi7WRL~w&%s&-`IRwRDP(nY
zFU%ch=cK%<a;tsst>LR$eSRm3;UZIPu#jPG50C=(Sykwe9h`%-ryM<en=Sih<EZbr
zs#O!;zGn>s<Z8f_)`O5k&i)_t%jRI&24l~hhGiUb5EBJ80I$0VZJvtH@{y1ihA|Ll
za7Z;QKC`74xvUVmuJaxb;<O)Pu4!w-m;mb2E@o#1M+s^w(|0V2vSS5v-DDhBPrdYJ
z&e-)?n$)m7jWLQlWJaWJB>=KF-VyN@m3<7TlhxJ<4{Xn+8A->*%pNmRTLAZ>*;Tyj
z;?0g>7{f(QoXx5rnzU7WI_>eSM}%zWUcP+sX2*kVA$cF+thP+3t&_i&0v#lTs$uJe
zWvh3Tj3IiRR@vB@#Vt0{PNK`J9#b<l0Lc|GKDW%znOK3WF(crx*}3mwKUEPMKb@0A
zlnMY*K`^Z;$1KMR-;tL%pc<N^i{_}YZ3Kmr!qL`U)-w8%a*8=&5%~tjv+GX#Y1Ca(
z6x+I>Z6%hUD7o(ON!VG4?c&V7@IF7SdL96)@mw_?0#0^p>*{GQ9E=q{E)(>8TFa0w
zC~(>05iMIj)8{YYo*&T?KL=azhdmkbY!ddZP)p9^ONrr&CVe~DZOtAIRz=NJc<+hK
zbShUWD)Bp1_tVSQ#>NI^<r6-6`S9r!6C@_zU~xjw#CnRD#l!NqTA=9R6gfUz0`ItW
zh3q##F9&Q6tc8n?sVq7*HaaI@mvN2F#hoY$JU!q;Ii!I*&zWo_5BJn~@GiTS*irm3
ziFL%(3x<fb=@$>F4QT`!=)5#Op*Q)0{wTsj)sSZdr5h3Fw3i_xwCV*d85AtP)WQj&
z+W>r+l1*ne66Eu8_`Q<>Rp~luB_6`F)#DdqCk5m^T~YYdhl|6EN$8HdY-cUm(hhWr
zs|6Rv4U1jMW?Q`q!Uj@^Zd7OvpDxy-KD<)OH9H!&q%$W;@5}7UmV6SF1H!ypsG^eR
z$4JFRsqa07<-Hnyu%6!8s7~q_53iCdr3U8NKJ>{x7v^D3jUj*M-9f~%FX<r&mXa-d
z>=mp)S)vzbo~f_X4)$|nydf@W-lErhx$WlqAN9d;l2W?-%AShCb1GO@l^RQO!fglb
zg?A&T$<^#=Nep_#%6ECF?!3<+c{agh4%NBubjLa4rO{jrKFM?l^?fEG23O(^b4fV!
z8sPYGW*i`F4bHyB%*UsAE^}-(G`&{*<|QIhTU+eaW9eSXLQ;H}%YJaIK`9nYid}Mo
zd2gNIaP5StE6%-~u1{YSrQX0sYH^dRP}XEdo8lfOXtFCPno}{claV~l-BR|Da(c4I
zuZZ}}lBr>MPW1RNP*AR6-JdUyx+|6R)HvA?TRuSOlxSfHeQrH#58=Vi@()cpmbuH`
zU2+7W&EuisSmh>7!{dUYd9lKv6^XCqJ%3N$aCeHWd+iG`skuR`64`#^MhXn?4X-S>
zY9%IKPZGXSK5e38J$Jqu*yonVPS1)3AM-iYZnYr#h+8uy?@KXQl2ELxeFmzwY~kpj
zB~Z?<6y>scosfgyb^*FbFh&mFV#78@DbV@?M{xM@c|S40Gt8)DAUssw5zUBdRLFF<
zItVC0mPyj0C$Oui*0<!SxRWGF{nQ!w6m-S(Vk`y16h|ItIuzfTLD87yfMFOUx0U0i
zk29KvGqjR$=8`c>;4_1}JFa-|YLXuVBR}QKzPF6gb9)UYNAM``VQ4<sd@@C{dNpig
zm(Lpp2Elbe*D;NTMdHu^-fz?tD*`;dItw`ZqCTmA^nHSTFW!<z)T3mzO4T}<<LplB
zDFneSd9MbYCF3Hyngx<V=20A7yg5!osD(S!or<>6DM1sd@F#450@o&|lnH!5ZtZCT
z_5kdq%L2Y2%Ll?fg;i`gd%KVE0ilqdJK^k+4erf**REWSuA&2~IUVHk!d9L8+1l-s
zj%-qYnPQoK?jT3ErOwtZ#aUTdE)=QHdGU=##4(Z3mc|}K&&$bbw0Sf&1@Vj+<aKy>
zoco|`9#B3)szuwTfftUM84(gQ=dnEj%$)C4%VM~vQ`WtHoyQdTANJhOn`<N_SPh6V
zAEw)@Dl=2IB2uG61tQT1T)rb;J5VQ+VyCJxyhyZ>nS|nebS?&V@%Hs9pQOG<rVN7H
z$9|5!;SWL^DQLnU=X<nB_oPl}7s>Gie42J%^={Fn-MCu41k6xn1$AmfEb6N=U9x(j
z!Lc|a&oO~aw>3v<@@8>UAV)#=3O0^qQ5Ti0&>tTu4s(;kMdv)M{$UxUdC@#I()Pk@
zIM_%5U+ZuIo7q)!?$Wbdv&f^3MaZQwaFTaCz5XnHlWW&@0kC=WT;6q1QbrHl%;tzT
zUXY*^@goAz%=3H+s4;={-buoW%vME0*o*fH1Rfc4iMr3hSVa3pz!=<V(n4538p+hU
zSA+|R5tJHB_B2pGogJIX5XQ`xa9a)7t&_<R($kJ!l-4QZ-~os%;A)x=Mb*n{nin5y
z4PM8s3n9##=L@Z{9)`{FNYDJh8A9m2di8dg0TQoH=pJQ9zPJl|EB7qxppuv~)@hZs
zndX5CJWoqW<HJo+Y0G48O`?doSKFl*h)r7aM45Klo$iE@hH@ciWZ>+DdMW`Rx?;Fr
z47*qZ0+cjjY&tp^CAWnDvPfUZNn}N6liP{lI0>FXK6Yax&+%OBeh!-vy>~E;o;<FL
z)(P;`jNVydJr!dOQ6%sHM&3m>VPC)$)ZntcAq%n-X9y(f!x;x_?@#O<zOav@M$g$O
zcIfA__~7apZ)6hanJ_Te+rsM2;5nUasr!Wt>N$p<gU^v%KU=b{SIaofdf*~GJE-=m
zlET&duH#)%00J`>;8^k%qeeGYJRVY=3>RLOgcLCBtf|=HcO+PsRon!_^n_1<tTa-(
zn_ZI_@SGb85(5g31~9w)U<46y5spq4CHMtB)reG@29ILB86}p2zItWjxixCsiI=9_
z+CVrrb{Yh0hhCRAwOt2U0OZKbI|>yU5h~Hxe%{9OjI70(XyXNr-aVoakf_<feSH2O
z_n42<*{_yzvo%PV>vd+`-~)3-C^Yr310Z~f7fTSVf%zUYtf^fq4-#>8h*%>IQ`qAY
zbW7K1gFqB$c;Ld%VDC~b&`(e@+KvXp_YE}0iR54muE&zHY3~VmK=>O{O+!<X9CLlr
z+~ne<Dc)RNP~s!FOD?5c8xQHt_5}#g`Ykd(G9G;4DEMBzm<y`thkF~%O~+m5Oi>dL
zagBpT-@&u?>O;#1>nfA?s#m=kPqk!V!yJp_rZEN{aK6wc7C>wD7q0I}(`57D0kk=;
z29ynjfimJ@O>N41MpajURENOB($rbXqr4bKmF5cdUX<J8N^&T;deP1PmQ({lXDZ2E
zZY8)}cj4g46E;BZ9mw8C4z99MJDx(<;nRn?dM;Y_-bp#o0OnpO#od)<UnR&Biji4H
z$IH-2t|z&r!Lod$65ideP?tMmkNvSt>1s_r&IU%KARb0Yyg*YQ)V@|SztQT6T)P-G
zB~`yCjWezmM$B2Ux2L_kPY;sC<HX!vLDdi8C0VU?&#DL3C6VxMmuEB(ryInr)bFT(
z<XoirJx*-kUe*I5HPn}uv}R~(arG3pn^*b(_adrb({LsCwz^G4VUHq0L4{rs_v;FJ
zzVx!xTQ6y}AcZLnA9Z09Pqq+rkTFW=G{e+F9+!p4;UeImnjIvbRDzXLv*qgnb2qu+
z`sUuhxX(q6<4b140H9o}?)9#kc|*Rs6Jw|>8rsrv!Yx1<RgA~QfL%9|!oAWYJ=)<C
z-9{SQ8L*Tu7VxgJ;Z?$-yh|Z_mN;gv4;DC#{gqaaMy#({<_?x82DYX=m3M~x7zi(I
zHm6IKjfa?<L<Eld@l+|sy^c#w52L-&Gg4|0c!vRVdpQr@aX)}J7I$pr;*nZbuT|f^
zn2}RxFhx9#IJNe$V(q|J#+9sXcMd_7_XbUU-@6VSPfOw5k_J5H1NQeW=sl_RXhf75
zWo$rP<z$&A@uY*b|G>8=ENmi$;gi?}58_;iI66@^vP^iz&v&Qzu|1T>og^8NPnICt
z*u2cJ5}hP3C|ry8UFf^$VC{#hj1M@iycCg>O-`xb+-nv0h?ji#&>!Dq7p9$La~WeY
z3s$prJ)v_1C~~0Ku@<>5!3{1ue3)QTaL7gHT=)W*VfKiU{k2l>y+a#Z4oBinAjWzo
zA@jhyEhNd89E)WKjq3#?BTc5-Qv!#UFgrJPWHE=Xu$FVwY<rGiS0uc{6&<M>G3<(U
zJRV)IQjGgyy7@gBcn574Z5INkJnoC`LA%zsdK-<eg4ANQk%(^B-wO(VX8iPtMzb12
z7ptC#8iSKLynv|Eu9nmGg=({?wSJ(DR9#dYsx*=(L?A=_E?a9`ZSRMyL8Y_hxM?`g
z(UB&eH=oW0pTDhV@@Q&nis0rvqyg=bzdcN2RS;+yNehV+cZ(<CN<sKmlqp5DXGfm-
z>&rx$3MYfvV8TSZby*pwp~8ZuUE?UqO7U@B8L(uFo{0iZNEh2W=k3uQ(&x`=ba|h%
zBls1UTbZh#SBc8uKD(?%KQ6OQ6!FFank=jyaoq>e=>VhjFq8~vqp(I@&oJ1=XY6?g
zfWY&hr<UN4p**lrrI^RLda&q3@Nh0)<Pj^Q)kg9XY;VaHan`em4K-=DS4~eyCYR$a
zYb9EGk5r=e)tlH|DyL8I!@j`h@{QMe*EE&_mv8o6?{&a&A$17s%Mw&3T#8)_n#+C>
z1rQxEJyQ?-dNuKRYqRcBx#2_Mot73T8Adk4lgOG0?#&m2_!QkiCG6I+kAhm767N|F
zaK@Y095H#WC6?o|Xe8G5#+>cxt664i3K$&$Tx(>vET$JP&#FjqqiFp0skA(Csz(dO
zA)ECq(2(rLeDjUzR`6(?mb7LI+-oj=`;IN-D1@X*^1S_EPopQM4u^bU5$;8#-Sf`D
z5v`cwd9y3|KqG4-(CMLs|3Dd$d8a0<VI#-?k^cf~Nfl4XdRT#pwlEvk0w}^%Y(%Vy
zVu9z$lJ;EZfb~Sw44XQT?bP}M&q1FGWYG73M4>W8-|n+l?+jcE4u>_}##`GcSyvOW
z97iA;sXa&EdrP9(%@$dun=wA2_;TNs0P|i|b=89#>&8_@f0>^2`spg7ZKc>Owe$0c
zry%LX0c!=WDcX9uO4p3C{%rE)y8t5Vo#B=ZSNC^lq{uas&BW{a_#KDJwE7@zxK*JG
z3~YfI0yQ8zPEnwSV-e5x%8zI)!BQKBW=-Tt!nUC-sCuDzAPy34(}eWy9dk?Y8+t;o
zUp+9|dpjE<djo)Kj!l=)h+6hcDSyu905@EV3RTX&o<uyzYklKOZF8_%r6SN&yh9GJ
z>4kSr+wsGsv7<40!B$SeRw;#%Xr~e8;V9WMOVIs#K$Asjg4~KlfnU}TyTTErT2(%H
zg%f=gvBR5$A?!|O@mSAdNRI^0-*K_@ypV!6RyIcf%WTbg+9y_RVxlkVv>s~q6YRlm
zu%1p^AANCj=NwDM9ir~tL*|9UPgm!(uDxD*+&t>5i#ip6y**`gD+P%+Ar!{D(_{IB
z?71BKxr4XDxxFE3giDz>J0+*Aa*JCiE*)p098aB`{ji_IGY@QCT#?Wy?I%k<ue$jx
zdskLDIJK8#<Mq^H5#_pat35E!-UaR{Mt#Y9rtgdV2l7e2uxv9H!sSifZo`b#gsj88
z%9u`!J$QO=3-BpYp4nJR^}Ru>1jk79pfrATQLNSdIvrJaG1i5=nrH~c)pqnU_(^j^
z)GS&UP&Z-Ni!)7Bv+KubC*54enCMp`5|@^jXvtGlErhgp%F*`v(8U~_Oj*^VA0p1<
zy6Y9jk`|DleZ~{?LJcyLeT$}1l91*RUxXyyn%bSrpr~T6>}w+|%2WeM1OP1Z=jrj1
zJi#HfnRF47Z0HK}Y2BDKDKJEpYKk0jRW^(&T4I~O;S$`VtGeh`8+jc6qTfLB3IjVx
zm~~vZ91W%6FfAhsbIO|Bf{5ddHx?NYBx@u0L&asii(*qwaGPX~O*~L{JVDu)Xl+<1
z%H;2Yq{TObIYI#-qoZJJbiMYdgPfrIqRP79#5A*!q;y}%O?4ZnOM!NC<$#S~U(D$6
zaJ^gXJ!6?w^)eG$4XmcK$l6@PJ)NXiJ4b;-DF{|P8DdxZn0%dH`^YXfn`z#Q3+twU
z3lbJ@1_GU@1y}`|8FS6}`et_PEk6_WXaHWy#F;Zl?(m#hQG6>f;C&7zMxfhqZ5zpp
zWm2>`Y8d*Ommb30J%XCI>Vo1pv6vt}*w2y|6TA)(guMNR(vGH6ZuYhJX|$8A&5>Bo
zzBlT`Gq}+3H1eF))?-H+n4TrSt;)yK7`87^OJ8NqBIiqbmYE`IOS~c~BSHofn=?;*
zWZ$CeD;t_<2Fx==rw6W)-NFXkFOts2!u{cmvdiQN7uxO0_9BYys4RApZ|2d2Fc>=<
zL|u`M8Ot01hA#|;0ubur^LdXc?kPx~!?e|-xA|TmgI=-UOkwZ6GqRM(wq<Ef+cAa<
zMmP`Ppa+uFvjE+$aQAxSVDX?!3I`euJGmT*A-cF@W8fi>jNvMo=EHqCt)4vcQth1<
z#>FDv^z^VC&lb`oqvEaOF933Sy+{sPVB(?n@SyqG%hTi`;DOLu1{+DTPxO(#(0~0x
zc^un^z;CeQnd69`#0&t7+N^;*Ef;vOCoZp<xt{3L!fPK&bPE%4O)fW<+f3Hb%*3P<
z4b3-JhRSL@yNp%YBHW(LyJMphY8eh`&Sp(YuT)_-6i8vNEO4`HbkuTDDjt}5Ek0?F
zIl4{ZT%|)sA>(LwxiLyM=Z5ANbZ{hD$mrEYZwXHxzsoY}_cqz9e=Rw|dy{3-$hWl*
zmFl$WWobS?Ww8<Neu7<gkLs0&!;yKJ*BNEa73zDbB<!~+rGXOO9eVJP$i<*v>u7ID
zzM56{eMi{;vd^bG=i0TQ(Q~y~wUl9rj)W}RG2C5`#(-nwdiJ37RXxh*RL{b=<K;rr
zL+&(v6++^Q(*fKK;+|-s><Lr6t-khJb`u*tYl?uaU$EmoJMB2@!*hm($$4*RE8vh|
zuTrQ83bnkw*OjTY%v?-zB;1l5_vy+Nb+ty;xm&sl7*Ug`-`-$AfG5QDyhAHnt?sv>
z5cpom?TBkT_3ph}xD_*92qFQ?#q(iVz4z)G^1P(ou`cdeKTl%z@IiubtPMMRgRGBO
z;O&r-Fa>$PBXziP0DvyV<z1fw8rhTUsjPY+Q_xefj92?C7=~OQ&;;g_DF>VEZoous
zK#F|#Mjn!x?-;Wfr6sUsY*S0VmCPO)qq&&G+t8Sb?13vgz<he4J@L#>z%vV<!A{PD
z4Yu88kqre)b*mVmsfax%U-cnJB)@{qMs%%xAl)%&%Nn~}jcl0j*{nD)GC9#j+*^6?
znREzvf#?%Og)Gk}jzeY<+JT#$FGJ#;bfSwp`IYV<y?QCBmvF>}f~M&!v$%$l0wb%M
zO%6}9=niXyY8T_^VvLQUvt4&PnIa+4-&+^IqBOy0f|&2RX~uZ06GN1qL)FS=5qQDn
zE7Bu8e6`s3S_L&huCvTvy^%^f)3+R>dyVhd5)+nZ#SotRb_;jygG!od=B$%u))1Ic
z_P{HfUV<6m$o^!X;FJBdl#`p*NE{+&$6U>m@Oe^?l(tV}*<&S;q2K1Nk?pGqkGFRd
z1o%$6XUz&kK#Y2JZdhp?mDf_*=OsAOJ;3hAuN0p*soKFqL;~0{dQ(jio%w?1QvFzi
zl_D-VSur*W7|rG`Q3HYRl676*yVsCzZ6$V#JmpJ06Vq4eS~JtVkS~2v^&IaZjc?qV
z7%C4BQ9EJ{$2o&A7ZLJ|7z2i2X;APDB=b@k=hTD}M>Qa$w%ASCbAMXgjtj~uaO&7s
z+a!qsQfLno%ROztkbo!@{R%msbV9b~{s(^?1J8DE23rU~D|0U`8aaCCTl6z+(6pxl
z(&xtSrt}??;!Tr_{4%{0uLlSPZJ)`)BMnEejfpox0RF(=^yzu_A;`;DqUdYRtJyY(
zdsz9lUkdsmExXOtOG(|C@bJ!6857N73=XFgHlDNxhgbbF6EP%#tDbRSKA+sTa(9n8
z?JziaqorH7_*8+%3wv+39<Udv=~0aJh!{Y?wefPxRKL;TL3rmIphegn6?@#unhE1u
zeb1jUK9O@s(9TX?g)mRhbKU5Ic~2*=`=Q*}1h*F=tolU`p2K_H4nj{+ueG5M9B1`L
z`qnmWhK@ODj*tR9`P{0?vr=>%ysD{ld<J4)MIJVD!Kzodllc?}q8AlGz-HxaL%G~I
z+mwaK`qC>sIWF>N@ZKnun7F&{sm|SzSwAvqu{}-hGFJD&bZe)<5Q&8jo-j9zP8sIv
zoG!w(=Pz{y4@Ne0spPE?UEgZW+iKHfAeI-*u;Ed>)6N7t?dDfVGzZV+K><I0OpE>y
zVK_|6_C0;;a`+yCHPvNnbqgo*v_PfjXyd*|tv(0GbO(pP;^x)|W^{B6BUmY3NVu3N
z)(_T@ago8H$ICeDg<Ir3S(6HnaMgAkf_utG)b<WnW=RyDK#265-0bXV1icH&Q1hwK
z)pA8`cy+RobD=bnBjLx>7)b<b0_prb;YRNpe*c1h;xbWsYop$*DwZ`oQ-Mh4U{@nR
zE?r+(Tu2l2xyKO$Y55*rIW~7j4OjV6C>B(|ASF!-*%}0Ab9b;?-FLY7Ze%$H2cSLH
zuTPSVJ9i4ROVyW0jSd;8c$}-;ZHHbx1LhZwjFSagLipHmGxJrVZaYDhHgYN2j0tRR
zYtkFgo9l#QEly=56mzhW26|dOkeOTr_>RTm>6DsXlnnAa*+npsrld);+3i#oT4IyX
z<~DLr^15N#fIR7mssKM0Kq{q@YPAvX_O#NdEI<kO%^IY|gv6%B2mAh`AG;Ye-eU@o
zmS{NJy!YNY)z1X!1Gszy{ia+VBL|u7V~}x-h-0E$bKu7|B(zV!r^-Wh{IH==+V0u&
z&Yq*=Zc2Ov4$SNQpjuHd;n4~1)5!7NxqG5>fJRN5{$9SZ$JNH;&~P~QOfOD*wrKAN
zMG!AE=QX$BS>E;wUjQ7&Tq0pgmCEU-c<&x^NwNi#y;|-WPMldxU1LY#q|4PvO4eA6
z*C(rs6U>tn7x5k+n&9K*b@cFe7=uKa^+@wbBwi<?Z4+RTI2|a*wy03hoD85Zxskl{
zc73JnXd6a6>M$0Udj<e;`{+nZ3}St99w%4>7&+_|AipFX6(cq;^z!4Uq)q+gZcFlo
zkU5uIcG?xrd%V#>jM(z4RmH3~pbxOkaGNH`cVSqQt`GJw{awDH@F#CYrZS}i+EiJ*
zyy-nWetwk)4`?sCq=b63$N+8p^s=#Dq{KN8B|03)dAOH)s1pguuvh{cQR<xM(DIoJ
zW}%qK89d2H)03n;uS1CE;u>|rPhz<!agG47H`B1{O>eOqRFv5q2U+62*vEU;A{3c%
zERxgvCi015PP~B*Q?5WOplFGQYftSe-_ygurzmL61?sQqT0!{Ohsp@lL0aA<uWLq>
zyu-{Bn&<~{gtZw`-uYPIs=UZ()>>Y@m{lUm+kJ%{Av;QzBcmpWY^Ovowd#|8wlDf=
zT<8h&KpP%SSl>GI;RX|#CI+%;a~WnPk4-mloK;eeQd)X9!!^P^(6xFG6n_F;N?2n*
z@TB(=Nf_ktS|AYjiQr)AzE`1`Ij;b3bP9{#8#FD@s`GFVS`IVlJTH22t3)xFKIPUB
z5j&=<Jb>NRQo{JS`y!|~QPl0MQt0%SAul~wpmmNS%r01LQqPO^&=O}k%Vy!^z437~
z2y`%5_lk;*PD>$pz+C>)k)}>nWH?sb2@uYytQSDf*YE6>n;op0>Ty#!=hXvYQKMjx
zi*sZ3hqQ6I+{yp${Wf7kBmg#7>$^?vK{r(A?sqDzfJf)KT2@>39{&2|ZVy+A9b_!@
zG29Gvf!vKhE?5CX;JI8sK)EZ}WG7}`=5QSZegX^>2W>)3jLz9^<^gZ^1=bYQJw&>p
z_DUVDV5Y~V2u_aBPf`0hKAx=Let9ikkk3ZNy`FW#>Ld|anMKlGsvRVOV7H_JAr+OJ
z6ws3>LUc9faP#hl4Av>U$Dn(x1|-+dU#JC?Mb{?aHk4+1aZ5H0Ix0RZePA>#PiXei
z92}33U9SBpbDTi9uIp?a=f<8xU*{9!rxIi+x4O?VY!ys^Z>dkKOE}k7*5a)j@mnXY
zDKzl6#WXzCeUwLKB-tey1`E$|Uz=M&aeBf^ZQ%vT!nhOwus`<%>NTrOjXiW-vgaBO
z$ZbI2tG%UA53pv)LXyP!-E#{@pqC9}l0+c@rO&yJB8y`#a(f55y<+S(m1cQ^2=r;m
zah@&Bp=uJ0zdJtNo(AF9_tMkE6KbO!54KtKRi%!GI7&3%ksyMyN@SDFU7MCll}8ah
ziC9)5yNShg-8!977FP<w+A^+lg`JYni)r*{Z7Gf$^`5Mauz5VG(R`IJ(KcY<d5tL^
zl6SsrG}vv>E<euY-j%ut*B9j?==1WyWayf%Ohz#8`Emqnj15Nc>cms-8!Uv!?<^SZ
zpetDshHIkl`RTow`NUu33x8dViRb>VGaK0761ANJH%szl4;ctP66W6&UMg9qBqh?r
z?Q0#KSF71Dt`me1$_jIB8u3Pio3I^17LspoC=9DBBzJ%*FqaX!C!daIuT;PB*f+d7
zXbLr{W9H?hP}jZ&zUXo?oRL&HEq8kG78<HO<7lBM$!=`CRRO>+GwbQi!#qkMsqM(u
z6XSe2(!RkMh-zx-58rSpahl&bfRK7c1njU8gNvbqRPu7Z4H`eX%hjf<RISwHrq_^k
z4{ILc&@H}*rkr9d0sz)u(ss2a=O`;0E)|M6p7#C6{{pjiUHW^IFf%XUQO!HCO=Dyf
zS!1rGCU{+AAx`|dnUZ4)>_RayrJ|q$0TI=QJ=k*^S4hB<#xt~ev-L#>Q3#`|k(@F5
zBGtYvOJ{qb;0u9pW$T(Q5q@yBU<Lm6+O`9Cm)<M!A&(hbq;`UVfLH>13hfl3Q*OYx
z4+{oBdp-QH@AY#!g!0}|e$Yp+p0qhpAe1Rr%`kbcrUaopPk~3}{o12MY(d}Iv{(?j
zbv8#I_;T|>hv>T#nS5OCy~vojRMM8jIwK}4@4W(x;mFvfRDW;bt(!%`7=j`rPyw7T
z<=ZBN7T}}h@Vz5i3{EqCHZb5>49K}Dqu{&lJHv)IshP6)Dm}uOx*iej%xEz|p1HNd
z(R*(~E-6{aQ(o?40Z<v5ZEPX6NZnn)r{Q8Z2zfD-L%DHwId@Jv=(2flJuBw*Ym;1f
zJ({6MMbgc#uZlQM8=PeGbwayz_k;ne!{$qA4}Jh{_{6*diAv0jWEAr#a<R+?rJ3nS
zS!-Ui0nfrqDAKkhgN=Q#H8g2N+0|(VBc!vmBK6itD4pTG8WJGQ8a+5V!Y6zV6KRL4
z)ExSX2*7>Z@OVj`SjB6)M0_xc`x52a53x5}tH_8=4gpMc6e31VK=2S*fpgpORRMQb
zq%9DJJ+P~Cwk8+CyoD@!_8y_a4cL3x`%HDy2;~fi(mwfD`r^NR<5`v%dqA+iUM?S5
zMQA35RSQ_47KPx#p?HCi)#A8ny9q~sg_%3b1zQS6^B#?E-=PnkMGxi9y)OqkEBGm>
ze5-s5U7;6F7IPiokf*Um^(bPnk*Rhaa*>{+zFw@f({wUci+YgRLk?TKisY{&BHVyS
zp8@7&AYbG&ke&h+cR7Ip*QPB1ML@d0F(CtJazpeg<ae|>i5u>7MVM_eM(RPhEQ1u7
z&$!+@r``g47u8t}^-$HNZp`BZ9)%%1E_CyJAk0tRyV$gG3rj|LNpp+_Wa>}wMi$W8
zW$*zcD<gU)i3+cEQXDmzl<#@hnh;O5a`l7SD@N;6*p7Ef6T3!Xe+pkNU(NSe7M<x$
zfl&eLC5)a@yCg`(6%|2v`@PJZAn$EYfAq3nH}}}4OTMTo&No1W*q3&=;|Mk>#;Xz}
z&fu+3*psWtm3jn$Vmx;d-eH}D%Lv6t50LV5g$Yb6J25=gN+!`(g;$l^MH66bmT8Of
zwUjThZBn6U@Cb1Ov#a6lYf=DW5jbSIK+G=d$C44ZWSywC<+*St8v~_sPh=j?@}sD9
z>$hGehVkG*Q9d6bSDY8^EW^wBP=R;e$h0pvg7vToptF@g?_+sMs4jr7B{&wklmOh(
zJTs-EU^A717XU(g@}|wviH@w5cVCE1K^!&}nOed@Ja;8g6Qq&)&EVrzO^Zzl7@69W
z^^%DY+KIEL2o1w0o1<354>!ONkbEJkP(osEBbUMRGP3VFF=oK2<^+8FD&tHN{q()a
zaDiD;6-r2oa5Klvr89<oz2w#aJZz4*bY5~k8QXaq(2~d5%N%!>Csxm}pa~>$`JqFi
zv2IajWiU^r)KRboSfUqB@Ekja+sntZJCl@WN#>TNMI(pL2b#LGGzXfP4695hlO8VV
z>0OZAh?fMo_<3*%*F}WQc^L&oVB`_MQ3*Q2Gi`c;S>*Wk*#R77E;I;9de=p3#yr@k
zs~Dpmv7Mf*@^tKhB;7j-!&X?P*URL`(64I`?&a7MD)bzorW!v4|33ccx9~-lOMG0$
zFA}fcBYb2T9F_I}s~i2jp=WOvKuY~lIEMC<vz6|5&*SQt8Rayh%Wl=gEU=K77~v7;
zg5u8UBa+xxy!0BQ&YcCA-V9)8$`)$kG?^a-cFI!o%8{r&ubJU6nX>kPNv~?>Zlk-$
zOu+-g9>QU6D$5B_5_AUlI>DbB<x|{opXxotXZC!&$D{hSgl!<a-cdj}l}nRE-da|>
z6zioL4)#)48{>>QY1q~ig06eJioJTE)qc;F=T5}QOp9>N+wQs)`FV=gSq&Mw7pLH(
zsv~j=%46M0m(@S-|4`3{WpM+WM7<*52y}RW$jPBOAGa_~S%BntKd5NdNQ)IXyETvo
znm5>Yv9C$47gzTI$<VQK={#55o%g8eZ75W|NB0nedf14Ml;3Nd)q``iz|oYADXa8;
zop`V8_TB}zP(0U=Kw`s^#e!ERS5YvDx5X+Cj@Ctdf%sV+8KT2hb_X7X$2mvwW<8>o
z7XZ2o4+O@ggq@fhqT5nio8fw;MTmW|wj7ZCRT_+TOFk|t=tz3v1wq`Dj8_M?C%_8(
zYEr-qF@)Rct^)gBJ%2WG-8#7jbK?Hgqs8b@BBNL|n8gRKJOuy>A!^grQQ<nx@dT!<
zWLGp-q;m0Uv!+pGo3&vJm5^QV7ML~r)uG`;T=mtyoU2?;CAZ>t%h<B(`*P4R#?GM%
zi?`q8_27W^>o9>-fL+yRrw=^p?MiI2;==T?q5EL^v_ruQW{b8hpb%<)GP*^bt#?hl
z?3^U{tQ4fPE+q^fGB#g=GhE4o#DVlFt`|O!XJ6W5z2^(0C5Tgj7Q7^7GP%`7<xXV5
zWy%+%4`9uli9J`KLP)9M*-@U0={qW4J;Jhn<2C4xoc5?;R?yChf-Fyrldk0C&3Yo_
z1CjMDevU&<7B<J_BQx?;TZYLKVU{ZgV7Z~5JVfXtbpy+Mx8`z!-u;dy<vmp5l85NT
zevdG7!SKyO=olnZy!b|de<I-Ka=K$)RL-MZAa8Azp2XZUvG=gt?d{N*-1(eMf<Bw4
zy6^EizNR<}r)3eZ8%VrYdvsf(l@Rz~&-4XaMMIFQ1-r22Zny#r!noA~1a<TDd9Rhp
zyiSSF&LjXDC|nE73hKO!A^kC1DOSYo3YoTSsXA=O61X4K478{_G14eBlGso?VhF5w
zz?uRePzNe8mO~p;Yr4F$;wy!w%7;hQDCOjj$x@w#&7zNb?BW8t+xMOilz|FK;WC16
zi9V}h8N=uTR;S2aLhQt>X(x;Yfl&*4T_mZ63Rq93j{VO)K!bqQj8N>sh^vCg!+kvT
zjAbqh{LQO=l!PkH7*5z2te)ULVJ}<lja6m^7=R??QXmW;=s~sQoMv7uj`vuX%M7Xx
zT!jJkv<=JTWwV1QJ|r8q2Um2x0i)r{47A!TdNpopM)-EDb0VLgWw;4Fl^1;M4=x2<
zy>Ao6wo+hPOljYvM}GBy-c;)}K$9VqhUuXKamKh{4_3}>D;RdpA+%py;-hQWa@@}2
zMlBzCsf~9_1cS(9*qgJ@tAO8gkxX1$C(j^xL?|_IPR^v5;_@QjQy$e(aZr_Lj<R!@
z5H?N=l>{Rin&ewTYspn~FxDEMHV}^sE0l%XdojeLwalp5MHgH7j+Xd*l{B>wac($!
z>vhb6U<JQDc-ZC(YItS{;>{&7#1T02_F99fbpb`YVd*vpA=J;Tjwk(9+)$QLG41n!
zYR@frV`zT4^=>gCF}P41PwBmJw7h$>HkqNvX-~FlyyH6BQ3ldCE}Ng+Ge3L?&N<<E
zQH2<f<nHFs1hX_9<kI1oQq*6+8>x%Oc%7~~t0j9wx*Cs=PVmxaluO?9yC!N;bz`&+
ze(Ip6$doJr>I|p>bMcTCU4cP-jRCO`@sJUO@M?#isO4D#VU#4Np`ADk>cj>yuK5|-
zK6~QnoUf;<q7%_?;2cF=DUJb66HT~{skmgxY^nfF1{I2tKOtbB5;)wI{9)V>gz&@j
zrzg665KE#jwDfsXuLeQKy*2S0Oo#Sobng_GCv#Pr4-tmeIw4fDZ5}Ui!!%dE(L1P<
zstqa<mm}dZVd@foiJ8J`JY)i9_l6YGkB8sU6cRR-Wf_4!wMqn230Ka5_6`VENF#kX
zcrr0`6H;3k^=Jyav|->X1BcWD<wbdoKc&vZ$`Vb^yWC+8eRB{xK2o^lEPI6LUbF~@
zd5)M!hoZG*`P?&Cg0=?Pu=H^zrnTlA;Jyb?H1@_lDR&3~+WiqO<6e_#{8CmNrak1q
z;U>ixe^2-e14VB`Tr^nd6#{yJRLo61Dv!tT#9U8|$TW%rsf-G)Nd#%Q;Sv*50Aot7
z9V{!ShsC3~Ma9#FuLA=?QV!fA&bpGy=hoh=GdwF|?80CjP0j!ty{kqkO#lbU+9$xq
zrWG+lshPFWCSFv>Y&y5M_m)%@Es?=os9@lk&+)r50IEVon0z_%_`QVfZevH^DxQ1F
z134A?sA3md$Z+FejmB;W^A+R8q<4e}A)xAYuGU7T$<SE~y+eUln|(cw3B)DC>85Nc
z75jcEUk4%y$JKNqa(jYoRaQ}BV)oqpX8LZ#?_NQq;wY#!9C7$wm0XvRI?`GAJ|u*<
zY)LbUsdW)k&xxm$YHw2a1#E^;dWBw+slc2dfWH^)f$i$?9*PSjaUSl1N@y?>PAX|f
zO}lVb__c-h^BR5jI$Gv%Frqh3q)JT8b*o2RaI(YVapo1m<G?yD2NKMir+e_Mjpf1>
ztTD1Lv{bh*d$<K(bw~Ot#H`%)EX={0nZo!mA3g#k(#Li}T|4f<PG~BF?>+2*htEo7
zMmScR9zI^^6cKT~P6s9ktH`B^>hp+8&|Miwv~9?@Dz;>OGMplP+z}gxpn(dH@y)Y~
z@+oQVr_9&>-Xc0t(L?oYk9#A5#y<E;p54f1y%%^7P%M%?Gnx#-V){Lma-$rTr@G;H
zsxB4<$IrNp?t2&TZylUj`b=~PELCHWH7mn?0*qS{C5mQUP%s^%5UmsMRKiYCbRBNy
zc}EkPIteNd*`!S(PVhqHj2V=A>Vjj>d!5h#T({Qqoa&fT+$RH1AnIAFI5!(7=R4Yk
z!xLpTvUm(BS$Ji3)5%c;a$uFN^?TM;>=j?XC++Gi2TwPJADC8PLiOtzBwc*3RigGu
zO!$g3&T+p}AcEoXo?WZMgnZ2Mc(+^q?&Y4;0cdorTOziuV9a7N=u3olax!v1+Y^`Y
zBxgO2;Ry9t>eQT|ulS(^UtTqmQwLL}Q_Y^B?DZkcpJG_6W?Bk`v$EX%cmev=HF`dP
zDV-hP$}!kppg|aX)bfT)@Nv)0zL9jG^4joL)_rlx_i9Fj;|XCsV{8S6Yr(TQbOfEq
zTz!W@P+3oJ1l2}Ro0s#3fMhgpW<V!XqC{)y(7me><wZc8c7mceJtU683iQU_<-qo_
z2t9;?w~*k{YXQpM;%W%PftvE1!Y>;aFAc+R+oc{*IoZQZ03Cy;{gkb@g<j}7?9x?f
zxkJqh9j%zVIffP?6TvN*S=V(*dpFO)-5Y$=GMr*l(K(9k3J`>$GEszpL%O{#7|&mE
z5h9=Ff=Ii(f-v9CR73FG-om%$O%!0*3F4QWLM-AQF@`&&{ZM%pI-cS?us&9~cnyi+
zcE<X02xykXr=ufYWIvE2)mu?+D0+p<qq4^f#ZoVGQ!}VVpYAZUgq3hUFuo^ptxa?`
zD<mbrc=W*K8E?(TSoTJ-_}W@G8wT<7bT<-(7R5(UKxuCx2m#9IrXN4Tr0DmoK$M{9
zxv~()0zBD+2k@GBHEj<pTh8`H^et?6AK>C#O?FguNI}%w6p-;XZkLK`-=H9+qXT_U
z!4R9dk>28wD&eDTD99%?Yg0J=5}X~y@RTc?t|vCz$ZCpTCJ)7%xezvdih(m-@7z-i
zq_(5h+Q)rE9`0FPm=KDb9;He4a7PD{xpdt*n&PC-7?pp5AU?$~TlquHgsYNK3)Oq;
zuhAMT^NrH84ZR+xrCB2)^*GwKh~UIJ7Vy_R_GHJ0@qu(n^_(;@p4nv=PO_#{)az=F
z%{g<e9(O!4%#cg8Iipih!N^UxvlvN4epcbTc1S4=pk(`87>P9yB%A^t-ezR&>%r=(
zx@T?Nd8FnGQdii);bEJACwiAWd9|+0il{EFXh{#WEe%MQvmMnUPJ<?I?J$mjdU-1$
z=HUV<!UL>pRVjN6kiwR@0GCmg<KukJMVxzxE+}g}d-#hsuffF&n@D_3fb_PXgAzqe
zPWI%x@iPAl1;<dFnl|q2uccCD(13i@(Rnd*)O3h}00_{Mi9Ky8>(;}8_f#fyQ<Bv>
zGsq1d7zR4a^I*;#5)Xw^O<41L%Z+i5x&3v)Ak^R-M_+mL<EviJ!)Yy~X~kne)Eycu
z!E(qx@U)D|X(jYYlP&J7I=1k5G)mF0sUMrUDu4$$&k`N%+J#t~57+q^@8Z&?ED<yb
zh;tLh3rE$Syjy6?UQK~P5iEjBa!uHgelSTmO>+BY%I<(5_pssKc0psHh_JmkGm_+U
zCcg9#*soccZZ1zaSHv%hVT*if1@(!pPnZG1d!@d35Kf6aHnmq0lPzEb`et3jYb!c<
zav?cx1XC3+HPiVP!F`JtE|fz^pQMKuPy}t)W8WKDRdP_Zemm%LE$X@Ai&BzeSvSt1
z3c<V5F3<Vsv3I;h0+@2>(OhuV$M^<NfJVX-ucu(oJI!cwvR9bO)hcHn@6{7QUx|Ho
z9S_H+bSV3|)?ii&4SP7vDGdi*NVzLQSD(&4B*;;^3Rg&{Xu9wdp;rO#$zV>7MX~uw
z$2cjIWOOua?R#;_!6nB}Xfj?K`O6~r<^y?wxN-Nqn~71{(;uiX(Rfc*puBD*3_P?K
zn;{xhT(#9yK=;D;w8$tDjyQz{!|!BX@r#$~qY3;BS!pf=Svq3dG*HbHHK4;tF`QFX
z3P$>&M$YWKFBCX@Dq`<DJhfY)hHwv^KvMFkad&jo?kr;0SEZIJx-{V)dep0T!;?l~
z;t<z!p{k}Zx}w-3kGvkpIB+!f&hC-%ppi_b5FuM#hC;pW<>Y(9Xj;XCHMkxs%=F5q
z786ODAEFcm7d&>+eCagpGHU*6xtRG;h+6kH7dj6M`{vS}CdNBrdhsgX(o49fc7)we
z4P(pYu?(YJd06(FWTM@`jNr!|V~3`i%xE~Mf&kd$*A_20yIZ}tL{*0Lp|kK%C2Hh?
zcse1GH<~di&^hj+QC&kkW95q)dp^6tt+`p2xw=cK&-PCk#0$aAw1*)?m_4H;_HGg1
z!W<V<Cze{JbfEL3s9HKxEai=xGb;kZmIIm>*gf-x8hPTc_oR4SW6ai+iJuB)ue`&P
zsS-j>(yo1@mn_0S>36^mDRTgiLd%z#D*z-T!-fFm#mVKKS;IAOQvtR$2iRd)JPY7z
z(aCo%kYH*X*ivTW$=G>aGtzD9`yQ+_n=1tM@{{VKI_;y|=<YgA>2e;{-0|81i)=W2
zr|zU_INmWveo-swg!m$M`{lZ3neo6lv9w-V661T6OjG5OBhT1D>rqnG5<YuWJHme4
z$|SV=+$5RPlMIC>uQq%`_c9sYTB=tk#7=q|b5oUHPwtFu3wJW8mPWBZ&s%*ir2$d>
zazlIc9i=?-aC;W_K>JD1&8y>)R3>&#L6N(A0Z&K;$gQoWq3FgqwlJN~643(kdWNp;
zT`pA>wupp^bJ=5EvjM{=`f~FQ`!^*TJ{6fHkEc10Gg&cOF1l(NGx6>vR1UsF+dk`n
z)vJE6^~)C}lD)@L#~e$$;sz=xZuV?Qs&<s!C4I<bnYu|}DZFW9)~Poh2{-tnre<s8
zA?)S$J9z3{b`joNEK}iL7}P!_>yhL(tNrlhn>Uhiw@t%y7jIM}o+!1;@*0>C)RbzN
z6N#<t0D1PNjXz{Ux`t;)G=lZ!;jyXeWNGWs3M7%NQ`^g$Zy0>a;>{kgFzmai2#NqY
zZyfI`8J@xt_H-HG1u{WSaZ=zlx1$&F>K-CiShlQZkUt`kXN2@n-pi78aT3L+P&P<g
zyJs%-C>d{DOj9RKIekaR-y06G6qb?4Y@&^x>9CkNJb2L$=1I&h8sffgzX2rFxUz2U
zB`?x<z7V9jf#GHA<kOpcmQukls_3+;?@h-Ol_fQ8Y+2o+nU`>`nU8jc20ZXEjM+4v
z1sBcb(@?~mu(MYdqVS4u3d4_XXp6BJ1(cuY63hB{3$}<%dp-={jDo`)*t;w<*UWyC
zR2V8?8%NYhqWtVn93WV=@I~&6n&+>{`nVQl-cEB#KDZulB-97Js~z+-?}>-jJQ0Cz
zD%QrR5+8q(hN8)t4Y~G~TmdsRbEkQx#e9$@*Aw!1l^~Fd<9aBXF&-zzj;_3I6d0_z
zx_yRLQLLl2QKMvTiic{ANVH2Bju)klqsIHxiW0EkSmYw1UCUOhXlJM2jBERzp4J&@
zW%M=YgH?EDanP+#7mftU!P=`0g>?oORvtoX*3{H<zJSfG%MF9xjV*8Sl!L>t+oBgQ
z({~+tPR4b#@R)MUZT)5GU<39s9~C`$Pa(PmL+vu=F<N>BvSKl&P(V%Yk|{09%QyAb
z%bZ^t9WF?MoTUxMwfl)_0mr$mi<4~f)DALcBRwp(+^L)AQp)aSiu6F2okSwNz@7|2
zU;-b4k#1r<xP8Pbp4%_w2F~RKYA1G+Rs?C6ishhl7b3BfW_&}piov%v2@foL8y-Vg
zKLGO7DKAL`ieJ(Rz40Q^8dc6{Y80CH*e}M#Z64-OPCXdVh6g9P$*`eqrVn1C8N*3b
zHa-j~j>X6-x6`0XC@e;9Zl@Vz<Ew}7;2cl}0Aq-rK$Qo8#WP=cc7TC}8Sk0_fI*;n
z-3NP!HA+SEoepNjav*x48{nl&N+E|G-oQ{tgs5G_fb{r1m}(FrI$@J=MY-L_@?0?w
zdiGg%^OzDC&pHDDf8qc?weh2D-bj9}dn`>v+N*Q@?rhfGx#!Vz;JZCIGtq_^B5CwE
z%AtIuVOf(dn2zq4(B7Tb;gI#(;E8g-T9jLEt~i9bdXIfzpzG~(w;Pu5#Nq5o4-4je
zcP$Qg@eHFw`d%i#X>nHLF3G4CQ>hr8IWZ3l9F+5!c#?^)?((Wv!JiceRM{NOq~1$p
zYOf2;>Hr$2kw^>NH~JhoJ<7o$pM!#^_dQOBTt&3FbzZp30U&oY@6uGXA=?|_Zon`|
zPR7CXp_yLRovP$4>wp|lq3|KoV?y-k^~NSzq<5RE={;zv*h&ES{sIELd02kCTqRLF
z6yrV@SZZSWlp%tLk^pM#NhEF9>^LFfn`cCE%_q@zXp^-&gs>Zc<1g}I5I<}le?Etg
zJ=IUM;`y#y-q^F5ex^DLh6q&13=9{0?@2s~NVwGA>32PmW?Xx&Z{7&D?-TOD*<SNV
zHPOTiAZ`ebraL4INMt;k;RBTPm{q1xS=r{SCj?*=9xojOajDtIQ~Xgpptkkr>#p_)
zmbJ=jZvcHGd*gxPzRH9sxblX+v>SoP-75YxGqh$>_u+Qgz?j{tVE2>lr_k7p#{+Ze
zFO>4_?m;%R;-d+Bn(!zzLGi6uY7d8dBfYiG!V(BW<I?K1@U{Y8IYX1Al)B8AM{|9$
zLMURjQK`oz<Dk#2dJek;i0^{WAcT1x$3=TQksQppg%k~e6-HjqZEoao9&JpXt(ID(
zmOCbyCqCg>Ll6p`ddy*D!~{(`k83#i$(kZvo(dY<L)&ZK$7zaPtik!RXrY+WlY3IO
zI>uf^J=;<Me6MX!*npP(1gBm~`q7p|zDDD@P|dODb5Q*@n9<E-0bPeuo}H_(g+qIU
z7rg^gnOG(mqKwxEj*0Tb<6ZaB_!Up#LfZ3m(R=&4eVY^f_D*QZrBxqvdx;?^gk@-{
z`h_*stoKca0x(9gZa#L3d6r^ar-W=7R<GE57h7+V-cbe1l3oLC7P}PJClKDJKnAoo
zXY`)Gj$wDzXcAxIcu%2g1AhTrjZ3$w%>~=|qFC<n%U*~>dDr@g7i-ru%X>uEi(MC|
zE2BXetlx!9`uJf(p84+E@t2eq+t39DL7}_)GN+u+lXpF>yOSDsotNMx#HPc0z<JvT
z3}LG_aK4@~PX+O5LrQp(f#dQUR4>T&Gz`I($4_E;9|*6Ilv$`nP0otyt%w1*xT3E<
zEl#*R52@}AKosEQSdbf0e73nXcphkZCG6WdS(6A45b?HykeiV>JV~Lzl|eZ2y{<=X
zgxPCMPhR?amM~8}hFbwpLDhV&;^ALNFb#}SnCB^GXxkWY9TBkf;K3@B`tu1G&v%@b
z^YGA<PYydxD5ncD0bv-3cyPtbYfz;C1y>2<35Xm!z%<~n>L9LrZm<Xosg#|9y&_%2
zE<Kb<t)voKd~8&^1JRQCOghIx7RbqS>x@$ilgN;m8<!BcXQ@pco`%xw%We;n6Vx|2
z5FM%|w=bBw?a?}bi9~~t;Zp`UOm3P0;5m1EnvX6(Pzh$^I$IvsaUw)_pY+&S*em7h
zlJu1{PnTVPw<44kV8T84w$1h}bwgz0p}kO=WS$q-b|D9CjSsA*UHsN7%w@AgN_UAA
zpDSJ8psMG)LNb)IKnQgMzxOiIeZtOpj~_k}9KSA*h^Gdb*Rdzv#0SpwSRZ4@E+Dc2
z5-zNkXvdx=EIB_4rb>ag9RuDJXJBD9E~gU@Or7Dq&gtiGcbur0dRc&3zyy#Ei=F|;
z%hY9j-Rm0@Lfnw#P%NDj^js14=(0EMPB7wdd4Tw#QlW-o!G$mDx}xO19^;9(Z;l{o
z4xp;?<uaw(32w{lDY6Bau*hD`qr4<e@$$X~n`!FstL2nM7m5MOzC=fP$367A#yOiH
zBbuIUjo99EgClK241n%OLQ!jtF&%s+ELL;(yrN{zO-sbIo9v39Uf|R*2XK)#O{lR=
zPrO7C=nHyuBt9r?cymM2@3^@TxI6GFKaoJ6Dw*7*;xY8mLV8KGiVMR%O#|#hcMjdx
z4~@;e@afG9hBulfEK~_f@|*|UNsa*o^JS>hbiBL@axx4Ie1vE~7L|IO(~f%ERdCVF
zTINzG4=mIfSKQ6ZsKtl23c`BX6mK?bQD)x}#$4s0@$1<l50PkdN5WJKS`2bgRV34P
z><v+$#K_cmQfzl)mP~C4YvN5d8c#SN?%-+|WzV;Qta>;ukkyMLj2mp)F|tODLZ)Cr
z-1yFEX0kkln6n1f5V77|toWFYOHMd~7U>J|r?tStB#I&-3bI^W<&TS~Id4nWs$eiK
zApV5HOJbUPjV=rzDzvyA?H3#`FZS%Rk9E#o<OIScrI!<g;k-ApfVMq?(y(C<!`dy>
zZ$L((#XyOZTzPI2CEg2T%}~qdYzN0n%|12taO;u*7QOCy<SS$~@y%W3%m?t?&Q4^-
z9Bq4n4Vpv<hosgY=h*s_wZ!WL>lJ!3tNU!UwGI{DHi8DC?IYNU1UDKLa(9e)H`N=I
zy!ZeqMUUsb6K5@6;2M;T+>n4apk2!))^dfx;zGv^rN-$Y&0&{JcJ38oBsY(KZk#3V
zUIzQjmq3WK=YGlL$-HQQ6U<gJdh_rRvjXMQ$e6dlWCVPILRVW>C5g*qr3A=3dVs^H
zNV10>yDwk~`pNV=rLyrpjE%97*m|dEK+bQWJvP~m87ms?QXL?bnh_6&?zl+~*Q3fG
zj6yx>!W_d@aiV}Vp&&Mi6joCQ1}W?)T?!nXX%>XL#~dmWw@-l^$W!K2$#3k;9TuFe
z+@VpQA6xBlsK-DPHoIEo>2-qNriX**bfKYk2r*_SsZ~!@k-ZF>cfG+@(pd(!#(XGO
z<?;w_?OZeVtVuzm(_+kVu-g=ah9A8bE7%K)FW)Gt!;tjNuldg?nBN7@0~veZP}`PI
zq8^n`6rbt6G<hW5RKE=I8#f4$%ZGJ~gi_FIJ~k!CbEGH3G{B8`RK0X%SX7qF2swg1
z3q+q#;7_S+Y~7d=w^tdQ(I%Cy+62?m*aZ#e8>Bel>>Q#qGMEgf=$uzelO1OY&j&lV
z`|30>qP6!GH^fUio|mGxl0*q$V#i~%D{}?%m=H587gRmj!mvV2b>Ha>d((+I;{_gY
z0_4c1!M$ONeEMKoddxSoD5(I^Fv`|^FlNqRf*)CUo|&L+wFt$#9>8k_7#~)xSW8Qn
zI--kiVT_F$H=ems2uBo{$@8(>%49M=aC<5Gd<Y!?2yx$uijYbU4}<lCl?I+e%lF>e
z?6yTq79#4n*t@_U(8cby-Vrj=YgfDB*xp*LbMUvGe_<hqXCg8Ur)IP6y=!ZKRZek%
zknb(`);Xbh#6X_gv)C$n*vxOP0-T!Fv{41L89)zxz0P?v;Bn#XE@!P?z|_Lt_11Bh
zRq%LvAy`W_VfZtvJ+}^1$bGfxnk~>2sj68J_e}3ya^seiH(5?oamOsz^m8!2<BBjr
zFXmg0g5l+J>f2a+dqy7m#8gwbHvLV}mDn>qwr2F2k$cdNtZnh8%a>nU)<F>ANd%!k
z6*KKBj8>^^o#s@h5N(i`E4>NtaCuV$E>?!>C_&Sn9_*D)mXLr6-KFI;n{DK>aLb}!
zjPlMNpxEF6UYgfEM^-=Nv1kegnO9Q3RNX~XBW!v7m>#<~OVWxCT|~Hu5|U%d9(6<l
z$!pY#=lGJ{qp>{gwevH|fUJAbwmJUpt+mdot&zqwyel{yeN{e>1qf2-=>`FtqM@)I
zQANj8kMKL-4lBrKK9Bd+?It{kOQ%udyj9tbwG<IB<DH$mBz*$Yk_?b5H>#ocVC7o#
z3gv{`9z#CvL##tJg7Q_<3w8n?+N>j#4JmtcSF<`nxP4Tstufy1?+6EvBdT&dCqspm
zU=3aBv~k?ui~*b-7G~9v^NC0Bh;*zIW~Z~2p9&Wk96x?)>ViO3M3LOXG#Bi_8~92&
zyHGM)<%UD~@y)@jwG3TU?9v1vj<A^y^wTQ^9-R>>o_OC__|(f{d0}|nxgEwN({DTW
zfL~Paw3f2ji%nE_@zmwWMlf6hJx)nw=|o;{GuBZNM17$CIzZdYbvpo$W_B3WiVmPa
zyDnREm+UzR7OmVN6kqIk4U|s?6Hq&mi4=8G?#w|6SNo{aL-LY&QdvNQR>a~NWBw2v
zKu@Y{)}*AN(uIp3jaNC~8sJ7u^KIrxRAU?BW1#{bqD@i~rMPl<ZPc#}M?6KVMhy%7
zmU!naO((fO8>O4V;VXJB3<ALQiuNfurr&}0=)3|yUn|>yd|9|-$yhjm&*i;-=XEEV
zcB>W|{9dn9WDG0#0sVbMdX$@}JCN;pkJ19M7Ep%yf{y4#4mQA}sz_aSWwVJsA+REG
zc~-|3H<@g7tI*Rc(L~LIQ$YY?Oy1eW06K5A=~>Yg5Y>|N9oQB_GUxJ8Y=#B*i;klV
zJhj+k4QNJwuP`WHsPF&`^MGD&6v@i%ru2hucsB@~#-@B!b@z<G6&~erUQxcdxNy=&
zYe{#iOStCo>kbFMt?@VKem2*1hSFYOQ+Tfw8K_H-&kFrK{Pw~a7f?H)i;~Mv_{65(
zy(*>Wkx8DGaa*(Wz+<`CVxkY7&jy>(OWFI@R>9(I8oNpEy(L_IV8BLN%(u9dYSwwD
zcoU-Tw0he0%%5|D)V<=KD5p33K>V^u6y&u?0nKBn%n>SAMrKApFtx1B2e?n~87Rjl
zNda4=YEA`Hv{;(0bD413((~oq0Yx`{Jsi0Qd5FsTj#BC|F)cD)3!YZok!ccyN1@em
zXH38Bt>Jrbe6zsc>btv$z82|}wdQhFBoaOB1Ib8Qzp=naR~Y&%O&nn;kNF|ZO-jIH
zxq7eI*SF=wcX0%3cX_lHYR=XNJ-5grWE9@wCSE@o7`9O!PxpF8m)@-$4QQ!!#ElGz
z<AC=>y#1FVo7saCiXOCx$O7fEodMQGr3%l)?KX;Hlw<&#n>56uVm!b`IHQbi*6w;I
zZkVaiJ>I>z*&8cbLo4|NgXpJM;6<IC#`i4XRpt@Bp#hIa3RpABCq|cvRrUY_y>C$q
z7Xbw)*G(p&VU${;X$AzEThomJu>hSP<~8f1EFecGtT*}6EBSTk@)@{tHuECr1rs6&
zu5p_+zQ8(}3ZYmHQLEEL?9-rERXIfG!CEJd+@Lxxs6>M)NP++qMI1p<H~h-Q`=LK;
zzXLfOh{6I>nKn-(De2_7N^rpHoVi33ebipcw%J$A%;l2IXXF72HlQP5$>$WL;^wXz
zr+YkG;sf3SonWFP`;KEUEyrl#plGP%ARznny+Su{2_#xhXI~H$l6aertylNw&hUCH
z_l3y5etpwT#yJtodM~aQ?CooCSvYvlF*#k*-^<63g_RLl^+j~209H!6Ha>8n2lECH
z6+?RnS8dUxE-N7RSvYI^<?Bf{Dd-pl4t}FV?`Vg09fzjV9pu?;Wvxhc?t2}+&ClPf
zK{pn~we$6Ehj`PhC}#I^g<Tvjvn2B7wvHs6ZFc1u_S>-6_y&m|r$9#0G|kGTo)iWg
zO@jhEB6><lx=U<Nwzt?7>J3kY!)vP}=2TC}z)sf}Gmw5&Pp=a8Ve^ELK0VcjA{v5z
zqA^BQd$wcX4`01govFypW{E`XaD82(#_pmR^B5{?$)V~ViSp?L>i}g6^AdY7CA&A=
zyhlYkB?Ws`E6s~fsOe4{#4|(EA)d%1<EVMh$D=Odq+1;y*-f{%+dGvvxk{k<V1nOs
z^z_+xsos)Aytn>5A0&HMb8P9@j#(7IoPY^3>p;7}9Ug>U3nWl_Ggvw4>jlz)c_SLp
z282|6ZzvW$Ya@KuXqKG7rz<<3m7jJM5lE4Ac<F<5#176}=90O5=c;_A=2tjIGjnnM
z?3XW7G15oH+UQdDnrNv8PVX8J!P`^C>}6jg&0gL^3BA`*A^7eW>wbD}YIllEnyt2-
zH2Y+<CBs<rii%h{IgV1CjG>v{j)T?>>SjF~iNqHsV*_!v-J{k|o)OVyh(Me@h`H`h
zG$?<blG;(4oOc)Qxo_{Y?j3mvs6hCvz@h<+%&TQ^wPj;<u#LnXWmk<jU^a&f*DKK&
zW_v?)3{~asFGL?plj<~yzcJL%3`<@N5nIL;o?Z5r$nOP!Tu|P;=CpA|9)t|bm`kv;
zo?yLXc}k!(GcTt6Vu_~|CX=2zAAr5hm%&fBw=U&TT&dlQM(@gedAh@O{C;unkFwDM
zQ2Dln#WK3m+SEEFDBc8jmNEMYY!Po{P&&XfHtdx!(u0V0*V)7@?n)kylWWU;_pp1O
zog!{0>(hDzKK&l~+jxz8^-lAq{ibOi+Ed^YAZgZe3>*3r4#wpM+?{y*h>c%LdyW>8
zulR^Q#}1#6Gp%b#$R&uO>Gw>SE^^lp+XWt$$32Mwc<6q-CNwk6#4w%D%9&a662KBy
z;3Wo7x|ldwXca!5xlu0Zz|!c6dIa}uE@j?JhyuG#99Nh=LhbifY?8#|3Jz@h)Nr~`
zAdq@pK_{b^BE`kZ$)5{>Xi5;=lO<&XlrpO~$01C}hv$WD#<Ng8==?f|>N-y**Rx{G
zUck&e#FqsMCk1Fq(1f0tG$)O+dY(z_yL8lO*t}lhU7RmOFCW9!^AN?gPJ-Rc=(A9#
zDa%)I&x;D{2x=ttb?A0`jq%{ULBbazVXf*;o<39$dNFyI2N7si*s>p<GQYXkiGYrT
z(WbfL&u$bpf0ORsMH&*g{Gw#4dP0DsZuh15i@O9yGka55b=hz85MPDiOL&dj>jaBd
z?`deJs{4Xh8_1@e0fIV@0cbTOpjBlSjv_{3iAT}X!ys*c%?6L<h2KN9ac2tOVQ@#L
zM?)Glh);oVZc8*#;Q~kkgc)Fpisq>ezq?7PG6ZF^hi*8-v+|e~fb#$<MGUlqYV!ck
z$4r&;o@I_o>nL9C<5jsWCWO4zPNDa9dFG`^r`*`8V73n-dc)1+a=qo}`ZBx6dma)K
z!_1gMwFP>zVxewll>)kAiSO*{nrG9U35Y~kR(eB=xp`Jf+9w?BQ$FvD5fBugnhCOr
zrFqDr;=6hh@$y|;!0{>gL{Bj%1ddd2xv%48^UX<fFuy~pKx`3rWet5Hg6Oe%r;pta
zlP$`o5EDgVF?^=G`vgz|g80du9d`NP;A0&Kb5jPl(aL^e@U$RcFV}lp?!D4`*b>=`
z*+#A><xbYAiLdnPM2KfV6!t(m%@KI0f@!ASgWKHp$duK132^>izO2Z1t3U!{vQ~?F
z_vGocGPym0H-N|Q&^>DhQa4ghZeXz2MogsRE>#QipdQpX=z%XNifX_(W;>#pchY3P
zejF7F@Br<4gI2(nDul8xB9zP7{=x$<z66R8Q*Q?bca4;0DKs{x&37fsjY9bvkdv-F
zE7Zrhqnu=-x#gOGOIE!vGVS%txqh>u*c}<LID(S&h^s6napaN+8ff;8bqM(2fXwM}
zE#LNYG4Xn{WbSLY(*t6{q}qmMPWf~YB-yJ@u=#jRqh>HV*=!sxMKmOV3p61ND!i6`
z57!kBtwI=9>4ZyB^!i0;y?LD)^mL)il2c5vC~m<6(CEFoM`a~5mB<0Y=uCA6B;Y54
z57Efr2|f0EbOh6V&p@&K92+5^+jm^`DP0NV=uyJ6y_(E1Q`o%ThIn4dfJQ0MiV|8T
znLPHwHNCPc6(?sBDad%xoXJR#w0#;Dx!+b-#}*=_`s*@Fdusu$zKG7wgv@wn&{Zu+
z8ABdJ9I2E!n!%p@W-R<L#dJ<=2Ndb<<V2%a<}oNHxz<Z5F1%S?B8gtcCy!B|SET#v
zz9GJ+TH|F7O7TYCw0G|~w7l(7de}!r9f<Ql9pdu*Cg}qGg6;$iJUY2X*>bpq!w>Gd
zO_XkB%Bn|^%6aEFLz2(u#ZuNnQ?#dP>6J_gPC?|uWFOksV6LT!M1qELKAlhYo_n(@
zVLcg<G&WiRiP1z=#S8ZFw8rAGd{{zwfpRU0P9UW>nNyAT06P+5_C3r=o%PC{OIG9+
za}-6gt7G!eF2!E*J#xKL9}z-qrSILrKQ;9DFTz7lOjl()0Y#2N4*Igk=}0pI5qHGY
z=iVUdJbbwHNUV}icxU6;p~t<jp$xkm-bgqp#_{o(vD*hIY7za)O6#IStP(~|>7=Pz
z@P)Bem5|CSju+5(*lzoJ?lo7)c;+rdwO?JTJFUKXWbWb!99Y)~csSllx-_t}PM!nO
z4=ibpFUOSSg~e9Hy~xY$oxxTrAJRTDXW_&uwKT>y%huAO3pqY`r94@U!sLpy$zcL>
z{B{En@DL?4vMTPB>G90QWK{uz@M4V?S5I3IBy&Fk7`IOI293u9^eD&NZCN{Dy?GEI
zdt!GU?q7iLDqMVc?Xd|*W3lOv#!WZVxU~DSNMmi;oVt3*0Nv!UR-)j%*!zjw8UU8A
z?Vvy0ryQWM&JR$W>WRLUV9Ap{Bi?t=3IWsp97Cf!q+M}4ce}7B&DU=cqZA6Hh1t2X
zL$J)8ci_pDo9~N<5~wZiS}ygt>dC{~t!*kd)k@@Bwq01q$x*LI9w20vH#H*5NXm&1
z9fx(^K6_P%SI3x6{bI+R6q$rV6*(Un!8oh)&`Iih`H1c?N5tvUz@`9vX?G;UP#?zD
zkr-ZKZ#ci<BrCx%wK9r#0FFVkYI@Lv@p^QiPX%}7oCpiT-=RR-bU)=rRzb6@@NNmH
zPR9+$oVVf2Hg8;{A&osG3^Fu=4IpJix+*sx+iOOJN!X*@*>KAUPzm;&7V)*N$dJb&
zXV5!q&<jhm-DTlh;=y?2&4tv@>#cP1Ev5BQhtU>MU>Qio#+rKUQ$9DR&|~tZpe>Fy
z7|mA&sTuDaZu<2*gS@JjIEUM;#MRI@9fOYo{mu2=5J2c6UUSl`V(t@!WFC@j>bfT3
z1^0y#3VH*xJm-|5GyyLRDP9>*NVCa2MQ4#Xy*Rl*ftO%_SOEs-8?|yWxDuhnOVv9j
znjG2I^^7R=EPL*XYH^uyeS8PReIN))$VjJgV%<XpN`R7Y>SWGJ41D;ZGcbV`EMg`&
zsFh8v(t3Xb;!{Xd;yV}cVrY78%<)Q<9+AoPEeATc`5B?b5h0hwDv@b<wmO}p;Gq!L
z*o%T!zyt73q-%WrI!d;2Q>#`J2G*ER&{r#21|I{-#nALZdX?276J(r<EfjCYJ=l8C
z=9=Q@n79uz^iZFl+w(-KIZG}sde@$5Al%LFm}{39d8yLcw2MVKOBgSY9|)&sAeL{V
zKXsL1ouI?DmVIT8)bUb4SIAwDh7GVPXkMyg4nnlE1aOrr=6N0{Yw1!%k(VNa;1HiW
zKT%3JvTcAa8dtfNG1lgAn|-MQh6vzJ`7+w_)h+IuQJ{&<$J5qw16qF~0^Lnakwb#d
zuICxDl$?+}jH+frT77F-r4%#@DC^5o?D-H0;GBT2qK*u1ArWn!x<0Nl#)WEPVmCl>
zdy9O|h1<CAa?78eJlx(`TiL7UIJXBft~I^|CD_N!I>Eb;*Y+k~G>zHjF4+F2C)F+9
z`exxmg+70a6H-_)qy;gWZ((Q1-m`*vaj_h5IEtcky(q$~ksM{JFweca^l~qf;Z!sO
z(w`()%Ptr}JndcNyQjfPH3%~9(eCM;IM2|Y&A@fT%wXr+4UvJ@=RIi`O9@a+`dTAf
z3FQ&7Ox92+3Fo*z7B|wt+H0;R*<&*~cn4^eZ!7LD-isHH>1BxmRX!kotIviU{4ogJ
zDfXk1HIKQsPI4pKDz`NNxT~Si=CAbG1*C!7?&G1CE(2o@>46w5M~2bTyA^Hlc)Ac@
z!}W~4M+OWn8_Jzxy8`SSOMuc3pqV=<VYeZy&d^UoqIqa3SR_m@d`fPd4{)=qv0jOl
zvQx*>i0_#$`uWu*F|JZX(uAuMFQMc!ee)=$N(c996e@W)jOEe1ZOb@FG-T(YgBS_G
zxUSM<hpeq@(0n*8d46?RLhjGJ&zTTclwPD>QwBd3w5D!xY;WJ3#8%N2^*RJU)#rAl
znhdf<U^^)UjXw2ycFo6UW4e5U4ns~DT+dB{<jhFh+GR5vK@VV_kD8D(eIp`1)ik=|
zPA}`F<e)9y;cPBA&$c*R*g&ee%iKC~#auS#f~oQAjeTl@uT$`JPLf6PpyfuhE;xG=
zfs)9eNtj*Iob}52DBJo4a7n$Zd(Qw~ui!(XDqCz`0T8PjT;?gFww?-&jM(Q~=zIc+
zT%ewKEdVi5FMMj_Jqodxrq41PUe@~2Qn3-E9qI5q0U6XXF*}y09TS|-Am7}wz<^Hr
z>1BwzMM8@7ZNwVCO%d5-vr5`1=I#;jCKG<7h<Wi=gjl8@idobfL5!{BXv5*CxTQnU
zxO}|QNlWww`0;z`<tRS1t(p#iFHDc{ZjL|>I$HjO#HKtb>rF6$_QPBrTWN<4L57hG
zhfzOv2U}q9gh87DXEDLRZM5`}qOoLgGj0~b#{!YNu8K}`ou;H?Or<3j-aPt3aBNDH
zVepvM#tmq}8Sxn$anNJTJ@P9PJAi{-P1QDfhvY99OlO}QIO6(Z<te<4Bkzm1q1mSd
zTiZSQ`Z?J&94R&+Yj{!jiR+NPDv-d;TlGQm#j69E2a<}93v%VysjB$J7S;$_Tg278
zibUa?vQxJidVru7G$He{x37yGvGrNebK?L+Z8=E-e+B)js0`@p)x;~6#cr@xT+C5x
zI4PDU>Tq1q-WqLu128c}Et8F&jE(Rl=dp#)J{R<r%hcY^7t(|Dgh}myJKNqZB;2|^
zWCXgJp2(w{C4Hl14G~tZJ(J~+AHtxA&X%=F(pJ1$MmZMv)jSh#c`Re{t(VxnCX9%4
z?DTvuNYxpMW@h7RTi)w<70)s7Jy?_Tn+N?OaZ>fM$gNdyz84QbL0*yY6dw?oWS0ss
z_q)lhFzfVnB=mWkAx+`fYdRAzo|;$7fso+5;^bt6*;Wgfz6{8+iSw~r!@|UUudZni
z^d7c#!~rfMC}d6Gdoy&GdeE;J-k`J&ub<1~lw3W0?4@pw2Is|T6VfgPEN-B>#DJpX
zP!HC?PuRc#k5i5{jc1pL-WB8=u)Xe)c=cG{=7vVLAj20V0zM@*_`uyPr7rKODEOw@
zTXurR7ffU5)_n(l9E^R9w8C;!(Uv2-Rr?B1`4zi%o{RKrqZ4mjUZTKB-#1DVx+pi!
zA(Siq2m`SIaufu5Eb}I_qu^92S2K%6Fa}O2Fon^;hAn`2jZ$+QB$p%{Li51<kb(%1
zgGQBR4A03mI-gYvc-aQ7<Kpv1L!GAVTLR~L4{(9|96%Lqw+~Ah*f?ca`ex&JXfNLA
zfJg;|$HU<9^oKsB;}0mEpW-}#F=V4Lc0b~0j9TiUjby_j_XxqTv#VVf7$wU+x1Di9
z%gXZ@7o>_6lR;VP&{P2r*A!;u{?ye;o-gz9I5mJsgCviy+~^AV%=S#Ry6HG-036ec
zl+^*qCxzUpPmem#MFJ89m&tqEP`SpCq)s8P%rl`G*>9^9v;`8FgA_tuV~sYeumdAJ
zc}OVBVtI3kE}}A_rS%Asi*#Y?9!g<cML`wyjiz_M<*d=f6qqpIDj5<yOO>H;k&Rrj
zF=AT3vn{=~Ft)&*Lw3a@NPgazaS6V(&CQ3cEqyN%bj*w;a=Xc*4sAVBxJ>A}j-1s=
zdN(eexa$Syl16w?PTQ=~gdU!CDHz4tsJ)Ca0P~9gy59`uIBkow@#C#2kBS5{eeQOY
z-0NlO6bE;+`_SK;xp--`E{FK$r7k>beE^~xw!|dejrP{m6GJKm4jy?9B^%#Nj&6@s
zz|)5YGw{@(o<{e}UL2dqtc*i$qt-*@9a%XOwNQ()eB15F^r|Z(sClt7N2hEez)N(I
zfp-NQlredp;;=i5B~IGN;z87HOg&oa;o3*#m(Cpoh#@{=;+~-6b4<j~Gm(04beq^y
z-U674^1-xofOsk(k~zr*uz4}oh|lAlC|TZ>U`Pn1D!#FNCyrK&0hDDE3Manjo`j$#
z*}(F$b#NDYRQ4gVt2F1Fd4<!Ktq0%pG}NqWQ%$Taba7>D?@CJaN)d5Ryy<riso10$
zDcS?i<B4?w!`q3dR)@^#dhy&4;}aA3K7EAw%PM;*wM6kutQOwTvefE6h!{Np7~t2Q
z!gK;Vy44_(c1Tn(;~Uk)E~Go1xo`1pqpv&JoFx{u+cxV6^kbY|e{dtN7$)+jAJlFN
z9J3@?k{_CSQtYdD2Qo7|XM%^br}*YAk0VSbC3FX{pk5?Xo+=OuxuAK<ixoW2Tx4|c
z_G%d`h0cCj70%h{0Rv3BXAb<dg>8e=3j6@G>zb4N$>su|Jjejldskj3sIr64NUsf-
zG&#~pk&R+AY1@fGqp%nbNuXa*mb)~(R)&f*b={GRkY~%-*JGi#+)uOvjnK8<Q`ES7
zVj;XW>DaJx5r2y7H-(nLfQW|~R50RnibfIm<UQAFf$&Ard4{1HmdjFZZfc8`>FZCY
zXVJCC^d3B3HG2v3%hmKL!;l!0zCE}HUESkyC|ME;4c(J+$dz#LLfqsfaPV*m?CVx*
z5ysHE2E|iBW@vSMeL@&YaY1u<D>x{KbDETzsX~6Nn{NP;5>C0EbjPmefGj;!j&N&I
za@#kAlV&@Oc^OJ?%y!@Kj&Q`Q5#)d*o-wBBZBd&Iu@MoF!SNZUS|W&hlB@Vk9#Bmf
z(-AzYIN~CnG6C*4c7vG_6{Ks=`C^~Exwk|T<LV9Vl!Xk7+<?WU0uzy~)52LKGyVio
zH$z))-Tl3KW9aW{qv)uwc6RZ_9yoHNVLq_yu%N{)dpkV}(zH}4#0UyOnIcf_edn{(
zGKTUFz1<cSC*e9kf>H5+3hv@!XBdwZri|DM)W&ad18~gK>~NcTiFPb=hLzezO;@0R
zGF}Oz>GQsD9l0P3Bci%387oa|b0q^S+Xi||C#|nj6JC%L5;Cklws3yOed;Nk$hnY3
zBINKS9vq<o1!^eiksQ4A1!-bl6pptE50zUV#VfFoVfQ%8QqK;JqJq$V*tclmM3r*o
zVkX#ZNZ0YaSRYMEPzQ@=l2%fY1}#`qOFOf{nXPoqO_+h3B}ByZ`5opyJHb-P+zS(4
zPeY@~2B?J#7T@oE;(dy1xn4(zByllVhHzR$=M_dLstO3)=WtKFuaKGC3S=-~nXn6^
zGS!|@CA4_f1`_z9Gfxi`sd;7cJ0iJv3G&nu9z#(ZdP?vsDq5<`@D%AMiLAOlmI`F=
zb-k(s%1hxM)5wS;1S8p%1ex5|?+u03geb|0H+!mGz+xF?UJso=L_0uL6?1Y81du|X
z)FZ~x4Y<ahB6&q{xhzBMFL(v8l%Bj<WMjBjF1hj|X0{3K&3frT<-^Da`KU@3;f{%i
zVv0_j2xQ}=fnvf%W67*c(jd#p2Irned2)&BF;oSXn6bzWHHmg0UxHSo^*(MRv_yOJ
zr^0^cjatrb3*gUL!fz*9)Sz8&N!n*qFk52C?LB|d!4O>aOf{2xl8_=%W?nWB#1q=a
zM5z}V=j;(mHncBgM0Rl9L@|XmUs_`TfL9;Y_9NOFoDq5a#x9#u-fIQa)u#rhx>NcB
z^40;BU|)4-6$>m6b4HDy(r^K9+;hm65caa(3la>_lcP6l$gZ}2!1GMm{a&W5z9}yy
zer^n$M)oMHY*8M9rA{gwwC!bv(3F8vctSYI%FaYk(3B+VyQLN77fvD9levCrYZ>5J
zzQ1m6#4^#sFw@iNx3NTIzG)bH<}d^#9tWx9j3pyuysi7Hz^Fu?TPkBzYo19A(s{d^
zG}&u>L-EGWLBSc{R%E<1S75J;)B_sCW<T}{y;`qIdhygBzZ6z#jzWAnhUMG*GScqZ
zyC;qz5G!qoFwt?C<hnpy`_d!#d7$+HGKxOLwvdU@y?Scn_o~@TGEJ?|p8-ZJxzk4K
z5{Ch<*`CG$U6pA2zJv}4ki(l)jxrfTZ8Z<xpw~);6o~CW6p3?OmivIDP3%>bM6Bvs
zPxLX{@!{cYDV?%_Z!HG9Owm@jf*rNnY${wP5fZ``SBeqzGCW?e;zHu*%J!<Qv>mnS
z)IrgM@j`{79OwM?pzI7keV|858Ov@Rms3?S6)@@d#%P0~1tqQcF2R^-NIDbRV>eb1
zN3~!3?K`;pM#ZPXR<w5*hN+9ot7wo{IUysr9Z{!Ik4ufK(Pqp6QBhXl&FYDkYhfA=
z9TPjaJ@jlV8wi3ILAB4`a!O#R=N@|E(>JQ32!mj-8`$lWq>JZ_sgaiIuf<`VG#KaM
z1VmC^<3WYeVy9$b(Bk976q>^pH#S&t$1CB<#e#8$gZ7KT0&ZogL||+ipSt&eAoWou
zijo&iM80N#JJX{l4=nQB=M~wJ?5Z~AuP*s~XvjUA1uAUh;4GGf(L_kJs4zuC3mzRs
zmSxF3pW_EFNUOsrsDi2kr3)oCvBnaTk-NAoF`M$#Phcz#I@$<%P2g<cU8Z<l{sjvI
z?L<K}K^xX)bLIi&f$QMTmU&bGHKp7O`Q|`g7FmbdiY1#~K58CnRA@Fb?8<4dWFJjy
zSSauHBC^ibx5kT5>aACW5CtS`y%BB>r6BxbbO{uRxD8%C^u|$jU0QFu?$<oqKwNRF
zF7}FL#b-kmAL?j6dV`d(Gm|VHFF7kqRlDT52G0tlz#ysDM$8kd_I@n<;#LFzhB~@k
z@iyM`)vYU=X(41UA=r1fC{%t70JcL9i&?p$MrHvzED($eBXYz}`|&&LGJAI*2|9o<
zD4Ihu13ShY667LcTG*CM3TBY$UUj0SLLr4pY`6?!^Q<IFgm=3qviu$&i!B47K+8Fm
z$QY1581?P31k5P9ZB{RnhV!Z_aB?T~5g78?o*sg8WzM%Xh&R4C2$Uxmr9AO!Tlr@8
zu8k&wo*Q-#PU{ntgS}*O3POlh@{>knkehfk=3Ec$h|y}>MbbK7z!U13fambGe&t5#
zetF88drIn@RTNd>nG&95YS}y&+H*=cAOO{h)BfJQ79LYP=y<yDh!C<7kBogiO+@)>
z%7CJ0DEXBF5=E_Y)g%|4fkzm?)uhNEk)15jNde4-t#&^2dHA->aQpUIJ(cub&yI;B
zuDoZ_97X6`SIJ?$W{;?|IRjbuWX>u`?WG7MZL?0^df5ftBSOWiz?16qnBtLp&F>Qy
zq@R0*{^lcMuJ)lcBRYj=N5|%2A`@K}ch69$gR;pheX<$MMtCN}p3er@Moribc?Rw>
zMJ{DuoaMow;<#*H^F4S`hSq_;Suq4GOz)RUX((Rm@SvfR7c8nnN~+-+m^0#4aB=rg
zjq1Q=l}uGu0FS-}FnP^O1rRu9RDImY#bh=~dw2f0u<Km{7QMk`?SNQ)y7MMC9vrt#
zZ7E5$314=N4@Ye!-J`~4?5^v9U1&sJ4I?{|u!cGumpEusTXcYz>r2s3pW@x@iw8pk
zl?NN3NUouMD`iWs6yR9qC^IR7-cj0INGV*p;mh|7uk$Dnd#wbq@K0Y6kjT+oR;e8B
zegXDy<1Vn9#A6=>7g#`qL`S0B0YWQ+KR!#29O`_o3?3VlV_?!4sz8(_vhkGMaArh<
zX+-@NT<tvs;s`F|q;nBrUb7{ne6d$aYDW-{Y08t}*%nU<88Ss5ML*mU^GA!TZPZ|3
zBwFhJJhQd^2ISs*$1Pq&y@{Dh%+o}d?h`4s-A}2k>i~d-%mcxZ+pOPvyrL6G^SY+l
zH`M@UVSzx4Ba+<xgyb26#@Y@CHNIh;M`gs^(}+b(v=lqhmz!#C27EV4wF_XcQsLz3
zmAuKBV%)a%hnoG;qH3Qlq2$}=j~8d4`UTU)qaYE;)M=B$4ii}!KS%7H>W35#G9nR;
zi>JdUnmObfcvtcw*&p0f7?YPlW3^({?@S)?rJ`ip%iA`^Sh%NPIG)r2hga;%VIz64
z%W@L~#hI{R53pk8p4l1=`_9#w%z4vcDoGlV1S(2Xyk0URcfonN&epmWSu%msleQrQ
zjNRG??_gDd*K@^0XXUxF+-Ac1Vaw@33uTqPa~`0uq)5A@w)JXz^~e^+%drD@&==wv
zbv`Il8sajGDvJqeGLFnNpjn|CyS^gDeM5@`>X%>&4;#s-H)1AX=7Mlu?F@t@UC1&f
z6hw;-;1jwRB2Mh1=Zpa!&Px!QmN2QaW+_wnIFtG9GzH_+ey3JgoG`nexZrQCO`}iP
zorLEImd;I5edqd!VVzXd7qiqZMq1c4L;b~EHi-H20DtvTAEGVxF?umoz(P*D<F)2G
zg0#DDY|q2o#Ex7{2J*Q<BlFua9C*1L58TFjdcx0GUF1CrwJywJLw<_8RGUM`Q;1G4
zhPL*&nmzp&Se2#}s*|v_=>Q8@?*s~9V}?6Bb-D<70ML2QaPv{%m_mnuAxv=^Ts(Yt
zze?c6w8`s5ceU~yX!bd0)jfNJYuTc9uq6T!tM6@<Yu6)_2N;lwt(rr8c)ZV}i=Mw+
z+RRpzxAS;j$E#dPQ}HJ+g_@(R;LWY@O}z~O<I+At$X5Lm7}q1W2eT&7T5F0@T`r)e
z8|(BUTHdQ^<g0Adck!$slQ(t7beReTpzYPdh=!<^7zkGo!$S?=5%le;CwmmB&jVjT
zA`suxm$I+nij0V=<}p1og1%w6M#Y^b+bwGi(-_LaLlzc=PV=kKJ|t3)JztX(>&N`|
zb>;F&E4!-JwOz`j+gig6JL-!!H=^~bi=2w?!Vq1`9y7s(gdPb*o7$p;8!2+(@HWe(
zi|h8Ihh>4HU@j|5y+}E-z9<4oF91!l?~QrSpfzkhkR5BJ(7KogXGZl(O4Z^nz<y6(
zw1b$<s*k;$VlKugq<m94YHl{s4G9mhktavvp0s-tqi3^h!dOm<C%h_~fqtfQSuap|
z(U~hJ0JBTUILl-o*6llzz<TY6h{+1t-txw!xWVYA>YiLXn)pNRM0;1a*jmVJD)f%z
z!m$aTQS>s&Sq=@D%k(Jwz7z^9WqFcrE=LQ>tgY3!5Os;s)+<j1>lX7ZiS$@wNAIXG
z3=szBd-&?5oBA5D0lyN3Q!n24mfwz_V3U){#U)E4Q3ed39$JsoVNAy&kj$B%Er1y#
z)(za`qg9h2_q=9dm%3-zep7^+^vc7VMyDH$yeJcxvIm|0%35z-)0wYLIfRDdiH1B_
z^Gn3)(Skgx^|k5(06kH6bdR3dXKrw79cw@*R@${NO7`y2d-Vwn`4rr5r=P#O3aBtd
zp8?8DphA`-r2tv#nl}R5qw$KY4gk=lRd8s-p0)-Inb9^byC5vTLNk5^1!T51tK}!M
z0O`q7Yz)1tQ{V*hVg^Ie1aKNRNFtM}57`#dv?$A<Ih-45iDK13t4LOz@?4%lkQ%te
z(RjkO4F^?MY8AecQ(40`kWLxxU?0^T8Y8HuQxsCfY(~~kF9$p_AqSQ~yPnrU_95tb
z<dLx)Y}*?l4)yL7rk>X+(7}Z)YD`afNxYHJ8Z5!;Ucq)Uc^U+%U0!>n*rR~w*K*r8
zLgjlQzK5_23SM^774ax148*rV%>cTMweeXh?$Te#7;ZcY2p@b@Fyk)3cbdhIm+)lB
zp6=DT3P7(BRIb~$8g|&3`h^6wGh&G?ffjU8@DY`(a!}PZ9e7;wx`~Tl^*ZuwRe)UD
z<2ajIBRe^@Cw->#QlJQ9LhE`&7ASS&Q2_$b>PVQTYNkAaCbEv^W_T4w)PDNZJgy$y
zAuw@p8im3O>kLGgN3(}xuN3gK`Sm#kIRF(Ux%SKsr$IdqlMZnS^WYoZ*Nm^Hb?I%|
zQTXF`&cnwwtTDThgHVRHmHG4@JHE%qh9nQ;5k8A1bu|-AHqBGW<~%<XJOb?OlQ9n%
zeTgK+j2zv@AP@ZED-*VDP_(QIO*6)=x8Q@GnP?<dd~YTz-V<97>gx)u8Kb$Q^VNQS
zbL7(=5Zs2b8UmhYS-U*QKnsTy#IE#`#lSP`*)Rj0jFd|{X4~7@*vIULS8ih1ouq^{
z85aZ7pa1{`!~$1s6P{;$P>`NjHM;}Y+)e-mvLJnyXa2YztEz4ZA;$G(4z*?O-oi6Z
zk*o&HI!JQ#Sk@lu6+K9v@{Qu~-Bw?qDZA-Fvqv!3_KqbP(?I$79ko15Sz)7kr#{$T
z845L2EMEI+?=|V8B2U$)y4jo59n=uVeWFUw)_j|ySA=odk>Bl+L!O}GPPCFezC<PG
z6XU|cuBO9wdGNd|(g%+bN3#)Q5mz6)71iP(#$gzYPh{w)>JF&qshM~yM1fLWzK%QE
z+0zK2uk6kr8=tf6mTQ<PK%YT@Rr->JBI7PGEM2ejOY#)Rs|_H)q?&FCytg(nE3_OU
zPeh>tygeRML_ogIrxq<jaW|)=W|k9;J$nw(ld(QM#e!KC8;!P?Ocq)5xX@osICfrJ
zJY`69Dn$(@zyWS4+RV}5)Ee#v-IGbbd{lh-QduNgQk}wr04(MSv|#lC>?_pN=0HOx
zD#)B0he!BKMWGy6e8vns$`Y%(V{N(O+;Ou<J6<!P6MG^Z2lCc4L`m#x8Pu_x;1F&S
zdVAUVIt!j4P`!cIdSf_AX?Bb@7WCA`-Sbaq=ryk5yy|D2G9%gZ0{S^27_4fOAJDw%
zKy=QG&CLVK=L-;tx!7iM{EUlowS)sZ3fjs00tQ`fgPUWIH7hIijqc!yz&Nq$UTcM!
zM<;0xrY5Z#P|9SO^0M8Fb_iV>Lc6xSgR&^>XRZi&ODAiWb|deG^jCQRm~;qYeU7`8
zxEocVnWK2L@cKBV%IYERW3ruxOm?~EWPZ;J8J){!Z5`HGoGjU?p>@vp5vki59$Xm9
zhzlbg0+DD!v+>0vXP{*Wg;Ppmbc~=Uo4UR^N!Y<>-gj6|`Sy~R16US%iBnn;o=^lm
z@3FH;T<*4b<GFE|8N!dG1O>%w<rtL9JsLSFow6kQo(9WQoxxGcQBAF@v9ONLk#jSQ
zXg${<h(u&JtVUmCo=3#(-t-O`Pv_FWB{J@8I6`aavJzf|1+Obkd95cs_V=0#=jzhn
zd;&R|rU4gLM5m3p!>`}PYgd4F(Hb;1i9A*tRrF?JBh_Bu0ZrKD+lqWv7PSLdTQ<9l
zF40J!K`|l)OBge6VFB<IjY+Y~fqN*Mh+g@4;`jp|c_Qa{nNZU&at$>|Tsz#Bq#c)#
zlbpSP`mD${cVCX~u#qm_gM{#z+*W+Ki}r#EX%dx%#saX<;o4q=z6YAa{-6NX_h2Hz
z#hl&~T`6;3Pmj5oAwOM|S#V5$i;*uuhS9#E;h%d(XfWHL2?yNEj4BWT<f*;4>cSmz
zJ_;dFx86|evro96)*Hf#<=JTUj-2CI-i^Y3E)Z(>;$*;$oSll%szU3f=s|mSD!meU
zAkh+;O{aKPEFG$4aySu$cf1nHpk&^=fthJflhV0~j%=f+R-cv_OG1Hya(eoRu2AM7
zym>SebC7g%mP#%Vsiv4jm;5e$rp6Z)B{~SeOUP6Jqv>Gd5DJ-lU$)rE*bBSp2#)1D
z^)eWuI5z?8brC4Dcl25(J?Hg41V|4VFYrs;&9NraVlaa+pcaG@IJY%grt>voKer~Q
zm%_I9s#Yu_Yo|{ZkL+za#3MQY{qsDfh$y-5Mwp+Q4fs-|*qjfi9HNa_KXq5M^hxCl
z_IHwwwlFlej2V4LgvTRGk71I0naav7p4^hT;OlWhd)L(cC^S8L>I4uv#Z-aBvCign
zOkVIKgD8S2M}1Ins!)>YZ&N#5MJJyX8^ol`kn%R5^xMpPnX{9xfuV9P3-zpDF2$rK
zY9NRaU|G|X=gvK`3l^*HVxvQ4$LAuV$S?)O4-aC)%ORcL6M!U+l7{iSdcs7>_^?d<
zoeP=(1i{KZQ*Cu~RuSqr(^>Lg$l;j|<$D@hA!b}7TgG<EEaSk8Y`f%z&ph67L1EBi
zgJR+H!zvBScd8OuNJskssKe&POLOzZ*UOd}igA7WkYwBg456M8%`se?OpaJZ0KerE
z&dnftJMucq?`8!<b`pft3u5C&#0V!J0KT+&BAH1v#`|8Nt$2;F?gj)~q5^Xv&)sE#
z1ZtDN!2|MAns*PTAsW%z?Q!xHg+W;tG8M{u0|@STtE$8ZQ^WvMM5Qlv4d#Zu->n&e
z@FE8Xb17WQP_+ZWv*yCLnvdX?v6Bbv9qIFVVE%e+mNz_K%z@MG3DC0cUYgr^!A9X)
zyK@D;7iL1Q#_&oBA2fmniVEsHm0J>tLJyS<^@^%dA$E3EXIs;!Z=kz&{R#*<y&1}z
z#GVjYC+B07c*{0Y9*#o~U+c@YeR9t@<P#hAslV-^vM5n9=WFxAfXAELCoU#gkNOz~
zI8i@!lW8~@fnv?gXkr?Fn>JFk0^0^4EUhS$o14n^G~qxLOiZVTLdWqH(3Of{D<inM
z=zu^WtR|0$S^3NGyz=N>m*9?RjJ3GE1M+u$gU=4jfs!kN^*B3{$$W8jfw7Q0QfP?<
zdgx8e3&w)3tSNy>-+Y3EEU4U+rPVc0u$g_{aDiL4SW5JJE+fi^I>|e-3bqp#5)WDL
z3ijw|iomak-<)hoJWlo}dTmO`n9tmi+u!IYv5T3oxIr$ZQ`;lRhL<P|w`k#Kdk{+`
z=_>hhAvo&c@)`S;r{FQ0z&@n(tG~cORY!1n@fbUn_SyDpw5-ROq(&A&hVr~CJawW1
zSA;}J9Ry^oM<syFvV>QrZLIA92?6A(U>0o3%gVUL;ecJ~kU~}@KgA2NmfrSZB|?*q
zNB{|#sc@UOKu_2vqBXGSHNG*5XZ%uf*#@X2!Bd!py=t4KLL6qXx63LHG~E?>G7)v`
z0ZjWk?onGy+AqM6XkMz`)g{TIs^3mD0?VY?Ts%=e1#lZQI>RzKV5rt^<aop?(fE*R
z_t0CYXK(M_v1-0U^+#hWvA{Wsr}b#2)9Xm`JYHRShP*l6dBS(u^7;&q+wJY4>>*xm
zgxa+q_CsImtQ7JWq{m$~XUCZN@=;VD=`D(vjTzSV{UT;EvkA|bCpainA9Ycc38TlA
ztockZ8aCEw4u#N6>hNR_mDrFKmeFOwyv~G@qSJgGM~{yyr~_XFuE4q5tA3^|7#eqE
zk-68@hA@kY&yh422A}#MXjSja<atxjvQua{cL+SkXTxy|XzdT2W^m(dcG;tfycYud
zz1NiB;fIzmiNp1rpslQ_$==Pq<c%IHR!1;F8ePii4m{QO(9=jcjTk~Tc{E-h1vAqF
znqDs=0m@x%d=m9*0SV>>?E#u{ExVFQ>_Ap$tVE{*@Vyly&$GR@TE9qK1Qo$D%e}gb
zsg2l?tit!e`pD0&qS9>4^b+Q%F0((u;h!R0%N2&go+NT{c$FcGaq*CKni~U~`YE@v
z7n)#^P<Fh^eogs&Gazmb_z{sZV8UCa?Z@<l0LCAcx^k5PUW~ORo^QuME{Sud&gk33
z2<vge;>wyxo)idr!+Vp)(u&JS-~o%GxvPj|sFN3B%J01lM7OE8cbgm|0}_hxMlouh
zrlMBeq!WpNTop_}aihavJ|d|=A>Ut2#D(&+fZ`Ro=q$K>HS>aG0B~0sBP&Z-%pC@%
z?jG#8i68faTa(x;B4q4?^?2fT>*%&})nevawqD?&_&P}E8fc#FRjswF(V>FY2#(y5
z>v39^`p!ulxoqJJJVdKoL!*d4(edu8LFon7ybiJHX;Y;)gVhUD*V)4Hp3gHI$I`6I
z03IeH*mH1PR35+1lLw2h$h{d*{e`5`kV=WAY4C6hIKGN#*9B5UO|S!0E(3QVQ}^M@
z!-eZ<=hjJ|c;>;Xsi23uPkN0NFIDD%Yqt7vQgUTe!7J8iUzZb_V8^L_%+qS+)$81C
zXo5(?WAzwG0XLAL%;8O38NMLjXaVBhO%p0>vj(rm1{y)!f#MMWtI8(dH7zwMqug_S
z)EV6)7W=$%Z8W6z$<>q^9Wh{<jHK8gKOj!4T@l_P=(YpuDpG2M6h21}vRqa_ah9Cq
zi+qW7>TU?)7L&%3xys{qPmeuP-y;JC$w?YgcMY5J0~RqOZ9#jIo$!{+^fY7Lr*-6w
zq>_VHCDy3hWwyLGR#K2Y3P#UKB|vn|nI8Cin`fY^=#X<$`P8I%bM&;{o<Cia@T&2~
z5KWXuSDwc~>ha4L4u4@yYnB*W`ydf<kgkC`-6x3N1;!@lpw#+OSXM&vzDk#)ONodr
z5i*B^c}Fs)sZ@ZV40=t)BEY6%Z;_QdT-^YkIY&;yp>na8Q)~})M&9P^(kW$XCul24
z1jKt0G6hu;$=O_X^s60c93g=!<idgRRVEGsCAgME?(!s|dw0@%rUo}m5|(w1`A+*%
z?eg&+)Pv&8+359E?=0e9nShl)(Gl+x9SP_JdE_4X1f3r9Y?px706w9S67Vbz7{bSS
zb^P>cy*2RQjS_wJ+z0ZpKwtJDC(PtZ0~_i}0{Cm9a6ARFc{H-XvWt7~IbC@vnP(uk
zOfaK9OM9=MzdM$<PtrCOd^CEODJa373|c4+5I=RkC&HoQiQX?1k%dr@KsX5T8tj1Z
zU74?f84;h`X1Y=BdS-}*N9fi=GTC~?dqR!OfDdf8Skx(eWhT=4!qz)fX&(`Bu?D_#
zVs4DRKJQnl2TV^6^Vx#F(wE``rh2VYJg+q|o-1$xnvB~U)Up8IYG5=)bn7-3dD<_@
zjc&6km0uOb2?>foUYJ4C^E~@=@2Gr*y^U4Hx`~lz=^8g})I}C(;IlU;1k(`_8-j3M
z@N!QKi(1y6__$6x?37R$Dl;NftiOH~cW8U^$Qf4icqD8bd3a^}ZH6xkHVC0Jypg)o
z)fFRA$x?;|sMGT%Wi2{YQDAF@9VQCOvwP!n9w-T?$2=Oh7&Ie_c1ux{O1?ZZX@&)B
zhJ>C%IomaL2R7QbnZW5}K-{_sYtVlEm<iZ{7uExg@Iny4@|}m((E+@NrL;*iJ~22$
z3NE30=4co&qC>hB@l?;L>@XiVoTV^G&$<Fyu-AoI>u(5DigsHJiu4*(R0ARekFawT
zg71Z%Nvw<4S!TTOddFucO{mt$vW-uh;dEuX$F2Rb2Ls%BMOhTavONh^^xdJW)>{#l
zDte|nhR})6llomoIpL*VQsGl_Xs+COG=Z*{?F1fp;q5pKm?}t%6sN*^pt7E)iy0E~
z&=a1Fzj$bRp52_CyGq~<J|z$38bEpMS==eA0MSCQURfj5$!x!Q8UppQ<_vRRNoBbx
zx#kl@d&nbBP&Tqp;N~7cx9lc>i?Uz7%+lQ^rAfxT@wdo38Dg81Wvzk$$LV00oqFhj
zC9G1`teqK(ue-oaNTav8`eGt#NfszqtevhM0w`~vY~P~+)IJT5os<fIy*`PS7dJ1W
z4@D9Qp&msKDHGtygF$WMeFg*b0gngpDaVUi*0?l+sGkraXp2&D=YvOnuXNR9T^*M=
z$-{%qr6y-3RNinJjYCSi)UfakZrn`{HaW@(kZ<fUz08)T=38gzCWAg#aYzM3Gq2jo
z6T}oO(ZPIM>J*&$BKGNI<fP_1ii*oSyGj;QkBY_=vwDduAU9{ymXOMYbB;wxq5xP2
zbG+~puO&_eJ4Rf#^*ye77Ol0FFI3mv->8!*I99l^`daSbUclBsK(0Trke*H~K8Os9
z_PKtT?BglaQ}wiYO4zPJ_x4@5z|K5%Nmj)!4#Y#1;ZoXrQf>noIy85h1tuO5ne&hb
ztcDMXQjPd#ndO#^4Y4#b{A}N!_+ZCA(|tRbxMd6i8%i&!dO48hjiBxmbkuw!VxWXP
z%1#v`<yMfo3rP3a_hqr5l>_Xf_8gaZ+N7J6h4-3NpA2xkwgW&@STdBYbjS>RCrgWI
zfj+pi@6v9%D)-TyNlv{QcX?L5dhl+~2u;|{9Pepc+tdv(GL^w7=|jsp+tVQB^0MZj
zR%YTE>@In<($($w5L5Z~GLG?XihN>xWFcb(Yssg3<vme(oh1o-KE7)+Xj1VaD>2yN
zMWE>zzSoOsO2m>7m|Na5=UHSuJfTgGV13is8s~Yq4pI1QI^1jareX$_$JN6wFbz*1
z78_*S+%vK_A^x6)tmhlY%<i#wLV^gFfHw!7H8##33JO#XCeEODX?~@xKE*f3(8x;Y
z{pN-CU`mZOF5+gWl|74>ly;RJ;34iqS0Zxw-dSF8L?#tA(}LB|_{D8FJfueBA)AV;
z_U$3`?gyqGrkeCjk$1EJs~{y`AMi;D?@U;&y_NG|dcNzL*fH;}R61_pHo4MO1~&On
zXHTscM~5GTG`6!lnI_Xy3cV#}XJ->ep?bp^+{~|Ltxs*eB7!%>hq}>53T`a<9uPd<
ze$iXUP{MI9NV~N$G|Oq*o5f|GFX7PkNtHy_<9gj1;47F>JyO+|@fzML7I>#EW#*1i
zvp_(!SJV{0*PR9F+LF@L2&u${M)bb%@u|t3@`#^BcL@{R);3r=hQJUUm+G;zKh4`U
z7CivN6kM!o5iuy~wr#y2h(@cE+MBV~O5ITJd+7O!xJLToS(dXdc`{Uuqe*Nm5jg^C
zn#gIy9LcBxfR${{y?D2KWh4)5>kLY2(46?JE@4r-9!3u5$>S{CBqQQXRVG;(3cH2`
zm1e}P>ZR9@p#s=+2&~uPZTo9%j%uuJ_69ZCeyOcTJG4^9I7mzeAqLi>vIyh(pu8Wj
z`dtX}^$`|7jvjy0yW$P`@`SuzV7e_)z!(_@CKx-X3>{s0`=RuL=*r6ZZLKU`NsJmp
zIAnr$dO|-qF?_{6D+Ba4UY5r}F8&D+ix+JJ%~N)<m3y)oRMl2bq<tU9&Uw%iYs;+&
z?e^U)OzmWOa6J6Pkhw=P(gl+2)c{O)5=FB)vc-mJnSiVNw30b>#<pc#IfmN9_I{jq
zQWxaHLL23hcy?`)@M0l`B@m_`9}@833T_*`wU{=-QhXqxbu>pX4QHZGoDEgM7x9=j
z+XDem24Py!pS(01uK;L9#=d*3*bLqn73PB_z8c^t4GmTSh-Arfz>-zt!q2l$kP(n%
z>lr@ZR(k^aRAq2AwR|gw%5g}|pr8ktfGVEyJek`?u4fj$?-gsB<s6IN<ZbCl*x3@w
z%N&M%k!5QRp1iEbwCFA>=)F3I3i{v$JkDF#gR~=aIui-A^Fr8d70;}GP;VF3hjP|v
zU)q{4_ck>|P7-)LwpQ~;E)E`;ldLcblP@fJ%VsLo2GRE68Y@<>^|gr+$<xqcWg4C6
z*bdub!c&yUW^%TuR$;3I7J0^whR3;?`SxJOw!1iM>MdB7kRG6upcYQo!Q#6?;)@)Y
za^bw`UgXA>H&BPWxbhO;%_u3oi8(CuHIFDDc{b@1hL3Zp-NII#9+C@qmIr9mX}pY;
zL3o`H94xs;fM~4FI?yA0XynynC})nrR}630PM{v*N!VcxMQJ3@T_mhdEwN=Ik`*c8
z49bN)w3NDitzuD4&3tYiv-4<gTQHSB0fL{xJZ;C>IJ#T33g;@t5M!RjFuw8(S9cvp
zI8e(Yj&<YM*fiEuC?Mmfq|M6Lxci8*TV7*01+vB~WrEnbxfh37fp44EC&75=a2}x`
zo|x!C>240KM{2s?5<wzd_CB?`t7}?<fVP`oI*H<uQjW={JFY$EbGQ?6cq4n3n7mdV
z*Ov~5Iww3>AiAq$tD#)6a5pHW7+Nzn^$c3H*q$J}5c_gCQt?*o;Cl&Jw8@eqiy1HG
z6h|74)@<>nNwk#QDHS%lDz0e(`W?NgVGWgVr_+E|v$sTYidIc@s5p8W&QIPhzSUO>
z0NL^g7dom{YTu*rxe0Co;6%W@xY36Ddj|o`=V8~W{!)Wu+%G7$FPM;FJNaF}xXzm<
zz`f1i3mPcGM_s44@i7q}v{afJ-;<s?(yL&H^{I!5mAvNf;h>9nP|DK_6Otg!Y#R6R
z05{h<$spq0#pH=1)(jD&2%55vwlwM0cyog2p#)B4=B`4a0_ZG@Z+T|cACMGKYBOnA
zPrbsH=B>vA!_L`-Aj0tiDy~P`i+2f!w}fB54ka63Vs$I@tT%n}(x1B7#i6NgS2HcS
z#j;~_X-))->mh=p=Y!G<YVRFyylN<6v1iD8_TD-HYX<c`8bn_X4vmo-%-CpSZb{L>
zpn25>!pR9$?}c0D>r{KI(XWiCUEyB5=6mQOR#x$_nbb-V7sqZ1`dE0k4k7|tvd4-k
z(KzERl#ips+%Uvbe8zVWCjv-mC;s@&3nJjBH9WrOq_RBg${Nk2*KpHRF21|8FZ%81
zslZcBE8=+xD?3cS3LZEY?^Y`WCZsCj0*Luq_M{$y#si6sbBScrq`c!QHb0q32Ys=R
zG;hfGEy=M0Yt5m&Cjp|boyeNvhP?d5dS^H={C;l>K_a;3ftnLWB9<y6l-*KWE*#O{
zq+iZGY6y!0(s36GRHiXOF1oB9RPxu|9IIsw237&taIR=NeKB@8J<ouQ=Vkfg#^sgG
zHeATN8fMXswd+ZTK1kNy@I2ipaZfTZ#!rMi{zQo05=>uDV$zHCmnE?DN={(wNxM<Y
zJOXirbducO)u)_Enr!?c-fJ!|${T=5R3LGJo$@dzY+fsXd;RDd3gxB=#^uVO37QF8
z$rtlU33eWitrrNCokv{}oW#LBxa~U{rO0Z2B1Nu#%`)S-Y+LxU817}Zk<7{9H0DHD
z?=_E;mJ9c8WWx&pAU$%mTNvlOJF=Q30`K=gTVJy=kqHDNxSO?6xz!WaTaZm8tDS4m
zd=~nQAtGT!c+$_t-lJsiI>KLrGjXfEkj0di)CkoZ3(HU%dm^@nX6lg_C~&yTc1{pm
zKPH_!dToYBoaEw`%;~RXXpk&{I`i48w%_Sr5b-t9g4jj1n5z)Wt(Fq$?qo*J%@Kbu
z5EK{^Q~cP}=P@R@MpD|SznLJrLLzymB-=D%PR<&YniZ5W?Yc)2enJb(w;4`=VVDp7
zCEAmwS10n~dVy7?<6h%48Fm(?1@aB$agoId45v-vvr%1)eO7uB^=Lx_`UNsQ3qrM&
z^^9W9t=O(i0obRg+4S<XH2X^X6(_sY@~wcq8a!C=Tw<z&mafN$i08p|!?l`Er`mQ%
z-WVElO(c)tAxAcEN)A0LP@13>&Ba%a<Guw>@OWrYx#7l&tJl*3PNU0ORf5N|9yt26
z#R0m|?K&2*JcOQmq1=>D5`uVpwUFRN$uG9ep~odzSC~WS`9WnWfq7A|qdjISv2ig>
ze{E>V6O?)rIZ26o&3L3?3NY}lOGI`LM^Il8>v+7)YK13Qz#bOIvE(8*k{t3N6$T=9
z-bqTkDZ5GX=Htg;E?P28L6x|MH^41~j$$t-U;&+jc&t<wHbv9rVLs>8lnSpl;GB4?
z;_1b$+^2?O*`P)!QL!&$GbXt8idJeuX|6Meo%=v*O_uIaB0jhBSFMU(x|60bF9ydM
zpc%KR_~qkmTrj9!*lnBE*2CDBT4|SA_GTQ9(2*0pH=NrtS0_3%9e~go{Y2fcy>Hyi
zFViN6_^ER&LIL9_25d14Bb=Npn}WJn+)j&Yd_siY_aO__?t~1uDHCJkiU>$3Orlw5
z7y?t?Om5`3GI(haNqDRxBUeAj;sJaQmgF(+opi{11r}E+VQSnyhI-44E2@Z4`VfV%
zxBL7CwAxn?2f$ob%-nY(v89dV@c}x)yhUX1cmq2fhDb|gB|QWj`Ydb8i(-aHJz!xs
zFoG^#0g-UJpS&m7!n(>#Jkd19!hDaef>!d)JG?>>mf}TH>o6iIc!9y(UPh2Z!{+gf
zE}5^w$2>`!noK!sH``h?8kZ?a-b$H4lK`I^1k5g&BsRB8LsRte!<ueIx!61H;#*~P
z0M6}|BUs#Soq8`Pf}-jbba$vcoU7wp052)lY5?6oF_MB2#c7K~`;^o5!LtV{;=#k-
zcf_3Wyw8d4*vX>zh;6Q=`YtP?o)w-)<};FgGz8#&mp~Oe1+PL$*dQwofjnGB<f7Az
z#oi2nvcaYbvap6iTwH<^*5Tbazv;)>Is2?89CfLr?zw3f;(PQGwwO&0=Ppj#kS6Yi
zyUQb26zrD72<JcvEjV^hSvMrGk7|W-M$2YiDTMATx&mF*x9#=DjNhBg30CSskq4YT
zHRMYeigXkgQ94&7ok1$70IE|MPU7zU9^+l45hiC>i7MH%%qC6-d~8>l#t~~HyHXlM
z2v1gNfSaT(ygKpe8&RW-J_v%69FH1yk%(z@mgkdf0SE3|g9fD}6XK}!=G_HMS*S|y
zFadbvA$8ot(_yA`bWlFD+>VVF76ZUbpVqv}sU;*oavzU@)qC$$)$obbLoneTrE#2I
zlU_gcC?Q@QEfR`M!F96cHy3jfZMcetJsj|Ev8Ii#&`e6&gcEmo(~c12T9|f$(I@AL
z9-SikrWqn9YNL=y@pH4psh2hfiz2x=t_E4XO)PM{Z@0tA&qMgpp3*!;B(Kbqi9_Hn
z$q>s;(1wcgHZK@vw9siFftk%J^CT)gyjb;}r9lU2E8EvM!V8z9?_j)BEzM+_g*7iA
z^xjUrhg1BVX;kQ$D?WeI!J1GBn24^F^#<n#bt#PI`<%s}I-QczF`9jE_T>cf)d4Je
zmR9p23sTmzfkyL0_fllSwG(~RrCN`O)l7z5OJKuab5KszwQxmJ4>^%PB27%FhXRR0
z;zy(dl#70<+9pOL(tLxC{bIHIW|cNc4suT1rLQ4rob%ONo_WlnQ|7U%ga*B5Y~h($
z)x%=E3029!9%IV&&M9+RwUE6yp(o_AHa;71!{$R|bPY(EIl#x7&<@Ge2JowglTu9I
zB;%7BL`px7-A6kFdYLVzO;^ykPgD)Z(XO8mr@WJ5inF);c$Q3$TU5H!AA!xpp6R5N
zHE-F13))+H?qCgX0P(Jl$Xv*LET*68X-chD!E(mi-mTpFzZd!U|KI=o^Y8aRCpfy)

diff --git a/sha3/xor.go b/sha3/xor.go
index 46a0d63a6..59c8eb941 100644
--- a/sha3/xor.go
+++ b/sha3/xor.go
@@ -2,10 +2,18 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !amd64,!386,!ppc64le appengine
+//go:build (!amd64 && !386 && !ppc64le) || purego
+// +build !amd64,!386,!ppc64le purego
 
 package sha3
 
+// A storageBuf is an aligned array of maxRate bytes.
+type storageBuf [maxRate]byte
+
+func (b *storageBuf) asBytes() *[maxRate]byte {
+	return (*[maxRate]byte)(b)
+}
+
 var (
 	xorIn            = xorInGeneric
 	copyOut          = copyOutGeneric
diff --git a/sha3/xor_generic.go b/sha3/xor_generic.go
index fd35f02ef..8d9477112 100644
--- a/sha3/xor_generic.go
+++ b/sha3/xor_generic.go
@@ -19,7 +19,7 @@ func xorInGeneric(d *state, buf []byte) {
 	}
 }
 
-// copyOutGeneric copies ulint64s to a byte buffer.
+// copyOutGeneric copies uint64s to a byte buffer.
 func copyOutGeneric(d *state, b []byte) {
 	for i := 0; len(b) >= 8; i++ {
 		binary.LittleEndian.PutUint64(b, d.a[i])
diff --git a/sha3/xor_unaligned.go b/sha3/xor_unaligned.go
index 929a486a7..1ce606246 100644
--- a/sha3/xor_unaligned.go
+++ b/sha3/xor_unaligned.go
@@ -2,16 +2,26 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build (amd64 || 386 || ppc64le) && !purego
 // +build amd64 386 ppc64le
-// +build !appengine
+// +build !purego
 
 package sha3
 
 import "unsafe"
 
+// A storageBuf is an aligned array of maxRate bytes.
+type storageBuf [maxRate / 8]uint64
+
+func (b *storageBuf) asBytes() *[maxRate]byte {
+	return (*[maxRate]byte)(unsafe.Pointer(b))
+}
+
+// xorInUnaligned uses unaligned reads and writes to update d.a to contain d.a
+// XOR buf.
 func xorInUnaligned(d *state, buf []byte) {
-	bw := (*[maxRate / 8]uint64)(unsafe.Pointer(&buf[0]))
 	n := len(buf)
+	bw := (*[maxRate / 8]uint64)(unsafe.Pointer(&buf[0]))[: n/8 : n/8]
 	if n >= 72 {
 		d.a[0] ^= bw[0]
 		d.a[1] ^= bw[1]
diff --git a/ssh/agent/client.go b/ssh/agent/client.go
index ecfd7c58d..b909471cc 100644
--- a/ssh/agent/client.go
+++ b/ssh/agent/client.go
@@ -8,7 +8,7 @@
 // ssh-agent process using the sample server.
 //
 // References:
-//  [PROTOCOL.agent]:    http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.agent?rev=HEAD
+//  [PROTOCOL.agent]: https://tools.ietf.org/html/draft-miller-ssh-agent-00
 package agent // import "golang.org/x/crypto/ssh/agent"
 
 import (
@@ -25,10 +25,22 @@ import (
 	"math/big"
 	"sync"
 
+	"crypto"
 	"golang.org/x/crypto/ed25519"
 	"golang.org/x/crypto/ssh"
 )
 
+// SignatureFlags represent additional flags that can be passed to the signature
+// requests an defined in [PROTOCOL.agent] section 4.5.1.
+type SignatureFlags uint32
+
+// SignatureFlag values as defined in [PROTOCOL.agent] section 5.3.
+const (
+	SignatureFlagReserved SignatureFlags = 1 << iota
+	SignatureFlagRsaSha256
+	SignatureFlagRsaSha512
+)
+
 // Agent represents the capabilities of an ssh-agent.
 type Agent interface {
 	// List returns the identities known to the agent.
@@ -57,10 +69,42 @@ type Agent interface {
 	Signers() ([]ssh.Signer, error)
 }
 
+type ExtendedAgent interface {
+	Agent
+
+	// SignWithFlags signs like Sign, but allows for additional flags to be sent/received
+	SignWithFlags(key ssh.PublicKey, data []byte, flags SignatureFlags) (*ssh.Signature, error)
+
+	// Extension processes a custom extension request. Standard-compliant agents are not
+	// required to support any extensions, but this method allows agents to implement
+	// vendor-specific methods or add experimental features. See [PROTOCOL.agent] section 4.7.
+	// If agent extensions are unsupported entirely this method MUST return an
+	// ErrExtensionUnsupported error. Similarly, if just the specific extensionType in
+	// the request is unsupported by the agent then ErrExtensionUnsupported MUST be
+	// returned.
+	//
+	// In the case of success, since [PROTOCOL.agent] section 4.7 specifies that the contents
+	// of the response are unspecified (including the type of the message), the complete
+	// response will be returned as a []byte slice, including the "type" byte of the message.
+	Extension(extensionType string, contents []byte) ([]byte, error)
+}
+
+// ConstraintExtension describes an optional constraint defined by users.
+type ConstraintExtension struct {
+	// ExtensionName consist of a UTF-8 string suffixed by the
+	// implementation domain following the naming scheme defined
+	// in Section 4.2 of [RFC4251], e.g.  "foo@example.com".
+	ExtensionName string
+	// ExtensionDetails contains the actual content of the extended
+	// constraint.
+	ExtensionDetails []byte
+}
+
 // AddedKey describes an SSH key to be added to an Agent.
 type AddedKey struct {
-	// PrivateKey must be a *rsa.PrivateKey, *dsa.PrivateKey or
-	// *ecdsa.PrivateKey, which will be inserted into the agent.
+	// PrivateKey must be a *rsa.PrivateKey, *dsa.PrivateKey,
+	// ed25519.PrivateKey or *ecdsa.PrivateKey, which will be inserted into the
+	// agent.
 	PrivateKey interface{}
 	// Certificate, if not nil, is communicated to the agent and will be
 	// stored with the key.
@@ -73,6 +117,9 @@ type AddedKey struct {
 	// ConfirmBeforeUse, if true, requests that the agent confirm with the
 	// user before each use of this key.
 	ConfirmBeforeUse bool
+	// ConstraintExtensions are the experimental or private-use constraints
+	// defined by users.
+	ConstraintExtensions []ConstraintExtension
 }
 
 // See [PROTOCOL.agent], section 3.
@@ -84,7 +131,7 @@ const (
 	agentAddIdentity         = 17
 	agentRemoveIdentity      = 18
 	agentRemoveAllIdentities = 19
-	agentAddIdConstrained    = 25
+	agentAddIDConstrained    = 25
 
 	// 3.3 Key-type independent requests from client to agent
 	agentAddSmartcardKey            = 20
@@ -94,8 +141,9 @@ const (
 	agentAddSmartcardKeyConstrained = 26
 
 	// 3.7 Key constraint identifiers
-	agentConstrainLifetime = 1
-	agentConstrainConfirm  = 2
+	agentConstrainLifetime  = 1
+	agentConstrainConfirm   = 2
+	agentConstrainExtension = 3
 )
 
 // maxAgentResponseBytes is the maximum agent reply size that is accepted. This
@@ -151,6 +199,36 @@ type publicKey struct {
 	Rest   []byte `ssh:"rest"`
 }
 
+// 3.7 Key constraint identifiers
+type constrainLifetimeAgentMsg struct {
+	LifetimeSecs uint32 `sshtype:"1"`
+}
+
+type constrainExtensionAgentMsg struct {
+	ExtensionName    string `sshtype:"3"`
+	ExtensionDetails []byte
+
+	// Rest is a field used for parsing, not part of message
+	Rest []byte `ssh:"rest"`
+}
+
+// See [PROTOCOL.agent], section 4.7
+const agentExtension = 27
+const agentExtensionFailure = 28
+
+// ErrExtensionUnsupported indicates that an extension defined in
+// [PROTOCOL.agent] section 4.7 is unsupported by the agent. Specifically this
+// error indicates that the agent returned a standard SSH_AGENT_FAILURE message
+// as the result of a SSH_AGENTC_EXTENSION request. Note that the protocol
+// specification (and therefore this error) does not distinguish between a
+// specific extension being unsupported and extensions being unsupported entirely.
+var ErrExtensionUnsupported = errors.New("agent: extension unsupported")
+
+type extensionAgentMsg struct {
+	ExtensionType string `sshtype:"27"`
+	Contents      []byte
+}
+
 // Key represents a protocol 2 public key as defined in
 // [PROTOCOL.agent], section 2.5.2.
 type Key struct {
@@ -232,7 +310,7 @@ type client struct {
 
 // NewClient returns an Agent that talks to an ssh-agent process over
 // the given connection.
-func NewClient(rw io.ReadWriter) Agent {
+func NewClient(rw io.ReadWriter) ExtendedAgent {
 	return &client{conn: rw}
 }
 
@@ -240,6 +318,21 @@ func NewClient(rw io.ReadWriter) Agent {
 // unmarshaled into reply and replyType is set to the first byte of
 // the reply, which contains the type of the message.
 func (c *client) call(req []byte) (reply interface{}, err error) {
+	buf, err := c.callRaw(req)
+	if err != nil {
+		return nil, err
+	}
+	reply, err = unmarshal(buf)
+	if err != nil {
+		return nil, clientErr(err)
+	}
+	return reply, nil
+}
+
+// callRaw sends an RPC to the agent. On success, the raw
+// bytes of the response are returned; no unmarshalling is
+// performed on the response.
+func (c *client) callRaw(req []byte) (reply []byte, err error) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
@@ -256,18 +349,14 @@ func (c *client) call(req []byte) (reply interface{}, err error) {
 	}
 	respSize := binary.BigEndian.Uint32(respSizeBuf[:])
 	if respSize > maxAgentResponseBytes {
-		return nil, clientErr(err)
+		return nil, clientErr(errors.New("response too large"))
 	}
 
 	buf := make([]byte, respSize)
 	if _, err = io.ReadFull(c.conn, buf); err != nil {
 		return nil, clientErr(err)
 	}
-	reply, err = unmarshal(buf)
-	if err != nil {
-		return nil, clientErr(err)
-	}
-	return reply, err
+	return buf, nil
 }
 
 func (c *client) simpleCall(req []byte) error {
@@ -341,9 +430,14 @@ func (c *client) List() ([]*Key, error) {
 // Sign has the agent sign the data using a protocol 2 key as defined
 // in [PROTOCOL.agent] section 2.6.2.
 func (c *client) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) {
+	return c.SignWithFlags(key, data, 0)
+}
+
+func (c *client) SignWithFlags(key ssh.PublicKey, data []byte, flags SignatureFlags) (*ssh.Signature, error) {
 	req := ssh.Marshal(signRequestAgentMsg{
 		KeyBlob: key.Marshal(),
 		Data:    data,
+		Flags:   uint32(flags),
 	})
 
 	msg, err := c.call(req)
@@ -473,6 +567,17 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
 			Comments:    comment,
 			Constraints: constraints,
 		})
+	case ed25519.PrivateKey:
+		req = ssh.Marshal(ed25519KeyMsg{
+			Type:        ssh.KeyAlgoED25519,
+			Pub:         []byte(k)[32:],
+			Priv:        []byte(k),
+			Comments:    comment,
+			Constraints: constraints,
+		})
+	// This function originally supported only *ed25519.PrivateKey, however the
+	// general idiom is to pass ed25519.PrivateKey by value, not by pointer.
+	// We still support the pointer variant for backwards compatibility.
 	case *ed25519.PrivateKey:
 		req = ssh.Marshal(ed25519KeyMsg{
 			Type:        ssh.KeyAlgoED25519,
@@ -487,7 +592,7 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
 
 	// if constraints are present then the message type needs to be changed.
 	if len(constraints) != 0 {
-		req[0] = agentAddIdConstrained
+		req[0] = agentAddIDConstrained
 	}
 
 	resp, err := c.call(req)
@@ -542,22 +647,18 @@ func (c *client) Add(key AddedKey) error {
 	var constraints []byte
 
 	if secs := key.LifetimeSecs; secs != 0 {
-		constraints = append(constraints, agentConstrainLifetime)
-
-		var secsBytes [4]byte
-		binary.BigEndian.PutUint32(secsBytes[:], secs)
-		constraints = append(constraints, secsBytes[:]...)
+		constraints = append(constraints, ssh.Marshal(constrainLifetimeAgentMsg{secs})...)
 	}
 
 	if key.ConfirmBeforeUse {
 		constraints = append(constraints, agentConstrainConfirm)
 	}
 
-	if cert := key.Certificate; cert == nil {
+	cert := key.Certificate
+	if cert == nil {
 		return c.insertKey(key.PrivateKey, key.Comment, constraints)
-	} else {
-		return c.insertCert(key.PrivateKey, cert, key.Comment, constraints)
 	}
+	return c.insertCert(key.PrivateKey, cert, key.Comment, constraints)
 }
 
 func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string, constraints []byte) error {
@@ -594,6 +695,18 @@ func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string
 			Comments:    comment,
 			Constraints: constraints,
 		})
+	case ed25519.PrivateKey:
+		req = ssh.Marshal(ed25519CertMsg{
+			Type:        cert.Type(),
+			CertBytes:   cert.Marshal(),
+			Pub:         []byte(k)[32:],
+			Priv:        []byte(k),
+			Comments:    comment,
+			Constraints: constraints,
+		})
+	// This function originally supported only *ed25519.PrivateKey, however the
+	// general idiom is to pass ed25519.PrivateKey by value, not by pointer.
+	// We still support the pointer variant for backwards compatibility.
 	case *ed25519.PrivateKey:
 		req = ssh.Marshal(ed25519CertMsg{
 			Type:        cert.Type(),
@@ -609,7 +722,7 @@ func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string
 
 	// if constraints are present then the message type needs to be changed.
 	if len(constraints) != 0 {
-		req[0] = agentAddIdConstrained
+		req[0] = agentAddIDConstrained
 	}
 
 	signer, err := ssh.NewSignerFromKey(s)
@@ -657,3 +770,44 @@ func (s *agentKeyringSigner) Sign(rand io.Reader, data []byte) (*ssh.Signature,
 	// The agent has its own entropy source, so the rand argument is ignored.
 	return s.agent.Sign(s.pub, data)
 }
+
+func (s *agentKeyringSigner) SignWithOpts(rand io.Reader, data []byte, opts crypto.SignerOpts) (*ssh.Signature, error) {
+	var flags SignatureFlags
+	if opts != nil {
+		switch opts.HashFunc() {
+		case crypto.SHA256:
+			flags = SignatureFlagRsaSha256
+		case crypto.SHA512:
+			flags = SignatureFlagRsaSha512
+		}
+	}
+	return s.agent.SignWithFlags(s.pub, data, flags)
+}
+
+// Calls an extension method. It is up to the agent implementation as to whether or not
+// any particular extension is supported and may always return an error. Because the
+// type of the response is up to the implementation, this returns the bytes of the
+// response and does not attempt any type of unmarshalling.
+func (c *client) Extension(extensionType string, contents []byte) ([]byte, error) {
+	req := ssh.Marshal(extensionAgentMsg{
+		ExtensionType: extensionType,
+		Contents:      contents,
+	})
+	buf, err := c.callRaw(req)
+	if err != nil {
+		return nil, err
+	}
+	if len(buf) == 0 {
+		return nil, errors.New("agent: failure; empty response")
+	}
+	// [PROTOCOL.agent] section 4.7 indicates that an SSH_AGENT_FAILURE message
+	// represents an agent that does not support the extension
+	if buf[0] == agentFailure {
+		return nil, ErrExtensionUnsupported
+	}
+	if buf[0] == agentExtensionFailure {
+		return nil, errors.New("agent: generic extension failure")
+	}
+
+	return buf, nil
+}
diff --git a/ssh/agent/client_test.go b/ssh/agent/client_test.go
index 5fc47e577..de1c783a9 100644
--- a/ssh/agent/client_test.go
+++ b/ssh/agent/client_test.go
@@ -8,19 +8,23 @@ import (
 	"bytes"
 	"crypto/rand"
 	"errors"
+	"io"
 	"net"
 	"os"
 	"os/exec"
 	"path/filepath"
+	"runtime"
 	"strconv"
+	"strings"
+	"sync"
 	"testing"
 	"time"
 
 	"golang.org/x/crypto/ssh"
 )
 
-// startAgent executes ssh-agent, and returns a Agent interface to it.
-func startAgent(t *testing.T) (client Agent, socket string, cleanup func()) {
+// startOpenSSHAgent executes ssh-agent, and returns an Agent interface to it.
+func startOpenSSHAgent(t *testing.T) (client ExtendedAgent, socket string, cleanup func()) {
 	if testing.Short() {
 		// ssh-agent is not always available, and the key
 		// types supported vary by platform.
@@ -33,17 +37,19 @@ func startAgent(t *testing.T) (client Agent, socket string, cleanup func()) {
 	}
 
 	cmd := exec.Command(bin, "-s")
+	cmd.Env = []string{} // Do not let the user's environment influence ssh-agent behavior.
+	cmd.Stderr = new(bytes.Buffer)
 	out, err := cmd.Output()
 	if err != nil {
-		t.Fatalf("cmd.Output: %v", err)
+		t.Fatalf("%s failed: %v\n%s", strings.Join(cmd.Args, " "), err, cmd.Stderr)
 	}
 
-	/* Output looks like:
+	// Output looks like:
+	//
+	//	SSH_AUTH_SOCK=/tmp/ssh-P65gpcqArqvH/agent.15541; export SSH_AUTH_SOCK;
+	//	SSH_AGENT_PID=15542; export SSH_AGENT_PID;
+	//	echo Agent pid 15542;
 
-		   SSH_AUTH_SOCK=/tmp/ssh-P65gpcqArqvH/agent.15541; export SSH_AUTH_SOCK;
-	           SSH_AGENT_PID=15542; export SSH_AGENT_PID;
-	           echo Agent pid 15542;
-	*/
 	fields := bytes.Split(out, []byte(";"))
 	line := bytes.SplitN(fields[0], []byte("="), 2)
 	line[0] = bytes.TrimLeft(line[0], "\n")
@@ -79,19 +85,39 @@ func startAgent(t *testing.T) (client Agent, socket string, cleanup func()) {
 	}
 }
 
-func testAgent(t *testing.T, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
-	agent, _, cleanup := startAgent(t)
+func startAgent(t *testing.T, agent Agent) (client ExtendedAgent, cleanup func()) {
+	c1, c2, err := netPipe()
+	if err != nil {
+		t.Fatalf("netPipe: %v", err)
+	}
+	go ServeAgent(agent, c2)
+
+	return NewClient(c1), func() {
+		c1.Close()
+		c2.Close()
+	}
+}
+
+// startKeyringAgent uses Keyring to simulate a ssh-agent Server and returns a client.
+func startKeyringAgent(t *testing.T) (client ExtendedAgent, cleanup func()) {
+	return startAgent(t, NewKeyring())
+}
+
+func testOpenSSHAgent(t *testing.T, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
+	agent, _, cleanup := startOpenSSHAgent(t)
 	defer cleanup()
 
 	testAgentInterface(t, agent, key, cert, lifetimeSecs)
 }
 
-func testKeyring(t *testing.T, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
-	a := NewKeyring()
-	testAgentInterface(t, a, key, cert, lifetimeSecs)
+func testKeyringAgent(t *testing.T, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
+	agent, cleanup := startKeyringAgent(t)
+	defer cleanup()
+
+	testAgentInterface(t, agent, key, cert, lifetimeSecs)
 }
 
-func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
+func testAgentInterface(t *testing.T, agent ExtendedAgent, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
 	signer, err := ssh.NewSignerFromKey(key)
 	if err != nil {
 		t.Fatalf("NewSignerFromKey(%T): %v", key, err)
@@ -143,6 +169,25 @@ func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *ssh.Ce
 		t.Fatalf("Verify(%s): %v", pubKey.Type(), err)
 	}
 
+	// For tests on RSA keys, try signing with SHA-256 and SHA-512 flags
+	if pubKey.Type() == "ssh-rsa" {
+		sshFlagTest := func(flag SignatureFlags, expectedSigFormat string) {
+			sig, err = agent.SignWithFlags(pubKey, data, flag)
+			if err != nil {
+				t.Fatalf("SignWithFlags(%s): %v", pubKey.Type(), err)
+			}
+			if sig.Format != expectedSigFormat {
+				t.Fatalf("Signature format didn't match expected value: %s != %s", sig.Format, expectedSigFormat)
+			}
+			if err := pubKey.Verify(data, sig); err != nil {
+				t.Fatalf("Verify(%s): %v", pubKey.Type(), err)
+			}
+		}
+		sshFlagTest(0, ssh.SigAlgoRSA)
+		sshFlagTest(SignatureFlagRsaSha256, ssh.SigAlgoRSASHA2256)
+		sshFlagTest(SignatureFlagRsaSha512, ssh.SigAlgoRSASHA2512)
+	}
+
 	// If the key has a lifetime, is it removed when it should be?
 	if lifetimeSecs > 0 {
 		time.Sleep(time.Second*time.Duration(lifetimeSecs) + 100*time.Millisecond)
@@ -157,10 +202,67 @@ func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *ssh.Ce
 
 }
 
+func TestMalformedRequests(t *testing.T) {
+	keyringAgent := NewKeyring()
+	listener, err := netListener()
+	if err != nil {
+		t.Fatalf("netListener: %v", err)
+	}
+	defer listener.Close()
+
+	testCase := func(t *testing.T, requestBytes []byte, wantServerErr bool) {
+		var wg sync.WaitGroup
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			c, err := listener.Accept()
+			if err != nil {
+				t.Errorf("listener.Accept: %v", err)
+				return
+			}
+			defer c.Close()
+
+			err = ServeAgent(keyringAgent, c)
+			if err == nil {
+				t.Error("ServeAgent should have returned an error to malformed input")
+			} else {
+				if (err != io.EOF) != wantServerErr {
+					t.Errorf("ServeAgent returned expected error: %v", err)
+				}
+			}
+		}()
+
+		c, err := net.Dial("tcp", listener.Addr().String())
+		if err != nil {
+			t.Fatalf("net.Dial: %v", err)
+		}
+		_, err = c.Write(requestBytes)
+		if err != nil {
+			t.Errorf("Unexpected error writing raw bytes on connection: %v", err)
+		}
+		c.Close()
+		wg.Wait()
+	}
+
+	var testCases = []struct {
+		name          string
+		requestBytes  []byte
+		wantServerErr bool
+	}{
+		{"Empty request", []byte{}, false},
+		{"Short header", []byte{0x00}, true},
+		{"Empty body", []byte{0x00, 0x00, 0x00, 0x00}, true},
+		{"Short body", []byte{0x00, 0x00, 0x00, 0x01}, false},
+	}
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) { testCase(t, tc.requestBytes, tc.wantServerErr) })
+	}
+}
+
 func TestAgent(t *testing.T) {
 	for _, keyType := range []string{"rsa", "dsa", "ecdsa", "ed25519"} {
-		testAgent(t, testPrivateKeys[keyType], nil, 0)
-		testKeyring(t, testPrivateKeys[keyType], nil, 1)
+		testOpenSSHAgent(t, testPrivateKeys[keyType], nil, 0)
+		testKeyringAgent(t, testPrivateKeys[keyType], nil, 0)
 	}
 }
 
@@ -172,21 +274,30 @@ func TestCert(t *testing.T) {
 	}
 	cert.SignCert(rand.Reader, testSigners["ecdsa"])
 
-	testAgent(t, testPrivateKeys["rsa"], cert, 0)
-	testKeyring(t, testPrivateKeys["rsa"], cert, 1)
+	testOpenSSHAgent(t, testPrivateKeys["rsa"], cert, 0)
+	testKeyringAgent(t, testPrivateKeys["rsa"], cert, 0)
 }
 
-// netPipe is analogous to net.Pipe, but it uses a real net.Conn, and
-// therefore is buffered (net.Pipe deadlocks if both sides start with
-// a write.)
-func netPipe() (net.Conn, net.Conn, error) {
+// netListener creates a localhost network listener.
+func netListener() (net.Listener, error) {
 	listener, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		listener, err = net.Listen("tcp", "[::1]:0")
 		if err != nil {
-			return nil, nil, err
+			return nil, err
 		}
 	}
+	return listener, nil
+}
+
+// netPipe is analogous to net.Pipe, but it uses a real net.Conn, and
+// therefore is buffered (net.Pipe deadlocks if both sides start with
+// a write.)
+func netPipe() (net.Conn, net.Conn, error) {
+	listener, err := netListener()
+	if err != nil {
+		return nil, nil, err
+	}
 	defer listener.Close()
 	c1, err := net.Dial("tcp", listener.Addr().String())
 	if err != nil {
@@ -202,8 +313,51 @@ func netPipe() (net.Conn, net.Conn, error) {
 	return c1, c2, nil
 }
 
+func TestServerResponseTooLarge(t *testing.T) {
+	a, b, err := netPipe()
+	if err != nil {
+		t.Fatalf("netPipe: %v", err)
+	}
+	done := make(chan struct{})
+	defer func() { <-done }()
+
+	defer a.Close()
+	defer b.Close()
+
+	var response identitiesAnswerAgentMsg
+	response.NumKeys = 1
+	response.Keys = make([]byte, maxAgentResponseBytes+1)
+
+	agent := NewClient(a)
+	go func() {
+		defer close(done)
+		n, err := b.Write(ssh.Marshal(response))
+		if n < 4 {
+			if runtime.GOOS == "plan9" {
+				if e1, ok := err.(*net.OpError); ok {
+					if e2, ok := e1.Err.(*os.PathError); ok {
+						switch e2.Err.Error() {
+						case "Hangup", "i/o on hungup channel":
+							// syscall.Pwrite returns -1 in this case even when some data did get written.
+							return
+						}
+					}
+				}
+			}
+			t.Errorf("At least 4 bytes (the response size) should have been successfully written: %d < 4: %v", n, err)
+		}
+	}()
+	_, err = agent.List()
+	if err == nil {
+		t.Fatal("Did not get error result")
+	}
+	if err.Error() != "agent: client error: response too large" {
+		t.Fatal("Did not get expected error result")
+	}
+}
+
 func TestAuth(t *testing.T) {
-	agent, _, cleanup := startAgent(t)
+	agent, _, cleanup := startOpenSSHAgent(t)
 	defer cleanup()
 
 	a, b, err := netPipe()
@@ -247,8 +401,14 @@ func TestAuth(t *testing.T) {
 	conn.Close()
 }
 
-func TestLockClient(t *testing.T) {
-	agent, _, cleanup := startAgent(t)
+func TestLockOpenSSHAgent(t *testing.T) {
+	agent, _, cleanup := startOpenSSHAgent(t)
+	defer cleanup()
+	testLockAgent(agent, t)
+}
+
+func TestLockKeyringAgent(t *testing.T) {
+	agent, cleanup := startKeyringAgent(t)
 	defer cleanup()
 	testLockAgent(agent, t)
 }
@@ -308,10 +468,19 @@ func testLockAgent(agent Agent, t *testing.T) {
 	}
 }
 
-func TestAgentLifetime(t *testing.T) {
-	agent, _, cleanup := startAgent(t)
+func testOpenSSHAgentLifetime(t *testing.T) {
+	agent, _, cleanup := startOpenSSHAgent(t)
 	defer cleanup()
+	testAgentLifetime(t, agent)
+}
 
+func testKeyringAgentLifetime(t *testing.T) {
+	agent, cleanup := startKeyringAgent(t)
+	defer cleanup()
+	testAgentLifetime(t, agent)
+}
+
+func testAgentLifetime(t *testing.T, agent Agent) {
 	for _, keyType := range []string{"rsa", "dsa", "ecdsa"} {
 		// Add private keys to the agent.
 		err := agent.Add(AddedKey{
@@ -346,3 +515,38 @@ func TestAgentLifetime(t *testing.T) {
 		t.Errorf("Want 0 keys, got %v", len(keys))
 	}
 }
+
+type keyringExtended struct {
+	*keyring
+}
+
+func (r *keyringExtended) Extension(extensionType string, contents []byte) ([]byte, error) {
+	if extensionType != "my-extension@example.com" {
+		return []byte{agentExtensionFailure}, nil
+	}
+	return append([]byte{agentSuccess}, contents...), nil
+}
+
+func TestAgentExtensions(t *testing.T) {
+	agent, _, cleanup := startOpenSSHAgent(t)
+	defer cleanup()
+	_, err := agent.Extension("my-extension@example.com", []byte{0x00, 0x01, 0x02})
+	if err == nil {
+		t.Fatal("should have gotten agent extension failure")
+	}
+
+	agent, cleanup = startAgent(t, &keyringExtended{})
+	defer cleanup()
+	result, err := agent.Extension("my-extension@example.com", []byte{0x00, 0x01, 0x02})
+	if err != nil {
+		t.Fatalf("agent extension failure: %v", err)
+	}
+	if len(result) != 4 || !bytes.Equal(result, []byte{agentSuccess, 0x00, 0x01, 0x02}) {
+		t.Fatalf("agent extension result invalid: %v", result)
+	}
+
+	_, err = agent.Extension("bad-extension@example.com", []byte{0x00, 0x01, 0x02})
+	if err == nil {
+		t.Fatal("should have gotten agent extension failure")
+	}
+}
diff --git a/ssh/agent/example_test.go b/ssh/agent/example_test.go
index 85562253e..1fedaea1d 100644
--- a/ssh/agent/example_test.go
+++ b/ssh/agent/example_test.go
@@ -13,20 +13,20 @@ import (
 	"golang.org/x/crypto/ssh/agent"
 )
 
-func ExampleClientAgent() {
-	// ssh-agent has a UNIX socket under $SSH_AUTH_SOCK
+func ExampleNewClient() {
+	// ssh-agent(1) provides a UNIX socket at $SSH_AUTH_SOCK.
 	socket := os.Getenv("SSH_AUTH_SOCK")
 	conn, err := net.Dial("unix", socket)
 	if err != nil {
-		log.Fatalf("net.Dial: %v", err)
+		log.Fatalf("Failed to open SSH_AUTH_SOCK: %v", err)
 	}
+
 	agentClient := agent.NewClient(conn)
 	config := &ssh.ClientConfig{
-		User: "username",
+		User: "gopher",
 		Auth: []ssh.AuthMethod{
-			// Use a callback rather than PublicKeys
-			// so we only consult the agent once the remote server
-			// wants it.
+			// Use a callback rather than PublicKeys so we only consult the
+			// agent once the remote server wants it.
 			ssh.PublicKeysCallback(agentClient.Signers),
 		},
 		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
@@ -34,8 +34,8 @@ func ExampleClientAgent() {
 
 	sshc, err := ssh.Dial("tcp", "localhost:22", config)
 	if err != nil {
-		log.Fatalf("Dial: %v", err)
+		log.Fatal(err)
 	}
-	// .. use sshc
+	// Use sshc...
 	sshc.Close()
 }
diff --git a/ssh/agent/keyring.go b/ssh/agent/keyring.go
index a6ba06ab3..c9d979430 100644
--- a/ssh/agent/keyring.go
+++ b/ssh/agent/keyring.go
@@ -102,7 +102,7 @@ func (r *keyring) Unlock(passphrase []byte) error {
 	if !r.locked {
 		return errors.New("agent: not locked")
 	}
-	if len(passphrase) != len(r.passphrase) || 1 != subtle.ConstantTimeCompare(passphrase, r.passphrase) {
+	if 1 != subtle.ConstantTimeCompare(passphrase, r.passphrase) {
 		return fmt.Errorf("agent: incorrect passphrase")
 	}
 
@@ -182,6 +182,10 @@ func (r *keyring) Add(key AddedKey) error {
 
 // Sign returns a signature for the data.
 func (r *keyring) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) {
+	return r.SignWithFlags(key, data, 0)
+}
+
+func (r *keyring) SignWithFlags(key ssh.PublicKey, data []byte, flags SignatureFlags) (*ssh.Signature, error) {
 	r.mu.Lock()
 	defer r.mu.Unlock()
 	if r.locked {
@@ -192,7 +196,24 @@ func (r *keyring) Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error) {
 	wanted := key.Marshal()
 	for _, k := range r.keys {
 		if bytes.Equal(k.signer.PublicKey().Marshal(), wanted) {
-			return k.signer.Sign(rand.Reader, data)
+			if flags == 0 {
+				return k.signer.Sign(rand.Reader, data)
+			} else {
+				if algorithmSigner, ok := k.signer.(ssh.AlgorithmSigner); !ok {
+					return nil, fmt.Errorf("agent: signature does not support non-default signature algorithm: %T", k.signer)
+				} else {
+					var algorithm string
+					switch flags {
+					case SignatureFlagRsaSha256:
+						algorithm = ssh.SigAlgoRSASHA2256
+					case SignatureFlagRsaSha512:
+						algorithm = ssh.SigAlgoRSASHA2512
+					default:
+						return nil, fmt.Errorf("agent: unsupported signature flags: %d", flags)
+					}
+					return algorithmSigner.SignWithAlgorithm(rand.Reader, data, algorithm)
+				}
+			}
 		}
 	}
 	return nil, errors.New("not found")
@@ -213,3 +234,8 @@ func (r *keyring) Signers() ([]ssh.Signer, error) {
 	}
 	return s, nil
 }
+
+// The keyring does not support any extensions
+func (r *keyring) Extension(extensionType string, contents []byte) ([]byte, error) {
+	return nil, ErrExtensionUnsupported
+}
diff --git a/ssh/agent/server.go b/ssh/agent/server.go
index 68a333fa5..6e7a1e02f 100644
--- a/ssh/agent/server.go
+++ b/ssh/agent/server.go
@@ -106,7 +106,7 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
 		return nil, s.agent.Lock(req.Passphrase)
 
 	case agentUnlock:
-		var req agentLockMsg
+		var req agentUnlockMsg
 		if err := ssh.Unmarshal(data, &req); err != nil {
 			return nil, err
 		}
@@ -128,7 +128,14 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
 			Blob:   req.KeyBlob,
 		}
 
-		sig, err := s.agent.Sign(k, req.Data) //  TODO(hanwen): flags.
+		var sig *ssh.Signature
+		var err error
+		if extendedAgent, ok := s.agent.(ExtendedAgent); ok {
+			sig, err = extendedAgent.SignWithFlags(k, req.Data, SignatureFlags(req.Flags))
+		} else {
+			sig, err = s.agent.Sign(k, req.Data)
+		}
+
 		if err != nil {
 			return nil, err
 		}
@@ -148,13 +155,88 @@ func (s *server) processRequest(data []byte) (interface{}, error) {
 		}
 		return rep, nil
 
-	case agentAddIdConstrained, agentAddIdentity:
+	case agentAddIDConstrained, agentAddIdentity:
 		return nil, s.insertIdentity(data)
+
+	case agentExtension:
+		// Return a stub object where the whole contents of the response gets marshaled.
+		var responseStub struct {
+			Rest []byte `ssh:"rest"`
+		}
+
+		if extendedAgent, ok := s.agent.(ExtendedAgent); !ok {
+			// If this agent doesn't implement extensions, [PROTOCOL.agent] section 4.7
+			// requires that we return a standard SSH_AGENT_FAILURE message.
+			responseStub.Rest = []byte{agentFailure}
+		} else {
+			var req extensionAgentMsg
+			if err := ssh.Unmarshal(data, &req); err != nil {
+				return nil, err
+			}
+			res, err := extendedAgent.Extension(req.ExtensionType, req.Contents)
+			if err != nil {
+				// If agent extensions are unsupported, return a standard SSH_AGENT_FAILURE
+				// message as required by [PROTOCOL.agent] section 4.7.
+				if err == ErrExtensionUnsupported {
+					responseStub.Rest = []byte{agentFailure}
+				} else {
+					// As the result of any other error processing an extension request,
+					// [PROTOCOL.agent] section 4.7 requires that we return a
+					// SSH_AGENT_EXTENSION_FAILURE code.
+					responseStub.Rest = []byte{agentExtensionFailure}
+				}
+			} else {
+				if len(res) == 0 {
+					return nil, nil
+				}
+				responseStub.Rest = res
+			}
+		}
+
+		return responseStub, nil
 	}
 
 	return nil, fmt.Errorf("unknown opcode %d", data[0])
 }
 
+func parseConstraints(constraints []byte) (lifetimeSecs uint32, confirmBeforeUse bool, extensions []ConstraintExtension, err error) {
+	for len(constraints) != 0 {
+		switch constraints[0] {
+		case agentConstrainLifetime:
+			lifetimeSecs = binary.BigEndian.Uint32(constraints[1:5])
+			constraints = constraints[5:]
+		case agentConstrainConfirm:
+			confirmBeforeUse = true
+			constraints = constraints[1:]
+		case agentConstrainExtension:
+			var msg constrainExtensionAgentMsg
+			if err = ssh.Unmarshal(constraints, &msg); err != nil {
+				return 0, false, nil, err
+			}
+			extensions = append(extensions, ConstraintExtension{
+				ExtensionName:    msg.ExtensionName,
+				ExtensionDetails: msg.ExtensionDetails,
+			})
+			constraints = msg.Rest
+		default:
+			return 0, false, nil, fmt.Errorf("unknown constraint type: %d", constraints[0])
+		}
+	}
+	return
+}
+
+func setConstraints(key *AddedKey, constraintBytes []byte) error {
+	lifetimeSecs, confirmBeforeUse, constraintExtensions, err := parseConstraints(constraintBytes)
+	if err != nil {
+		return err
+	}
+
+	key.LifetimeSecs = lifetimeSecs
+	key.ConfirmBeforeUse = confirmBeforeUse
+	key.ConstraintExtensions = constraintExtensions
+	return nil
+}
+
 func parseRSAKey(req []byte) (*AddedKey, error) {
 	var k rsaKeyMsg
 	if err := ssh.Unmarshal(req, &k); err != nil {
@@ -173,7 +255,11 @@ func parseRSAKey(req []byte) (*AddedKey, error) {
 	}
 	priv.Precompute()
 
-	return &AddedKey{PrivateKey: priv, Comment: k.Comments}, nil
+	addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}
+	if err := setConstraints(addedKey, k.Constraints); err != nil {
+		return nil, err
+	}
+	return addedKey, nil
 }
 
 func parseEd25519Key(req []byte) (*AddedKey, error) {
@@ -182,7 +268,12 @@ func parseEd25519Key(req []byte) (*AddedKey, error) {
 		return nil, err
 	}
 	priv := ed25519.PrivateKey(k.Priv)
-	return &AddedKey{PrivateKey: &priv, Comment: k.Comments}, nil
+
+	addedKey := &AddedKey{PrivateKey: &priv, Comment: k.Comments}
+	if err := setConstraints(addedKey, k.Constraints); err != nil {
+		return nil, err
+	}
+	return addedKey, nil
 }
 
 func parseDSAKey(req []byte) (*AddedKey, error) {
@@ -202,7 +293,11 @@ func parseDSAKey(req []byte) (*AddedKey, error) {
 		X: k.X,
 	}
 
-	return &AddedKey{PrivateKey: priv, Comment: k.Comments}, nil
+	addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}
+	if err := setConstraints(addedKey, k.Constraints); err != nil {
+		return nil, err
+	}
+	return addedKey, nil
 }
 
 func unmarshalECDSA(curveName string, keyBytes []byte, privScalar *big.Int) (priv *ecdsa.PrivateKey, err error) {
@@ -243,7 +338,12 @@ func parseEd25519Cert(req []byte) (*AddedKey, error) {
 	if !ok {
 		return nil, errors.New("agent: bad ED25519 certificate")
 	}
-	return &AddedKey{PrivateKey: &priv, Certificate: cert, Comment: k.Comments}, nil
+
+	addedKey := &AddedKey{PrivateKey: &priv, Certificate: cert, Comment: k.Comments}
+	if err := setConstraints(addedKey, k.Constraints); err != nil {
+		return nil, err
+	}
+	return addedKey, nil
 }
 
 func parseECDSAKey(req []byte) (*AddedKey, error) {
@@ -257,7 +357,11 @@ func parseECDSAKey(req []byte) (*AddedKey, error) {
 		return nil, err
 	}
 
-	return &AddedKey{PrivateKey: priv, Comment: k.Comments}, nil
+	addedKey := &AddedKey{PrivateKey: priv, Comment: k.Comments}
+	if err := setConstraints(addedKey, k.Constraints); err != nil {
+		return nil, err
+	}
+	return addedKey, nil
 }
 
 func parseRSACert(req []byte) (*AddedKey, error) {
@@ -300,7 +404,11 @@ func parseRSACert(req []byte) (*AddedKey, error) {
 	}
 	priv.Precompute()
 
-	return &AddedKey{PrivateKey: &priv, Certificate: cert, Comment: k.Comments}, nil
+	addedKey := &AddedKey{PrivateKey: &priv, Certificate: cert, Comment: k.Comments}
+	if err := setConstraints(addedKey, k.Constraints); err != nil {
+		return nil, err
+	}
+	return addedKey, nil
 }
 
 func parseDSACert(req []byte) (*AddedKey, error) {
@@ -338,7 +446,11 @@ func parseDSACert(req []byte) (*AddedKey, error) {
 		X: k.X,
 	}
 
-	return &AddedKey{PrivateKey: priv, Certificate: cert, Comment: k.Comments}, nil
+	addedKey := &AddedKey{PrivateKey: priv, Certificate: cert, Comment: k.Comments}
+	if err := setConstraints(addedKey, k.Constraints); err != nil {
+		return nil, err
+	}
+	return addedKey, nil
 }
 
 func parseECDSACert(req []byte) (*AddedKey, error) {
@@ -371,7 +483,11 @@ func parseECDSACert(req []byte) (*AddedKey, error) {
 		return nil, err
 	}
 
-	return &AddedKey{PrivateKey: priv, Certificate: cert, Comment: k.Comments}, nil
+	addedKey := &AddedKey{PrivateKey: priv, Certificate: cert, Comment: k.Comments}
+	if err := setConstraints(addedKey, k.Constraints); err != nil {
+		return nil, err
+	}
+	return addedKey, nil
 }
 
 func (s *server) insertIdentity(req []byte) error {
@@ -425,6 +541,9 @@ func ServeAgent(agent Agent, c io.ReadWriter) error {
 			return err
 		}
 		l := binary.BigEndian.Uint32(length[:])
+		if l == 0 {
+			return fmt.Errorf("agent: request size is 0")
+		}
 		if l > maxAgentResponseBytes {
 			// We also cap requests.
 			return fmt.Errorf("agent: request too large: %d", l)
diff --git a/ssh/agent/server_test.go b/ssh/agent/server_test.go
index 6b0837d94..038018ebb 100644
--- a/ssh/agent/server_test.go
+++ b/ssh/agent/server_test.go
@@ -8,6 +8,9 @@ import (
 	"crypto"
 	"crypto/rand"
 	"fmt"
+	pseudorand "math/rand"
+	"reflect"
+	"strings"
 	"testing"
 
 	"golang.org/x/crypto/ssh"
@@ -40,7 +43,7 @@ func TestSetupForwardAgent(t *testing.T) {
 	defer a.Close()
 	defer b.Close()
 
-	_, socket, cleanup := startAgent(t)
+	_, socket, cleanup := startOpenSSHAgent(t)
 	defer cleanup()
 
 	serverConf := ssh.ServerConfig{
@@ -207,3 +210,50 @@ func TestCertTypes(t *testing.T) {
 		}
 	}
 }
+
+func TestParseConstraints(t *testing.T) {
+	// Test LifetimeSecs
+	var msg = constrainLifetimeAgentMsg{pseudorand.Uint32()}
+	lifetimeSecs, _, _, err := parseConstraints(ssh.Marshal(msg))
+	if err != nil {
+		t.Fatalf("parseConstraints: %v", err)
+	}
+	if lifetimeSecs != msg.LifetimeSecs {
+		t.Errorf("got lifetime %v, want %v", lifetimeSecs, msg.LifetimeSecs)
+	}
+
+	// Test ConfirmBeforeUse
+	_, confirmBeforeUse, _, err := parseConstraints([]byte{agentConstrainConfirm})
+	if err != nil {
+		t.Fatalf("%v", err)
+	}
+	if !confirmBeforeUse {
+		t.Error("got comfirmBeforeUse == false")
+	}
+
+	// Test ConstraintExtensions
+	var data []byte
+	var expect []ConstraintExtension
+	for i := 0; i < 10; i++ {
+		var ext = ConstraintExtension{
+			ExtensionName:    fmt.Sprintf("name%d", i),
+			ExtensionDetails: []byte(fmt.Sprintf("details: %d", i)),
+		}
+		expect = append(expect, ext)
+		data = append(data, agentConstrainExtension)
+		data = append(data, ssh.Marshal(ext)...)
+	}
+	_, _, extensions, err := parseConstraints(data)
+	if err != nil {
+		t.Fatalf("%v", err)
+	}
+	if !reflect.DeepEqual(expect, extensions) {
+		t.Errorf("got extension %v, want %v", extensions, expect)
+	}
+
+	// Test Unknown Constraint
+	_, _, _, err = parseConstraints([]byte{128})
+	if err == nil || !strings.Contains(err.Error(), "unknown constraint") {
+		t.Errorf("unexpected error: %v", err)
+	}
+}
diff --git a/ssh/benchmark_test.go b/ssh/benchmark_test.go
index d9f7eb9b6..a13235d74 100644
--- a/ssh/benchmark_test.go
+++ b/ssh/benchmark_test.go
@@ -40,7 +40,8 @@ func sshPipe() (Conn, *server, error) {
 	}
 
 	clientConf := ClientConfig{
-		User: "user",
+		User:            "user",
+		HostKeyCallback: InsecureIgnoreHostKey(),
 	}
 	serverConf := ServerConfig{
 		NoClientAuth: true,
@@ -92,6 +93,9 @@ func BenchmarkEndToEnd(b *testing.B) {
 			b.Fatalf("Client: %v", err)
 		}
 		ch, incoming, err := newCh.Accept()
+		if err != nil {
+			b.Fatalf("Accept: %v", err)
+		}
 		go DiscardRequests(incoming)
 		for i := 0; i < b.N; i++ {
 			if _, err := io.ReadFull(ch, output); err != nil {
diff --git a/ssh/buffer.go b/ssh/buffer.go
index 6931b5114..1ab07d078 100644
--- a/ssh/buffer.go
+++ b/ssh/buffer.go
@@ -51,13 +51,12 @@ func (b *buffer) write(buf []byte) {
 }
 
 // eof closes the buffer. Reads from the buffer once all
-// the data has been consumed will receive os.EOF.
-func (b *buffer) eof() error {
+// the data has been consumed will receive io.EOF.
+func (b *buffer) eof() {
 	b.Cond.L.Lock()
 	b.closed = true
 	b.Cond.Signal()
 	b.Cond.L.Unlock()
-	return nil
 }
 
 // Read reads data from the internal buffer in buf.  Reads will block
diff --git a/ssh/certs.go b/ssh/certs.go
index b1f022078..916c840b6 100644
--- a/ssh/certs.go
+++ b/ssh/certs.go
@@ -17,12 +17,14 @@ import (
 // These constants from [PROTOCOL.certkeys] represent the algorithm names
 // for certificate types supported by this package.
 const (
-	CertAlgoRSAv01      = "ssh-rsa-cert-v01@openssh.com"
-	CertAlgoDSAv01      = "ssh-dss-cert-v01@openssh.com"
-	CertAlgoECDSA256v01 = "ecdsa-sha2-nistp256-cert-v01@openssh.com"
-	CertAlgoECDSA384v01 = "ecdsa-sha2-nistp384-cert-v01@openssh.com"
-	CertAlgoECDSA521v01 = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
-	CertAlgoED25519v01  = "ssh-ed25519-cert-v01@openssh.com"
+	CertAlgoRSAv01        = "ssh-rsa-cert-v01@openssh.com"
+	CertAlgoDSAv01        = "ssh-dss-cert-v01@openssh.com"
+	CertAlgoECDSA256v01   = "ecdsa-sha2-nistp256-cert-v01@openssh.com"
+	CertAlgoECDSA384v01   = "ecdsa-sha2-nistp384-cert-v01@openssh.com"
+	CertAlgoECDSA521v01   = "ecdsa-sha2-nistp521-cert-v01@openssh.com"
+	CertAlgoSKECDSA256v01 = "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com"
+	CertAlgoED25519v01    = "ssh-ed25519-cert-v01@openssh.com"
+	CertAlgoSKED25519v01  = "sk-ssh-ed25519-cert-v01@openssh.com"
 )
 
 // Certificate types distinguish between host and user
@@ -37,6 +39,7 @@ const (
 type Signature struct {
 	Format string
 	Blob   []byte
+	Rest   []byte `ssh:"rest"`
 }
 
 // CertTimeInfinity can be used for OpenSSHCertV01.ValidBefore to indicate that
@@ -44,7 +47,9 @@ type Signature struct {
 const CertTimeInfinity = 1<<64 - 1
 
 // An Certificate represents an OpenSSH certificate as defined in
-// [PROTOCOL.certkeys]?rev=1.8.
+// [PROTOCOL.certkeys]?rev=1.8. The Certificate type implements the
+// PublicKey interface, so it can be unmarshaled using
+// ParsePublicKey.
 type Certificate struct {
 	Nonce           []byte
 	Key             PublicKey
@@ -220,6 +225,11 @@ type openSSHCertSigner struct {
 	signer Signer
 }
 
+type algorithmOpenSSHCertSigner struct {
+	*openSSHCertSigner
+	algorithmSigner AlgorithmSigner
+}
+
 // NewCertSigner returns a Signer that signs with the given Certificate, whose
 // private key is held by signer. It returns an error if the public key in cert
 // doesn't match the key used by signer.
@@ -228,7 +238,12 @@ func NewCertSigner(cert *Certificate, signer Signer) (Signer, error) {
 		return nil, errors.New("ssh: signer and cert have different public key")
 	}
 
-	return &openSSHCertSigner{cert, signer}, nil
+	if algorithmSigner, ok := signer.(AlgorithmSigner); ok {
+		return &algorithmOpenSSHCertSigner{
+			&openSSHCertSigner{cert, signer}, algorithmSigner}, nil
+	} else {
+		return &openSSHCertSigner{cert, signer}, nil
+	}
 }
 
 func (s *openSSHCertSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {
@@ -239,6 +254,10 @@ func (s *openSSHCertSigner) PublicKey() PublicKey {
 	return s.pub
 }
 
+func (s *algorithmOpenSSHCertSigner) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {
+	return s.algorithmSigner.SignWithAlgorithm(rand, data, algorithm)
+}
+
 const sourceAddressCriticalOption = "source-address"
 
 // CertChecker does the work of verifying a certificate. Its methods
@@ -340,10 +359,10 @@ func (c *CertChecker) Authenticate(conn ConnMetadata, pubKey PublicKey) (*Permis
 // the signature of the certificate.
 func (c *CertChecker) CheckCert(principal string, cert *Certificate) error {
 	if c.IsRevoked != nil && c.IsRevoked(cert) {
-		return fmt.Errorf("ssh: certicate serial %d revoked", cert.Serial)
+		return fmt.Errorf("ssh: certificate serial %d revoked", cert.Serial)
 	}
 
-	for opt, _ := range cert.CriticalOptions {
+	for opt := range cert.CriticalOptions {
 		// sourceAddressCriticalOption will be enforced by
 		// serverAuthenticate
 		if opt == sourceAddressCriticalOption {
@@ -395,8 +414,8 @@ func (c *CertChecker) CheckCert(principal string, cert *Certificate) error {
 	return nil
 }
 
-// SignCert sets c.SignatureKey to the authority's public key and stores a
-// Signature, by authority, in the certificate.
+// SignCert signs the certificate with an authority, setting the Nonce,
+// SignatureKey, and Signature fields.
 func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {
 	c.Nonce = make([]byte, 32)
 	if _, err := io.ReadFull(rand, c.Nonce); err != nil {
@@ -413,12 +432,14 @@ func (c *Certificate) SignCert(rand io.Reader, authority Signer) error {
 }
 
 var certAlgoNames = map[string]string{
-	KeyAlgoRSA:      CertAlgoRSAv01,
-	KeyAlgoDSA:      CertAlgoDSAv01,
-	KeyAlgoECDSA256: CertAlgoECDSA256v01,
-	KeyAlgoECDSA384: CertAlgoECDSA384v01,
-	KeyAlgoECDSA521: CertAlgoECDSA521v01,
-	KeyAlgoED25519:  CertAlgoED25519v01,
+	KeyAlgoRSA:        CertAlgoRSAv01,
+	KeyAlgoDSA:        CertAlgoDSAv01,
+	KeyAlgoECDSA256:   CertAlgoECDSA256v01,
+	KeyAlgoECDSA384:   CertAlgoECDSA384v01,
+	KeyAlgoECDSA521:   CertAlgoECDSA521v01,
+	KeyAlgoSKECDSA256: CertAlgoSKECDSA256v01,
+	KeyAlgoED25519:    CertAlgoED25519v01,
+	KeyAlgoSKED25519:  CertAlgoSKED25519v01,
 }
 
 // certToPrivAlgo returns the underlying algorithm for a certificate algorithm.
@@ -502,6 +523,12 @@ func parseSignatureBody(in []byte) (out *Signature, rest []byte, ok bool) {
 		return
 	}
 
+	switch out.Format {
+	case KeyAlgoSKECDSA256, CertAlgoSKECDSA256v01, KeyAlgoSKED25519, CertAlgoSKED25519v01:
+		out.Rest = in
+		return out, nil, ok
+	}
+
 	return out, in, ok
 }
 
diff --git a/ssh/certs_test.go b/ssh/certs_test.go
index 0200531f4..c8e7cf585 100644
--- a/ssh/certs_test.go
+++ b/ssh/certs_test.go
@@ -6,10 +6,15 @@ package ssh
 
 import (
 	"bytes"
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
+	"net"
 	"reflect"
 	"testing"
 	"time"
+
+	"golang.org/x/crypto/ssh/testdata"
 )
 
 // Cert generated by ssh-keygen 6.0p1 Debian-4.
@@ -220,3 +225,111 @@ func TestHostKeyCert(t *testing.T) {
 		}
 	}
 }
+
+func TestCertTypes(t *testing.T) {
+	var testVars = []struct {
+		name string
+		keys func() Signer
+	}{
+		{
+			name: CertAlgoECDSA256v01,
+			keys: func() Signer {
+				s, _ := ParsePrivateKey(testdata.PEMBytes["ecdsap256"])
+				return s
+			},
+		},
+		{
+			name: CertAlgoECDSA384v01,
+			keys: func() Signer {
+				s, _ := ParsePrivateKey(testdata.PEMBytes["ecdsap384"])
+				return s
+			},
+		},
+		{
+			name: CertAlgoECDSA521v01,
+			keys: func() Signer {
+				s, _ := ParsePrivateKey(testdata.PEMBytes["ecdsap521"])
+				return s
+			},
+		},
+		{
+			name: CertAlgoED25519v01,
+			keys: func() Signer {
+				s, _ := ParsePrivateKey(testdata.PEMBytes["ed25519"])
+				return s
+			},
+		},
+		{
+			name: CertAlgoRSAv01,
+			keys: func() Signer {
+				s, _ := ParsePrivateKey(testdata.PEMBytes["rsa"])
+				return s
+			},
+		},
+		{
+			name: CertAlgoDSAv01,
+			keys: func() Signer {
+				s, _ := ParsePrivateKey(testdata.PEMBytes["dsa"])
+				return s
+			},
+		},
+	}
+
+	k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	if err != nil {
+		t.Fatalf("error generating host key: %v", err)
+	}
+
+	signer, err := NewSignerFromKey(k)
+	if err != nil {
+		t.Fatalf("error generating signer for ssh listener: %v", err)
+	}
+
+	conf := &ServerConfig{
+		PublicKeyCallback: func(c ConnMetadata, k PublicKey) (*Permissions, error) {
+			return new(Permissions), nil
+		},
+	}
+	conf.AddHostKey(signer)
+
+	for _, m := range testVars {
+		t.Run(m.name, func(t *testing.T) {
+
+			c1, c2, err := netPipe()
+			if err != nil {
+				t.Fatalf("netPipe: %v", err)
+			}
+			defer c1.Close()
+			defer c2.Close()
+
+			go NewServerConn(c1, conf)
+
+			priv := m.keys()
+			if err != nil {
+				t.Fatalf("error generating ssh pubkey: %v", err)
+			}
+
+			cert := &Certificate{
+				CertType: UserCert,
+				Key:      priv.PublicKey(),
+			}
+			cert.SignCert(rand.Reader, priv)
+
+			certSigner, err := NewCertSigner(cert, priv)
+			if err != nil {
+				t.Fatalf("error generating cert signer: %v", err)
+			}
+
+			config := &ClientConfig{
+				User:            "user",
+				HostKeyCallback: func(h string, r net.Addr, k PublicKey) error { return nil },
+				Auth:            []AuthMethod{PublicKeys(certSigner)},
+			}
+
+			_, _, _, err = NewClientConn(c2, "", config)
+			if err != nil {
+				t.Fatalf("error connecting: %v", err)
+			}
+		})
+	}
+}
diff --git a/ssh/channel.go b/ssh/channel.go
index 195530ea0..c0834c00d 100644
--- a/ssh/channel.go
+++ b/ssh/channel.go
@@ -205,32 +205,32 @@ type channel struct {
 
 // writePacket sends a packet. If the packet is a channel close, it updates
 // sentClose. This method takes the lock c.writeMu.
-func (c *channel) writePacket(packet []byte) error {
-	c.writeMu.Lock()
-	if c.sentClose {
-		c.writeMu.Unlock()
+func (ch *channel) writePacket(packet []byte) error {
+	ch.writeMu.Lock()
+	if ch.sentClose {
+		ch.writeMu.Unlock()
 		return io.EOF
 	}
-	c.sentClose = (packet[0] == msgChannelClose)
-	err := c.mux.conn.writePacket(packet)
-	c.writeMu.Unlock()
+	ch.sentClose = (packet[0] == msgChannelClose)
+	err := ch.mux.conn.writePacket(packet)
+	ch.writeMu.Unlock()
 	return err
 }
 
-func (c *channel) sendMessage(msg interface{}) error {
+func (ch *channel) sendMessage(msg interface{}) error {
 	if debugMux {
-		log.Printf("send(%d): %#v", c.mux.chanList.offset, msg)
+		log.Printf("send(%d): %#v", ch.mux.chanList.offset, msg)
 	}
 
 	p := Marshal(msg)
-	binary.BigEndian.PutUint32(p[1:], c.remoteId)
-	return c.writePacket(p)
+	binary.BigEndian.PutUint32(p[1:], ch.remoteId)
+	return ch.writePacket(p)
 }
 
 // WriteExtended writes data to a specific extended stream. These streams are
 // used, for example, for stderr.
-func (c *channel) WriteExtended(data []byte, extendedCode uint32) (n int, err error) {
-	if c.sentEOF {
+func (ch *channel) WriteExtended(data []byte, extendedCode uint32) (n int, err error) {
+	if ch.sentEOF {
 		return 0, io.EOF
 	}
 	// 1 byte message type, 4 bytes remoteId, 4 bytes data length
@@ -241,16 +241,16 @@ func (c *channel) WriteExtended(data []byte, extendedCode uint32) (n int, err er
 		opCode = msgChannelExtendedData
 	}
 
-	c.writeMu.Lock()
-	packet := c.packetPool[extendedCode]
+	ch.writeMu.Lock()
+	packet := ch.packetPool[extendedCode]
 	// We don't remove the buffer from packetPool, so
 	// WriteExtended calls from different goroutines will be
 	// flagged as errors by the race detector.
-	c.writeMu.Unlock()
+	ch.writeMu.Unlock()
 
 	for len(data) > 0 {
-		space := min(c.maxRemotePayload, len(data))
-		if space, err = c.remoteWin.reserve(space); err != nil {
+		space := min(ch.maxRemotePayload, len(data))
+		if space, err = ch.remoteWin.reserve(space); err != nil {
 			return n, err
 		}
 		if want := headerLength + space; uint32(cap(packet)) < want {
@@ -262,13 +262,13 @@ func (c *channel) WriteExtended(data []byte, extendedCode uint32) (n int, err er
 		todo := data[:space]
 
 		packet[0] = opCode
-		binary.BigEndian.PutUint32(packet[1:], c.remoteId)
+		binary.BigEndian.PutUint32(packet[1:], ch.remoteId)
 		if extendedCode > 0 {
 			binary.BigEndian.PutUint32(packet[5:], uint32(extendedCode))
 		}
 		binary.BigEndian.PutUint32(packet[headerLength-4:], uint32(len(todo)))
 		copy(packet[headerLength:], todo)
-		if err = c.writePacket(packet); err != nil {
+		if err = ch.writePacket(packet); err != nil {
 			return n, err
 		}
 
@@ -276,14 +276,14 @@ func (c *channel) WriteExtended(data []byte, extendedCode uint32) (n int, err er
 		data = data[len(todo):]
 	}
 
-	c.writeMu.Lock()
-	c.packetPool[extendedCode] = packet
-	c.writeMu.Unlock()
+	ch.writeMu.Lock()
+	ch.packetPool[extendedCode] = packet
+	ch.writeMu.Unlock()
 
 	return n, err
 }
 
-func (c *channel) handleData(packet []byte) error {
+func (ch *channel) handleData(packet []byte) error {
 	headerLen := 9
 	isExtendedData := packet[0] == msgChannelExtendedData
 	if isExtendedData {
@@ -303,7 +303,7 @@ func (c *channel) handleData(packet []byte) error {
 	if length == 0 {
 		return nil
 	}
-	if length > c.maxIncomingPayload {
+	if length > ch.maxIncomingPayload {
 		// TODO(hanwen): should send Disconnect?
 		return errors.New("ssh: incoming packet exceeds maximum payload size")
 	}
@@ -313,21 +313,21 @@ func (c *channel) handleData(packet []byte) error {
 		return errors.New("ssh: wrong packet length")
 	}
 
-	c.windowMu.Lock()
-	if c.myWindow < length {
-		c.windowMu.Unlock()
+	ch.windowMu.Lock()
+	if ch.myWindow < length {
+		ch.windowMu.Unlock()
 		// TODO(hanwen): should send Disconnect with reason?
 		return errors.New("ssh: remote side wrote too much")
 	}
-	c.myWindow -= length
-	c.windowMu.Unlock()
+	ch.myWindow -= length
+	ch.windowMu.Unlock()
 
 	if extended == 1 {
-		c.extPending.write(data)
+		ch.extPending.write(data)
 	} else if extended > 0 {
 		// discard other extended data.
 	} else {
-		c.pending.write(data)
+		ch.pending.write(data)
 	}
 	return nil
 }
@@ -384,31 +384,31 @@ func (c *channel) close() {
 // responseMessageReceived is called when a success or failure message is
 // received on a channel to check that such a message is reasonable for the
 // given channel.
-func (c *channel) responseMessageReceived() error {
-	if c.direction == channelInbound {
+func (ch *channel) responseMessageReceived() error {
+	if ch.direction == channelInbound {
 		return errors.New("ssh: channel response message received on inbound channel")
 	}
-	if c.decided {
+	if ch.decided {
 		return errors.New("ssh: duplicate response received for channel")
 	}
-	c.decided = true
+	ch.decided = true
 	return nil
 }
 
-func (c *channel) handlePacket(packet []byte) error {
+func (ch *channel) handlePacket(packet []byte) error {
 	switch packet[0] {
 	case msgChannelData, msgChannelExtendedData:
-		return c.handleData(packet)
+		return ch.handleData(packet)
 	case msgChannelClose:
-		c.sendMessage(channelCloseMsg{PeersId: c.remoteId})
-		c.mux.chanList.remove(c.localId)
-		c.close()
+		ch.sendMessage(channelCloseMsg{PeersID: ch.remoteId})
+		ch.mux.chanList.remove(ch.localId)
+		ch.close()
 		return nil
 	case msgChannelEOF:
 		// RFC 4254 is mute on how EOF affects dataExt messages but
 		// it is logical to signal EOF at the same time.
-		c.extPending.eof()
-		c.pending.eof()
+		ch.extPending.eof()
+		ch.pending.eof()
 		return nil
 	}
 
@@ -419,24 +419,24 @@ func (c *channel) handlePacket(packet []byte) error {
 
 	switch msg := decoded.(type) {
 	case *channelOpenFailureMsg:
-		if err := c.responseMessageReceived(); err != nil {
+		if err := ch.responseMessageReceived(); err != nil {
 			return err
 		}
-		c.mux.chanList.remove(msg.PeersId)
-		c.msg <- msg
+		ch.mux.chanList.remove(msg.PeersID)
+		ch.msg <- msg
 	case *channelOpenConfirmMsg:
-		if err := c.responseMessageReceived(); err != nil {
+		if err := ch.responseMessageReceived(); err != nil {
 			return err
 		}
 		if msg.MaxPacketSize < minPacketLength || msg.MaxPacketSize > 1<<31 {
 			return fmt.Errorf("ssh: invalid MaxPacketSize %d from peer", msg.MaxPacketSize)
 		}
-		c.remoteId = msg.MyId
-		c.maxRemotePayload = msg.MaxPacketSize
-		c.remoteWin.add(msg.MyWindow)
-		c.msg <- msg
+		ch.remoteId = msg.MyID
+		ch.maxRemotePayload = msg.MaxPacketSize
+		ch.remoteWin.add(msg.MyWindow)
+		ch.msg <- msg
 	case *windowAdjustMsg:
-		if !c.remoteWin.add(msg.AdditionalBytes) {
+		if !ch.remoteWin.add(msg.AdditionalBytes) {
 			return fmt.Errorf("ssh: invalid window update for %d bytes", msg.AdditionalBytes)
 		}
 	case *channelRequestMsg:
@@ -444,12 +444,12 @@ func (c *channel) handlePacket(packet []byte) error {
 			Type:      msg.Request,
 			WantReply: msg.WantReply,
 			Payload:   msg.RequestSpecificData,
-			ch:        c,
+			ch:        ch,
 		}
 
-		c.incomingRequests <- &req
+		ch.incomingRequests <- &req
 	default:
-		c.msg <- msg
+		ch.msg <- msg
 	}
 	return nil
 }
@@ -488,23 +488,23 @@ func (e *extChannel) Read(data []byte) (n int, err error) {
 	return e.ch.ReadExtended(data, e.code)
 }
 
-func (c *channel) Accept() (Channel, <-chan *Request, error) {
-	if c.decided {
+func (ch *channel) Accept() (Channel, <-chan *Request, error) {
+	if ch.decided {
 		return nil, nil, errDecidedAlready
 	}
-	c.maxIncomingPayload = channelMaxPacket
+	ch.maxIncomingPayload = channelMaxPacket
 	confirm := channelOpenConfirmMsg{
-		PeersId:       c.remoteId,
-		MyId:          c.localId,
-		MyWindow:      c.myWindow,
-		MaxPacketSize: c.maxIncomingPayload,
+		PeersID:       ch.remoteId,
+		MyID:          ch.localId,
+		MyWindow:      ch.myWindow,
+		MaxPacketSize: ch.maxIncomingPayload,
 	}
-	c.decided = true
-	if err := c.sendMessage(confirm); err != nil {
+	ch.decided = true
+	if err := ch.sendMessage(confirm); err != nil {
 		return nil, nil, err
 	}
 
-	return c, c.incomingRequests, nil
+	return ch, ch.incomingRequests, nil
 }
 
 func (ch *channel) Reject(reason RejectionReason, message string) error {
@@ -512,7 +512,7 @@ func (ch *channel) Reject(reason RejectionReason, message string) error {
 		return errDecidedAlready
 	}
 	reject := channelOpenFailureMsg{
-		PeersId:  ch.remoteId,
+		PeersID:  ch.remoteId,
 		Reason:   reason,
 		Message:  message,
 		Language: "en",
@@ -541,7 +541,7 @@ func (ch *channel) CloseWrite() error {
 	}
 	ch.sentEOF = true
 	return ch.sendMessage(channelEOFMsg{
-		PeersId: ch.remoteId})
+		PeersID: ch.remoteId})
 }
 
 func (ch *channel) Close() error {
@@ -550,7 +550,7 @@ func (ch *channel) Close() error {
 	}
 
 	return ch.sendMessage(channelCloseMsg{
-		PeersId: ch.remoteId})
+		PeersID: ch.remoteId})
 }
 
 // Extended returns an io.ReadWriter that sends and receives data on the given,
@@ -577,7 +577,7 @@ func (ch *channel) SendRequest(name string, wantReply bool, payload []byte) (boo
 	}
 
 	msg := channelRequestMsg{
-		PeersId:             ch.remoteId,
+		PeersID:             ch.remoteId,
 		Request:             name,
 		WantReply:           wantReply,
 		RequestSpecificData: payload,
@@ -614,11 +614,11 @@ func (ch *channel) ackRequest(ok bool) error {
 	var msg interface{}
 	if !ok {
 		msg = channelRequestFailureMsg{
-			PeersId: ch.remoteId,
+			PeersID: ch.remoteId,
 		}
 	} else {
 		msg = channelRequestSuccessMsg{
-			PeersId: ch.remoteId,
+			PeersID: ch.remoteId,
 		}
 	}
 	return ch.sendMessage(msg)
diff --git a/ssh/cipher.go b/ssh/cipher.go
index 22bb30ccd..bddbde5db 100644
--- a/ssh/cipher.go
+++ b/ssh/cipher.go
@@ -16,6 +16,9 @@ import (
 	"hash"
 	"io"
 	"io/ioutil"
+
+	"golang.org/x/crypto/chacha20"
+	"golang.org/x/crypto/internal/poly1305"
 )
 
 const (
@@ -53,78 +56,78 @@ func newRC4(key, iv []byte) (cipher.Stream, error) {
 	return rc4.NewCipher(key)
 }
 
-type streamCipherMode struct {
-	keySize    int
-	ivSize     int
-	skip       int
-	createFunc func(key, iv []byte) (cipher.Stream, error)
+type cipherMode struct {
+	keySize int
+	ivSize  int
+	create  func(key, iv []byte, macKey []byte, algs directionAlgorithms) (packetCipher, error)
 }
 
-func (c *streamCipherMode) createStream(key, iv []byte) (cipher.Stream, error) {
-	if len(key) < c.keySize {
-		panic("ssh: key length too small for cipher")
-	}
-	if len(iv) < c.ivSize {
-		panic("ssh: iv too small for cipher")
-	}
-
-	stream, err := c.createFunc(key[:c.keySize], iv[:c.ivSize])
-	if err != nil {
-		return nil, err
-	}
+func streamCipherMode(skip int, createFunc func(key, iv []byte) (cipher.Stream, error)) func(key, iv []byte, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+	return func(key, iv, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+		stream, err := createFunc(key, iv)
+		if err != nil {
+			return nil, err
+		}
 
-	var streamDump []byte
-	if c.skip > 0 {
-		streamDump = make([]byte, 512)
-	}
+		var streamDump []byte
+		if skip > 0 {
+			streamDump = make([]byte, 512)
+		}
 
-	for remainingToDump := c.skip; remainingToDump > 0; {
-		dumpThisTime := remainingToDump
-		if dumpThisTime > len(streamDump) {
-			dumpThisTime = len(streamDump)
+		for remainingToDump := skip; remainingToDump > 0; {
+			dumpThisTime := remainingToDump
+			if dumpThisTime > len(streamDump) {
+				dumpThisTime = len(streamDump)
+			}
+			stream.XORKeyStream(streamDump[:dumpThisTime], streamDump[:dumpThisTime])
+			remainingToDump -= dumpThisTime
 		}
-		stream.XORKeyStream(streamDump[:dumpThisTime], streamDump[:dumpThisTime])
-		remainingToDump -= dumpThisTime
-	}
 
-	return stream, nil
+		mac := macModes[algs.MAC].new(macKey)
+		return &streamPacketCipher{
+			mac:       mac,
+			etm:       macModes[algs.MAC].etm,
+			macResult: make([]byte, mac.Size()),
+			cipher:    stream,
+		}, nil
+	}
 }
 
 // cipherModes documents properties of supported ciphers. Ciphers not included
 // are not supported and will not be negotiated, even if explicitly requested in
 // ClientConfig.Crypto.Ciphers.
-var cipherModes = map[string]*streamCipherMode{
+var cipherModes = map[string]*cipherMode{
 	// Ciphers from RFC4344, which introduced many CTR-based ciphers. Algorithms
 	// are defined in the order specified in the RFC.
-	"aes128-ctr": {16, aes.BlockSize, 0, newAESCTR},
-	"aes192-ctr": {24, aes.BlockSize, 0, newAESCTR},
-	"aes256-ctr": {32, aes.BlockSize, 0, newAESCTR},
+	"aes128-ctr": {16, aes.BlockSize, streamCipherMode(0, newAESCTR)},
+	"aes192-ctr": {24, aes.BlockSize, streamCipherMode(0, newAESCTR)},
+	"aes256-ctr": {32, aes.BlockSize, streamCipherMode(0, newAESCTR)},
 
 	// Ciphers from RFC4345, which introduces security-improved arcfour ciphers.
 	// They are defined in the order specified in the RFC.
-	"arcfour128": {16, 0, 1536, newRC4},
-	"arcfour256": {32, 0, 1536, newRC4},
+	"arcfour128": {16, 0, streamCipherMode(1536, newRC4)},
+	"arcfour256": {32, 0, streamCipherMode(1536, newRC4)},
 
 	// Cipher defined in RFC 4253, which describes SSH Transport Layer Protocol.
 	// Note that this cipher is not safe, as stated in RFC 4253: "Arcfour (and
 	// RC4) has problems with weak keys, and should be used with caution."
 	// RFC4345 introduces improved versions of Arcfour.
-	"arcfour": {16, 0, 0, newRC4},
+	"arcfour": {16, 0, streamCipherMode(0, newRC4)},
 
-	// AES-GCM is not a stream cipher, so it is constructed with a
-	// special case. If we add any more non-stream ciphers, we
-	// should invest a cleaner way to do this.
-	gcmCipherID: {16, 12, 0, nil},
+	// AEAD ciphers
+	gcmCipherID:        {16, 12, newGCMCipher},
+	chacha20Poly1305ID: {64, 0, newChaCha20Cipher},
 
 	// CBC mode is insecure and so is not included in the default config.
-	// (See http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf). If absolutely
+	// (See https://www.ieee-security.org/TC/SP2013/papers/4977a526.pdf). If absolutely
 	// needed, it's possible to specify a custom Config to enable it.
 	// You should expect that an active attacker can recover plaintext if
 	// you do.
-	aes128cbcID: {16, aes.BlockSize, 0, nil},
+	aes128cbcID: {16, aes.BlockSize, newAESCBCCipher},
 
-	// 3des-cbc is insecure and is disabled by default.
-	tripledescbcID: {24, des.BlockSize, 0, nil},
+	// 3des-cbc is insecure and is not included in the default
+	// config.
+	tripledescbcID: {24, des.BlockSize, newTripleDESCBCCipher},
 }
 
 // prefixLen is the length of the packet prefix that contains the packet length
@@ -145,8 +148,8 @@ type streamPacketCipher struct {
 	macResult   []byte
 }
 
-// readPacket reads and decrypt a single packet from the reader argument.
-func (s *streamPacketCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+// readCipherPacket reads and decrypt a single packet from the reader argument.
+func (s *streamPacketCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
 	if _, err := io.ReadFull(r, s.prefix[:]); err != nil {
 		return nil, err
 	}
@@ -217,8 +220,8 @@ func (s *streamPacketCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, err
 	return s.packetData[:length-paddingLength-1], nil
 }
 
-// writePacket encrypts and sends a packet of data to the writer argument
-func (s *streamPacketCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
+// writeCipherPacket encrypts and sends a packet of data to the writer argument
+func (s *streamPacketCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
 	if len(packet) > maxPacket {
 		return errors.New("ssh: packet too large")
 	}
@@ -304,7 +307,7 @@ type gcmCipher struct {
 	buf    []byte
 }
 
-func newGCMCipher(iv, key, macKey []byte) (packetCipher, error) {
+func newGCMCipher(key, iv, unusedMacKey []byte, unusedAlgs directionAlgorithms) (packetCipher, error) {
 	c, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err
@@ -323,7 +326,7 @@ func newGCMCipher(iv, key, macKey []byte) (packetCipher, error) {
 
 const gcmTagSize = 16
 
-func (c *gcmCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
+func (c *gcmCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
 	// Pad out to multiple of 16 bytes. This is different from the
 	// stream cipher because that encrypts the length too.
 	padding := byte(packetSizeMultiple - (1+len(packet))%packetSizeMultiple)
@@ -366,13 +369,13 @@ func (c *gcmCipher) incIV() {
 	}
 }
 
-func (c *gcmCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+func (c *gcmCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
 	if _, err := io.ReadFull(r, c.prefix[:]); err != nil {
 		return nil, err
 	}
 	length := binary.BigEndian.Uint32(c.prefix[:])
 	if length > maxPacket {
-		return nil, errors.New("ssh: max packet length exceeded.")
+		return nil, errors.New("ssh: max packet length exceeded")
 	}
 
 	if cap(c.buf) < int(length+gcmTagSize) {
@@ -422,7 +425,7 @@ type cbcCipher struct {
 	oracleCamouflage uint32
 }
 
-func newCBCCipher(c cipher.Block, iv, key, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+func newCBCCipher(c cipher.Block, key, iv, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
 	cbc := &cbcCipher{
 		mac:        macModes[algs.MAC].new(macKey),
 		decrypter:  cipher.NewCBCDecrypter(c, iv),
@@ -436,13 +439,13 @@ func newCBCCipher(c cipher.Block, iv, key, macKey []byte, algs directionAlgorith
 	return cbc, nil
 }
 
-func newAESCBCCipher(iv, key, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+func newAESCBCCipher(key, iv, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
 	c, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err
 	}
 
-	cbc, err := newCBCCipher(c, iv, key, macKey, algs)
+	cbc, err := newCBCCipher(c, key, iv, macKey, algs)
 	if err != nil {
 		return nil, err
 	}
@@ -450,13 +453,13 @@ func newAESCBCCipher(iv, key, macKey []byte, algs directionAlgorithms) (packetCi
 	return cbc, nil
 }
 
-func newTripleDESCBCCipher(iv, key, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
+func newTripleDESCBCCipher(key, iv, macKey []byte, algs directionAlgorithms) (packetCipher, error) {
 	c, err := des.NewTripleDESCipher(key)
 	if err != nil {
 		return nil, err
 	}
 
-	cbc, err := newCBCCipher(c, iv, key, macKey, algs)
+	cbc, err := newCBCCipher(c, key, iv, macKey, algs)
 	if err != nil {
 		return nil, err
 	}
@@ -482,8 +485,8 @@ type cbcError string
 
 func (e cbcError) Error() string { return string(e) }
 
-func (c *cbcCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
-	p, err := c.readPacketLeaky(seqNum, r)
+func (c *cbcCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+	p, err := c.readCipherPacketLeaky(seqNum, r)
 	if err != nil {
 		if _, ok := err.(cbcError); ok {
 			// Verification error: read a fixed amount of
@@ -496,7 +499,7 @@ func (c *cbcCipher) readPacket(seqNum uint32, r io.Reader) ([]byte, error) {
 	return p, err
 }
 
-func (c *cbcCipher) readPacketLeaky(seqNum uint32, r io.Reader) ([]byte, error) {
+func (c *cbcCipher) readCipherPacketLeaky(seqNum uint32, r io.Reader) ([]byte, error) {
 	blockSize := c.decrypter.BlockSize()
 
 	// Read the header, which will include some of the subsequent data in the
@@ -548,11 +551,11 @@ func (c *cbcCipher) readPacketLeaky(seqNum uint32, r io.Reader) ([]byte, error)
 		c.packetData = c.packetData[:entirePacketSize]
 	}
 
-	if n, err := io.ReadFull(r, c.packetData[firstBlockLength:]); err != nil {
+	n, err := io.ReadFull(r, c.packetData[firstBlockLength:])
+	if err != nil {
 		return nil, err
-	} else {
-		c.oracleCamouflage -= uint32(n)
 	}
+	c.oracleCamouflage -= uint32(n)
 
 	remainingCrypted := c.packetData[firstBlockLength:macStart]
 	c.decrypter.CryptBlocks(remainingCrypted, remainingCrypted)
@@ -572,7 +575,7 @@ func (c *cbcCipher) readPacketLeaky(seqNum uint32, r io.Reader) ([]byte, error)
 	return c.packetData[prefixLen:paddingStart], nil
 }
 
-func (c *cbcCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
+func (c *cbcCipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, packet []byte) error {
 	effectiveBlockSize := maxUInt32(cbcMinPacketSizeMultiple, c.encrypter.BlockSize())
 
 	// Length of encrypted portion of the packet (header, payload, padding).
@@ -627,3 +630,152 @@ func (c *cbcCipher) writePacket(seqNum uint32, w io.Writer, rand io.Reader, pack
 
 	return nil
 }
+
+const chacha20Poly1305ID = "chacha20-poly1305@openssh.com"
+
+// chacha20Poly1305Cipher implements the chacha20-poly1305@openssh.com
+// AEAD, which is described here:
+//
+//   https://tools.ietf.org/html/draft-josefsson-ssh-chacha20-poly1305-openssh-00
+//
+// the methods here also implement padding, which RFC4253 Section 6
+// also requires of stream ciphers.
+type chacha20Poly1305Cipher struct {
+	lengthKey  [32]byte
+	contentKey [32]byte
+	buf        []byte
+}
+
+func newChaCha20Cipher(key, unusedIV, unusedMACKey []byte, unusedAlgs directionAlgorithms) (packetCipher, error) {
+	if len(key) != 64 {
+		panic(len(key))
+	}
+
+	c := &chacha20Poly1305Cipher{
+		buf: make([]byte, 256),
+	}
+
+	copy(c.contentKey[:], key[:32])
+	copy(c.lengthKey[:], key[32:])
+	return c, nil
+}
+
+func (c *chacha20Poly1305Cipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) {
+	nonce := make([]byte, 12)
+	binary.BigEndian.PutUint32(nonce[8:], seqNum)
+	s, err := chacha20.NewUnauthenticatedCipher(c.contentKey[:], nonce)
+	if err != nil {
+		return nil, err
+	}
+	var polyKey, discardBuf [32]byte
+	s.XORKeyStream(polyKey[:], polyKey[:])
+	s.XORKeyStream(discardBuf[:], discardBuf[:]) // skip the next 32 bytes
+
+	encryptedLength := c.buf[:4]
+	if _, err := io.ReadFull(r, encryptedLength); err != nil {
+		return nil, err
+	}
+
+	var lenBytes [4]byte
+	ls, err := chacha20.NewUnauthenticatedCipher(c.lengthKey[:], nonce)
+	if err != nil {
+		return nil, err
+	}
+	ls.XORKeyStream(lenBytes[:], encryptedLength)
+
+	length := binary.BigEndian.Uint32(lenBytes[:])
+	if length > maxPacket {
+		return nil, errors.New("ssh: invalid packet length, packet too large")
+	}
+
+	contentEnd := 4 + length
+	packetEnd := contentEnd + poly1305.TagSize
+	if uint32(cap(c.buf)) < packetEnd {
+		c.buf = make([]byte, packetEnd)
+		copy(c.buf[:], encryptedLength)
+	} else {
+		c.buf = c.buf[:packetEnd]
+	}
+
+	if _, err := io.ReadFull(r, c.buf[4:packetEnd]); err != nil {
+		return nil, err
+	}
+
+	var mac [poly1305.TagSize]byte
+	copy(mac[:], c.buf[contentEnd:packetEnd])
+	if !poly1305.Verify(&mac, c.buf[:contentEnd], &polyKey) {
+		return nil, errors.New("ssh: MAC failure")
+	}
+
+	plain := c.buf[4:contentEnd]
+	s.XORKeyStream(plain, plain)
+
+	padding := plain[0]
+	if padding < 4 {
+		// padding is a byte, so it automatically satisfies
+		// the maximum size, which is 255.
+		return nil, fmt.Errorf("ssh: illegal padding %d", padding)
+	}
+
+	if int(padding)+1 >= len(plain) {
+		return nil, fmt.Errorf("ssh: padding %d too large", padding)
+	}
+
+	plain = plain[1 : len(plain)-int(padding)]
+
+	return plain, nil
+}
+
+func (c *chacha20Poly1305Cipher) writeCipherPacket(seqNum uint32, w io.Writer, rand io.Reader, payload []byte) error {
+	nonce := make([]byte, 12)
+	binary.BigEndian.PutUint32(nonce[8:], seqNum)
+	s, err := chacha20.NewUnauthenticatedCipher(c.contentKey[:], nonce)
+	if err != nil {
+		return err
+	}
+	var polyKey, discardBuf [32]byte
+	s.XORKeyStream(polyKey[:], polyKey[:])
+	s.XORKeyStream(discardBuf[:], discardBuf[:]) // skip the next 32 bytes
+
+	// There is no blocksize, so fall back to multiple of 8 byte
+	// padding, as described in RFC 4253, Sec 6.
+	const packetSizeMultiple = 8
+
+	padding := packetSizeMultiple - (1+len(payload))%packetSizeMultiple
+	if padding < 4 {
+		padding += packetSizeMultiple
+	}
+
+	// size (4 bytes), padding (1), payload, padding, tag.
+	totalLength := 4 + 1 + len(payload) + padding + poly1305.TagSize
+	if cap(c.buf) < totalLength {
+		c.buf = make([]byte, totalLength)
+	} else {
+		c.buf = c.buf[:totalLength]
+	}
+
+	binary.BigEndian.PutUint32(c.buf, uint32(1+len(payload)+padding))
+	ls, err := chacha20.NewUnauthenticatedCipher(c.lengthKey[:], nonce)
+	if err != nil {
+		return err
+	}
+	ls.XORKeyStream(c.buf, c.buf[:4])
+	c.buf[4] = byte(padding)
+	copy(c.buf[5:], payload)
+	packetEnd := 5 + len(payload) + padding
+	if _, err := io.ReadFull(rand, c.buf[5+len(payload):packetEnd]); err != nil {
+		return err
+	}
+
+	s.XORKeyStream(c.buf[4:], c.buf[4:packetEnd])
+
+	var mac [poly1305.TagSize]byte
+	poly1305.Sum(&mac, c.buf[:packetEnd], &polyKey)
+
+	copy(c.buf[packetEnd:], mac[:])
+
+	if _, err := w.Write(c.buf); err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/ssh/cipher_test.go b/ssh/cipher_test.go
index 5cfa17a62..70a2b5b5c 100644
--- a/ssh/cipher_test.go
+++ b/ssh/cipher_test.go
@@ -7,7 +7,6 @@ package ssh
 import (
 	"bytes"
 	"crypto"
-	"crypto/aes"
 	"crypto/rand"
 	"testing"
 )
@@ -15,60 +14,63 @@ import (
 func TestDefaultCiphersExist(t *testing.T) {
 	for _, cipherAlgo := range supportedCiphers {
 		if _, ok := cipherModes[cipherAlgo]; !ok {
-			t.Errorf("default cipher %q is unknown", cipherAlgo)
+			t.Errorf("supported cipher %q is unknown", cipherAlgo)
+		}
+	}
+	for _, cipherAlgo := range preferredCiphers {
+		if _, ok := cipherModes[cipherAlgo]; !ok {
+			t.Errorf("preferred cipher %q is unknown", cipherAlgo)
 		}
 	}
 }
 
 func TestPacketCiphers(t *testing.T) {
-	// Still test aes128cbc cipher although it's commented out.
-	cipherModes[aes128cbcID] = &streamCipherMode{16, aes.BlockSize, 0, nil}
-	defer delete(cipherModes, aes128cbcID)
-
+	defaultMac := "hmac-sha2-256"
+	defaultCipher := "aes128-ctr"
 	for cipher := range cipherModes {
-		for mac := range macModes {
-			kr := &kexResult{Hash: crypto.SHA1}
-			algs := directionAlgorithms{
-				Cipher:      cipher,
-				MAC:         mac,
-				Compression: "none",
-			}
-			client, err := newPacketCipher(clientKeys, algs, kr)
-			if err != nil {
-				t.Errorf("newPacketCipher(client, %q, %q): %v", cipher, mac, err)
-				continue
-			}
-			server, err := newPacketCipher(clientKeys, algs, kr)
-			if err != nil {
-				t.Errorf("newPacketCipher(client, %q, %q): %v", cipher, mac, err)
-				continue
-			}
-
-			want := "bla bla"
-			input := []byte(want)
-			buf := &bytes.Buffer{}
-			if err := client.writePacket(0, buf, rand.Reader, input); err != nil {
-				t.Errorf("writePacket(%q, %q): %v", cipher, mac, err)
-				continue
-			}
-
-			packet, err := server.readPacket(0, buf)
-			if err != nil {
-				t.Errorf("readPacket(%q, %q): %v", cipher, mac, err)
-				continue
-			}
-
-			if string(packet) != want {
-				t.Errorf("roundtrip(%q, %q): got %q, want %q", cipher, mac, packet, want)
-			}
-		}
+		t.Run("cipher="+cipher,
+			func(t *testing.T) { testPacketCipher(t, cipher, defaultMac) })
+	}
+	for mac := range macModes {
+		t.Run("mac="+mac,
+			func(t *testing.T) { testPacketCipher(t, defaultCipher, mac) })
 	}
 }
 
-func TestCBCOracleCounterMeasure(t *testing.T) {
-	cipherModes[aes128cbcID] = &streamCipherMode{16, aes.BlockSize, 0, nil}
-	defer delete(cipherModes, aes128cbcID)
+func testPacketCipher(t *testing.T, cipher, mac string) {
+	kr := &kexResult{Hash: crypto.SHA1}
+	algs := directionAlgorithms{
+		Cipher:      cipher,
+		MAC:         mac,
+		Compression: "none",
+	}
+	client, err := newPacketCipher(clientKeys, algs, kr)
+	if err != nil {
+		t.Fatalf("newPacketCipher(client, %q, %q): %v", cipher, mac, err)
+	}
+	server, err := newPacketCipher(clientKeys, algs, kr)
+	if err != nil {
+		t.Fatalf("newPacketCipher(client, %q, %q): %v", cipher, mac, err)
+	}
+
+	want := "bla bla"
+	input := []byte(want)
+	buf := &bytes.Buffer{}
+	if err := client.writeCipherPacket(0, buf, rand.Reader, input); err != nil {
+		t.Fatalf("writeCipherPacket(%q, %q): %v", cipher, mac, err)
+	}
 
+	packet, err := server.readCipherPacket(0, buf)
+	if err != nil {
+		t.Fatalf("readCipherPacket(%q, %q): %v", cipher, mac, err)
+	}
+
+	if string(packet) != want {
+		t.Errorf("roundtrip(%q, %q): got %q, want %q", cipher, mac, packet, want)
+	}
+}
+
+func TestCBCOracleCounterMeasure(t *testing.T) {
 	kr := &kexResult{Hash: crypto.SHA1}
 	algs := directionAlgorithms{
 		Cipher:      aes128cbcID,
@@ -83,8 +85,8 @@ func TestCBCOracleCounterMeasure(t *testing.T) {
 	want := "bla bla"
 	input := []byte(want)
 	buf := &bytes.Buffer{}
-	if err := client.writePacket(0, buf, rand.Reader, input); err != nil {
-		t.Errorf("writePacket: %v", err)
+	if err := client.writeCipherPacket(0, buf, rand.Reader, input); err != nil {
+		t.Errorf("writeCipherPacket: %v", err)
 	}
 
 	packetSize := buf.Len()
@@ -104,9 +106,9 @@ func TestCBCOracleCounterMeasure(t *testing.T) {
 		fresh.Bytes()[i] ^= 0x01
 
 		before := fresh.Len()
-		_, err = server.readPacket(0, fresh)
+		_, err = server.readCipherPacket(0, fresh)
 		if err == nil {
-			t.Errorf("corrupt byte %d: readPacket succeeded ", i)
+			t.Errorf("corrupt byte %d: readCipherPacket succeeded ", i)
 			continue
 		}
 		if _, ok := err.(cbcError); !ok {
diff --git a/ssh/client.go b/ssh/client.go
index a7e3263bc..99f68bd32 100644
--- a/ssh/client.go
+++ b/ssh/client.go
@@ -9,6 +9,7 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"os"
 	"sync"
 	"time"
 )
@@ -18,6 +19,8 @@ import (
 type Client struct {
 	Conn
 
+	handleForwardsOnce sync.Once // guards calling (*Client).handleForwards
+
 	forwards        forwardList // forwarded tcpip connections from the remote side
 	mu              sync.Mutex
 	channelHandlers map[string]chan NewChannel
@@ -59,8 +62,6 @@ func NewClient(c Conn, chans <-chan NewChannel, reqs <-chan *Request) *Client {
 		conn.Wait()
 		conn.forwards.closeAll()
 	}()
-	go conn.forwards.handleChannels(conn.HandleChannelOpen("forwarded-tcpip"))
-	go conn.forwards.handleChannels(conn.HandleChannelOpen("forwarded-streamlocal@openssh.com"))
 	return conn
 }
 
@@ -76,7 +77,7 @@ func NewClientConn(c net.Conn, addr string, config *ClientConfig) (Conn, <-chan
 	}
 
 	conn := &connection{
-		sshConn: sshConn{conn: c},
+		sshConn: sshConn{conn: c, user: fullConf.User},
 	}
 
 	if err := conn.clientHandshake(addr, &fullConf); err != nil {
@@ -184,9 +185,13 @@ func Dial(network, addr string, config *ClientConfig) (*Client, error) {
 // keys.  A HostKeyCallback must return nil if the host key is OK, or
 // an error to reject it. It receives the hostname as passed to Dial
 // or NewClientConn. The remote address is the RemoteAddr of the
-// net.Conn underlying the the SSH connection.
+// net.Conn underlying the SSH connection.
 type HostKeyCallback func(hostname string, remote net.Addr, key PublicKey) error
 
+// BannerCallback is the function type used for treat the banner sent by
+// the server. A BannerCallback receives the message sent by the remote server.
+type BannerCallback func(message string) error
+
 // A ClientConfig structure is used to configure a Client. It must not be
 // modified after having been passed to an SSH function.
 type ClientConfig struct {
@@ -209,6 +214,12 @@ type ClientConfig struct {
 	// FixedHostKey can be used for simplistic host key checks.
 	HostKeyCallback HostKeyCallback
 
+	// BannerCallback is called during the SSH dance to display a custom
+	// server's message. The client configuration can supply this callback to
+	// handle it as wished. The function BannerDisplayStderr can be used for
+	// simplistic display on Stderr.
+	BannerCallback BannerCallback
+
 	// ClientVersion contains the version identification string that will
 	// be used for the connection. If empty, a reasonable default is used.
 	ClientVersion string
@@ -255,3 +266,13 @@ func FixedHostKey(key PublicKey) HostKeyCallback {
 	hk := &fixedHostKey{key}
 	return hk.check
 }
+
+// BannerDisplayStderr returns a function that can be used for
+// ClientConfig.BannerCallback to display banners on os.Stderr.
+func BannerDisplayStderr() BannerCallback {
+	return func(banner string) error {
+		_, err := os.Stderr.WriteString(banner)
+
+		return err
+	}
+}
diff --git a/ssh/client_auth.go b/ssh/client_auth.go
index b882da086..c611aeb68 100644
--- a/ssh/client_auth.go
+++ b/ssh/client_auth.go
@@ -11,6 +11,14 @@ import (
 	"io"
 )
 
+type authResult int
+
+const (
+	authFailure authResult = iota
+	authPartialSuccess
+	authSuccess
+)
+
 // clientAuthenticate authenticates with the remote server. See RFC 4252.
 func (c *connection) clientAuthenticate(config *ClientConfig) error {
 	// initiate user auth session
@@ -28,7 +36,7 @@ func (c *connection) clientAuthenticate(config *ClientConfig) error {
 
 	// during the authentication phase the client first attempts the "none" method
 	// then any untried methods suggested by the server.
-	tried := make(map[string]bool)
+	var tried []string
 	var lastMethods []string
 
 	sessionID := c.transport.getSessionID()
@@ -37,11 +45,14 @@ func (c *connection) clientAuthenticate(config *ClientConfig) error {
 		if err != nil {
 			return err
 		}
-		if ok {
+		if ok == authSuccess {
 			// success
 			return nil
+		} else if ok == authFailure {
+			if m := auth.method(); !contains(tried, m) {
+				tried = append(tried, m)
+			}
 		}
-		tried[auth.method()] = true
 		if methods == nil {
 			methods = lastMethods
 		}
@@ -52,7 +63,7 @@ func (c *connection) clientAuthenticate(config *ClientConfig) error {
 	findNext:
 		for _, a := range config.Auth {
 			candidateMethod := a.method()
-			if tried[candidateMethod] {
+			if contains(tried, candidateMethod) {
 				continue
 			}
 			for _, meth := range methods {
@@ -63,16 +74,16 @@ func (c *connection) clientAuthenticate(config *ClientConfig) error {
 			}
 		}
 	}
-	return fmt.Errorf("ssh: unable to authenticate, attempted methods %v, no supported methods remain", keys(tried))
+	return fmt.Errorf("ssh: unable to authenticate, attempted methods %v, no supported methods remain", tried)
 }
 
-func keys(m map[string]bool) []string {
-	s := make([]string, 0, len(m))
-
-	for key := range m {
-		s = append(s, key)
+func contains(list []string, e string) bool {
+	for _, s := range list {
+		if s == e {
+			return true
+		}
 	}
-	return s
+	return false
 }
 
 // An AuthMethod represents an instance of an RFC 4252 authentication method.
@@ -82,7 +93,7 @@ type AuthMethod interface {
 	// If authentication is not successful, a []string of alternative
 	// method names is returned. If the slice is nil, it will be ignored
 	// and the previous set of possible methods will be reused.
-	auth(session []byte, user string, p packetConn, rand io.Reader) (bool, []string, error)
+	auth(session []byte, user string, p packetConn, rand io.Reader) (authResult, []string, error)
 
 	// method returns the RFC 4252 method name.
 	method() string
@@ -91,13 +102,13 @@ type AuthMethod interface {
 // "none" authentication, RFC 4252 section 5.2.
 type noneAuth int
 
-func (n *noneAuth) auth(session []byte, user string, c packetConn, rand io.Reader) (bool, []string, error) {
+func (n *noneAuth) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
 	if err := c.writePacket(Marshal(&userAuthRequestMsg{
 		User:    user,
 		Service: serviceSSH,
 		Method:  "none",
 	})); err != nil {
-		return false, nil, err
+		return authFailure, nil, err
 	}
 
 	return handleAuthResponse(c)
@@ -111,7 +122,7 @@ func (n *noneAuth) method() string {
 // a function call, e.g. by prompting the user.
 type passwordCallback func() (password string, err error)
 
-func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (bool, []string, error) {
+func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
 	type passwordAuthMsg struct {
 		User     string `sshtype:"50"`
 		Service  string
@@ -125,7 +136,7 @@ func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand
 	// The program may only find out that the user doesn't have a password
 	// when prompting.
 	if err != nil {
-		return false, nil, err
+		return authFailure, nil, err
 	}
 
 	if err := c.writePacket(Marshal(&passwordAuthMsg{
@@ -135,7 +146,7 @@ func (cb passwordCallback) auth(session []byte, user string, c packetConn, rand
 		Reply:    false,
 		Password: pw,
 	})); err != nil {
-		return false, nil, err
+		return authFailure, nil, err
 	}
 
 	return handleAuthResponse(c)
@@ -178,7 +189,7 @@ func (cb publicKeyCallback) method() string {
 	return "publickey"
 }
 
-func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (bool, []string, error) {
+func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
 	// Authentication is performed by sending an enquiry to test if a key is
 	// acceptable to the remote. If the key is acceptable, the client will
 	// attempt to authenticate with the valid key.  If not the client will repeat
@@ -186,13 +197,13 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand
 
 	signers, err := cb()
 	if err != nil {
-		return false, nil, err
+		return authFailure, nil, err
 	}
 	var methods []string
 	for _, signer := range signers {
 		ok, err := validateKey(signer.PublicKey(), user, c)
 		if err != nil {
-			return false, nil, err
+			return authFailure, nil, err
 		}
 		if !ok {
 			continue
@@ -206,7 +217,7 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand
 			Method:  cb.method(),
 		}, []byte(pub.Type()), pubKey))
 		if err != nil {
-			return false, nil, err
+			return authFailure, nil, err
 		}
 
 		// manually wrap the serialized signature in a string
@@ -224,24 +235,24 @@ func (cb publicKeyCallback) auth(session []byte, user string, c packetConn, rand
 		}
 		p := Marshal(&msg)
 		if err := c.writePacket(p); err != nil {
-			return false, nil, err
+			return authFailure, nil, err
 		}
-		var success bool
+		var success authResult
 		success, methods, err = handleAuthResponse(c)
 		if err != nil {
-			return false, nil, err
+			return authFailure, nil, err
 		}
 
 		// If authentication succeeds or the list of available methods does not
 		// contain the "publickey" method, do not attempt to authenticate with any
 		// other keys.  According to RFC 4252 Section 7, the latter can occur when
 		// additional authentication methods are required.
-		if success || !containsMethod(methods, cb.method()) {
+		if success == authSuccess || !containsMethod(methods, cb.method()) {
 			return success, methods, err
 		}
 	}
 
-	return false, methods, nil
+	return authFailure, methods, nil
 }
 
 func containsMethod(methods []string, method string) bool {
@@ -283,7 +294,9 @@ func confirmKeyAck(key PublicKey, c packetConn) (bool, error) {
 		}
 		switch packet[0] {
 		case msgUserAuthBanner:
-			// TODO(gpaul): add callback to present the banner to the user
+			if err := handleBannerResponse(c, packet); err != nil {
+				return false, err
+			}
 		case msgUserAuthPubKeyOk:
 			var msg userAuthPubKeyOkMsg
 			if err := Unmarshal(packet, &msg); err != nil {
@@ -316,30 +329,53 @@ func PublicKeysCallback(getSigners func() (signers []Signer, err error)) AuthMet
 // handleAuthResponse returns whether the preceding authentication request succeeded
 // along with a list of remaining authentication methods to try next and
 // an error if an unexpected response was received.
-func handleAuthResponse(c packetConn) (bool, []string, error) {
+func handleAuthResponse(c packetConn) (authResult, []string, error) {
 	for {
 		packet, err := c.readPacket()
 		if err != nil {
-			return false, nil, err
+			return authFailure, nil, err
 		}
 
 		switch packet[0] {
 		case msgUserAuthBanner:
-			// TODO: add callback to present the banner to the user
+			if err := handleBannerResponse(c, packet); err != nil {
+				return authFailure, nil, err
+			}
 		case msgUserAuthFailure:
 			var msg userAuthFailureMsg
 			if err := Unmarshal(packet, &msg); err != nil {
-				return false, nil, err
+				return authFailure, nil, err
+			}
+			if msg.PartialSuccess {
+				return authPartialSuccess, msg.Methods, nil
 			}
-			return false, msg.Methods, nil
+			return authFailure, msg.Methods, nil
 		case msgUserAuthSuccess:
-			return true, nil, nil
+			return authSuccess, nil, nil
 		default:
-			return false, nil, unexpectedMessageError(msgUserAuthSuccess, packet[0])
+			return authFailure, nil, unexpectedMessageError(msgUserAuthSuccess, packet[0])
 		}
 	}
 }
 
+func handleBannerResponse(c packetConn, packet []byte) error {
+	var msg userAuthBannerMsg
+	if err := Unmarshal(packet, &msg); err != nil {
+		return err
+	}
+
+	transport, ok := c.(*handshakeTransport)
+	if !ok {
+		return nil
+	}
+
+	if transport.bannerCallback != nil {
+		return transport.bannerCallback(msg.Message)
+	}
+
+	return nil
+}
+
 // KeyboardInteractiveChallenge should print questions, optionally
 // disabling echoing (e.g. for passwords), and return all the answers.
 // Challenge may be called multiple times in a single session. After
@@ -349,7 +385,7 @@ func handleAuthResponse(c packetConn) (bool, []string, error) {
 // both CLI and GUI environments.
 type KeyboardInteractiveChallenge func(user, instruction string, questions []string, echos []bool) (answers []string, err error)
 
-// KeyboardInteractive returns a AuthMethod using a prompt/response
+// KeyboardInteractive returns an AuthMethod using a prompt/response
 // sequence controlled by the server.
 func KeyboardInteractive(challenge KeyboardInteractiveChallenge) AuthMethod {
 	return challenge
@@ -359,7 +395,7 @@ func (cb KeyboardInteractiveChallenge) method() string {
 	return "keyboard-interactive"
 }
 
-func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packetConn, rand io.Reader) (bool, []string, error) {
+func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
 	type initiateMsg struct {
 		User       string `sshtype:"50"`
 		Service    string
@@ -373,37 +409,42 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe
 		Service: serviceSSH,
 		Method:  "keyboard-interactive",
 	})); err != nil {
-		return false, nil, err
+		return authFailure, nil, err
 	}
 
 	for {
 		packet, err := c.readPacket()
 		if err != nil {
-			return false, nil, err
+			return authFailure, nil, err
 		}
 
 		// like handleAuthResponse, but with less options.
 		switch packet[0] {
 		case msgUserAuthBanner:
-			// TODO: Print banners during userauth.
+			if err := handleBannerResponse(c, packet); err != nil {
+				return authFailure, nil, err
+			}
 			continue
 		case msgUserAuthInfoRequest:
 			// OK
 		case msgUserAuthFailure:
 			var msg userAuthFailureMsg
 			if err := Unmarshal(packet, &msg); err != nil {
-				return false, nil, err
+				return authFailure, nil, err
 			}
-			return false, msg.Methods, nil
+			if msg.PartialSuccess {
+				return authPartialSuccess, msg.Methods, nil
+			}
+			return authFailure, msg.Methods, nil
 		case msgUserAuthSuccess:
-			return true, nil, nil
+			return authSuccess, nil, nil
 		default:
-			return false, nil, unexpectedMessageError(msgUserAuthInfoRequest, packet[0])
+			return authFailure, nil, unexpectedMessageError(msgUserAuthInfoRequest, packet[0])
 		}
 
 		var msg userAuthInfoRequestMsg
 		if err := Unmarshal(packet, &msg); err != nil {
-			return false, nil, err
+			return authFailure, nil, err
 		}
 
 		// Manually unpack the prompt/echo pairs.
@@ -413,7 +454,7 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe
 		for i := 0; i < int(msg.NumPrompts); i++ {
 			prompt, r, ok := parseString(rest)
 			if !ok || len(r) == 0 {
-				return false, nil, errors.New("ssh: prompt format error")
+				return authFailure, nil, errors.New("ssh: prompt format error")
 			}
 			prompts = append(prompts, string(prompt))
 			echos = append(echos, r[0] != 0)
@@ -421,16 +462,16 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe
 		}
 
 		if len(rest) != 0 {
-			return false, nil, errors.New("ssh: extra data following keyboard-interactive pairs")
+			return authFailure, nil, errors.New("ssh: extra data following keyboard-interactive pairs")
 		}
 
 		answers, err := cb(msg.User, msg.Instruction, prompts, echos)
 		if err != nil {
-			return false, nil, err
+			return authFailure, nil, err
 		}
 
 		if len(answers) != len(prompts) {
-			return false, nil, errors.New("ssh: not enough answers from keyboard-interactive callback")
+			return authFailure, nil, fmt.Errorf("ssh: incorrect number of answers from keyboard-interactive callback %d (expected %d)", len(answers), len(prompts))
 		}
 		responseLength := 1 + 4
 		for _, a := range answers {
@@ -446,7 +487,7 @@ func (cb KeyboardInteractiveChallenge) auth(session []byte, user string, c packe
 		}
 
 		if err := c.writePacket(serialized); err != nil {
-			return false, nil, err
+			return authFailure, nil, err
 		}
 	}
 }
@@ -456,10 +497,10 @@ type retryableAuthMethod struct {
 	maxTries   int
 }
 
-func (r *retryableAuthMethod) auth(session []byte, user string, c packetConn, rand io.Reader) (ok bool, methods []string, err error) {
+func (r *retryableAuthMethod) auth(session []byte, user string, c packetConn, rand io.Reader) (ok authResult, methods []string, err error) {
 	for i := 0; r.maxTries <= 0 || i < r.maxTries; i++ {
 		ok, methods, err = r.authMethod.auth(session, user, c, rand)
-		if ok || err != nil { // either success or error terminate
+		if ok != authFailure || err != nil { // either success, partial success or error terminate
 			return ok, methods, err
 		}
 	}
@@ -484,3 +525,117 @@ func (r *retryableAuthMethod) method() string {
 func RetryableAuthMethod(auth AuthMethod, maxTries int) AuthMethod {
 	return &retryableAuthMethod{authMethod: auth, maxTries: maxTries}
 }
+
+// GSSAPIWithMICAuthMethod is an AuthMethod with "gssapi-with-mic" authentication.
+// See RFC 4462 section 3
+// gssAPIClient is implementation of the GSSAPIClient interface, see the definition of the interface for details.
+// target is the server host you want to log in to.
+func GSSAPIWithMICAuthMethod(gssAPIClient GSSAPIClient, target string) AuthMethod {
+	if gssAPIClient == nil {
+		panic("gss-api client must be not nil with enable gssapi-with-mic")
+	}
+	return &gssAPIWithMICCallback{gssAPIClient: gssAPIClient, target: target}
+}
+
+type gssAPIWithMICCallback struct {
+	gssAPIClient GSSAPIClient
+	target       string
+}
+
+func (g *gssAPIWithMICCallback) auth(session []byte, user string, c packetConn, rand io.Reader) (authResult, []string, error) {
+	m := &userAuthRequestMsg{
+		User:    user,
+		Service: serviceSSH,
+		Method:  g.method(),
+	}
+	// The GSS-API authentication method is initiated when the client sends an SSH_MSG_USERAUTH_REQUEST.
+	// See RFC 4462 section 3.2.
+	m.Payload = appendU32(m.Payload, 1)
+	m.Payload = appendString(m.Payload, string(krb5OID))
+	if err := c.writePacket(Marshal(m)); err != nil {
+		return authFailure, nil, err
+	}
+	// The server responds to the SSH_MSG_USERAUTH_REQUEST with either an
+	// SSH_MSG_USERAUTH_FAILURE if none of the mechanisms are supported or
+	// with an SSH_MSG_USERAUTH_GSSAPI_RESPONSE.
+	// See RFC 4462 section 3.3.
+	// OpenSSH supports Kerberos V5 mechanism only for GSS-API authentication,so I don't want to check
+	// selected mech if it is valid.
+	packet, err := c.readPacket()
+	if err != nil {
+		return authFailure, nil, err
+	}
+	userAuthGSSAPIResp := &userAuthGSSAPIResponse{}
+	if err := Unmarshal(packet, userAuthGSSAPIResp); err != nil {
+		return authFailure, nil, err
+	}
+	// Start the loop into the exchange token.
+	// See RFC 4462 section 3.4.
+	var token []byte
+	defer g.gssAPIClient.DeleteSecContext()
+	for {
+		// Initiates the establishment of a security context between the application and a remote peer.
+		nextToken, needContinue, err := g.gssAPIClient.InitSecContext("host@"+g.target, token, false)
+		if err != nil {
+			return authFailure, nil, err
+		}
+		if len(nextToken) > 0 {
+			if err := c.writePacket(Marshal(&userAuthGSSAPIToken{
+				Token: nextToken,
+			})); err != nil {
+				return authFailure, nil, err
+			}
+		}
+		if !needContinue {
+			break
+		}
+		packet, err = c.readPacket()
+		if err != nil {
+			return authFailure, nil, err
+		}
+		switch packet[0] {
+		case msgUserAuthFailure:
+			var msg userAuthFailureMsg
+			if err := Unmarshal(packet, &msg); err != nil {
+				return authFailure, nil, err
+			}
+			if msg.PartialSuccess {
+				return authPartialSuccess, msg.Methods, nil
+			}
+			return authFailure, msg.Methods, nil
+		case msgUserAuthGSSAPIError:
+			userAuthGSSAPIErrorResp := &userAuthGSSAPIError{}
+			if err := Unmarshal(packet, userAuthGSSAPIErrorResp); err != nil {
+				return authFailure, nil, err
+			}
+			return authFailure, nil, fmt.Errorf("GSS-API Error:\n"+
+				"Major Status: %d\n"+
+				"Minor Status: %d\n"+
+				"Error Message: %s\n", userAuthGSSAPIErrorResp.MajorStatus, userAuthGSSAPIErrorResp.MinorStatus,
+				userAuthGSSAPIErrorResp.Message)
+		case msgUserAuthGSSAPIToken:
+			userAuthGSSAPITokenReq := &userAuthGSSAPIToken{}
+			if err := Unmarshal(packet, userAuthGSSAPITokenReq); err != nil {
+				return authFailure, nil, err
+			}
+			token = userAuthGSSAPITokenReq.Token
+		}
+	}
+	// Binding Encryption Keys.
+	// See RFC 4462 section 3.5.
+	micField := buildMIC(string(session), user, "ssh-connection", "gssapi-with-mic")
+	micToken, err := g.gssAPIClient.GetMIC(micField)
+	if err != nil {
+		return authFailure, nil, err
+	}
+	if err := c.writePacket(Marshal(&userAuthGSSAPIMIC{
+		MIC: micToken,
+	})); err != nil {
+		return authFailure, nil, err
+	}
+	return handleAuthResponse(c)
+}
+
+func (g *gssAPIWithMICCallback) method() string {
+	return "gssapi-with-mic"
+}
diff --git a/ssh/client_auth_test.go b/ssh/client_auth_test.go
index 145b57a2b..63a8e2248 100644
--- a/ssh/client_auth_test.go
+++ b/ssh/client_auth_test.go
@@ -9,6 +9,9 @@ import (
 	"crypto/rand"
 	"errors"
 	"fmt"
+	"io"
+	"log"
+	"net"
 	"os"
 	"strings"
 	"testing"
@@ -28,8 +31,21 @@ func (cr keyboardInteractive) Challenge(user string, instruction string, questio
 var clientPassword = "tiger"
 
 // tryAuth runs a handshake with a given config against an SSH server
-// with config serverConfig
+// with config serverConfig. Returns both client and server side errors.
 func tryAuth(t *testing.T, config *ClientConfig) error {
+	err, _ := tryAuthBothSides(t, config, nil)
+	return err
+}
+
+// tryAuth runs a handshake with a given config against an SSH server
+// with a given GSSAPIWithMICConfig and config serverConfig. Returns both client and server side errors.
+func tryAuthWithGSSAPIWithMICConfig(t *testing.T, clientConfig *ClientConfig, gssAPIWithMICConfig *GSSAPIWithMICConfig) error {
+	err, _ := tryAuthBothSides(t, clientConfig, gssAPIWithMICConfig)
+	return err
+}
+
+// tryAuthBothSides runs the handshake and returns the resulting errors from both sides of the connection.
+func tryAuthBothSides(t *testing.T, config *ClientConfig, gssAPIWithMICConfig *GSSAPIWithMICConfig) (clientError error, serverAuthErrors []error) {
 	c1, c2, err := netPipe()
 	if err != nil {
 		t.Fatalf("netPipe: %v", err)
@@ -52,7 +68,6 @@ func tryAuth(t *testing.T, config *ClientConfig) error {
 			return c.Serial == 666
 		},
 	}
-
 	serverConfig := &ServerConfig{
 		PasswordCallback: func(conn ConnMetadata, pass []byte) (*Permissions, error) {
 			if conn.User() == "testuser" && string(pass) == clientPassword {
@@ -76,12 +91,17 @@ func tryAuth(t *testing.T, config *ClientConfig) error {
 			}
 			return nil, errors.New("keyboard-interactive failed")
 		},
+		GSSAPIWithMICConfig: gssAPIWithMICConfig,
 	}
 	serverConfig.AddHostKey(testSigners["rsa"])
 
+	serverConfig.AuthLogCallback = func(conn ConnMetadata, method string, err error) {
+		serverAuthErrors = append(serverAuthErrors, err)
+	}
+
 	go newServer(c1, serverConfig)
 	_, _, _, err = NewClientConn(c2, "", config)
-	return err
+	return err, serverAuthErrors
 }
 
 func TestClientAuthPublicKey(t *testing.T) {
@@ -213,6 +233,45 @@ func TestAuthMethodRSAandDSA(t *testing.T) {
 	}
 }
 
+type invalidAlgSigner struct {
+	Signer
+}
+
+func (s *invalidAlgSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {
+	sig, err := s.Signer.Sign(rand, data)
+	if sig != nil {
+		sig.Format = "invalid"
+	}
+	return sig, err
+}
+
+func TestMethodInvalidAlgorithm(t *testing.T) {
+	config := &ClientConfig{
+		User: "testuser",
+		Auth: []AuthMethod{
+			PublicKeys(&invalidAlgSigner{testSigners["rsa"]}),
+		},
+		HostKeyCallback: InsecureIgnoreHostKey(),
+	}
+
+	err, serverErrors := tryAuthBothSides(t, config, nil)
+	if err == nil {
+		t.Fatalf("login succeeded")
+	}
+
+	found := false
+	want := "algorithm \"invalid\""
+
+	var errStrings []string
+	for _, err := range serverErrors {
+		found = found || (err != nil && strings.Contains(err.Error(), want))
+		errStrings = append(errStrings, err.Error())
+	}
+	if !found {
+		t.Errorf("server got error %q, want substring %q", errStrings, want)
+	}
+}
+
 func TestClientHMAC(t *testing.T) {
 	for _, mac := range supportedMACs {
 		config := &ClientConfig{
@@ -257,7 +316,7 @@ func TestClientUnsupportedKex(t *testing.T) {
 			PublicKeys(),
 		},
 		Config: Config{
-			KeyExchanges: []string{"diffie-hellman-group-exchange-sha256"}, // not currently supported
+			KeyExchanges: []string{"non-existent-kex"},
 		},
 		HostKeyCallback: InsecureIgnoreHostKey(),
 	}
@@ -427,7 +486,7 @@ func TestRetryableAuth(t *testing.T) {
 	}
 }
 
-func ExampleRetryableAuthMethod(t *testing.T) {
+func ExampleRetryableAuthMethod() {
 	user := "testuser"
 	NumberOfPrompts := 3
 
@@ -445,9 +504,17 @@ func ExampleRetryableAuthMethod(t *testing.T) {
 		},
 	}
 
-	if err := tryAuth(t, config); err != nil {
-		t.Fatalf("unable to dial remote side: %s", err)
+	host := "mysshserver"
+	netConn, err := net.Dial("tcp", host)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	sshConn, _, _, err := NewClientConn(netConn, host, config)
+	if err != nil {
+		log.Fatal(err)
 	}
+	_ = sshConn
 }
 
 // Test if username is received on server side when NoClientAuth is used
@@ -614,8 +681,8 @@ func TestClientAuthErrorList(t *testing.T) {
 	for i, e := range authErrs.Errors {
 		switch i {
 		case 0:
-			if e.Error() != "no auth passed yet" {
-				t.Fatalf("errors: got %v, want no auth passed yet", e.Error())
+			if e != ErrNoAuth {
+				t.Fatalf("errors: got error %v, want ErrNoAuth", e)
 			}
 		case 1:
 			if e != publicKeyErr {
@@ -626,3 +693,206 @@ func TestClientAuthErrorList(t *testing.T) {
 		}
 	}
 }
+
+func TestAuthMethodGSSAPIWithMIC(t *testing.T) {
+	type testcase struct {
+		config        *ClientConfig
+		gssConfig     *GSSAPIWithMICConfig
+		clientWantErr string
+		serverWantErr string
+	}
+	testcases := []*testcase{
+		{
+			config: &ClientConfig{
+				User: "testuser",
+				Auth: []AuthMethod{
+					GSSAPIWithMICAuthMethod(
+						&FakeClient{
+							exchanges: []*exchange{
+								{
+									outToken: "client-valid-token-1",
+								},
+								{
+									expectedToken: "server-valid-token-1",
+								},
+							},
+							mic:      []byte("valid-mic"),
+							maxRound: 2,
+						}, "testtarget",
+					),
+				},
+				HostKeyCallback: InsecureIgnoreHostKey(),
+			},
+			gssConfig: &GSSAPIWithMICConfig{
+				AllowLogin: func(conn ConnMetadata, srcName string) (*Permissions, error) {
+					if srcName != conn.User()+"@DOMAIN" {
+						return nil, fmt.Errorf("srcName is %s, conn user is %s", srcName, conn.User())
+					}
+					return nil, nil
+				},
+				Server: &FakeServer{
+					exchanges: []*exchange{
+						{
+							outToken:      "server-valid-token-1",
+							expectedToken: "client-valid-token-1",
+						},
+					},
+					maxRound:    1,
+					expectedMIC: []byte("valid-mic"),
+					srcName:     "testuser@DOMAIN",
+				},
+			},
+		},
+		{
+			config: &ClientConfig{
+				User: "testuser",
+				Auth: []AuthMethod{
+					GSSAPIWithMICAuthMethod(
+						&FakeClient{
+							exchanges: []*exchange{
+								{
+									outToken: "client-valid-token-1",
+								},
+								{
+									expectedToken: "server-valid-token-1",
+								},
+							},
+							mic:      []byte("valid-mic"),
+							maxRound: 2,
+						}, "testtarget",
+					),
+				},
+				HostKeyCallback: InsecureIgnoreHostKey(),
+			},
+			gssConfig: &GSSAPIWithMICConfig{
+				AllowLogin: func(conn ConnMetadata, srcName string) (*Permissions, error) {
+					return nil, fmt.Errorf("user is not allowed to login")
+				},
+				Server: &FakeServer{
+					exchanges: []*exchange{
+						{
+							outToken:      "server-valid-token-1",
+							expectedToken: "client-valid-token-1",
+						},
+					},
+					maxRound:    1,
+					expectedMIC: []byte("valid-mic"),
+					srcName:     "testuser@DOMAIN",
+				},
+			},
+			serverWantErr: "user is not allowed to login",
+			clientWantErr: "ssh: handshake failed: ssh: unable to authenticate",
+		},
+		{
+			config: &ClientConfig{
+				User: "testuser",
+				Auth: []AuthMethod{
+					GSSAPIWithMICAuthMethod(
+						&FakeClient{
+							exchanges: []*exchange{
+								{
+									outToken: "client-valid-token-1",
+								},
+								{
+									expectedToken: "server-valid-token-1",
+								},
+							},
+							mic:      []byte("valid-mic"),
+							maxRound: 2,
+						}, "testtarget",
+					),
+				},
+				HostKeyCallback: InsecureIgnoreHostKey(),
+			},
+			gssConfig: &GSSAPIWithMICConfig{
+				AllowLogin: func(conn ConnMetadata, srcName string) (*Permissions, error) {
+					if srcName != conn.User() {
+						return nil, fmt.Errorf("srcName is %s, conn user is %s", srcName, conn.User())
+					}
+					return nil, nil
+				},
+				Server: &FakeServer{
+					exchanges: []*exchange{
+						{
+							outToken:      "server-invalid-token-1",
+							expectedToken: "client-valid-token-1",
+						},
+					},
+					maxRound:    1,
+					expectedMIC: []byte("valid-mic"),
+					srcName:     "testuser@DOMAIN",
+				},
+			},
+			clientWantErr: "ssh: handshake failed: got \"server-invalid-token-1\", want token \"server-valid-token-1\"",
+		},
+		{
+			config: &ClientConfig{
+				User: "testuser",
+				Auth: []AuthMethod{
+					GSSAPIWithMICAuthMethod(
+						&FakeClient{
+							exchanges: []*exchange{
+								{
+									outToken: "client-valid-token-1",
+								},
+								{
+									expectedToken: "server-valid-token-1",
+								},
+							},
+							mic:      []byte("invalid-mic"),
+							maxRound: 2,
+						}, "testtarget",
+					),
+				},
+				HostKeyCallback: InsecureIgnoreHostKey(),
+			},
+			gssConfig: &GSSAPIWithMICConfig{
+				AllowLogin: func(conn ConnMetadata, srcName string) (*Permissions, error) {
+					if srcName != conn.User() {
+						return nil, fmt.Errorf("srcName is %s, conn user is %s", srcName, conn.User())
+					}
+					return nil, nil
+				},
+				Server: &FakeServer{
+					exchanges: []*exchange{
+						{
+							outToken:      "server-valid-token-1",
+							expectedToken: "client-valid-token-1",
+						},
+					},
+					maxRound:    1,
+					expectedMIC: []byte("valid-mic"),
+					srcName:     "testuser@DOMAIN",
+				},
+			},
+			serverWantErr: "got MICToken \"invalid-mic\", want \"valid-mic\"",
+			clientWantErr: "ssh: handshake failed: ssh: unable to authenticate",
+		},
+	}
+
+	for i, c := range testcases {
+		clientErr, serverErrs := tryAuthBothSides(t, c.config, c.gssConfig)
+		if (c.clientWantErr == "") != (clientErr == nil) {
+			t.Fatalf("client got %v, want %s, case %d", clientErr, c.clientWantErr, i)
+		}
+		if (c.serverWantErr == "") != (len(serverErrs) == 2 && serverErrs[1] == nil || len(serverErrs) == 1) {
+			t.Fatalf("server got err %v, want %s", serverErrs, c.serverWantErr)
+		}
+		if c.clientWantErr != "" {
+			if clientErr != nil && !strings.Contains(clientErr.Error(), c.clientWantErr) {
+				t.Fatalf("client  got %v, want %s, case %d", clientErr, c.clientWantErr, i)
+			}
+		}
+		found := false
+		var errStrings []string
+		if c.serverWantErr != "" {
+			for _, err := range serverErrs {
+				found = found || (err != nil && strings.Contains(err.Error(), c.serverWantErr))
+				errStrings = append(errStrings, err.Error())
+			}
+			if !found {
+				t.Errorf("server got error %q, want substring %q, case %d", errStrings, c.serverWantErr, i)
+			}
+		}
+	}
+}
diff --git a/ssh/client_test.go b/ssh/client_test.go
index ccf56074d..6aaa00362 100644
--- a/ssh/client_test.go
+++ b/ssh/client_test.go
@@ -5,41 +5,77 @@
 package ssh
 
 import (
-	"net"
 	"strings"
 	"testing"
 )
 
-func testClientVersion(t *testing.T, config *ClientConfig, expected string) {
-	clientConn, serverConn := net.Pipe()
-	defer clientConn.Close()
-	receivedVersion := make(chan string, 1)
-	config.HostKeyCallback = InsecureIgnoreHostKey()
-	go func() {
-		version, err := readVersion(serverConn)
-		if err != nil {
-			receivedVersion <- ""
-		} else {
-			receivedVersion <- string(version)
-		}
-		serverConn.Close()
-	}()
-	NewClientConn(clientConn, "", config)
-	actual := <-receivedVersion
-	if actual != expected {
-		t.Fatalf("got %s; want %s", actual, expected)
+func TestClientVersion(t *testing.T) {
+	for _, tt := range []struct {
+		name      string
+		version   string
+		multiLine string
+		wantErr   bool
+	}{
+		{
+			name:    "default version",
+			version: packageVersion,
+		},
+		{
+			name:    "custom version",
+			version: "SSH-2.0-CustomClientVersionString",
+		},
+		{
+			name:      "good multi line version",
+			version:   packageVersion,
+			multiLine: strings.Repeat("ignored\r\n", 20),
+		},
+		{
+			name:      "bad multi line version",
+			version:   packageVersion,
+			multiLine: "bad multi line version",
+			wantErr:   true,
+		},
+		{
+			name:      "long multi line version",
+			version:   packageVersion,
+			multiLine: strings.Repeat("long multi line version\r\n", 50)[:256],
+			wantErr:   true,
+		},
+	} {
+		t.Run(tt.name, func(t *testing.T) {
+			c1, c2, err := netPipe()
+			if err != nil {
+				t.Fatalf("netPipe: %v", err)
+			}
+			defer c1.Close()
+			defer c2.Close()
+			go func() {
+				if tt.multiLine != "" {
+					c1.Write([]byte(tt.multiLine))
+				}
+				NewClientConn(c1, "", &ClientConfig{
+					ClientVersion:   tt.version,
+					HostKeyCallback: InsecureIgnoreHostKey(),
+				})
+				c1.Close()
+			}()
+			conf := &ServerConfig{NoClientAuth: true}
+			conf.AddHostKey(testSigners["rsa"])
+			conn, _, _, err := NewServerConn(c2, conf)
+			if err == nil == tt.wantErr {
+				t.Fatalf("got err %v; wantErr %t", err, tt.wantErr)
+			}
+			if tt.wantErr {
+				// Don't verify the version on an expected error.
+				return
+			}
+			if got := string(conn.ClientVersion()); got != tt.version {
+				t.Fatalf("got %q; want %q", got, tt.version)
+			}
+		})
 	}
 }
 
-func TestCustomClientVersion(t *testing.T) {
-	version := "Test-Client-Version-0.0"
-	testClientVersion(t, &ClientConfig{ClientVersion: version}, version)
-}
-
-func TestDefaultClientVersion(t *testing.T) {
-	testClientVersion(t, &ClientConfig{}, packageVersion)
-}
-
 func TestHostKeyCheck(t *testing.T) {
 	for _, tt := range []struct {
 		name      string
@@ -79,3 +115,101 @@ func TestHostKeyCheck(t *testing.T) {
 		}
 	}
 }
+
+func TestBannerCallback(t *testing.T) {
+	c1, c2, err := netPipe()
+	if err != nil {
+		t.Fatalf("netPipe: %v", err)
+	}
+	defer c1.Close()
+	defer c2.Close()
+
+	serverConf := &ServerConfig{
+		PasswordCallback: func(conn ConnMetadata, password []byte) (*Permissions, error) {
+			return &Permissions{}, nil
+		},
+		BannerCallback: func(conn ConnMetadata) string {
+			return "Hello World"
+		},
+	}
+	serverConf.AddHostKey(testSigners["rsa"])
+	go NewServerConn(c1, serverConf)
+
+	var receivedBanner string
+	var bannerCount int
+	clientConf := ClientConfig{
+		Auth: []AuthMethod{
+			Password("123"),
+		},
+		User:            "user",
+		HostKeyCallback: InsecureIgnoreHostKey(),
+		BannerCallback: func(message string) error {
+			bannerCount++
+			receivedBanner = message
+			return nil
+		},
+	}
+
+	_, _, _, err = NewClientConn(c2, "", &clientConf)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if bannerCount != 1 {
+		t.Errorf("got %d banners; want 1", bannerCount)
+	}
+
+	expected := "Hello World"
+	if receivedBanner != expected {
+		t.Fatalf("got %s; want %s", receivedBanner, expected)
+	}
+}
+
+func TestNewClientConn(t *testing.T) {
+	for _, tt := range []struct {
+		name string
+		user string
+	}{
+		{
+			name: "good user field for ConnMetadata",
+			user: "testuser",
+		},
+		{
+			name: "empty user field for ConnMetadata",
+			user: "",
+		},
+	} {
+		t.Run(tt.name, func(t *testing.T) {
+			c1, c2, err := netPipe()
+			if err != nil {
+				t.Fatalf("netPipe: %v", err)
+			}
+			defer c1.Close()
+			defer c2.Close()
+
+			serverConf := &ServerConfig{
+				PasswordCallback: func(conn ConnMetadata, password []byte) (*Permissions, error) {
+					return &Permissions{}, nil
+				},
+			}
+			serverConf.AddHostKey(testSigners["rsa"])
+			go NewServerConn(c1, serverConf)
+
+			clientConf := &ClientConfig{
+				User: tt.user,
+				Auth: []AuthMethod{
+					Password("testpw"),
+				},
+				HostKeyCallback: InsecureIgnoreHostKey(),
+			}
+			clientConn, _, _, err := NewClientConn(c2, "", clientConf)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			if userGot := clientConn.User(); userGot != tt.user {
+				t.Errorf("got user %q; want user %q", userGot, tt.user)
+			}
+		})
+	}
+}
diff --git a/ssh/common.go b/ssh/common.go
index dc39e4d23..290382d05 100644
--- a/ssh/common.go
+++ b/ssh/common.go
@@ -24,11 +24,21 @@ const (
 	serviceSSH      = "ssh-connection"
 )
 
-// supportedCiphers specifies the supported ciphers in preference order.
+// supportedCiphers lists ciphers we support but might not recommend.
 var supportedCiphers = []string{
 	"aes128-ctr", "aes192-ctr", "aes256-ctr",
 	"aes128-gcm@openssh.com",
-	"arcfour256", "arcfour128",
+	chacha20Poly1305ID,
+	"arcfour256", "arcfour128", "arcfour",
+	aes128cbcID,
+	tripledescbcID,
+}
+
+// preferredCiphers specifies the default preference for ciphers.
+var preferredCiphers = []string{
+	"aes128-gcm@openssh.com",
+	chacha20Poly1305ID,
+	"aes128-ctr", "aes192-ctr", "aes256-ctr",
 }
 
 // supportedKexAlgos specifies the supported key-exchange algorithms in
@@ -41,6 +51,21 @@ var supportedKexAlgos = []string{
 	kexAlgoDH14SHA1, kexAlgoDH1SHA1,
 }
 
+// serverForbiddenKexAlgos contains key exchange algorithms, that are forbidden
+// for the server half.
+var serverForbiddenKexAlgos = map[string]struct{}{
+	kexAlgoDHGEXSHA1:   {}, // server half implementation is only minimal to satisfy the automated tests
+	kexAlgoDHGEXSHA256: {}, // server half implementation is only minimal to satisfy the automated tests
+}
+
+// preferredKexAlgos specifies the default preference for key-exchange algorithms
+// in preference order.
+var preferredKexAlgos = []string{
+	kexAlgoCurve25519SHA256,
+	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
+	kexAlgoDH14SHA1,
+}
+
 // supportedHostKeyAlgos specifies the supported host-key algorithms (i.e. methods
 // of authenticating servers) in preference order.
 var supportedHostKeyAlgos = []string{
@@ -99,6 +124,7 @@ func findCommon(what string, client []string, server []string) (common string, e
 	return "", fmt.Errorf("ssh: no common algorithm for %s; client offered: %v, server offered: %v", what, client, server)
 }
 
+// directionAlgorithms records algorithm choices in one direction (either read or write)
 type directionAlgorithms struct {
 	Cipher      string
 	MAC         string
@@ -127,7 +153,7 @@ type algorithms struct {
 	r       directionAlgorithms
 }
 
-func findAgreedAlgorithms(clientKexInit, serverKexInit *kexInitMsg) (algs *algorithms, err error) {
+func findAgreedAlgorithms(isClient bool, clientKexInit, serverKexInit *kexInitMsg) (algs *algorithms, err error) {
 	result := &algorithms{}
 
 	result.kex, err = findCommon("key exchange", clientKexInit.KexAlgos, serverKexInit.KexAlgos)
@@ -140,32 +166,37 @@ func findAgreedAlgorithms(clientKexInit, serverKexInit *kexInitMsg) (algs *algor
 		return
 	}
 
-	result.w.Cipher, err = findCommon("client to server cipher", clientKexInit.CiphersClientServer, serverKexInit.CiphersClientServer)
+	stoc, ctos := &result.w, &result.r
+	if isClient {
+		ctos, stoc = stoc, ctos
+	}
+
+	ctos.Cipher, err = findCommon("client to server cipher", clientKexInit.CiphersClientServer, serverKexInit.CiphersClientServer)
 	if err != nil {
 		return
 	}
 
-	result.r.Cipher, err = findCommon("server to client cipher", clientKexInit.CiphersServerClient, serverKexInit.CiphersServerClient)
+	stoc.Cipher, err = findCommon("server to client cipher", clientKexInit.CiphersServerClient, serverKexInit.CiphersServerClient)
 	if err != nil {
 		return
 	}
 
-	result.w.MAC, err = findCommon("client to server MAC", clientKexInit.MACsClientServer, serverKexInit.MACsClientServer)
+	ctos.MAC, err = findCommon("client to server MAC", clientKexInit.MACsClientServer, serverKexInit.MACsClientServer)
 	if err != nil {
 		return
 	}
 
-	result.r.MAC, err = findCommon("server to client MAC", clientKexInit.MACsServerClient, serverKexInit.MACsServerClient)
+	stoc.MAC, err = findCommon("server to client MAC", clientKexInit.MACsServerClient, serverKexInit.MACsServerClient)
 	if err != nil {
 		return
 	}
 
-	result.w.Compression, err = findCommon("client to server compression", clientKexInit.CompressionClientServer, serverKexInit.CompressionClientServer)
+	ctos.Compression, err = findCommon("client to server compression", clientKexInit.CompressionClientServer, serverKexInit.CompressionClientServer)
 	if err != nil {
 		return
 	}
 
-	result.r.Compression, err = findCommon("server to client compression", clientKexInit.CompressionServerClient, serverKexInit.CompressionServerClient)
+	stoc.Compression, err = findCommon("server to client compression", clientKexInit.CompressionServerClient, serverKexInit.CompressionServerClient)
 	if err != nil {
 		return
 	}
@@ -211,7 +242,7 @@ func (c *Config) SetDefaults() {
 		c.Rand = rand.Reader
 	}
 	if c.Ciphers == nil {
-		c.Ciphers = supportedCiphers
+		c.Ciphers = preferredCiphers
 	}
 	var ciphers []string
 	for _, c := range c.Ciphers {
@@ -223,7 +254,7 @@ func (c *Config) SetDefaults() {
 	c.Ciphers = ciphers
 
 	if c.KeyExchanges == nil {
-		c.KeyExchanges = supportedKexAlgos
+		c.KeyExchanges = preferredKexAlgos
 	}
 
 	if c.MACs == nil {
@@ -242,7 +273,7 @@ func (c *Config) SetDefaults() {
 
 // buildDataSignedForAuth returns the data that is signed in order to prove
 // possession of a private key. See RFC 4252, section 7.
-func buildDataSignedForAuth(sessionId []byte, req userAuthRequestMsg, algo, pubKey []byte) []byte {
+func buildDataSignedForAuth(sessionID []byte, req userAuthRequestMsg, algo, pubKey []byte) []byte {
 	data := struct {
 		Session []byte
 		Type    byte
@@ -253,7 +284,7 @@ func buildDataSignedForAuth(sessionId []byte, req userAuthRequestMsg, algo, pubK
 		Algo    []byte
 		PubKey  []byte
 	}{
-		sessionId,
+		sessionID,
 		msgUserAuthRequest,
 		req.User,
 		req.Service,
diff --git a/ssh/common_test.go b/ssh/common_test.go
new file mode 100644
index 000000000..96744dcf0
--- /dev/null
+++ b/ssh/common_test.go
@@ -0,0 +1,176 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestFindAgreedAlgorithms(t *testing.T) {
+	initKex := func(k *kexInitMsg) {
+		if k.KexAlgos == nil {
+			k.KexAlgos = []string{"kex1"}
+		}
+		if k.ServerHostKeyAlgos == nil {
+			k.ServerHostKeyAlgos = []string{"hostkey1"}
+		}
+		if k.CiphersClientServer == nil {
+			k.CiphersClientServer = []string{"cipher1"}
+
+		}
+		if k.CiphersServerClient == nil {
+			k.CiphersServerClient = []string{"cipher1"}
+
+		}
+		if k.MACsClientServer == nil {
+			k.MACsClientServer = []string{"mac1"}
+
+		}
+		if k.MACsServerClient == nil {
+			k.MACsServerClient = []string{"mac1"}
+
+		}
+		if k.CompressionClientServer == nil {
+			k.CompressionClientServer = []string{"compression1"}
+
+		}
+		if k.CompressionServerClient == nil {
+			k.CompressionServerClient = []string{"compression1"}
+
+		}
+		if k.LanguagesClientServer == nil {
+			k.LanguagesClientServer = []string{"language1"}
+
+		}
+		if k.LanguagesServerClient == nil {
+			k.LanguagesServerClient = []string{"language1"}
+
+		}
+	}
+
+	initDirAlgs := func(a *directionAlgorithms) {
+		if a.Cipher == "" {
+			a.Cipher = "cipher1"
+		}
+		if a.MAC == "" {
+			a.MAC = "mac1"
+		}
+		if a.Compression == "" {
+			a.Compression = "compression1"
+		}
+	}
+
+	initAlgs := func(a *algorithms) {
+		if a.kex == "" {
+			a.kex = "kex1"
+		}
+		if a.hostKey == "" {
+			a.hostKey = "hostkey1"
+		}
+		initDirAlgs(&a.r)
+		initDirAlgs(&a.w)
+	}
+
+	type testcase struct {
+		name                   string
+		clientIn, serverIn     kexInitMsg
+		wantClient, wantServer algorithms
+		wantErr                bool
+	}
+
+	cases := []testcase{
+		testcase{
+			name: "standard",
+		},
+
+		testcase{
+			name: "no common hostkey",
+			serverIn: kexInitMsg{
+				ServerHostKeyAlgos: []string{"hostkey2"},
+			},
+			wantErr: true,
+		},
+
+		testcase{
+			name: "no common kex",
+			serverIn: kexInitMsg{
+				KexAlgos: []string{"kex2"},
+			},
+			wantErr: true,
+		},
+
+		testcase{
+			name: "no common cipher",
+			serverIn: kexInitMsg{
+				CiphersClientServer: []string{"cipher2"},
+			},
+			wantErr: true,
+		},
+
+		testcase{
+			name: "client decides cipher",
+			serverIn: kexInitMsg{
+				CiphersClientServer: []string{"cipher1", "cipher2"},
+				CiphersServerClient: []string{"cipher2", "cipher3"},
+			},
+			clientIn: kexInitMsg{
+				CiphersClientServer: []string{"cipher2", "cipher1"},
+				CiphersServerClient: []string{"cipher3", "cipher2"},
+			},
+			wantClient: algorithms{
+				r: directionAlgorithms{
+					Cipher: "cipher3",
+				},
+				w: directionAlgorithms{
+					Cipher: "cipher2",
+				},
+			},
+			wantServer: algorithms{
+				w: directionAlgorithms{
+					Cipher: "cipher3",
+				},
+				r: directionAlgorithms{
+					Cipher: "cipher2",
+				},
+			},
+		},
+
+		// TODO(hanwen): fix and add tests for AEAD ignoring
+		// the MACs field
+	}
+
+	for i := range cases {
+		initKex(&cases[i].clientIn)
+		initKex(&cases[i].serverIn)
+		initAlgs(&cases[i].wantClient)
+		initAlgs(&cases[i].wantServer)
+	}
+
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			serverAlgs, serverErr := findAgreedAlgorithms(false, &c.clientIn, &c.serverIn)
+			clientAlgs, clientErr := findAgreedAlgorithms(true, &c.clientIn, &c.serverIn)
+
+			serverHasErr := serverErr != nil
+			clientHasErr := clientErr != nil
+			if c.wantErr != serverHasErr || c.wantErr != clientHasErr {
+				t.Fatalf("got client/server error (%v, %v), want hasError %v",
+					clientErr, serverErr, c.wantErr)
+
+			}
+			if c.wantErr {
+				return
+			}
+
+			if !reflect.DeepEqual(serverAlgs, &c.wantServer) {
+				t.Errorf("server: got algs %#v, want %#v", serverAlgs, &c.wantServer)
+			}
+			if !reflect.DeepEqual(clientAlgs, &c.wantClient) {
+				t.Errorf("server: got algs %#v, want %#v", clientAlgs, &c.wantClient)
+			}
+		})
+	}
+}
diff --git a/ssh/example_test.go b/ssh/example_test.go
index b910c7bf6..8a0aaef2d 100644
--- a/ssh/example_test.go
+++ b/ssh/example_test.go
@@ -140,7 +140,7 @@ func ExampleNewServerConn() {
 	}
 }
 
-func ExampleHostKeyCheck() {
+func ExampleClientConfig_HostKeyCallback() {
 	// Every client must provide a host key check.  Here is a
 	// simple-minded parse of OpenSSH's known_hosts file
 	host := "hostname"
@@ -198,6 +198,7 @@ func ExampleDial() {
 	if err != nil {
 		log.Fatal("Failed to dial: ", err)
 	}
+	defer client.Close()
 
 	// Each ClientConn can support multiple interactive sessions,
 	// represented by a Session.
diff --git a/ssh/handshake.go b/ssh/handshake.go
index 932ce8393..2b10b05a4 100644
--- a/ssh/handshake.go
+++ b/ssh/handshake.go
@@ -78,6 +78,11 @@ type handshakeTransport struct {
 	dialAddress     string
 	remoteAddr      net.Addr
 
+	// bannerCallback is non-empty if we are the client and it has been set in
+	// ClientConfig. In that case it is called during the user authentication
+	// dance to handle a custom server's message.
+	bannerCallback BannerCallback
+
 	// Algorithms agreed in the last key exchange.
 	algorithms *algorithms
 
@@ -120,6 +125,7 @@ func newClientTransport(conn keyingTransport, clientVersion, serverVersion []byt
 	t.dialAddress = dialAddr
 	t.remoteAddr = addr
 	t.hostKeyCallback = config.HostKeyCallback
+	t.bannerCallback = config.BannerCallback
 	if config.HostKeyAlgorithms != nil {
 		t.hostKeyAlgorithms = config.HostKeyAlgorithms
 	} else {
@@ -537,7 +543,8 @@ func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
 
 	clientInit := otherInit
 	serverInit := t.sentInitMsg
-	if len(t.hostKeys) == 0 {
+	isClient := len(t.hostKeys) == 0
+	if isClient {
 		clientInit, serverInit = serverInit, clientInit
 
 		magics.clientKexInit = t.sentInitPacket
@@ -545,7 +552,7 @@ func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error {
 	}
 
 	var err error
-	t.algorithms, err = findAgreedAlgorithms(clientInit, serverInit)
+	t.algorithms, err = findAgreedAlgorithms(isClient, clientInit, serverInit)
 	if err != nil {
 		return err
 	}
diff --git a/ssh/handshake_test.go b/ssh/handshake_test.go
index 91d493568..02fbe8382 100644
--- a/ssh/handshake_test.go
+++ b/ssh/handshake_test.go
@@ -421,6 +421,9 @@ func TestHandshakeErrorHandlingWriteCoupled(t *testing.T) {
 // handshakeTransport deadlocks, the go runtime will detect it and
 // panic.
 func testHandshakeErrorHandlingN(t *testing.T, readLimit, writeLimit int, coupled bool) {
+	if runtime.GOOS == "js" && runtime.GOARCH == "wasm" {
+		t.Skip("skipping on js/wasm; see golang.org/issue/32840")
+	}
 	msg := Marshal(&serviceRequestMsg{strings.Repeat("x", int(minRekeyThreshold)/4)})
 
 	a, b := memPipe()
diff --git a/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go b/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go
new file mode 100644
index 000000000..af81d2665
--- /dev/null
+++ b/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go
@@ -0,0 +1,93 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package bcrypt_pbkdf implements bcrypt_pbkdf(3) from OpenBSD.
+//
+// See https://flak.tedunangst.com/post/bcrypt-pbkdf and
+// https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libutil/bcrypt_pbkdf.c.
+package bcrypt_pbkdf
+
+import (
+	"crypto/sha512"
+	"errors"
+	"golang.org/x/crypto/blowfish"
+)
+
+const blockSize = 32
+
+// Key derives a key from the password, salt and rounds count, returning a
+// []byte of length keyLen that can be used as cryptographic key.
+func Key(password, salt []byte, rounds, keyLen int) ([]byte, error) {
+	if rounds < 1 {
+		return nil, errors.New("bcrypt_pbkdf: number of rounds is too small")
+	}
+	if len(password) == 0 {
+		return nil, errors.New("bcrypt_pbkdf: empty password")
+	}
+	if len(salt) == 0 || len(salt) > 1<<20 {
+		return nil, errors.New("bcrypt_pbkdf: bad salt length")
+	}
+	if keyLen > 1024 {
+		return nil, errors.New("bcrypt_pbkdf: keyLen is too large")
+	}
+
+	numBlocks := (keyLen + blockSize - 1) / blockSize
+	key := make([]byte, numBlocks*blockSize)
+
+	h := sha512.New()
+	h.Write(password)
+	shapass := h.Sum(nil)
+
+	shasalt := make([]byte, 0, sha512.Size)
+	cnt, tmp := make([]byte, 4), make([]byte, blockSize)
+	for block := 1; block <= numBlocks; block++ {
+		h.Reset()
+		h.Write(salt)
+		cnt[0] = byte(block >> 24)
+		cnt[1] = byte(block >> 16)
+		cnt[2] = byte(block >> 8)
+		cnt[3] = byte(block)
+		h.Write(cnt)
+		bcryptHash(tmp, shapass, h.Sum(shasalt))
+
+		out := make([]byte, blockSize)
+		copy(out, tmp)
+		for i := 2; i <= rounds; i++ {
+			h.Reset()
+			h.Write(tmp)
+			bcryptHash(tmp, shapass, h.Sum(shasalt))
+			for j := 0; j < len(out); j++ {
+				out[j] ^= tmp[j]
+			}
+		}
+
+		for i, v := range out {
+			key[i*numBlocks+(block-1)] = v
+		}
+	}
+	return key[:keyLen], nil
+}
+
+var magic = []byte("OxychromaticBlowfishSwatDynamite")
+
+func bcryptHash(out, shapass, shasalt []byte) {
+	c, err := blowfish.NewSaltedCipher(shapass, shasalt)
+	if err != nil {
+		panic(err)
+	}
+	for i := 0; i < 64; i++ {
+		blowfish.ExpandKey(shasalt, c)
+		blowfish.ExpandKey(shapass, c)
+	}
+	copy(out, magic)
+	for i := 0; i < 32; i += 8 {
+		for j := 0; j < 64; j++ {
+			c.Encrypt(out[i:i+8], out[i:i+8])
+		}
+	}
+	// Swap bytes due to different endianness.
+	for i := 0; i < 32; i += 4 {
+		out[i+3], out[i+2], out[i+1], out[i] = out[i], out[i+1], out[i+2], out[i+3]
+	}
+}
diff --git a/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf_test.go b/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf_test.go
new file mode 100644
index 000000000..20b7889bc
--- /dev/null
+++ b/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf_test.go
@@ -0,0 +1,97 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package bcrypt_pbkdf
+
+import (
+	"bytes"
+	"testing"
+)
+
+// Test vectors generated by the reference implementation from OpenBSD.
+var golden = []struct {
+	rounds                 int
+	password, salt, result []byte
+}{
+	{
+		12,
+		[]byte("password"),
+		[]byte("salt"),
+		[]byte{
+			0x1a, 0xe4, 0x2c, 0x05, 0xd4, 0x87, 0xbc, 0x02, 0xf6,
+			0x49, 0x21, 0xa4, 0xeb, 0xe4, 0xea, 0x93, 0xbc, 0xac,
+			0xfe, 0x13, 0x5f, 0xda, 0x99, 0x97, 0x4c, 0x06, 0xb7,
+			0xb0, 0x1f, 0xae, 0x14, 0x9a,
+		},
+	},
+	{
+		3,
+		[]byte("passwordy\x00PASSWORD\x00"),
+		[]byte("salty\x00SALT\x00"),
+		[]byte{
+			0x7f, 0x31, 0x0b, 0xd3, 0xe7, 0x8c, 0x32, 0x80, 0xc5,
+			0x9c, 0xe4, 0x59, 0x52, 0x11, 0xa2, 0x92, 0x8e, 0x8d,
+			0x4e, 0xc7, 0x44, 0xc1, 0xed, 0x2e, 0xfc, 0x9f, 0x76,
+			0x4e, 0x33, 0x88, 0xe0, 0xad,
+		},
+	},
+	{
+		// See http://thread.gmane.org/gmane.os.openbsd.bugs/20542
+		8,
+		[]byte("секретное слово"),
+		[]byte("посолить немножко"),
+		[]byte{
+			0x8d, 0xf4, 0x3f, 0xc6, 0xfe, 0x13, 0x1f, 0xc4, 0x7f,
+			0x0c, 0x9e, 0x39, 0x22, 0x4b, 0xd9, 0x4c, 0x70, 0xb6,
+			0xfc, 0xc8, 0xee, 0x81, 0x35, 0xfa, 0xdd, 0xf6, 0x11,
+			0x56, 0xe6, 0xcb, 0x27, 0x33, 0xea, 0x76, 0x5f, 0x31,
+			0x5a, 0x3e, 0x1e, 0x4a, 0xfc, 0x35, 0xbf, 0x86, 0x87,
+			0xd1, 0x89, 0x25, 0x4c, 0x1e, 0x05, 0xa6, 0xfe, 0x80,
+			0xc0, 0x61, 0x7f, 0x91, 0x83, 0xd6, 0x72, 0x60, 0xd6,
+			0xa1, 0x15, 0xc6, 0xc9, 0x4e, 0x36, 0x03, 0xe2, 0x30,
+			0x3f, 0xbb, 0x43, 0xa7, 0x6a, 0x64, 0x52, 0x3f, 0xfd,
+			0xa6, 0x86, 0xb1, 0xd4, 0x51, 0x85, 0x43,
+		},
+	},
+}
+
+func TestKey(t *testing.T) {
+	for i, v := range golden {
+		k, err := Key(v.password, v.salt, v.rounds, len(v.result))
+		if err != nil {
+			t.Errorf("%d: %s", i, err)
+			continue
+		}
+		if !bytes.Equal(k, v.result) {
+			t.Errorf("%d: expected\n%x\n, got\n%x\n", i, v.result, k)
+		}
+	}
+}
+
+func TestBcryptHash(t *testing.T) {
+	good := []byte{
+		0x87, 0x90, 0x48, 0x70, 0xee, 0xf9, 0xde, 0xdd, 0xf8, 0xe7,
+		0x61, 0x1a, 0x14, 0x01, 0x06, 0xe6, 0xaa, 0xf1, 0xa3, 0x63,
+		0xd9, 0xa2, 0xc5, 0x04, 0xdb, 0x35, 0x64, 0x43, 0x72, 0x1e,
+		0xb5, 0x55,
+	}
+	var pass, salt [64]byte
+	var result [32]byte
+	for i := 0; i < 64; i++ {
+		pass[i] = byte(i)
+		salt[i] = byte(i + 64)
+	}
+	bcryptHash(result[:], pass[:], salt[:])
+	if !bytes.Equal(result[:], good) {
+		t.Errorf("expected %x, got %x", good, result)
+	}
+}
+
+func BenchmarkKey(b *testing.B) {
+	pass := []byte("password")
+	salt := []byte("salt")
+	for i := 0; i < b.N; i++ {
+		Key(pass, salt, 10, 32)
+	}
+}
diff --git a/ssh/kex.go b/ssh/kex.go
index f91c2770e..766e92939 100644
--- a/ssh/kex.go
+++ b/ssh/kex.go
@@ -10,7 +10,9 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/subtle"
+	"encoding/binary"
 	"errors"
+	"fmt"
 	"io"
 	"math/big"
 
@@ -24,6 +26,12 @@ const (
 	kexAlgoECDH384          = "ecdh-sha2-nistp384"
 	kexAlgoECDH521          = "ecdh-sha2-nistp521"
 	kexAlgoCurve25519SHA256 = "curve25519-sha256@libssh.org"
+
+	// For the following kex only the client half contains a production
+	// ready implementation. The server half only consists of a minimal
+	// implementation to satisfy the automated tests.
+	kexAlgoDHGEXSHA1   = "diffie-hellman-group-exchange-sha1"
+	kexAlgoDHGEXSHA256 = "diffie-hellman-group-exchange-sha256"
 )
 
 // kexResult captures the outcome of a key exchange.
@@ -119,7 +127,7 @@ func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handsha
 		return nil, err
 	}
 
-	kInt, err := group.diffieHellman(kexDHReply.Y, x)
+	ki, err := group.diffieHellman(kexDHReply.Y, x)
 	if err != nil {
 		return nil, err
 	}
@@ -129,8 +137,8 @@ func (group *dhGroup) Client(c packetConn, randSource io.Reader, magics *handsha
 	writeString(h, kexDHReply.HostKey)
 	writeInt(h, X)
 	writeInt(h, kexDHReply.Y)
-	K := make([]byte, intLength(kInt))
-	marshalInt(K, kInt)
+	K := make([]byte, intLength(ki))
+	marshalInt(K, ki)
 	h.Write(K)
 
 	return &kexResult{
@@ -164,7 +172,7 @@ func (group *dhGroup) Server(c packetConn, randSource io.Reader, magics *handsha
 	}
 
 	Y := new(big.Int).Exp(group.g, y, group.p)
-	kInt, err := group.diffieHellman(kexDHInit.X, y)
+	ki, err := group.diffieHellman(kexDHInit.X, y)
 	if err != nil {
 		return nil, err
 	}
@@ -177,8 +185,8 @@ func (group *dhGroup) Server(c packetConn, randSource io.Reader, magics *handsha
 	writeInt(h, kexDHInit.X)
 	writeInt(h, Y)
 
-	K := make([]byte, intLength(kInt))
-	marshalInt(K, kInt)
+	K := make([]byte, intLength(ki))
+	marshalInt(K, ki)
 	h.Write(K)
 
 	H := h.Sum(nil)
@@ -204,7 +212,7 @@ func (group *dhGroup) Server(c packetConn, randSource io.Reader, magics *handsha
 		HostKey:   hostKeyBytes,
 		Signature: sig,
 		Hash:      crypto.SHA1,
-	}, nil
+	}, err
 }
 
 // ecdh performs Elliptic Curve Diffie-Hellman key exchange as
@@ -402,6 +410,8 @@ func init() {
 	kexAlgoMap[kexAlgoECDH384] = &ecdh{elliptic.P384()}
 	kexAlgoMap[kexAlgoECDH256] = &ecdh{elliptic.P256()}
 	kexAlgoMap[kexAlgoCurve25519SHA256] = &curve25519sha256{}
+	kexAlgoMap[kexAlgoDHGEXSHA1] = &dhGEXSHA{hashFunc: crypto.SHA1}
+	kexAlgoMap[kexAlgoDHGEXSHA256] = &dhGEXSHA{hashFunc: crypto.SHA256}
 }
 
 // curve25519sha256 implements the curve25519-sha256@libssh.org key
@@ -462,9 +472,9 @@ func (kex *curve25519sha256) Client(c packetConn, rand io.Reader, magics *handsh
 	writeString(h, kp.pub[:])
 	writeString(h, reply.EphemeralPubKey)
 
-	kInt := new(big.Int).SetBytes(secret[:])
-	K := make([]byte, intLength(kInt))
-	marshalInt(K, kInt)
+	ki := new(big.Int).SetBytes(secret[:])
+	K := make([]byte, intLength(ki))
+	marshalInt(K, ki)
 	h.Write(K)
 
 	return &kexResult{
@@ -510,9 +520,9 @@ func (kex *curve25519sha256) Server(c packetConn, rand io.Reader, magics *handsh
 	writeString(h, kexInit.ClientPubKey)
 	writeString(h, kp.pub[:])
 
-	kInt := new(big.Int).SetBytes(secret[:])
-	K := make([]byte, intLength(kInt))
-	marshalInt(K, kInt)
+	ki := new(big.Int).SetBytes(secret[:])
+	K := make([]byte, intLength(ki))
+	marshalInt(K, ki)
 	h.Write(K)
 
 	H := h.Sum(nil)
@@ -538,3 +548,235 @@ func (kex *curve25519sha256) Server(c packetConn, rand io.Reader, magics *handsh
 		Hash:      crypto.SHA256,
 	}, nil
 }
+
+// dhGEXSHA implements the diffie-hellman-group-exchange-sha1 and
+// diffie-hellman-group-exchange-sha256 key agreement protocols,
+// as described in RFC 4419
+type dhGEXSHA struct {
+	g, p     *big.Int
+	hashFunc crypto.Hash
+}
+
+const (
+	dhGroupExchangeMinimumBits   = 2048
+	dhGroupExchangePreferredBits = 2048
+	dhGroupExchangeMaximumBits   = 8192
+)
+
+func (gex *dhGEXSHA) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int, error) {
+	if theirPublic.Sign() <= 0 || theirPublic.Cmp(gex.p) >= 0 {
+		return nil, fmt.Errorf("ssh: DH parameter out of bounds")
+	}
+	return new(big.Int).Exp(theirPublic, myPrivate, gex.p), nil
+}
+
+func (gex dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) {
+	// Send GexRequest
+	kexDHGexRequest := kexDHGexRequestMsg{
+		MinBits:      dhGroupExchangeMinimumBits,
+		PreferedBits: dhGroupExchangePreferredBits,
+		MaxBits:      dhGroupExchangeMaximumBits,
+	}
+	if err := c.writePacket(Marshal(&kexDHGexRequest)); err != nil {
+		return nil, err
+	}
+
+	// Receive GexGroup
+	packet, err := c.readPacket()
+	if err != nil {
+		return nil, err
+	}
+
+	var kexDHGexGroup kexDHGexGroupMsg
+	if err = Unmarshal(packet, &kexDHGexGroup); err != nil {
+		return nil, err
+	}
+
+	// reject if p's bit length < dhGroupExchangeMinimumBits or > dhGroupExchangeMaximumBits
+	if kexDHGexGroup.P.BitLen() < dhGroupExchangeMinimumBits || kexDHGexGroup.P.BitLen() > dhGroupExchangeMaximumBits {
+		return nil, fmt.Errorf("ssh: server-generated gex p is out of range (%d bits)", kexDHGexGroup.P.BitLen())
+	}
+
+	gex.p = kexDHGexGroup.P
+	gex.g = kexDHGexGroup.G
+
+	// Check if g is safe by verifing that g > 1 and g < p - 1
+	one := big.NewInt(1)
+	var pMinusOne = &big.Int{}
+	pMinusOne.Sub(gex.p, one)
+	if gex.g.Cmp(one) != 1 && gex.g.Cmp(pMinusOne) != -1 {
+		return nil, fmt.Errorf("ssh: server provided gex g is not safe")
+	}
+
+	// Send GexInit
+	var pHalf = &big.Int{}
+	pHalf.Rsh(gex.p, 1)
+	x, err := rand.Int(randSource, pHalf)
+	if err != nil {
+		return nil, err
+	}
+	X := new(big.Int).Exp(gex.g, x, gex.p)
+	kexDHGexInit := kexDHGexInitMsg{
+		X: X,
+	}
+	if err := c.writePacket(Marshal(&kexDHGexInit)); err != nil {
+		return nil, err
+	}
+
+	// Receive GexReply
+	packet, err = c.readPacket()
+	if err != nil {
+		return nil, err
+	}
+
+	var kexDHGexReply kexDHGexReplyMsg
+	if err = Unmarshal(packet, &kexDHGexReply); err != nil {
+		return nil, err
+	}
+
+	kInt, err := gex.diffieHellman(kexDHGexReply.Y, x)
+	if err != nil {
+		return nil, err
+	}
+
+	// Check if k is safe by verifing that k > 1 and k < p - 1
+	if kInt.Cmp(one) != 1 && kInt.Cmp(pMinusOne) != -1 {
+		return nil, fmt.Errorf("ssh: derived k is not safe")
+	}
+
+	h := gex.hashFunc.New()
+	magics.write(h)
+	writeString(h, kexDHGexReply.HostKey)
+	binary.Write(h, binary.BigEndian, uint32(dhGroupExchangeMinimumBits))
+	binary.Write(h, binary.BigEndian, uint32(dhGroupExchangePreferredBits))
+	binary.Write(h, binary.BigEndian, uint32(dhGroupExchangeMaximumBits))
+	writeInt(h, gex.p)
+	writeInt(h, gex.g)
+	writeInt(h, X)
+	writeInt(h, kexDHGexReply.Y)
+	K := make([]byte, intLength(kInt))
+	marshalInt(K, kInt)
+	h.Write(K)
+
+	return &kexResult{
+		H:         h.Sum(nil),
+		K:         K,
+		HostKey:   kexDHGexReply.HostKey,
+		Signature: kexDHGexReply.Signature,
+		Hash:      gex.hashFunc,
+	}, nil
+}
+
+// Server half implementation of the Diffie Hellman Key Exchange with SHA1 and SHA256.
+//
+// This is a minimal implementation to satisfy the automated tests.
+func (gex dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) {
+	// Receive GexRequest
+	packet, err := c.readPacket()
+	if err != nil {
+		return
+	}
+	var kexDHGexRequest kexDHGexRequestMsg
+	if err = Unmarshal(packet, &kexDHGexRequest); err != nil {
+		return
+	}
+
+	// smoosh the user's preferred size into our own limits
+	if kexDHGexRequest.PreferedBits > dhGroupExchangeMaximumBits {
+		kexDHGexRequest.PreferedBits = dhGroupExchangeMaximumBits
+	}
+	if kexDHGexRequest.PreferedBits < dhGroupExchangeMinimumBits {
+		kexDHGexRequest.PreferedBits = dhGroupExchangeMinimumBits
+	}
+	// fix min/max if they're inconsistent.  technically, we could just pout
+	// and hang up, but there's no harm in giving them the benefit of the
+	// doubt and just picking a bitsize for them.
+	if kexDHGexRequest.MinBits > kexDHGexRequest.PreferedBits {
+		kexDHGexRequest.MinBits = kexDHGexRequest.PreferedBits
+	}
+	if kexDHGexRequest.MaxBits < kexDHGexRequest.PreferedBits {
+		kexDHGexRequest.MaxBits = kexDHGexRequest.PreferedBits
+	}
+
+	// Send GexGroup
+	// This is the group called diffie-hellman-group14-sha1 in RFC
+	// 4253 and Oakley Group 14 in RFC 3526.
+	p, _ := new(big.Int).SetString("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF", 16)
+	gex.p = p
+	gex.g = big.NewInt(2)
+
+	kexDHGexGroup := kexDHGexGroupMsg{
+		P: gex.p,
+		G: gex.g,
+	}
+	if err := c.writePacket(Marshal(&kexDHGexGroup)); err != nil {
+		return nil, err
+	}
+
+	// Receive GexInit
+	packet, err = c.readPacket()
+	if err != nil {
+		return
+	}
+	var kexDHGexInit kexDHGexInitMsg
+	if err = Unmarshal(packet, &kexDHGexInit); err != nil {
+		return
+	}
+
+	var pHalf = &big.Int{}
+	pHalf.Rsh(gex.p, 1)
+
+	y, err := rand.Int(randSource, pHalf)
+	if err != nil {
+		return
+	}
+
+	Y := new(big.Int).Exp(gex.g, y, gex.p)
+	kInt, err := gex.diffieHellman(kexDHGexInit.X, y)
+	if err != nil {
+		return nil, err
+	}
+
+	hostKeyBytes := priv.PublicKey().Marshal()
+
+	h := gex.hashFunc.New()
+	magics.write(h)
+	writeString(h, hostKeyBytes)
+	binary.Write(h, binary.BigEndian, uint32(dhGroupExchangeMinimumBits))
+	binary.Write(h, binary.BigEndian, uint32(dhGroupExchangePreferredBits))
+	binary.Write(h, binary.BigEndian, uint32(dhGroupExchangeMaximumBits))
+	writeInt(h, gex.p)
+	writeInt(h, gex.g)
+	writeInt(h, kexDHGexInit.X)
+	writeInt(h, Y)
+
+	K := make([]byte, intLength(kInt))
+	marshalInt(K, kInt)
+	h.Write(K)
+
+	H := h.Sum(nil)
+
+	// H is already a hash, but the hostkey signing will apply its
+	// own key-specific hash algorithm.
+	sig, err := signAndMarshal(priv, randSource, H)
+	if err != nil {
+		return nil, err
+	}
+
+	kexDHGexReply := kexDHGexReplyMsg{
+		HostKey:   hostKeyBytes,
+		Y:         Y,
+		Signature: sig,
+	}
+	packet = Marshal(&kexDHGexReply)
+
+	err = c.writePacket(packet)
+
+	return &kexResult{
+		H:         H,
+		K:         K,
+		HostKey:   hostKeyBytes,
+		Signature: sig,
+		Hash:      gex.hashFunc,
+	}, err
+}
diff --git a/ssh/kex_test.go b/ssh/kex_test.go
index 12ca0acd3..1416b171d 100644
--- a/ssh/kex_test.go
+++ b/ssh/kex_test.go
@@ -9,9 +9,14 @@ package ssh
 import (
 	"crypto/rand"
 	"reflect"
+	"sync"
 	"testing"
 )
 
+// Runs multiple key exchanges concurrent to detect potential data races with
+// kex obtained from the global kexAlgoMap.
+// This test needs to be executed using the race detector in order to detect
+// race conditions.
 func TestKexes(t *testing.T) {
 	type kexResultErr struct {
 		result *kexResult
@@ -19,32 +24,42 @@ func TestKexes(t *testing.T) {
 	}
 
 	for name, kex := range kexAlgoMap {
-		a, b := memPipe()
+		t.Run(name, func(t *testing.T) {
+			wg := sync.WaitGroup{}
+			for i := 0; i < 3; i++ {
+				wg.Add(1)
+				go func() {
+					defer wg.Done()
+					a, b := memPipe()
 
-		s := make(chan kexResultErr, 1)
-		c := make(chan kexResultErr, 1)
-		var magics handshakeMagics
-		go func() {
-			r, e := kex.Client(a, rand.Reader, &magics)
-			a.Close()
-			c <- kexResultErr{r, e}
-		}()
-		go func() {
-			r, e := kex.Server(b, rand.Reader, &magics, testSigners["ecdsa"])
-			b.Close()
-			s <- kexResultErr{r, e}
-		}()
+					s := make(chan kexResultErr, 1)
+					c := make(chan kexResultErr, 1)
+					var magics handshakeMagics
+					go func() {
+						r, e := kex.Client(a, rand.Reader, &magics)
+						a.Close()
+						c <- kexResultErr{r, e}
+					}()
+					go func() {
+						r, e := kex.Server(b, rand.Reader, &magics, testSigners["ecdsa"])
+						b.Close()
+						s <- kexResultErr{r, e}
+					}()
 
-		clientRes := <-c
-		serverRes := <-s
-		if clientRes.err != nil {
-			t.Errorf("client: %v", clientRes.err)
-		}
-		if serverRes.err != nil {
-			t.Errorf("server: %v", serverRes.err)
-		}
-		if !reflect.DeepEqual(clientRes.result, serverRes.result) {
-			t.Errorf("kex %q: mismatch %#v, %#v", name, clientRes.result, serverRes.result)
-		}
+					clientRes := <-c
+					serverRes := <-s
+					if clientRes.err != nil {
+						t.Errorf("client: %v", clientRes.err)
+					}
+					if serverRes.err != nil {
+						t.Errorf("server: %v", serverRes.err)
+					}
+					if !reflect.DeepEqual(clientRes.result, serverRes.result) {
+						t.Errorf("kex %q: mismatch %#v, %#v", name, clientRes.result, serverRes.result)
+					}
+				}()
+			}
+			wg.Wait()
+		})
 	}
 }
diff --git a/ssh/keys.go b/ssh/keys.go
index 7a8756a93..31f26349a 100644
--- a/ssh/keys.go
+++ b/ssh/keys.go
@@ -7,6 +7,8 @@ package ssh
 import (
 	"bytes"
 	"crypto"
+	"crypto/aes"
+	"crypto/cipher"
 	"crypto/dsa"
 	"crypto/ecdsa"
 	"crypto/elliptic"
@@ -25,17 +27,30 @@ import (
 	"strings"
 
 	"golang.org/x/crypto/ed25519"
+	"golang.org/x/crypto/ssh/internal/bcrypt_pbkdf"
 )
 
 // These constants represent the algorithm names for key types supported by this
 // package.
 const (
-	KeyAlgoRSA      = "ssh-rsa"
-	KeyAlgoDSA      = "ssh-dss"
-	KeyAlgoECDSA256 = "ecdsa-sha2-nistp256"
-	KeyAlgoECDSA384 = "ecdsa-sha2-nistp384"
-	KeyAlgoECDSA521 = "ecdsa-sha2-nistp521"
-	KeyAlgoED25519  = "ssh-ed25519"
+	KeyAlgoRSA        = "ssh-rsa"
+	KeyAlgoDSA        = "ssh-dss"
+	KeyAlgoECDSA256   = "ecdsa-sha2-nistp256"
+	KeyAlgoSKECDSA256 = "sk-ecdsa-sha2-nistp256@openssh.com"
+	KeyAlgoECDSA384   = "ecdsa-sha2-nistp384"
+	KeyAlgoECDSA521   = "ecdsa-sha2-nistp521"
+	KeyAlgoED25519    = "ssh-ed25519"
+	KeyAlgoSKED25519  = "sk-ssh-ed25519@openssh.com"
+)
+
+// These constants represent non-default signature algorithms that are supported
+// as algorithm parameters to AlgorithmSigner.SignWithAlgorithm methods. See
+// [PROTOCOL.agent] section 4.5.1 and
+// https://tools.ietf.org/html/draft-ietf-curdle-rsa-sha2-10
+const (
+	SigAlgoRSA        = "ssh-rsa"
+	SigAlgoRSASHA2256 = "rsa-sha2-256"
+	SigAlgoRSASHA2512 = "rsa-sha2-512"
 )
 
 // parsePubKey parses a public key of the given algorithm.
@@ -48,9 +63,13 @@ func parsePubKey(in []byte, algo string) (pubKey PublicKey, rest []byte, err err
 		return parseDSA(in)
 	case KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521:
 		return parseECDSA(in)
+	case KeyAlgoSKECDSA256:
+		return parseSKECDSA(in)
 	case KeyAlgoED25519:
 		return parseED25519(in)
-	case CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01:
+	case KeyAlgoSKED25519:
+		return parseSKEd25519(in)
+	case CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoSKECDSA256v01, CertAlgoED25519v01, CertAlgoSKED25519v01:
 		cert, err := parseCert(in, certToPrivAlgo(algo))
 		if err != nil {
 			return nil, nil, err
@@ -276,7 +295,8 @@ type PublicKey interface {
 	Type() string
 
 	// Marshal returns the serialized key data in SSH wire format,
-	// with the name prefix.
+	// with the name prefix. To unmarshal the returned data, use
+	// the ParsePublicKey function.
 	Marshal() []byte
 
 	// Verify that sig is a signature on the given data using this
@@ -300,6 +320,19 @@ type Signer interface {
 	Sign(rand io.Reader, data []byte) (*Signature, error)
 }
 
+// A AlgorithmSigner is a Signer that also supports specifying a specific
+// algorithm to use for signing.
+type AlgorithmSigner interface {
+	Signer
+
+	// SignWithAlgorithm is like Signer.Sign, but allows specification of a
+	// non-default signing algorithm. See the SigAlgo* constants in this
+	// package for signature algorithms supported by this package. Callers may
+	// pass an empty string for the algorithm in which case the AlgorithmSigner
+	// will use its default algorithm.
+	SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error)
+}
+
 type rsaPublicKey rsa.PublicKey
 
 func (r *rsaPublicKey) Type() string {
@@ -348,13 +381,21 @@ func (r *rsaPublicKey) Marshal() []byte {
 }
 
 func (r *rsaPublicKey) Verify(data []byte, sig *Signature) error {
-	if sig.Format != r.Type() {
+	var hash crypto.Hash
+	switch sig.Format {
+	case SigAlgoRSA:
+		hash = crypto.SHA1
+	case SigAlgoRSASHA2256:
+		hash = crypto.SHA256
+	case SigAlgoRSASHA2512:
+		hash = crypto.SHA512
+	default:
 		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, r.Type())
 	}
-	h := crypto.SHA1.New()
+	h := hash.New()
 	h.Write(data)
 	digest := h.Sum(nil)
-	return rsa.VerifyPKCS1v15((*rsa.PublicKey)(r), crypto.SHA1, digest, sig.Blob)
+	return rsa.VerifyPKCS1v15((*rsa.PublicKey)(r), hash, digest, sig.Blob)
 }
 
 func (r *rsaPublicKey) CryptoPublicKey() crypto.PublicKey {
@@ -363,10 +404,21 @@ func (r *rsaPublicKey) CryptoPublicKey() crypto.PublicKey {
 
 type dsaPublicKey dsa.PublicKey
 
-func (r *dsaPublicKey) Type() string {
+func (k *dsaPublicKey) Type() string {
 	return "ssh-dss"
 }
 
+func checkDSAParams(param *dsa.Parameters) error {
+	// SSH specifies FIPS 186-2, which only provided a single size
+	// (1024 bits) DSA key. FIPS 186-3 allows for larger key
+	// sizes, which would confuse SSH.
+	if l := param.P.BitLen(); l != 1024 {
+		return fmt.Errorf("ssh: unsupported DSA key size %d", l)
+	}
+
+	return nil
+}
+
 // parseDSA parses an DSA key according to RFC 4253, section 6.6.
 func parseDSA(in []byte) (out PublicKey, rest []byte, err error) {
 	var w struct {
@@ -377,13 +429,18 @@ func parseDSA(in []byte) (out PublicKey, rest []byte, err error) {
 		return nil, nil, err
 	}
 
+	param := dsa.Parameters{
+		P: w.P,
+		Q: w.Q,
+		G: w.G,
+	}
+	if err := checkDSAParams(&param); err != nil {
+		return nil, nil, err
+	}
+
 	key := &dsaPublicKey{
-		Parameters: dsa.Parameters{
-			P: w.P,
-			Q: w.Q,
-			G: w.G,
-		},
-		Y: w.Y,
+		Parameters: param,
+		Y:          w.Y,
 	}
 	return key, w.Rest, nil
 }
@@ -442,6 +499,14 @@ func (k *dsaPrivateKey) PublicKey() PublicKey {
 }
 
 func (k *dsaPrivateKey) Sign(rand io.Reader, data []byte) (*Signature, error) {
+	return k.SignWithAlgorithm(rand, data, "")
+}
+
+func (k *dsaPrivateKey) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {
+	if algorithm != "" && algorithm != k.PublicKey().Type() {
+		return nil, fmt.Errorf("ssh: unsupported signature algorithm %s", algorithm)
+	}
+
 	h := crypto.SHA1.New()
 	h.Write(data)
 	digest := h.Sum(nil)
@@ -465,12 +530,12 @@ func (k *dsaPrivateKey) Sign(rand io.Reader, data []byte) (*Signature, error) {
 
 type ecdsaPublicKey ecdsa.PublicKey
 
-func (key *ecdsaPublicKey) Type() string {
-	return "ecdsa-sha2-" + key.nistID()
+func (k *ecdsaPublicKey) Type() string {
+	return "ecdsa-sha2-" + k.nistID()
 }
 
-func (key *ecdsaPublicKey) nistID() string {
-	switch key.Params().BitSize {
+func (k *ecdsaPublicKey) nistID() string {
+	switch k.Params().BitSize {
 	case 256:
 		return "nistp256"
 	case 384:
@@ -483,7 +548,7 @@ func (key *ecdsaPublicKey) nistID() string {
 
 type ed25519PublicKey ed25519.PublicKey
 
-func (key ed25519PublicKey) Type() string {
+func (k ed25519PublicKey) Type() string {
 	return KeyAlgoED25519
 }
 
@@ -497,29 +562,33 @@ func parseED25519(in []byte) (out PublicKey, rest []byte, err error) {
 		return nil, nil, err
 	}
 
-	key := ed25519.PublicKey(w.KeyBytes)
+	if l := len(w.KeyBytes); l != ed25519.PublicKeySize {
+		return nil, nil, fmt.Errorf("invalid size %d for Ed25519 public key", l)
+	}
 
-	return (ed25519PublicKey)(key), w.Rest, nil
+	return ed25519PublicKey(w.KeyBytes), w.Rest, nil
 }
 
-func (key ed25519PublicKey) Marshal() []byte {
+func (k ed25519PublicKey) Marshal() []byte {
 	w := struct {
 		Name     string
 		KeyBytes []byte
 	}{
 		KeyAlgoED25519,
-		[]byte(key),
+		[]byte(k),
 	}
 	return Marshal(&w)
 }
 
-func (key ed25519PublicKey) Verify(b []byte, sig *Signature) error {
-	if sig.Format != key.Type() {
-		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, key.Type())
+func (k ed25519PublicKey) Verify(b []byte, sig *Signature) error {
+	if sig.Format != k.Type() {
+		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
+	}
+	if l := len(k); l != ed25519.PublicKeySize {
+		return fmt.Errorf("ssh: invalid size %d for Ed25519 public key", l)
 	}
 
-	edKey := (ed25519.PublicKey)(key)
-	if ok := ed25519.Verify(edKey, b, sig.Blob); !ok {
+	if ok := ed25519.Verify(ed25519.PublicKey(k), b, sig.Blob); !ok {
 		return errors.New("ssh: signature did not verify")
 	}
 
@@ -579,9 +648,9 @@ func parseECDSA(in []byte) (out PublicKey, rest []byte, err error) {
 	return (*ecdsaPublicKey)(key), w.Rest, nil
 }
 
-func (key *ecdsaPublicKey) Marshal() []byte {
+func (k *ecdsaPublicKey) Marshal() []byte {
 	// See RFC 5656, section 3.1.
-	keyBytes := elliptic.Marshal(key.Curve, key.X, key.Y)
+	keyBytes := elliptic.Marshal(k.Curve, k.X, k.Y)
 	// ECDSA publickey struct layout should match the struct used by
 	// parseECDSACert in the x/crypto/ssh/agent package.
 	w := struct {
@@ -589,20 +658,20 @@ func (key *ecdsaPublicKey) Marshal() []byte {
 		ID   string
 		Key  []byte
 	}{
-		key.Type(),
-		key.nistID(),
+		k.Type(),
+		k.nistID(),
 		keyBytes,
 	}
 
 	return Marshal(&w)
 }
 
-func (key *ecdsaPublicKey) Verify(data []byte, sig *Signature) error {
-	if sig.Format != key.Type() {
-		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, key.Type())
+func (k *ecdsaPublicKey) Verify(data []byte, sig *Signature) error {
+	if sig.Format != k.Type() {
+		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
 	}
 
-	h := ecHash(key.Curve).New()
+	h := ecHash(k.Curve).New()
 	h.Write(data)
 	digest := h.Sum(nil)
 
@@ -619,7 +688,7 @@ func (key *ecdsaPublicKey) Verify(data []byte, sig *Signature) error {
 		return err
 	}
 
-	if ecdsa.Verify((*ecdsa.PublicKey)(key), digest, ecSig.R, ecSig.S) {
+	if ecdsa.Verify((*ecdsa.PublicKey)(k), digest, ecSig.R, ecSig.S) {
 		return nil
 	}
 	return errors.New("ssh: signature did not verify")
@@ -629,20 +698,247 @@ func (k *ecdsaPublicKey) CryptoPublicKey() crypto.PublicKey {
 	return (*ecdsa.PublicKey)(k)
 }
 
+// skFields holds the additional fields present in U2F/FIDO2 signatures.
+// See openssh/PROTOCOL.u2f 'SSH U2F Signatures' for details.
+type skFields struct {
+	// Flags contains U2F/FIDO2 flags such as 'user present'
+	Flags byte
+	// Counter is a monotonic signature counter which can be
+	// used to detect concurrent use of a private key, should
+	// it be extracted from hardware.
+	Counter uint32
+}
+
+type skECDSAPublicKey struct {
+	// application is a URL-like string, typically "ssh:" for SSH.
+	// see openssh/PROTOCOL.u2f for details.
+	application string
+	ecdsa.PublicKey
+}
+
+func (k *skECDSAPublicKey) Type() string {
+	return KeyAlgoSKECDSA256
+}
+
+func (k *skECDSAPublicKey) nistID() string {
+	return "nistp256"
+}
+
+func parseSKECDSA(in []byte) (out PublicKey, rest []byte, err error) {
+	var w struct {
+		Curve       string
+		KeyBytes    []byte
+		Application string
+		Rest        []byte `ssh:"rest"`
+	}
+
+	if err := Unmarshal(in, &w); err != nil {
+		return nil, nil, err
+	}
+
+	key := new(skECDSAPublicKey)
+	key.application = w.Application
+
+	if w.Curve != "nistp256" {
+		return nil, nil, errors.New("ssh: unsupported curve")
+	}
+	key.Curve = elliptic.P256()
+
+	key.X, key.Y = elliptic.Unmarshal(key.Curve, w.KeyBytes)
+	if key.X == nil || key.Y == nil {
+		return nil, nil, errors.New("ssh: invalid curve point")
+	}
+
+	return key, w.Rest, nil
+}
+
+func (k *skECDSAPublicKey) Marshal() []byte {
+	// See RFC 5656, section 3.1.
+	keyBytes := elliptic.Marshal(k.Curve, k.X, k.Y)
+	w := struct {
+		Name        string
+		ID          string
+		Key         []byte
+		Application string
+	}{
+		k.Type(),
+		k.nistID(),
+		keyBytes,
+		k.application,
+	}
+
+	return Marshal(&w)
+}
+
+func (k *skECDSAPublicKey) Verify(data []byte, sig *Signature) error {
+	if sig.Format != k.Type() {
+		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
+	}
+
+	h := ecHash(k.Curve).New()
+	h.Write([]byte(k.application))
+	appDigest := h.Sum(nil)
+
+	h.Reset()
+	h.Write(data)
+	dataDigest := h.Sum(nil)
+
+	var ecSig struct {
+		R *big.Int
+		S *big.Int
+	}
+	if err := Unmarshal(sig.Blob, &ecSig); err != nil {
+		return err
+	}
+
+	var skf skFields
+	if err := Unmarshal(sig.Rest, &skf); err != nil {
+		return err
+	}
+
+	blob := struct {
+		ApplicationDigest []byte `ssh:"rest"`
+		Flags             byte
+		Counter           uint32
+		MessageDigest     []byte `ssh:"rest"`
+	}{
+		appDigest,
+		skf.Flags,
+		skf.Counter,
+		dataDigest,
+	}
+
+	original := Marshal(blob)
+
+	h.Reset()
+	h.Write(original)
+	digest := h.Sum(nil)
+
+	if ecdsa.Verify((*ecdsa.PublicKey)(&k.PublicKey), digest, ecSig.R, ecSig.S) {
+		return nil
+	}
+	return errors.New("ssh: signature did not verify")
+}
+
+type skEd25519PublicKey struct {
+	// application is a URL-like string, typically "ssh:" for SSH.
+	// see openssh/PROTOCOL.u2f for details.
+	application string
+	ed25519.PublicKey
+}
+
+func (k *skEd25519PublicKey) Type() string {
+	return KeyAlgoSKED25519
+}
+
+func parseSKEd25519(in []byte) (out PublicKey, rest []byte, err error) {
+	var w struct {
+		KeyBytes    []byte
+		Application string
+		Rest        []byte `ssh:"rest"`
+	}
+
+	if err := Unmarshal(in, &w); err != nil {
+		return nil, nil, err
+	}
+
+	if l := len(w.KeyBytes); l != ed25519.PublicKeySize {
+		return nil, nil, fmt.Errorf("invalid size %d for Ed25519 public key", l)
+	}
+
+	key := new(skEd25519PublicKey)
+	key.application = w.Application
+	key.PublicKey = ed25519.PublicKey(w.KeyBytes)
+
+	return key, w.Rest, nil
+}
+
+func (k *skEd25519PublicKey) Marshal() []byte {
+	w := struct {
+		Name        string
+		KeyBytes    []byte
+		Application string
+	}{
+		KeyAlgoSKED25519,
+		[]byte(k.PublicKey),
+		k.application,
+	}
+	return Marshal(&w)
+}
+
+func (k *skEd25519PublicKey) Verify(data []byte, sig *Signature) error {
+	if sig.Format != k.Type() {
+		return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
+	}
+	if l := len(k.PublicKey); l != ed25519.PublicKeySize {
+		return fmt.Errorf("invalid size %d for Ed25519 public key", l)
+	}
+
+	h := sha256.New()
+	h.Write([]byte(k.application))
+	appDigest := h.Sum(nil)
+
+	h.Reset()
+	h.Write(data)
+	dataDigest := h.Sum(nil)
+
+	var edSig struct {
+		Signature []byte `ssh:"rest"`
+	}
+
+	if err := Unmarshal(sig.Blob, &edSig); err != nil {
+		return err
+	}
+
+	var skf skFields
+	if err := Unmarshal(sig.Rest, &skf); err != nil {
+		return err
+	}
+
+	blob := struct {
+		ApplicationDigest []byte `ssh:"rest"`
+		Flags             byte
+		Counter           uint32
+		MessageDigest     []byte `ssh:"rest"`
+	}{
+		appDigest,
+		skf.Flags,
+		skf.Counter,
+		dataDigest,
+	}
+
+	original := Marshal(blob)
+
+	if ok := ed25519.Verify(k.PublicKey, original, edSig.Signature); !ok {
+		return errors.New("ssh: signature did not verify")
+	}
+
+	return nil
+}
+
 // NewSignerFromKey takes an *rsa.PrivateKey, *dsa.PrivateKey,
-// *ecdsa.PrivateKey or any other crypto.Signer and returns a corresponding
-// Signer instance. ECDSA keys must use P-256, P-384 or P-521.
+// *ecdsa.PrivateKey or any other crypto.Signer and returns a
+// corresponding Signer instance. ECDSA keys must use P-256, P-384 or
+// P-521. DSA keys must use parameter size L1024N160.
 func NewSignerFromKey(key interface{}) (Signer, error) {
 	switch key := key.(type) {
 	case crypto.Signer:
 		return NewSignerFromSigner(key)
 	case *dsa.PrivateKey:
-		return &dsaPrivateKey{key}, nil
+		return newDSAPrivateKey(key)
 	default:
 		return nil, fmt.Errorf("ssh: unsupported key type %T", key)
 	}
 }
 
+func newDSAPrivateKey(key *dsa.PrivateKey) (Signer, error) {
+	if err := checkDSAParams(&key.PublicKey.Parameters); err != nil {
+		return nil, err
+	}
+
+	return &dsaPrivateKey{key}, nil
+}
+
 type wrappedSigner struct {
 	signer crypto.Signer
 	pubKey PublicKey
@@ -665,16 +961,42 @@ func (s *wrappedSigner) PublicKey() PublicKey {
 }
 
 func (s *wrappedSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {
+	return s.SignWithAlgorithm(rand, data, "")
+}
+
+func (s *wrappedSigner) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {
 	var hashFunc crypto.Hash
 
-	switch key := s.pubKey.(type) {
-	case *rsaPublicKey, *dsaPublicKey:
-		hashFunc = crypto.SHA1
-	case *ecdsaPublicKey:
-		hashFunc = ecHash(key.Curve)
-	case ed25519PublicKey:
-	default:
-		return nil, fmt.Errorf("ssh: unsupported key type %T", key)
+	if _, ok := s.pubKey.(*rsaPublicKey); ok {
+		// RSA keys support a few hash functions determined by the requested signature algorithm
+		switch algorithm {
+		case "", SigAlgoRSA:
+			algorithm = SigAlgoRSA
+			hashFunc = crypto.SHA1
+		case SigAlgoRSASHA2256:
+			hashFunc = crypto.SHA256
+		case SigAlgoRSASHA2512:
+			hashFunc = crypto.SHA512
+		default:
+			return nil, fmt.Errorf("ssh: unsupported signature algorithm %s", algorithm)
+		}
+	} else {
+		// The only supported algorithm for all other key types is the same as the type of the key
+		if algorithm == "" {
+			algorithm = s.pubKey.Type()
+		} else if algorithm != s.pubKey.Type() {
+			return nil, fmt.Errorf("ssh: unsupported signature algorithm %s", algorithm)
+		}
+
+		switch key := s.pubKey.(type) {
+		case *dsaPublicKey:
+			hashFunc = crypto.SHA1
+		case *ecdsaPublicKey:
+			hashFunc = ecHash(key.Curve)
+		case ed25519PublicKey:
+		default:
+			return nil, fmt.Errorf("ssh: unsupported key type %T", key)
+		}
 	}
 
 	var digest []byte
@@ -719,7 +1041,7 @@ func (s *wrappedSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {
 	}
 
 	return &Signature{
-		Format: s.pubKey.Type(),
+		Format: algorithm,
 		Blob:   signature,
 	}, nil
 }
@@ -733,20 +1055,24 @@ func NewPublicKey(key interface{}) (PublicKey, error) {
 		return (*rsaPublicKey)(key), nil
 	case *ecdsa.PublicKey:
 		if !supportedEllipticCurve(key.Curve) {
-			return nil, errors.New("ssh: only P-256, P-384 and P-521 EC keys are supported.")
+			return nil, errors.New("ssh: only P-256, P-384 and P-521 EC keys are supported")
 		}
 		return (*ecdsaPublicKey)(key), nil
 	case *dsa.PublicKey:
 		return (*dsaPublicKey)(key), nil
 	case ed25519.PublicKey:
-		return (ed25519PublicKey)(key), nil
+		if l := len(key); l != ed25519.PublicKeySize {
+			return nil, fmt.Errorf("ssh: invalid size %d for Ed25519 public key", l)
+		}
+		return ed25519PublicKey(key), nil
 	default:
 		return nil, fmt.Errorf("ssh: unsupported key type %T", key)
 	}
 }
 
 // ParsePrivateKey returns a Signer from a PEM encoded private key. It supports
-// the same keys as ParseRawPrivateKey.
+// the same keys as ParseRawPrivateKey. If the private key is encrypted, it
+// will return a PassphraseMissingError.
 func ParsePrivateKey(pemBytes []byte) (Signer, error) {
 	key, err := ParseRawPrivateKey(pemBytes)
 	if err != nil {
@@ -759,8 +1085,8 @@ func ParsePrivateKey(pemBytes []byte) (Signer, error) {
 // ParsePrivateKeyWithPassphrase returns a Signer from a PEM encoded private
 // key and passphrase. It supports the same keys as
 // ParseRawPrivateKeyWithPassphrase.
-func ParsePrivateKeyWithPassphrase(pemBytes, passPhrase []byte) (Signer, error) {
-	key, err := ParseRawPrivateKeyWithPassphrase(pemBytes, passPhrase)
+func ParsePrivateKeyWithPassphrase(pemBytes, passphrase []byte) (Signer, error) {
+	key, err := ParseRawPrivateKeyWithPassphrase(pemBytes, passphrase)
 	if err != nil {
 		return nil, err
 	}
@@ -776,8 +1102,21 @@ func encryptedBlock(block *pem.Block) bool {
 	return strings.Contains(block.Headers["Proc-Type"], "ENCRYPTED")
 }
 
+// A PassphraseMissingError indicates that parsing this private key requires a
+// passphrase. Use ParsePrivateKeyWithPassphrase.
+type PassphraseMissingError struct {
+	// PublicKey will be set if the private key format includes an unencrypted
+	// public key along with the encrypted private key.
+	PublicKey PublicKey
+}
+
+func (*PassphraseMissingError) Error() string {
+	return "ssh: this private key is passphrase protected"
+}
+
 // ParseRawPrivateKey returns a private key from a PEM encoded private key. It
-// supports RSA (PKCS#1), DSA (OpenSSL), and ECDSA private keys.
+// supports RSA (PKCS#1), PKCS#8, DSA (OpenSSL), and ECDSA private keys. If the
+// private key is encrypted, it will return a PassphraseMissingError.
 func ParseRawPrivateKey(pemBytes []byte) (interface{}, error) {
 	block, _ := pem.Decode(pemBytes)
 	if block == nil {
@@ -785,44 +1124,49 @@ func ParseRawPrivateKey(pemBytes []byte) (interface{}, error) {
 	}
 
 	if encryptedBlock(block) {
-		return nil, errors.New("ssh: cannot decode encrypted private keys")
+		return nil, &PassphraseMissingError{}
 	}
 
 	switch block.Type {
 	case "RSA PRIVATE KEY":
 		return x509.ParsePKCS1PrivateKey(block.Bytes)
+	// RFC5208 - https://tools.ietf.org/html/rfc5208
+	case "PRIVATE KEY":
+		return x509.ParsePKCS8PrivateKey(block.Bytes)
 	case "EC PRIVATE KEY":
 		return x509.ParseECPrivateKey(block.Bytes)
 	case "DSA PRIVATE KEY":
 		return ParseDSAPrivateKey(block.Bytes)
 	case "OPENSSH PRIVATE KEY":
-		return parseOpenSSHPrivateKey(block.Bytes)
+		return parseOpenSSHPrivateKey(block.Bytes, unencryptedOpenSSHKey)
 	default:
 		return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)
 	}
 }
 
 // ParseRawPrivateKeyWithPassphrase returns a private key decrypted with
-// passphrase from a PEM encoded private key. If wrong passphrase, return
-// x509.IncorrectPasswordError.
-func ParseRawPrivateKeyWithPassphrase(pemBytes, passPhrase []byte) (interface{}, error) {
+// passphrase from a PEM encoded private key. If the passphrase is wrong, it
+// will return x509.IncorrectPasswordError.
+func ParseRawPrivateKeyWithPassphrase(pemBytes, passphrase []byte) (interface{}, error) {
 	block, _ := pem.Decode(pemBytes)
 	if block == nil {
 		return nil, errors.New("ssh: no key found")
 	}
-	buf := block.Bytes
 
-	if encryptedBlock(block) {
-		if x509.IsEncryptedPEMBlock(block) {
-			var err error
-			buf, err = x509.DecryptPEMBlock(block, passPhrase)
-			if err != nil {
-				if err == x509.IncorrectPasswordError {
-					return nil, err
-				}
-				return nil, fmt.Errorf("ssh: cannot decode encrypted private keys: %v", err)
-			}
+	if block.Type == "OPENSSH PRIVATE KEY" {
+		return parseOpenSSHPrivateKey(block.Bytes, passphraseProtectedOpenSSHKey(passphrase))
+	}
+
+	if !encryptedBlock(block) || !x509.IsEncryptedPEMBlock(block) {
+		return nil, errors.New("ssh: not an encrypted key")
+	}
+
+	buf, err := x509.DecryptPEMBlock(block, passphrase)
+	if err != nil {
+		if err == x509.IncorrectPasswordError {
+			return nil, err
 		}
+		return nil, fmt.Errorf("ssh: cannot decode encrypted private keys: %v", err)
 	}
 
 	switch block.Type {
@@ -832,8 +1176,6 @@ func ParseRawPrivateKeyWithPassphrase(pemBytes, passPhrase []byte) (interface{},
 		return x509.ParseECPrivateKey(buf)
 	case "DSA PRIVATE KEY":
 		return ParseDSAPrivateKey(buf)
-	case "OPENSSH PRIVATE KEY":
-		return parseOpenSSHPrivateKey(buf)
 	default:
 		return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)
 	}
@@ -871,11 +1213,70 @@ func ParseDSAPrivateKey(der []byte) (*dsa.PrivateKey, error) {
 	}, nil
 }
 
-// Implemented based on the documentation at
-// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
-func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
-	magic := append([]byte("openssh-key-v1"), 0)
-	if !bytes.Equal(magic, key[0:len(magic)]) {
+func unencryptedOpenSSHKey(cipherName, kdfName, kdfOpts string, privKeyBlock []byte) ([]byte, error) {
+	if kdfName != "none" || cipherName != "none" {
+		return nil, &PassphraseMissingError{}
+	}
+	if kdfOpts != "" {
+		return nil, errors.New("ssh: invalid openssh private key")
+	}
+	return privKeyBlock, nil
+}
+
+func passphraseProtectedOpenSSHKey(passphrase []byte) openSSHDecryptFunc {
+	return func(cipherName, kdfName, kdfOpts string, privKeyBlock []byte) ([]byte, error) {
+		if kdfName == "none" || cipherName == "none" {
+			return nil, errors.New("ssh: key is not password protected")
+		}
+		if kdfName != "bcrypt" {
+			return nil, fmt.Errorf("ssh: unknown KDF %q, only supports %q", kdfName, "bcrypt")
+		}
+
+		var opts struct {
+			Salt   string
+			Rounds uint32
+		}
+		if err := Unmarshal([]byte(kdfOpts), &opts); err != nil {
+			return nil, err
+		}
+
+		k, err := bcrypt_pbkdf.Key(passphrase, []byte(opts.Salt), int(opts.Rounds), 32+16)
+		if err != nil {
+			return nil, err
+		}
+		key, iv := k[:32], k[32:]
+
+		c, err := aes.NewCipher(key)
+		if err != nil {
+			return nil, err
+		}
+		switch cipherName {
+		case "aes256-ctr":
+			ctr := cipher.NewCTR(c, iv)
+			ctr.XORKeyStream(privKeyBlock, privKeyBlock)
+		case "aes256-cbc":
+			if len(privKeyBlock)%c.BlockSize() != 0 {
+				return nil, fmt.Errorf("ssh: invalid encrypted private key length, not a multiple of the block size")
+			}
+			cbc := cipher.NewCBCDecrypter(c, iv)
+			cbc.CryptBlocks(privKeyBlock, privKeyBlock)
+		default:
+			return nil, fmt.Errorf("ssh: unknown cipher %q, only supports %q or %q", cipherName, "aes256-ctr", "aes256-cbc")
+		}
+
+		return privKeyBlock, nil
+	}
+}
+
+type openSSHDecryptFunc func(CipherName, KdfName, KdfOpts string, PrivKeyBlock []byte) ([]byte, error)
+
+// parseOpenSSHPrivateKey parses an OpenSSH private key, using the decrypt
+// function to unwrap the encrypted portion. unencryptedOpenSSHKey can be used
+// as the decrypt function to parse an unencrypted private key. See
+// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key.
+func parseOpenSSHPrivateKey(key []byte, decrypt openSSHDecryptFunc) (crypto.PrivateKey, error) {
+	const magic = "openssh-key-v1\x00"
+	if len(key) < len(magic) || string(key[:len(magic)]) != magic {
 		return nil, errors.New("ssh: invalid openssh private key format")
 	}
 	remaining := key[len(magic):]
@@ -892,9 +1293,22 @@ func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
 	if err := Unmarshal(remaining, &w); err != nil {
 		return nil, err
 	}
+	if w.NumKeys != 1 {
+		// We only support single key files, and so does OpenSSH.
+		// https://github.com/openssh/openssh-portable/blob/4103a3ec7/sshkey.c#L4171
+		return nil, errors.New("ssh: multi-key files are not supported")
+	}
 
-	if w.KdfName != "none" || w.CipherName != "none" {
-		return nil, errors.New("ssh: cannot decode encrypted private keys")
+	privKeyBlock, err := decrypt(w.CipherName, w.KdfName, w.KdfOpts, w.PrivKeyBlock)
+	if err != nil {
+		if err, ok := err.(*PassphraseMissingError); ok {
+			pub, errPub := ParsePublicKey(w.PubKey)
+			if errPub != nil {
+				return nil, fmt.Errorf("ssh: failed to parse embedded public key: %v", errPub)
+			}
+			err.PublicKey = pub
+		}
+		return nil, err
 	}
 
 	pk1 := struct {
@@ -904,15 +1318,13 @@ func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
 		Rest    []byte `ssh:"rest"`
 	}{}
 
-	if err := Unmarshal(w.PrivKeyBlock, &pk1); err != nil {
-		return nil, err
-	}
-
-	if pk1.Check1 != pk1.Check2 {
-		return nil, errors.New("ssh: checkint mismatch")
+	if err := Unmarshal(privKeyBlock, &pk1); err != nil || pk1.Check1 != pk1.Check2 {
+		if w.CipherName != "none" {
+			return nil, x509.IncorrectPasswordError
+		}
+		return nil, errors.New("ssh: malformed OpenSSH key")
 	}
 
-	// we only handle ed25519 and rsa keys currently
 	switch pk1.Keytype {
 	case KeyAlgoRSA:
 		// https://github.com/openssh/openssh-portable/blob/master/sshkey.c#L2760-L2773
@@ -931,10 +1343,8 @@ func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
 			return nil, err
 		}
 
-		for i, b := range key.Pad {
-			if int(b) != i+1 {
-				return nil, errors.New("ssh: padding not as expected")
-			}
+		if err := checkOpenSSHKeyPadding(key.Pad); err != nil {
+			return nil, err
 		}
 
 		pk := &rsa.PrivateKey{
@@ -969,20 +1379,78 @@ func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
 			return nil, errors.New("ssh: private key unexpected length")
 		}
 
-		for i, b := range key.Pad {
-			if int(b) != i+1 {
-				return nil, errors.New("ssh: padding not as expected")
-			}
+		if err := checkOpenSSHKeyPadding(key.Pad); err != nil {
+			return nil, err
 		}
 
 		pk := ed25519.PrivateKey(make([]byte, ed25519.PrivateKeySize))
 		copy(pk, key.Priv)
 		return &pk, nil
+	case KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521:
+		key := struct {
+			Curve   string
+			Pub     []byte
+			D       *big.Int
+			Comment string
+			Pad     []byte `ssh:"rest"`
+		}{}
+
+		if err := Unmarshal(pk1.Rest, &key); err != nil {
+			return nil, err
+		}
+
+		if err := checkOpenSSHKeyPadding(key.Pad); err != nil {
+			return nil, err
+		}
+
+		var curve elliptic.Curve
+		switch key.Curve {
+		case "nistp256":
+			curve = elliptic.P256()
+		case "nistp384":
+			curve = elliptic.P384()
+		case "nistp521":
+			curve = elliptic.P521()
+		default:
+			return nil, errors.New("ssh: unhandled elliptic curve: " + key.Curve)
+		}
+
+		X, Y := elliptic.Unmarshal(curve, key.Pub)
+		if X == nil || Y == nil {
+			return nil, errors.New("ssh: failed to unmarshal public key")
+		}
+
+		if key.D.Cmp(curve.Params().N) >= 0 {
+			return nil, errors.New("ssh: scalar is out of range")
+		}
+
+		x, y := curve.ScalarBaseMult(key.D.Bytes())
+		if x.Cmp(X) != 0 || y.Cmp(Y) != 0 {
+			return nil, errors.New("ssh: public key does not match private key")
+		}
+
+		return &ecdsa.PrivateKey{
+			PublicKey: ecdsa.PublicKey{
+				Curve: curve,
+				X:     X,
+				Y:     Y,
+			},
+			D: key.D,
+		}, nil
 	default:
 		return nil, errors.New("ssh: unhandled key type")
 	}
 }
 
+func checkOpenSSHKeyPadding(pad []byte) error {
+	for i, b := range pad {
+		if int(b) != i+1 {
+			return errors.New("ssh: padding not as expected")
+		}
+	}
+	return nil
+}
+
 // FingerprintLegacyMD5 returns the user presentation of the key's
 // fingerprint as described by RFC 4716 section 4.
 func FingerprintLegacyMD5(pubKey PublicKey) string {
diff --git a/ssh/keys_test.go b/ssh/keys_test.go
index 20ab954e2..d64ef732c 100644
--- a/ssh/keys_test.go
+++ b/ssh/keys_test.go
@@ -13,7 +13,10 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"encoding/base64"
+	"encoding/hex"
+	"encoding/pem"
 	"fmt"
+	"io"
 	"reflect"
 	"strings"
 	"testing"
@@ -107,6 +110,49 @@ func TestKeySignVerify(t *testing.T) {
 	}
 }
 
+func TestKeySignWithAlgorithmVerify(t *testing.T) {
+	for _, priv := range testSigners {
+		if algorithmSigner, ok := priv.(AlgorithmSigner); !ok {
+			t.Errorf("Signers constructed by ssh package should always implement the AlgorithmSigner interface: %T", priv)
+		} else {
+			pub := priv.PublicKey()
+			data := []byte("sign me")
+
+			signWithAlgTestCase := func(algorithm string, expectedAlg string) {
+				sig, err := algorithmSigner.SignWithAlgorithm(rand.Reader, data, algorithm)
+				if err != nil {
+					t.Fatalf("Sign(%T): %v", priv, err)
+				}
+				if sig.Format != expectedAlg {
+					t.Errorf("signature format did not match requested signature algorithm: %s != %s", sig.Format, expectedAlg)
+				}
+
+				if err := pub.Verify(data, sig); err != nil {
+					t.Errorf("publicKey.Verify(%T): %v", priv, err)
+				}
+				sig.Blob[5]++
+				if err := pub.Verify(data, sig); err == nil {
+					t.Errorf("publicKey.Verify on broken sig did not fail")
+				}
+			}
+
+			// Using the empty string as the algorithm name should result in the same signature format as the algorithm-free Sign method.
+			defaultSig, err := priv.Sign(rand.Reader, data)
+			if err != nil {
+				t.Fatalf("Sign(%T): %v", priv, err)
+			}
+			signWithAlgTestCase("", defaultSig.Format)
+
+			// RSA keys are the only ones which currently support more than one signing algorithm
+			if pub.Type() == KeyAlgoRSA {
+				for _, algorithm := range []string{SigAlgoRSA, SigAlgoRSASHA2256, SigAlgoRSASHA2512} {
+					signWithAlgTestCase(algorithm, algorithm)
+				}
+			}
+		}
+	}
+}
+
 func TestParseRSAPrivateKey(t *testing.T) {
 	key := testPrivateKeys["rsa"]
 
@@ -133,44 +179,45 @@ func TestParseECPrivateKey(t *testing.T) {
 	}
 }
 
-// See Issue https://github.com/golang/go/issues/6650.
-func TestParseEncryptedPrivateKeysFails(t *testing.T) {
-	const wantSubstring = "encrypted"
-	for i, tt := range testdata.PEMEncryptedKeys {
-		_, err := ParsePrivateKey(tt.PEMBytes)
-		if err == nil {
-			t.Errorf("#%d key %s: ParsePrivateKey successfully parsed, expected an error", i, tt.Name)
-			continue
-		}
-
-		if !strings.Contains(err.Error(), wantSubstring) {
-			t.Errorf("#%d key %s: got error %q, want substring %q", i, tt.Name, err, wantSubstring)
-		}
-	}
-}
-
-// Parse encrypted private keys with passphrase
 func TestParseEncryptedPrivateKeysWithPassphrase(t *testing.T) {
 	data := []byte("sign me")
 	for _, tt := range testdata.PEMEncryptedKeys {
-		s, err := ParsePrivateKeyWithPassphrase(tt.PEMBytes, []byte(tt.EncryptionKey))
-		if err != nil {
-			t.Fatalf("ParsePrivateKeyWithPassphrase returned error: %s", err)
-			continue
-		}
-		sig, err := s.Sign(rand.Reader, data)
-		if err != nil {
-			t.Fatalf("dsa.Sign: %v", err)
-		}
-		if err := s.PublicKey().Verify(data, sig); err != nil {
-			t.Errorf("Verify failed: %v", err)
-		}
-	}
+		t.Run(tt.Name, func(t *testing.T) {
+			_, err := ParsePrivateKeyWithPassphrase(tt.PEMBytes, []byte("incorrect"))
+			if err != x509.IncorrectPasswordError {
+				t.Errorf("got %v want IncorrectPasswordError", err)
+			}
+
+			s, err := ParsePrivateKeyWithPassphrase(tt.PEMBytes, []byte(tt.EncryptionKey))
+			if err != nil {
+				t.Fatalf("ParsePrivateKeyWithPassphrase returned error: %s", err)
+			}
+
+			sig, err := s.Sign(rand.Reader, data)
+			if err != nil {
+				t.Fatalf("Signer.Sign: %v", err)
+			}
+			if err := s.PublicKey().Verify(data, sig); err != nil {
+				t.Errorf("Verify failed: %v", err)
+			}
 
-	tt := testdata.PEMEncryptedKeys[0]
-	_, err := ParsePrivateKeyWithPassphrase(tt.PEMBytes, []byte("incorrect"))
-	if err != x509.IncorrectPasswordError {
-		t.Fatalf("got %v want IncorrectPasswordError", err)
+			_, err = ParsePrivateKey(tt.PEMBytes)
+			if err == nil {
+				t.Fatalf("ParsePrivateKey succeeded, expected an error")
+			}
+
+			if err, ok := err.(*PassphraseMissingError); !ok {
+				t.Errorf("got error %q, want PassphraseMissingError", err)
+			} else if tt.IncludesPublicKey {
+				if err.PublicKey == nil {
+					t.Fatalf("expected PassphraseMissingError.PublicKey not to be nil")
+				}
+				got, want := err.PublicKey.Marshal(), s.PublicKey().Marshal()
+				if !bytes.Equal(got, want) {
+					t.Errorf("error field %q doesn't match signer public key %q", got, want)
+				}
+			}
+		})
 	}
 }
 
@@ -234,7 +281,7 @@ func TestMarshalParsePublicKey(t *testing.T) {
 	}
 }
 
-type authResult struct {
+type testAuthResult struct {
 	pubKey   PublicKey
 	options  []string
 	comments string
@@ -242,11 +289,11 @@ type authResult struct {
 	ok       bool
 }
 
-func testAuthorizedKeys(t *testing.T, authKeys []byte, expected []authResult) {
+func testAuthorizedKeys(t *testing.T, authKeys []byte, expected []testAuthResult) {
 	rest := authKeys
-	var values []authResult
+	var values []testAuthResult
 	for len(rest) > 0 {
-		var r authResult
+		var r testAuthResult
 		var err error
 		r.pubKey, r.comments, r.options, rest, err = ParseAuthorizedKey(rest)
 		r.ok = (err == nil)
@@ -264,7 +311,7 @@ func TestAuthorizedKeyBasic(t *testing.T) {
 	pub, pubSerialized := getTestKey()
 	line := "ssh-rsa " + pubSerialized + " user@host"
 	testAuthorizedKeys(t, []byte(line),
-		[]authResult{
+		[]testAuthResult{
 			{pub, nil, "user@host", "", true},
 		})
 }
@@ -286,7 +333,7 @@ func TestAuth(t *testing.T) {
 		authOptions := strings.Join(authWithOptions, eol)
 		rest2 := strings.Join(authWithOptions[3:], eol)
 		rest3 := strings.Join(authWithOptions[6:], eol)
-		testAuthorizedKeys(t, []byte(authOptions), []authResult{
+		testAuthorizedKeys(t, []byte(authOptions), []testAuthResult{
 			{pub, []string{`env="HOME=/home/root"`, "no-port-forwarding"}, "user@host", rest2, true},
 			{pub, []string{`env="HOME=/home/root2"`}, "user2@host2", rest3, true},
 			{nil, nil, "", "", false},
@@ -297,7 +344,7 @@ func TestAuth(t *testing.T) {
 func TestAuthWithQuotedSpaceInEnv(t *testing.T) {
 	pub, pubSerialized := getTestKey()
 	authWithQuotedSpaceInEnv := []byte(`env="HOME=/home/root dir",no-port-forwarding ssh-rsa ` + pubSerialized + ` user@host`)
-	testAuthorizedKeys(t, []byte(authWithQuotedSpaceInEnv), []authResult{
+	testAuthorizedKeys(t, []byte(authWithQuotedSpaceInEnv), []testAuthResult{
 		{pub, []string{`env="HOME=/home/root dir"`, "no-port-forwarding"}, "user@host", "", true},
 	})
 }
@@ -305,7 +352,7 @@ func TestAuthWithQuotedSpaceInEnv(t *testing.T) {
 func TestAuthWithQuotedCommaInEnv(t *testing.T) {
 	pub, pubSerialized := getTestKey()
 	authWithQuotedCommaInEnv := []byte(`env="HOME=/home/root,dir",no-port-forwarding ssh-rsa ` + pubSerialized + `   user@host`)
-	testAuthorizedKeys(t, []byte(authWithQuotedCommaInEnv), []authResult{
+	testAuthorizedKeys(t, []byte(authWithQuotedCommaInEnv), []testAuthResult{
 		{pub, []string{`env="HOME=/home/root,dir"`, "no-port-forwarding"}, "user@host", "", true},
 	})
 }
@@ -314,11 +361,11 @@ func TestAuthWithQuotedQuoteInEnv(t *testing.T) {
 	pub, pubSerialized := getTestKey()
 	authWithQuotedQuoteInEnv := []byte(`env="HOME=/home/\"root dir",no-port-forwarding` + "\t" + `ssh-rsa` + "\t" + pubSerialized + `   user@host`)
 	authWithDoubleQuotedQuote := []byte(`no-port-forwarding,env="HOME=/home/ \"root dir\"" ssh-rsa ` + pubSerialized + "\t" + `user@host`)
-	testAuthorizedKeys(t, []byte(authWithQuotedQuoteInEnv), []authResult{
+	testAuthorizedKeys(t, []byte(authWithQuotedQuoteInEnv), []testAuthResult{
 		{pub, []string{`env="HOME=/home/\"root dir"`, "no-port-forwarding"}, "user@host", "", true},
 	})
 
-	testAuthorizedKeys(t, []byte(authWithDoubleQuotedQuote), []authResult{
+	testAuthorizedKeys(t, []byte(authWithDoubleQuotedQuote), []testAuthResult{
 		{pub, []string{"no-port-forwarding", `env="HOME=/home/ \"root dir\""`}, "user@host", "", true},
 	})
 }
@@ -327,7 +374,7 @@ func TestAuthWithInvalidSpace(t *testing.T) {
 	_, pubSerialized := getTestKey()
 	authWithInvalidSpace := []byte(`env="HOME=/home/root dir", no-port-forwarding ssh-rsa ` + pubSerialized + ` user@host
 #more to follow but still no valid keys`)
-	testAuthorizedKeys(t, []byte(authWithInvalidSpace), []authResult{
+	testAuthorizedKeys(t, []byte(authWithInvalidSpace), []testAuthResult{
 		{nil, nil, "", "", false},
 	})
 }
@@ -337,7 +384,7 @@ func TestAuthWithMissingQuote(t *testing.T) {
 	authWithMissingQuote := []byte(`env="HOME=/home/root,no-port-forwarding ssh-rsa ` + pubSerialized + ` user@host
 env="HOME=/home/root",shared-control ssh-rsa ` + pubSerialized + ` user@host`)
 
-	testAuthorizedKeys(t, []byte(authWithMissingQuote), []authResult{
+	testAuthorizedKeys(t, []byte(authWithMissingQuote), []testAuthResult{
 		{pub, []string{`env="HOME=/home/root"`, `shared-control`}, "user@host", "", true},
 	})
 }
@@ -498,3 +545,74 @@ func TestFingerprintSHA256(t *testing.T) {
 		t.Errorf("got fingerprint %q want %q", fingerprint, want)
 	}
 }
+
+func TestInvalidKeys(t *testing.T) {
+	keyTypes := []string{
+		"RSA PRIVATE KEY",
+		"PRIVATE KEY",
+		"EC PRIVATE KEY",
+		"DSA PRIVATE KEY",
+		"OPENSSH PRIVATE KEY",
+	}
+
+	for _, keyType := range keyTypes {
+		for _, dataLen := range []int{0, 1, 2, 5, 10, 20} {
+			data := make([]byte, dataLen)
+			if _, err := io.ReadFull(rand.Reader, data); err != nil {
+				t.Fatal(err)
+			}
+
+			var buf bytes.Buffer
+			pem.Encode(&buf, &pem.Block{
+				Type:  keyType,
+				Bytes: data,
+			})
+
+			// This test is just to ensure that the function
+			// doesn't panic so the return value is ignored.
+			ParseRawPrivateKey(buf.Bytes())
+		}
+	}
+}
+
+func TestSKKeys(t *testing.T) {
+	for _, d := range testdata.SKData {
+		pk, _, _, _, err := ParseAuthorizedKey(d.PubKey)
+		if err != nil {
+			t.Fatalf("parseAuthorizedKey returned error: %v", err)
+		}
+
+		sigBuf := make([]byte, hex.DecodedLen(len(d.HexSignature)))
+		if _, err := hex.Decode(sigBuf, d.HexSignature); err != nil {
+			t.Fatalf("hex.Decode() failed: %v", err)
+		}
+
+		dataBuf := make([]byte, hex.DecodedLen(len(d.HexData)))
+		if _, err := hex.Decode(dataBuf, d.HexData); err != nil {
+			t.Fatalf("hex.Decode() failed: %v", err)
+		}
+
+		sig, _, ok := parseSignature(sigBuf)
+		if !ok {
+			t.Fatalf("parseSignature(%v) failed", sigBuf)
+		}
+
+		// Test that good data and signature pass verification
+		if err := pk.Verify(dataBuf, sig); err != nil {
+			t.Errorf("%s: PublicKey.Verify(%v, %v) failed: %v", d.Name, dataBuf, sig, err)
+		}
+
+		// Invalid data being passed in
+		invalidData := []byte("INVALID DATA")
+		if err := pk.Verify(invalidData, sig); err == nil {
+			t.Errorf("%s with invalid data: PublicKey.Verify(%v, %v) passed unexpectedly", d.Name, invalidData, sig)
+		}
+
+		// Change byte in blob to corrup signature
+		sig.Blob[5] = byte('A')
+		// Corrupted data being passed in
+		if err := pk.Verify(dataBuf, sig); err == nil {
+			t.Errorf("%s with corrupted signature: PublicKey.Verify(%v, %v) passed unexpectedly", d.Name, dataBuf, sig)
+		}
+	}
+}
diff --git a/ssh/knownhosts/knownhosts.go b/ssh/knownhosts/knownhosts.go
index ea92b2983..260cfe58c 100644
--- a/ssh/knownhosts/knownhosts.go
+++ b/ssh/knownhosts/knownhosts.go
@@ -2,8 +2,9 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package knownhosts implements a parser for the OpenSSH
-// known_hosts host key database.
+// Package knownhosts implements a parser for the OpenSSH known_hosts
+// host key database, and provides utility functions for writing
+// OpenSSH compliant known_hosts files.
 package knownhosts
 
 import (
@@ -38,7 +39,7 @@ func (a *addr) String() string {
 }
 
 type matcher interface {
-	match([]addr) bool
+	match(addr) bool
 }
 
 type hostPattern struct {
@@ -57,19 +58,16 @@ func (p *hostPattern) String() string {
 
 type hostPatterns []hostPattern
 
-func (ps hostPatterns) match(addrs []addr) bool {
+func (ps hostPatterns) match(a addr) bool {
 	matched := false
 	for _, p := range ps {
-		for _, a := range addrs {
-			m := p.match(a)
-			if !m {
-				continue
-			}
-			if p.negate {
-				return false
-			}
-			matched = true
+		if !p.match(a) {
+			continue
 		}
+		if p.negate {
+			return false
+		}
+		matched = true
 	}
 	return matched
 }
@@ -108,8 +106,8 @@ func wildcardMatch(pat []byte, str []byte) bool {
 	}
 }
 
-func (l *hostPattern) match(a addr) bool {
-	return wildcardMatch([]byte(l.addr.host), []byte(a.host)) && l.addr.port == a.port
+func (p *hostPattern) match(a addr) bool {
+	return wildcardMatch([]byte(p.addr.host), []byte(a.host)) && p.addr.port == a.port
 }
 
 type keyDBLine struct {
@@ -122,8 +120,8 @@ func serialize(k ssh.PublicKey) string {
 	return k.Type() + " " + base64.StdEncoding.EncodeToString(k.Marshal())
 }
 
-func (l *keyDBLine) match(addrs []addr) bool {
-	return l.matcher.match(addrs)
+func (l *keyDBLine) match(a addr) bool {
+	return l.matcher.match(a)
 }
 
 type hostKeyDB struct {
@@ -153,7 +151,7 @@ func (db *hostKeyDB) IsHostAuthority(remote ssh.PublicKey, address string) bool
 	a := addr{host: h, port: p}
 
 	for _, l := range db.lines {
-		if l.cert && keyEq(l.knownKey.Key, remote) && l.match([]addr{a}) {
+		if l.cert && keyEq(l.knownKey.Key, remote) && l.match(a) {
 			return true
 		}
 	}
@@ -338,26 +336,24 @@ func (db *hostKeyDB) check(address string, remote net.Addr, remoteKey ssh.Public
 		return fmt.Errorf("knownhosts: SplitHostPort(%s): %v", remote, err)
 	}
 
-	addrs := []addr{
-		{host, port},
-	}
-
+	hostToCheck := addr{host, port}
 	if address != "" {
+		// Give preference to the hostname if available.
 		host, port, err := net.SplitHostPort(address)
 		if err != nil {
 			return fmt.Errorf("knownhosts: SplitHostPort(%s): %v", address, err)
 		}
 
-		addrs = append(addrs, addr{host, port})
+		hostToCheck = addr{host, port}
 	}
 
-	return db.checkAddrs(addrs, remoteKey)
+	return db.checkAddr(hostToCheck, remoteKey)
 }
 
-// checkAddrs checks if we can find the given public key for any of
-// the given addresses.  If we only find an entry for the IP address,
+// checkAddr checks if we can find the given public key for the
+// given address.  If we only find an entry for the IP address,
 // or only the hostname, then this still succeeds.
-func (db *hostKeyDB) checkAddrs(addrs []addr, remoteKey ssh.PublicKey) error {
+func (db *hostKeyDB) checkAddr(a addr, remoteKey ssh.PublicKey) error {
 	// TODO(hanwen): are these the right semantics? What if there
 	// is just a key for the IP address, but not for the
 	// hostname?
@@ -365,7 +361,7 @@ func (db *hostKeyDB) checkAddrs(addrs []addr, remoteKey ssh.PublicKey) error {
 	// Algorithm => key.
 	knownKeys := map[string]KnownKey{}
 	for _, l := range db.lines {
-		if l.match(addrs) {
+		if l.match(a) {
 			typ := l.knownKey.Key.Type()
 			if _, ok := knownKeys[typ]; !ok {
 				knownKeys[typ] = l.knownKey
@@ -414,7 +410,10 @@ func (db *hostKeyDB) Read(r io.Reader, filename string) error {
 
 // New creates a host key callback from the given OpenSSH host key
 // files. The returned callback is for use in
-// ssh.ClientConfig.HostKeyCallback. Hashed hostnames are not supported.
+// ssh.ClientConfig.HostKeyCallback. By preference, the key check
+// operates on the hostname if available, i.e. if a server changes its
+// IP address, the host key check will still succeed, even though a
+// record of the new IP address is not available.
 func New(files ...string) (ssh.HostKeyCallback, error) {
 	db := newHostKeyDB()
 	for _, fn := range files {
@@ -536,11 +535,6 @@ func newHashedHost(encoded string) (*hashedHost, error) {
 	return &hashedHost{salt: salt, hash: hash}, nil
 }
 
-func (h *hashedHost) match(addrs []addr) bool {
-	for _, a := range addrs {
-		if bytes.Equal(hashHost(Normalize(a.String()), h.salt), h.hash) {
-			return true
-		}
-	}
-	return false
+func (h *hashedHost) match(a addr) bool {
+	return bytes.Equal(hashHost(Normalize(a.String()), h.salt), h.hash)
 }
diff --git a/ssh/knownhosts/knownhosts_test.go b/ssh/knownhosts/knownhosts_test.go
index be7cc0e80..464dd5924 100644
--- a/ssh/knownhosts/knownhosts_test.go
+++ b/ssh/knownhosts/knownhosts_test.go
@@ -166,7 +166,7 @@ func TestBasic(t *testing.T) {
 	str := fmt.Sprintf("#comment\n\nserver.org,%s %s\notherhost %s", testAddr, edKeyStr, ecKeyStr)
 	db := testDB(t, str)
 	if err := db.check("server.org:22", testAddr, edKey); err != nil {
-		t.Errorf("got error %q, want none", err)
+		t.Errorf("got error %v, want none", err)
 	}
 
 	want := KnownKey{
@@ -185,6 +185,33 @@ func TestBasic(t *testing.T) {
 	}
 }
 
+func TestHostNamePrecedence(t *testing.T) {
+	var evilAddr = &net.TCPAddr{
+		IP:   net.IP{66, 66, 66, 66},
+		Port: 22,
+	}
+
+	str := fmt.Sprintf("server.org,%s %s\nevil.org,%s %s", testAddr, edKeyStr, evilAddr, ecKeyStr)
+	db := testDB(t, str)
+
+	if err := db.check("server.org:22", evilAddr, ecKey); err == nil {
+		t.Errorf("check succeeded")
+	} else if _, ok := err.(*KeyError); !ok {
+		t.Errorf("got %T, want *KeyError", err)
+	}
+}
+
+func TestDBOrderingPrecedenceKeyType(t *testing.T) {
+	str := fmt.Sprintf("server.org,%s %s\nserver.org,%s %s", testAddr, edKeyStr, testAddr, alternateEdKeyStr)
+	db := testDB(t, str)
+
+	if err := db.check("server.org:22", testAddr, alternateEdKey); err == nil {
+		t.Errorf("check succeeded")
+	} else if _, ok := err.(*KeyError); !ok {
+		t.Errorf("got %T, want *KeyError", err)
+	}
+}
+
 func TestNegate(t *testing.T) {
 	str := fmt.Sprintf("%s,!server.org %s", testAddr, edKeyStr)
 	db := testDB(t, str)
diff --git a/ssh/messages.go b/ssh/messages.go
index e6ecd3afa..ac41a4168 100644
--- a/ssh/messages.go
+++ b/ssh/messages.go
@@ -23,10 +23,6 @@ const (
 	msgUnimplemented = 3
 	msgDebug         = 4
 	msgNewKeys       = 21
-
-	// Standard authentication messages
-	msgUserAuthSuccess = 52
-	msgUserAuthBanner  = 53
 )
 
 // SSH messages:
@@ -101,6 +97,36 @@ type kexDHReplyMsg struct {
 	Signature []byte
 }
 
+// See RFC 4419, section 5.
+const msgKexDHGexGroup = 31
+
+type kexDHGexGroupMsg struct {
+	P *big.Int `sshtype:"31"`
+	G *big.Int
+}
+
+const msgKexDHGexInit = 32
+
+type kexDHGexInitMsg struct {
+	X *big.Int `sshtype:"32"`
+}
+
+const msgKexDHGexReply = 33
+
+type kexDHGexReplyMsg struct {
+	HostKey   []byte `sshtype:"33"`
+	Y         *big.Int
+	Signature []byte
+}
+
+const msgKexDHGexRequest = 34
+
+type kexDHGexRequestMsg struct {
+	MinBits      uint32 `sshtype:"34"`
+	PreferedBits uint32
+	MaxBits      uint32
+}
+
 // See RFC 4253, section 10.
 const msgServiceRequest = 5
 
@@ -137,6 +163,18 @@ type userAuthFailureMsg struct {
 	PartialSuccess bool
 }
 
+// See RFC 4252, section 5.1
+const msgUserAuthSuccess = 52
+
+// See RFC 4252, section 5.4
+const msgUserAuthBanner = 53
+
+type userAuthBannerMsg struct {
+	Message string `sshtype:"53"`
+	// unused, but required to allow message parsing
+	Language string
+}
+
 // See RFC 4256, section 3.2
 const msgUserAuthInfoRequest = 60
 const msgUserAuthInfoResponse = 61
@@ -154,7 +192,7 @@ const msgChannelOpen = 90
 
 type channelOpenMsg struct {
 	ChanType         string `sshtype:"90"`
-	PeersId          uint32
+	PeersID          uint32
 	PeersWindow      uint32
 	MaxPacketSize    uint32
 	TypeSpecificData []byte `ssh:"rest"`
@@ -165,7 +203,7 @@ const msgChannelData = 94
 
 // Used for debug print outs of packets.
 type channelDataMsg struct {
-	PeersId uint32 `sshtype:"94"`
+	PeersID uint32 `sshtype:"94"`
 	Length  uint32
 	Rest    []byte `ssh:"rest"`
 }
@@ -174,8 +212,8 @@ type channelDataMsg struct {
 const msgChannelOpenConfirm = 91
 
 type channelOpenConfirmMsg struct {
-	PeersId          uint32 `sshtype:"91"`
-	MyId             uint32
+	PeersID          uint32 `sshtype:"91"`
+	MyID             uint32
 	MyWindow         uint32
 	MaxPacketSize    uint32
 	TypeSpecificData []byte `ssh:"rest"`
@@ -185,7 +223,7 @@ type channelOpenConfirmMsg struct {
 const msgChannelOpenFailure = 92
 
 type channelOpenFailureMsg struct {
-	PeersId  uint32 `sshtype:"92"`
+	PeersID  uint32 `sshtype:"92"`
 	Reason   RejectionReason
 	Message  string
 	Language string
@@ -194,7 +232,7 @@ type channelOpenFailureMsg struct {
 const msgChannelRequest = 98
 
 type channelRequestMsg struct {
-	PeersId             uint32 `sshtype:"98"`
+	PeersID             uint32 `sshtype:"98"`
 	Request             string
 	WantReply           bool
 	RequestSpecificData []byte `ssh:"rest"`
@@ -204,28 +242,28 @@ type channelRequestMsg struct {
 const msgChannelSuccess = 99
 
 type channelRequestSuccessMsg struct {
-	PeersId uint32 `sshtype:"99"`
+	PeersID uint32 `sshtype:"99"`
 }
 
 // See RFC 4254, section 5.4.
 const msgChannelFailure = 100
 
 type channelRequestFailureMsg struct {
-	PeersId uint32 `sshtype:"100"`
+	PeersID uint32 `sshtype:"100"`
 }
 
 // See RFC 4254, section 5.3
 const msgChannelClose = 97
 
 type channelCloseMsg struct {
-	PeersId uint32 `sshtype:"97"`
+	PeersID uint32 `sshtype:"97"`
 }
 
 // See RFC 4254, section 5.3
 const msgChannelEOF = 96
 
 type channelEOFMsg struct {
-	PeersId uint32 `sshtype:"96"`
+	PeersID uint32 `sshtype:"96"`
 }
 
 // See RFC 4254, section 4
@@ -255,7 +293,7 @@ type globalRequestFailureMsg struct {
 const msgChannelWindowAdjust = 93
 
 type windowAdjustMsg struct {
-	PeersId         uint32 `sshtype:"93"`
+	PeersID         uint32 `sshtype:"93"`
 	AdditionalBytes uint32
 }
 
@@ -267,6 +305,42 @@ type userAuthPubKeyOkMsg struct {
 	PubKey []byte
 }
 
+// See RFC 4462, section 3
+const msgUserAuthGSSAPIResponse = 60
+
+type userAuthGSSAPIResponse struct {
+	SupportMech []byte `sshtype:"60"`
+}
+
+const msgUserAuthGSSAPIToken = 61
+
+type userAuthGSSAPIToken struct {
+	Token []byte `sshtype:"61"`
+}
+
+const msgUserAuthGSSAPIMIC = 66
+
+type userAuthGSSAPIMIC struct {
+	MIC []byte `sshtype:"66"`
+}
+
+// See RFC 4462, section 3.9
+const msgUserAuthGSSAPIErrTok = 64
+
+type userAuthGSSAPIErrTok struct {
+	ErrorToken []byte `sshtype:"64"`
+}
+
+// See RFC 4462, section 3.8
+const msgUserAuthGSSAPIError = 65
+
+type userAuthGSSAPIError struct {
+	MajorStatus uint32 `sshtype:"65"`
+	MinorStatus uint32
+	Message     string
+	LanguageTag string
+}
+
 // typeTags returns the possible type bytes for the given reflect.Type, which
 // should be a struct. The possible values are separated by a '|' character.
 func typeTags(structType reflect.Type) (tags []byte) {
@@ -748,6 +822,14 @@ func decode(packet []byte) (interface{}, error) {
 		msg = new(channelRequestSuccessMsg)
 	case msgChannelFailure:
 		msg = new(channelRequestFailureMsg)
+	case msgUserAuthGSSAPIToken:
+		msg = new(userAuthGSSAPIToken)
+	case msgUserAuthGSSAPIMIC:
+		msg = new(userAuthGSSAPIMIC)
+	case msgUserAuthGSSAPIErrTok:
+		msg = new(userAuthGSSAPIErrTok)
+	case msgUserAuthGSSAPIError:
+		msg = new(userAuthGSSAPIError)
 	default:
 		return nil, unexpectedMessageError(0, packet[0])
 	}
@@ -756,3 +838,29 @@ func decode(packet []byte) (interface{}, error) {
 	}
 	return msg, nil
 }
+
+var packetTypeNames = map[byte]string{
+	msgDisconnect:          "disconnectMsg",
+	msgServiceRequest:      "serviceRequestMsg",
+	msgServiceAccept:       "serviceAcceptMsg",
+	msgKexInit:             "kexInitMsg",
+	msgKexDHInit:           "kexDHInitMsg",
+	msgKexDHReply:          "kexDHReplyMsg",
+	msgUserAuthRequest:     "userAuthRequestMsg",
+	msgUserAuthSuccess:     "userAuthSuccessMsg",
+	msgUserAuthFailure:     "userAuthFailureMsg",
+	msgUserAuthPubKeyOk:    "userAuthPubKeyOkMsg",
+	msgGlobalRequest:       "globalRequestMsg",
+	msgRequestSuccess:      "globalRequestSuccessMsg",
+	msgRequestFailure:      "globalRequestFailureMsg",
+	msgChannelOpen:         "channelOpenMsg",
+	msgChannelData:         "channelDataMsg",
+	msgChannelOpenConfirm:  "channelOpenConfirmMsg",
+	msgChannelOpenFailure:  "channelOpenFailureMsg",
+	msgChannelWindowAdjust: "windowAdjustMsg",
+	msgChannelEOF:          "channelEOFMsg",
+	msgChannelClose:        "channelCloseMsg",
+	msgChannelRequest:      "channelRequestMsg",
+	msgChannelSuccess:      "channelRequestSuccessMsg",
+	msgChannelFailure:      "channelRequestFailureMsg",
+}
diff --git a/ssh/mux.go b/ssh/mux.go
index 27a527c10..9654c0186 100644
--- a/ssh/mux.go
+++ b/ssh/mux.go
@@ -240,7 +240,7 @@ func (m *mux) onePacket() error {
 	id := binary.BigEndian.Uint32(packet[1:])
 	ch := m.chanList.getChan(id)
 	if ch == nil {
-		return fmt.Errorf("ssh: invalid channel %d", id)
+		return m.handleUnknownChannelPacket(id, packet)
 	}
 
 	return ch.handlePacket(packet)
@@ -278,7 +278,7 @@ func (m *mux) handleChannelOpen(packet []byte) error {
 
 	if msg.MaxPacketSize < minPacketLength || msg.MaxPacketSize > 1<<31 {
 		failMsg := channelOpenFailureMsg{
-			PeersId:  msg.PeersId,
+			PeersID:  msg.PeersID,
 			Reason:   ConnectionFailed,
 			Message:  "invalid request",
 			Language: "en_US.UTF-8",
@@ -287,7 +287,7 @@ func (m *mux) handleChannelOpen(packet []byte) error {
 	}
 
 	c := m.newChannel(msg.ChanType, channelInbound, msg.TypeSpecificData)
-	c.remoteId = msg.PeersId
+	c.remoteId = msg.PeersID
 	c.maxRemotePayload = msg.MaxPacketSize
 	c.remoteWin.add(msg.PeersWindow)
 	m.incomingChannels <- c
@@ -313,7 +313,7 @@ func (m *mux) openChannel(chanType string, extra []byte) (*channel, error) {
 		PeersWindow:      ch.myWindow,
 		MaxPacketSize:    ch.maxIncomingPayload,
 		TypeSpecificData: extra,
-		PeersId:          ch.localId,
+		PeersID:          ch.localId,
 	}
 	if err := m.sendMessage(open); err != nil {
 		return nil, err
@@ -328,3 +328,24 @@ func (m *mux) openChannel(chanType string, extra []byte) (*channel, error) {
 		return nil, fmt.Errorf("ssh: unexpected packet in response to channel open: %T", msg)
 	}
 }
+
+func (m *mux) handleUnknownChannelPacket(id uint32, packet []byte) error {
+	msg, err := decode(packet)
+	if err != nil {
+		return err
+	}
+
+	switch msg := msg.(type) {
+	// RFC 4254 section 5.4 says unrecognized channel requests should
+	// receive a failure response.
+	case *channelRequestMsg:
+		if msg.WantReply {
+			return m.sendMessage(channelRequestFailureMsg{
+				PeersID: msg.PeersID,
+			})
+		}
+		return nil
+	default:
+		return fmt.Errorf("ssh: invalid channel %d", id)
+	}
+}
diff --git a/ssh/mux_test.go b/ssh/mux_test.go
index 25d2181d6..0b6b74ddd 100644
--- a/ssh/mux_test.go
+++ b/ssh/mux_test.go
@@ -9,6 +9,7 @@ import (
 	"io/ioutil"
 	"sync"
 	"testing"
+	"time"
 )
 
 func muxPair() (*mux, *mux) {
@@ -20,7 +21,7 @@ func muxPair() (*mux, *mux) {
 	return s, c
 }
 
-// Returns both ends of a channel, and the mux for the the 2nd
+// Returns both ends of a channel, and the mux for the 2nd
 // channel.
 func channelPair(t *testing.T) (*channel, *channel, *mux) {
 	c, s := muxPair()
@@ -108,10 +109,6 @@ func TestMuxReadWrite(t *testing.T) {
 		if err != nil {
 			t.Fatalf("Write: %v", err)
 		}
-		err = s.Close()
-		if err != nil {
-			t.Fatalf("Close: %v", err)
-		}
 	}()
 
 	var buf [1024]byte
@@ -292,6 +289,219 @@ func TestMuxChannelRequest(t *testing.T) {
 	}
 }
 
+func TestMuxUnknownChannelRequests(t *testing.T) {
+	clientPipe, serverPipe := memPipe()
+	client := newMux(clientPipe)
+	defer serverPipe.Close()
+	defer client.Close()
+
+	kDone := make(chan struct{})
+	go func() {
+		// Ignore unknown channel messages that don't want a reply.
+		err := serverPipe.writePacket(Marshal(channelRequestMsg{
+			PeersID:             1,
+			Request:             "keepalive@openssh.com",
+			WantReply:           false,
+			RequestSpecificData: []byte{},
+		}))
+		if err != nil {
+			t.Fatalf("send: %v", err)
+		}
+
+		// Send a keepalive, which should get a channel failure message
+		// in response.
+		err = serverPipe.writePacket(Marshal(channelRequestMsg{
+			PeersID:             2,
+			Request:             "keepalive@openssh.com",
+			WantReply:           true,
+			RequestSpecificData: []byte{},
+		}))
+		if err != nil {
+			t.Fatalf("send: %v", err)
+		}
+
+		packet, err := serverPipe.readPacket()
+		if err != nil {
+			t.Fatalf("read packet: %v", err)
+		}
+		decoded, err := decode(packet)
+		if err != nil {
+			t.Fatalf("decode failed: %v", err)
+		}
+
+		switch msg := decoded.(type) {
+		case *channelRequestFailureMsg:
+			if msg.PeersID != 2 {
+				t.Fatalf("received response to wrong message: %v", msg)
+			}
+		default:
+			t.Fatalf("unexpected channel message: %v", msg)
+		}
+
+		kDone <- struct{}{}
+
+		// Receive and respond to the keepalive to confirm the mux is
+		// still processing requests.
+		packet, err = serverPipe.readPacket()
+		if err != nil {
+			t.Fatalf("read packet: %v", err)
+		}
+		if packet[0] != msgGlobalRequest {
+			t.Fatalf("expected global request")
+		}
+
+		err = serverPipe.writePacket(Marshal(globalRequestFailureMsg{
+			Data: []byte{},
+		}))
+		if err != nil {
+			t.Fatalf("failed to send failure msg: %v", err)
+		}
+
+		close(kDone)
+	}()
+
+	// Wait for the server to send the keepalive message and receive back a
+	// response.
+	select {
+	case <-kDone:
+	case <-time.After(10 * time.Second):
+		t.Fatalf("server never received ack")
+	}
+
+	// Confirm client hasn't closed.
+	if _, _, err := client.SendRequest("keepalive@golang.org", true, nil); err != nil {
+		t.Fatalf("failed to send keepalive: %v", err)
+	}
+
+	select {
+	case <-kDone:
+	case <-time.After(10 * time.Second):
+		t.Fatalf("server never shut down")
+	}
+}
+
+func TestMuxClosedChannel(t *testing.T) {
+	clientPipe, serverPipe := memPipe()
+	client := newMux(clientPipe)
+	defer serverPipe.Close()
+	defer client.Close()
+
+	kDone := make(chan struct{})
+	go func() {
+		// Open the channel.
+		packet, err := serverPipe.readPacket()
+		if err != nil {
+			t.Fatalf("read packet: %v", err)
+		}
+		if packet[0] != msgChannelOpen {
+			t.Fatalf("expected chan open")
+		}
+
+		var openMsg channelOpenMsg
+		if err := Unmarshal(packet, &openMsg); err != nil {
+			t.Fatalf("unmarshal: %v", err)
+		}
+
+		// Send back the opened channel confirmation.
+		err = serverPipe.writePacket(Marshal(channelOpenConfirmMsg{
+			PeersID:       openMsg.PeersID,
+			MyID:          0,
+			MyWindow:      0,
+			MaxPacketSize: channelMaxPacket,
+		}))
+		if err != nil {
+			t.Fatalf("send: %v", err)
+		}
+
+		// Close the channel.
+		err = serverPipe.writePacket(Marshal(channelCloseMsg{
+			PeersID: openMsg.PeersID,
+		}))
+		if err != nil {
+			t.Fatalf("send: %v", err)
+		}
+
+		// Send a keepalive message on the channel we just closed.
+		err = serverPipe.writePacket(Marshal(channelRequestMsg{
+			PeersID:             openMsg.PeersID,
+			Request:             "keepalive@openssh.com",
+			WantReply:           true,
+			RequestSpecificData: []byte{},
+		}))
+		if err != nil {
+			t.Fatalf("send: %v", err)
+		}
+
+		// Receive the channel closed response.
+		packet, err = serverPipe.readPacket()
+		if err != nil {
+			t.Fatalf("read packet: %v", err)
+		}
+		if packet[0] != msgChannelClose {
+			t.Fatalf("expected channel close")
+		}
+
+		// Receive the keepalive response failure.
+		packet, err = serverPipe.readPacket()
+		if err != nil {
+			t.Fatalf("read packet: %v", err)
+		}
+		if packet[0] != msgChannelFailure {
+			t.Fatalf("expected channel close")
+		}
+		kDone <- struct{}{}
+
+		// Receive and respond to the keepalive to confirm the mux is
+		// still processing requests.
+		packet, err = serverPipe.readPacket()
+		if err != nil {
+			t.Fatalf("read packet: %v", err)
+		}
+		if packet[0] != msgGlobalRequest {
+			t.Fatalf("expected global request")
+		}
+
+		err = serverPipe.writePacket(Marshal(globalRequestFailureMsg{
+			Data: []byte{},
+		}))
+		if err != nil {
+			t.Fatalf("failed to send failure msg: %v", err)
+		}
+
+		close(kDone)
+	}()
+
+	// Open a channel.
+	ch, err := client.openChannel("chan", nil)
+	if err != nil {
+		t.Fatalf("OpenChannel: %v", err)
+	}
+	defer ch.Close()
+
+	// Wait for the server to close the channel and send the keepalive.
+	select {
+	case <-kDone:
+	case <-time.After(10 * time.Second):
+		t.Fatalf("server never received ack")
+	}
+
+	// Make sure the channel closed.
+	if _, ok := <-ch.incomingRequests; ok {
+		t.Fatalf("channel not closed")
+	}
+
+	// Confirm client hasn't closed
+	if _, _, err := client.SendRequest("keepalive@golang.org", true, nil); err != nil {
+		t.Fatalf("failed to send keepalive: %v", err)
+	}
+
+	select {
+	case <-kDone:
+	case <-time.After(10 * time.Second):
+		t.Fatalf("server never shut down")
+	}
+}
+
 func TestMuxGlobalRequest(t *testing.T) {
 	clientMux, serverMux := muxPair()
 	defer serverMux.Close()
diff --git a/ssh/server.go b/ssh/server.go
index b6f4cc811..b6911e830 100644
--- a/ssh/server.go
+++ b/ssh/server.go
@@ -45,6 +45,20 @@ type Permissions struct {
 	Extensions map[string]string
 }
 
+type GSSAPIWithMICConfig struct {
+	// AllowLogin, must be set, is called when gssapi-with-mic
+	// authentication is selected (RFC 4462 section 3). The srcName is from the
+	// results of the GSS-API authentication. The format is username@DOMAIN.
+	// GSSAPI just guarantees to the server who the user is, but not if they can log in, and with what permissions.
+	// This callback is called after the user identity is established with GSSAPI to decide if the user can login with
+	// which permissions. If the user is allowed to login, it should return a nil error.
+	AllowLogin func(conn ConnMetadata, srcName string) (*Permissions, error)
+
+	// Server must be set. It's the implementation
+	// of the GSSAPIServer interface. See GSSAPIServer interface for details.
+	Server GSSAPIServer
+}
+
 // ServerConfig holds server specific configuration data.
 type ServerConfig struct {
 	// Config contains configuration shared between client and server.
@@ -67,7 +81,7 @@ type ServerConfig struct {
 	PasswordCallback func(conn ConnMetadata, password []byte) (*Permissions, error)
 
 	// PublicKeyCallback, if non-nil, is called when a client
-	// offers a public key for authentication. It must return true
+	// offers a public key for authentication. It must return a nil error
 	// if the given public key can be used to authenticate the
 	// given user. For example, see CertChecker.Authenticate. A
 	// call to this function does not guarantee that the key
@@ -95,6 +109,14 @@ type ServerConfig struct {
 	// Note that RFC 4253 section 4.2 requires that this string start with
 	// "SSH-2.0-".
 	ServerVersion string
+
+	// BannerCallback, if present, is called and the return string is sent to
+	// the client after key exchange completed but before authentication.
+	BannerCallback func(conn ConnMetadata) string
+
+	// GSSAPIWithMICConfig includes gssapi server and callback, which if both non-nil, is used
+	// when gssapi-with-mic authentication is selected (RFC 4462 section 3).
+	GSSAPIWithMICConfig *GSSAPIWithMICConfig
 }
 
 // AddHostKey adds a private key as a host key. If an existing host
@@ -162,12 +184,21 @@ type ServerConn struct {
 // unsuccessful, it closes the connection and returns an error.  The
 // Request and NewChannel channels must be serviced, or the connection
 // will hang.
+//
+// The returned error may be of type *ServerAuthError for
+// authentication errors.
 func NewServerConn(c net.Conn, config *ServerConfig) (*ServerConn, <-chan NewChannel, <-chan *Request, error) {
 	fullConf := *config
 	fullConf.SetDefaults()
 	if fullConf.MaxAuthTries == 0 {
 		fullConf.MaxAuthTries = 6
 	}
+	// Check if the config contains any unsupported key exchanges
+	for _, kex := range fullConf.KeyExchanges {
+		if _, ok := serverForbiddenKexAlgos[kex]; ok {
+			return nil, nil, nil, fmt.Errorf("ssh: unsupported key exchange %s for server", kex)
+		}
+	}
 
 	s := &connection{
 		sshConn: sshConn{conn: c},
@@ -197,7 +228,9 @@ func (s *connection) serverHandshake(config *ServerConfig) (*Permissions, error)
 		return nil, errors.New("ssh: server has no host keys")
 	}
 
-	if !config.NoClientAuth && config.PasswordCallback == nil && config.PublicKeyCallback == nil && config.KeyboardInteractiveCallback == nil {
+	if !config.NoClientAuth && config.PasswordCallback == nil && config.PublicKeyCallback == nil &&
+		config.KeyboardInteractiveCallback == nil && (config.GSSAPIWithMICConfig == nil ||
+		config.GSSAPIWithMICConfig.AllowLogin == nil || config.GSSAPIWithMICConfig.Server == nil) {
 		return nil, errors.New("ssh: no authentication methods configured but NoClientAuth is also false")
 	}
 
@@ -251,8 +284,8 @@ func (s *connection) serverHandshake(config *ServerConfig) (*Permissions, error)
 
 func isAcceptableAlgo(algo string) bool {
 	switch algo {
-	case KeyAlgoRSA, KeyAlgoDSA, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, KeyAlgoED25519,
-		CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01:
+	case KeyAlgoRSA, KeyAlgoDSA, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, KeyAlgoSKECDSA256, KeyAlgoED25519, KeyAlgoSKED25519,
+		CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoSKECDSA256v01, CertAlgoED25519v01, CertAlgoSKED25519v01:
 		return true
 	}
 	return false
@@ -288,12 +321,62 @@ func checkSourceAddress(addr net.Addr, sourceAddrs string) error {
 	return fmt.Errorf("ssh: remote address %v is not allowed because of source-address restriction", addr)
 }
 
-// ServerAuthError implements the error interface. It appends any authentication
-// errors that may occur, and is returned if all of the authentication methods
-// provided by the user failed to authenticate.
+func gssExchangeToken(gssapiConfig *GSSAPIWithMICConfig, firstToken []byte, s *connection,
+	sessionID []byte, userAuthReq userAuthRequestMsg) (authErr error, perms *Permissions, err error) {
+	gssAPIServer := gssapiConfig.Server
+	defer gssAPIServer.DeleteSecContext()
+	var srcName string
+	for {
+		var (
+			outToken     []byte
+			needContinue bool
+		)
+		outToken, srcName, needContinue, err = gssAPIServer.AcceptSecContext(firstToken)
+		if err != nil {
+			return err, nil, nil
+		}
+		if len(outToken) != 0 {
+			if err := s.transport.writePacket(Marshal(&userAuthGSSAPIToken{
+				Token: outToken,
+			})); err != nil {
+				return nil, nil, err
+			}
+		}
+		if !needContinue {
+			break
+		}
+		packet, err := s.transport.readPacket()
+		if err != nil {
+			return nil, nil, err
+		}
+		userAuthGSSAPITokenReq := &userAuthGSSAPIToken{}
+		if err := Unmarshal(packet, userAuthGSSAPITokenReq); err != nil {
+			return nil, nil, err
+		}
+	}
+	packet, err := s.transport.readPacket()
+	if err != nil {
+		return nil, nil, err
+	}
+	userAuthGSSAPIMICReq := &userAuthGSSAPIMIC{}
+	if err := Unmarshal(packet, userAuthGSSAPIMICReq); err != nil {
+		return nil, nil, err
+	}
+	mic := buildMIC(string(sessionID), userAuthReq.User, userAuthReq.Service, userAuthReq.Method)
+	if err := gssAPIServer.VerifyMIC(mic, userAuthGSSAPIMICReq.MIC); err != nil {
+		return err, nil, nil
+	}
+	perms, authErr = gssapiConfig.AllowLogin(s, srcName)
+	return authErr, perms, nil
+}
+
+// ServerAuthError represents server authentication errors and is
+// sometimes returned by NewServerConn. It appends any authentication
+// errors that may occur, and is returned if all of the authentication
+// methods provided by the user failed to authenticate.
 type ServerAuthError struct {
 	// Errors contains authentication errors returned by the authentication
-	// callback methods.
+	// callback methods. The first entry is typically ErrNoAuth.
 	Errors []error
 }
 
@@ -305,6 +388,13 @@ func (l ServerAuthError) Error() string {
 	return "[" + strings.Join(errs, ", ") + "]"
 }
 
+// ErrNoAuth is the error value returned if no
+// authentication method has been passed yet. This happens as a normal
+// part of the authentication loop, since the client first tries
+// 'none' authentication to discover available methods.
+// It is returned in ServerAuthError.Errors from NewServerConn.
+var ErrNoAuth = errors.New("ssh: no auth passed yet")
+
 func (s *connection) serverAuthenticate(config *ServerConfig) (*Permissions, error) {
 	sessionID := s.transport.getSessionID()
 	var cache pubKeyCache
@@ -312,6 +402,7 @@ func (s *connection) serverAuthenticate(config *ServerConfig) (*Permissions, err
 
 	authFailures := 0
 	var authErrs []error
+	var displayedBanner bool
 
 userAuthLoop:
 	for {
@@ -343,8 +434,22 @@ userAuthLoop:
 		}
 
 		s.user = userAuthReq.User
+
+		if !displayedBanner && config.BannerCallback != nil {
+			displayedBanner = true
+			msg := config.BannerCallback(s)
+			if msg != "" {
+				bannerMsg := &userAuthBannerMsg{
+					Message: msg,
+				}
+				if err := s.transport.writePacket(Marshal(bannerMsg)); err != nil {
+					return nil, err
+				}
+			}
+		}
+
 		perms = nil
-		authErr := errors.New("no auth passed yet")
+		authErr := ErrNoAuth
 
 		switch userAuthReq.Method {
 		case "none":
@@ -374,7 +479,7 @@ userAuthLoop:
 			perms, authErr = config.PasswordCallback(s, password)
 		case "keyboard-interactive":
 			if config.KeyboardInteractiveCallback == nil {
-				authErr = errors.New("ssh: keyboard-interactive auth not configubred")
+				authErr = errors.New("ssh: keyboard-interactive auth not configured")
 				break
 			}
 
@@ -454,6 +559,7 @@ userAuthLoop:
 				// sig.Format.  This is usually the same, but
 				// for certs, the names differ.
 				if !isAcceptableAlgo(sig.Format) {
+					authErr = fmt.Errorf("ssh: algorithm %q not accepted", sig.Format)
 					break
 				}
 				signedData := buildDataSignedForAuth(sessionID, userAuthReq, algoBytes, pubKeyData)
@@ -465,6 +571,53 @@ userAuthLoop:
 				authErr = candidate.result
 				perms = candidate.perms
 			}
+		case "gssapi-with-mic":
+			if config.GSSAPIWithMICConfig == nil {
+				authErr = errors.New("ssh: gssapi-with-mic auth not configured")
+				break
+			}
+			gssapiConfig := config.GSSAPIWithMICConfig
+			userAuthRequestGSSAPI, err := parseGSSAPIPayload(userAuthReq.Payload)
+			if err != nil {
+				return nil, parseError(msgUserAuthRequest)
+			}
+			// OpenSSH supports Kerberos V5 mechanism only for GSS-API authentication.
+			if userAuthRequestGSSAPI.N == 0 {
+				authErr = fmt.Errorf("ssh: Mechanism negotiation is not supported")
+				break
+			}
+			var i uint32
+			present := false
+			for i = 0; i < userAuthRequestGSSAPI.N; i++ {
+				if userAuthRequestGSSAPI.OIDS[i].Equal(krb5Mesh) {
+					present = true
+					break
+				}
+			}
+			if !present {
+				authErr = fmt.Errorf("ssh: GSSAPI authentication must use the Kerberos V5 mechanism")
+				break
+			}
+			// Initial server response, see RFC 4462 section 3.3.
+			if err := s.transport.writePacket(Marshal(&userAuthGSSAPIResponse{
+				SupportMech: krb5OID,
+			})); err != nil {
+				return nil, err
+			}
+			// Exchange token, see RFC 4462 section 3.4.
+			packet, err := s.transport.readPacket()
+			if err != nil {
+				return nil, err
+			}
+			userAuthGSSAPITokenReq := &userAuthGSSAPIToken{}
+			if err := Unmarshal(packet, userAuthGSSAPITokenReq); err != nil {
+				return nil, err
+			}
+			authErr, perms, err = gssExchangeToken(gssapiConfig, userAuthGSSAPITokenReq.Token, s, sessionID,
+				userAuthReq)
+			if err != nil {
+				return nil, err
+			}
 		default:
 			authErr = fmt.Errorf("ssh: unknown method %q", userAuthReq.Method)
 		}
@@ -491,6 +644,10 @@ userAuthLoop:
 		if config.KeyboardInteractiveCallback != nil {
 			failureMsg.Methods = append(failureMsg.Methods, "keyboard-interactive")
 		}
+		if config.GSSAPIWithMICConfig != nil && config.GSSAPIWithMICConfig.Server != nil &&
+			config.GSSAPIWithMICConfig.AllowLogin != nil {
+			failureMsg.Methods = append(failureMsg.Methods, "gssapi-with-mic")
+		}
 
 		if len(failureMsg.Methods) == 0 {
 			return nil, errors.New("ssh: no authentication methods configured but NoClientAuth is also false")
diff --git a/ssh/session.go b/ssh/session.go
index 17e2aa85c..d3321f6b7 100644
--- a/ssh/session.go
+++ b/ssh/session.go
@@ -231,6 +231,26 @@ func (s *Session) RequestSubsystem(subsystem string) error {
 	return err
 }
 
+// RFC 4254 Section 6.7.
+type ptyWindowChangeMsg struct {
+	Columns uint32
+	Rows    uint32
+	Width   uint32
+	Height  uint32
+}
+
+// WindowChange informs the remote host about a terminal window dimension change to h rows and w columns.
+func (s *Session) WindowChange(h, w int) error {
+	req := ptyWindowChangeMsg{
+		Columns: uint32(w),
+		Rows:    uint32(h),
+		Width:   uint32(w * 8),
+		Height:  uint32(h * 8),
+	}
+	_, err := s.ch.SendRequest("window-change", false, Marshal(&req))
+	return err
+}
+
 // RFC 4254 Section 6.9.
 type signalMsg struct {
 	Signal string
@@ -386,7 +406,7 @@ func (s *Session) Wait() error {
 		s.stdinPipeWriter.Close()
 	}
 	var copyError error
-	for _ = range s.copyFuncs {
+	for range s.copyFuncs {
 		if err := <-s.errors; err != nil && copyError == nil {
 			copyError = err
 		}
diff --git a/ssh/session_test.go b/ssh/session_test.go
index 7dce6dd69..39853bfcd 100644
--- a/ssh/session_test.go
+++ b/ssh/session_test.go
@@ -35,7 +35,7 @@ func dial(handler serverType, t *testing.T) *Client {
 		}
 		conf.AddHostKey(testSigners["rsa"])
 
-		_, chans, reqs, err := NewServerConn(c1, &conf)
+		conn, chans, reqs, err := NewServerConn(c1, &conf)
 		if err != nil {
 			t.Fatalf("Unable to handshake: %v", err)
 		}
@@ -56,6 +56,9 @@ func dial(handler serverType, t *testing.T) *Client {
 				handler(ch, inReqs, t)
 			}()
 		}
+		if err := conn.Wait(); err != io.EOF {
+			t.Logf("server exit reason: %v", err)
+		}
 	}()
 
 	config := &ClientConfig{
@@ -358,10 +361,9 @@ func TestServerWindow(t *testing.T) {
 	}
 	written, err := copyNRandomly("stdin", serverStdin, origBuf, windowTestBytes)
 	if err != nil {
-		t.Fatalf("failed to copy origBuf to serverStdin: %v", err)
-	}
-	if written != windowTestBytes {
-		t.Fatalf("Wrote only %d of %d bytes to server", written, windowTestBytes)
+		t.Errorf("failed to copy origBuf to serverStdin: %v", err)
+	} else if written != windowTestBytes {
+		t.Errorf("Wrote only %d of %d bytes to server", written, windowTestBytes)
 	}
 
 	echoedBytes := <-result
diff --git a/ssh/ssh_gss.go b/ssh/ssh_gss.go
new file mode 100644
index 000000000..24bd7c8e8
--- /dev/null
+++ b/ssh/ssh_gss.go
@@ -0,0 +1,139 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ssh
+
+import (
+	"encoding/asn1"
+	"errors"
+)
+
+var krb5OID []byte
+
+func init() {
+	krb5OID, _ = asn1.Marshal(krb5Mesh)
+}
+
+// GSSAPIClient provides the API to plug-in GSSAPI authentication for client logins.
+type GSSAPIClient interface {
+	// InitSecContext initiates the establishment of a security context for GSS-API between the
+	// ssh client and ssh server. Initially the token parameter should be specified as nil.
+	// The routine may return a outputToken which should be transferred to
+	// the ssh server, where the ssh server will present it to
+	// AcceptSecContext. If no token need be sent, InitSecContext will indicate this by setting
+	// needContinue to false. To complete the context
+	// establishment, one or more reply tokens may be required from the ssh
+	// server;if so, InitSecContext will return a needContinue which is true.
+	// In this case, InitSecContext should be called again when the
+	// reply token is received from the ssh server, passing the reply
+	// token to InitSecContext via the token parameters.
+	// See RFC 2743 section 2.2.1 and RFC 4462 section 3.4.
+	InitSecContext(target string, token []byte, isGSSDelegCreds bool) (outputToken []byte, needContinue bool, err error)
+	// GetMIC generates a cryptographic MIC for the SSH2 message, and places
+	// the MIC in a token for transfer to the ssh server.
+	// The contents of the MIC field are obtained by calling GSS_GetMIC()
+	// over the following, using the GSS-API context that was just
+	// established:
+	//  string    session identifier
+	//  byte      SSH_MSG_USERAUTH_REQUEST
+	//  string    user name
+	//  string    service
+	//  string    "gssapi-with-mic"
+	// See RFC 2743 section 2.3.1 and RFC 4462 3.5.
+	GetMIC(micFiled []byte) ([]byte, error)
+	// Whenever possible, it should be possible for
+	// DeleteSecContext() calls to be successfully processed even
+	// if other calls cannot succeed, thereby enabling context-related
+	// resources to be released.
+	// In addition to deleting established security contexts,
+	// gss_delete_sec_context must also be able to delete "half-built"
+	// security contexts resulting from an incomplete sequence of
+	// InitSecContext()/AcceptSecContext() calls.
+	// See RFC 2743 section 2.2.3.
+	DeleteSecContext() error
+}
+
+// GSSAPIServer provides the API to plug in GSSAPI authentication for server logins.
+type GSSAPIServer interface {
+	// AcceptSecContext allows a remotely initiated security context between the application
+	// and a remote peer to be established by the ssh client. The routine may return a
+	// outputToken which should be transferred to the ssh client,
+	// where the ssh client will present it to InitSecContext.
+	// If no token need be sent, AcceptSecContext will indicate this
+	// by setting the needContinue to false. To
+	// complete the context establishment, one or more reply tokens may be
+	// required from the ssh client. if so, AcceptSecContext
+	// will return a needContinue which is true, in which case it
+	// should be called again when the reply token is received from the ssh
+	// client, passing the token to AcceptSecContext via the
+	// token parameters.
+	// The srcName return value is the authenticated username.
+	// See RFC 2743 section 2.2.2 and RFC 4462 section 3.4.
+	AcceptSecContext(token []byte) (outputToken []byte, srcName string, needContinue bool, err error)
+	// VerifyMIC verifies that a cryptographic MIC, contained in the token parameter,
+	// fits the supplied message is received from the ssh client.
+	// See RFC 2743 section 2.3.2.
+	VerifyMIC(micField []byte, micToken []byte) error
+	// Whenever possible, it should be possible for
+	// DeleteSecContext() calls to be successfully processed even
+	// if other calls cannot succeed, thereby enabling context-related
+	// resources to be released.
+	// In addition to deleting established security contexts,
+	// gss_delete_sec_context must also be able to delete "half-built"
+	// security contexts resulting from an incomplete sequence of
+	// InitSecContext()/AcceptSecContext() calls.
+	// See RFC 2743 section 2.2.3.
+	DeleteSecContext() error
+}
+
+var (
+	// OpenSSH supports Kerberos V5 mechanism only for GSS-API authentication,
+	// so we also support the krb5 mechanism only.
+	// See RFC 1964 section 1.
+	krb5Mesh = asn1.ObjectIdentifier{1, 2, 840, 113554, 1, 2, 2}
+)
+
+// The GSS-API authentication method is initiated when the client sends an SSH_MSG_USERAUTH_REQUEST
+// See RFC 4462 section 3.2.
+type userAuthRequestGSSAPI struct {
+	N    uint32
+	OIDS []asn1.ObjectIdentifier
+}
+
+func parseGSSAPIPayload(payload []byte) (*userAuthRequestGSSAPI, error) {
+	n, rest, ok := parseUint32(payload)
+	if !ok {
+		return nil, errors.New("parse uint32 failed")
+	}
+	s := &userAuthRequestGSSAPI{
+		N:    n,
+		OIDS: make([]asn1.ObjectIdentifier, n),
+	}
+	for i := 0; i < int(n); i++ {
+		var (
+			desiredMech []byte
+			err         error
+		)
+		desiredMech, rest, ok = parseString(rest)
+		if !ok {
+			return nil, errors.New("parse string failed")
+		}
+		if rest, err = asn1.Unmarshal(desiredMech, &s.OIDS[i]); err != nil {
+			return nil, err
+		}
+
+	}
+	return s, nil
+}
+
+// See RFC 4462 section 3.6.
+func buildMIC(sessionID string, username string, service string, authMethod string) []byte {
+	out := make([]byte, 0, 0)
+	out = appendString(out, sessionID)
+	out = append(out, msgUserAuthRequest)
+	out = appendString(out, username)
+	out = appendString(out, service)
+	out = appendString(out, authMethod)
+	return out
+}
diff --git a/ssh/ssh_gss_test.go b/ssh/ssh_gss_test.go
new file mode 100644
index 000000000..39a111288
--- /dev/null
+++ b/ssh/ssh_gss_test.go
@@ -0,0 +1,109 @@
+package ssh
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestParseGSSAPIPayload(t *testing.T) {
+	payload := []byte{0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0b, 0x06, 0x09,
+		0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x01, 0x02, 0x02}
+	res, err := parseGSSAPIPayload(payload)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if ok := res.OIDS[0].Equal(krb5Mesh); !ok {
+		t.Fatalf("got %v, want %v", res, krb5Mesh)
+	}
+}
+
+func TestBuildMIC(t *testing.T) {
+	sessionID := []byte{134, 180, 134, 194, 62, 145, 171, 82, 119, 149, 254, 196, 125, 173, 177, 145, 187, 85, 53,
+		183, 44, 150, 219, 129, 166, 195, 19, 33, 209, 246, 175, 121}
+	username := "testuser"
+	service := "ssh-connection"
+	authMethod := "gssapi-with-mic"
+	expected := []byte{0, 0, 0, 32, 134, 180, 134, 194, 62, 145, 171, 82, 119, 149, 254, 196, 125, 173, 177, 145, 187, 85, 53, 183, 44, 150, 219, 129, 166, 195, 19, 33, 209, 246, 175, 121, 50, 0, 0, 0, 8, 116, 101, 115, 116, 117, 115, 101, 114, 0, 0, 0, 14, 115, 115, 104, 45, 99, 111, 110, 110, 101, 99, 116, 105, 111, 110, 0, 0, 0, 15, 103, 115, 115, 97, 112, 105, 45, 119, 105, 116, 104, 45, 109, 105, 99}
+	result := buildMIC(string(sessionID), username, service, authMethod)
+	if string(result) != string(expected) {
+		t.Fatalf("buildMic: got %v, want %v", result, expected)
+	}
+}
+
+type exchange struct {
+	outToken      string
+	expectedToken string
+}
+
+type FakeClient struct {
+	exchanges []*exchange
+	round     int
+	mic       []byte
+	maxRound  int
+}
+
+func (f *FakeClient) InitSecContext(target string, token []byte, isGSSDelegCreds bool) (outputToken []byte, needContinue bool, err error) {
+	if token == nil {
+		if f.exchanges[f.round].expectedToken != "" {
+			err = fmt.Errorf("got empty token, want %q", f.exchanges[f.round].expectedToken)
+		} else {
+			outputToken = []byte(f.exchanges[f.round].outToken)
+		}
+	} else {
+		if string(token) != string(f.exchanges[f.round].expectedToken) {
+			err = fmt.Errorf("got %q, want token %q", token, f.exchanges[f.round].expectedToken)
+		} else {
+			outputToken = []byte(f.exchanges[f.round].outToken)
+		}
+	}
+	f.round++
+	needContinue = f.round < f.maxRound
+	return
+}
+
+func (f *FakeClient) GetMIC(micField []byte) ([]byte, error) {
+	return f.mic, nil
+}
+
+func (f *FakeClient) DeleteSecContext() error {
+	return nil
+}
+
+type FakeServer struct {
+	exchanges   []*exchange
+	round       int
+	expectedMIC []byte
+	srcName     string
+	maxRound    int
+}
+
+func (f *FakeServer) AcceptSecContext(token []byte) (outputToken []byte, srcName string, needContinue bool, err error) {
+	if token == nil {
+		if f.exchanges[f.round].expectedToken != "" {
+			err = fmt.Errorf("got empty token, want %q", f.exchanges[f.round].expectedToken)
+		} else {
+			outputToken = []byte(f.exchanges[f.round].outToken)
+		}
+	} else {
+		if string(token) != string(f.exchanges[f.round].expectedToken) {
+			err = fmt.Errorf("got %q, want token %q", token, f.exchanges[f.round].expectedToken)
+		} else {
+			outputToken = []byte(f.exchanges[f.round].outToken)
+		}
+	}
+	f.round++
+	needContinue = f.round < f.maxRound
+	srcName = f.srcName
+	return
+}
+
+func (f *FakeServer) VerifyMIC(micField []byte, micToken []byte) error {
+	if string(micToken) != string(f.expectedMIC) {
+		return fmt.Errorf("got MICToken %q, want %q", micToken, f.expectedMIC)
+	}
+	return nil
+}
+
+func (f *FakeServer) DeleteSecContext() error {
+	return nil
+}
diff --git a/ssh/streamlocal.go b/ssh/streamlocal.go
index a2dccc64c..b171b330b 100644
--- a/ssh/streamlocal.go
+++ b/ssh/streamlocal.go
@@ -32,6 +32,7 @@ type streamLocalChannelForwardMsg struct {
 
 // ListenUnix is similar to ListenTCP but uses a Unix domain socket.
 func (c *Client) ListenUnix(socketPath string) (net.Listener, error) {
+	c.handleForwardsOnce.Do(c.handleForwards)
 	m := streamLocalChannelForwardMsg{
 		socketPath,
 	}
diff --git a/ssh/tcpip.go b/ssh/tcpip.go
index acf17175d..80d35f5ec 100644
--- a/ssh/tcpip.go
+++ b/ssh/tcpip.go
@@ -90,10 +90,19 @@ type channelForwardMsg struct {
 	rport uint32
 }
 
+// handleForwards starts goroutines handling forwarded connections.
+// It's called on first use by (*Client).ListenTCP to not launch
+// goroutines until needed.
+func (c *Client) handleForwards() {
+	go c.forwards.handleChannels(c.HandleChannelOpen("forwarded-tcpip"))
+	go c.forwards.handleChannels(c.HandleChannelOpen("forwarded-streamlocal@openssh.com"))
+}
+
 // ListenTCP requests the remote peer open a listening socket
 // on laddr. Incoming connections will be available by calling
 // Accept on the returned net.Listener.
 func (c *Client) ListenTCP(laddr *net.TCPAddr) (net.Listener, error) {
+	c.handleForwardsOnce.Do(c.handleForwards)
 	if laddr.Port == 0 && isBrokenOpenSSHVersion(string(c.ServerVersion())) {
 		return c.autoPortListenWorkaround(laddr)
 	}
diff --git a/ssh/terminal/terminal.go b/ssh/terminal/terminal.go
index 18379a935..a4d1919a9 100644
--- a/ssh/terminal/terminal.go
+++ b/ssh/terminal/terminal.go
@@ -2,950 +2,75 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+// Package terminal provides support functions for dealing with terminals, as
+// commonly found on UNIX systems.
+//
+// Deprecated: this package moved to golang.org/x/term.
 package terminal
 
 import (
-	"bytes"
 	"io"
-	"sync"
-	"unicode/utf8"
+
+	"golang.org/x/term"
 )
 
 // EscapeCodes contains escape sequences that can be written to the terminal in
 // order to achieve different styles of text.
-type EscapeCodes struct {
-	// Foreground colors
-	Black, Red, Green, Yellow, Blue, Magenta, Cyan, White []byte
-
-	// Reset all attributes
-	Reset []byte
-}
-
-var vt100EscapeCodes = EscapeCodes{
-	Black:   []byte{keyEscape, '[', '3', '0', 'm'},
-	Red:     []byte{keyEscape, '[', '3', '1', 'm'},
-	Green:   []byte{keyEscape, '[', '3', '2', 'm'},
-	Yellow:  []byte{keyEscape, '[', '3', '3', 'm'},
-	Blue:    []byte{keyEscape, '[', '3', '4', 'm'},
-	Magenta: []byte{keyEscape, '[', '3', '5', 'm'},
-	Cyan:    []byte{keyEscape, '[', '3', '6', 'm'},
-	White:   []byte{keyEscape, '[', '3', '7', 'm'},
-
-	Reset: []byte{keyEscape, '[', '0', 'm'},
-}
+type EscapeCodes = term.EscapeCodes
 
 // Terminal contains the state for running a VT100 terminal that is capable of
 // reading lines of input.
-type Terminal struct {
-	// AutoCompleteCallback, if non-null, is called for each keypress with
-	// the full input line and the current position of the cursor (in
-	// bytes, as an index into |line|). If it returns ok=false, the key
-	// press is processed normally. Otherwise it returns a replacement line
-	// and the new cursor position.
-	AutoCompleteCallback func(line string, pos int, key rune) (newLine string, newPos int, ok bool)
-
-	// Escape contains a pointer to the escape codes for this terminal.
-	// It's always a valid pointer, although the escape codes themselves
-	// may be empty if the terminal doesn't support them.
-	Escape *EscapeCodes
-
-	// lock protects the terminal and the state in this object from
-	// concurrent processing of a key press and a Write() call.
-	lock sync.Mutex
-
-	c      io.ReadWriter
-	prompt []rune
-
-	// line is the current line being entered.
-	line []rune
-	// pos is the logical position of the cursor in line
-	pos int
-	// echo is true if local echo is enabled
-	echo bool
-	// pasteActive is true iff there is a bracketed paste operation in
-	// progress.
-	pasteActive bool
-
-	// cursorX contains the current X value of the cursor where the left
-	// edge is 0. cursorY contains the row number where the first row of
-	// the current line is 0.
-	cursorX, cursorY int
-	// maxLine is the greatest value of cursorY so far.
-	maxLine int
-
-	termWidth, termHeight int
-
-	// outBuf contains the terminal data to be sent.
-	outBuf []byte
-	// remainder contains the remainder of any partial key sequences after
-	// a read. It aliases into inBuf.
-	remainder []byte
-	inBuf     [256]byte
-
-	// history contains previously entered commands so that they can be
-	// accessed with the up and down keys.
-	history stRingBuffer
-	// historyIndex stores the currently accessed history entry, where zero
-	// means the immediately previous entry.
-	historyIndex int
-	// When navigating up and down the history it's possible to return to
-	// the incomplete, initial line. That value is stored in
-	// historyPending.
-	historyPending string
-}
+type Terminal = term.Terminal
 
 // NewTerminal runs a VT100 terminal on the given ReadWriter. If the ReadWriter is
 // a local terminal, that terminal must first have been put into raw mode.
 // prompt is a string that is written at the start of each input line (i.e.
 // "> ").
 func NewTerminal(c io.ReadWriter, prompt string) *Terminal {
-	return &Terminal{
-		Escape:       &vt100EscapeCodes,
-		c:            c,
-		prompt:       []rune(prompt),
-		termWidth:    80,
-		termHeight:   24,
-		echo:         true,
-		historyIndex: -1,
-	}
-}
-
-const (
-	keyCtrlD     = 4
-	keyCtrlU     = 21
-	keyEnter     = '\r'
-	keyEscape    = 27
-	keyBackspace = 127
-	keyUnknown   = 0xd800 /* UTF-16 surrogate area */ + iota
-	keyUp
-	keyDown
-	keyLeft
-	keyRight
-	keyAltLeft
-	keyAltRight
-	keyHome
-	keyEnd
-	keyDeleteWord
-	keyDeleteLine
-	keyClearScreen
-	keyPasteStart
-	keyPasteEnd
-)
-
-var (
-	crlf       = []byte{'\r', '\n'}
-	pasteStart = []byte{keyEscape, '[', '2', '0', '0', '~'}
-	pasteEnd   = []byte{keyEscape, '[', '2', '0', '1', '~'}
-)
-
-// bytesToKey tries to parse a key sequence from b. If successful, it returns
-// the key and the remainder of the input. Otherwise it returns utf8.RuneError.
-func bytesToKey(b []byte, pasteActive bool) (rune, []byte) {
-	if len(b) == 0 {
-		return utf8.RuneError, nil
-	}
-
-	if !pasteActive {
-		switch b[0] {
-		case 1: // ^A
-			return keyHome, b[1:]
-		case 5: // ^E
-			return keyEnd, b[1:]
-		case 8: // ^H
-			return keyBackspace, b[1:]
-		case 11: // ^K
-			return keyDeleteLine, b[1:]
-		case 12: // ^L
-			return keyClearScreen, b[1:]
-		case 23: // ^W
-			return keyDeleteWord, b[1:]
-		}
-	}
-
-	if b[0] != keyEscape {
-		if !utf8.FullRune(b) {
-			return utf8.RuneError, b
-		}
-		r, l := utf8.DecodeRune(b)
-		return r, b[l:]
-	}
-
-	if !pasteActive && len(b) >= 3 && b[0] == keyEscape && b[1] == '[' {
-		switch b[2] {
-		case 'A':
-			return keyUp, b[3:]
-		case 'B':
-			return keyDown, b[3:]
-		case 'C':
-			return keyRight, b[3:]
-		case 'D':
-			return keyLeft, b[3:]
-		case 'H':
-			return keyHome, b[3:]
-		case 'F':
-			return keyEnd, b[3:]
-		}
-	}
-
-	if !pasteActive && len(b) >= 6 && b[0] == keyEscape && b[1] == '[' && b[2] == '1' && b[3] == ';' && b[4] == '3' {
-		switch b[5] {
-		case 'C':
-			return keyAltRight, b[6:]
-		case 'D':
-			return keyAltLeft, b[6:]
-		}
-	}
-
-	if !pasteActive && len(b) >= 6 && bytes.Equal(b[:6], pasteStart) {
-		return keyPasteStart, b[6:]
-	}
-
-	if pasteActive && len(b) >= 6 && bytes.Equal(b[:6], pasteEnd) {
-		return keyPasteEnd, b[6:]
-	}
-
-	// If we get here then we have a key that we don't recognise, or a
-	// partial sequence. It's not clear how one should find the end of a
-	// sequence without knowing them all, but it seems that [a-zA-Z~] only
-	// appears at the end of a sequence.
-	for i, c := range b[0:] {
-		if c >= 'a' && c <= 'z' || c >= 'A' && c <= 'Z' || c == '~' {
-			return keyUnknown, b[i+1:]
-		}
-	}
-
-	return utf8.RuneError, b
-}
-
-// queue appends data to the end of t.outBuf
-func (t *Terminal) queue(data []rune) {
-	t.outBuf = append(t.outBuf, []byte(string(data))...)
-}
-
-var eraseUnderCursor = []rune{' ', keyEscape, '[', 'D'}
-var space = []rune{' '}
-
-func isPrintable(key rune) bool {
-	isInSurrogateArea := key >= 0xd800 && key <= 0xdbff
-	return key >= 32 && !isInSurrogateArea
-}
-
-// moveCursorToPos appends data to t.outBuf which will move the cursor to the
-// given, logical position in the text.
-func (t *Terminal) moveCursorToPos(pos int) {
-	if !t.echo {
-		return
-	}
-
-	x := visualLength(t.prompt) + pos
-	y := x / t.termWidth
-	x = x % t.termWidth
-
-	up := 0
-	if y < t.cursorY {
-		up = t.cursorY - y
-	}
-
-	down := 0
-	if y > t.cursorY {
-		down = y - t.cursorY
-	}
-
-	left := 0
-	if x < t.cursorX {
-		left = t.cursorX - x
-	}
-
-	right := 0
-	if x > t.cursorX {
-		right = x - t.cursorX
-	}
-
-	t.cursorX = x
-	t.cursorY = y
-	t.move(up, down, left, right)
-}
-
-func (t *Terminal) move(up, down, left, right int) {
-	movement := make([]rune, 3*(up+down+left+right))
-	m := movement
-	for i := 0; i < up; i++ {
-		m[0] = keyEscape
-		m[1] = '['
-		m[2] = 'A'
-		m = m[3:]
-	}
-	for i := 0; i < down; i++ {
-		m[0] = keyEscape
-		m[1] = '['
-		m[2] = 'B'
-		m = m[3:]
-	}
-	for i := 0; i < left; i++ {
-		m[0] = keyEscape
-		m[1] = '['
-		m[2] = 'D'
-		m = m[3:]
-	}
-	for i := 0; i < right; i++ {
-		m[0] = keyEscape
-		m[1] = '['
-		m[2] = 'C'
-		m = m[3:]
-	}
-
-	t.queue(movement)
-}
-
-func (t *Terminal) clearLineToRight() {
-	op := []rune{keyEscape, '[', 'K'}
-	t.queue(op)
-}
-
-const maxLineLength = 4096
-
-func (t *Terminal) setLine(newLine []rune, newPos int) {
-	if t.echo {
-		t.moveCursorToPos(0)
-		t.writeLine(newLine)
-		for i := len(newLine); i < len(t.line); i++ {
-			t.writeLine(space)
-		}
-		t.moveCursorToPos(newPos)
-	}
-	t.line = newLine
-	t.pos = newPos
-}
-
-func (t *Terminal) advanceCursor(places int) {
-	t.cursorX += places
-	t.cursorY += t.cursorX / t.termWidth
-	if t.cursorY > t.maxLine {
-		t.maxLine = t.cursorY
-	}
-	t.cursorX = t.cursorX % t.termWidth
-
-	if places > 0 && t.cursorX == 0 {
-		// Normally terminals will advance the current position
-		// when writing a character. But that doesn't happen
-		// for the last character in a line. However, when
-		// writing a character (except a new line) that causes
-		// a line wrap, the position will be advanced two
-		// places.
-		//
-		// So, if we are stopping at the end of a line, we
-		// need to write a newline so that our cursor can be
-		// advanced to the next line.
-		t.outBuf = append(t.outBuf, '\r', '\n')
-	}
-}
-
-func (t *Terminal) eraseNPreviousChars(n int) {
-	if n == 0 {
-		return
-	}
-
-	if t.pos < n {
-		n = t.pos
-	}
-	t.pos -= n
-	t.moveCursorToPos(t.pos)
-
-	copy(t.line[t.pos:], t.line[n+t.pos:])
-	t.line = t.line[:len(t.line)-n]
-	if t.echo {
-		t.writeLine(t.line[t.pos:])
-		for i := 0; i < n; i++ {
-			t.queue(space)
-		}
-		t.advanceCursor(n)
-		t.moveCursorToPos(t.pos)
-	}
-}
-
-// countToLeftWord returns then number of characters from the cursor to the
-// start of the previous word.
-func (t *Terminal) countToLeftWord() int {
-	if t.pos == 0 {
-		return 0
-	}
-
-	pos := t.pos - 1
-	for pos > 0 {
-		if t.line[pos] != ' ' {
-			break
-		}
-		pos--
-	}
-	for pos > 0 {
-		if t.line[pos] == ' ' {
-			pos++
-			break
-		}
-		pos--
-	}
-
-	return t.pos - pos
-}
-
-// countToRightWord returns then number of characters from the cursor to the
-// start of the next word.
-func (t *Terminal) countToRightWord() int {
-	pos := t.pos
-	for pos < len(t.line) {
-		if t.line[pos] == ' ' {
-			break
-		}
-		pos++
-	}
-	for pos < len(t.line) {
-		if t.line[pos] != ' ' {
-			break
-		}
-		pos++
-	}
-	return pos - t.pos
-}
-
-// visualLength returns the number of visible glyphs in s.
-func visualLength(runes []rune) int {
-	inEscapeSeq := false
-	length := 0
-
-	for _, r := range runes {
-		switch {
-		case inEscapeSeq:
-			if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') {
-				inEscapeSeq = false
-			}
-		case r == '\x1b':
-			inEscapeSeq = true
-		default:
-			length++
-		}
-	}
-
-	return length
-}
-
-// handleKey processes the given key and, optionally, returns a line of text
-// that the user has entered.
-func (t *Terminal) handleKey(key rune) (line string, ok bool) {
-	if t.pasteActive && key != keyEnter {
-		t.addKeyToLine(key)
-		return
-	}
-
-	switch key {
-	case keyBackspace:
-		if t.pos == 0 {
-			return
-		}
-		t.eraseNPreviousChars(1)
-	case keyAltLeft:
-		// move left by a word.
-		t.pos -= t.countToLeftWord()
-		t.moveCursorToPos(t.pos)
-	case keyAltRight:
-		// move right by a word.
-		t.pos += t.countToRightWord()
-		t.moveCursorToPos(t.pos)
-	case keyLeft:
-		if t.pos == 0 {
-			return
-		}
-		t.pos--
-		t.moveCursorToPos(t.pos)
-	case keyRight:
-		if t.pos == len(t.line) {
-			return
-		}
-		t.pos++
-		t.moveCursorToPos(t.pos)
-	case keyHome:
-		if t.pos == 0 {
-			return
-		}
-		t.pos = 0
-		t.moveCursorToPos(t.pos)
-	case keyEnd:
-		if t.pos == len(t.line) {
-			return
-		}
-		t.pos = len(t.line)
-		t.moveCursorToPos(t.pos)
-	case keyUp:
-		entry, ok := t.history.NthPreviousEntry(t.historyIndex + 1)
-		if !ok {
-			return "", false
-		}
-		if t.historyIndex == -1 {
-			t.historyPending = string(t.line)
-		}
-		t.historyIndex++
-		runes := []rune(entry)
-		t.setLine(runes, len(runes))
-	case keyDown:
-		switch t.historyIndex {
-		case -1:
-			return
-		case 0:
-			runes := []rune(t.historyPending)
-			t.setLine(runes, len(runes))
-			t.historyIndex--
-		default:
-			entry, ok := t.history.NthPreviousEntry(t.historyIndex - 1)
-			if ok {
-				t.historyIndex--
-				runes := []rune(entry)
-				t.setLine(runes, len(runes))
-			}
-		}
-	case keyEnter:
-		t.moveCursorToPos(len(t.line))
-		t.queue([]rune("\r\n"))
-		line = string(t.line)
-		ok = true
-		t.line = t.line[:0]
-		t.pos = 0
-		t.cursorX = 0
-		t.cursorY = 0
-		t.maxLine = 0
-	case keyDeleteWord:
-		// Delete zero or more spaces and then one or more characters.
-		t.eraseNPreviousChars(t.countToLeftWord())
-	case keyDeleteLine:
-		// Delete everything from the current cursor position to the
-		// end of line.
-		for i := t.pos; i < len(t.line); i++ {
-			t.queue(space)
-			t.advanceCursor(1)
-		}
-		t.line = t.line[:t.pos]
-		t.moveCursorToPos(t.pos)
-	case keyCtrlD:
-		// Erase the character under the current position.
-		// The EOF case when the line is empty is handled in
-		// readLine().
-		if t.pos < len(t.line) {
-			t.pos++
-			t.eraseNPreviousChars(1)
-		}
-	case keyCtrlU:
-		t.eraseNPreviousChars(t.pos)
-	case keyClearScreen:
-		// Erases the screen and moves the cursor to the home position.
-		t.queue([]rune("\x1b[2J\x1b[H"))
-		t.queue(t.prompt)
-		t.cursorX, t.cursorY = 0, 0
-		t.advanceCursor(visualLength(t.prompt))
-		t.setLine(t.line, t.pos)
-	default:
-		if t.AutoCompleteCallback != nil {
-			prefix := string(t.line[:t.pos])
-			suffix := string(t.line[t.pos:])
-
-			t.lock.Unlock()
-			newLine, newPos, completeOk := t.AutoCompleteCallback(prefix+suffix, len(prefix), key)
-			t.lock.Lock()
-
-			if completeOk {
-				t.setLine([]rune(newLine), utf8.RuneCount([]byte(newLine)[:newPos]))
-				return
-			}
-		}
-		if !isPrintable(key) {
-			return
-		}
-		if len(t.line) == maxLineLength {
-			return
-		}
-		t.addKeyToLine(key)
-	}
-	return
-}
-
-// addKeyToLine inserts the given key at the current position in the current
-// line.
-func (t *Terminal) addKeyToLine(key rune) {
-	if len(t.line) == cap(t.line) {
-		newLine := make([]rune, len(t.line), 2*(1+len(t.line)))
-		copy(newLine, t.line)
-		t.line = newLine
-	}
-	t.line = t.line[:len(t.line)+1]
-	copy(t.line[t.pos+1:], t.line[t.pos:])
-	t.line[t.pos] = key
-	if t.echo {
-		t.writeLine(t.line[t.pos:])
-	}
-	t.pos++
-	t.moveCursorToPos(t.pos)
-}
-
-func (t *Terminal) writeLine(line []rune) {
-	for len(line) != 0 {
-		remainingOnLine := t.termWidth - t.cursorX
-		todo := len(line)
-		if todo > remainingOnLine {
-			todo = remainingOnLine
-		}
-		t.queue(line[:todo])
-		t.advanceCursor(visualLength(line[:todo]))
-		line = line[todo:]
-	}
-}
-
-// writeWithCRLF writes buf to w but replaces all occurrences of \n with \r\n.
-func writeWithCRLF(w io.Writer, buf []byte) (n int, err error) {
-	for len(buf) > 0 {
-		i := bytes.IndexByte(buf, '\n')
-		todo := len(buf)
-		if i >= 0 {
-			todo = i
-		}
-
-		var nn int
-		nn, err = w.Write(buf[:todo])
-		n += nn
-		if err != nil {
-			return n, err
-		}
-		buf = buf[todo:]
-
-		if i >= 0 {
-			if _, err = w.Write(crlf); err != nil {
-				return n, err
-			}
-			n += 1
-			buf = buf[1:]
-		}
-	}
-
-	return n, nil
-}
-
-func (t *Terminal) Write(buf []byte) (n int, err error) {
-	t.lock.Lock()
-	defer t.lock.Unlock()
-
-	if t.cursorX == 0 && t.cursorY == 0 {
-		// This is the easy case: there's nothing on the screen that we
-		// have to move out of the way.
-		return writeWithCRLF(t.c, buf)
-	}
-
-	// We have a prompt and possibly user input on the screen. We
-	// have to clear it first.
-	t.move(0 /* up */, 0 /* down */, t.cursorX /* left */, 0 /* right */)
-	t.cursorX = 0
-	t.clearLineToRight()
-
-	for t.cursorY > 0 {
-		t.move(1 /* up */, 0, 0, 0)
-		t.cursorY--
-		t.clearLineToRight()
-	}
-
-	if _, err = t.c.Write(t.outBuf); err != nil {
-		return
-	}
-	t.outBuf = t.outBuf[:0]
-
-	if n, err = writeWithCRLF(t.c, buf); err != nil {
-		return
-	}
-
-	t.writeLine(t.prompt)
-	if t.echo {
-		t.writeLine(t.line)
-	}
-
-	t.moveCursorToPos(t.pos)
-
-	if _, err = t.c.Write(t.outBuf); err != nil {
-		return
-	}
-	t.outBuf = t.outBuf[:0]
-	return
-}
-
-// ReadPassword temporarily changes the prompt and reads a password, without
-// echo, from the terminal.
-func (t *Terminal) ReadPassword(prompt string) (line string, err error) {
-	t.lock.Lock()
-	defer t.lock.Unlock()
-
-	oldPrompt := t.prompt
-	t.prompt = []rune(prompt)
-	t.echo = false
-
-	line, err = t.readLine()
-
-	t.prompt = oldPrompt
-	t.echo = true
-
-	return
-}
-
-// ReadLine returns a line of input from the terminal.
-func (t *Terminal) ReadLine() (line string, err error) {
-	t.lock.Lock()
-	defer t.lock.Unlock()
-
-	return t.readLine()
-}
-
-func (t *Terminal) readLine() (line string, err error) {
-	// t.lock must be held at this point
-
-	if t.cursorX == 0 && t.cursorY == 0 {
-		t.writeLine(t.prompt)
-		t.c.Write(t.outBuf)
-		t.outBuf = t.outBuf[:0]
-	}
-
-	lineIsPasted := t.pasteActive
-
-	for {
-		rest := t.remainder
-		lineOk := false
-		for !lineOk {
-			var key rune
-			key, rest = bytesToKey(rest, t.pasteActive)
-			if key == utf8.RuneError {
-				break
-			}
-			if !t.pasteActive {
-				if key == keyCtrlD {
-					if len(t.line) == 0 {
-						return "", io.EOF
-					}
-				}
-				if key == keyPasteStart {
-					t.pasteActive = true
-					if len(t.line) == 0 {
-						lineIsPasted = true
-					}
-					continue
-				}
-			} else if key == keyPasteEnd {
-				t.pasteActive = false
-				continue
-			}
-			if !t.pasteActive {
-				lineIsPasted = false
-			}
-			line, lineOk = t.handleKey(key)
-		}
-		if len(rest) > 0 {
-			n := copy(t.inBuf[:], rest)
-			t.remainder = t.inBuf[:n]
-		} else {
-			t.remainder = nil
-		}
-		t.c.Write(t.outBuf)
-		t.outBuf = t.outBuf[:0]
-		if lineOk {
-			if t.echo {
-				t.historyIndex = -1
-				t.history.Add(line)
-			}
-			if lineIsPasted {
-				err = ErrPasteIndicator
-			}
-			return
-		}
-
-		// t.remainder is a slice at the beginning of t.inBuf
-		// containing a partial key sequence
-		readBuf := t.inBuf[len(t.remainder):]
-		var n int
-
-		t.lock.Unlock()
-		n, err = t.c.Read(readBuf)
-		t.lock.Lock()
-
-		if err != nil {
-			return
-		}
-
-		t.remainder = t.inBuf[:n+len(t.remainder)]
-	}
-}
-
-// SetPrompt sets the prompt to be used when reading subsequent lines.
-func (t *Terminal) SetPrompt(prompt string) {
-	t.lock.Lock()
-	defer t.lock.Unlock()
-
-	t.prompt = []rune(prompt)
-}
-
-func (t *Terminal) clearAndRepaintLinePlusNPrevious(numPrevLines int) {
-	// Move cursor to column zero at the start of the line.
-	t.move(t.cursorY, 0, t.cursorX, 0)
-	t.cursorX, t.cursorY = 0, 0
-	t.clearLineToRight()
-	for t.cursorY < numPrevLines {
-		// Move down a line
-		t.move(0, 1, 0, 0)
-		t.cursorY++
-		t.clearLineToRight()
-	}
-	// Move back to beginning.
-	t.move(t.cursorY, 0, 0, 0)
-	t.cursorX, t.cursorY = 0, 0
-
-	t.queue(t.prompt)
-	t.advanceCursor(visualLength(t.prompt))
-	t.writeLine(t.line)
-	t.moveCursorToPos(t.pos)
-}
-
-func (t *Terminal) SetSize(width, height int) error {
-	t.lock.Lock()
-	defer t.lock.Unlock()
-
-	if width == 0 {
-		width = 1
-	}
-
-	oldWidth := t.termWidth
-	t.termWidth, t.termHeight = width, height
-
-	switch {
-	case width == oldWidth:
-		// If the width didn't change then nothing else needs to be
-		// done.
-		return nil
-	case len(t.line) == 0 && t.cursorX == 0 && t.cursorY == 0:
-		// If there is nothing on current line and no prompt printed,
-		// just do nothing
-		return nil
-	case width < oldWidth:
-		// Some terminals (e.g. xterm) will truncate lines that were
-		// too long when shinking. Others, (e.g. gnome-terminal) will
-		// attempt to wrap them. For the former, repainting t.maxLine
-		// works great, but that behaviour goes badly wrong in the case
-		// of the latter because they have doubled every full line.
-
-		// We assume that we are working on a terminal that wraps lines
-		// and adjust the cursor position based on every previous line
-		// wrapping and turning into two. This causes the prompt on
-		// xterms to move upwards, which isn't great, but it avoids a
-		// huge mess with gnome-terminal.
-		if t.cursorX >= t.termWidth {
-			t.cursorX = t.termWidth - 1
-		}
-		t.cursorY *= 2
-		t.clearAndRepaintLinePlusNPrevious(t.maxLine * 2)
-	case width > oldWidth:
-		// If the terminal expands then our position calculations will
-		// be wrong in the future because we think the cursor is
-		// |t.pos| chars into the string, but there will be a gap at
-		// the end of any wrapped line.
-		//
-		// But the position will actually be correct until we move, so
-		// we can move back to the beginning and repaint everything.
-		t.clearAndRepaintLinePlusNPrevious(t.maxLine)
-	}
-
-	_, err := t.c.Write(t.outBuf)
-	t.outBuf = t.outBuf[:0]
-	return err
-}
-
-type pasteIndicatorError struct{}
-
-func (pasteIndicatorError) Error() string {
-	return "terminal: ErrPasteIndicator not correctly handled"
+	return term.NewTerminal(c, prompt)
 }
 
 // ErrPasteIndicator may be returned from ReadLine as the error, in addition
 // to valid line data. It indicates that bracketed paste mode is enabled and
 // that the returned line consists only of pasted data. Programs may wish to
 // interpret pasted data more literally than typed data.
-var ErrPasteIndicator = pasteIndicatorError{}
+var ErrPasteIndicator = term.ErrPasteIndicator
 
-// SetBracketedPasteMode requests that the terminal bracket paste operations
-// with markers. Not all terminals support this but, if it is supported, then
-// enabling this mode will stop any autocomplete callback from running due to
-// pastes. Additionally, any lines that are completely pasted will be returned
-// from ReadLine with the error set to ErrPasteIndicator.
-func (t *Terminal) SetBracketedPasteMode(on bool) {
-	if on {
-		io.WriteString(t.c, "\x1b[?2004h")
-	} else {
-		io.WriteString(t.c, "\x1b[?2004l")
-	}
-}
+// State contains the state of a terminal.
+type State = term.State
 
-// stRingBuffer is a ring buffer of strings.
-type stRingBuffer struct {
-	// entries contains max elements.
-	entries []string
-	max     int
-	// head contains the index of the element most recently added to the ring.
-	head int
-	// size contains the number of elements in the ring.
-	size int
+// IsTerminal returns whether the given file descriptor is a terminal.
+func IsTerminal(fd int) bool {
+	return term.IsTerminal(fd)
 }
 
-func (s *stRingBuffer) Add(a string) {
-	if s.entries == nil {
-		const defaultNumEntries = 100
-		s.entries = make([]string, defaultNumEntries)
-		s.max = defaultNumEntries
-	}
+// ReadPassword reads a line of input from a terminal without local echo.  This
+// is commonly used for inputting passwords and other sensitive data. The slice
+// returned does not include the \n.
+func ReadPassword(fd int) ([]byte, error) {
+	return term.ReadPassword(fd)
+}
 
-	s.head = (s.head + 1) % s.max
-	s.entries[s.head] = a
-	if s.size < s.max {
-		s.size++
-	}
+// MakeRaw puts the terminal connected to the given file descriptor into raw
+// mode and returns the previous state of the terminal so that it can be
+// restored.
+func MakeRaw(fd int) (*State, error) {
+	return term.MakeRaw(fd)
 }
 
-// NthPreviousEntry returns the value passed to the nth previous call to Add.
-// If n is zero then the immediately prior value is returned, if one, then the
-// next most recent, and so on. If such an element doesn't exist then ok is
-// false.
-func (s *stRingBuffer) NthPreviousEntry(n int) (value string, ok bool) {
-	if n >= s.size {
-		return "", false
-	}
-	index := s.head - n
-	if index < 0 {
-		index += s.max
-	}
-	return s.entries[index], true
+// Restore restores the terminal connected to the given file descriptor to a
+// previous state.
+func Restore(fd int, oldState *State) error {
+	return term.Restore(fd, oldState)
 }
 
-// readPasswordLine reads from reader until it finds \n or io.EOF.
-// The slice returned does not include the \n.
-// readPasswordLine also ignores any \r it finds.
-func readPasswordLine(reader io.Reader) ([]byte, error) {
-	var buf [1]byte
-	var ret []byte
+// GetState returns the current state of a terminal which may be useful to
+// restore the terminal after a signal.
+func GetState(fd int) (*State, error) {
+	return term.GetState(fd)
+}
 
-	for {
-		n, err := reader.Read(buf[:])
-		if n > 0 {
-			switch buf[0] {
-			case '\n':
-				return ret, nil
-			case '\r':
-				// remove \r from passwords on Windows
-			default:
-				ret = append(ret, buf[0])
-			}
-			continue
-		}
-		if err != nil {
-			if err == io.EOF && len(ret) > 0 {
-				return ret, nil
-			}
-			return ret, err
-		}
-	}
+// GetSize returns the dimensions of the given terminal.
+func GetSize(fd int) (width, height int, err error) {
+	return term.GetSize(fd)
 }
diff --git a/ssh/terminal/terminal_test.go b/ssh/terminal/terminal_test.go
deleted file mode 100644
index 901c72ab3..000000000
--- a/ssh/terminal/terminal_test.go
+++ /dev/null
@@ -1,350 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package terminal
-
-import (
-	"bytes"
-	"io"
-	"os"
-	"testing"
-)
-
-type MockTerminal struct {
-	toSend       []byte
-	bytesPerRead int
-	received     []byte
-}
-
-func (c *MockTerminal) Read(data []byte) (n int, err error) {
-	n = len(data)
-	if n == 0 {
-		return
-	}
-	if n > len(c.toSend) {
-		n = len(c.toSend)
-	}
-	if n == 0 {
-		return 0, io.EOF
-	}
-	if c.bytesPerRead > 0 && n > c.bytesPerRead {
-		n = c.bytesPerRead
-	}
-	copy(data, c.toSend[:n])
-	c.toSend = c.toSend[n:]
-	return
-}
-
-func (c *MockTerminal) Write(data []byte) (n int, err error) {
-	c.received = append(c.received, data...)
-	return len(data), nil
-}
-
-func TestClose(t *testing.T) {
-	c := &MockTerminal{}
-	ss := NewTerminal(c, "> ")
-	line, err := ss.ReadLine()
-	if line != "" {
-		t.Errorf("Expected empty line but got: %s", line)
-	}
-	if err != io.EOF {
-		t.Errorf("Error should have been EOF but got: %s", err)
-	}
-}
-
-var keyPressTests = []struct {
-	in             string
-	line           string
-	err            error
-	throwAwayLines int
-}{
-	{
-		err: io.EOF,
-	},
-	{
-		in:   "\r",
-		line: "",
-	},
-	{
-		in:   "foo\r",
-		line: "foo",
-	},
-	{
-		in:   "a\x1b[Cb\r", // right
-		line: "ab",
-	},
-	{
-		in:   "a\x1b[Db\r", // left
-		line: "ba",
-	},
-	{
-		in:   "a\177b\r", // backspace
-		line: "b",
-	},
-	{
-		in: "\x1b[A\r", // up
-	},
-	{
-		in: "\x1b[B\r", // down
-	},
-	{
-		in:   "line\x1b[A\x1b[B\r", // up then down
-		line: "line",
-	},
-	{
-		in:             "line1\rline2\x1b[A\r", // recall previous line.
-		line:           "line1",
-		throwAwayLines: 1,
-	},
-	{
-		// recall two previous lines and append.
-		in:             "line1\rline2\rline3\x1b[A\x1b[Axxx\r",
-		line:           "line1xxx",
-		throwAwayLines: 2,
-	},
-	{
-		// Ctrl-A to move to beginning of line followed by ^K to kill
-		// line.
-		in:   "a b \001\013\r",
-		line: "",
-	},
-	{
-		// Ctrl-A to move to beginning of line, Ctrl-E to move to end,
-		// finally ^K to kill nothing.
-		in:   "a b \001\005\013\r",
-		line: "a b ",
-	},
-	{
-		in:   "\027\r",
-		line: "",
-	},
-	{
-		in:   "a\027\r",
-		line: "",
-	},
-	{
-		in:   "a \027\r",
-		line: "",
-	},
-	{
-		in:   "a b\027\r",
-		line: "a ",
-	},
-	{
-		in:   "a b \027\r",
-		line: "a ",
-	},
-	{
-		in:   "one two thr\x1b[D\027\r",
-		line: "one two r",
-	},
-	{
-		in:   "\013\r",
-		line: "",
-	},
-	{
-		in:   "a\013\r",
-		line: "a",
-	},
-	{
-		in:   "ab\x1b[D\013\r",
-		line: "a",
-	},
-	{
-		in:   "Ξεσκεπάζω\r",
-		line: "Ξεσκεπάζω",
-	},
-	{
-		in:             "£\r\x1b[A\177\r", // non-ASCII char, enter, up, backspace.
-		line:           "",
-		throwAwayLines: 1,
-	},
-	{
-		in:             "£\r££\x1b[A\x1b[B\177\r", // non-ASCII char, enter, 2x non-ASCII, up, down, backspace, enter.
-		line:           "£",
-		throwAwayLines: 1,
-	},
-	{
-		// Ctrl-D at the end of the line should be ignored.
-		in:   "a\004\r",
-		line: "a",
-	},
-	{
-		// a, b, left, Ctrl-D should erase the b.
-		in:   "ab\x1b[D\004\r",
-		line: "a",
-	},
-	{
-		// a, b, c, d, left, left, ^U should erase to the beginning of
-		// the line.
-		in:   "abcd\x1b[D\x1b[D\025\r",
-		line: "cd",
-	},
-	{
-		// Bracketed paste mode: control sequences should be returned
-		// verbatim in paste mode.
-		in:   "abc\x1b[200~de\177f\x1b[201~\177\r",
-		line: "abcde\177",
-	},
-	{
-		// Enter in bracketed paste mode should still work.
-		in:             "abc\x1b[200~d\refg\x1b[201~h\r",
-		line:           "efgh",
-		throwAwayLines: 1,
-	},
-	{
-		// Lines consisting entirely of pasted data should be indicated as such.
-		in:   "\x1b[200~a\r",
-		line: "a",
-		err:  ErrPasteIndicator,
-	},
-}
-
-func TestKeyPresses(t *testing.T) {
-	for i, test := range keyPressTests {
-		for j := 1; j < len(test.in); j++ {
-			c := &MockTerminal{
-				toSend:       []byte(test.in),
-				bytesPerRead: j,
-			}
-			ss := NewTerminal(c, "> ")
-			for k := 0; k < test.throwAwayLines; k++ {
-				_, err := ss.ReadLine()
-				if err != nil {
-					t.Errorf("Throwaway line %d from test %d resulted in error: %s", k, i, err)
-				}
-			}
-			line, err := ss.ReadLine()
-			if line != test.line {
-				t.Errorf("Line resulting from test %d (%d bytes per read) was '%s', expected '%s'", i, j, line, test.line)
-				break
-			}
-			if err != test.err {
-				t.Errorf("Error resulting from test %d (%d bytes per read) was '%v', expected '%v'", i, j, err, test.err)
-				break
-			}
-		}
-	}
-}
-
-func TestPasswordNotSaved(t *testing.T) {
-	c := &MockTerminal{
-		toSend:       []byte("password\r\x1b[A\r"),
-		bytesPerRead: 1,
-	}
-	ss := NewTerminal(c, "> ")
-	pw, _ := ss.ReadPassword("> ")
-	if pw != "password" {
-		t.Fatalf("failed to read password, got %s", pw)
-	}
-	line, _ := ss.ReadLine()
-	if len(line) > 0 {
-		t.Fatalf("password was saved in history")
-	}
-}
-
-var setSizeTests = []struct {
-	width, height int
-}{
-	{40, 13},
-	{80, 24},
-	{132, 43},
-}
-
-func TestTerminalSetSize(t *testing.T) {
-	for _, setSize := range setSizeTests {
-		c := &MockTerminal{
-			toSend:       []byte("password\r\x1b[A\r"),
-			bytesPerRead: 1,
-		}
-		ss := NewTerminal(c, "> ")
-		ss.SetSize(setSize.width, setSize.height)
-		pw, _ := ss.ReadPassword("Password: ")
-		if pw != "password" {
-			t.Fatalf("failed to read password, got %s", pw)
-		}
-		if string(c.received) != "Password: \r\n" {
-			t.Errorf("failed to set the temporary prompt expected %q, got %q", "Password: ", c.received)
-		}
-	}
-}
-
-func TestReadPasswordLineEnd(t *testing.T) {
-	var tests = []struct {
-		input string
-		want  string
-	}{
-		{"\n", ""},
-		{"\r\n", ""},
-		{"test\r\n", "test"},
-		{"testtesttesttes\n", "testtesttesttes"},
-		{"testtesttesttes\r\n", "testtesttesttes"},
-		{"testtesttesttesttest\n", "testtesttesttesttest"},
-		{"testtesttesttesttest\r\n", "testtesttesttesttest"},
-	}
-	for _, test := range tests {
-		buf := new(bytes.Buffer)
-		if _, err := buf.WriteString(test.input); err != nil {
-			t.Fatal(err)
-		}
-
-		have, err := readPasswordLine(buf)
-		if err != nil {
-			t.Errorf("readPasswordLine(%q) failed: %v", test.input, err)
-			continue
-		}
-		if string(have) != test.want {
-			t.Errorf("readPasswordLine(%q) returns %q, but %q is expected", test.input, string(have), test.want)
-			continue
-		}
-
-		if _, err = buf.WriteString(test.input); err != nil {
-			t.Fatal(err)
-		}
-		have, err = readPasswordLine(buf)
-		if err != nil {
-			t.Errorf("readPasswordLine(%q) failed: %v", test.input, err)
-			continue
-		}
-		if string(have) != test.want {
-			t.Errorf("readPasswordLine(%q) returns %q, but %q is expected", test.input, string(have), test.want)
-			continue
-		}
-	}
-}
-
-func TestMakeRawState(t *testing.T) {
-	fd := int(os.Stdout.Fd())
-	if !IsTerminal(fd) {
-		t.Skip("stdout is not a terminal; skipping test")
-	}
-
-	st, err := GetState(fd)
-	if err != nil {
-		t.Fatalf("failed to get terminal state from GetState: %s", err)
-	}
-	defer Restore(fd, st)
-	raw, err := MakeRaw(fd)
-	if err != nil {
-		t.Fatalf("failed to get terminal state from MakeRaw: %s", err)
-	}
-
-	if *st != *raw {
-		t.Errorf("states do not match; was %v, expected %v", raw, st)
-	}
-}
-
-func TestOutputNewlines(t *testing.T) {
-	// \n should be changed to \r\n in terminal output.
-	buf := new(bytes.Buffer)
-	term := NewTerminal(buf, ">")
-
-	term.Write([]byte("1\n2\n"))
-	output := string(buf.Bytes())
-	const expected = "1\r\n2\r\n"
-
-	if output != expected {
-		t.Errorf("incorrect output: was %q, expected %q", output, expected)
-	}
-}
diff --git a/ssh/terminal/util.go b/ssh/terminal/util.go
deleted file mode 100644
index d01919614..000000000
--- a/ssh/terminal/util.go
+++ /dev/null
@@ -1,119 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build darwin dragonfly freebsd linux,!appengine netbsd openbsd
-
-// Package terminal provides support functions for dealing with terminals, as
-// commonly found on UNIX systems.
-//
-// Putting a terminal into raw mode is the most common requirement:
-//
-// 	oldState, err := terminal.MakeRaw(0)
-// 	if err != nil {
-// 	        panic(err)
-// 	}
-// 	defer terminal.Restore(0, oldState)
-package terminal // import "golang.org/x/crypto/ssh/terminal"
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-// State contains the state of a terminal.
-type State struct {
-	termios syscall.Termios
-}
-
-// IsTerminal returns true if the given file descriptor is a terminal.
-func IsTerminal(fd int) bool {
-	var termios syscall.Termios
-	_, _, err := syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlReadTermios, uintptr(unsafe.Pointer(&termios)), 0, 0, 0)
-	return err == 0
-}
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd int) (*State, error) {
-	var oldState State
-	if _, _, err := syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlReadTermios, uintptr(unsafe.Pointer(&oldState.termios)), 0, 0, 0); err != 0 {
-		return nil, err
-	}
-
-	newState := oldState.termios
-	// This attempts to replicate the behaviour documented for cfmakeraw in
-	// the termios(3) manpage.
-	newState.Iflag &^= syscall.IGNBRK | syscall.BRKINT | syscall.PARMRK | syscall.ISTRIP | syscall.INLCR | syscall.IGNCR | syscall.ICRNL | syscall.IXON
-	newState.Oflag &^= syscall.OPOST
-	newState.Lflag &^= syscall.ECHO | syscall.ECHONL | syscall.ICANON | syscall.ISIG | syscall.IEXTEN
-	newState.Cflag &^= syscall.CSIZE | syscall.PARENB
-	newState.Cflag |= syscall.CS8
-	if _, _, err := syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlWriteTermios, uintptr(unsafe.Pointer(&newState)), 0, 0, 0); err != 0 {
-		return nil, err
-	}
-
-	return &oldState, nil
-}
-
-// GetState returns the current state of a terminal which may be useful to
-// restore the terminal after a signal.
-func GetState(fd int) (*State, error) {
-	var oldState State
-	if _, _, err := syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlReadTermios, uintptr(unsafe.Pointer(&oldState.termios)), 0, 0, 0); err != 0 {
-		return nil, err
-	}
-
-	return &oldState, nil
-}
-
-// Restore restores the terminal connected to the given file descriptor to a
-// previous state.
-func Restore(fd int, state *State) error {
-	if _, _, err := syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlWriteTermios, uintptr(unsafe.Pointer(&state.termios)), 0, 0, 0); err != 0 {
-		return err
-	}
-	return nil
-}
-
-// GetSize returns the dimensions of the given terminal.
-func GetSize(fd int) (width, height int, err error) {
-	var dimensions [4]uint16
-
-	if _, _, err := syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), uintptr(syscall.TIOCGWINSZ), uintptr(unsafe.Pointer(&dimensions)), 0, 0, 0); err != 0 {
-		return -1, -1, err
-	}
-	return int(dimensions[1]), int(dimensions[0]), nil
-}
-
-// passwordReader is an io.Reader that reads from a specific file descriptor.
-type passwordReader int
-
-func (r passwordReader) Read(buf []byte) (int, error) {
-	return syscall.Read(int(r), buf)
-}
-
-// ReadPassword reads a line of input from a terminal without local echo.  This
-// is commonly used for inputting passwords and other sensitive data. The slice
-// returned does not include the \n.
-func ReadPassword(fd int) ([]byte, error) {
-	var oldState syscall.Termios
-	if _, _, err := syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlReadTermios, uintptr(unsafe.Pointer(&oldState)), 0, 0, 0); err != 0 {
-		return nil, err
-	}
-
-	newState := oldState
-	newState.Lflag &^= syscall.ECHO
-	newState.Lflag |= syscall.ICANON | syscall.ISIG
-	newState.Iflag |= syscall.ICRNL
-	if _, _, err := syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlWriteTermios, uintptr(unsafe.Pointer(&newState)), 0, 0, 0); err != 0 {
-		return nil, err
-	}
-
-	defer func() {
-		syscall.Syscall6(syscall.SYS_IOCTL, uintptr(fd), ioctlWriteTermios, uintptr(unsafe.Pointer(&oldState)), 0, 0, 0)
-	}()
-
-	return readPasswordLine(passwordReader(fd))
-}
diff --git a/ssh/terminal/util_bsd.go b/ssh/terminal/util_bsd.go
deleted file mode 100644
index 9c1ffd145..000000000
--- a/ssh/terminal/util_bsd.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build darwin dragonfly freebsd netbsd openbsd
-
-package terminal
-
-import "syscall"
-
-const ioctlReadTermios = syscall.TIOCGETA
-const ioctlWriteTermios = syscall.TIOCSETA
diff --git a/ssh/terminal/util_linux.go b/ssh/terminal/util_linux.go
deleted file mode 100644
index 5883b22d7..000000000
--- a/ssh/terminal/util_linux.go
+++ /dev/null
@@ -1,11 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package terminal
-
-// These constants are declared here, rather than importing
-// them from the syscall package as some syscall packages, even
-// on linux, for example gccgo, do not declare them.
-const ioctlReadTermios = 0x5401  // syscall.TCGETS
-const ioctlWriteTermios = 0x5402 // syscall.TCSETS
diff --git a/ssh/terminal/util_plan9.go b/ssh/terminal/util_plan9.go
deleted file mode 100644
index 799f049f0..000000000
--- a/ssh/terminal/util_plan9.go
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package terminal provides support functions for dealing with terminals, as
-// commonly found on UNIX systems.
-//
-// Putting a terminal into raw mode is the most common requirement:
-//
-// 	oldState, err := terminal.MakeRaw(0)
-// 	if err != nil {
-// 	        panic(err)
-// 	}
-// 	defer terminal.Restore(0, oldState)
-package terminal
-
-import (
-	"fmt"
-	"runtime"
-)
-
-type State struct{}
-
-// IsTerminal returns true if the given file descriptor is a terminal.
-func IsTerminal(fd int) bool {
-	return false
-}
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd int) (*State, error) {
-	return nil, fmt.Errorf("terminal: MakeRaw not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
-
-// GetState returns the current state of a terminal which may be useful to
-// restore the terminal after a signal.
-func GetState(fd int) (*State, error) {
-	return nil, fmt.Errorf("terminal: GetState not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
-
-// Restore restores the terminal connected to the given file descriptor to a
-// previous state.
-func Restore(fd int, state *State) error {
-	return fmt.Errorf("terminal: Restore not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
-
-// GetSize returns the dimensions of the given terminal.
-func GetSize(fd int) (width, height int, err error) {
-	return 0, 0, fmt.Errorf("terminal: GetSize not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
-
-// ReadPassword reads a line of input from a terminal without local echo.  This
-// is commonly used for inputting passwords and other sensitive data. The slice
-// returned does not include the \n.
-func ReadPassword(fd int) ([]byte, error) {
-	return nil, fmt.Errorf("terminal: ReadPassword not implemented on %s/%s", runtime.GOOS, runtime.GOARCH)
-}
diff --git a/ssh/terminal/util_solaris.go b/ssh/terminal/util_solaris.go
deleted file mode 100644
index a2e1b57dc..000000000
--- a/ssh/terminal/util_solaris.go
+++ /dev/null
@@ -1,128 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build solaris
-
-package terminal // import "golang.org/x/crypto/ssh/terminal"
-
-import (
-	"golang.org/x/sys/unix"
-	"io"
-	"syscall"
-)
-
-// State contains the state of a terminal.
-type State struct {
-	state *unix.Termios
-}
-
-// IsTerminal returns true if the given file descriptor is a terminal.
-func IsTerminal(fd int) bool {
-	_, err := unix.IoctlGetTermio(fd, unix.TCGETA)
-	return err == nil
-}
-
-// ReadPassword reads a line of input from a terminal without local echo.  This
-// is commonly used for inputting passwords and other sensitive data. The slice
-// returned does not include the \n.
-func ReadPassword(fd int) ([]byte, error) {
-	// see also: http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libast/common/uwin/getpass.c
-	val, err := unix.IoctlGetTermios(fd, unix.TCGETS)
-	if err != nil {
-		return nil, err
-	}
-	oldState := *val
-
-	newState := oldState
-	newState.Lflag &^= syscall.ECHO
-	newState.Lflag |= syscall.ICANON | syscall.ISIG
-	newState.Iflag |= syscall.ICRNL
-	err = unix.IoctlSetTermios(fd, unix.TCSETS, &newState)
-	if err != nil {
-		return nil, err
-	}
-
-	defer unix.IoctlSetTermios(fd, unix.TCSETS, &oldState)
-
-	var buf [16]byte
-	var ret []byte
-	for {
-		n, err := syscall.Read(fd, buf[:])
-		if err != nil {
-			return nil, err
-		}
-		if n == 0 {
-			if len(ret) == 0 {
-				return nil, io.EOF
-			}
-			break
-		}
-		if buf[n-1] == '\n' {
-			n--
-		}
-		ret = append(ret, buf[:n]...)
-		if n < len(buf) {
-			break
-		}
-	}
-
-	return ret, nil
-}
-
-// MakeRaw puts the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-// see http://cr.illumos.org/~webrev/andy_js/1060/
-func MakeRaw(fd int) (*State, error) {
-	oldTermiosPtr, err := unix.IoctlGetTermios(fd, unix.TCGETS)
-	if err != nil {
-		return nil, err
-	}
-	oldTermios := *oldTermiosPtr
-
-	newTermios := oldTermios
-	newTermios.Iflag &^= syscall.IGNBRK | syscall.BRKINT | syscall.PARMRK | syscall.ISTRIP | syscall.INLCR | syscall.IGNCR | syscall.ICRNL | syscall.IXON
-	newTermios.Oflag &^= syscall.OPOST
-	newTermios.Lflag &^= syscall.ECHO | syscall.ECHONL | syscall.ICANON | syscall.ISIG | syscall.IEXTEN
-	newTermios.Cflag &^= syscall.CSIZE | syscall.PARENB
-	newTermios.Cflag |= syscall.CS8
-	newTermios.Cc[unix.VMIN] = 1
-	newTermios.Cc[unix.VTIME] = 0
-
-	if err := unix.IoctlSetTermios(fd, unix.TCSETS, &newTermios); err != nil {
-		return nil, err
-	}
-
-	return &State{
-		state: oldTermiosPtr,
-	}, nil
-}
-
-// Restore restores the terminal connected to the given file descriptor to a
-// previous state.
-func Restore(fd int, oldState *State) error {
-	return unix.IoctlSetTermios(fd, unix.TCSETS, oldState.state)
-}
-
-// GetState returns the current state of a terminal which may be useful to
-// restore the terminal after a signal.
-func GetState(fd int) (*State, error) {
-	oldTermiosPtr, err := unix.IoctlGetTermios(fd, unix.TCGETS)
-	if err != nil {
-		return nil, err
-	}
-
-	return &State{
-		state: oldTermiosPtr,
-	}, nil
-}
-
-// GetSize returns the dimensions of the given terminal.
-func GetSize(fd int) (width, height int, err error) {
-	ws, err := unix.IoctlGetWinsize(fd, unix.TIOCGWINSZ)
-	if err != nil {
-		return 0, 0, err
-	}
-	return int(ws.Col), int(ws.Row), nil
-}
diff --git a/ssh/terminal/util_windows.go b/ssh/terminal/util_windows.go
deleted file mode 100644
index e0a1f36ce..000000000
--- a/ssh/terminal/util_windows.go
+++ /dev/null
@@ -1,155 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-// Package terminal provides support functions for dealing with terminals, as
-// commonly found on UNIX systems.
-//
-// Putting a terminal into raw mode is the most common requirement:
-//
-// 	oldState, err := terminal.MakeRaw(0)
-// 	if err != nil {
-// 	        panic(err)
-// 	}
-// 	defer terminal.Restore(0, oldState)
-package terminal
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-const (
-	enableLineInput       = 2
-	enableEchoInput       = 4
-	enableProcessedInput  = 1
-	enableWindowInput     = 8
-	enableMouseInput      = 16
-	enableInsertMode      = 32
-	enableQuickEditMode   = 64
-	enableExtendedFlags   = 128
-	enableAutoPosition    = 256
-	enableProcessedOutput = 1
-	enableWrapAtEolOutput = 2
-)
-
-var kernel32 = syscall.NewLazyDLL("kernel32.dll")
-
-var (
-	procGetConsoleMode             = kernel32.NewProc("GetConsoleMode")
-	procSetConsoleMode             = kernel32.NewProc("SetConsoleMode")
-	procGetConsoleScreenBufferInfo = kernel32.NewProc("GetConsoleScreenBufferInfo")
-)
-
-type (
-	short int16
-	word  uint16
-
-	coord struct {
-		x short
-		y short
-	}
-	smallRect struct {
-		left   short
-		top    short
-		right  short
-		bottom short
-	}
-	consoleScreenBufferInfo struct {
-		size              coord
-		cursorPosition    coord
-		attributes        word
-		window            smallRect
-		maximumWindowSize coord
-	}
-)
-
-type State struct {
-	mode uint32
-}
-
-// IsTerminal returns true if the given file descriptor is a terminal.
-func IsTerminal(fd int) bool {
-	var st uint32
-	r, _, e := syscall.Syscall(procGetConsoleMode.Addr(), 2, uintptr(fd), uintptr(unsafe.Pointer(&st)), 0)
-	return r != 0 && e == 0
-}
-
-// MakeRaw put the terminal connected to the given file descriptor into raw
-// mode and returns the previous state of the terminal so that it can be
-// restored.
-func MakeRaw(fd int) (*State, error) {
-	var st uint32
-	_, _, e := syscall.Syscall(procGetConsoleMode.Addr(), 2, uintptr(fd), uintptr(unsafe.Pointer(&st)), 0)
-	if e != 0 {
-		return nil, error(e)
-	}
-	raw := st &^ (enableEchoInput | enableProcessedInput | enableLineInput | enableProcessedOutput)
-	_, _, e = syscall.Syscall(procSetConsoleMode.Addr(), 2, uintptr(fd), uintptr(raw), 0)
-	if e != 0 {
-		return nil, error(e)
-	}
-	return &State{st}, nil
-}
-
-// GetState returns the current state of a terminal which may be useful to
-// restore the terminal after a signal.
-func GetState(fd int) (*State, error) {
-	var st uint32
-	_, _, e := syscall.Syscall(procGetConsoleMode.Addr(), 2, uintptr(fd), uintptr(unsafe.Pointer(&st)), 0)
-	if e != 0 {
-		return nil, error(e)
-	}
-	return &State{st}, nil
-}
-
-// Restore restores the terminal connected to the given file descriptor to a
-// previous state.
-func Restore(fd int, state *State) error {
-	_, _, err := syscall.Syscall(procSetConsoleMode.Addr(), 2, uintptr(fd), uintptr(state.mode), 0)
-	return err
-}
-
-// GetSize returns the dimensions of the given terminal.
-func GetSize(fd int) (width, height int, err error) {
-	var info consoleScreenBufferInfo
-	_, _, e := syscall.Syscall(procGetConsoleScreenBufferInfo.Addr(), 2, uintptr(fd), uintptr(unsafe.Pointer(&info)), 0)
-	if e != 0 {
-		return 0, 0, error(e)
-	}
-	return int(info.size.x), int(info.size.y), nil
-}
-
-// passwordReader is an io.Reader that reads from a specific Windows HANDLE.
-type passwordReader int
-
-func (r passwordReader) Read(buf []byte) (int, error) {
-	return syscall.Read(syscall.Handle(r), buf)
-}
-
-// ReadPassword reads a line of input from a terminal without local echo.  This
-// is commonly used for inputting passwords and other sensitive data. The slice
-// returned does not include the \n.
-func ReadPassword(fd int) ([]byte, error) {
-	var st uint32
-	_, _, e := syscall.Syscall(procGetConsoleMode.Addr(), 2, uintptr(fd), uintptr(unsafe.Pointer(&st)), 0)
-	if e != 0 {
-		return nil, error(e)
-	}
-	old := st
-
-	st &^= (enableEchoInput)
-	st |= (enableProcessedInput | enableLineInput | enableProcessedOutput)
-	_, _, e = syscall.Syscall(procSetConsoleMode.Addr(), 2, uintptr(fd), uintptr(st), 0)
-	if e != 0 {
-		return nil, error(e)
-	}
-
-	defer func() {
-		syscall.Syscall(procSetConsoleMode.Addr(), 2, uintptr(fd), uintptr(old), 0)
-	}()
-
-	return readPasswordLine(passwordReader(fd))
-}
diff --git a/ssh/test/agent_unix_test.go b/ssh/test/agent_unix_test.go
index f481253c9..9df2b4e7e 100644
--- a/ssh/test/agent_unix_test.go
+++ b/ssh/test/agent_unix_test.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd
+// +build aix darwin dragonfly freebsd linux netbsd openbsd
 
 package test
 
diff --git a/ssh/test/banner_test.go b/ssh/test/banner_test.go
new file mode 100644
index 000000000..f149d6da8
--- /dev/null
+++ b/ssh/test/banner_test.go
@@ -0,0 +1,33 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd
+// +build aix darwin dragonfly freebsd linux netbsd openbsd
+
+package test
+
+import (
+	"testing"
+)
+
+func TestBannerCallbackAgainstOpenSSH(t *testing.T) {
+	server := newServer(t)
+	defer server.Shutdown()
+
+	clientConf := clientConfig()
+
+	var receivedBanner string
+	clientConf.BannerCallback = func(message string) error {
+		receivedBanner = message
+		return nil
+	}
+
+	conn := server.Dial(clientConf)
+	defer conn.Close()
+
+	expected := "Server Banner"
+	if receivedBanner != expected {
+		t.Fatalf("got %v; want %v", receivedBanner, expected)
+	}
+}
diff --git a/ssh/test/cert_test.go b/ssh/test/cert_test.go
index b231dd80c..8506e4b16 100644
--- a/ssh/test/cert_test.go
+++ b/ssh/test/cert_test.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd
+// +build aix darwin dragonfly freebsd linux netbsd openbsd
 
 package test
 
diff --git a/ssh/test/dial_unix_test.go b/ssh/test/dial_unix_test.go
index 091e48cc1..15c34d9af 100644
--- a/ssh/test/dial_unix_test.go
+++ b/ssh/test/dial_unix_test.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !windows
+//go:build !windows && !solaris && !js
+// +build !windows,!solaris,!js
 
 package test
 
@@ -104,8 +105,8 @@ func (x *unixDialTester) TestServerConn(t *testing.T, c net.Conn) {
 	if c.LocalAddr().String() != x.listenAddr {
 		t.Fatalf("expected %q, got %q", x.listenAddr, c.LocalAddr().String())
 	}
-	if c.RemoteAddr().String() != "@" {
-		t.Fatalf("expected \"@\", got %q", c.RemoteAddr().String())
+	if c.RemoteAddr().String() != "@" && c.RemoteAddr().String() != "" {
+		t.Fatalf("expected \"@\" or \"\", got %q", c.RemoteAddr().String())
 	}
 }
 
diff --git a/ssh/test/doc.go b/ssh/test/doc.go
index 3f9b3346d..198f0ca1e 100644
--- a/ssh/test/doc.go
+++ b/ssh/test/doc.go
@@ -2,6 +2,6 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// This package contains integration tests for the
+// Package test contains integration tests for the
 // golang.org/x/crypto/ssh package.
 package test // import "golang.org/x/crypto/ssh/test"
diff --git a/ssh/test/forward_unix_test.go b/ssh/test/forward_unix_test.go
index ea8193780..ab8e6396a 100644
--- a/ssh/test/forward_unix_test.go
+++ b/ssh/test/forward_unix_test.go
@@ -2,12 +2,14 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd
+// +build aix darwin dragonfly freebsd linux netbsd openbsd
 
 package test
 
 import (
 	"bytes"
+	"fmt"
 	"io"
 	"io/ioutil"
 	"math/rand"
@@ -31,17 +33,21 @@ func testPortForward(t *testing.T, n, listenAddr string) {
 		t.Fatal(err)
 	}
 
+	errCh := make(chan error, 1)
+
 	go func() {
+		defer close(errCh)
 		sshConn, err := sshListener.Accept()
 		if err != nil {
-			t.Fatalf("listen.Accept failed: %v", err)
+			errCh <- fmt.Errorf("listen.Accept failed: %v", err)
+			return
 		}
+		defer sshConn.Close()
 
 		_, err = io.Copy(sshConn, sshConn)
 		if err != nil && err != io.EOF {
-			t.Fatalf("ssh client copy: %v", err)
+			errCh <- fmt.Errorf("ssh client copy: %v", err)
 		}
-		sshConn.Close()
 	}()
 
 	forwardedAddr := sshListener.Addr().String()
@@ -76,6 +82,12 @@ func testPortForward(t *testing.T, n, listenAddr string) {
 		t.Errorf("netConn.CloseWrite: %v", err)
 	}
 
+	// Check for errors on server goroutine
+	err = <-errCh
+	if err != nil {
+		t.Fatalf("server: %v", err)
+	}
+
 	read := <-readChan
 
 	if len(sent) != len(read) {
diff --git a/ssh/test/multi_auth_test.go b/ssh/test/multi_auth_test.go
new file mode 100644
index 000000000..da8f674b3
--- /dev/null
+++ b/ssh/test/multi_auth_test.go
@@ -0,0 +1,145 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Tests for ssh client multi-auth
+//
+// These tests run a simple go ssh client against OpenSSH server
+// over unix domain sockets. The tests use multiple combinations
+// of password, keyboard-interactive and publickey authentication
+// methods.
+//
+// A wrapper library for making sshd PAM authentication use test
+// passwords is required in ./sshd_test_pw.so. If the library does
+// not exist these tests will be skipped. See compile instructions
+// (for linux) in file ./sshd_test_pw.c.
+
+//go:build linux
+// +build linux
+
+package test
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"golang.org/x/crypto/ssh"
+)
+
+// test cases
+type multiAuthTestCase struct {
+	authMethods         []string
+	expectedPasswordCbs int
+	expectedKbdIntCbs   int
+}
+
+// test context
+type multiAuthTestCtx struct {
+	password       string
+	numPasswordCbs int
+	numKbdIntCbs   int
+}
+
+// create test context
+func newMultiAuthTestCtx(t *testing.T) *multiAuthTestCtx {
+	password, err := randomPassword()
+	if err != nil {
+		t.Fatalf("Failed to generate random test password: %s", err.Error())
+	}
+
+	return &multiAuthTestCtx{
+		password: password,
+	}
+}
+
+// password callback
+func (ctx *multiAuthTestCtx) passwordCb() (secret string, err error) {
+	ctx.numPasswordCbs++
+	return ctx.password, nil
+}
+
+// keyboard-interactive callback
+func (ctx *multiAuthTestCtx) kbdIntCb(user, instruction string, questions []string, echos []bool) (answers []string, err error) {
+	if len(questions) == 0 {
+		return nil, nil
+	}
+
+	ctx.numKbdIntCbs++
+	if len(questions) == 1 {
+		return []string{ctx.password}, nil
+	}
+
+	return nil, fmt.Errorf("unsupported keyboard-interactive flow")
+}
+
+// TestMultiAuth runs several subtests for different combinations of password, keyboard-interactive and publickey authentication methods
+func TestMultiAuth(t *testing.T) {
+	testCases := []multiAuthTestCase{
+		// Test password,publickey authentication, assert that password callback is called 1 time
+		multiAuthTestCase{
+			authMethods:         []string{"password", "publickey"},
+			expectedPasswordCbs: 1,
+		},
+		// Test keyboard-interactive,publickey authentication, assert that keyboard-interactive callback is called 1 time
+		multiAuthTestCase{
+			authMethods:       []string{"keyboard-interactive", "publickey"},
+			expectedKbdIntCbs: 1,
+		},
+		// Test publickey,password authentication, assert that password callback is called 1 time
+		multiAuthTestCase{
+			authMethods:         []string{"publickey", "password"},
+			expectedPasswordCbs: 1,
+		},
+		// Test publickey,keyboard-interactive authentication, assert that keyboard-interactive callback is called 1 time
+		multiAuthTestCase{
+			authMethods:       []string{"publickey", "keyboard-interactive"},
+			expectedKbdIntCbs: 1,
+		},
+		// Test password,password authentication, assert that password callback is called 2 times
+		multiAuthTestCase{
+			authMethods:         []string{"password", "password"},
+			expectedPasswordCbs: 2,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(strings.Join(testCase.authMethods, ","), func(t *testing.T) {
+			ctx := newMultiAuthTestCtx(t)
+
+			server := newServerForConfig(t, "MultiAuth", map[string]string{"AuthMethods": strings.Join(testCase.authMethods, ",")})
+			defer server.Shutdown()
+
+			clientConfig := clientConfig()
+			server.setTestPassword(clientConfig.User, ctx.password)
+
+			publicKeyAuthMethod := clientConfig.Auth[0]
+			clientConfig.Auth = nil
+			for _, authMethod := range testCase.authMethods {
+				switch authMethod {
+				case "publickey":
+					clientConfig.Auth = append(clientConfig.Auth, publicKeyAuthMethod)
+				case "password":
+					clientConfig.Auth = append(clientConfig.Auth,
+						ssh.RetryableAuthMethod(ssh.PasswordCallback(ctx.passwordCb), 5))
+				case "keyboard-interactive":
+					clientConfig.Auth = append(clientConfig.Auth,
+						ssh.RetryableAuthMethod(ssh.KeyboardInteractive(ctx.kbdIntCb), 5))
+				default:
+					t.Fatalf("Unknown authentication method %s", authMethod)
+				}
+			}
+
+			conn := server.Dial(clientConfig)
+			defer conn.Close()
+
+			if ctx.numPasswordCbs != testCase.expectedPasswordCbs {
+				t.Fatalf("passwordCallback was called %d times, expected %d times", ctx.numPasswordCbs, testCase.expectedPasswordCbs)
+			}
+
+			if ctx.numKbdIntCbs != testCase.expectedKbdIntCbs {
+				t.Fatalf("keyboardInteractiveCallback was called %d times, expected %d times", ctx.numKbdIntCbs, testCase.expectedKbdIntCbs)
+			}
+		})
+	}
+}
diff --git a/ssh/test/session_test.go b/ssh/test/session_test.go
index fc7e4715b..d66509b2d 100644
--- a/ssh/test/session_test.go
+++ b/ssh/test/session_test.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build !windows
+//go:build !windows && !solaris && !js
+// +build !windows,!solaris,!js
 
 package test
 
@@ -11,7 +12,9 @@ package test
 import (
 	"bytes"
 	"errors"
+	"fmt"
 	"io"
+	"runtime"
 	"strings"
 	"testing"
 
@@ -215,7 +218,12 @@ func TestKeyChange(t *testing.T) {
 	}
 }
 
-func TestInvalidTerminalMode(t *testing.T) {
+func TestValidTerminalMode(t *testing.T) {
+	if runtime.GOOS == "aix" {
+		// On AIX, sshd cannot acquire /dev/pts/* if launched as
+		// a non-root user.
+		t.Skipf("skipping on %s", runtime.GOOS)
+	}
 	server := newServer(t)
 	defer server.Shutdown()
 	conn := server.Dial(clientConfig())
@@ -227,12 +235,44 @@ func TestInvalidTerminalMode(t *testing.T) {
 	}
 	defer session.Close()
 
-	if err = session.RequestPty("vt100", 80, 40, ssh.TerminalModes{255: 1984}); err == nil {
-		t.Fatalf("req-pty failed: successful request with invalid mode")
+	stdout, err := session.StdoutPipe()
+	if err != nil {
+		t.Fatalf("unable to acquire stdout pipe: %s", err)
+	}
+
+	stdin, err := session.StdinPipe()
+	if err != nil {
+		t.Fatalf("unable to acquire stdin pipe: %s", err)
+	}
+
+	tm := ssh.TerminalModes{ssh.ECHO: 0}
+	if err = session.RequestPty("xterm", 80, 40, tm); err != nil {
+		t.Fatalf("req-pty failed: %s", err)
+	}
+
+	err = session.Shell()
+	if err != nil {
+		t.Fatalf("session failed: %s", err)
+	}
+
+	stdin.Write([]byte("stty -a && exit\n"))
+
+	var buf bytes.Buffer
+	if _, err := io.Copy(&buf, stdout); err != nil {
+		t.Fatalf("reading failed: %s", err)
+	}
+
+	if sttyOutput := buf.String(); !strings.Contains(sttyOutput, "-echo ") {
+		t.Fatalf("terminal mode failure: expected -echo in stty output, got %s", sttyOutput)
 	}
 }
 
-func TestValidTerminalMode(t *testing.T) {
+func TestWindowChange(t *testing.T) {
+	if runtime.GOOS == "aix" {
+		// On AIX, sshd cannot acquire /dev/pts/* if launched as
+		// a non-root user.
+		t.Skipf("skipping on %s", runtime.GOOS)
+	}
 	server := newServer(t)
 	defer server.Shutdown()
 	conn := server.Dial(clientConfig())
@@ -259,44 +299,77 @@ func TestValidTerminalMode(t *testing.T) {
 		t.Fatalf("req-pty failed: %s", err)
 	}
 
+	if err := session.WindowChange(100, 100); err != nil {
+		t.Fatalf("window-change failed: %s", err)
+	}
+
 	err = session.Shell()
 	if err != nil {
 		t.Fatalf("session failed: %s", err)
 	}
 
-	stdin.Write([]byte("stty -a && exit\n"))
+	stdin.Write([]byte("stty size && exit\n"))
 
 	var buf bytes.Buffer
 	if _, err := io.Copy(&buf, stdout); err != nil {
 		t.Fatalf("reading failed: %s", err)
 	}
 
-	if sttyOutput := buf.String(); !strings.Contains(sttyOutput, "-echo ") {
-		t.Fatalf("terminal mode failure: expected -echo in stty output, got %s", sttyOutput)
+	if sttyOutput := buf.String(); !strings.Contains(sttyOutput, "100 100") {
+		t.Fatalf("terminal WindowChange failure: expected \"100 100\" stty output, got %s", sttyOutput)
+	}
+}
+
+func testOneCipher(t *testing.T, cipher string, cipherOrder []string) {
+	server := newServer(t)
+	defer server.Shutdown()
+	conf := clientConfig()
+	conf.Ciphers = []string{cipher}
+	// Don't fail if sshd doesn't have the cipher.
+	conf.Ciphers = append(conf.Ciphers, cipherOrder...)
+	conn, err := server.TryDial(conf)
+	if err != nil {
+		t.Fatalf("TryDial: %v", err)
+	}
+	defer conn.Close()
+
+	numBytes := 4096
+
+	// Exercise sending data to the server
+	if _, _, err := conn.Conn.SendRequest("drop-me", false, make([]byte, numBytes)); err != nil {
+		t.Fatalf("SendRequest: %v", err)
+	}
+
+	// Exercise receiving data from the server
+	session, err := conn.NewSession()
+	if err != nil {
+		t.Fatalf("NewSession: %v", err)
+	}
+
+	out, err := session.Output(fmt.Sprintf("dd if=/dev/zero bs=%d count=1", numBytes))
+	if err != nil {
+		t.Fatalf("Output: %v", err)
+	}
+
+	if len(out) != numBytes {
+		t.Fatalf("got %d bytes, want %d bytes", len(out), numBytes)
 	}
 }
 
+var deprecatedCiphers = []string{
+	"aes128-cbc", "3des-cbc",
+	"arcfour128", "arcfour256",
+}
+
 func TestCiphers(t *testing.T) {
 	var config ssh.Config
 	config.SetDefaults()
-	cipherOrder := config.Ciphers
-	// These ciphers will not be tested when commented out in cipher.go it will
-	// fallback to the next available as per line 292.
-	cipherOrder = append(cipherOrder, "aes128-cbc", "3des-cbc")
+	cipherOrder := append(config.Ciphers, deprecatedCiphers...)
 
 	for _, ciph := range cipherOrder {
-		server := newServer(t)
-		defer server.Shutdown()
-		conf := clientConfig()
-		conf.Ciphers = []string{ciph}
-		// Don't fail if sshd doesn't have the cipher.
-		conf.Ciphers = append(conf.Ciphers, cipherOrder...)
-		conn, err := server.TryDial(conf)
-		if err == nil {
-			conn.Close()
-		} else {
-			t.Fatalf("failed for cipher %q", ciph)
-		}
+		t.Run(ciph, func(t *testing.T) {
+			testOneCipher(t, ciph, cipherOrder)
+		})
 	}
 }
 
@@ -306,17 +379,19 @@ func TestMACs(t *testing.T) {
 	macOrder := config.MACs
 
 	for _, mac := range macOrder {
-		server := newServer(t)
-		defer server.Shutdown()
-		conf := clientConfig()
-		conf.MACs = []string{mac}
-		// Don't fail if sshd doesn't have the MAC.
-		conf.MACs = append(conf.MACs, macOrder...)
-		if conn, err := server.TryDial(conf); err == nil {
-			conn.Close()
-		} else {
-			t.Fatalf("failed for MAC %q", mac)
-		}
+		t.Run(mac, func(t *testing.T) {
+			server := newServer(t)
+			defer server.Shutdown()
+			conf := clientConfig()
+			conf.MACs = []string{mac}
+			// Don't fail if sshd doesn't have the MAC.
+			conf.MACs = append(conf.MACs, macOrder...)
+			if conn, err := server.TryDial(conf); err == nil {
+				conn.Close()
+			} else {
+				t.Fatalf("failed for MAC %q", mac)
+			}
+		})
 	}
 }
 
@@ -324,18 +399,25 @@ func TestKeyExchanges(t *testing.T) {
 	var config ssh.Config
 	config.SetDefaults()
 	kexOrder := config.KeyExchanges
+	// Based on the discussion in #17230, the key exchange algorithms
+	// diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256
+	// are not included in the default list of supported kex so we have to add them
+	// here manually.
+	kexOrder = append(kexOrder, "diffie-hellman-group-exchange-sha1", "diffie-hellman-group-exchange-sha256")
 	for _, kex := range kexOrder {
-		server := newServer(t)
-		defer server.Shutdown()
-		conf := clientConfig()
-		// Don't fail if sshd doesn't have the kex.
-		conf.KeyExchanges = append([]string{kex}, kexOrder...)
-		conn, err := server.TryDial(conf)
-		if err == nil {
-			conn.Close()
-		} else {
-			t.Errorf("failed for kex %q", kex)
-		}
+		t.Run(kex, func(t *testing.T) {
+			server := newServer(t)
+			defer server.Shutdown()
+			conf := clientConfig()
+			// Don't fail if sshd doesn't have the kex.
+			conf.KeyExchanges = append([]string{kex}, kexOrder...)
+			conn, err := server.TryDial(conf)
+			if err == nil {
+				conn.Close()
+			} else {
+				t.Errorf("failed for kex %q", kex)
+			}
+		})
 	}
 }
 
@@ -346,20 +428,22 @@ func TestClientAuthAlgorithms(t *testing.T) {
 		"ecdsa",
 		"ed25519",
 	} {
-		server := newServer(t)
-		conf := clientConfig()
-		conf.SetDefaults()
-		conf.Auth = []ssh.AuthMethod{
-			ssh.PublicKeys(testSigners[key]),
-		}
-
-		conn, err := server.TryDial(conf)
-		if err == nil {
-			conn.Close()
-		} else {
-			t.Errorf("failed for key %q", key)
-		}
-
-		server.Shutdown()
+		t.Run(key, func(t *testing.T) {
+			server := newServer(t)
+			conf := clientConfig()
+			conf.SetDefaults()
+			conf.Auth = []ssh.AuthMethod{
+				ssh.PublicKeys(testSigners[key]),
+			}
+
+			conn, err := server.TryDial(conf)
+			if err == nil {
+				conn.Close()
+			} else {
+				t.Errorf("failed for key %q", key)
+			}
+
+			server.Shutdown()
+		})
 	}
 }
diff --git a/ssh/test/sshd_test_pw.c b/ssh/test/sshd_test_pw.c
new file mode 100644
index 000000000..2794a563a
--- /dev/null
+++ b/ssh/test/sshd_test_pw.c
@@ -0,0 +1,173 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// sshd_test_pw.c
+// Wrapper to inject test password data for sshd PAM authentication
+//
+// This wrapper implements custom versions of getpwnam, getpwnam_r,
+// getspnam and getspnam_r. These functions first call their real
+// libc versions, then check if the requested user matches test user
+// specified in env variable TEST_USER and if so replace the password
+// with crypted() value of TEST_PASSWD env variable.
+//
+// Compile:
+// gcc -Wall -shared -o sshd_test_pw.so -fPIC sshd_test_pw.c
+//
+// Compile with debug:
+// gcc -DVERBOSE -Wall -shared -o sshd_test_pw.so -fPIC sshd_test_pw.c
+//
+// Run sshd:
+// LD_PRELOAD="sshd_test_pw.so" TEST_USER="..." TEST_PASSWD="..." sshd ...
+
+// +build ignore
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <pwd.h>
+#include <shadow.h>
+#include <dlfcn.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdio.h>
+
+#ifdef VERBOSE
+#define DEBUG(X...) fprintf(stderr, X)
+#else
+#define DEBUG(X...) while (0) { }
+#endif
+
+/* crypt() password */
+static char *
+pwhash(char *passwd) {
+  return strdup(crypt(passwd, "$6$"));
+}
+
+/* Pointers to real functions in libc */
+static struct passwd * (*real_getpwnam)(const char *) = NULL;
+static int (*real_getpwnam_r)(const char *, struct passwd *, char *, size_t, struct passwd **) = NULL;
+static struct spwd * (*real_getspnam)(const char *) = NULL;
+static int (*real_getspnam_r)(const char *, struct spwd *, char *, size_t, struct spwd **) = NULL;
+
+/* Cached test user and test password */
+static char *test_user = NULL;
+static char *test_passwd_hash = NULL;
+
+static void
+init(void) {
+  /* Fetch real libc function pointers */
+  real_getpwnam = dlsym(RTLD_NEXT, "getpwnam");
+  real_getpwnam_r = dlsym(RTLD_NEXT, "getpwnam_r");
+  real_getspnam = dlsym(RTLD_NEXT, "getspnam");
+  real_getspnam_r = dlsym(RTLD_NEXT, "getspnam_r");
+  
+  /* abort if env variables are not defined */
+  if (getenv("TEST_USER") == NULL || getenv("TEST_PASSWD") == NULL) {
+    fprintf(stderr, "env variables TEST_USER and TEST_PASSWD are missing\n");
+    abort();
+  }
+
+  /* Fetch test user and test password from env */
+  test_user = strdup(getenv("TEST_USER"));
+  test_passwd_hash = pwhash(getenv("TEST_PASSWD"));
+
+  DEBUG("sshd_test_pw init():\n");
+  DEBUG("\treal_getpwnam: %p\n", real_getpwnam);
+  DEBUG("\treal_getpwnam_r: %p\n", real_getpwnam_r);
+  DEBUG("\treal_getspnam: %p\n", real_getspnam);
+  DEBUG("\treal_getspnam_r: %p\n", real_getspnam_r);
+  DEBUG("\tTEST_USER: '%s'\n", test_user);
+  DEBUG("\tTEST_PASSWD: '%s'\n", getenv("TEST_PASSWD"));
+  DEBUG("\tTEST_PASSWD_HASH: '%s'\n", test_passwd_hash);
+}
+
+static int
+is_test_user(const char *name) {
+  if (test_user != NULL && strcmp(test_user, name) == 0)
+    return 1;
+  return 0;
+}
+
+/* getpwnam */
+
+struct passwd *
+getpwnam(const char *name) {
+  struct passwd *pw;
+
+  DEBUG("sshd_test_pw getpwnam(%s)\n", name);
+  
+  if (real_getpwnam == NULL)
+    init();
+  if ((pw = real_getpwnam(name)) == NULL)
+    return NULL;
+
+  if (is_test_user(name))
+    pw->pw_passwd = strdup(test_passwd_hash);
+      
+  return pw;
+}
+
+/* getpwnam_r */
+
+int
+getpwnam_r(const char *name,
+	   struct passwd *pwd,
+	   char *buf,
+	   size_t buflen,
+	   struct passwd **result) {
+  int r;
+
+  DEBUG("sshd_test_pw getpwnam_r(%s)\n", name);
+  
+  if (real_getpwnam_r == NULL)
+    init();
+  if ((r = real_getpwnam_r(name, pwd, buf, buflen, result)) != 0 || *result == NULL)
+    return r;
+
+  if (is_test_user(name))
+    pwd->pw_passwd = strdup(test_passwd_hash);
+  
+  return 0;
+}
+
+/* getspnam */
+
+struct spwd *
+getspnam(const char *name) {
+  struct spwd *sp;
+
+  DEBUG("sshd_test_pw getspnam(%s)\n", name);
+  
+  if (real_getspnam == NULL)
+    init();
+  if ((sp = real_getspnam(name)) == NULL)
+    return NULL;
+
+  if (is_test_user(name))
+    sp->sp_pwdp = strdup(test_passwd_hash);
+  
+  return sp;
+}
+
+/* getspnam_r */
+
+int
+getspnam_r(const char *name,
+	   struct spwd *spbuf,
+	   char *buf,
+	   size_t buflen,
+	   struct spwd **spbufp) {
+  int r;
+
+  DEBUG("sshd_test_pw getspnam_r(%s)\n", name);
+  
+  if (real_getspnam_r == NULL)
+    init();
+  if ((r = real_getspnam_r(name, spbuf, buf, buflen, spbufp)) != 0)
+    return r;
+
+  if (is_test_user(name))
+    spbuf->sp_pwdp = strdup(test_passwd_hash);
+  
+  return r;
+}
diff --git a/ssh/test/test_unix_test.go b/ssh/test/test_unix_test.go
index e673536a8..dbd02c7f4 100644
--- a/ssh/test/test_unix_test.go
+++ b/ssh/test/test_unix_test.go
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin dragonfly freebsd linux netbsd openbsd plan9
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || plan9
+// +build aix darwin dragonfly freebsd linux netbsd openbsd plan9
 
 package test
 
@@ -10,6 +11,8 @@ package test
 
 import (
 	"bytes"
+	"crypto/rand"
+	"encoding/base64"
 	"fmt"
 	"io/ioutil"
 	"log"
@@ -25,8 +28,10 @@ import (
 	"golang.org/x/crypto/ssh/testdata"
 )
 
-const sshd_config = `
+const (
+	defaultSshdConfig = `
 Protocol 2
+Banner {{.Dir}}/banner
 HostKey {{.Dir}}/id_rsa
 HostKey {{.Dir}}/id_dsa
 HostKey {{.Dir}}/id_ecdsa
@@ -49,8 +54,17 @@ RhostsRSAAuthentication no
 HostbasedAuthentication no
 PubkeyAcceptedKeyTypes=*
 `
+	multiAuthSshdConfigTail = `
+UsePAM yes
+PasswordAuthentication yes
+ChallengeResponseAuthentication yes
+AuthenticationMethods {{.AuthMethods}}
+`
+)
 
-var configTmpl = template.Must(template.New("").Parse(sshd_config))
+var configTmpl = map[string]*template.Template{
+	"default":   template.Must(template.New("").Parse(defaultSshdConfig)),
+	"MultiAuth": template.Must(template.New("").Parse(defaultSshdConfig + multiAuthSshdConfigTail))}
 
 type server struct {
 	t          *testing.T
@@ -59,6 +73,10 @@ type server struct {
 	cmd        *exec.Cmd
 	output     bytes.Buffer // holds stderr from sshd process
 
+	testUser     string // test username for sshd
+	testPasswd   string // test password for sshd
+	sshdTestPwSo string // dynamic library to inject a custom password into sshd
+
 	// Client half of the network connection.
 	clientConn net.Conn
 }
@@ -185,6 +203,20 @@ func (s *server) TryDialWithAddr(config *ssh.ClientConfig, addr string) (*ssh.Cl
 	s.cmd.Stdin = f
 	s.cmd.Stdout = f
 	s.cmd.Stderr = &s.output
+
+	if s.sshdTestPwSo != "" {
+		if s.testUser == "" {
+			s.t.Fatal("user missing from sshd_test_pw.so config")
+		}
+		if s.testPasswd == "" {
+			s.t.Fatal("password missing from sshd_test_pw.so config")
+		}
+		s.cmd.Env = append(os.Environ(),
+			fmt.Sprintf("LD_PRELOAD=%s", s.sshdTestPwSo),
+			fmt.Sprintf("TEST_USER=%s", s.testUser),
+			fmt.Sprintf("TEST_PASSWD=%s", s.testPasswd))
+	}
+
 	if err := s.cmd.Start(); err != nil {
 		s.t.Fail()
 		s.Shutdown()
@@ -235,11 +267,55 @@ func writeFile(path string, contents []byte) {
 	}
 }
 
+// generate random password
+func randomPassword() (string, error) {
+	b := make([]byte, 12)
+	_, err := rand.Read(b)
+	if err != nil {
+		return "", err
+	}
+	return base64.RawURLEncoding.EncodeToString(b), nil
+}
+
+// setTestPassword is used for setting user and password data for sshd_test_pw.so
+// This function also checks that ./sshd_test_pw.so exists and if not calls s.t.Skip()
+func (s *server) setTestPassword(user, passwd string) error {
+	wd, _ := os.Getwd()
+	wrapper := filepath.Join(wd, "sshd_test_pw.so")
+	if _, err := os.Stat(wrapper); err != nil {
+		s.t.Skip(fmt.Errorf("sshd_test_pw.so is not available"))
+		return err
+	}
+
+	s.sshdTestPwSo = wrapper
+	s.testUser = user
+	s.testPasswd = passwd
+	return nil
+}
+
 // newServer returns a new mock ssh server.
 func newServer(t *testing.T) *server {
+	return newServerForConfig(t, "default", map[string]string{})
+}
+
+// newServerForConfig returns a new mock ssh server.
+func newServerForConfig(t *testing.T, config string, configVars map[string]string) *server {
 	if testing.Short() {
 		t.Skip("skipping test due to -short")
 	}
+	u, err := user.Current()
+	if err != nil {
+		t.Fatalf("user.Current: %v", err)
+	}
+	uname := u.Name
+	if uname == "" {
+		// Check the value of u.Username as u.Name
+		// can be "" on some OSes like AIX.
+		uname = u.Username
+	}
+	if uname == "root" {
+		t.Skip("skipping test because current user is root")
+	}
 	dir, err := ioutil.TempDir("", "sshtest")
 	if err != nil {
 		t.Fatal(err)
@@ -248,14 +324,18 @@ func newServer(t *testing.T) *server {
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = configTmpl.Execute(f, map[string]string{
-		"Dir": dir,
-	})
+	if _, ok := configTmpl[config]; ok == false {
+		t.Fatal(fmt.Errorf("Invalid server config '%s'", config))
+	}
+	configVars["Dir"] = dir
+	err = configTmpl[config].Execute(f, configVars)
 	if err != nil {
 		t.Fatal(err)
 	}
 	f.Close()
 
+	writeFile(filepath.Join(dir, "banner"), []byte("Server Banner"))
+
 	for k, v := range testdata.PEMBytes {
 		filename := "id_" + k
 		writeFile(filepath.Join(dir, filename), v)
@@ -268,7 +348,7 @@ func newServer(t *testing.T) *server {
 	}
 
 	var authkeys bytes.Buffer
-	for k, _ := range testdata.PEMBytes {
+	for k := range testdata.PEMBytes {
 		authkeys.Write(ssh.MarshalAuthorizedKey(testPublicKeys[k]))
 	}
 	writeFile(filepath.Join(dir, "authorized_keys"), authkeys.Bytes())
diff --git a/ssh/testdata/keys.go b/ssh/testdata/keys.go
index 3b3d26c5b..f1e2fc569 100644
--- a/ssh/testdata/keys.go
+++ b/ssh/testdata/keys.go
@@ -23,6 +23,27 @@ MHcCAQEEINGWx0zo6fhJ/0EAfrPzVFyFC9s18lBt3cRoEDhS3ARooAoGCCqGSM49
 AwEHoUQDQgAEi9Hdw6KvZcWxfg2IDhA7UkpDtzzt6ZqJXSsFdLd+Kx4S3Sx4cVO+
 6/ZOXRnPmNAlLUqjShUsUBBngG0u2fqEqA==
 -----END EC PRIVATE KEY-----
+`),
+	"ecdsap256": []byte(`-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIAPCE25zK0PQSnsgVcEbM1mbKTASH4pqb5QJajplDwDZoAoGCCqGSM49
+AwEHoUQDQgAEWy8TxGcIHRh5XGpO4dFVfDjeNY+VkgubQrf/eyFJZHxAn1SKraXU
+qJUjTKj1z622OxYtJ5P7s9CfAEVsTzLCzg==
+-----END EC PRIVATE KEY-----
+`),
+	"ecdsap384": []byte(`-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDBWfSnMuNKq8J9rQLzzEkx3KAoEohSXqhE/4CdjEYtoU2i22HW80DDS
+qQhYNHRAduygBwYFK4EEACKhZANiAAQWaDMAd0HUd8ZiXCX7mYDDnC54gwH/nG43
+VhCUEYmF7HMZm/B9Yn3GjFk3qYEDEvuF/52+NvUKBKKaLbh32AWxMv0ibcoba4cz
+hL9+hWYhUD9XIUlzMWiZ2y6eBE9PdRI=
+-----END EC PRIVATE KEY-----
+`),
+	"ecdsap521": []byte(`-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIBrkYpQcy8KTVHNiAkjlFZwee90224Bu6wz94R4OBo+Ts0eoAQG7SF
+iaygEDMUbx6kTgXTBcKZ0jrWPKakayNZ/kigBwYFK4EEACOhgYkDgYYABADFuvLV
+UoaCDGHcw5uNfdRIsvaLKuWSpLsl48eWGZAwdNG432GDVKduO+pceuE+8XzcyJb+
+uMv+D2b11Q/LQUcHJwE6fqbm8m3EtDKPsoKs0u/XUJb0JsH4J8lkZzbUTjvGYamn
+FFlRjzoB3Oxu8UQgb+MWPedtH9XYBbg9biz4jJLkXQ==
+-----END EC PRIVATE KEY-----
 `),
 	"rsa": []byte(`-----BEGIN RSA PRIVATE KEY-----
 MIICXAIBAAKBgQC8A6FGHDiWCSREAXCq6yBfNVr0xCVG2CzvktFNRpue+RXrGs/2
@@ -39,6 +60,35 @@ NDvRS0rjwt6lJGv7zPZoqDc65VfrK2aNyHx2PgFyzwrEOtuF57bu7pnvEIxpLTeM
 z26i6XVMeYXAWZMTloMCQBbpGgEERQpeUknLBqUHhg/wXF6+lFA+vEGnkY+Dwab2
 KCXFGd+SQ5GdUcEMe9isUH6DYj/6/yCDoFrXXmpQb+M=
 -----END RSA PRIVATE KEY-----
+`),
+	"pkcs8": []byte(`-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCitzS2KiRQTccf
+VApb0mbPpo1lt29JjeLBYAehXHWfQ+w8sXpd8e04n/020spx1R94yg+v0NjXyh2R
+NFXNBYdhNei33VJxUeKNlExaecvW2yxfuZqka+ZxT1aI8zrAsjh3Rwc6wayAJS4R
+wZuzlDv4jZitWqwD+mb/22Zwq/WSs4YX5dUHDklfdWSVnoBfue8K/00n8f5yMTdJ
+vFF0qAJwf9spPEHla0lYcozJk64CO5lRkqfLor4UnsXXOiA7aRIoaUSKa+rlhiqt
+1EMGYiBjblPt4SwMelGGU2UfywPb4d85gpQ/s8SBARbpPxNVs2IbHDMwj70P3uZc
+74M3c4VJAgMBAAECggEAFIzY3mziGzZHgMBncoNXMsCRORh6uKpvygZr0EhSHqRA
+cMXlc3n7gNxL6aGjqc7F48Z5RrY0vMQtCcq3T2Z0W6WoV5hfMiqqV0E0h3S8ds1F
+hG13h26NMyBXCILXl8Cqev4Afr45IBISCHIQTRTaoiCX+MTr1rDIU2YNQQumvzkz
+fMw2XiFTFTgxAtJUAgKoTqLtm7/T+az7TKw+Hesgbx7yaJoMh9DWGBh4Y61DnIDA
+fcxJboAfxxnFiXvdBVmzo72pCsRXrWOsjW6WxQmCKuXHvyB1FZTmMaEFNCGSJDa6
+U+OCzA3m65loAZAE7ffFHhYgssz/h9TBaOjKO0BX1QKBgQDZiCBvu+bFh9pEodcS
+VxaI+ATlsYcmGdLtnZw5pxuEdr60iNWhpEcV6lGkbdiv5aL43QaGFDLagqeHI77b
++ITFbPPdCiYNaqlk6wyiXv4pdN7V683EDmGWSQlPeC9IhUilt2c+fChK2EB/XlkO
+q8c3Vk1MsC6JOxDXNgJxylNpswKBgQC/fYBTb9iD+uM2n3SzJlct/ZlPaONKnNDR
+pbTOdxBFHsu2VkfY858tfnEPkmSRX0yKmjHni6e8/qIzfzLwWBY4NmxhNZE5v+qJ
+qZF26ULFdrZB4oWXAOliy/1S473OpQnp2MZp2asd0LPcg/BNaMuQrz44hxHb76R7
+qWD0ebIfEwKBgQCRCIiP1pjbVGN7ZOgPS080DSC+wClahtcyI+ZYLglTvRQTLDQ7
+LFtUykCav748MIADKuJBnM/3DiuCF5wV71EejDDfS/fo9BdyuKBY1brhixFTUX+E
+Ww5Hc/SoLnpgALVZ/7jvWTpIBHykLxRziqYtR/YLzl+IkX/97P2ePoZ0rwKBgHNC
+/7M5Z4JJyepfIMeVFHTCaT27TNTkf20x6Rs937U7TDN8y9JzEiU4LqXI4HAAhPoI
+xnExRs4kF04YCnlRDE7Zs3Lv43J3ap1iTATfcymYwyv1RaQXEGQ/lUQHgYCZJtZz
+fTrJoo5XyWu6nzJ5Gc8FLNaptr5ECSXGVm3Rsr2xAoGBAJWqEEQS/ejhO05QcPqh
+y4cUdLr0269ILVsvic4Ot6zgfPIntXAK6IsHGKcg57kYm6W9k1CmmlA4ENGryJnR
+vxyyqA9eyTFc1CQNuc2frKFA9It49JzjXahKc0aDHEHmTR787Tmk1LbuT0/gm9kA
+L4INU6g+WqF0fatJxd+IJPrp
+-----END PRIVATE KEY-----
 `),
 	"ed25519": []byte(`-----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
@@ -63,6 +113,37 @@ pY2QA+P3QlrKxT/VWUMjHUbNNdYfJm48xu0SGNMRdKMAAABBAORh2NP/06JUV3J9W/2Hju
 X1ViJuqqcQnJPVzpgSL826EC2xwOECTqoY8uvFpUdD7CtpksIxNVqRIhuNOlz0lqEAAABB
 ANkaHTTaPojClO0dKJ/Zjs7pWOCGliebBYprQ/Y4r9QLBkC/XaWMS26gFIrjgC7D2Rv+rZ
 wSD0v0RcmkITP1ZR0AAAAYcHF1ZXJuYUBMdWNreUh5ZHJvLmxvY2FsAQID
+-----END OPENSSH PRIVATE KEY-----`),
+	"p256-openssh-format": []byte(`-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSN5Ld/DFy8LJK0yrWg+Ryhq4/ifHry
+QyCQeT4UXSB+UGdRct7kWA0hARbTaSCh+8U/Gs5O+IkDNoTKVsgxKUMQAAAAsO3C7nPtwu
+5zAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI3kt38MXLwskrTK
+taD5HKGrj+J8evJDIJB5PhRdIH5QZ1Fy3uRYDSEBFtNpIKH7xT8azk74iQM2hMpWyDEpQx
+AAAAAhAIHB48R+goZaiXndfYTrwk4BT1+MeLPC2/dwe0J5d1QDAAAAE21hcmlhbm9AZW5k
+b3IubG9jYWwBAgME
+-----END OPENSSH PRIVATE KEY-----`),
+	"p384-openssh-format": []byte(`-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
+1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQTZb2VzEPs2NN/i1qHddKTVfwoIq3Tf
+PeQ/kcWBvuCVJfIygvpm9MeusawEPuLSEXwiNDew+YHZ9xHIvFjCmZsLuEOzuh9t9KotwM
+57H+7N+RDFzhM2j8hAaOuT5XDLKfUAAADgn/Sny5/0p8sAAAATZWNkc2Etc2hhMi1uaXN0
+cDM4NAAAAAhuaXN0cDM4NAAAAGEE2W9lcxD7NjTf4tah3XSk1X8KCKt03z3kP5HFgb7glS
+XyMoL6ZvTHrrGsBD7i0hF8IjQ3sPmB2fcRyLxYwpmbC7hDs7ofbfSqLcDOex/uzfkQxc4T
+No/IQGjrk+Vwyyn1AAAAMQDg0hwGKB/9Eq+e2FeTspi8QHW5xTD6prqsHDFx4cKk0ccgFV
+61dhFhD/8SEbYlHzEAAAATbWFyaWFub0BlbmRvci5sb2NhbAECAwQ=
+-----END OPENSSH PRIVATE KEY-----`),
+	"p521-openssh-format": []byte(`-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS
+1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQBKzI3QSp1a2e1zMulZl1uFF1Y2Dnv
+LSIwEu837hOV1epYEgNveAhGNm57TuBqYtnZeVfd2pzaz7CKX6N4B33N1XABQ5Ngji7lF2
+dUbmhNqJoMh43ioIsQNBaBenhmRpYP6f5k8P/7JZMIsLhkJk2hykb8maSZ+B3PYwPMNBdS
+vP+0sHQAAAEYIsr2CCLK9ggAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ
+AAAIUEASsyN0EqdWtntczLpWZdbhRdWNg57y0iMBLvN+4TldXqWBIDb3gIRjZue07gamLZ
+2XlX3dqc2s+wil+jeAd9zdVwAUOTYI4u5RdnVG5oTaiaDIeN4qCLEDQWgXp4ZkaWD+n+ZP
+D/+yWTCLC4ZCZNocpG/Jmkmfgdz2MDzDQXUrz/tLB0AAAAQgEdeH+im6iRcP/juTAoeSHo
+ExLtWhgL4JYqRwcOnzCKuLOPjEY/HSOuc+HRrbN9rbjsq+PcPHYe1NnkzXk0IW8hxQAAAB
+NtYXJpYW5vQGVuZG9yLmxvY2FsAQIDBAUGBw==
 -----END OPENSSH PRIVATE KEY-----`),
 	"user": []byte(`-----BEGIN EC PRIVATE KEY-----
 MHcCAQEEILYCAeq8f7V4vSSypRw7pxy8yz3V5W4qg8kSC3zJhqpQoAoGCCqGSM49
@@ -105,7 +186,7 @@ var SSHCertificates = map[string][]byte{
 	// Generated by the following commands:
 	//
 	// 1. Assumes "rsa" key above in file named "rsa", write out the public key to "rsa.pub":
-	//    ssh-keygen -y -f rsa > rsa.pu
+	//    ssh-keygen -y -f rsa > rsa.pub
 	//
 	// 2. Assumes "ca" key above in file named "ca", sign a cert for "rsa.pub":
 	//    ssh-keygen -s ca -h -n host.example.com -V +500w -I host.example.com-key rsa.pub
@@ -114,9 +195,10 @@ var SSHCertificates = map[string][]byte{
 }
 
 var PEMEncryptedKeys = []struct {
-	Name          string
-	EncryptionKey string
-	PEMBytes      []byte
+	Name              string
+	EncryptionKey     string
+	IncludesPublicKey bool
+	PEMBytes          []byte
 }{
 	0: {
 		Name:          "rsa-encrypted",
@@ -174,4 +256,55 @@ IiHM7GBn+0nJoKTXsOGMIBe3ulKlKVxLjEuk9yivh/8=
 -----END DSA PRIVATE KEY-----
 `),
 	},
+
+	2: {
+		Name:              "ed25519-encrypted",
+		EncryptionKey:     "password",
+		IncludesPublicKey: true,
+		PEMBytes: []byte(`-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDKj29BlC
+ocEWuVhQ94/RjoAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIIw1gSurPTDwZidA
+2AIjQZgoQi3IFn9jBtFdP10/Jj7DAAAAoFGkQbB2teSU7ikUsnc7ct2aH3pitM359lNVUh
+7DQbJWMjbQFbrBYyDJP+ALj1/RZmP2yoIf7/wr99q53/pm28Xp1gGP5V2RGRJYCA6kgFIH
+xdB6KEw1Ce7Bz8JaDIeagAGd3xtQTH3cuuleVxCZZnk9NspsPxigADKCls/RUiK7F+z3Qf
+Lvs9+PH8nIuhFMYZgo3liqZbVS5z4Fqhyzyq4=
+-----END OPENSSH PRIVATE KEY-----
+`),
+	},
+
+	3: {
+		Name:              "ed25519-encrypted-cbc",
+		EncryptionKey:     "password",
+		IncludesPublicKey: true,
+		PEMBytes: []byte(`-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABDzGKF3uX
+G1gXALZKFd6Ir4AAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDne4/teO42zTDdj
+NwxUMNpbfmp/dxgU4ZNkC3ydgcugAAAAoJ3J/oA7+iqVOz0CIUUk9ufdP1VP4jDf2um+0s
+Sgs7x6Gpyjq67Ps7wLRdSmxr/G5b+Z8dRGFYS/wUCQEe3whwuImvLyPwWjXLzkAyMzc01f
+ywBGSrHnvP82ppenc2HuTI+E05Xc02i6JVyI1ShiekQL5twoqtR6pEBZnD17UonIx7cRzZ
+gbDGyT3bXMQtagvCwoW+/oMTKXiZP5jCJpEO8=
+-----END OPENSSH PRIVATE KEY-----
+`),
+	},
+}
+
+// SKData contains a list of PubKeys backed by U2F/FIDO2 Security Keys and their test data.
+var SKData = []struct {
+	Name         string
+	PubKey       []byte
+	HexData      []byte
+	HexSignature []byte
+}{
+	{
+		Name:         "sk-ecdsa-sha2-nistp256@openssh.com",
+		PubKey:       []byte("sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGRNqlFgED/pf4zXz8IzqA6CALNwYcwgd4MQDmIS1GOtn1SySFObiuyJaOlpqkV5FeEifhxfIC2ejKKtNyO4CysAAAAEc3NoOg== user@host"),
+		HexData:      []byte("00000020A4DE1F50DE0EF3F66DCD156C78F5C93B07EEE89D5B5A6531656E835FA1C87B323200000006736B696E6E650000000E7373682D636F6E6E656374696F6E000000097075626C69636B65790100000022736B2D65636473612D736861322D6E69737470323536406F70656E7373682E636F6D0000007F00000022736B2D65636473612D736861322D6E69737470323536406F70656E7373682E636F6D000000086E697374703235360000004104644DAA5160103FE97F8CD7CFC233A80E8200B37061CC207783100E6212D463AD9F54B248539B8AEC8968E969AA457915E1227E1C5F202D9E8CA2AD3723B80B2B000000047373683A"),
+		HexSignature: []byte("0000007800000022736B2D65636473612D736861322D6E69737470323536406F70656E7373682E636F6D000000490000002016CC1A3070E180621CB206C2C6313D1CC5F094DB844A61D06001E243C608875F0000002100E4BD45D6B9DAA11489AEA8D76C222AA3FD6D50FBFFDA8049526D5D61F63B2C5601000000F9"),
+	},
+	{
+		Name:         "sk-ssh-ed25519@openssh.com",
+		PubKey:       []byte("sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJjzc2a20RjCvN/0ibH6UpGuN9F9hDvD7x182bOesNhHAAAABHNzaDo= user@host"),
+		HexData:      []byte("000000204CFE6EA65CCB99B69348339165C7F38E359D95807A377EEE8E603C71DC3316FA3200000006736B696E6E650000000E7373682D636F6E6E656374696F6E000000097075626C69636B6579010000001A736B2D7373682D65643235353139406F70656E7373682E636F6D0000004A0000001A736B2D7373682D65643235353139406F70656E7373682E636F6D0000002098F37366B6D118C2BCDFF489B1FA5291AE37D17D843BC3EF1D7CD9B39EB0D847000000047373683A"),
+		HexSignature: []byte("000000670000001A736B2D7373682D65643235353139406F70656E7373682E636F6D000000404BF5CA0CAA553099306518732317B3FE4BA6C75365BC0CB02019FBE65A1647016CBD7A682C26928DF234C378ADDBC5077B47F72381144840BF00FB2DA2FB6A0A010000009E"),
+	},
 }
diff --git a/ssh/transport.go b/ssh/transport.go
index f9780e0ae..49ddc2e7d 100644
--- a/ssh/transport.go
+++ b/ssh/transport.go
@@ -6,6 +6,7 @@ package ssh
 
 import (
 	"bufio"
+	"bytes"
 	"errors"
 	"io"
 	"log"
@@ -52,14 +53,14 @@ type transport struct {
 // packetCipher represents a combination of SSH encryption/MAC
 // protocol.  A single instance should be used for one direction only.
 type packetCipher interface {
-	// writePacket encrypts the packet and writes it to w. The
+	// writeCipherPacket encrypts the packet and writes it to w. The
 	// contents of the packet are generally scrambled.
-	writePacket(seqnum uint32, w io.Writer, rand io.Reader, packet []byte) error
+	writeCipherPacket(seqnum uint32, w io.Writer, rand io.Reader, packet []byte) error
 
-	// readPacket reads and decrypts a packet of data. The
+	// readCipherPacket reads and decrypts a packet of data. The
 	// returned packet may be overwritten by future calls of
 	// readPacket.
-	readPacket(seqnum uint32, r io.Reader) ([]byte, error)
+	readCipherPacket(seqnum uint32, r io.Reader) ([]byte, error)
 }
 
 // connectionState represents one side (read or write) of the
@@ -76,17 +77,17 @@ type connectionState struct {
 // both directions are triggered by reading and writing a msgNewKey packet
 // respectively.
 func (t *transport) prepareKeyChange(algs *algorithms, kexResult *kexResult) error {
-	if ciph, err := newPacketCipher(t.reader.dir, algs.r, kexResult); err != nil {
+	ciph, err := newPacketCipher(t.reader.dir, algs.r, kexResult)
+	if err != nil {
 		return err
-	} else {
-		t.reader.pendingKeyChange <- ciph
 	}
+	t.reader.pendingKeyChange <- ciph
 
-	if ciph, err := newPacketCipher(t.writer.dir, algs.w, kexResult); err != nil {
+	ciph, err = newPacketCipher(t.writer.dir, algs.w, kexResult)
+	if err != nil {
 		return err
-	} else {
-		t.writer.pendingKeyChange <- ciph
 	}
+	t.writer.pendingKeyChange <- ciph
 
 	return nil
 }
@@ -126,7 +127,7 @@ func (t *transport) readPacket() (p []byte, err error) {
 }
 
 func (s *connectionState) readPacket(r *bufio.Reader) ([]byte, error) {
-	packet, err := s.packetCipher.readPacket(s.seqNum, r)
+	packet, err := s.packetCipher.readCipherPacket(s.seqNum, r)
 	s.seqNum++
 	if err == nil && len(packet) == 0 {
 		err = errors.New("ssh: zero length packet")
@@ -139,7 +140,7 @@ func (s *connectionState) readPacket(r *bufio.Reader) ([]byte, error) {
 			case cipher := <-s.pendingKeyChange:
 				s.packetCipher = cipher
 			default:
-				return nil, errors.New("ssh: got bogus newkeys message.")
+				return nil, errors.New("ssh: got bogus newkeys message")
 			}
 
 		case msgDisconnect:
@@ -174,7 +175,7 @@ func (t *transport) writePacket(packet []byte) error {
 func (s *connectionState) writePacket(w *bufio.Writer, rand io.Reader, packet []byte) error {
 	changeKeys := len(packet) > 0 && packet[0] == msgNewKeys
 
-	err := s.packetCipher.writePacket(s.seqNum, w, rand, packet)
+	err := s.packetCipher.writeCipherPacket(s.seqNum, w, rand, packet)
 	if err != nil {
 		return err
 	}
@@ -232,52 +233,22 @@ var (
 	clientKeys = direction{[]byte{'A'}, []byte{'C'}, []byte{'E'}}
 )
 
-// generateKeys generates key material for IV, MAC and encryption.
-func generateKeys(d direction, algs directionAlgorithms, kex *kexResult) (iv, key, macKey []byte) {
+// setupKeys sets the cipher and MAC keys from kex.K, kex.H and sessionId, as
+// described in RFC 4253, section 6.4. direction should either be serverKeys
+// (to setup server->client keys) or clientKeys (for client->server keys).
+func newPacketCipher(d direction, algs directionAlgorithms, kex *kexResult) (packetCipher, error) {
 	cipherMode := cipherModes[algs.Cipher]
 	macMode := macModes[algs.MAC]
 
-	iv = make([]byte, cipherMode.ivSize)
-	key = make([]byte, cipherMode.keySize)
-	macKey = make([]byte, macMode.keySize)
+	iv := make([]byte, cipherMode.ivSize)
+	key := make([]byte, cipherMode.keySize)
+	macKey := make([]byte, macMode.keySize)
 
 	generateKeyMaterial(iv, d.ivTag, kex)
 	generateKeyMaterial(key, d.keyTag, kex)
 	generateKeyMaterial(macKey, d.macKeyTag, kex)
-	return
-}
-
-// setupKeys sets the cipher and MAC keys from kex.K, kex.H and sessionId, as
-// described in RFC 4253, section 6.4. direction should either be serverKeys
-// (to setup server->client keys) or clientKeys (for client->server keys).
-func newPacketCipher(d direction, algs directionAlgorithms, kex *kexResult) (packetCipher, error) {
-	iv, key, macKey := generateKeys(d, algs, kex)
-
-	if algs.Cipher == gcmCipherID {
-		return newGCMCipher(iv, key, macKey)
-	}
-
-	if algs.Cipher == aes128cbcID {
-		return newAESCBCCipher(iv, key, macKey, algs)
-	}
-
-	if algs.Cipher == tripledescbcID {
-		return newTripleDESCBCCipher(iv, key, macKey, algs)
-	}
 
-	c := &streamPacketCipher{
-		mac: macModes[algs.MAC].new(macKey),
-		etm: macModes[algs.MAC].etm,
-	}
-	c.macResult = make([]byte, c.mac.Size())
-
-	var err error
-	c.cipher, err = cipherModes[algs.Cipher].createStream(key, iv)
-	if err != nil {
-		return nil, err
-	}
-
-	return c, nil
+	return cipherModes[algs.Cipher].create(key, iv, macKey, algs)
 }
 
 // generateKeyMaterial fills out with key material generated from tag, K, H
@@ -342,7 +313,7 @@ func readVersion(r io.Reader) ([]byte, error) {
 	var ok bool
 	var buf [1]byte
 
-	for len(versionString) < maxVersionStringBytes {
+	for length := 0; length < maxVersionStringBytes; length++ {
 		_, err := io.ReadFull(r, buf[:])
 		if err != nil {
 			return nil, err
@@ -350,6 +321,13 @@ func readVersion(r io.Reader) ([]byte, error) {
 		// The RFC says that the version should be terminated with \r\n
 		// but several SSH servers actually only send a \n.
 		if buf[0] == '\n' {
+			if !bytes.HasPrefix(versionString, []byte("SSH-")) {
+				// RFC 4253 says we need to ignore all version string lines
+				// except the one containing the SSH version (provided that
+				// all the lines do not exceed 255 bytes in total).
+				versionString = versionString[:0]
+				continue
+			}
 			ok = true
 			break
 		}
diff --git a/ssh/transport_test.go b/ssh/transport_test.go
index 92d83abf9..8445e1e56 100644
--- a/ssh/transport_test.go
+++ b/ssh/transport_test.go
@@ -13,11 +13,13 @@ import (
 )
 
 func TestReadVersion(t *testing.T) {
-	longversion := strings.Repeat("SSH-2.0-bla", 50)[:253]
+	longVersion := strings.Repeat("SSH-2.0-bla", 50)[:253]
+	multiLineVersion := strings.Repeat("ignored\r\n", 20) + "SSH-2.0-bla\r\n"
 	cases := map[string]string{
 		"SSH-2.0-bla\r\n":    "SSH-2.0-bla",
 		"SSH-2.0-bla\n":      "SSH-2.0-bla",
-		longversion + "\r\n": longversion,
+		multiLineVersion:     "SSH-2.0-bla",
+		longVersion + "\r\n": longVersion,
 	}
 
 	for in, want := range cases {
@@ -33,9 +35,11 @@ func TestReadVersion(t *testing.T) {
 }
 
 func TestReadVersionError(t *testing.T) {
-	longversion := strings.Repeat("SSH-2.0-bla", 50)[:253]
+	longVersion := strings.Repeat("SSH-2.0-bla", 50)[:253]
+	multiLineVersion := strings.Repeat("ignored\r\n", 50) + "SSH-2.0-bla\r\n"
 	cases := []string{
-		longversion + "too-long\r\n",
+		longVersion + "too-long\r\n",
+		multiLineVersion,
 	}
 	for _, in := range cases {
 		if _, err := readVersion(bytes.NewBufferString(in)); err == nil {
@@ -60,7 +64,7 @@ func TestExchangeVersionsBasic(t *testing.T) {
 func TestExchangeVersions(t *testing.T) {
 	cases := []string{
 		"not\x000allowed",
-		"not allowed\n",
+		"not allowed\x01\r\n",
 	}
 	for _, c := range cases {
 		buf := bytes.NewBufferString("SSH-2.0-bla\r\n")
diff --git a/tea/cipher.go b/tea/cipher.go
index 9c13d12a2..c1ff90e04 100644
--- a/tea/cipher.go
+++ b/tea/cipher.go
@@ -5,7 +5,14 @@
 // Package tea implements the TEA algorithm, as defined in Needham and
 // Wheeler's 1994 technical report, “TEA, a Tiny Encryption Algorithm”. See
 // http://www.cix.co.uk/~klockstone/tea.pdf for details.
-
+//
+// TEA is a legacy cipher and its short block size makes it vulnerable to
+// birthday bound attacks (see https://sweet32.info). It should only be used
+// where compatibility with legacy systems, not security, is the goal.
+//
+// Deprecated: any new system should use AES (from crypto/aes, if necessary in
+// an AEAD mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from
+// golang.org/x/crypto/chacha20poly1305).
 package tea
 
 import (
diff --git a/twofish/twofish.go b/twofish/twofish.go
index 6db01fcf4..1197d7513 100644
--- a/twofish/twofish.go
+++ b/twofish/twofish.go
@@ -3,6 +3,12 @@
 // license that can be found in the LICENSE file.
 
 // Package twofish implements Bruce Schneier's Twofish encryption algorithm.
+//
+// Deprecated: Twofish is a legacy cipher and should not be used for new
+// applications. Also, this package does not and will not provide an optimized
+// implementation. Instead, use AES (from crypto/aes, if necessary in an AEAD
+// mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from
+// golang.org/x/crypto/chacha20poly1305).
 package twofish // import "golang.org/x/crypto/twofish"
 
 // Twofish is defined in https://www.schneier.com/paper-twofish-paper.pdf [TWOFISH]
diff --git a/xtea/block.go b/xtea/block.go
index bf5d24599..fcb4e4d00 100644
--- a/xtea/block.go
+++ b/xtea/block.go
@@ -50,7 +50,7 @@ func encryptBlock(c *Cipher, dst, src []byte) {
 	uint32ToBlock(v0, v1, dst)
 }
 
-// decryptBlock decrypt a single 8 byte block using XTEA.
+// decryptBlock decrypts a single 8 byte block using XTEA.
 func decryptBlock(c *Cipher, dst, src []byte) {
 	v0, v1 := blockToUint32(src)
 
diff --git a/xtea/cipher.go b/xtea/cipher.go
index 108b42635..a4c2fd02b 100644
--- a/xtea/cipher.go
+++ b/xtea/cipher.go
@@ -4,6 +4,14 @@
 
 // Package xtea implements XTEA encryption, as defined in Needham and Wheeler's
 // 1997 technical report, "Tea extensions."
+//
+// XTEA is a legacy cipher and its short block size makes it vulnerable to
+// birthday bound attacks (see https://sweet32.info). It should only be used
+// where compatibility with legacy systems, not security, is the goal.
+//
+// Deprecated: any new system should use AES (from crypto/aes, if necessary in
+// an AEAD mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from
+// golang.org/x/crypto/chacha20poly1305).
 package xtea // import "golang.org/x/crypto/xtea"
 
 // For details, see http://www.cix.co.uk/~klockstone/xtea.pdf
@@ -14,8 +22,8 @@ import "strconv"
 const BlockSize = 8
 
 // A Cipher is an instance of an XTEA cipher using a particular key.
-// table contains a series of precalculated values that are used each round.
 type Cipher struct {
+	// table contains a series of precalculated values that are used each round.
 	table [64]uint32
 }
 
@@ -54,7 +62,7 @@ func (c *Cipher) BlockSize() int { return BlockSize }
 // instead, use an encryption mode like CBC (see crypto/cipher/cbc.go).
 func (c *Cipher) Encrypt(dst, src []byte) { encryptBlock(c, dst, src) }
 
-// Decrypt decrypts the 8 byte buffer src using the key k and stores the result in dst.
+// Decrypt decrypts the 8 byte buffer src using the key and stores the result in dst.
 func (c *Cipher) Decrypt(dst, src []byte) { decryptBlock(c, dst, src) }
 
 // initCipher initializes the cipher context by creating a look up table
@@ -69,7 +77,7 @@ func initCipher(c *Cipher, key []byte) {
 
 	// Precalculate the table
 	const delta = 0x9E3779B9
-	var sum uint32 = 0
+	var sum uint32
 
 	// Two rounds of XTEA applied per loop
 	for i := 0; i < numRounds; {
diff --git a/xts/xts.go b/xts/xts.go
index a7643fdcd..b51308e95 100644
--- a/xts/xts.go
+++ b/xts/xts.go
@@ -15,20 +15,25 @@
 // effectively create a unique key for each sector.
 //
 // XTS does not provide any authentication. An attacker can manipulate the
-// ciphertext and randomise a block (16 bytes) of the plaintext.
+// ciphertext and randomise a block (16 bytes) of the plaintext. This package
+// does not implement ciphertext-stealing so sectors must be a multiple of 16
+// bytes.
 //
-// (Note: this package does not implement ciphertext-stealing so sectors must
-// be a multiple of 16 bytes.)
+// Note that XTS is usually not appropriate for any use besides disk encryption.
+// Most users should use an AEAD mode like GCM (from crypto/cipher.NewGCM) instead.
 package xts // import "golang.org/x/crypto/xts"
 
 import (
 	"crypto/cipher"
 	"encoding/binary"
 	"errors"
+	"sync"
+
+	"golang.org/x/crypto/internal/subtle"
 )
 
-// Cipher contains an expanded key structure. It doesn't contain mutable state
-// and therefore can be used concurrently.
+// Cipher contains an expanded key structure. It is safe for concurrent use if
+// the underlying block cipher is safe for concurrent use.
 type Cipher struct {
 	k1, k2 cipher.Block
 }
@@ -37,6 +42,12 @@ type Cipher struct {
 // only defined for 16-byte ciphers.
 const blockSize = 16
 
+var tweakPool = sync.Pool{
+	New: func() interface{} {
+		return new([blockSize]byte)
+	},
+}
+
 // NewCipher creates a Cipher given a function for creating the underlying
 // block cipher (which must have a block size of 16 bytes). The key must be
 // twice the length of the underlying cipher's key.
@@ -55,7 +66,7 @@ func NewCipher(cipherFunc func([]byte) (cipher.Block, error), key []byte) (c *Ci
 }
 
 // Encrypt encrypts a sector of plaintext and puts the result into ciphertext.
-// Plaintext and ciphertext may be the same slice but should not overlap.
+// Plaintext and ciphertext must overlap entirely or not at all.
 // Sectors must be a multiple of 16 bytes and less than 2²⁴ bytes.
 func (c *Cipher) Encrypt(ciphertext, plaintext []byte, sectorNum uint64) {
 	if len(ciphertext) < len(plaintext) {
@@ -64,8 +75,14 @@ func (c *Cipher) Encrypt(ciphertext, plaintext []byte, sectorNum uint64) {
 	if len(plaintext)%blockSize != 0 {
 		panic("xts: plaintext is not a multiple of the block size")
 	}
+	if subtle.InexactOverlap(ciphertext[:len(plaintext)], plaintext) {
+		panic("xts: invalid buffer overlap")
+	}
 
-	var tweak [blockSize]byte
+	tweak := tweakPool.Get().(*[blockSize]byte)
+	for i := range tweak {
+		tweak[i] = 0
+	}
 	binary.LittleEndian.PutUint64(tweak[:8], sectorNum)
 
 	c.k2.Encrypt(tweak[:], tweak[:])
@@ -81,12 +98,14 @@ func (c *Cipher) Encrypt(ciphertext, plaintext []byte, sectorNum uint64) {
 		plaintext = plaintext[blockSize:]
 		ciphertext = ciphertext[blockSize:]
 
-		mul2(&tweak)
+		mul2(tweak)
 	}
+
+	tweakPool.Put(tweak)
 }
 
 // Decrypt decrypts a sector of ciphertext and puts the result into plaintext.
-// Plaintext and ciphertext may be the same slice but should not overlap.
+// Plaintext and ciphertext must overlap entirely or not at all.
 // Sectors must be a multiple of 16 bytes and less than 2²⁴ bytes.
 func (c *Cipher) Decrypt(plaintext, ciphertext []byte, sectorNum uint64) {
 	if len(plaintext) < len(ciphertext) {
@@ -95,8 +114,14 @@ func (c *Cipher) Decrypt(plaintext, ciphertext []byte, sectorNum uint64) {
 	if len(ciphertext)%blockSize != 0 {
 		panic("xts: ciphertext is not a multiple of the block size")
 	}
+	if subtle.InexactOverlap(plaintext[:len(ciphertext)], ciphertext) {
+		panic("xts: invalid buffer overlap")
+	}
 
-	var tweak [blockSize]byte
+	tweak := tweakPool.Get().(*[blockSize]byte)
+	for i := range tweak {
+		tweak[i] = 0
+	}
 	binary.LittleEndian.PutUint64(tweak[:8], sectorNum)
 
 	c.k2.Encrypt(tweak[:], tweak[:])
@@ -112,8 +137,10 @@ func (c *Cipher) Decrypt(plaintext, ciphertext []byte, sectorNum uint64) {
 		plaintext = plaintext[blockSize:]
 		ciphertext = ciphertext[blockSize:]
 
-		mul2(&tweak)
+		mul2(tweak)
 	}
+
+	tweakPool.Put(tweak)
 }
 
 // mul2 multiplies tweak by 2 in GF(2¹²⁸) with an irreducible polynomial of
diff --git a/xts/xts_test.go b/xts/xts_test.go
index 96d3b6cbc..75db1c509 100644
--- a/xts/xts_test.go
+++ b/xts/xts_test.go
@@ -103,3 +103,19 @@ func TestShorterCiphertext(t *testing.T) {
 		t.Errorf("En/Decryption is not inverse")
 	}
 }
+
+func BenchmarkXTS(b *testing.B) {
+	b.ReportAllocs()
+	c, err := NewCipher(aes.NewCipher, make([]byte, 32))
+	if err != nil {
+		b.Fatalf("NewCipher failed: %s", err)
+	}
+	plaintext := make([]byte, 32)
+	encrypted := make([]byte, 48)
+	decrypted := make([]byte, 48)
+
+	for i := 0; i < b.N; i++ {
+		c.Encrypt(encrypted, plaintext, 0)
+		c.Decrypt(decrypted, encrypted[:len(plaintext)], 0)
+	}
+}

From 2f6c37e991e902f2a41b66582e5a5d1a9f629876 Mon Sep 17 00:00:00 2001
From: Rod Hynes <rod-hynes@users.noreply.github.com>
Date: Thu, 28 Oct 2021 08:35:28 -0400
Subject: [PATCH 03/10] Update vendored refraction-networking/gotapdance and
 golang/protobuf

---
 vendor/github.com/golang/protobuf/AUTHORS     |    3 +
 .../golang/protobuf/CONTRIBUTING.md           |   30 +
 .../github.com/golang/protobuf/CONTRIBUTORS   |    3 +
 vendor/github.com/golang/protobuf/README.md   |  122 +
 vendor/github.com/golang/protobuf/go.mod      |    9 +
 vendor/github.com/golang/protobuf/go.sum      |    8 +
 .../golang/protobuf/proto/buffer.go           |  324 ++
 .../github.com/golang/protobuf/proto/clone.go |  253 --
 .../golang/protobuf/proto/decode.go           |  427 --
 .../golang/protobuf/proto/defaults.go         |   63 +
 .../golang/protobuf/proto/deprecated.go       |  126 +-
 .../golang/protobuf/proto/discard.go          |  356 +-
 .../golang/protobuf/proto/encode.go           |  203 -
 .../github.com/golang/protobuf/proto/equal.go |  301 --
 .../golang/protobuf/proto/extensions.go       |  771 ++--
 .../github.com/golang/protobuf/proto/lib.go   |  965 ----
 .../golang/protobuf/proto/message_set.go      |  181 -
 .../golang/protobuf/proto/pointer_reflect.go  |  360 --
 .../golang/protobuf/proto/pointer_unsafe.go   |  313 --
 .../golang/protobuf/proto/properties.go       |  649 +--
 .../github.com/golang/protobuf/proto/proto.go |  167 +
 .../golang/protobuf/proto/registry.go         |  317 ++
 .../golang/protobuf/proto/table_marshal.go    | 2776 ------------
 .../golang/protobuf/proto/table_merge.go      |  654 ---
 .../golang/protobuf/proto/table_unmarshal.go  | 2053 ---------
 .../github.com/golang/protobuf/proto/text.go  |  843 ----
 .../golang/protobuf/proto/text_decode.go      |  801 ++++
 .../golang/protobuf/proto/text_encode.go      |  560 +++
 .../golang/protobuf/proto/text_parser.go      |  880 ----
 .../github.com/golang/protobuf/proto/wire.go  |   78 +
 .../golang/protobuf/proto/wrappers.go         |   34 +
 .../golang/protobuf/regenerate.bash           |    9 +
 vendor/github.com/golang/protobuf/test.bash   |   41 +
 .../gotapdance/protobuf/Makefile              |   29 +-
 .../gotapdance/protobuf/signalling.pb.go      | 2112 ++++++---
 .../gotapdance/protobuf/signalling.proto      |   44 +-
 .../gotapdance/tapdance/conjure.go            |   12 +-
 .../tapdance/registrar_bidirectional.go       |  199 +
 .../protobuf/reflect/protodesc/desc.go        |  276 ++
 .../protobuf/reflect/protodesc/desc_init.go   |  248 ++
 .../reflect/protodesc/desc_resolve.go         |  286 ++
 .../reflect/protodesc/desc_validate.go        |  374 ++
 .../protobuf/reflect/protodesc/proto.go       |  252 ++
 .../types/descriptorpb/descriptor.pb.go       | 3957 +++++++++++++++++
 vendor/vendor.json                            |   52 +-
 45 files changed, 10224 insertions(+), 12297 deletions(-)
 create mode 100644 vendor/github.com/golang/protobuf/AUTHORS
 create mode 100644 vendor/github.com/golang/protobuf/CONTRIBUTING.md
 create mode 100644 vendor/github.com/golang/protobuf/CONTRIBUTORS
 create mode 100644 vendor/github.com/golang/protobuf/README.md
 create mode 100644 vendor/github.com/golang/protobuf/go.mod
 create mode 100644 vendor/github.com/golang/protobuf/go.sum
 create mode 100644 vendor/github.com/golang/protobuf/proto/buffer.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/clone.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/decode.go
 create mode 100644 vendor/github.com/golang/protobuf/proto/defaults.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/encode.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/equal.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/lib.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/message_set.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/pointer_reflect.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/pointer_unsafe.go
 create mode 100644 vendor/github.com/golang/protobuf/proto/proto.go
 create mode 100644 vendor/github.com/golang/protobuf/proto/registry.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/table_marshal.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/table_merge.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/table_unmarshal.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/text.go
 create mode 100644 vendor/github.com/golang/protobuf/proto/text_decode.go
 create mode 100644 vendor/github.com/golang/protobuf/proto/text_encode.go
 delete mode 100644 vendor/github.com/golang/protobuf/proto/text_parser.go
 create mode 100644 vendor/github.com/golang/protobuf/proto/wire.go
 create mode 100644 vendor/github.com/golang/protobuf/proto/wrappers.go
 create mode 100755 vendor/github.com/golang/protobuf/regenerate.bash
 create mode 100755 vendor/github.com/golang/protobuf/test.bash
 create mode 100644 vendor/github.com/refraction-networking/gotapdance/tapdance/registrar_bidirectional.go
 create mode 100644 vendor/google.golang.org/protobuf/reflect/protodesc/desc.go
 create mode 100644 vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go
 create mode 100644 vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go
 create mode 100644 vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go
 create mode 100644 vendor/google.golang.org/protobuf/reflect/protodesc/proto.go
 create mode 100644 vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go

diff --git a/vendor/github.com/golang/protobuf/AUTHORS b/vendor/github.com/golang/protobuf/AUTHORS
new file mode 100644
index 000000000..15167cd74
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/AUTHORS
@@ -0,0 +1,3 @@
+# This source code refers to The Go Authors for copyright purposes.
+# The master list of authors is in the main Go distribution,
+# visible at http://tip.golang.org/AUTHORS.
diff --git a/vendor/github.com/golang/protobuf/CONTRIBUTING.md b/vendor/github.com/golang/protobuf/CONTRIBUTING.md
new file mode 100644
index 000000000..83971cbbf
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/CONTRIBUTING.md
@@ -0,0 +1,30 @@
+# Contributing to Go Protocol Buffers
+
+Go protocol buffers is an open source project and accepts contributions.
+
+This project is the first major version of Go protobufs,
+while the next major revision of this project is located at
+[protocolbuffers/protobuf-go](https://github.com/protocolbuffers/protobuf-go).
+Most new development effort is focused on the latter project,
+and changes to this project is primarily reserved for bug fixes.
+
+
+## Contributor License Agreement
+
+Contributions to this project must be accompanied by a Contributor License
+Agreement. You (or your employer) retain the copyright to your contribution,
+this simply gives us permission to use and redistribute your contributions as
+part of the project. Head over to <https://cla.developers.google.com/> to see
+your current agreements on file or to sign a new one.
+
+You generally only need to submit a CLA once, so if you've already submitted one
+(even if it was for a different project), you probably don't need to do it
+again.
+
+
+## Code reviews
+
+All submissions, including submissions by project members, require review. We
+use GitHub pull requests for this purpose. Consult
+[GitHub Help](https://help.github.com/articles/about-pull-requests/) for more
+information on using pull requests.
diff --git a/vendor/github.com/golang/protobuf/CONTRIBUTORS b/vendor/github.com/golang/protobuf/CONTRIBUTORS
new file mode 100644
index 000000000..1c4577e96
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/CONTRIBUTORS
@@ -0,0 +1,3 @@
+# This source code was written by the Go contributors.
+# The master list of contributors is in the main Go distribution,
+# visible at http://tip.golang.org/CONTRIBUTORS.
diff --git a/vendor/github.com/golang/protobuf/README.md b/vendor/github.com/golang/protobuf/README.md
new file mode 100644
index 000000000..2e4233f20
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/README.md
@@ -0,0 +1,122 @@
+# Go support for Protocol Buffers
+
+[![GoDev](https://img.shields.io/static/v1?label=godev&message=reference&color=00add8)](https://pkg.go.dev/mod/github.com/golang/protobuf)
+[![Build Status](https://travis-ci.org/golang/protobuf.svg?branch=master)](https://travis-ci.org/golang/protobuf)
+
+This module
+([`github.com/golang/protobuf`](https://pkg.go.dev/mod/github.com/golang/protobuf))
+contains Go bindings for protocol buffers.
+
+It has been superseded by the
+[`google.golang.org/protobuf`](https://pkg.go.dev/mod/google.golang.org/protobuf)
+module, which contains an updated and simplified API,
+support for protobuf reflection, and many other improvements.
+We recommend that new code use the `google.golang.org/protobuf` module.
+
+Versions v1.4 and later of `github.com/golang/protobuf` are implemented
+in terms of `google.golang.org/protobuf`.
+Programs which use both modules must use at least version v1.4 of this one.
+
+See the
+[developer guide for protocol buffers in Go](https://developers.google.com/protocol-buffers/docs/gotutorial)
+for a general guide for how to get started using protobufs in Go.
+
+See
+[release note documentation](https://github.com/golang/protobuf/releases)
+for more information about individual releases of this project.
+
+See
+[documentation for the next major revision](https://pkg.go.dev/mod/google.golang.org/protobuf)
+for more information about the purpose, usage, and history of this project.
+
+## Package index
+
+Summary of the packages provided by this module:
+
+*   [`proto`](https://pkg.go.dev/github.com/golang/protobuf/proto): Package
+    `proto` provides functions operating on protobuf messages such as cloning,
+    merging, and checking equality, as well as binary serialization and text
+    serialization.
+*   [`jsonpb`](https://pkg.go.dev/github.com/golang/protobuf/jsonpb): Package
+    `jsonpb` serializes protobuf messages as JSON.
+*   [`ptypes`](https://pkg.go.dev/github.com/golang/protobuf/ptypes): Package
+    `ptypes` provides helper functionality for protobuf well-known types.
+*   [`ptypes/any`](https://pkg.go.dev/github.com/golang/protobuf/ptypes/any):
+    Package `any` is the generated package for `google/protobuf/any.proto`.
+*   [`ptypes/empty`](https://pkg.go.dev/github.com/golang/protobuf/ptypes/empty):
+    Package `empty` is the generated package for `google/protobuf/empty.proto`.
+*   [`ptypes/timestamp`](https://pkg.go.dev/github.com/golang/protobuf/ptypes/timestamp):
+    Package `timestamp` is the generated package for
+    `google/protobuf/timestamp.proto`.
+*   [`ptypes/duration`](https://pkg.go.dev/github.com/golang/protobuf/ptypes/duration):
+    Package `duration` is the generated package for
+    `google/protobuf/duration.proto`.
+*   [`ptypes/wrappers`](https://pkg.go.dev/github.com/golang/protobuf/ptypes/wrappers):
+    Package `wrappers` is the generated package for
+    `google/protobuf/wrappers.proto`.
+*   [`ptypes/struct`](https://pkg.go.dev/github.com/golang/protobuf/ptypes/struct):
+    Package `structpb` is the generated package for
+    `google/protobuf/struct.proto`.
+*   [`protoc-gen-go/descriptor`](https://pkg.go.dev/github.com/golang/protobuf/protoc-gen-go/descriptor):
+    Package `descriptor` is the generated package for
+    `google/protobuf/descriptor.proto`.
+*   [`protoc-gen-go/plugin`](https://pkg.go.dev/github.com/golang/protobuf/protoc-gen-go/plugin):
+    Package `plugin` is the generated package for
+    `google/protobuf/compiler/plugin.proto`.
+*   [`protoc-gen-go`](https://pkg.go.dev/github.com/golang/protobuf/protoc-gen-go):
+    The `protoc-gen-go` binary is a protoc plugin to generate a Go protocol
+    buffer package.
+
+## Reporting issues
+
+The issue tracker for this project
+[is located here](https://github.com/golang/protobuf/issues).
+
+Please report any issues with a sufficient description of the bug or feature
+request. Bug reports should ideally be accompanied by a minimal reproduction of
+the issue. Irreproducible bugs are difficult to diagnose and fix (and likely to
+be closed after some period of time). Bug reports must specify the version of
+the
+[Go protocol buffer module](https://github.com/protocolbuffers/protobuf-go/releases)
+and also the version of the
+[protocol buffer toolchain](https://github.com/protocolbuffers/protobuf/releases)
+being used.
+
+## Contributing
+
+This project is open-source and accepts contributions. See the
+[contribution guide](https://github.com/golang/protobuf/blob/master/CONTRIBUTING.md)
+for more information.
+
+## Compatibility
+
+This module and the generated code are expected to be stable over time. However,
+we reserve the right to make breaking changes without notice for the following
+reasons:
+
+*   **Security:** A security issue in the specification or implementation may
+    come to light whose resolution requires breaking compatibility. We reserve
+    the right to address such issues.
+*   **Unspecified behavior:** There are some aspects of the protocol buffer
+    specification that are undefined. Programs that depend on unspecified
+    behavior may break in future releases.
+*   **Specification changes:** It may become necessary to address an
+    inconsistency, incompleteness, or change in the protocol buffer
+    specification, which may affect the behavior of existing programs. We
+    reserve the right to address such changes.
+*   **Bugs:** If a package has a bug that violates correctness, a program
+    depending on the buggy behavior may break if the bug is fixed. We reserve
+    the right to fix such bugs.
+*   **Generated additions**: We reserve the right to add new declarations to
+    generated Go packages of `.proto` files. This includes declared constants,
+    variables, functions, types, fields in structs, and methods on types. This
+    may break attempts at injecting additional code on top of what is generated
+    by `protoc-gen-go`. Such practice is not supported by this project.
+*   **Internal changes**: We reserve the right to add, modify, and remove
+    internal code, which includes all unexported declarations, the
+    [`generator`](https://pkg.go.dev/github.com/golang/protobuf/protoc-gen-go/generator)
+    package, and all packages under
+    [`internal`](https://pkg.go.dev/github.com/golang/protobuf/internal).
+
+Any breaking changes outside of these will be announced 6 months in advance to
+[protobuf@googlegroups.com](https://groups.google.com/forum/#!forum/protobuf).
diff --git a/vendor/github.com/golang/protobuf/go.mod b/vendor/github.com/golang/protobuf/go.mod
new file mode 100644
index 000000000..6cac17b11
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/go.mod
@@ -0,0 +1,9 @@
+// Deprecated: Use the "google.golang.org/protobuf" module instead.
+module github.com/golang/protobuf
+
+go 1.9
+
+require (
+	github.com/google/go-cmp v0.5.5
+	google.golang.org/protobuf v1.26.0
+)
diff --git a/vendor/github.com/golang/protobuf/go.sum b/vendor/github.com/golang/protobuf/go.sum
new file mode 100644
index 000000000..20a6257f1
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/go.sum
@@ -0,0 +1,8 @@
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
diff --git a/vendor/github.com/golang/protobuf/proto/buffer.go b/vendor/github.com/golang/protobuf/proto/buffer.go
new file mode 100644
index 000000000..e810e6fea
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/proto/buffer.go
@@ -0,0 +1,324 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proto
+
+import (
+	"errors"
+	"fmt"
+
+	"google.golang.org/protobuf/encoding/prototext"
+	"google.golang.org/protobuf/encoding/protowire"
+	"google.golang.org/protobuf/runtime/protoimpl"
+)
+
+const (
+	WireVarint     = 0
+	WireFixed32    = 5
+	WireFixed64    = 1
+	WireBytes      = 2
+	WireStartGroup = 3
+	WireEndGroup   = 4
+)
+
+// EncodeVarint returns the varint encoded bytes of v.
+func EncodeVarint(v uint64) []byte {
+	return protowire.AppendVarint(nil, v)
+}
+
+// SizeVarint returns the length of the varint encoded bytes of v.
+// This is equal to len(EncodeVarint(v)).
+func SizeVarint(v uint64) int {
+	return protowire.SizeVarint(v)
+}
+
+// DecodeVarint parses a varint encoded integer from b,
+// returning the integer value and the length of the varint.
+// It returns (0, 0) if there is a parse error.
+func DecodeVarint(b []byte) (uint64, int) {
+	v, n := protowire.ConsumeVarint(b)
+	if n < 0 {
+		return 0, 0
+	}
+	return v, n
+}
+
+// Buffer is a buffer for encoding and decoding the protobuf wire format.
+// It may be reused between invocations to reduce memory usage.
+type Buffer struct {
+	buf           []byte
+	idx           int
+	deterministic bool
+}
+
+// NewBuffer allocates a new Buffer initialized with buf,
+// where the contents of buf are considered the unread portion of the buffer.
+func NewBuffer(buf []byte) *Buffer {
+	return &Buffer{buf: buf}
+}
+
+// SetDeterministic specifies whether to use deterministic serialization.
+//
+// Deterministic serialization guarantees that for a given binary, equal
+// messages will always be serialized to the same bytes. This implies:
+//
+//   - Repeated serialization of a message will return the same bytes.
+//   - Different processes of the same binary (which may be executing on
+//     different machines) will serialize equal messages to the same bytes.
+//
+// Note that the deterministic serialization is NOT canonical across
+// languages. It is not guaranteed to remain stable over time. It is unstable
+// across different builds with schema changes due to unknown fields.
+// Users who need canonical serialization (e.g., persistent storage in a
+// canonical form, fingerprinting, etc.) should define their own
+// canonicalization specification and implement their own serializer rather
+// than relying on this API.
+//
+// If deterministic serialization is requested, map entries will be sorted
+// by keys in lexographical order. This is an implementation detail and
+// subject to change.
+func (b *Buffer) SetDeterministic(deterministic bool) {
+	b.deterministic = deterministic
+}
+
+// SetBuf sets buf as the internal buffer,
+// where the contents of buf are considered the unread portion of the buffer.
+func (b *Buffer) SetBuf(buf []byte) {
+	b.buf = buf
+	b.idx = 0
+}
+
+// Reset clears the internal buffer of all written and unread data.
+func (b *Buffer) Reset() {
+	b.buf = b.buf[:0]
+	b.idx = 0
+}
+
+// Bytes returns the internal buffer.
+func (b *Buffer) Bytes() []byte {
+	return b.buf
+}
+
+// Unread returns the unread portion of the buffer.
+func (b *Buffer) Unread() []byte {
+	return b.buf[b.idx:]
+}
+
+// Marshal appends the wire-format encoding of m to the buffer.
+func (b *Buffer) Marshal(m Message) error {
+	var err error
+	b.buf, err = marshalAppend(b.buf, m, b.deterministic)
+	return err
+}
+
+// Unmarshal parses the wire-format message in the buffer and
+// places the decoded results in m.
+// It does not reset m before unmarshaling.
+func (b *Buffer) Unmarshal(m Message) error {
+	err := UnmarshalMerge(b.Unread(), m)
+	b.idx = len(b.buf)
+	return err
+}
+
+type unknownFields struct{ XXX_unrecognized protoimpl.UnknownFields }
+
+func (m *unknownFields) String() string { panic("not implemented") }
+func (m *unknownFields) Reset()         { panic("not implemented") }
+func (m *unknownFields) ProtoMessage()  { panic("not implemented") }
+
+// DebugPrint dumps the encoded bytes of b with a header and footer including s
+// to stdout. This is only intended for debugging.
+func (*Buffer) DebugPrint(s string, b []byte) {
+	m := MessageReflect(new(unknownFields))
+	m.SetUnknown(b)
+	b, _ = prototext.MarshalOptions{AllowPartial: true, Indent: "\t"}.Marshal(m.Interface())
+	fmt.Printf("==== %s ====\n%s==== %s ====\n", s, b, s)
+}
+
+// EncodeVarint appends an unsigned varint encoding to the buffer.
+func (b *Buffer) EncodeVarint(v uint64) error {
+	b.buf = protowire.AppendVarint(b.buf, v)
+	return nil
+}
+
+// EncodeZigzag32 appends a 32-bit zig-zag varint encoding to the buffer.
+func (b *Buffer) EncodeZigzag32(v uint64) error {
+	return b.EncodeVarint(uint64((uint32(v) << 1) ^ uint32((int32(v) >> 31))))
+}
+
+// EncodeZigzag64 appends a 64-bit zig-zag varint encoding to the buffer.
+func (b *Buffer) EncodeZigzag64(v uint64) error {
+	return b.EncodeVarint(uint64((uint64(v) << 1) ^ uint64((int64(v) >> 63))))
+}
+
+// EncodeFixed32 appends a 32-bit little-endian integer to the buffer.
+func (b *Buffer) EncodeFixed32(v uint64) error {
+	b.buf = protowire.AppendFixed32(b.buf, uint32(v))
+	return nil
+}
+
+// EncodeFixed64 appends a 64-bit little-endian integer to the buffer.
+func (b *Buffer) EncodeFixed64(v uint64) error {
+	b.buf = protowire.AppendFixed64(b.buf, uint64(v))
+	return nil
+}
+
+// EncodeRawBytes appends a length-prefixed raw bytes to the buffer.
+func (b *Buffer) EncodeRawBytes(v []byte) error {
+	b.buf = protowire.AppendBytes(b.buf, v)
+	return nil
+}
+
+// EncodeStringBytes appends a length-prefixed raw bytes to the buffer.
+// It does not validate whether v contains valid UTF-8.
+func (b *Buffer) EncodeStringBytes(v string) error {
+	b.buf = protowire.AppendString(b.buf, v)
+	return nil
+}
+
+// EncodeMessage appends a length-prefixed encoded message to the buffer.
+func (b *Buffer) EncodeMessage(m Message) error {
+	var err error
+	b.buf = protowire.AppendVarint(b.buf, uint64(Size(m)))
+	b.buf, err = marshalAppend(b.buf, m, b.deterministic)
+	return err
+}
+
+// DecodeVarint consumes an encoded unsigned varint from the buffer.
+func (b *Buffer) DecodeVarint() (uint64, error) {
+	v, n := protowire.ConsumeVarint(b.buf[b.idx:])
+	if n < 0 {
+		return 0, protowire.ParseError(n)
+	}
+	b.idx += n
+	return uint64(v), nil
+}
+
+// DecodeZigzag32 consumes an encoded 32-bit zig-zag varint from the buffer.
+func (b *Buffer) DecodeZigzag32() (uint64, error) {
+	v, err := b.DecodeVarint()
+	if err != nil {
+		return 0, err
+	}
+	return uint64((uint32(v) >> 1) ^ uint32((int32(v&1)<<31)>>31)), nil
+}
+
+// DecodeZigzag64 consumes an encoded 64-bit zig-zag varint from the buffer.
+func (b *Buffer) DecodeZigzag64() (uint64, error) {
+	v, err := b.DecodeVarint()
+	if err != nil {
+		return 0, err
+	}
+	return uint64((uint64(v) >> 1) ^ uint64((int64(v&1)<<63)>>63)), nil
+}
+
+// DecodeFixed32 consumes a 32-bit little-endian integer from the buffer.
+func (b *Buffer) DecodeFixed32() (uint64, error) {
+	v, n := protowire.ConsumeFixed32(b.buf[b.idx:])
+	if n < 0 {
+		return 0, protowire.ParseError(n)
+	}
+	b.idx += n
+	return uint64(v), nil
+}
+
+// DecodeFixed64 consumes a 64-bit little-endian integer from the buffer.
+func (b *Buffer) DecodeFixed64() (uint64, error) {
+	v, n := protowire.ConsumeFixed64(b.buf[b.idx:])
+	if n < 0 {
+		return 0, protowire.ParseError(n)
+	}
+	b.idx += n
+	return uint64(v), nil
+}
+
+// DecodeRawBytes consumes a length-prefixed raw bytes from the buffer.
+// If alloc is specified, it returns a copy the raw bytes
+// rather than a sub-slice of the buffer.
+func (b *Buffer) DecodeRawBytes(alloc bool) ([]byte, error) {
+	v, n := protowire.ConsumeBytes(b.buf[b.idx:])
+	if n < 0 {
+		return nil, protowire.ParseError(n)
+	}
+	b.idx += n
+	if alloc {
+		v = append([]byte(nil), v...)
+	}
+	return v, nil
+}
+
+// DecodeStringBytes consumes a length-prefixed raw bytes from the buffer.
+// It does not validate whether the raw bytes contain valid UTF-8.
+func (b *Buffer) DecodeStringBytes() (string, error) {
+	v, n := protowire.ConsumeString(b.buf[b.idx:])
+	if n < 0 {
+		return "", protowire.ParseError(n)
+	}
+	b.idx += n
+	return v, nil
+}
+
+// DecodeMessage consumes a length-prefixed message from the buffer.
+// It does not reset m before unmarshaling.
+func (b *Buffer) DecodeMessage(m Message) error {
+	v, err := b.DecodeRawBytes(false)
+	if err != nil {
+		return err
+	}
+	return UnmarshalMerge(v, m)
+}
+
+// DecodeGroup consumes a message group from the buffer.
+// It assumes that the start group marker has already been consumed and
+// consumes all bytes until (and including the end group marker).
+// It does not reset m before unmarshaling.
+func (b *Buffer) DecodeGroup(m Message) error {
+	v, n, err := consumeGroup(b.buf[b.idx:])
+	if err != nil {
+		return err
+	}
+	b.idx += n
+	return UnmarshalMerge(v, m)
+}
+
+// consumeGroup parses b until it finds an end group marker, returning
+// the raw bytes of the message (excluding the end group marker) and the
+// the total length of the message (including the end group marker).
+func consumeGroup(b []byte) ([]byte, int, error) {
+	b0 := b
+	depth := 1 // assume this follows a start group marker
+	for {
+		_, wtyp, tagLen := protowire.ConsumeTag(b)
+		if tagLen < 0 {
+			return nil, 0, protowire.ParseError(tagLen)
+		}
+		b = b[tagLen:]
+
+		var valLen int
+		switch wtyp {
+		case protowire.VarintType:
+			_, valLen = protowire.ConsumeVarint(b)
+		case protowire.Fixed32Type:
+			_, valLen = protowire.ConsumeFixed32(b)
+		case protowire.Fixed64Type:
+			_, valLen = protowire.ConsumeFixed64(b)
+		case protowire.BytesType:
+			_, valLen = protowire.ConsumeBytes(b)
+		case protowire.StartGroupType:
+			depth++
+		case protowire.EndGroupType:
+			depth--
+		default:
+			return nil, 0, errors.New("proto: cannot parse reserved wire type")
+		}
+		if valLen < 0 {
+			return nil, 0, protowire.ParseError(valLen)
+		}
+		b = b[valLen:]
+
+		if depth == 0 {
+			return b0[:len(b0)-len(b)-tagLen], len(b0) - len(b), nil
+		}
+	}
+}
diff --git a/vendor/github.com/golang/protobuf/proto/clone.go b/vendor/github.com/golang/protobuf/proto/clone.go
deleted file mode 100644
index 3cd3249f7..000000000
--- a/vendor/github.com/golang/protobuf/proto/clone.go
+++ /dev/null
@@ -1,253 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2011 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// Protocol buffer deep copy and merge.
-// TODO: RawMessage.
-
-package proto
-
-import (
-	"fmt"
-	"log"
-	"reflect"
-	"strings"
-)
-
-// Clone returns a deep copy of a protocol buffer.
-func Clone(src Message) Message {
-	in := reflect.ValueOf(src)
-	if in.IsNil() {
-		return src
-	}
-	out := reflect.New(in.Type().Elem())
-	dst := out.Interface().(Message)
-	Merge(dst, src)
-	return dst
-}
-
-// Merger is the interface representing objects that can merge messages of the same type.
-type Merger interface {
-	// Merge merges src into this message.
-	// Required and optional fields that are set in src will be set to that value in dst.
-	// Elements of repeated fields will be appended.
-	//
-	// Merge may panic if called with a different argument type than the receiver.
-	Merge(src Message)
-}
-
-// generatedMerger is the custom merge method that generated protos will have.
-// We must add this method since a generate Merge method will conflict with
-// many existing protos that have a Merge data field already defined.
-type generatedMerger interface {
-	XXX_Merge(src Message)
-}
-
-// Merge merges src into dst.
-// Required and optional fields that are set in src will be set to that value in dst.
-// Elements of repeated fields will be appended.
-// Merge panics if src and dst are not the same type, or if dst is nil.
-func Merge(dst, src Message) {
-	if m, ok := dst.(Merger); ok {
-		m.Merge(src)
-		return
-	}
-
-	in := reflect.ValueOf(src)
-	out := reflect.ValueOf(dst)
-	if out.IsNil() {
-		panic("proto: nil destination")
-	}
-	if in.Type() != out.Type() {
-		panic(fmt.Sprintf("proto.Merge(%T, %T) type mismatch", dst, src))
-	}
-	if in.IsNil() {
-		return // Merge from nil src is a noop
-	}
-	if m, ok := dst.(generatedMerger); ok {
-		m.XXX_Merge(src)
-		return
-	}
-	mergeStruct(out.Elem(), in.Elem())
-}
-
-func mergeStruct(out, in reflect.Value) {
-	sprop := GetProperties(in.Type())
-	for i := 0; i < in.NumField(); i++ {
-		f := in.Type().Field(i)
-		if strings.HasPrefix(f.Name, "XXX_") {
-			continue
-		}
-		mergeAny(out.Field(i), in.Field(i), false, sprop.Prop[i])
-	}
-
-	if emIn, err := extendable(in.Addr().Interface()); err == nil {
-		emOut, _ := extendable(out.Addr().Interface())
-		mIn, muIn := emIn.extensionsRead()
-		if mIn != nil {
-			mOut := emOut.extensionsWrite()
-			muIn.Lock()
-			mergeExtension(mOut, mIn)
-			muIn.Unlock()
-		}
-	}
-
-	uf := in.FieldByName("XXX_unrecognized")
-	if !uf.IsValid() {
-		return
-	}
-	uin := uf.Bytes()
-	if len(uin) > 0 {
-		out.FieldByName("XXX_unrecognized").SetBytes(append([]byte(nil), uin...))
-	}
-}
-
-// mergeAny performs a merge between two values of the same type.
-// viaPtr indicates whether the values were indirected through a pointer (implying proto2).
-// prop is set if this is a struct field (it may be nil).
-func mergeAny(out, in reflect.Value, viaPtr bool, prop *Properties) {
-	if in.Type() == protoMessageType {
-		if !in.IsNil() {
-			if out.IsNil() {
-				out.Set(reflect.ValueOf(Clone(in.Interface().(Message))))
-			} else {
-				Merge(out.Interface().(Message), in.Interface().(Message))
-			}
-		}
-		return
-	}
-	switch in.Kind() {
-	case reflect.Bool, reflect.Float32, reflect.Float64, reflect.Int32, reflect.Int64,
-		reflect.String, reflect.Uint32, reflect.Uint64:
-		if !viaPtr && isProto3Zero(in) {
-			return
-		}
-		out.Set(in)
-	case reflect.Interface:
-		// Probably a oneof field; copy non-nil values.
-		if in.IsNil() {
-			return
-		}
-		// Allocate destination if it is not set, or set to a different type.
-		// Otherwise we will merge as normal.
-		if out.IsNil() || out.Elem().Type() != in.Elem().Type() {
-			out.Set(reflect.New(in.Elem().Elem().Type())) // interface -> *T -> T -> new(T)
-		}
-		mergeAny(out.Elem(), in.Elem(), false, nil)
-	case reflect.Map:
-		if in.Len() == 0 {
-			return
-		}
-		if out.IsNil() {
-			out.Set(reflect.MakeMap(in.Type()))
-		}
-		// For maps with value types of *T or []byte we need to deep copy each value.
-		elemKind := in.Type().Elem().Kind()
-		for _, key := range in.MapKeys() {
-			var val reflect.Value
-			switch elemKind {
-			case reflect.Ptr:
-				val = reflect.New(in.Type().Elem().Elem())
-				mergeAny(val, in.MapIndex(key), false, nil)
-			case reflect.Slice:
-				val = in.MapIndex(key)
-				val = reflect.ValueOf(append([]byte{}, val.Bytes()...))
-			default:
-				val = in.MapIndex(key)
-			}
-			out.SetMapIndex(key, val)
-		}
-	case reflect.Ptr:
-		if in.IsNil() {
-			return
-		}
-		if out.IsNil() {
-			out.Set(reflect.New(in.Elem().Type()))
-		}
-		mergeAny(out.Elem(), in.Elem(), true, nil)
-	case reflect.Slice:
-		if in.IsNil() {
-			return
-		}
-		if in.Type().Elem().Kind() == reflect.Uint8 {
-			// []byte is a scalar bytes field, not a repeated field.
-
-			// Edge case: if this is in a proto3 message, a zero length
-			// bytes field is considered the zero value, and should not
-			// be merged.
-			if prop != nil && prop.proto3 && in.Len() == 0 {
-				return
-			}
-
-			// Make a deep copy.
-			// Append to []byte{} instead of []byte(nil) so that we never end up
-			// with a nil result.
-			out.SetBytes(append([]byte{}, in.Bytes()...))
-			return
-		}
-		n := in.Len()
-		if out.IsNil() {
-			out.Set(reflect.MakeSlice(in.Type(), 0, n))
-		}
-		switch in.Type().Elem().Kind() {
-		case reflect.Bool, reflect.Float32, reflect.Float64, reflect.Int32, reflect.Int64,
-			reflect.String, reflect.Uint32, reflect.Uint64:
-			out.Set(reflect.AppendSlice(out, in))
-		default:
-			for i := 0; i < n; i++ {
-				x := reflect.Indirect(reflect.New(in.Type().Elem()))
-				mergeAny(x, in.Index(i), false, nil)
-				out.Set(reflect.Append(out, x))
-			}
-		}
-	case reflect.Struct:
-		mergeStruct(out, in)
-	default:
-		// unknown type, so not a protocol buffer
-		log.Printf("proto: don't know how to copy %v", in)
-	}
-}
-
-func mergeExtension(out, in map[int32]Extension) {
-	for extNum, eIn := range in {
-		eOut := Extension{desc: eIn.desc}
-		if eIn.value != nil {
-			v := reflect.New(reflect.TypeOf(eIn.value)).Elem()
-			mergeAny(v, reflect.ValueOf(eIn.value), false, nil)
-			eOut.value = v.Interface()
-		}
-		if eIn.enc != nil {
-			eOut.enc = make([]byte, len(eIn.enc))
-			copy(eOut.enc, eIn.enc)
-		}
-
-		out[extNum] = eOut
-	}
-}
diff --git a/vendor/github.com/golang/protobuf/proto/decode.go b/vendor/github.com/golang/protobuf/proto/decode.go
deleted file mode 100644
index 63b0f08be..000000000
--- a/vendor/github.com/golang/protobuf/proto/decode.go
+++ /dev/null
@@ -1,427 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-/*
- * Routines for decoding protocol buffer data to construct in-memory representations.
- */
-
-import (
-	"errors"
-	"fmt"
-	"io"
-)
-
-// errOverflow is returned when an integer is too large to be represented.
-var errOverflow = errors.New("proto: integer overflow")
-
-// ErrInternalBadWireType is returned by generated code when an incorrect
-// wire type is encountered. It does not get returned to user code.
-var ErrInternalBadWireType = errors.New("proto: internal error: bad wiretype for oneof")
-
-// DecodeVarint reads a varint-encoded integer from the slice.
-// It returns the integer and the number of bytes consumed, or
-// zero if there is not enough.
-// This is the format for the
-// int32, int64, uint32, uint64, bool, and enum
-// protocol buffer types.
-func DecodeVarint(buf []byte) (x uint64, n int) {
-	for shift := uint(0); shift < 64; shift += 7 {
-		if n >= len(buf) {
-			return 0, 0
-		}
-		b := uint64(buf[n])
-		n++
-		x |= (b & 0x7F) << shift
-		if (b & 0x80) == 0 {
-			return x, n
-		}
-	}
-
-	// The number is too large to represent in a 64-bit value.
-	return 0, 0
-}
-
-func (p *Buffer) decodeVarintSlow() (x uint64, err error) {
-	i := p.index
-	l := len(p.buf)
-
-	for shift := uint(0); shift < 64; shift += 7 {
-		if i >= l {
-			err = io.ErrUnexpectedEOF
-			return
-		}
-		b := p.buf[i]
-		i++
-		x |= (uint64(b) & 0x7F) << shift
-		if b < 0x80 {
-			p.index = i
-			return
-		}
-	}
-
-	// The number is too large to represent in a 64-bit value.
-	err = errOverflow
-	return
-}
-
-// DecodeVarint reads a varint-encoded integer from the Buffer.
-// This is the format for the
-// int32, int64, uint32, uint64, bool, and enum
-// protocol buffer types.
-func (p *Buffer) DecodeVarint() (x uint64, err error) {
-	i := p.index
-	buf := p.buf
-
-	if i >= len(buf) {
-		return 0, io.ErrUnexpectedEOF
-	} else if buf[i] < 0x80 {
-		p.index++
-		return uint64(buf[i]), nil
-	} else if len(buf)-i < 10 {
-		return p.decodeVarintSlow()
-	}
-
-	var b uint64
-	// we already checked the first byte
-	x = uint64(buf[i]) - 0x80
-	i++
-
-	b = uint64(buf[i])
-	i++
-	x += b << 7
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 7
-
-	b = uint64(buf[i])
-	i++
-	x += b << 14
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 14
-
-	b = uint64(buf[i])
-	i++
-	x += b << 21
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 21
-
-	b = uint64(buf[i])
-	i++
-	x += b << 28
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 28
-
-	b = uint64(buf[i])
-	i++
-	x += b << 35
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 35
-
-	b = uint64(buf[i])
-	i++
-	x += b << 42
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 42
-
-	b = uint64(buf[i])
-	i++
-	x += b << 49
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 49
-
-	b = uint64(buf[i])
-	i++
-	x += b << 56
-	if b&0x80 == 0 {
-		goto done
-	}
-	x -= 0x80 << 56
-
-	b = uint64(buf[i])
-	i++
-	x += b << 63
-	if b&0x80 == 0 {
-		goto done
-	}
-
-	return 0, errOverflow
-
-done:
-	p.index = i
-	return x, nil
-}
-
-// DecodeFixed64 reads a 64-bit integer from the Buffer.
-// This is the format for the
-// fixed64, sfixed64, and double protocol buffer types.
-func (p *Buffer) DecodeFixed64() (x uint64, err error) {
-	// x, err already 0
-	i := p.index + 8
-	if i < 0 || i > len(p.buf) {
-		err = io.ErrUnexpectedEOF
-		return
-	}
-	p.index = i
-
-	x = uint64(p.buf[i-8])
-	x |= uint64(p.buf[i-7]) << 8
-	x |= uint64(p.buf[i-6]) << 16
-	x |= uint64(p.buf[i-5]) << 24
-	x |= uint64(p.buf[i-4]) << 32
-	x |= uint64(p.buf[i-3]) << 40
-	x |= uint64(p.buf[i-2]) << 48
-	x |= uint64(p.buf[i-1]) << 56
-	return
-}
-
-// DecodeFixed32 reads a 32-bit integer from the Buffer.
-// This is the format for the
-// fixed32, sfixed32, and float protocol buffer types.
-func (p *Buffer) DecodeFixed32() (x uint64, err error) {
-	// x, err already 0
-	i := p.index + 4
-	if i < 0 || i > len(p.buf) {
-		err = io.ErrUnexpectedEOF
-		return
-	}
-	p.index = i
-
-	x = uint64(p.buf[i-4])
-	x |= uint64(p.buf[i-3]) << 8
-	x |= uint64(p.buf[i-2]) << 16
-	x |= uint64(p.buf[i-1]) << 24
-	return
-}
-
-// DecodeZigzag64 reads a zigzag-encoded 64-bit integer
-// from the Buffer.
-// This is the format used for the sint64 protocol buffer type.
-func (p *Buffer) DecodeZigzag64() (x uint64, err error) {
-	x, err = p.DecodeVarint()
-	if err != nil {
-		return
-	}
-	x = (x >> 1) ^ uint64((int64(x&1)<<63)>>63)
-	return
-}
-
-// DecodeZigzag32 reads a zigzag-encoded 32-bit integer
-// from  the Buffer.
-// This is the format used for the sint32 protocol buffer type.
-func (p *Buffer) DecodeZigzag32() (x uint64, err error) {
-	x, err = p.DecodeVarint()
-	if err != nil {
-		return
-	}
-	x = uint64((uint32(x) >> 1) ^ uint32((int32(x&1)<<31)>>31))
-	return
-}
-
-// DecodeRawBytes reads a count-delimited byte buffer from the Buffer.
-// This is the format used for the bytes protocol buffer
-// type and for embedded messages.
-func (p *Buffer) DecodeRawBytes(alloc bool) (buf []byte, err error) {
-	n, err := p.DecodeVarint()
-	if err != nil {
-		return nil, err
-	}
-
-	nb := int(n)
-	if nb < 0 {
-		return nil, fmt.Errorf("proto: bad byte length %d", nb)
-	}
-	end := p.index + nb
-	if end < p.index || end > len(p.buf) {
-		return nil, io.ErrUnexpectedEOF
-	}
-
-	if !alloc {
-		// todo: check if can get more uses of alloc=false
-		buf = p.buf[p.index:end]
-		p.index += nb
-		return
-	}
-
-	buf = make([]byte, nb)
-	copy(buf, p.buf[p.index:])
-	p.index += nb
-	return
-}
-
-// DecodeStringBytes reads an encoded string from the Buffer.
-// This is the format used for the proto2 string type.
-func (p *Buffer) DecodeStringBytes() (s string, err error) {
-	buf, err := p.DecodeRawBytes(false)
-	if err != nil {
-		return
-	}
-	return string(buf), nil
-}
-
-// Unmarshaler is the interface representing objects that can
-// unmarshal themselves.  The argument points to data that may be
-// overwritten, so implementations should not keep references to the
-// buffer.
-// Unmarshal implementations should not clear the receiver.
-// Any unmarshaled data should be merged into the receiver.
-// Callers of Unmarshal that do not want to retain existing data
-// should Reset the receiver before calling Unmarshal.
-type Unmarshaler interface {
-	Unmarshal([]byte) error
-}
-
-// newUnmarshaler is the interface representing objects that can
-// unmarshal themselves. The semantics are identical to Unmarshaler.
-//
-// This exists to support protoc-gen-go generated messages.
-// The proto package will stop type-asserting to this interface in the future.
-//
-// DO NOT DEPEND ON THIS.
-type newUnmarshaler interface {
-	XXX_Unmarshal([]byte) error
-}
-
-// Unmarshal parses the protocol buffer representation in buf and places the
-// decoded result in pb.  If the struct underlying pb does not match
-// the data in buf, the results can be unpredictable.
-//
-// Unmarshal resets pb before starting to unmarshal, so any
-// existing data in pb is always removed. Use UnmarshalMerge
-// to preserve and append to existing data.
-func Unmarshal(buf []byte, pb Message) error {
-	pb.Reset()
-	if u, ok := pb.(newUnmarshaler); ok {
-		return u.XXX_Unmarshal(buf)
-	}
-	if u, ok := pb.(Unmarshaler); ok {
-		return u.Unmarshal(buf)
-	}
-	return NewBuffer(buf).Unmarshal(pb)
-}
-
-// UnmarshalMerge parses the protocol buffer representation in buf and
-// writes the decoded result to pb.  If the struct underlying pb does not match
-// the data in buf, the results can be unpredictable.
-//
-// UnmarshalMerge merges into existing data in pb.
-// Most code should use Unmarshal instead.
-func UnmarshalMerge(buf []byte, pb Message) error {
-	if u, ok := pb.(newUnmarshaler); ok {
-		return u.XXX_Unmarshal(buf)
-	}
-	if u, ok := pb.(Unmarshaler); ok {
-		// NOTE: The history of proto have unfortunately been inconsistent
-		// whether Unmarshaler should or should not implicitly clear itself.
-		// Some implementations do, most do not.
-		// Thus, calling this here may or may not do what people want.
-		//
-		// See https://github.com/golang/protobuf/issues/424
-		return u.Unmarshal(buf)
-	}
-	return NewBuffer(buf).Unmarshal(pb)
-}
-
-// DecodeMessage reads a count-delimited message from the Buffer.
-func (p *Buffer) DecodeMessage(pb Message) error {
-	enc, err := p.DecodeRawBytes(false)
-	if err != nil {
-		return err
-	}
-	return NewBuffer(enc).Unmarshal(pb)
-}
-
-// DecodeGroup reads a tag-delimited group from the Buffer.
-// StartGroup tag is already consumed. This function consumes
-// EndGroup tag.
-func (p *Buffer) DecodeGroup(pb Message) error {
-	b := p.buf[p.index:]
-	x, y := findEndGroup(b)
-	if x < 0 {
-		return io.ErrUnexpectedEOF
-	}
-	err := Unmarshal(b[:x], pb)
-	p.index += y
-	return err
-}
-
-// Unmarshal parses the protocol buffer representation in the
-// Buffer and places the decoded result in pb.  If the struct
-// underlying pb does not match the data in the buffer, the results can be
-// unpredictable.
-//
-// Unlike proto.Unmarshal, this does not reset pb before starting to unmarshal.
-func (p *Buffer) Unmarshal(pb Message) error {
-	// If the object can unmarshal itself, let it.
-	if u, ok := pb.(newUnmarshaler); ok {
-		err := u.XXX_Unmarshal(p.buf[p.index:])
-		p.index = len(p.buf)
-		return err
-	}
-	if u, ok := pb.(Unmarshaler); ok {
-		// NOTE: The history of proto have unfortunately been inconsistent
-		// whether Unmarshaler should or should not implicitly clear itself.
-		// Some implementations do, most do not.
-		// Thus, calling this here may or may not do what people want.
-		//
-		// See https://github.com/golang/protobuf/issues/424
-		err := u.Unmarshal(p.buf[p.index:])
-		p.index = len(p.buf)
-		return err
-	}
-
-	// Slow workaround for messages that aren't Unmarshalers.
-	// This includes some hand-coded .pb.go files and
-	// bootstrap protos.
-	// TODO: fix all of those and then add Unmarshal to
-	// the Message interface. Then:
-	// The cast above and code below can be deleted.
-	// The old unmarshaler can be deleted.
-	// Clients can call Unmarshal directly (can already do that, actually).
-	var info InternalMessageInfo
-	err := info.Unmarshal(pb, p.buf[p.index:])
-	p.index = len(p.buf)
-	return err
-}
diff --git a/vendor/github.com/golang/protobuf/proto/defaults.go b/vendor/github.com/golang/protobuf/proto/defaults.go
new file mode 100644
index 000000000..d399bf069
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/proto/defaults.go
@@ -0,0 +1,63 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proto
+
+import (
+	"google.golang.org/protobuf/reflect/protoreflect"
+)
+
+// SetDefaults sets unpopulated scalar fields to their default values.
+// Fields within a oneof are not set even if they have a default value.
+// SetDefaults is recursively called upon any populated message fields.
+func SetDefaults(m Message) {
+	if m != nil {
+		setDefaults(MessageReflect(m))
+	}
+}
+
+func setDefaults(m protoreflect.Message) {
+	fds := m.Descriptor().Fields()
+	for i := 0; i < fds.Len(); i++ {
+		fd := fds.Get(i)
+		if !m.Has(fd) {
+			if fd.HasDefault() && fd.ContainingOneof() == nil {
+				v := fd.Default()
+				if fd.Kind() == protoreflect.BytesKind {
+					v = protoreflect.ValueOf(append([]byte(nil), v.Bytes()...)) // copy the default bytes
+				}
+				m.Set(fd, v)
+			}
+			continue
+		}
+	}
+
+	m.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool {
+		switch {
+		// Handle singular message.
+		case fd.Cardinality() != protoreflect.Repeated:
+			if fd.Message() != nil {
+				setDefaults(m.Get(fd).Message())
+			}
+		// Handle list of messages.
+		case fd.IsList():
+			if fd.Message() != nil {
+				ls := m.Get(fd).List()
+				for i := 0; i < ls.Len(); i++ {
+					setDefaults(ls.Get(i).Message())
+				}
+			}
+		// Handle map of messages.
+		case fd.IsMap():
+			if fd.MapValue().Message() != nil {
+				ms := m.Get(fd).Map()
+				ms.Range(func(_ protoreflect.MapKey, v protoreflect.Value) bool {
+					setDefaults(v.Message())
+					return true
+				})
+			}
+		}
+		return true
+	})
+}
diff --git a/vendor/github.com/golang/protobuf/proto/deprecated.go b/vendor/github.com/golang/protobuf/proto/deprecated.go
index 35b882c09..e8db57e09 100644
--- a/vendor/github.com/golang/protobuf/proto/deprecated.go
+++ b/vendor/github.com/golang/protobuf/proto/deprecated.go
@@ -1,63 +1,113 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2018 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
 
 package proto
 
-import "errors"
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"strconv"
 
-// Deprecated: do not use.
+	protoV2 "google.golang.org/protobuf/proto"
+)
+
+var (
+	// Deprecated: No longer returned.
+	ErrNil = errors.New("proto: Marshal called with nil")
+
+	// Deprecated: No longer returned.
+	ErrTooLarge = errors.New("proto: message encodes to over 2 GB")
+
+	// Deprecated: No longer returned.
+	ErrInternalBadWireType = errors.New("proto: internal error: bad wiretype for oneof")
+)
+
+// Deprecated: Do not use.
 type Stats struct{ Emalloc, Dmalloc, Encode, Decode, Chit, Cmiss, Size uint64 }
 
-// Deprecated: do not use.
+// Deprecated: Do not use.
 func GetStats() Stats { return Stats{} }
 
-// Deprecated: do not use.
+// Deprecated: Do not use.
 func MarshalMessageSet(interface{}) ([]byte, error) {
 	return nil, errors.New("proto: not implemented")
 }
 
-// Deprecated: do not use.
+// Deprecated: Do not use.
 func UnmarshalMessageSet([]byte, interface{}) error {
 	return errors.New("proto: not implemented")
 }
 
-// Deprecated: do not use.
+// Deprecated: Do not use.
 func MarshalMessageSetJSON(interface{}) ([]byte, error) {
 	return nil, errors.New("proto: not implemented")
 }
 
-// Deprecated: do not use.
+// Deprecated: Do not use.
 func UnmarshalMessageSetJSON([]byte, interface{}) error {
 	return errors.New("proto: not implemented")
 }
 
-// Deprecated: do not use.
+// Deprecated: Do not use.
 func RegisterMessageSetType(Message, int32, string) {}
+
+// Deprecated: Do not use.
+func EnumName(m map[int32]string, v int32) string {
+	s, ok := m[v]
+	if ok {
+		return s
+	}
+	return strconv.Itoa(int(v))
+}
+
+// Deprecated: Do not use.
+func UnmarshalJSONEnum(m map[string]int32, data []byte, enumName string) (int32, error) {
+	if data[0] == '"' {
+		// New style: enums are strings.
+		var repr string
+		if err := json.Unmarshal(data, &repr); err != nil {
+			return -1, err
+		}
+		val, ok := m[repr]
+		if !ok {
+			return 0, fmt.Errorf("unrecognized enum %s value %q", enumName, repr)
+		}
+		return val, nil
+	}
+	// Old style: enums are ints.
+	var val int32
+	if err := json.Unmarshal(data, &val); err != nil {
+		return 0, fmt.Errorf("cannot unmarshal %#q into enum %s", data, enumName)
+	}
+	return val, nil
+}
+
+// Deprecated: Do not use; this type existed for intenal-use only.
+type InternalMessageInfo struct{}
+
+// Deprecated: Do not use; this method existed for intenal-use only.
+func (*InternalMessageInfo) DiscardUnknown(m Message) {
+	DiscardUnknown(m)
+}
+
+// Deprecated: Do not use; this method existed for intenal-use only.
+func (*InternalMessageInfo) Marshal(b []byte, m Message, deterministic bool) ([]byte, error) {
+	return protoV2.MarshalOptions{Deterministic: deterministic}.MarshalAppend(b, MessageV2(m))
+}
+
+// Deprecated: Do not use; this method existed for intenal-use only.
+func (*InternalMessageInfo) Merge(dst, src Message) {
+	protoV2.Merge(MessageV2(dst), MessageV2(src))
+}
+
+// Deprecated: Do not use; this method existed for intenal-use only.
+func (*InternalMessageInfo) Size(m Message) int {
+	return protoV2.Size(MessageV2(m))
+}
+
+// Deprecated: Do not use; this method existed for intenal-use only.
+func (*InternalMessageInfo) Unmarshal(m Message, b []byte) error {
+	return protoV2.UnmarshalOptions{Merge: true}.Unmarshal(b, MessageV2(m))
+}
diff --git a/vendor/github.com/golang/protobuf/proto/discard.go b/vendor/github.com/golang/protobuf/proto/discard.go
index dea2617ce..2187e877f 100644
--- a/vendor/github.com/golang/protobuf/proto/discard.go
+++ b/vendor/github.com/golang/protobuf/proto/discard.go
@@ -1,48 +1,13 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2017 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
 
 package proto
 
 import (
-	"fmt"
-	"reflect"
-	"strings"
-	"sync"
-	"sync/atomic"
+	"google.golang.org/protobuf/reflect/protoreflect"
 )
 
-type generatedDiscarder interface {
-	XXX_DiscardUnknown()
-}
-
 // DiscardUnknown recursively discards all unknown fields from this message
 // and all embedded messages.
 //
@@ -51,300 +16,43 @@ type generatedDiscarder interface {
 // marshal to be able to produce a message that continues to have those
 // unrecognized fields. To avoid this, DiscardUnknown is used to
 // explicitly clear the unknown fields after unmarshaling.
-//
-// For proto2 messages, the unknown fields of message extensions are only
-// discarded from messages that have been accessed via GetExtension.
 func DiscardUnknown(m Message) {
-	if m, ok := m.(generatedDiscarder); ok {
-		m.XXX_DiscardUnknown()
-		return
-	}
-	// TODO: Dynamically populate a InternalMessageInfo for legacy messages,
-	// but the master branch has no implementation for InternalMessageInfo,
-	// so it would be more work to replicate that approach.
-	discardLegacy(m)
-}
-
-// DiscardUnknown recursively discards all unknown fields.
-func (a *InternalMessageInfo) DiscardUnknown(m Message) {
-	di := atomicLoadDiscardInfo(&a.discard)
-	if di == nil {
-		di = getDiscardInfo(reflect.TypeOf(m).Elem())
-		atomicStoreDiscardInfo(&a.discard, di)
-	}
-	di.discard(toPointer(&m))
-}
-
-type discardInfo struct {
-	typ reflect.Type
-
-	initialized int32 // 0: only typ is valid, 1: everything is valid
-	lock        sync.Mutex
-
-	fields       []discardFieldInfo
-	unrecognized field
-}
-
-type discardFieldInfo struct {
-	field   field // Offset of field, guaranteed to be valid
-	discard func(src pointer)
-}
-
-var (
-	discardInfoMap  = map[reflect.Type]*discardInfo{}
-	discardInfoLock sync.Mutex
-)
-
-func getDiscardInfo(t reflect.Type) *discardInfo {
-	discardInfoLock.Lock()
-	defer discardInfoLock.Unlock()
-	di := discardInfoMap[t]
-	if di == nil {
-		di = &discardInfo{typ: t}
-		discardInfoMap[t] = di
+	if m != nil {
+		discardUnknown(MessageReflect(m))
 	}
-	return di
 }
 
-func (di *discardInfo) discard(src pointer) {
-	if src.isNil() {
-		return // Nothing to do.
-	}
-
-	if atomic.LoadInt32(&di.initialized) == 0 {
-		di.computeDiscardInfo()
-	}
-
-	for _, fi := range di.fields {
-		sfp := src.offset(fi.field)
-		fi.discard(sfp)
-	}
-
-	// For proto2 messages, only discard unknown fields in message extensions
-	// that have been accessed via GetExtension.
-	if em, err := extendable(src.asPointerTo(di.typ).Interface()); err == nil {
-		// Ignore lock since DiscardUnknown is not concurrency safe.
-		emm, _ := em.extensionsRead()
-		for _, mx := range emm {
-			if m, ok := mx.value.(Message); ok {
-				DiscardUnknown(m)
+func discardUnknown(m protoreflect.Message) {
+	m.Range(func(fd protoreflect.FieldDescriptor, val protoreflect.Value) bool {
+		switch {
+		// Handle singular message.
+		case fd.Cardinality() != protoreflect.Repeated:
+			if fd.Message() != nil {
+				discardUnknown(m.Get(fd).Message())
 			}
-		}
-	}
-
-	if di.unrecognized.IsValid() {
-		*src.offset(di.unrecognized).toBytes() = nil
-	}
-}
-
-func (di *discardInfo) computeDiscardInfo() {
-	di.lock.Lock()
-	defer di.lock.Unlock()
-	if di.initialized != 0 {
-		return
-	}
-	t := di.typ
-	n := t.NumField()
-
-	for i := 0; i < n; i++ {
-		f := t.Field(i)
-		if strings.HasPrefix(f.Name, "XXX_") {
-			continue
-		}
-
-		dfi := discardFieldInfo{field: toField(&f)}
-		tf := f.Type
-
-		// Unwrap tf to get its most basic type.
-		var isPointer, isSlice bool
-		if tf.Kind() == reflect.Slice && tf.Elem().Kind() != reflect.Uint8 {
-			isSlice = true
-			tf = tf.Elem()
-		}
-		if tf.Kind() == reflect.Ptr {
-			isPointer = true
-			tf = tf.Elem()
-		}
-		if isPointer && isSlice && tf.Kind() != reflect.Struct {
-			panic(fmt.Sprintf("%v.%s cannot be a slice of pointers to primitive types", t, f.Name))
-		}
-
-		switch tf.Kind() {
-		case reflect.Struct:
-			switch {
-			case !isPointer:
-				panic(fmt.Sprintf("%v.%s cannot be a direct struct value", t, f.Name))
-			case isSlice: // E.g., []*pb.T
-				di := getDiscardInfo(tf)
-				dfi.discard = func(src pointer) {
-					sps := src.getPointerSlice()
-					for _, sp := range sps {
-						if !sp.isNil() {
-							di.discard(sp)
-						}
-					}
-				}
-			default: // E.g., *pb.T
-				di := getDiscardInfo(tf)
-				dfi.discard = func(src pointer) {
-					sp := src.getPointer()
-					if !sp.isNil() {
-						di.discard(sp)
-					}
+		// Handle list of messages.
+		case fd.IsList():
+			if fd.Message() != nil {
+				ls := m.Get(fd).List()
+				for i := 0; i < ls.Len(); i++ {
+					discardUnknown(ls.Get(i).Message())
 				}
 			}
-		case reflect.Map:
-			switch {
-			case isPointer || isSlice:
-				panic(fmt.Sprintf("%v.%s cannot be a pointer to a map or a slice of map values", t, f.Name))
-			default: // E.g., map[K]V
-				if tf.Elem().Kind() == reflect.Ptr { // Proto struct (e.g., *T)
-					dfi.discard = func(src pointer) {
-						sm := src.asPointerTo(tf).Elem()
-						if sm.Len() == 0 {
-							return
-						}
-						for _, key := range sm.MapKeys() {
-							val := sm.MapIndex(key)
-							DiscardUnknown(val.Interface().(Message))
-						}
-					}
-				} else {
-					dfi.discard = func(pointer) {} // Noop
-				}
-			}
-		case reflect.Interface:
-			// Must be oneof field.
-			switch {
-			case isPointer || isSlice:
-				panic(fmt.Sprintf("%v.%s cannot be a pointer to a interface or a slice of interface values", t, f.Name))
-			default: // E.g., interface{}
-				// TODO: Make this faster?
-				dfi.discard = func(src pointer) {
-					su := src.asPointerTo(tf).Elem()
-					if !su.IsNil() {
-						sv := su.Elem().Elem().Field(0)
-						if sv.Kind() == reflect.Ptr && sv.IsNil() {
-							return
-						}
-						switch sv.Type().Kind() {
-						case reflect.Ptr: // Proto struct (e.g., *T)
-							DiscardUnknown(sv.Interface().(Message))
-						}
-					}
-				}
+		// Handle map of messages.
+		case fd.IsMap():
+			if fd.MapValue().Message() != nil {
+				ms := m.Get(fd).Map()
+				ms.Range(func(_ protoreflect.MapKey, v protoreflect.Value) bool {
+					discardUnknown(v.Message())
+					return true
+				})
 			}
-		default:
-			continue
-		}
-		di.fields = append(di.fields, dfi)
-	}
-
-	di.unrecognized = invalidField
-	if f, ok := t.FieldByName("XXX_unrecognized"); ok {
-		if f.Type != reflect.TypeOf([]byte{}) {
-			panic("expected XXX_unrecognized to be of type []byte")
-		}
-		di.unrecognized = toField(&f)
-	}
-
-	atomic.StoreInt32(&di.initialized, 1)
-}
-
-func discardLegacy(m Message) {
-	v := reflect.ValueOf(m)
-	if v.Kind() != reflect.Ptr || v.IsNil() {
-		return
-	}
-	v = v.Elem()
-	if v.Kind() != reflect.Struct {
-		return
-	}
-	t := v.Type()
-
-	for i := 0; i < v.NumField(); i++ {
-		f := t.Field(i)
-		if strings.HasPrefix(f.Name, "XXX_") {
-			continue
 		}
-		vf := v.Field(i)
-		tf := f.Type
+		return true
+	})
 
-		// Unwrap tf to get its most basic type.
-		var isPointer, isSlice bool
-		if tf.Kind() == reflect.Slice && tf.Elem().Kind() != reflect.Uint8 {
-			isSlice = true
-			tf = tf.Elem()
-		}
-		if tf.Kind() == reflect.Ptr {
-			isPointer = true
-			tf = tf.Elem()
-		}
-		if isPointer && isSlice && tf.Kind() != reflect.Struct {
-			panic(fmt.Sprintf("%T.%s cannot be a slice of pointers to primitive types", m, f.Name))
-		}
-
-		switch tf.Kind() {
-		case reflect.Struct:
-			switch {
-			case !isPointer:
-				panic(fmt.Sprintf("%T.%s cannot be a direct struct value", m, f.Name))
-			case isSlice: // E.g., []*pb.T
-				for j := 0; j < vf.Len(); j++ {
-					discardLegacy(vf.Index(j).Interface().(Message))
-				}
-			default: // E.g., *pb.T
-				discardLegacy(vf.Interface().(Message))
-			}
-		case reflect.Map:
-			switch {
-			case isPointer || isSlice:
-				panic(fmt.Sprintf("%T.%s cannot be a pointer to a map or a slice of map values", m, f.Name))
-			default: // E.g., map[K]V
-				tv := vf.Type().Elem()
-				if tv.Kind() == reflect.Ptr && tv.Implements(protoMessageType) { // Proto struct (e.g., *T)
-					for _, key := range vf.MapKeys() {
-						val := vf.MapIndex(key)
-						discardLegacy(val.Interface().(Message))
-					}
-				}
-			}
-		case reflect.Interface:
-			// Must be oneof field.
-			switch {
-			case isPointer || isSlice:
-				panic(fmt.Sprintf("%T.%s cannot be a pointer to a interface or a slice of interface values", m, f.Name))
-			default: // E.g., test_proto.isCommunique_Union interface
-				if !vf.IsNil() && f.Tag.Get("protobuf_oneof") != "" {
-					vf = vf.Elem() // E.g., *test_proto.Communique_Msg
-					if !vf.IsNil() {
-						vf = vf.Elem()   // E.g., test_proto.Communique_Msg
-						vf = vf.Field(0) // E.g., Proto struct (e.g., *T) or primitive value
-						if vf.Kind() == reflect.Ptr {
-							discardLegacy(vf.Interface().(Message))
-						}
-					}
-				}
-			}
-		}
-	}
-
-	if vf := v.FieldByName("XXX_unrecognized"); vf.IsValid() {
-		if vf.Type() != reflect.TypeOf([]byte{}) {
-			panic("expected XXX_unrecognized to be of type []byte")
-		}
-		vf.Set(reflect.ValueOf([]byte(nil)))
-	}
-
-	// For proto2 messages, only discard unknown fields in message extensions
-	// that have been accessed via GetExtension.
-	if em, err := extendable(m); err == nil {
-		// Ignore lock since discardLegacy is not concurrency safe.
-		emm, _ := em.extensionsRead()
-		for _, mx := range emm {
-			if m, ok := mx.value.(Message); ok {
-				discardLegacy(m)
-			}
-		}
+	// Discard unknown fields.
+	if len(m.GetUnknown()) > 0 {
+		m.SetUnknown(nil)
 	}
 }
diff --git a/vendor/github.com/golang/protobuf/proto/encode.go b/vendor/github.com/golang/protobuf/proto/encode.go
deleted file mode 100644
index 3abfed2cf..000000000
--- a/vendor/github.com/golang/protobuf/proto/encode.go
+++ /dev/null
@@ -1,203 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-/*
- * Routines for encoding data into the wire format for protocol buffers.
- */
-
-import (
-	"errors"
-	"reflect"
-)
-
-var (
-	// errRepeatedHasNil is the error returned if Marshal is called with
-	// a struct with a repeated field containing a nil element.
-	errRepeatedHasNil = errors.New("proto: repeated field has nil element")
-
-	// errOneofHasNil is the error returned if Marshal is called with
-	// a struct with a oneof field containing a nil element.
-	errOneofHasNil = errors.New("proto: oneof field has nil value")
-
-	// ErrNil is the error returned if Marshal is called with nil.
-	ErrNil = errors.New("proto: Marshal called with nil")
-
-	// ErrTooLarge is the error returned if Marshal is called with a
-	// message that encodes to >2GB.
-	ErrTooLarge = errors.New("proto: message encodes to over 2 GB")
-)
-
-// The fundamental encoders that put bytes on the wire.
-// Those that take integer types all accept uint64 and are
-// therefore of type valueEncoder.
-
-const maxVarintBytes = 10 // maximum length of a varint
-
-// EncodeVarint returns the varint encoding of x.
-// This is the format for the
-// int32, int64, uint32, uint64, bool, and enum
-// protocol buffer types.
-// Not used by the package itself, but helpful to clients
-// wishing to use the same encoding.
-func EncodeVarint(x uint64) []byte {
-	var buf [maxVarintBytes]byte
-	var n int
-	for n = 0; x > 127; n++ {
-		buf[n] = 0x80 | uint8(x&0x7F)
-		x >>= 7
-	}
-	buf[n] = uint8(x)
-	n++
-	return buf[0:n]
-}
-
-// EncodeVarint writes a varint-encoded integer to the Buffer.
-// This is the format for the
-// int32, int64, uint32, uint64, bool, and enum
-// protocol buffer types.
-func (p *Buffer) EncodeVarint(x uint64) error {
-	for x >= 1<<7 {
-		p.buf = append(p.buf, uint8(x&0x7f|0x80))
-		x >>= 7
-	}
-	p.buf = append(p.buf, uint8(x))
-	return nil
-}
-
-// SizeVarint returns the varint encoding size of an integer.
-func SizeVarint(x uint64) int {
-	switch {
-	case x < 1<<7:
-		return 1
-	case x < 1<<14:
-		return 2
-	case x < 1<<21:
-		return 3
-	case x < 1<<28:
-		return 4
-	case x < 1<<35:
-		return 5
-	case x < 1<<42:
-		return 6
-	case x < 1<<49:
-		return 7
-	case x < 1<<56:
-		return 8
-	case x < 1<<63:
-		return 9
-	}
-	return 10
-}
-
-// EncodeFixed64 writes a 64-bit integer to the Buffer.
-// This is the format for the
-// fixed64, sfixed64, and double protocol buffer types.
-func (p *Buffer) EncodeFixed64(x uint64) error {
-	p.buf = append(p.buf,
-		uint8(x),
-		uint8(x>>8),
-		uint8(x>>16),
-		uint8(x>>24),
-		uint8(x>>32),
-		uint8(x>>40),
-		uint8(x>>48),
-		uint8(x>>56))
-	return nil
-}
-
-// EncodeFixed32 writes a 32-bit integer to the Buffer.
-// This is the format for the
-// fixed32, sfixed32, and float protocol buffer types.
-func (p *Buffer) EncodeFixed32(x uint64) error {
-	p.buf = append(p.buf,
-		uint8(x),
-		uint8(x>>8),
-		uint8(x>>16),
-		uint8(x>>24))
-	return nil
-}
-
-// EncodeZigzag64 writes a zigzag-encoded 64-bit integer
-// to the Buffer.
-// This is the format used for the sint64 protocol buffer type.
-func (p *Buffer) EncodeZigzag64(x uint64) error {
-	// use signed number to get arithmetic right shift.
-	return p.EncodeVarint(uint64((x << 1) ^ uint64((int64(x) >> 63))))
-}
-
-// EncodeZigzag32 writes a zigzag-encoded 32-bit integer
-// to the Buffer.
-// This is the format used for the sint32 protocol buffer type.
-func (p *Buffer) EncodeZigzag32(x uint64) error {
-	// use signed number to get arithmetic right shift.
-	return p.EncodeVarint(uint64((uint32(x) << 1) ^ uint32((int32(x) >> 31))))
-}
-
-// EncodeRawBytes writes a count-delimited byte buffer to the Buffer.
-// This is the format used for the bytes protocol buffer
-// type and for embedded messages.
-func (p *Buffer) EncodeRawBytes(b []byte) error {
-	p.EncodeVarint(uint64(len(b)))
-	p.buf = append(p.buf, b...)
-	return nil
-}
-
-// EncodeStringBytes writes an encoded string to the Buffer.
-// This is the format used for the proto2 string type.
-func (p *Buffer) EncodeStringBytes(s string) error {
-	p.EncodeVarint(uint64(len(s)))
-	p.buf = append(p.buf, s...)
-	return nil
-}
-
-// Marshaler is the interface representing objects that can marshal themselves.
-type Marshaler interface {
-	Marshal() ([]byte, error)
-}
-
-// EncodeMessage writes the protocol buffer to the Buffer,
-// prefixed by a varint-encoded length.
-func (p *Buffer) EncodeMessage(pb Message) error {
-	siz := Size(pb)
-	p.EncodeVarint(uint64(siz))
-	return p.Marshal(pb)
-}
-
-// All protocol buffer fields are nillable, but be careful.
-func isNil(v reflect.Value) bool {
-	switch v.Kind() {
-	case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice:
-		return v.IsNil()
-	}
-	return false
-}
diff --git a/vendor/github.com/golang/protobuf/proto/equal.go b/vendor/github.com/golang/protobuf/proto/equal.go
deleted file mode 100644
index f9b6e41b3..000000000
--- a/vendor/github.com/golang/protobuf/proto/equal.go
+++ /dev/null
@@ -1,301 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2011 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// Protocol buffer comparison.
-
-package proto
-
-import (
-	"bytes"
-	"log"
-	"reflect"
-	"strings"
-)
-
-/*
-Equal returns true iff protocol buffers a and b are equal.
-The arguments must both be pointers to protocol buffer structs.
-
-Equality is defined in this way:
-  - Two messages are equal iff they are the same type,
-    corresponding fields are equal, unknown field sets
-    are equal, and extensions sets are equal.
-  - Two set scalar fields are equal iff their values are equal.
-    If the fields are of a floating-point type, remember that
-    NaN != x for all x, including NaN. If the message is defined
-    in a proto3 .proto file, fields are not "set"; specifically,
-    zero length proto3 "bytes" fields are equal (nil == {}).
-  - Two repeated fields are equal iff their lengths are the same,
-    and their corresponding elements are equal. Note a "bytes" field,
-    although represented by []byte, is not a repeated field and the
-    rule for the scalar fields described above applies.
-  - Two unset fields are equal.
-  - Two unknown field sets are equal if their current
-    encoded state is equal.
-  - Two extension sets are equal iff they have corresponding
-    elements that are pairwise equal.
-  - Two map fields are equal iff their lengths are the same,
-    and they contain the same set of elements. Zero-length map
-    fields are equal.
-  - Every other combination of things are not equal.
-
-The return value is undefined if a and b are not protocol buffers.
-*/
-func Equal(a, b Message) bool {
-	if a == nil || b == nil {
-		return a == b
-	}
-	v1, v2 := reflect.ValueOf(a), reflect.ValueOf(b)
-	if v1.Type() != v2.Type() {
-		return false
-	}
-	if v1.Kind() == reflect.Ptr {
-		if v1.IsNil() {
-			return v2.IsNil()
-		}
-		if v2.IsNil() {
-			return false
-		}
-		v1, v2 = v1.Elem(), v2.Elem()
-	}
-	if v1.Kind() != reflect.Struct {
-		return false
-	}
-	return equalStruct(v1, v2)
-}
-
-// v1 and v2 are known to have the same type.
-func equalStruct(v1, v2 reflect.Value) bool {
-	sprop := GetProperties(v1.Type())
-	for i := 0; i < v1.NumField(); i++ {
-		f := v1.Type().Field(i)
-		if strings.HasPrefix(f.Name, "XXX_") {
-			continue
-		}
-		f1, f2 := v1.Field(i), v2.Field(i)
-		if f.Type.Kind() == reflect.Ptr {
-			if n1, n2 := f1.IsNil(), f2.IsNil(); n1 && n2 {
-				// both unset
-				continue
-			} else if n1 != n2 {
-				// set/unset mismatch
-				return false
-			}
-			f1, f2 = f1.Elem(), f2.Elem()
-		}
-		if !equalAny(f1, f2, sprop.Prop[i]) {
-			return false
-		}
-	}
-
-	if em1 := v1.FieldByName("XXX_InternalExtensions"); em1.IsValid() {
-		em2 := v2.FieldByName("XXX_InternalExtensions")
-		if !equalExtensions(v1.Type(), em1.Interface().(XXX_InternalExtensions), em2.Interface().(XXX_InternalExtensions)) {
-			return false
-		}
-	}
-
-	if em1 := v1.FieldByName("XXX_extensions"); em1.IsValid() {
-		em2 := v2.FieldByName("XXX_extensions")
-		if !equalExtMap(v1.Type(), em1.Interface().(map[int32]Extension), em2.Interface().(map[int32]Extension)) {
-			return false
-		}
-	}
-
-	uf := v1.FieldByName("XXX_unrecognized")
-	if !uf.IsValid() {
-		return true
-	}
-
-	u1 := uf.Bytes()
-	u2 := v2.FieldByName("XXX_unrecognized").Bytes()
-	return bytes.Equal(u1, u2)
-}
-
-// v1 and v2 are known to have the same type.
-// prop may be nil.
-func equalAny(v1, v2 reflect.Value, prop *Properties) bool {
-	if v1.Type() == protoMessageType {
-		m1, _ := v1.Interface().(Message)
-		m2, _ := v2.Interface().(Message)
-		return Equal(m1, m2)
-	}
-	switch v1.Kind() {
-	case reflect.Bool:
-		return v1.Bool() == v2.Bool()
-	case reflect.Float32, reflect.Float64:
-		return v1.Float() == v2.Float()
-	case reflect.Int32, reflect.Int64:
-		return v1.Int() == v2.Int()
-	case reflect.Interface:
-		// Probably a oneof field; compare the inner values.
-		n1, n2 := v1.IsNil(), v2.IsNil()
-		if n1 || n2 {
-			return n1 == n2
-		}
-		e1, e2 := v1.Elem(), v2.Elem()
-		if e1.Type() != e2.Type() {
-			return false
-		}
-		return equalAny(e1, e2, nil)
-	case reflect.Map:
-		if v1.Len() != v2.Len() {
-			return false
-		}
-		for _, key := range v1.MapKeys() {
-			val2 := v2.MapIndex(key)
-			if !val2.IsValid() {
-				// This key was not found in the second map.
-				return false
-			}
-			if !equalAny(v1.MapIndex(key), val2, nil) {
-				return false
-			}
-		}
-		return true
-	case reflect.Ptr:
-		// Maps may have nil values in them, so check for nil.
-		if v1.IsNil() && v2.IsNil() {
-			return true
-		}
-		if v1.IsNil() != v2.IsNil() {
-			return false
-		}
-		return equalAny(v1.Elem(), v2.Elem(), prop)
-	case reflect.Slice:
-		if v1.Type().Elem().Kind() == reflect.Uint8 {
-			// short circuit: []byte
-
-			// Edge case: if this is in a proto3 message, a zero length
-			// bytes field is considered the zero value.
-			if prop != nil && prop.proto3 && v1.Len() == 0 && v2.Len() == 0 {
-				return true
-			}
-			if v1.IsNil() != v2.IsNil() {
-				return false
-			}
-			return bytes.Equal(v1.Interface().([]byte), v2.Interface().([]byte))
-		}
-
-		if v1.Len() != v2.Len() {
-			return false
-		}
-		for i := 0; i < v1.Len(); i++ {
-			if !equalAny(v1.Index(i), v2.Index(i), prop) {
-				return false
-			}
-		}
-		return true
-	case reflect.String:
-		return v1.Interface().(string) == v2.Interface().(string)
-	case reflect.Struct:
-		return equalStruct(v1, v2)
-	case reflect.Uint32, reflect.Uint64:
-		return v1.Uint() == v2.Uint()
-	}
-
-	// unknown type, so not a protocol buffer
-	log.Printf("proto: don't know how to compare %v", v1)
-	return false
-}
-
-// base is the struct type that the extensions are based on.
-// x1 and x2 are InternalExtensions.
-func equalExtensions(base reflect.Type, x1, x2 XXX_InternalExtensions) bool {
-	em1, _ := x1.extensionsRead()
-	em2, _ := x2.extensionsRead()
-	return equalExtMap(base, em1, em2)
-}
-
-func equalExtMap(base reflect.Type, em1, em2 map[int32]Extension) bool {
-	if len(em1) != len(em2) {
-		return false
-	}
-
-	for extNum, e1 := range em1 {
-		e2, ok := em2[extNum]
-		if !ok {
-			return false
-		}
-
-		m1 := extensionAsLegacyType(e1.value)
-		m2 := extensionAsLegacyType(e2.value)
-
-		if m1 == nil && m2 == nil {
-			// Both have only encoded form.
-			if bytes.Equal(e1.enc, e2.enc) {
-				continue
-			}
-			// The bytes are different, but the extensions might still be
-			// equal. We need to decode them to compare.
-		}
-
-		if m1 != nil && m2 != nil {
-			// Both are unencoded.
-			if !equalAny(reflect.ValueOf(m1), reflect.ValueOf(m2), nil) {
-				return false
-			}
-			continue
-		}
-
-		// At least one is encoded. To do a semantically correct comparison
-		// we need to unmarshal them first.
-		var desc *ExtensionDesc
-		if m := extensionMaps[base]; m != nil {
-			desc = m[extNum]
-		}
-		if desc == nil {
-			// If both have only encoded form and the bytes are the same,
-			// it is handled above. We get here when the bytes are different.
-			// We don't know how to decode it, so just compare them as byte
-			// slices.
-			log.Printf("proto: don't know how to compare extension %d of %v", extNum, base)
-			return false
-		}
-		var err error
-		if m1 == nil {
-			m1, err = decodeExtension(e1.enc, desc)
-		}
-		if m2 == nil && err == nil {
-			m2, err = decodeExtension(e2.enc, desc)
-		}
-		if err != nil {
-			// The encoded form is invalid.
-			log.Printf("proto: badly encoded extension %d of %v: %v", extNum, base, err)
-			return false
-		}
-		if !equalAny(reflect.ValueOf(m1), reflect.ValueOf(m2), nil) {
-			return false
-		}
-	}
-
-	return true
-}
diff --git a/vendor/github.com/golang/protobuf/proto/extensions.go b/vendor/github.com/golang/protobuf/proto/extensions.go
index fa88add30..42fc120c9 100644
--- a/vendor/github.com/golang/protobuf/proto/extensions.go
+++ b/vendor/github.com/golang/protobuf/proto/extensions.go
@@ -1,607 +1,356 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
 
 package proto
 
-/*
- * Types and routines for supporting protocol buffer extensions.
- */
-
 import (
 	"errors"
 	"fmt"
-	"io"
 	"reflect"
-	"strconv"
-	"sync"
-)
-
-// ErrMissingExtension is the error returned by GetExtension if the named extension is not in the message.
-var ErrMissingExtension = errors.New("proto: missing extension")
-
-// ExtensionRange represents a range of message extensions for a protocol buffer.
-// Used in code generated by the protocol compiler.
-type ExtensionRange struct {
-	Start, End int32 // both inclusive
-}
-
-// extendableProto is an interface implemented by any protocol buffer generated by the current
-// proto compiler that may be extended.
-type extendableProto interface {
-	Message
-	ExtensionRangeArray() []ExtensionRange
-	extensionsWrite() map[int32]Extension
-	extensionsRead() (map[int32]Extension, sync.Locker)
-}
-
-// extendableProtoV1 is an interface implemented by a protocol buffer generated by the previous
-// version of the proto compiler that may be extended.
-type extendableProtoV1 interface {
-	Message
-	ExtensionRangeArray() []ExtensionRange
-	ExtensionMap() map[int32]Extension
-}
 
-// extensionAdapter is a wrapper around extendableProtoV1 that implements extendableProto.
-type extensionAdapter struct {
-	extendableProtoV1
-}
+	"google.golang.org/protobuf/encoding/protowire"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/reflect/protoregistry"
+	"google.golang.org/protobuf/runtime/protoiface"
+	"google.golang.org/protobuf/runtime/protoimpl"
+)
 
-func (e extensionAdapter) extensionsWrite() map[int32]Extension {
-	return e.ExtensionMap()
-}
+type (
+	// ExtensionDesc represents an extension descriptor and
+	// is used to interact with an extension field in a message.
+	//
+	// Variables of this type are generated in code by protoc-gen-go.
+	ExtensionDesc = protoimpl.ExtensionInfo
 
-func (e extensionAdapter) extensionsRead() (map[int32]Extension, sync.Locker) {
-	return e.ExtensionMap(), notLocker{}
-}
+	// ExtensionRange represents a range of message extensions.
+	// Used in code generated by protoc-gen-go.
+	ExtensionRange = protoiface.ExtensionRangeV1
 
-// notLocker is a sync.Locker whose Lock and Unlock methods are nops.
-type notLocker struct{}
+	// Deprecated: Do not use; this is an internal type.
+	Extension = protoimpl.ExtensionFieldV1
 
-func (n notLocker) Lock()   {}
-func (n notLocker) Unlock() {}
+	// Deprecated: Do not use; this is an internal type.
+	XXX_InternalExtensions = protoimpl.ExtensionFields
+)
 
-// extendable returns the extendableProto interface for the given generated proto message.
-// If the proto message has the old extension format, it returns a wrapper that implements
-// the extendableProto interface.
-func extendable(p interface{}) (extendableProto, error) {
-	switch p := p.(type) {
-	case extendableProto:
-		if isNilPtr(p) {
-			return nil, fmt.Errorf("proto: nil %T is not extendable", p)
-		}
-		return p, nil
-	case extendableProtoV1:
-		if isNilPtr(p) {
-			return nil, fmt.Errorf("proto: nil %T is not extendable", p)
-		}
-		return extensionAdapter{p}, nil
-	}
-	// Don't allocate a specific error containing %T:
-	// this is the hot path for Clone and MarshalText.
-	return nil, errNotExtendable
-}
+// ErrMissingExtension reports whether the extension was not present.
+var ErrMissingExtension = errors.New("proto: missing extension")
 
 var errNotExtendable = errors.New("proto: not an extendable proto.Message")
 
-func isNilPtr(x interface{}) bool {
-	v := reflect.ValueOf(x)
-	return v.Kind() == reflect.Ptr && v.IsNil()
-}
-
-// XXX_InternalExtensions is an internal representation of proto extensions.
-//
-// Each generated message struct type embeds an anonymous XXX_InternalExtensions field,
-// thus gaining the unexported 'extensions' method, which can be called only from the proto package.
-//
-// The methods of XXX_InternalExtensions are not concurrency safe in general,
-// but calls to logically read-only methods such as has and get may be executed concurrently.
-type XXX_InternalExtensions struct {
-	// The struct must be indirect so that if a user inadvertently copies a
-	// generated message and its embedded XXX_InternalExtensions, they
-	// avoid the mayhem of a copied mutex.
-	//
-	// The mutex serializes all logically read-only operations to p.extensionMap.
-	// It is up to the client to ensure that write operations to p.extensionMap are
-	// mutually exclusive with other accesses.
-	p *struct {
-		mu           sync.Mutex
-		extensionMap map[int32]Extension
+// HasExtension reports whether the extension field is present in m
+// either as an explicitly populated field or as an unknown field.
+func HasExtension(m Message, xt *ExtensionDesc) (has bool) {
+	mr := MessageReflect(m)
+	if mr == nil || !mr.IsValid() {
+		return false
 	}
-}
 
-// extensionsWrite returns the extension map, creating it on first use.
-func (e *XXX_InternalExtensions) extensionsWrite() map[int32]Extension {
-	if e.p == nil {
-		e.p = new(struct {
-			mu           sync.Mutex
-			extensionMap map[int32]Extension
+	// Check whether any populated known field matches the field number.
+	xtd := xt.TypeDescriptor()
+	if isValidExtension(mr.Descriptor(), xtd) {
+		has = mr.Has(xtd)
+	} else {
+		mr.Range(func(fd protoreflect.FieldDescriptor, _ protoreflect.Value) bool {
+			has = int32(fd.Number()) == xt.Field
+			return !has
 		})
-		e.p.extensionMap = make(map[int32]Extension)
 	}
-	return e.p.extensionMap
-}
 
-// extensionsRead returns the extensions map for read-only use.  It may be nil.
-// The caller must hold the returned mutex's lock when accessing Elements within the map.
-func (e *XXX_InternalExtensions) extensionsRead() (map[int32]Extension, sync.Locker) {
-	if e.p == nil {
-		return nil, nil
+	// Check whether any unknown field matches the field number.
+	for b := mr.GetUnknown(); !has && len(b) > 0; {
+		num, _, n := protowire.ConsumeField(b)
+		has = int32(num) == xt.Field
+		b = b[n:]
 	}
-	return e.p.extensionMap, &e.p.mu
-}
-
-// ExtensionDesc represents an extension specification.
-// Used in generated code from the protocol compiler.
-type ExtensionDesc struct {
-	ExtendedType  Message     // nil pointer to the type that is being extended
-	ExtensionType interface{} // nil pointer to the extension type
-	Field         int32       // field number
-	Name          string      // fully-qualified name of extension, for text formatting
-	Tag           string      // protobuf tag style
-	Filename      string      // name of the file in which the extension is defined
-}
-
-func (ed *ExtensionDesc) repeated() bool {
-	t := reflect.TypeOf(ed.ExtensionType)
-	return t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8
-}
-
-// Extension represents an extension in a message.
-type Extension struct {
-	// When an extension is stored in a message using SetExtension
-	// only desc and value are set. When the message is marshaled
-	// enc will be set to the encoded form of the message.
-	//
-	// When a message is unmarshaled and contains extensions, each
-	// extension will have only enc set. When such an extension is
-	// accessed using GetExtension (or GetExtensions) desc and value
-	// will be set.
-	desc *ExtensionDesc
-
-	// value is a concrete value for the extension field. Let the type of
-	// desc.ExtensionType be the "API type" and the type of Extension.value
-	// be the "storage type". The API type and storage type are the same except:
-	//	* For scalars (except []byte), the API type uses *T,
-	//	while the storage type uses T.
-	//	* For repeated fields, the API type uses []T, while the storage type
-	//	uses *[]T.
-	//
-	// The reason for the divergence is so that the storage type more naturally
-	// matches what is expected of when retrieving the values through the
-	// protobuf reflection APIs.
-	//
-	// The value may only be populated if desc is also populated.
-	value interface{}
-
-	// enc is the raw bytes for the extension field.
-	enc []byte
+	return has
 }
 
-// SetRawExtension is for testing only.
-func SetRawExtension(base Message, id int32, b []byte) {
-	epb, err := extendable(base)
-	if err != nil {
+// ClearExtension removes the extension field from m
+// either as an explicitly populated field or as an unknown field.
+func ClearExtension(m Message, xt *ExtensionDesc) {
+	mr := MessageReflect(m)
+	if mr == nil || !mr.IsValid() {
 		return
 	}
-	extmap := epb.extensionsWrite()
-	extmap[id] = Extension{enc: b}
-}
 
-// isExtensionField returns true iff the given field number is in an extension range.
-func isExtensionField(pb extendableProto, field int32) bool {
-	for _, er := range pb.ExtensionRangeArray() {
-		if er.Start <= field && field <= er.End {
+	xtd := xt.TypeDescriptor()
+	if isValidExtension(mr.Descriptor(), xtd) {
+		mr.Clear(xtd)
+	} else {
+		mr.Range(func(fd protoreflect.FieldDescriptor, _ protoreflect.Value) bool {
+			if int32(fd.Number()) == xt.Field {
+				mr.Clear(fd)
+				return false
+			}
 			return true
-		}
-	}
-	return false
-}
-
-// checkExtensionTypes checks that the given extension is valid for pb.
-func checkExtensionTypes(pb extendableProto, extension *ExtensionDesc) error {
-	var pbi interface{} = pb
-	// Check the extended type.
-	if ea, ok := pbi.(extensionAdapter); ok {
-		pbi = ea.extendableProtoV1
-	}
-	if a, b := reflect.TypeOf(pbi), reflect.TypeOf(extension.ExtendedType); a != b {
-		return fmt.Errorf("proto: bad extended type; %v does not extend %v", b, a)
-	}
-	// Check the range.
-	if !isExtensionField(pb, extension.Field) {
-		return errors.New("proto: bad extension number; not in declared ranges")
-	}
-	return nil
-}
-
-// extPropKey is sufficient to uniquely identify an extension.
-type extPropKey struct {
-	base  reflect.Type
-	field int32
-}
-
-var extProp = struct {
-	sync.RWMutex
-	m map[extPropKey]*Properties
-}{
-	m: make(map[extPropKey]*Properties),
-}
-
-func extensionProperties(ed *ExtensionDesc) *Properties {
-	key := extPropKey{base: reflect.TypeOf(ed.ExtendedType), field: ed.Field}
-
-	extProp.RLock()
-	if prop, ok := extProp.m[key]; ok {
-		extProp.RUnlock()
-		return prop
-	}
-	extProp.RUnlock()
-
-	extProp.Lock()
-	defer extProp.Unlock()
-	// Check again.
-	if prop, ok := extProp.m[key]; ok {
-		return prop
-	}
-
-	prop := new(Properties)
-	prop.Init(reflect.TypeOf(ed.ExtensionType), "unknown_name", ed.Tag, nil)
-	extProp.m[key] = prop
-	return prop
-}
-
-// HasExtension returns whether the given extension is present in pb.
-func HasExtension(pb Message, extension *ExtensionDesc) bool {
-	// TODO: Check types, field numbers, etc.?
-	epb, err := extendable(pb)
-	if err != nil {
-		return false
-	}
-	extmap, mu := epb.extensionsRead()
-	if extmap == nil {
-		return false
+		})
 	}
-	mu.Lock()
-	_, ok := extmap[extension.Field]
-	mu.Unlock()
-	return ok
+	clearUnknown(mr, fieldNum(xt.Field))
 }
 
-// ClearExtension removes the given extension from pb.
-func ClearExtension(pb Message, extension *ExtensionDesc) {
-	epb, err := extendable(pb)
-	if err != nil {
+// ClearAllExtensions clears all extensions from m.
+// This includes populated fields and unknown fields in the extension range.
+func ClearAllExtensions(m Message) {
+	mr := MessageReflect(m)
+	if mr == nil || !mr.IsValid() {
 		return
 	}
-	// TODO: Check types, field numbers, etc.?
-	extmap := epb.extensionsWrite()
-	delete(extmap, extension.Field)
+
+	mr.Range(func(fd protoreflect.FieldDescriptor, _ protoreflect.Value) bool {
+		if fd.IsExtension() {
+			mr.Clear(fd)
+		}
+		return true
+	})
+	clearUnknown(mr, mr.Descriptor().ExtensionRanges())
 }
 
-// GetExtension retrieves a proto2 extended field from pb.
+// GetExtension retrieves a proto2 extended field from m.
 //
 // If the descriptor is type complete (i.e., ExtensionDesc.ExtensionType is non-nil),
 // then GetExtension parses the encoded field and returns a Go value of the specified type.
 // If the field is not present, then the default value is returned (if one is specified),
 // otherwise ErrMissingExtension is reported.
 //
-// If the descriptor is not type complete (i.e., ExtensionDesc.ExtensionType is nil),
-// then GetExtension returns the raw encoded bytes of the field extension.
-func GetExtension(pb Message, extension *ExtensionDesc) (interface{}, error) {
-	epb, err := extendable(pb)
-	if err != nil {
-		return nil, err
-	}
-
-	if extension.ExtendedType != nil {
-		// can only check type if this is a complete descriptor
-		if err := checkExtensionTypes(epb, extension); err != nil {
-			return nil, err
+// If the descriptor is type incomplete (i.e., ExtensionDesc.ExtensionType is nil),
+// then GetExtension returns the raw encoded bytes for the extension field.
+func GetExtension(m Message, xt *ExtensionDesc) (interface{}, error) {
+	mr := MessageReflect(m)
+	if mr == nil || !mr.IsValid() || mr.Descriptor().ExtensionRanges().Len() == 0 {
+		return nil, errNotExtendable
+	}
+
+	// Retrieve the unknown fields for this extension field.
+	var bo protoreflect.RawFields
+	for bi := mr.GetUnknown(); len(bi) > 0; {
+		num, _, n := protowire.ConsumeField(bi)
+		if int32(num) == xt.Field {
+			bo = append(bo, bi[:n]...)
 		}
+		bi = bi[n:]
 	}
 
-	emap, mu := epb.extensionsRead()
-	if emap == nil {
-		return defaultExtensionValue(extension)
-	}
-	mu.Lock()
-	defer mu.Unlock()
-	e, ok := emap[extension.Field]
-	if !ok {
-		// defaultExtensionValue returns the default value or
-		// ErrMissingExtension if there is no default.
-		return defaultExtensionValue(extension)
-	}
-
-	if e.value != nil {
-		// Already decoded. Check the descriptor, though.
-		if e.desc != extension {
-			// This shouldn't happen. If it does, it means that
-			// GetExtension was called twice with two different
-			// descriptors with the same field number.
-			return nil, errors.New("proto: descriptor conflict")
-		}
-		return extensionAsLegacyType(e.value), nil
+	// For type incomplete descriptors, only retrieve the unknown fields.
+	if xt.ExtensionType == nil {
+		return []byte(bo), nil
 	}
 
-	if extension.ExtensionType == nil {
-		// incomplete descriptor
-		return e.enc, nil
+	// If the extension field only exists as unknown fields, unmarshal it.
+	// This is rarely done since proto.Unmarshal eagerly unmarshals extensions.
+	xtd := xt.TypeDescriptor()
+	if !isValidExtension(mr.Descriptor(), xtd) {
+		return nil, fmt.Errorf("proto: bad extended type; %T does not extend %T", xt.ExtendedType, m)
 	}
-
-	v, err := decodeExtension(e.enc, extension)
-	if err != nil {
-		return nil, err
+	if !mr.Has(xtd) && len(bo) > 0 {
+		m2 := mr.New()
+		if err := (proto.UnmarshalOptions{
+			Resolver: extensionResolver{xt},
+		}.Unmarshal(bo, m2.Interface())); err != nil {
+			return nil, err
+		}
+		if m2.Has(xtd) {
+			mr.Set(xtd, m2.Get(xtd))
+			clearUnknown(mr, fieldNum(xt.Field))
+		}
 	}
 
-	// Remember the decoded version and drop the encoded version.
-	// That way it is safe to mutate what we return.
-	e.value = extensionAsStorageType(v)
-	e.desc = extension
-	e.enc = nil
-	emap[extension.Field] = e
-	return extensionAsLegacyType(e.value), nil
-}
-
-// defaultExtensionValue returns the default value for extension.
-// If no default for an extension is defined ErrMissingExtension is returned.
-func defaultExtensionValue(extension *ExtensionDesc) (interface{}, error) {
-	if extension.ExtensionType == nil {
-		// incomplete descriptor, so no default
+	// Check whether the message has the extension field set or a default.
+	var pv protoreflect.Value
+	switch {
+	case mr.Has(xtd):
+		pv = mr.Get(xtd)
+	case xtd.HasDefault():
+		pv = xtd.Default()
+	default:
 		return nil, ErrMissingExtension
 	}
 
-	t := reflect.TypeOf(extension.ExtensionType)
-	props := extensionProperties(extension)
-
-	sf, _, err := fieldDefault(t, props)
-	if err != nil {
-		return nil, err
-	}
-
-	if sf == nil || sf.value == nil {
-		// There is no default value.
-		return nil, ErrMissingExtension
+	v := xt.InterfaceOf(pv)
+	rv := reflect.ValueOf(v)
+	if isScalarKind(rv.Kind()) {
+		rv2 := reflect.New(rv.Type())
+		rv2.Elem().Set(rv)
+		v = rv2.Interface()
 	}
+	return v, nil
+}
 
-	if t.Kind() != reflect.Ptr {
-		// We do not need to return a Ptr, we can directly return sf.value.
-		return sf.value, nil
-	}
+// extensionResolver is a custom extension resolver that stores a single
+// extension type that takes precedence over the global registry.
+type extensionResolver struct{ xt protoreflect.ExtensionType }
 
-	// We need to return an interface{} that is a pointer to sf.value.
-	value := reflect.New(t).Elem()
-	value.Set(reflect.New(value.Type().Elem()))
-	if sf.kind == reflect.Int32 {
-		// We may have an int32 or an enum, but the underlying data is int32.
-		// Since we can't set an int32 into a non int32 reflect.value directly
-		// set it as a int32.
-		value.Elem().SetInt(int64(sf.value.(int32)))
-	} else {
-		value.Elem().Set(reflect.ValueOf(sf.value))
+func (r extensionResolver) FindExtensionByName(field protoreflect.FullName) (protoreflect.ExtensionType, error) {
+	if xtd := r.xt.TypeDescriptor(); xtd.FullName() == field {
+		return r.xt, nil
 	}
-	return value.Interface(), nil
+	return protoregistry.GlobalTypes.FindExtensionByName(field)
 }
 
-// decodeExtension decodes an extension encoded in b.
-func decodeExtension(b []byte, extension *ExtensionDesc) (interface{}, error) {
-	t := reflect.TypeOf(extension.ExtensionType)
-	unmarshal := typeUnmarshaler(t, extension.Tag)
-
-	// t is a pointer to a struct, pointer to basic type or a slice.
-	// Allocate space to store the pointer/slice.
-	value := reflect.New(t).Elem()
-
-	var err error
-	for {
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		wire := int(x) & 7
-
-		b, err = unmarshal(b, valToPointer(value.Addr()), wire)
-		if err != nil {
-			return nil, err
-		}
-
-		if len(b) == 0 {
-			break
-		}
+func (r extensionResolver) FindExtensionByNumber(message protoreflect.FullName, field protoreflect.FieldNumber) (protoreflect.ExtensionType, error) {
+	if xtd := r.xt.TypeDescriptor(); xtd.ContainingMessage().FullName() == message && xtd.Number() == field {
+		return r.xt, nil
 	}
-	return value.Interface(), nil
+	return protoregistry.GlobalTypes.FindExtensionByNumber(message, field)
 }
 
-// GetExtensions returns a slice of the extensions present in pb that are also listed in es.
-// The returned slice has the same length as es; missing extensions will appear as nil elements.
-func GetExtensions(pb Message, es []*ExtensionDesc) (extensions []interface{}, err error) {
-	epb, err := extendable(pb)
-	if err != nil {
-		return nil, err
+// GetExtensions returns a list of the extensions values present in m,
+// corresponding with the provided list of extension descriptors, xts.
+// If an extension is missing in m, the corresponding value is nil.
+func GetExtensions(m Message, xts []*ExtensionDesc) ([]interface{}, error) {
+	mr := MessageReflect(m)
+	if mr == nil || !mr.IsValid() {
+		return nil, errNotExtendable
 	}
-	extensions = make([]interface{}, len(es))
-	for i, e := range es {
-		extensions[i], err = GetExtension(epb, e)
-		if err == ErrMissingExtension {
-			err = nil
-		}
+
+	vs := make([]interface{}, len(xts))
+	for i, xt := range xts {
+		v, err := GetExtension(m, xt)
 		if err != nil {
-			return
+			if err == ErrMissingExtension {
+				continue
+			}
+			return vs, err
 		}
+		vs[i] = v
 	}
-	return
+	return vs, nil
 }
 
-// ExtensionDescs returns a new slice containing pb's extension descriptors, in undefined order.
-// For non-registered extensions, ExtensionDescs returns an incomplete descriptor containing
-// just the Field field, which defines the extension's field number.
-func ExtensionDescs(pb Message) ([]*ExtensionDesc, error) {
-	epb, err := extendable(pb)
-	if err != nil {
-		return nil, err
+// SetExtension sets an extension field in m to the provided value.
+func SetExtension(m Message, xt *ExtensionDesc, v interface{}) error {
+	mr := MessageReflect(m)
+	if mr == nil || !mr.IsValid() || mr.Descriptor().ExtensionRanges().Len() == 0 {
+		return errNotExtendable
 	}
-	registeredExtensions := RegisteredExtensions(pb)
 
-	emap, mu := epb.extensionsRead()
-	if emap == nil {
-		return nil, nil
+	rv := reflect.ValueOf(v)
+	if reflect.TypeOf(v) != reflect.TypeOf(xt.ExtensionType) {
+		return fmt.Errorf("proto: bad extension value type. got: %T, want: %T", v, xt.ExtensionType)
 	}
-	mu.Lock()
-	defer mu.Unlock()
-	extensions := make([]*ExtensionDesc, 0, len(emap))
-	for extid, e := range emap {
-		desc := e.desc
-		if desc == nil {
-			desc = registeredExtensions[extid]
-			if desc == nil {
-				desc = &ExtensionDesc{Field: extid}
-			}
+	if rv.Kind() == reflect.Ptr {
+		if rv.IsNil() {
+			return fmt.Errorf("proto: SetExtension called with nil value of type %T", v)
+		}
+		if isScalarKind(rv.Elem().Kind()) {
+			v = rv.Elem().Interface()
 		}
-
-		extensions = append(extensions, desc)
 	}
-	return extensions, nil
-}
 
-// SetExtension sets the specified extension of pb to the specified value.
-func SetExtension(pb Message, extension *ExtensionDesc, value interface{}) error {
-	epb, err := extendable(pb)
-	if err != nil {
-		return err
-	}
-	if err := checkExtensionTypes(epb, extension); err != nil {
-		return err
-	}
-	typ := reflect.TypeOf(extension.ExtensionType)
-	if typ != reflect.TypeOf(value) {
-		return fmt.Errorf("proto: bad extension value type. got: %T, want: %T", value, extension.ExtensionType)
+	xtd := xt.TypeDescriptor()
+	if !isValidExtension(mr.Descriptor(), xtd) {
+		return fmt.Errorf("proto: bad extended type; %T does not extend %T", xt.ExtendedType, m)
 	}
-	// nil extension values need to be caught early, because the
-	// encoder can't distinguish an ErrNil due to a nil extension
-	// from an ErrNil due to a missing field. Extensions are
-	// always optional, so the encoder would just swallow the error
-	// and drop all the extensions from the encoded message.
-	if reflect.ValueOf(value).IsNil() {
-		return fmt.Errorf("proto: SetExtension called with nil value of type %T", value)
-	}
-
-	extmap := epb.extensionsWrite()
-	extmap[extension.Field] = Extension{desc: extension, value: extensionAsStorageType(value)}
+	mr.Set(xtd, xt.ValueOf(v))
+	clearUnknown(mr, fieldNum(xt.Field))
 	return nil
 }
 
-// ClearAllExtensions clears all extensions from pb.
-func ClearAllExtensions(pb Message) {
-	epb, err := extendable(pb)
-	if err != nil {
+// SetRawExtension inserts b into the unknown fields of m.
+//
+// Deprecated: Use Message.ProtoReflect.SetUnknown instead.
+func SetRawExtension(m Message, fnum int32, b []byte) {
+	mr := MessageReflect(m)
+	if mr == nil || !mr.IsValid() {
 		return
 	}
-	m := epb.extensionsWrite()
-	for k := range m {
-		delete(m, k)
+
+	// Verify that the raw field is valid.
+	for b0 := b; len(b0) > 0; {
+		num, _, n := protowire.ConsumeField(b0)
+		if int32(num) != fnum {
+			panic(fmt.Sprintf("mismatching field number: got %d, want %d", num, fnum))
+		}
+		b0 = b0[n:]
 	}
-}
 
-// A global registry of extensions.
-// The generated code will register the generated descriptors by calling RegisterExtension.
+	ClearExtension(m, &ExtensionDesc{Field: fnum})
+	mr.SetUnknown(append(mr.GetUnknown(), b...))
+}
 
-var extensionMaps = make(map[reflect.Type]map[int32]*ExtensionDesc)
+// ExtensionDescs returns a list of extension descriptors found in m,
+// containing descriptors for both populated extension fields in m and
+// also unknown fields of m that are in the extension range.
+// For the later case, an type incomplete descriptor is provided where only
+// the ExtensionDesc.Field field is populated.
+// The order of the extension descriptors is undefined.
+func ExtensionDescs(m Message) ([]*ExtensionDesc, error) {
+	mr := MessageReflect(m)
+	if mr == nil || !mr.IsValid() || mr.Descriptor().ExtensionRanges().Len() == 0 {
+		return nil, errNotExtendable
+	}
 
-// RegisterExtension is called from the generated code.
-func RegisterExtension(desc *ExtensionDesc) {
-	st := reflect.TypeOf(desc.ExtendedType).Elem()
-	m := extensionMaps[st]
-	if m == nil {
-		m = make(map[int32]*ExtensionDesc)
-		extensionMaps[st] = m
+	// Collect a set of known extension descriptors.
+	extDescs := make(map[protoreflect.FieldNumber]*ExtensionDesc)
+	mr.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool {
+		if fd.IsExtension() {
+			xt := fd.(protoreflect.ExtensionTypeDescriptor)
+			if xd, ok := xt.Type().(*ExtensionDesc); ok {
+				extDescs[fd.Number()] = xd
+			}
+		}
+		return true
+	})
+
+	// Collect a set of unknown extension descriptors.
+	extRanges := mr.Descriptor().ExtensionRanges()
+	for b := mr.GetUnknown(); len(b) > 0; {
+		num, _, n := protowire.ConsumeField(b)
+		if extRanges.Has(num) && extDescs[num] == nil {
+			extDescs[num] = nil
+		}
+		b = b[n:]
 	}
-	if _, ok := m[desc.Field]; ok {
-		panic("proto: duplicate extension registered: " + st.String() + " " + strconv.Itoa(int(desc.Field)))
+
+	// Transpose the set of descriptors into a list.
+	var xts []*ExtensionDesc
+	for num, xt := range extDescs {
+		if xt == nil {
+			xt = &ExtensionDesc{Field: int32(num)}
+		}
+		xts = append(xts, xt)
 	}
-	m[desc.Field] = desc
+	return xts, nil
 }
 
-// RegisteredExtensions returns a map of the registered extensions of a
-// protocol buffer struct, indexed by the extension number.
-// The argument pb should be a nil pointer to the struct type.
-func RegisteredExtensions(pb Message) map[int32]*ExtensionDesc {
-	return extensionMaps[reflect.TypeOf(pb).Elem()]
+// isValidExtension reports whether xtd is a valid extension descriptor for md.
+func isValidExtension(md protoreflect.MessageDescriptor, xtd protoreflect.ExtensionTypeDescriptor) bool {
+	return xtd.ContainingMessage() == md && md.ExtensionRanges().Has(xtd.Number())
 }
 
-// extensionAsLegacyType converts an value in the storage type as the API type.
-// See Extension.value.
-func extensionAsLegacyType(v interface{}) interface{} {
-	switch rv := reflect.ValueOf(v); rv.Kind() {
+// isScalarKind reports whether k is a protobuf scalar kind (except bytes).
+// This function exists for historical reasons since the representation of
+// scalars differs between v1 and v2, where v1 uses *T and v2 uses T.
+func isScalarKind(k reflect.Kind) bool {
+	switch k {
 	case reflect.Bool, reflect.Int32, reflect.Int64, reflect.Uint32, reflect.Uint64, reflect.Float32, reflect.Float64, reflect.String:
-		// Represent primitive types as a pointer to the value.
-		rv2 := reflect.New(rv.Type())
-		rv2.Elem().Set(rv)
-		v = rv2.Interface()
-	case reflect.Ptr:
-		// Represent slice types as the value itself.
-		switch rv.Type().Elem().Kind() {
-		case reflect.Slice:
-			if rv.IsNil() {
-				v = reflect.Zero(rv.Type().Elem()).Interface()
-			} else {
-				v = rv.Elem().Interface()
-			}
-		}
+		return true
+	default:
+		return false
 	}
-	return v
 }
 
-// extensionAsStorageType converts an value in the API type as the storage type.
-// See Extension.value.
-func extensionAsStorageType(v interface{}) interface{} {
-	switch rv := reflect.ValueOf(v); rv.Kind() {
-	case reflect.Ptr:
-		// Represent slice types as the value itself.
-		switch rv.Type().Elem().Kind() {
-		case reflect.Bool, reflect.Int32, reflect.Int64, reflect.Uint32, reflect.Uint64, reflect.Float32, reflect.Float64, reflect.String:
-			if rv.IsNil() {
-				v = reflect.Zero(rv.Type().Elem()).Interface()
-			} else {
-				v = rv.Elem().Interface()
-			}
-		}
-	case reflect.Slice:
-		// Represent slice types as a pointer to the value.
-		if rv.Type().Elem().Kind() != reflect.Uint8 {
-			rv2 := reflect.New(rv.Type())
-			rv2.Elem().Set(rv)
-			v = rv2.Interface()
+// clearUnknown removes unknown fields from m where remover.Has reports true.
+func clearUnknown(m protoreflect.Message, remover interface {
+	Has(protoreflect.FieldNumber) bool
+}) {
+	var bo protoreflect.RawFields
+	for bi := m.GetUnknown(); len(bi) > 0; {
+		num, _, n := protowire.ConsumeField(bi)
+		if !remover.Has(num) {
+			bo = append(bo, bi[:n]...)
 		}
+		bi = bi[n:]
 	}
-	return v
+	if bi := m.GetUnknown(); len(bi) != len(bo) {
+		m.SetUnknown(bo)
+	}
+}
+
+type fieldNum protoreflect.FieldNumber
+
+func (n1 fieldNum) Has(n2 protoreflect.FieldNumber) bool {
+	return protoreflect.FieldNumber(n1) == n2
 }
diff --git a/vendor/github.com/golang/protobuf/proto/lib.go b/vendor/github.com/golang/protobuf/proto/lib.go
deleted file mode 100644
index fdd328bb7..000000000
--- a/vendor/github.com/golang/protobuf/proto/lib.go
+++ /dev/null
@@ -1,965 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-/*
-Package proto converts data structures to and from the wire format of
-protocol buffers.  It works in concert with the Go source code generated
-for .proto files by the protocol compiler.
-
-A summary of the properties of the protocol buffer interface
-for a protocol buffer variable v:
-
-  - Names are turned from camel_case to CamelCase for export.
-  - There are no methods on v to set fields; just treat
-	them as structure fields.
-  - There are getters that return a field's value if set,
-	and return the field's default value if unset.
-	The getters work even if the receiver is a nil message.
-  - The zero value for a struct is its correct initialization state.
-	All desired fields must be set before marshaling.
-  - A Reset() method will restore a protobuf struct to its zero state.
-  - Non-repeated fields are pointers to the values; nil means unset.
-	That is, optional or required field int32 f becomes F *int32.
-  - Repeated fields are slices.
-  - Helper functions are available to aid the setting of fields.
-	msg.Foo = proto.String("hello") // set field
-  - Constants are defined to hold the default values of all fields that
-	have them.  They have the form Default_StructName_FieldName.
-	Because the getter methods handle defaulted values,
-	direct use of these constants should be rare.
-  - Enums are given type names and maps from names to values.
-	Enum values are prefixed by the enclosing message's name, or by the
-	enum's type name if it is a top-level enum. Enum types have a String
-	method, and a Enum method to assist in message construction.
-  - Nested messages, groups and enums have type names prefixed with the name of
-	the surrounding message type.
-  - Extensions are given descriptor names that start with E_,
-	followed by an underscore-delimited list of the nested messages
-	that contain it (if any) followed by the CamelCased name of the
-	extension field itself.  HasExtension, ClearExtension, GetExtension
-	and SetExtension are functions for manipulating extensions.
-  - Oneof field sets are given a single field in their message,
-	with distinguished wrapper types for each possible field value.
-  - Marshal and Unmarshal are functions to encode and decode the wire format.
-
-When the .proto file specifies `syntax="proto3"`, there are some differences:
-
-  - Non-repeated fields of non-message type are values instead of pointers.
-  - Enum types do not get an Enum method.
-
-The simplest way to describe this is to see an example.
-Given file test.proto, containing
-
-	package example;
-
-	enum FOO { X = 17; }
-
-	message Test {
-	  required string label = 1;
-	  optional int32 type = 2 [default=77];
-	  repeated int64 reps = 3;
-	  optional group OptionalGroup = 4 {
-	    required string RequiredField = 5;
-	  }
-	  oneof union {
-	    int32 number = 6;
-	    string name = 7;
-	  }
-	}
-
-The resulting file, test.pb.go, is:
-
-	package example
-
-	import proto "github.com/golang/protobuf/proto"
-	import math "math"
-
-	type FOO int32
-	const (
-		FOO_X FOO = 17
-	)
-	var FOO_name = map[int32]string{
-		17: "X",
-	}
-	var FOO_value = map[string]int32{
-		"X": 17,
-	}
-
-	func (x FOO) Enum() *FOO {
-		p := new(FOO)
-		*p = x
-		return p
-	}
-	func (x FOO) String() string {
-		return proto.EnumName(FOO_name, int32(x))
-	}
-	func (x *FOO) UnmarshalJSON(data []byte) error {
-		value, err := proto.UnmarshalJSONEnum(FOO_value, data)
-		if err != nil {
-			return err
-		}
-		*x = FOO(value)
-		return nil
-	}
-
-	type Test struct {
-		Label         *string             `protobuf:"bytes,1,req,name=label" json:"label,omitempty"`
-		Type          *int32              `protobuf:"varint,2,opt,name=type,def=77" json:"type,omitempty"`
-		Reps          []int64             `protobuf:"varint,3,rep,name=reps" json:"reps,omitempty"`
-		Optionalgroup *Test_OptionalGroup `protobuf:"group,4,opt,name=OptionalGroup" json:"optionalgroup,omitempty"`
-		// Types that are valid to be assigned to Union:
-		//	*Test_Number
-		//	*Test_Name
-		Union            isTest_Union `protobuf_oneof:"union"`
-		XXX_unrecognized []byte       `json:"-"`
-	}
-	func (m *Test) Reset()         { *m = Test{} }
-	func (m *Test) String() string { return proto.CompactTextString(m) }
-	func (*Test) ProtoMessage() {}
-
-	type isTest_Union interface {
-		isTest_Union()
-	}
-
-	type Test_Number struct {
-		Number int32 `protobuf:"varint,6,opt,name=number"`
-	}
-	type Test_Name struct {
-		Name string `protobuf:"bytes,7,opt,name=name"`
-	}
-
-	func (*Test_Number) isTest_Union() {}
-	func (*Test_Name) isTest_Union()   {}
-
-	func (m *Test) GetUnion() isTest_Union {
-		if m != nil {
-			return m.Union
-		}
-		return nil
-	}
-	const Default_Test_Type int32 = 77
-
-	func (m *Test) GetLabel() string {
-		if m != nil && m.Label != nil {
-			return *m.Label
-		}
-		return ""
-	}
-
-	func (m *Test) GetType() int32 {
-		if m != nil && m.Type != nil {
-			return *m.Type
-		}
-		return Default_Test_Type
-	}
-
-	func (m *Test) GetOptionalgroup() *Test_OptionalGroup {
-		if m != nil {
-			return m.Optionalgroup
-		}
-		return nil
-	}
-
-	type Test_OptionalGroup struct {
-		RequiredField *string `protobuf:"bytes,5,req" json:"RequiredField,omitempty"`
-	}
-	func (m *Test_OptionalGroup) Reset()         { *m = Test_OptionalGroup{} }
-	func (m *Test_OptionalGroup) String() string { return proto.CompactTextString(m) }
-
-	func (m *Test_OptionalGroup) GetRequiredField() string {
-		if m != nil && m.RequiredField != nil {
-			return *m.RequiredField
-		}
-		return ""
-	}
-
-	func (m *Test) GetNumber() int32 {
-		if x, ok := m.GetUnion().(*Test_Number); ok {
-			return x.Number
-		}
-		return 0
-	}
-
-	func (m *Test) GetName() string {
-		if x, ok := m.GetUnion().(*Test_Name); ok {
-			return x.Name
-		}
-		return ""
-	}
-
-	func init() {
-		proto.RegisterEnum("example.FOO", FOO_name, FOO_value)
-	}
-
-To create and play with a Test object:
-
-	package main
-
-	import (
-		"log"
-
-		"github.com/golang/protobuf/proto"
-		pb "./example.pb"
-	)
-
-	func main() {
-		test := &pb.Test{
-			Label: proto.String("hello"),
-			Type:  proto.Int32(17),
-			Reps:  []int64{1, 2, 3},
-			Optionalgroup: &pb.Test_OptionalGroup{
-				RequiredField: proto.String("good bye"),
-			},
-			Union: &pb.Test_Name{"fred"},
-		}
-		data, err := proto.Marshal(test)
-		if err != nil {
-			log.Fatal("marshaling error: ", err)
-		}
-		newTest := &pb.Test{}
-		err = proto.Unmarshal(data, newTest)
-		if err != nil {
-			log.Fatal("unmarshaling error: ", err)
-		}
-		// Now test and newTest contain the same data.
-		if test.GetLabel() != newTest.GetLabel() {
-			log.Fatalf("data mismatch %q != %q", test.GetLabel(), newTest.GetLabel())
-		}
-		// Use a type switch to determine which oneof was set.
-		switch u := test.Union.(type) {
-		case *pb.Test_Number: // u.Number contains the number.
-		case *pb.Test_Name: // u.Name contains the string.
-		}
-		// etc.
-	}
-*/
-package proto
-
-import (
-	"encoding/json"
-	"fmt"
-	"log"
-	"reflect"
-	"sort"
-	"strconv"
-	"sync"
-)
-
-// RequiredNotSetError is an error type returned by either Marshal or Unmarshal.
-// Marshal reports this when a required field is not initialized.
-// Unmarshal reports this when a required field is missing from the wire data.
-type RequiredNotSetError struct{ field string }
-
-func (e *RequiredNotSetError) Error() string {
-	if e.field == "" {
-		return fmt.Sprintf("proto: required field not set")
-	}
-	return fmt.Sprintf("proto: required field %q not set", e.field)
-}
-func (e *RequiredNotSetError) RequiredNotSet() bool {
-	return true
-}
-
-type invalidUTF8Error struct{ field string }
-
-func (e *invalidUTF8Error) Error() string {
-	if e.field == "" {
-		return "proto: invalid UTF-8 detected"
-	}
-	return fmt.Sprintf("proto: field %q contains invalid UTF-8", e.field)
-}
-func (e *invalidUTF8Error) InvalidUTF8() bool {
-	return true
-}
-
-// errInvalidUTF8 is a sentinel error to identify fields with invalid UTF-8.
-// This error should not be exposed to the external API as such errors should
-// be recreated with the field information.
-var errInvalidUTF8 = &invalidUTF8Error{}
-
-// isNonFatal reports whether the error is either a RequiredNotSet error
-// or a InvalidUTF8 error.
-func isNonFatal(err error) bool {
-	if re, ok := err.(interface{ RequiredNotSet() bool }); ok && re.RequiredNotSet() {
-		return true
-	}
-	if re, ok := err.(interface{ InvalidUTF8() bool }); ok && re.InvalidUTF8() {
-		return true
-	}
-	return false
-}
-
-type nonFatal struct{ E error }
-
-// Merge merges err into nf and reports whether it was successful.
-// Otherwise it returns false for any fatal non-nil errors.
-func (nf *nonFatal) Merge(err error) (ok bool) {
-	if err == nil {
-		return true // not an error
-	}
-	if !isNonFatal(err) {
-		return false // fatal error
-	}
-	if nf.E == nil {
-		nf.E = err // store first instance of non-fatal error
-	}
-	return true
-}
-
-// Message is implemented by generated protocol buffer messages.
-type Message interface {
-	Reset()
-	String() string
-	ProtoMessage()
-}
-
-// A Buffer is a buffer manager for marshaling and unmarshaling
-// protocol buffers.  It may be reused between invocations to
-// reduce memory usage.  It is not necessary to use a Buffer;
-// the global functions Marshal and Unmarshal create a
-// temporary Buffer and are fine for most applications.
-type Buffer struct {
-	buf   []byte // encode/decode byte stream
-	index int    // read point
-
-	deterministic bool
-}
-
-// NewBuffer allocates a new Buffer and initializes its internal data to
-// the contents of the argument slice.
-func NewBuffer(e []byte) *Buffer {
-	return &Buffer{buf: e}
-}
-
-// Reset resets the Buffer, ready for marshaling a new protocol buffer.
-func (p *Buffer) Reset() {
-	p.buf = p.buf[0:0] // for reading/writing
-	p.index = 0        // for reading
-}
-
-// SetBuf replaces the internal buffer with the slice,
-// ready for unmarshaling the contents of the slice.
-func (p *Buffer) SetBuf(s []byte) {
-	p.buf = s
-	p.index = 0
-}
-
-// Bytes returns the contents of the Buffer.
-func (p *Buffer) Bytes() []byte { return p.buf }
-
-// SetDeterministic sets whether to use deterministic serialization.
-//
-// Deterministic serialization guarantees that for a given binary, equal
-// messages will always be serialized to the same bytes. This implies:
-//
-//   - Repeated serialization of a message will return the same bytes.
-//   - Different processes of the same binary (which may be executing on
-//     different machines) will serialize equal messages to the same bytes.
-//
-// Note that the deterministic serialization is NOT canonical across
-// languages. It is not guaranteed to remain stable over time. It is unstable
-// across different builds with schema changes due to unknown fields.
-// Users who need canonical serialization (e.g., persistent storage in a
-// canonical form, fingerprinting, etc.) should define their own
-// canonicalization specification and implement their own serializer rather
-// than relying on this API.
-//
-// If deterministic serialization is requested, map entries will be sorted
-// by keys in lexographical order. This is an implementation detail and
-// subject to change.
-func (p *Buffer) SetDeterministic(deterministic bool) {
-	p.deterministic = deterministic
-}
-
-/*
- * Helper routines for simplifying the creation of optional fields of basic type.
- */
-
-// Bool is a helper routine that allocates a new bool value
-// to store v and returns a pointer to it.
-func Bool(v bool) *bool {
-	return &v
-}
-
-// Int32 is a helper routine that allocates a new int32 value
-// to store v and returns a pointer to it.
-func Int32(v int32) *int32 {
-	return &v
-}
-
-// Int is a helper routine that allocates a new int32 value
-// to store v and returns a pointer to it, but unlike Int32
-// its argument value is an int.
-func Int(v int) *int32 {
-	p := new(int32)
-	*p = int32(v)
-	return p
-}
-
-// Int64 is a helper routine that allocates a new int64 value
-// to store v and returns a pointer to it.
-func Int64(v int64) *int64 {
-	return &v
-}
-
-// Float32 is a helper routine that allocates a new float32 value
-// to store v and returns a pointer to it.
-func Float32(v float32) *float32 {
-	return &v
-}
-
-// Float64 is a helper routine that allocates a new float64 value
-// to store v and returns a pointer to it.
-func Float64(v float64) *float64 {
-	return &v
-}
-
-// Uint32 is a helper routine that allocates a new uint32 value
-// to store v and returns a pointer to it.
-func Uint32(v uint32) *uint32 {
-	return &v
-}
-
-// Uint64 is a helper routine that allocates a new uint64 value
-// to store v and returns a pointer to it.
-func Uint64(v uint64) *uint64 {
-	return &v
-}
-
-// String is a helper routine that allocates a new string value
-// to store v and returns a pointer to it.
-func String(v string) *string {
-	return &v
-}
-
-// EnumName is a helper function to simplify printing protocol buffer enums
-// by name.  Given an enum map and a value, it returns a useful string.
-func EnumName(m map[int32]string, v int32) string {
-	s, ok := m[v]
-	if ok {
-		return s
-	}
-	return strconv.Itoa(int(v))
-}
-
-// UnmarshalJSONEnum is a helper function to simplify recovering enum int values
-// from their JSON-encoded representation. Given a map from the enum's symbolic
-// names to its int values, and a byte buffer containing the JSON-encoded
-// value, it returns an int32 that can be cast to the enum type by the caller.
-//
-// The function can deal with both JSON representations, numeric and symbolic.
-func UnmarshalJSONEnum(m map[string]int32, data []byte, enumName string) (int32, error) {
-	if data[0] == '"' {
-		// New style: enums are strings.
-		var repr string
-		if err := json.Unmarshal(data, &repr); err != nil {
-			return -1, err
-		}
-		val, ok := m[repr]
-		if !ok {
-			return 0, fmt.Errorf("unrecognized enum %s value %q", enumName, repr)
-		}
-		return val, nil
-	}
-	// Old style: enums are ints.
-	var val int32
-	if err := json.Unmarshal(data, &val); err != nil {
-		return 0, fmt.Errorf("cannot unmarshal %#q into enum %s", data, enumName)
-	}
-	return val, nil
-}
-
-// DebugPrint dumps the encoded data in b in a debugging format with a header
-// including the string s. Used in testing but made available for general debugging.
-func (p *Buffer) DebugPrint(s string, b []byte) {
-	var u uint64
-
-	obuf := p.buf
-	index := p.index
-	p.buf = b
-	p.index = 0
-	depth := 0
-
-	fmt.Printf("\n--- %s ---\n", s)
-
-out:
-	for {
-		for i := 0; i < depth; i++ {
-			fmt.Print("  ")
-		}
-
-		index := p.index
-		if index == len(p.buf) {
-			break
-		}
-
-		op, err := p.DecodeVarint()
-		if err != nil {
-			fmt.Printf("%3d: fetching op err %v\n", index, err)
-			break out
-		}
-		tag := op >> 3
-		wire := op & 7
-
-		switch wire {
-		default:
-			fmt.Printf("%3d: t=%3d unknown wire=%d\n",
-				index, tag, wire)
-			break out
-
-		case WireBytes:
-			var r []byte
-
-			r, err = p.DecodeRawBytes(false)
-			if err != nil {
-				break out
-			}
-			fmt.Printf("%3d: t=%3d bytes [%d]", index, tag, len(r))
-			if len(r) <= 6 {
-				for i := 0; i < len(r); i++ {
-					fmt.Printf(" %.2x", r[i])
-				}
-			} else {
-				for i := 0; i < 3; i++ {
-					fmt.Printf(" %.2x", r[i])
-				}
-				fmt.Printf(" ..")
-				for i := len(r) - 3; i < len(r); i++ {
-					fmt.Printf(" %.2x", r[i])
-				}
-			}
-			fmt.Printf("\n")
-
-		case WireFixed32:
-			u, err = p.DecodeFixed32()
-			if err != nil {
-				fmt.Printf("%3d: t=%3d fix32 err %v\n", index, tag, err)
-				break out
-			}
-			fmt.Printf("%3d: t=%3d fix32 %d\n", index, tag, u)
-
-		case WireFixed64:
-			u, err = p.DecodeFixed64()
-			if err != nil {
-				fmt.Printf("%3d: t=%3d fix64 err %v\n", index, tag, err)
-				break out
-			}
-			fmt.Printf("%3d: t=%3d fix64 %d\n", index, tag, u)
-
-		case WireVarint:
-			u, err = p.DecodeVarint()
-			if err != nil {
-				fmt.Printf("%3d: t=%3d varint err %v\n", index, tag, err)
-				break out
-			}
-			fmt.Printf("%3d: t=%3d varint %d\n", index, tag, u)
-
-		case WireStartGroup:
-			fmt.Printf("%3d: t=%3d start\n", index, tag)
-			depth++
-
-		case WireEndGroup:
-			depth--
-			fmt.Printf("%3d: t=%3d end\n", index, tag)
-		}
-	}
-
-	if depth != 0 {
-		fmt.Printf("%3d: start-end not balanced %d\n", p.index, depth)
-	}
-	fmt.Printf("\n")
-
-	p.buf = obuf
-	p.index = index
-}
-
-// SetDefaults sets unset protocol buffer fields to their default values.
-// It only modifies fields that are both unset and have defined defaults.
-// It recursively sets default values in any non-nil sub-messages.
-func SetDefaults(pb Message) {
-	setDefaults(reflect.ValueOf(pb), true, false)
-}
-
-// v is a pointer to a struct.
-func setDefaults(v reflect.Value, recur, zeros bool) {
-	v = v.Elem()
-
-	defaultMu.RLock()
-	dm, ok := defaults[v.Type()]
-	defaultMu.RUnlock()
-	if !ok {
-		dm = buildDefaultMessage(v.Type())
-		defaultMu.Lock()
-		defaults[v.Type()] = dm
-		defaultMu.Unlock()
-	}
-
-	for _, sf := range dm.scalars {
-		f := v.Field(sf.index)
-		if !f.IsNil() {
-			// field already set
-			continue
-		}
-		dv := sf.value
-		if dv == nil && !zeros {
-			// no explicit default, and don't want to set zeros
-			continue
-		}
-		fptr := f.Addr().Interface() // **T
-		// TODO: Consider batching the allocations we do here.
-		switch sf.kind {
-		case reflect.Bool:
-			b := new(bool)
-			if dv != nil {
-				*b = dv.(bool)
-			}
-			*(fptr.(**bool)) = b
-		case reflect.Float32:
-			f := new(float32)
-			if dv != nil {
-				*f = dv.(float32)
-			}
-			*(fptr.(**float32)) = f
-		case reflect.Float64:
-			f := new(float64)
-			if dv != nil {
-				*f = dv.(float64)
-			}
-			*(fptr.(**float64)) = f
-		case reflect.Int32:
-			// might be an enum
-			if ft := f.Type(); ft != int32PtrType {
-				// enum
-				f.Set(reflect.New(ft.Elem()))
-				if dv != nil {
-					f.Elem().SetInt(int64(dv.(int32)))
-				}
-			} else {
-				// int32 field
-				i := new(int32)
-				if dv != nil {
-					*i = dv.(int32)
-				}
-				*(fptr.(**int32)) = i
-			}
-		case reflect.Int64:
-			i := new(int64)
-			if dv != nil {
-				*i = dv.(int64)
-			}
-			*(fptr.(**int64)) = i
-		case reflect.String:
-			s := new(string)
-			if dv != nil {
-				*s = dv.(string)
-			}
-			*(fptr.(**string)) = s
-		case reflect.Uint8:
-			// exceptional case: []byte
-			var b []byte
-			if dv != nil {
-				db := dv.([]byte)
-				b = make([]byte, len(db))
-				copy(b, db)
-			} else {
-				b = []byte{}
-			}
-			*(fptr.(*[]byte)) = b
-		case reflect.Uint32:
-			u := new(uint32)
-			if dv != nil {
-				*u = dv.(uint32)
-			}
-			*(fptr.(**uint32)) = u
-		case reflect.Uint64:
-			u := new(uint64)
-			if dv != nil {
-				*u = dv.(uint64)
-			}
-			*(fptr.(**uint64)) = u
-		default:
-			log.Printf("proto: can't set default for field %v (sf.kind=%v)", f, sf.kind)
-		}
-	}
-
-	for _, ni := range dm.nested {
-		f := v.Field(ni)
-		// f is *T or []*T or map[T]*T
-		switch f.Kind() {
-		case reflect.Ptr:
-			if f.IsNil() {
-				continue
-			}
-			setDefaults(f, recur, zeros)
-
-		case reflect.Slice:
-			for i := 0; i < f.Len(); i++ {
-				e := f.Index(i)
-				if e.IsNil() {
-					continue
-				}
-				setDefaults(e, recur, zeros)
-			}
-
-		case reflect.Map:
-			for _, k := range f.MapKeys() {
-				e := f.MapIndex(k)
-				if e.IsNil() {
-					continue
-				}
-				setDefaults(e, recur, zeros)
-			}
-		}
-	}
-}
-
-var (
-	// defaults maps a protocol buffer struct type to a slice of the fields,
-	// with its scalar fields set to their proto-declared non-zero default values.
-	defaultMu sync.RWMutex
-	defaults  = make(map[reflect.Type]defaultMessage)
-
-	int32PtrType = reflect.TypeOf((*int32)(nil))
-)
-
-// defaultMessage represents information about the default values of a message.
-type defaultMessage struct {
-	scalars []scalarField
-	nested  []int // struct field index of nested messages
-}
-
-type scalarField struct {
-	index int          // struct field index
-	kind  reflect.Kind // element type (the T in *T or []T)
-	value interface{}  // the proto-declared default value, or nil
-}
-
-// t is a struct type.
-func buildDefaultMessage(t reflect.Type) (dm defaultMessage) {
-	sprop := GetProperties(t)
-	for _, prop := range sprop.Prop {
-		fi, ok := sprop.decoderTags.get(prop.Tag)
-		if !ok {
-			// XXX_unrecognized
-			continue
-		}
-		ft := t.Field(fi).Type
-
-		sf, nested, err := fieldDefault(ft, prop)
-		switch {
-		case err != nil:
-			log.Print(err)
-		case nested:
-			dm.nested = append(dm.nested, fi)
-		case sf != nil:
-			sf.index = fi
-			dm.scalars = append(dm.scalars, *sf)
-		}
-	}
-
-	return dm
-}
-
-// fieldDefault returns the scalarField for field type ft.
-// sf will be nil if the field can not have a default.
-// nestedMessage will be true if this is a nested message.
-// Note that sf.index is not set on return.
-func fieldDefault(ft reflect.Type, prop *Properties) (sf *scalarField, nestedMessage bool, err error) {
-	var canHaveDefault bool
-	switch ft.Kind() {
-	case reflect.Ptr:
-		if ft.Elem().Kind() == reflect.Struct {
-			nestedMessage = true
-		} else {
-			canHaveDefault = true // proto2 scalar field
-		}
-
-	case reflect.Slice:
-		switch ft.Elem().Kind() {
-		case reflect.Ptr:
-			nestedMessage = true // repeated message
-		case reflect.Uint8:
-			canHaveDefault = true // bytes field
-		}
-
-	case reflect.Map:
-		if ft.Elem().Kind() == reflect.Ptr {
-			nestedMessage = true // map with message values
-		}
-	}
-
-	if !canHaveDefault {
-		if nestedMessage {
-			return nil, true, nil
-		}
-		return nil, false, nil
-	}
-
-	// We now know that ft is a pointer or slice.
-	sf = &scalarField{kind: ft.Elem().Kind()}
-
-	// scalar fields without defaults
-	if !prop.HasDefault {
-		return sf, false, nil
-	}
-
-	// a scalar field: either *T or []byte
-	switch ft.Elem().Kind() {
-	case reflect.Bool:
-		x, err := strconv.ParseBool(prop.Default)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default bool %q: %v", prop.Default, err)
-		}
-		sf.value = x
-	case reflect.Float32:
-		x, err := strconv.ParseFloat(prop.Default, 32)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default float32 %q: %v", prop.Default, err)
-		}
-		sf.value = float32(x)
-	case reflect.Float64:
-		x, err := strconv.ParseFloat(prop.Default, 64)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default float64 %q: %v", prop.Default, err)
-		}
-		sf.value = x
-	case reflect.Int32:
-		x, err := strconv.ParseInt(prop.Default, 10, 32)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default int32 %q: %v", prop.Default, err)
-		}
-		sf.value = int32(x)
-	case reflect.Int64:
-		x, err := strconv.ParseInt(prop.Default, 10, 64)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default int64 %q: %v", prop.Default, err)
-		}
-		sf.value = x
-	case reflect.String:
-		sf.value = prop.Default
-	case reflect.Uint8:
-		// []byte (not *uint8)
-		sf.value = []byte(prop.Default)
-	case reflect.Uint32:
-		x, err := strconv.ParseUint(prop.Default, 10, 32)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default uint32 %q: %v", prop.Default, err)
-		}
-		sf.value = uint32(x)
-	case reflect.Uint64:
-		x, err := strconv.ParseUint(prop.Default, 10, 64)
-		if err != nil {
-			return nil, false, fmt.Errorf("proto: bad default uint64 %q: %v", prop.Default, err)
-		}
-		sf.value = x
-	default:
-		return nil, false, fmt.Errorf("proto: unhandled def kind %v", ft.Elem().Kind())
-	}
-
-	return sf, false, nil
-}
-
-// mapKeys returns a sort.Interface to be used for sorting the map keys.
-// Map fields may have key types of non-float scalars, strings and enums.
-func mapKeys(vs []reflect.Value) sort.Interface {
-	s := mapKeySorter{vs: vs}
-
-	// Type specialization per https://developers.google.com/protocol-buffers/docs/proto#maps.
-	if len(vs) == 0 {
-		return s
-	}
-	switch vs[0].Kind() {
-	case reflect.Int32, reflect.Int64:
-		s.less = func(a, b reflect.Value) bool { return a.Int() < b.Int() }
-	case reflect.Uint32, reflect.Uint64:
-		s.less = func(a, b reflect.Value) bool { return a.Uint() < b.Uint() }
-	case reflect.Bool:
-		s.less = func(a, b reflect.Value) bool { return !a.Bool() && b.Bool() } // false < true
-	case reflect.String:
-		s.less = func(a, b reflect.Value) bool { return a.String() < b.String() }
-	default:
-		panic(fmt.Sprintf("unsupported map key type: %v", vs[0].Kind()))
-	}
-
-	return s
-}
-
-type mapKeySorter struct {
-	vs   []reflect.Value
-	less func(a, b reflect.Value) bool
-}
-
-func (s mapKeySorter) Len() int      { return len(s.vs) }
-func (s mapKeySorter) Swap(i, j int) { s.vs[i], s.vs[j] = s.vs[j], s.vs[i] }
-func (s mapKeySorter) Less(i, j int) bool {
-	return s.less(s.vs[i], s.vs[j])
-}
-
-// isProto3Zero reports whether v is a zero proto3 value.
-func isProto3Zero(v reflect.Value) bool {
-	switch v.Kind() {
-	case reflect.Bool:
-		return !v.Bool()
-	case reflect.Int32, reflect.Int64:
-		return v.Int() == 0
-	case reflect.Uint32, reflect.Uint64:
-		return v.Uint() == 0
-	case reflect.Float32, reflect.Float64:
-		return v.Float() == 0
-	case reflect.String:
-		return v.String() == ""
-	}
-	return false
-}
-
-const (
-	// ProtoPackageIsVersion3 is referenced from generated protocol buffer files
-	// to assert that that code is compatible with this version of the proto package.
-	ProtoPackageIsVersion3 = true
-
-	// ProtoPackageIsVersion2 is referenced from generated protocol buffer files
-	// to assert that that code is compatible with this version of the proto package.
-	ProtoPackageIsVersion2 = true
-
-	// ProtoPackageIsVersion1 is referenced from generated protocol buffer files
-	// to assert that that code is compatible with this version of the proto package.
-	ProtoPackageIsVersion1 = true
-)
-
-// InternalMessageInfo is a type used internally by generated .pb.go files.
-// This type is not intended to be used by non-generated code.
-// This type is not subject to any compatibility guarantee.
-type InternalMessageInfo struct {
-	marshal   *marshalInfo
-	unmarshal *unmarshalInfo
-	merge     *mergeInfo
-	discard   *discardInfo
-}
diff --git a/vendor/github.com/golang/protobuf/proto/message_set.go b/vendor/github.com/golang/protobuf/proto/message_set.go
deleted file mode 100644
index f48a75676..000000000
--- a/vendor/github.com/golang/protobuf/proto/message_set.go
+++ /dev/null
@@ -1,181 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-/*
- * Support for message sets.
- */
-
-import (
-	"errors"
-)
-
-// errNoMessageTypeID occurs when a protocol buffer does not have a message type ID.
-// A message type ID is required for storing a protocol buffer in a message set.
-var errNoMessageTypeID = errors.New("proto does not have a message type ID")
-
-// The first two types (_MessageSet_Item and messageSet)
-// model what the protocol compiler produces for the following protocol message:
-//   message MessageSet {
-//     repeated group Item = 1 {
-//       required int32 type_id = 2;
-//       required string message = 3;
-//     };
-//   }
-// That is the MessageSet wire format. We can't use a proto to generate these
-// because that would introduce a circular dependency between it and this package.
-
-type _MessageSet_Item struct {
-	TypeId  *int32 `protobuf:"varint,2,req,name=type_id"`
-	Message []byte `protobuf:"bytes,3,req,name=message"`
-}
-
-type messageSet struct {
-	Item             []*_MessageSet_Item `protobuf:"group,1,rep"`
-	XXX_unrecognized []byte
-	// TODO: caching?
-}
-
-// Make sure messageSet is a Message.
-var _ Message = (*messageSet)(nil)
-
-// messageTypeIder is an interface satisfied by a protocol buffer type
-// that may be stored in a MessageSet.
-type messageTypeIder interface {
-	MessageTypeId() int32
-}
-
-func (ms *messageSet) find(pb Message) *_MessageSet_Item {
-	mti, ok := pb.(messageTypeIder)
-	if !ok {
-		return nil
-	}
-	id := mti.MessageTypeId()
-	for _, item := range ms.Item {
-		if *item.TypeId == id {
-			return item
-		}
-	}
-	return nil
-}
-
-func (ms *messageSet) Has(pb Message) bool {
-	return ms.find(pb) != nil
-}
-
-func (ms *messageSet) Unmarshal(pb Message) error {
-	if item := ms.find(pb); item != nil {
-		return Unmarshal(item.Message, pb)
-	}
-	if _, ok := pb.(messageTypeIder); !ok {
-		return errNoMessageTypeID
-	}
-	return nil // TODO: return error instead?
-}
-
-func (ms *messageSet) Marshal(pb Message) error {
-	msg, err := Marshal(pb)
-	if err != nil {
-		return err
-	}
-	if item := ms.find(pb); item != nil {
-		// reuse existing item
-		item.Message = msg
-		return nil
-	}
-
-	mti, ok := pb.(messageTypeIder)
-	if !ok {
-		return errNoMessageTypeID
-	}
-
-	mtid := mti.MessageTypeId()
-	ms.Item = append(ms.Item, &_MessageSet_Item{
-		TypeId:  &mtid,
-		Message: msg,
-	})
-	return nil
-}
-
-func (ms *messageSet) Reset()         { *ms = messageSet{} }
-func (ms *messageSet) String() string { return CompactTextString(ms) }
-func (*messageSet) ProtoMessage()     {}
-
-// Support for the message_set_wire_format message option.
-
-func skipVarint(buf []byte) []byte {
-	i := 0
-	for ; buf[i]&0x80 != 0; i++ {
-	}
-	return buf[i+1:]
-}
-
-// unmarshalMessageSet decodes the extension map encoded in buf in the message set wire format.
-// It is called by Unmarshal methods on protocol buffer messages with the message_set_wire_format option.
-func unmarshalMessageSet(buf []byte, exts interface{}) error {
-	var m map[int32]Extension
-	switch exts := exts.(type) {
-	case *XXX_InternalExtensions:
-		m = exts.extensionsWrite()
-	case map[int32]Extension:
-		m = exts
-	default:
-		return errors.New("proto: not an extension map")
-	}
-
-	ms := new(messageSet)
-	if err := Unmarshal(buf, ms); err != nil {
-		return err
-	}
-	for _, item := range ms.Item {
-		id := *item.TypeId
-		msg := item.Message
-
-		// Restore wire type and field number varint, plus length varint.
-		// Be careful to preserve duplicate items.
-		b := EncodeVarint(uint64(id)<<3 | WireBytes)
-		if ext, ok := m[id]; ok {
-			// Existing data; rip off the tag and length varint
-			// so we join the new data correctly.
-			// We can assume that ext.enc is set because we are unmarshaling.
-			o := ext.enc[len(b):]   // skip wire type and field number
-			_, n := DecodeVarint(o) // calculate length of length varint
-			o = o[n:]               // skip length varint
-			msg = append(o, msg...) // join old data and new data
-		}
-		b = append(b, EncodeVarint(uint64(len(msg)))...)
-		b = append(b, msg...)
-
-		m[id] = Extension{enc: b}
-	}
-	return nil
-}
diff --git a/vendor/github.com/golang/protobuf/proto/pointer_reflect.go b/vendor/github.com/golang/protobuf/proto/pointer_reflect.go
deleted file mode 100644
index 94fa9194a..000000000
--- a/vendor/github.com/golang/protobuf/proto/pointer_reflect.go
+++ /dev/null
@@ -1,360 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2012 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// +build purego appengine js
-
-// This file contains an implementation of proto field accesses using package reflect.
-// It is slower than the code in pointer_unsafe.go but it avoids package unsafe and can
-// be used on App Engine.
-
-package proto
-
-import (
-	"reflect"
-	"sync"
-)
-
-const unsafeAllowed = false
-
-// A field identifies a field in a struct, accessible from a pointer.
-// In this implementation, a field is identified by the sequence of field indices
-// passed to reflect's FieldByIndex.
-type field []int
-
-// toField returns a field equivalent to the given reflect field.
-func toField(f *reflect.StructField) field {
-	return f.Index
-}
-
-// invalidField is an invalid field identifier.
-var invalidField = field(nil)
-
-// zeroField is a noop when calling pointer.offset.
-var zeroField = field([]int{})
-
-// IsValid reports whether the field identifier is valid.
-func (f field) IsValid() bool { return f != nil }
-
-// The pointer type is for the table-driven decoder.
-// The implementation here uses a reflect.Value of pointer type to
-// create a generic pointer. In pointer_unsafe.go we use unsafe
-// instead of reflect to implement the same (but faster) interface.
-type pointer struct {
-	v reflect.Value
-}
-
-// toPointer converts an interface of pointer type to a pointer
-// that points to the same target.
-func toPointer(i *Message) pointer {
-	return pointer{v: reflect.ValueOf(*i)}
-}
-
-// toAddrPointer converts an interface to a pointer that points to
-// the interface data.
-func toAddrPointer(i *interface{}, isptr, deref bool) pointer {
-	v := reflect.ValueOf(*i)
-	u := reflect.New(v.Type())
-	u.Elem().Set(v)
-	if deref {
-		u = u.Elem()
-	}
-	return pointer{v: u}
-}
-
-// valToPointer converts v to a pointer.  v must be of pointer type.
-func valToPointer(v reflect.Value) pointer {
-	return pointer{v: v}
-}
-
-// offset converts from a pointer to a structure to a pointer to
-// one of its fields.
-func (p pointer) offset(f field) pointer {
-	return pointer{v: p.v.Elem().FieldByIndex(f).Addr()}
-}
-
-func (p pointer) isNil() bool {
-	return p.v.IsNil()
-}
-
-// grow updates the slice s in place to make it one element longer.
-// s must be addressable.
-// Returns the (addressable) new element.
-func grow(s reflect.Value) reflect.Value {
-	n, m := s.Len(), s.Cap()
-	if n < m {
-		s.SetLen(n + 1)
-	} else {
-		s.Set(reflect.Append(s, reflect.Zero(s.Type().Elem())))
-	}
-	return s.Index(n)
-}
-
-func (p pointer) toInt64() *int64 {
-	return p.v.Interface().(*int64)
-}
-func (p pointer) toInt64Ptr() **int64 {
-	return p.v.Interface().(**int64)
-}
-func (p pointer) toInt64Slice() *[]int64 {
-	return p.v.Interface().(*[]int64)
-}
-
-var int32ptr = reflect.TypeOf((*int32)(nil))
-
-func (p pointer) toInt32() *int32 {
-	return p.v.Convert(int32ptr).Interface().(*int32)
-}
-
-// The toInt32Ptr/Slice methods don't work because of enums.
-// Instead, we must use set/get methods for the int32ptr/slice case.
-/*
-	func (p pointer) toInt32Ptr() **int32 {
-		return p.v.Interface().(**int32)
-}
-	func (p pointer) toInt32Slice() *[]int32 {
-		return p.v.Interface().(*[]int32)
-}
-*/
-func (p pointer) getInt32Ptr() *int32 {
-	if p.v.Type().Elem().Elem() == reflect.TypeOf(int32(0)) {
-		// raw int32 type
-		return p.v.Elem().Interface().(*int32)
-	}
-	// an enum
-	return p.v.Elem().Convert(int32PtrType).Interface().(*int32)
-}
-func (p pointer) setInt32Ptr(v int32) {
-	// Allocate value in a *int32. Possibly convert that to a *enum.
-	// Then assign it to a **int32 or **enum.
-	// Note: we can convert *int32 to *enum, but we can't convert
-	// **int32 to **enum!
-	p.v.Elem().Set(reflect.ValueOf(&v).Convert(p.v.Type().Elem()))
-}
-
-// getInt32Slice copies []int32 from p as a new slice.
-// This behavior differs from the implementation in pointer_unsafe.go.
-func (p pointer) getInt32Slice() []int32 {
-	if p.v.Type().Elem().Elem() == reflect.TypeOf(int32(0)) {
-		// raw int32 type
-		return p.v.Elem().Interface().([]int32)
-	}
-	// an enum
-	// Allocate a []int32, then assign []enum's values into it.
-	// Note: we can't convert []enum to []int32.
-	slice := p.v.Elem()
-	s := make([]int32, slice.Len())
-	for i := 0; i < slice.Len(); i++ {
-		s[i] = int32(slice.Index(i).Int())
-	}
-	return s
-}
-
-// setInt32Slice copies []int32 into p as a new slice.
-// This behavior differs from the implementation in pointer_unsafe.go.
-func (p pointer) setInt32Slice(v []int32) {
-	if p.v.Type().Elem().Elem() == reflect.TypeOf(int32(0)) {
-		// raw int32 type
-		p.v.Elem().Set(reflect.ValueOf(v))
-		return
-	}
-	// an enum
-	// Allocate a []enum, then assign []int32's values into it.
-	// Note: we can't convert []enum to []int32.
-	slice := reflect.MakeSlice(p.v.Type().Elem(), len(v), cap(v))
-	for i, x := range v {
-		slice.Index(i).SetInt(int64(x))
-	}
-	p.v.Elem().Set(slice)
-}
-func (p pointer) appendInt32Slice(v int32) {
-	grow(p.v.Elem()).SetInt(int64(v))
-}
-
-func (p pointer) toUint64() *uint64 {
-	return p.v.Interface().(*uint64)
-}
-func (p pointer) toUint64Ptr() **uint64 {
-	return p.v.Interface().(**uint64)
-}
-func (p pointer) toUint64Slice() *[]uint64 {
-	return p.v.Interface().(*[]uint64)
-}
-func (p pointer) toUint32() *uint32 {
-	return p.v.Interface().(*uint32)
-}
-func (p pointer) toUint32Ptr() **uint32 {
-	return p.v.Interface().(**uint32)
-}
-func (p pointer) toUint32Slice() *[]uint32 {
-	return p.v.Interface().(*[]uint32)
-}
-func (p pointer) toBool() *bool {
-	return p.v.Interface().(*bool)
-}
-func (p pointer) toBoolPtr() **bool {
-	return p.v.Interface().(**bool)
-}
-func (p pointer) toBoolSlice() *[]bool {
-	return p.v.Interface().(*[]bool)
-}
-func (p pointer) toFloat64() *float64 {
-	return p.v.Interface().(*float64)
-}
-func (p pointer) toFloat64Ptr() **float64 {
-	return p.v.Interface().(**float64)
-}
-func (p pointer) toFloat64Slice() *[]float64 {
-	return p.v.Interface().(*[]float64)
-}
-func (p pointer) toFloat32() *float32 {
-	return p.v.Interface().(*float32)
-}
-func (p pointer) toFloat32Ptr() **float32 {
-	return p.v.Interface().(**float32)
-}
-func (p pointer) toFloat32Slice() *[]float32 {
-	return p.v.Interface().(*[]float32)
-}
-func (p pointer) toString() *string {
-	return p.v.Interface().(*string)
-}
-func (p pointer) toStringPtr() **string {
-	return p.v.Interface().(**string)
-}
-func (p pointer) toStringSlice() *[]string {
-	return p.v.Interface().(*[]string)
-}
-func (p pointer) toBytes() *[]byte {
-	return p.v.Interface().(*[]byte)
-}
-func (p pointer) toBytesSlice() *[][]byte {
-	return p.v.Interface().(*[][]byte)
-}
-func (p pointer) toExtensions() *XXX_InternalExtensions {
-	return p.v.Interface().(*XXX_InternalExtensions)
-}
-func (p pointer) toOldExtensions() *map[int32]Extension {
-	return p.v.Interface().(*map[int32]Extension)
-}
-func (p pointer) getPointer() pointer {
-	return pointer{v: p.v.Elem()}
-}
-func (p pointer) setPointer(q pointer) {
-	p.v.Elem().Set(q.v)
-}
-func (p pointer) appendPointer(q pointer) {
-	grow(p.v.Elem()).Set(q.v)
-}
-
-// getPointerSlice copies []*T from p as a new []pointer.
-// This behavior differs from the implementation in pointer_unsafe.go.
-func (p pointer) getPointerSlice() []pointer {
-	if p.v.IsNil() {
-		return nil
-	}
-	n := p.v.Elem().Len()
-	s := make([]pointer, n)
-	for i := 0; i < n; i++ {
-		s[i] = pointer{v: p.v.Elem().Index(i)}
-	}
-	return s
-}
-
-// setPointerSlice copies []pointer into p as a new []*T.
-// This behavior differs from the implementation in pointer_unsafe.go.
-func (p pointer) setPointerSlice(v []pointer) {
-	if v == nil {
-		p.v.Elem().Set(reflect.New(p.v.Elem().Type()).Elem())
-		return
-	}
-	s := reflect.MakeSlice(p.v.Elem().Type(), 0, len(v))
-	for _, p := range v {
-		s = reflect.Append(s, p.v)
-	}
-	p.v.Elem().Set(s)
-}
-
-// getInterfacePointer returns a pointer that points to the
-// interface data of the interface pointed by p.
-func (p pointer) getInterfacePointer() pointer {
-	if p.v.Elem().IsNil() {
-		return pointer{v: p.v.Elem()}
-	}
-	return pointer{v: p.v.Elem().Elem().Elem().Field(0).Addr()} // *interface -> interface -> *struct -> struct
-}
-
-func (p pointer) asPointerTo(t reflect.Type) reflect.Value {
-	// TODO: check that p.v.Type().Elem() == t?
-	return p.v
-}
-
-func atomicLoadUnmarshalInfo(p **unmarshalInfo) *unmarshalInfo {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	return *p
-}
-func atomicStoreUnmarshalInfo(p **unmarshalInfo, v *unmarshalInfo) {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	*p = v
-}
-func atomicLoadMarshalInfo(p **marshalInfo) *marshalInfo {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	return *p
-}
-func atomicStoreMarshalInfo(p **marshalInfo, v *marshalInfo) {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	*p = v
-}
-func atomicLoadMergeInfo(p **mergeInfo) *mergeInfo {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	return *p
-}
-func atomicStoreMergeInfo(p **mergeInfo, v *mergeInfo) {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	*p = v
-}
-func atomicLoadDiscardInfo(p **discardInfo) *discardInfo {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	return *p
-}
-func atomicStoreDiscardInfo(p **discardInfo, v *discardInfo) {
-	atomicLock.Lock()
-	defer atomicLock.Unlock()
-	*p = v
-}
-
-var atomicLock sync.Mutex
diff --git a/vendor/github.com/golang/protobuf/proto/pointer_unsafe.go b/vendor/github.com/golang/protobuf/proto/pointer_unsafe.go
deleted file mode 100644
index dbfffe071..000000000
--- a/vendor/github.com/golang/protobuf/proto/pointer_unsafe.go
+++ /dev/null
@@ -1,313 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2012 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// +build !purego,!appengine,!js
-
-// This file contains the implementation of the proto field accesses using package unsafe.
-
-package proto
-
-import (
-	"reflect"
-	"sync/atomic"
-	"unsafe"
-)
-
-const unsafeAllowed = true
-
-// A field identifies a field in a struct, accessible from a pointer.
-// In this implementation, a field is identified by its byte offset from the start of the struct.
-type field uintptr
-
-// toField returns a field equivalent to the given reflect field.
-func toField(f *reflect.StructField) field {
-	return field(f.Offset)
-}
-
-// invalidField is an invalid field identifier.
-const invalidField = ^field(0)
-
-// zeroField is a noop when calling pointer.offset.
-const zeroField = field(0)
-
-// IsValid reports whether the field identifier is valid.
-func (f field) IsValid() bool {
-	return f != invalidField
-}
-
-// The pointer type below is for the new table-driven encoder/decoder.
-// The implementation here uses unsafe.Pointer to create a generic pointer.
-// In pointer_reflect.go we use reflect instead of unsafe to implement
-// the same (but slower) interface.
-type pointer struct {
-	p unsafe.Pointer
-}
-
-// size of pointer
-var ptrSize = unsafe.Sizeof(uintptr(0))
-
-// toPointer converts an interface of pointer type to a pointer
-// that points to the same target.
-func toPointer(i *Message) pointer {
-	// Super-tricky - read pointer out of data word of interface value.
-	// Saves ~25ns over the equivalent:
-	// return valToPointer(reflect.ValueOf(*i))
-	return pointer{p: (*[2]unsafe.Pointer)(unsafe.Pointer(i))[1]}
-}
-
-// toAddrPointer converts an interface to a pointer that points to
-// the interface data.
-func toAddrPointer(i *interface{}, isptr, deref bool) (p pointer) {
-	// Super-tricky - read or get the address of data word of interface value.
-	if isptr {
-		// The interface is of pointer type, thus it is a direct interface.
-		// The data word is the pointer data itself. We take its address.
-		p = pointer{p: unsafe.Pointer(uintptr(unsafe.Pointer(i)) + ptrSize)}
-	} else {
-		// The interface is not of pointer type. The data word is the pointer
-		// to the data.
-		p = pointer{p: (*[2]unsafe.Pointer)(unsafe.Pointer(i))[1]}
-	}
-	if deref {
-		p.p = *(*unsafe.Pointer)(p.p)
-	}
-	return p
-}
-
-// valToPointer converts v to a pointer. v must be of pointer type.
-func valToPointer(v reflect.Value) pointer {
-	return pointer{p: unsafe.Pointer(v.Pointer())}
-}
-
-// offset converts from a pointer to a structure to a pointer to
-// one of its fields.
-func (p pointer) offset(f field) pointer {
-	// For safety, we should panic if !f.IsValid, however calling panic causes
-	// this to no longer be inlineable, which is a serious performance cost.
-	/*
-		if !f.IsValid() {
-			panic("invalid field")
-		}
-	*/
-	return pointer{p: unsafe.Pointer(uintptr(p.p) + uintptr(f))}
-}
-
-func (p pointer) isNil() bool {
-	return p.p == nil
-}
-
-func (p pointer) toInt64() *int64 {
-	return (*int64)(p.p)
-}
-func (p pointer) toInt64Ptr() **int64 {
-	return (**int64)(p.p)
-}
-func (p pointer) toInt64Slice() *[]int64 {
-	return (*[]int64)(p.p)
-}
-func (p pointer) toInt32() *int32 {
-	return (*int32)(p.p)
-}
-
-// See pointer_reflect.go for why toInt32Ptr/Slice doesn't exist.
-/*
-	func (p pointer) toInt32Ptr() **int32 {
-		return (**int32)(p.p)
-	}
-	func (p pointer) toInt32Slice() *[]int32 {
-		return (*[]int32)(p.p)
-	}
-*/
-func (p pointer) getInt32Ptr() *int32 {
-	return *(**int32)(p.p)
-}
-func (p pointer) setInt32Ptr(v int32) {
-	*(**int32)(p.p) = &v
-}
-
-// getInt32Slice loads a []int32 from p.
-// The value returned is aliased with the original slice.
-// This behavior differs from the implementation in pointer_reflect.go.
-func (p pointer) getInt32Slice() []int32 {
-	return *(*[]int32)(p.p)
-}
-
-// setInt32Slice stores a []int32 to p.
-// The value set is aliased with the input slice.
-// This behavior differs from the implementation in pointer_reflect.go.
-func (p pointer) setInt32Slice(v []int32) {
-	*(*[]int32)(p.p) = v
-}
-
-// TODO: Can we get rid of appendInt32Slice and use setInt32Slice instead?
-func (p pointer) appendInt32Slice(v int32) {
-	s := (*[]int32)(p.p)
-	*s = append(*s, v)
-}
-
-func (p pointer) toUint64() *uint64 {
-	return (*uint64)(p.p)
-}
-func (p pointer) toUint64Ptr() **uint64 {
-	return (**uint64)(p.p)
-}
-func (p pointer) toUint64Slice() *[]uint64 {
-	return (*[]uint64)(p.p)
-}
-func (p pointer) toUint32() *uint32 {
-	return (*uint32)(p.p)
-}
-func (p pointer) toUint32Ptr() **uint32 {
-	return (**uint32)(p.p)
-}
-func (p pointer) toUint32Slice() *[]uint32 {
-	return (*[]uint32)(p.p)
-}
-func (p pointer) toBool() *bool {
-	return (*bool)(p.p)
-}
-func (p pointer) toBoolPtr() **bool {
-	return (**bool)(p.p)
-}
-func (p pointer) toBoolSlice() *[]bool {
-	return (*[]bool)(p.p)
-}
-func (p pointer) toFloat64() *float64 {
-	return (*float64)(p.p)
-}
-func (p pointer) toFloat64Ptr() **float64 {
-	return (**float64)(p.p)
-}
-func (p pointer) toFloat64Slice() *[]float64 {
-	return (*[]float64)(p.p)
-}
-func (p pointer) toFloat32() *float32 {
-	return (*float32)(p.p)
-}
-func (p pointer) toFloat32Ptr() **float32 {
-	return (**float32)(p.p)
-}
-func (p pointer) toFloat32Slice() *[]float32 {
-	return (*[]float32)(p.p)
-}
-func (p pointer) toString() *string {
-	return (*string)(p.p)
-}
-func (p pointer) toStringPtr() **string {
-	return (**string)(p.p)
-}
-func (p pointer) toStringSlice() *[]string {
-	return (*[]string)(p.p)
-}
-func (p pointer) toBytes() *[]byte {
-	return (*[]byte)(p.p)
-}
-func (p pointer) toBytesSlice() *[][]byte {
-	return (*[][]byte)(p.p)
-}
-func (p pointer) toExtensions() *XXX_InternalExtensions {
-	return (*XXX_InternalExtensions)(p.p)
-}
-func (p pointer) toOldExtensions() *map[int32]Extension {
-	return (*map[int32]Extension)(p.p)
-}
-
-// getPointerSlice loads []*T from p as a []pointer.
-// The value returned is aliased with the original slice.
-// This behavior differs from the implementation in pointer_reflect.go.
-func (p pointer) getPointerSlice() []pointer {
-	// Super-tricky - p should point to a []*T where T is a
-	// message type. We load it as []pointer.
-	return *(*[]pointer)(p.p)
-}
-
-// setPointerSlice stores []pointer into p as a []*T.
-// The value set is aliased with the input slice.
-// This behavior differs from the implementation in pointer_reflect.go.
-func (p pointer) setPointerSlice(v []pointer) {
-	// Super-tricky - p should point to a []*T where T is a
-	// message type. We store it as []pointer.
-	*(*[]pointer)(p.p) = v
-}
-
-// getPointer loads the pointer at p and returns it.
-func (p pointer) getPointer() pointer {
-	return pointer{p: *(*unsafe.Pointer)(p.p)}
-}
-
-// setPointer stores the pointer q at p.
-func (p pointer) setPointer(q pointer) {
-	*(*unsafe.Pointer)(p.p) = q.p
-}
-
-// append q to the slice pointed to by p.
-func (p pointer) appendPointer(q pointer) {
-	s := (*[]unsafe.Pointer)(p.p)
-	*s = append(*s, q.p)
-}
-
-// getInterfacePointer returns a pointer that points to the
-// interface data of the interface pointed by p.
-func (p pointer) getInterfacePointer() pointer {
-	// Super-tricky - read pointer out of data word of interface value.
-	return pointer{p: (*(*[2]unsafe.Pointer)(p.p))[1]}
-}
-
-// asPointerTo returns a reflect.Value that is a pointer to an
-// object of type t stored at p.
-func (p pointer) asPointerTo(t reflect.Type) reflect.Value {
-	return reflect.NewAt(t, p.p)
-}
-
-func atomicLoadUnmarshalInfo(p **unmarshalInfo) *unmarshalInfo {
-	return (*unmarshalInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
-}
-func atomicStoreUnmarshalInfo(p **unmarshalInfo, v *unmarshalInfo) {
-	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
-}
-func atomicLoadMarshalInfo(p **marshalInfo) *marshalInfo {
-	return (*marshalInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
-}
-func atomicStoreMarshalInfo(p **marshalInfo, v *marshalInfo) {
-	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
-}
-func atomicLoadMergeInfo(p **mergeInfo) *mergeInfo {
-	return (*mergeInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
-}
-func atomicStoreMergeInfo(p **mergeInfo, v *mergeInfo) {
-	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
-}
-func atomicLoadDiscardInfo(p **discardInfo) *discardInfo {
-	return (*discardInfo)(atomic.LoadPointer((*unsafe.Pointer)(unsafe.Pointer(p))))
-}
-func atomicStoreDiscardInfo(p **discardInfo, v *discardInfo) {
-	atomic.StorePointer((*unsafe.Pointer)(unsafe.Pointer(p)), unsafe.Pointer(v))
-}
diff --git a/vendor/github.com/golang/protobuf/proto/properties.go b/vendor/github.com/golang/protobuf/proto/properties.go
index 79668ff5c..dcdc2202f 100644
--- a/vendor/github.com/golang/protobuf/proto/properties.go
+++ b/vendor/github.com/golang/protobuf/proto/properties.go
@@ -1,163 +1,104 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
 
 package proto
 
-/*
- * Routines for encoding data into the wire format for protocol buffers.
- */
-
 import (
 	"fmt"
-	"log"
-	"os"
 	"reflect"
-	"sort"
 	"strconv"
 	"strings"
 	"sync"
-)
-
-const debug bool = false
 
-// Constants that identify the encoding of a value on the wire.
-const (
-	WireVarint     = 0
-	WireFixed64    = 1
-	WireBytes      = 2
-	WireStartGroup = 3
-	WireEndGroup   = 4
-	WireFixed32    = 5
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/runtime/protoimpl"
 )
 
-// tagMap is an optimization over map[int]int for typical protocol buffer
-// use-cases. Encoded protocol buffers are often in tag order with small tag
-// numbers.
-type tagMap struct {
-	fastTags []int
-	slowTags map[int]int
-}
-
-// tagMapFastLimit is the upper bound on the tag number that will be stored in
-// the tagMap slice rather than its map.
-const tagMapFastLimit = 1024
-
-func (p *tagMap) get(t int) (int, bool) {
-	if t > 0 && t < tagMapFastLimit {
-		if t >= len(p.fastTags) {
-			return 0, false
-		}
-		fi := p.fastTags[t]
-		return fi, fi >= 0
-	}
-	fi, ok := p.slowTags[t]
-	return fi, ok
-}
-
-func (p *tagMap) put(t int, fi int) {
-	if t > 0 && t < tagMapFastLimit {
-		for len(p.fastTags) < t+1 {
-			p.fastTags = append(p.fastTags, -1)
-		}
-		p.fastTags[t] = fi
-		return
-	}
-	if p.slowTags == nil {
-		p.slowTags = make(map[int]int)
-	}
-	p.slowTags[t] = fi
-}
-
-// StructProperties represents properties for all the fields of a struct.
-// decoderTags and decoderOrigNames should only be used by the decoder.
+// StructProperties represents protocol buffer type information for a
+// generated protobuf message in the open-struct API.
+//
+// Deprecated: Do not use.
 type StructProperties struct {
-	Prop             []*Properties  // properties for each field
-	reqCount         int            // required count
-	decoderTags      tagMap         // map from proto tag to struct field number
-	decoderOrigNames map[string]int // map from original name to struct field number
-	order            []int          // list of struct field numbers in tag order
+	// Prop are the properties for each field.
+	//
+	// Fields belonging to a oneof are stored in OneofTypes instead, with a
+	// single Properties representing the parent oneof held here.
+	//
+	// The order of Prop matches the order of fields in the Go struct.
+	// Struct fields that are not related to protobufs have a "XXX_" prefix
+	// in the Properties.Name and must be ignored by the user.
+	Prop []*Properties
 
 	// OneofTypes contains information about the oneof fields in this message.
-	// It is keyed by the original name of a field.
+	// It is keyed by the protobuf field name.
 	OneofTypes map[string]*OneofProperties
 }
 
-// OneofProperties represents information about a specific field in a oneof.
-type OneofProperties struct {
-	Type  reflect.Type // pointer to generated struct type for this oneof field
-	Field int          // struct field number of the containing oneof in the message
-	Prop  *Properties
-}
-
-// Implement the sorting interface so we can sort the fields in tag order, as recommended by the spec.
-// See encode.go, (*Buffer).enc_struct.
-
-func (sp *StructProperties) Len() int { return len(sp.order) }
-func (sp *StructProperties) Less(i, j int) bool {
-	return sp.Prop[sp.order[i]].Tag < sp.Prop[sp.order[j]].Tag
-}
-func (sp *StructProperties) Swap(i, j int) { sp.order[i], sp.order[j] = sp.order[j], sp.order[i] }
-
-// Properties represents the protocol-specific behavior of a single struct field.
+// Properties represents the type information for a protobuf message field.
+//
+// Deprecated: Do not use.
 type Properties struct {
-	Name     string // name of the field, for error messages
-	OrigName string // original name before protocol compiler (always set)
-	JSONName string // name to use for JSON; determined by protoc
-	Wire     string
+	// Name is a placeholder name with little meaningful semantic value.
+	// If the name has an "XXX_" prefix, the entire Properties must be ignored.
+	Name string
+	// OrigName is the protobuf field name or oneof name.
+	OrigName string
+	// JSONName is the JSON name for the protobuf field.
+	JSONName string
+	// Enum is a placeholder name for enums.
+	// For historical reasons, this is neither the Go name for the enum,
+	// nor the protobuf name for the enum.
+	Enum string // Deprecated: Do not use.
+	// Weak contains the full name of the weakly referenced message.
+	Weak string
+	// Wire is a string representation of the wire type.
+	Wire string
+	// WireType is the protobuf wire type for the field.
 	WireType int
-	Tag      int
+	// Tag is the protobuf field number.
+	Tag int
+	// Required reports whether this is a required field.
 	Required bool
+	// Optional reports whether this is a optional field.
 	Optional bool
+	// Repeated reports whether this is a repeated field.
 	Repeated bool
-	Packed   bool   // relevant for repeated primitives only
-	Enum     string // set for enum types only
-	proto3   bool   // whether this is known to be a proto3 field
-	oneof    bool   // whether this is a oneof field
-
-	Default    string // default value
-	HasDefault bool   // whether an explicit default was provided
-
-	stype reflect.Type      // set for struct types only
-	sprop *StructProperties // set for struct types only
+	// Packed reports whether this is a packed repeated field of scalars.
+	Packed bool
+	// Proto3 reports whether this field operates under the proto3 syntax.
+	Proto3 bool
+	// Oneof reports whether this field belongs within a oneof.
+	Oneof bool
+
+	// Default is the default value in string form.
+	Default string
+	// HasDefault reports whether the field has a default value.
+	HasDefault bool
+
+	// MapKeyProp is the properties for the key field for a map field.
+	MapKeyProp *Properties
+	// MapValProp is the properties for the value field for a map field.
+	MapValProp *Properties
+}
 
-	mtype      reflect.Type // set for map types only
-	MapKeyProp *Properties  // set for map types only
-	MapValProp *Properties  // set for map types only
+// OneofProperties represents the type information for a protobuf oneof.
+//
+// Deprecated: Do not use.
+type OneofProperties struct {
+	// Type is a pointer to the generated wrapper type for the field value.
+	// This is nil for messages that are not in the open-struct API.
+	Type reflect.Type
+	// Field is the index into StructProperties.Prop for the containing oneof.
+	Field int
+	// Prop is the properties for the field.
+	Prop *Properties
 }
 
 // String formats the properties in the protobuf struct field tag style.
 func (p *Properties) String() string {
 	s := p.Wire
-	s += ","
-	s += strconv.Itoa(p.Tag)
+	s += "," + strconv.Itoa(p.Tag)
 	if p.Required {
 		s += ",req"
 	}
@@ -171,18 +112,21 @@ func (p *Properties) String() string {
 		s += ",packed"
 	}
 	s += ",name=" + p.OrigName
-	if p.JSONName != p.OrigName {
+	if p.JSONName != "" {
 		s += ",json=" + p.JSONName
 	}
-	if p.proto3 {
+	if len(p.Enum) > 0 {
+		s += ",enum=" + p.Enum
+	}
+	if len(p.Weak) > 0 {
+		s += ",weak=" + p.Weak
+	}
+	if p.Proto3 {
 		s += ",proto3"
 	}
-	if p.oneof {
+	if p.Oneof {
 		s += ",oneof"
 	}
-	if len(p.Enum) > 0 {
-		s += ",enum=" + p.Enum
-	}
 	if p.HasDefault {
 		s += ",def=" + p.Default
 	}
@@ -190,356 +134,173 @@ func (p *Properties) String() string {
 }
 
 // Parse populates p by parsing a string in the protobuf struct field tag style.
-func (p *Properties) Parse(s string) {
-	// "bytes,49,opt,name=foo,def=hello!"
-	fields := strings.Split(s, ",") // breaks def=, but handled below.
-	if len(fields) < 2 {
-		fmt.Fprintf(os.Stderr, "proto: tag has too few fields: %q\n", s)
-		return
-	}
-
-	p.Wire = fields[0]
-	switch p.Wire {
-	case "varint":
-		p.WireType = WireVarint
-	case "fixed32":
-		p.WireType = WireFixed32
-	case "fixed64":
-		p.WireType = WireFixed64
-	case "zigzag32":
-		p.WireType = WireVarint
-	case "zigzag64":
-		p.WireType = WireVarint
-	case "bytes", "group":
-		p.WireType = WireBytes
-		// no numeric converter for non-numeric types
-	default:
-		fmt.Fprintf(os.Stderr, "proto: tag has unknown wire type: %q\n", s)
-		return
-	}
-
-	var err error
-	p.Tag, err = strconv.Atoi(fields[1])
-	if err != nil {
-		return
-	}
-
-outer:
-	for i := 2; i < len(fields); i++ {
-		f := fields[i]
-		switch {
-		case f == "req":
-			p.Required = true
-		case f == "opt":
+func (p *Properties) Parse(tag string) {
+	// For example: "bytes,49,opt,name=foo,def=hello!"
+	for len(tag) > 0 {
+		i := strings.IndexByte(tag, ',')
+		if i < 0 {
+			i = len(tag)
+		}
+		switch s := tag[:i]; {
+		case strings.HasPrefix(s, "name="):
+			p.OrigName = s[len("name="):]
+		case strings.HasPrefix(s, "json="):
+			p.JSONName = s[len("json="):]
+		case strings.HasPrefix(s, "enum="):
+			p.Enum = s[len("enum="):]
+		case strings.HasPrefix(s, "weak="):
+			p.Weak = s[len("weak="):]
+		case strings.Trim(s, "0123456789") == "":
+			n, _ := strconv.ParseUint(s, 10, 32)
+			p.Tag = int(n)
+		case s == "opt":
 			p.Optional = true
-		case f == "rep":
+		case s == "req":
+			p.Required = true
+		case s == "rep":
 			p.Repeated = true
-		case f == "packed":
+		case s == "varint" || s == "zigzag32" || s == "zigzag64":
+			p.Wire = s
+			p.WireType = WireVarint
+		case s == "fixed32":
+			p.Wire = s
+			p.WireType = WireFixed32
+		case s == "fixed64":
+			p.Wire = s
+			p.WireType = WireFixed64
+		case s == "bytes":
+			p.Wire = s
+			p.WireType = WireBytes
+		case s == "group":
+			p.Wire = s
+			p.WireType = WireStartGroup
+		case s == "packed":
 			p.Packed = true
-		case strings.HasPrefix(f, "name="):
-			p.OrigName = f[5:]
-		case strings.HasPrefix(f, "json="):
-			p.JSONName = f[5:]
-		case strings.HasPrefix(f, "enum="):
-			p.Enum = f[5:]
-		case f == "proto3":
-			p.proto3 = true
-		case f == "oneof":
-			p.oneof = true
-		case strings.HasPrefix(f, "def="):
+		case s == "proto3":
+			p.Proto3 = true
+		case s == "oneof":
+			p.Oneof = true
+		case strings.HasPrefix(s, "def="):
+			// The default tag is special in that everything afterwards is the
+			// default regardless of the presence of commas.
 			p.HasDefault = true
-			p.Default = f[4:] // rest of string
-			if i+1 < len(fields) {
-				// Commas aren't escaped, and def is always last.
-				p.Default += "," + strings.Join(fields[i+1:], ",")
-				break outer
-			}
-		}
-	}
-}
-
-var protoMessageType = reflect.TypeOf((*Message)(nil)).Elem()
-
-// setFieldProps initializes the field properties for submessages and maps.
-func (p *Properties) setFieldProps(typ reflect.Type, f *reflect.StructField, lockGetProp bool) {
-	switch t1 := typ; t1.Kind() {
-	case reflect.Ptr:
-		if t1.Elem().Kind() == reflect.Struct {
-			p.stype = t1.Elem()
-		}
-
-	case reflect.Slice:
-		if t2 := t1.Elem(); t2.Kind() == reflect.Ptr && t2.Elem().Kind() == reflect.Struct {
-			p.stype = t2.Elem()
-		}
-
-	case reflect.Map:
-		p.mtype = t1
-		p.MapKeyProp = &Properties{}
-		p.MapKeyProp.init(reflect.PtrTo(p.mtype.Key()), "Key", f.Tag.Get("protobuf_key"), nil, lockGetProp)
-		p.MapValProp = &Properties{}
-		vtype := p.mtype.Elem()
-		if vtype.Kind() != reflect.Ptr && vtype.Kind() != reflect.Slice {
-			// The value type is not a message (*T) or bytes ([]byte),
-			// so we need encoders for the pointer to this type.
-			vtype = reflect.PtrTo(vtype)
-		}
-		p.MapValProp.init(vtype, "Value", f.Tag.Get("protobuf_val"), nil, lockGetProp)
-	}
-
-	if p.stype != nil {
-		if lockGetProp {
-			p.sprop = GetProperties(p.stype)
-		} else {
-			p.sprop = getPropertiesLocked(p.stype)
+			p.Default, i = tag[len("def="):], len(tag)
 		}
+		tag = strings.TrimPrefix(tag[i:], ",")
 	}
 }
 
-var (
-	marshalerType = reflect.TypeOf((*Marshaler)(nil)).Elem()
-)
-
 // Init populates the properties from a protocol buffer struct tag.
+//
+// Deprecated: Do not use.
 func (p *Properties) Init(typ reflect.Type, name, tag string, f *reflect.StructField) {
-	p.init(typ, name, tag, f, true)
-}
-
-func (p *Properties) init(typ reflect.Type, name, tag string, f *reflect.StructField, lockGetProp bool) {
-	// "bytes,49,opt,def=hello!"
 	p.Name = name
 	p.OrigName = name
 	if tag == "" {
 		return
 	}
 	p.Parse(tag)
-	p.setFieldProps(typ, f, lockGetProp)
+
+	if typ != nil && typ.Kind() == reflect.Map {
+		p.MapKeyProp = new(Properties)
+		p.MapKeyProp.Init(nil, "Key", f.Tag.Get("protobuf_key"), nil)
+		p.MapValProp = new(Properties)
+		p.MapValProp.Init(nil, "Value", f.Tag.Get("protobuf_val"), nil)
+	}
 }
 
-var (
-	propertiesMu  sync.RWMutex
-	propertiesMap = make(map[reflect.Type]*StructProperties)
-)
+var propertiesCache sync.Map // map[reflect.Type]*StructProperties
 
-// GetProperties returns the list of properties for the type represented by t.
-// t must represent a generated struct type of a protocol message.
+// GetProperties returns the list of properties for the type represented by t,
+// which must be a generated protocol buffer message in the open-struct API,
+// where protobuf message fields are represented by exported Go struct fields.
+//
+// Deprecated: Use protobuf reflection instead.
 func GetProperties(t reflect.Type) *StructProperties {
-	if t.Kind() != reflect.Struct {
-		panic("proto: type must have kind struct")
-	}
-
-	// Most calls to GetProperties in a long-running program will be
-	// retrieving details for types we have seen before.
-	propertiesMu.RLock()
-	sprop, ok := propertiesMap[t]
-	propertiesMu.RUnlock()
-	if ok {
-		return sprop
+	if p, ok := propertiesCache.Load(t); ok {
+		return p.(*StructProperties)
 	}
-
-	propertiesMu.Lock()
-	sprop = getPropertiesLocked(t)
-	propertiesMu.Unlock()
-	return sprop
+	p, _ := propertiesCache.LoadOrStore(t, newProperties(t))
+	return p.(*StructProperties)
 }
 
-type (
-	oneofFuncsIface interface {
-		XXX_OneofFuncs() (func(Message, *Buffer) error, func(Message, int, int, *Buffer) (bool, error), func(Message) int, []interface{})
-	}
-	oneofWrappersIface interface {
-		XXX_OneofWrappers() []interface{}
-	}
-)
-
-// getPropertiesLocked requires that propertiesMu is held.
-func getPropertiesLocked(t reflect.Type) *StructProperties {
-	if prop, ok := propertiesMap[t]; ok {
-		return prop
+func newProperties(t reflect.Type) *StructProperties {
+	if t.Kind() != reflect.Struct {
+		panic(fmt.Sprintf("%v is not a generated message in the open-struct API", t))
 	}
 
+	var hasOneof bool
 	prop := new(StructProperties)
-	// in case of recursive protos, fill this in now.
-	propertiesMap[t] = prop
-
-	// build properties
-	prop.Prop = make([]*Properties, t.NumField())
-	prop.order = make([]int, t.NumField())
 
+	// Construct a list of properties for each field in the struct.
 	for i := 0; i < t.NumField(); i++ {
-		f := t.Field(i)
 		p := new(Properties)
-		name := f.Name
-		p.init(f.Type, name, f.Tag.Get("protobuf"), &f, false)
+		f := t.Field(i)
+		tagField := f.Tag.Get("protobuf")
+		p.Init(f.Type, f.Name, tagField, &f)
 
-		oneof := f.Tag.Get("protobuf_oneof") // special case
-		if oneof != "" {
-			// Oneof fields don't use the traditional protobuf tag.
-			p.OrigName = oneof
+		tagOneof := f.Tag.Get("protobuf_oneof")
+		if tagOneof != "" {
+			hasOneof = true
+			p.OrigName = tagOneof
 		}
-		prop.Prop[i] = p
-		prop.order[i] = i
-		if debug {
-			print(i, " ", f.Name, " ", t.String(), " ")
-			if p.Tag > 0 {
-				print(p.String())
-			}
-			print("\n")
+
+		// Rename unrelated struct fields with the "XXX_" prefix since so much
+		// user code simply checks for this to exclude special fields.
+		if tagField == "" && tagOneof == "" && !strings.HasPrefix(p.Name, "XXX_") {
+			p.Name = "XXX_" + p.Name
+			p.OrigName = "XXX_" + p.OrigName
+		} else if p.Weak != "" {
+			p.Name = p.OrigName // avoid possible "XXX_" prefix on weak field
 		}
+
+		prop.Prop = append(prop.Prop, p)
 	}
 
-	// Re-order prop.order.
-	sort.Sort(prop)
+	// Construct a mapping of oneof field names to properties.
+	if hasOneof {
+		var oneofWrappers []interface{}
+		if fn, ok := reflect.PtrTo(t).MethodByName("XXX_OneofFuncs"); ok {
+			oneofWrappers = fn.Func.Call([]reflect.Value{reflect.Zero(fn.Type.In(0))})[3].Interface().([]interface{})
+		}
+		if fn, ok := reflect.PtrTo(t).MethodByName("XXX_OneofWrappers"); ok {
+			oneofWrappers = fn.Func.Call([]reflect.Value{reflect.Zero(fn.Type.In(0))})[0].Interface().([]interface{})
+		}
+		if m, ok := reflect.Zero(reflect.PtrTo(t)).Interface().(protoreflect.ProtoMessage); ok {
+			if m, ok := m.ProtoReflect().(interface{ ProtoMessageInfo() *protoimpl.MessageInfo }); ok {
+				oneofWrappers = m.ProtoMessageInfo().OneofWrappers
+			}
+		}
 
-	var oots []interface{}
-	switch m := reflect.Zero(reflect.PtrTo(t)).Interface().(type) {
-	case oneofFuncsIface:
-		_, _, _, oots = m.XXX_OneofFuncs()
-	case oneofWrappersIface:
-		oots = m.XXX_OneofWrappers()
-	}
-	if len(oots) > 0 {
-		// Interpret oneof metadata.
 		prop.OneofTypes = make(map[string]*OneofProperties)
-		for _, oot := range oots {
-			oop := &OneofProperties{
-				Type: reflect.ValueOf(oot).Type(), // *T
+		for _, wrapper := range oneofWrappers {
+			p := &OneofProperties{
+				Type: reflect.ValueOf(wrapper).Type(), // *T
 				Prop: new(Properties),
 			}
-			sft := oop.Type.Elem().Field(0)
-			oop.Prop.Name = sft.Name
-			oop.Prop.Parse(sft.Tag.Get("protobuf"))
-			// There will be exactly one interface field that
-			// this new value is assignable to.
-			for i := 0; i < t.NumField(); i++ {
-				f := t.Field(i)
-				if f.Type.Kind() != reflect.Interface {
-					continue
+			f := p.Type.Elem().Field(0)
+			p.Prop.Name = f.Name
+			p.Prop.Parse(f.Tag.Get("protobuf"))
+
+			// Determine the struct field that contains this oneof.
+			// Each wrapper is assignable to exactly one parent field.
+			var foundOneof bool
+			for i := 0; i < t.NumField() && !foundOneof; i++ {
+				if p.Type.AssignableTo(t.Field(i).Type) {
+					p.Field = i
+					foundOneof = true
 				}
-				if !oop.Type.AssignableTo(f.Type) {
-					continue
-				}
-				oop.Field = i
-				break
 			}
-			prop.OneofTypes[oop.Prop.OrigName] = oop
-		}
-	}
-
-	// build required counts
-	// build tags
-	reqCount := 0
-	prop.decoderOrigNames = make(map[string]int)
-	for i, p := range prop.Prop {
-		if strings.HasPrefix(p.Name, "XXX_") {
-			// Internal fields should not appear in tags/origNames maps.
-			// They are handled specially when encoding and decoding.
-			continue
-		}
-		if p.Required {
-			reqCount++
+			if !foundOneof {
+				panic(fmt.Sprintf("%v is not a generated message in the open-struct API", t))
+			}
+			prop.OneofTypes[p.Prop.OrigName] = p
 		}
-		prop.decoderTags.put(p.Tag, i)
-		prop.decoderOrigNames[p.OrigName] = i
 	}
-	prop.reqCount = reqCount
 
 	return prop
 }
 
-// A global registry of enum types.
-// The generated code will register the generated maps by calling RegisterEnum.
-
-var enumValueMaps = make(map[string]map[string]int32)
-
-// RegisterEnum is called from the generated code to install the enum descriptor
-// maps into the global table to aid parsing text format protocol buffers.
-func RegisterEnum(typeName string, unusedNameMap map[int32]string, valueMap map[string]int32) {
-	if _, ok := enumValueMaps[typeName]; ok {
-		panic("proto: duplicate enum registered: " + typeName)
-	}
-	enumValueMaps[typeName] = valueMap
-}
-
-// EnumValueMap returns the mapping from names to integers of the
-// enum type enumType, or a nil if not found.
-func EnumValueMap(enumType string) map[string]int32 {
-	return enumValueMaps[enumType]
-}
-
-// A registry of all linked message types.
-// The string is a fully-qualified proto name ("pkg.Message").
-var (
-	protoTypedNils = make(map[string]Message)      // a map from proto names to typed nil pointers
-	protoMapTypes  = make(map[string]reflect.Type) // a map from proto names to map types
-	revProtoTypes  = make(map[reflect.Type]string)
-)
-
-// RegisterType is called from generated code and maps from the fully qualified
-// proto name to the type (pointer to struct) of the protocol buffer.
-func RegisterType(x Message, name string) {
-	if _, ok := protoTypedNils[name]; ok {
-		// TODO: Some day, make this a panic.
-		log.Printf("proto: duplicate proto type registered: %s", name)
-		return
-	}
-	t := reflect.TypeOf(x)
-	if v := reflect.ValueOf(x); v.Kind() == reflect.Ptr && v.Pointer() == 0 {
-		// Generated code always calls RegisterType with nil x.
-		// This check is just for extra safety.
-		protoTypedNils[name] = x
-	} else {
-		protoTypedNils[name] = reflect.Zero(t).Interface().(Message)
-	}
-	revProtoTypes[t] = name
-}
-
-// RegisterMapType is called from generated code and maps from the fully qualified
-// proto name to the native map type of the proto map definition.
-func RegisterMapType(x interface{}, name string) {
-	if reflect.TypeOf(x).Kind() != reflect.Map {
-		panic(fmt.Sprintf("RegisterMapType(%T, %q); want map", x, name))
-	}
-	if _, ok := protoMapTypes[name]; ok {
-		log.Printf("proto: duplicate proto type registered: %s", name)
-		return
-	}
-	t := reflect.TypeOf(x)
-	protoMapTypes[name] = t
-	revProtoTypes[t] = name
-}
-
-// MessageName returns the fully-qualified proto name for the given message type.
-func MessageName(x Message) string {
-	type xname interface {
-		XXX_MessageName() string
-	}
-	if m, ok := x.(xname); ok {
-		return m.XXX_MessageName()
-	}
-	return revProtoTypes[reflect.TypeOf(x)]
-}
-
-// MessageType returns the message type (pointer to struct) for a named message.
-// The type is not guaranteed to implement proto.Message if the name refers to a
-// map entry.
-func MessageType(name string) reflect.Type {
-	if t, ok := protoTypedNils[name]; ok {
-		return reflect.TypeOf(t)
-	}
-	return protoMapTypes[name]
-}
-
-// A registry of all linked proto files.
-var (
-	protoFiles = make(map[string][]byte) // file name => fileDescriptor
-)
-
-// RegisterFile is called from generated code and maps from the
-// full file name of a .proto file to its compressed FileDescriptorProto.
-func RegisterFile(filename string, fileDescriptor []byte) {
-	protoFiles[filename] = fileDescriptor
-}
-
-// FileDescriptor returns the compressed FileDescriptorProto for a .proto file.
-func FileDescriptor(filename string) []byte { return protoFiles[filename] }
+func (sp *StructProperties) Len() int           { return len(sp.Prop) }
+func (sp *StructProperties) Less(i, j int) bool { return false }
+func (sp *StructProperties) Swap(i, j int)      { return }
diff --git a/vendor/github.com/golang/protobuf/proto/proto.go b/vendor/github.com/golang/protobuf/proto/proto.go
new file mode 100644
index 000000000..5aee89c32
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/proto/proto.go
@@ -0,0 +1,167 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package proto provides functionality for handling protocol buffer messages.
+// In particular, it provides marshaling and unmarshaling between a protobuf
+// message and the binary wire format.
+//
+// See https://developers.google.com/protocol-buffers/docs/gotutorial for
+// more information.
+//
+// Deprecated: Use the "google.golang.org/protobuf/proto" package instead.
+package proto
+
+import (
+	protoV2 "google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/runtime/protoiface"
+	"google.golang.org/protobuf/runtime/protoimpl"
+)
+
+const (
+	ProtoPackageIsVersion1 = true
+	ProtoPackageIsVersion2 = true
+	ProtoPackageIsVersion3 = true
+	ProtoPackageIsVersion4 = true
+)
+
+// GeneratedEnum is any enum type generated by protoc-gen-go
+// which is a named int32 kind.
+// This type exists for documentation purposes.
+type GeneratedEnum interface{}
+
+// GeneratedMessage is any message type generated by protoc-gen-go
+// which is a pointer to a named struct kind.
+// This type exists for documentation purposes.
+type GeneratedMessage interface{}
+
+// Message is a protocol buffer message.
+//
+// This is the v1 version of the message interface and is marginally better
+// than an empty interface as it lacks any method to programatically interact
+// with the contents of the message.
+//
+// A v2 message is declared in "google.golang.org/protobuf/proto".Message and
+// exposes protobuf reflection as a first-class feature of the interface.
+//
+// To convert a v1 message to a v2 message, use the MessageV2 function.
+// To convert a v2 message to a v1 message, use the MessageV1 function.
+type Message = protoiface.MessageV1
+
+// MessageV1 converts either a v1 or v2 message to a v1 message.
+// It returns nil if m is nil.
+func MessageV1(m GeneratedMessage) protoiface.MessageV1 {
+	return protoimpl.X.ProtoMessageV1Of(m)
+}
+
+// MessageV2 converts either a v1 or v2 message to a v2 message.
+// It returns nil if m is nil.
+func MessageV2(m GeneratedMessage) protoV2.Message {
+	return protoimpl.X.ProtoMessageV2Of(m)
+}
+
+// MessageReflect returns a reflective view for a message.
+// It returns nil if m is nil.
+func MessageReflect(m Message) protoreflect.Message {
+	return protoimpl.X.MessageOf(m)
+}
+
+// Marshaler is implemented by messages that can marshal themselves.
+// This interface is used by the following functions: Size, Marshal,
+// Buffer.Marshal, and Buffer.EncodeMessage.
+//
+// Deprecated: Do not implement.
+type Marshaler interface {
+	// Marshal formats the encoded bytes of the message.
+	// It should be deterministic and emit valid protobuf wire data.
+	// The caller takes ownership of the returned buffer.
+	Marshal() ([]byte, error)
+}
+
+// Unmarshaler is implemented by messages that can unmarshal themselves.
+// This interface is used by the following functions: Unmarshal, UnmarshalMerge,
+// Buffer.Unmarshal, Buffer.DecodeMessage, and Buffer.DecodeGroup.
+//
+// Deprecated: Do not implement.
+type Unmarshaler interface {
+	// Unmarshal parses the encoded bytes of the protobuf wire input.
+	// The provided buffer is only valid for during method call.
+	// It should not reset the receiver message.
+	Unmarshal([]byte) error
+}
+
+// Merger is implemented by messages that can merge themselves.
+// This interface is used by the following functions: Clone and Merge.
+//
+// Deprecated: Do not implement.
+type Merger interface {
+	// Merge merges the contents of src into the receiver message.
+	// It clones all data structures in src such that it aliases no mutable
+	// memory referenced by src.
+	Merge(src Message)
+}
+
+// RequiredNotSetError is an error type returned when
+// marshaling or unmarshaling a message with missing required fields.
+type RequiredNotSetError struct {
+	err error
+}
+
+func (e *RequiredNotSetError) Error() string {
+	if e.err != nil {
+		return e.err.Error()
+	}
+	return "proto: required field not set"
+}
+func (e *RequiredNotSetError) RequiredNotSet() bool {
+	return true
+}
+
+func checkRequiredNotSet(m protoV2.Message) error {
+	if err := protoV2.CheckInitialized(m); err != nil {
+		return &RequiredNotSetError{err: err}
+	}
+	return nil
+}
+
+// Clone returns a deep copy of src.
+func Clone(src Message) Message {
+	return MessageV1(protoV2.Clone(MessageV2(src)))
+}
+
+// Merge merges src into dst, which must be messages of the same type.
+//
+// Populated scalar fields in src are copied to dst, while populated
+// singular messages in src are merged into dst by recursively calling Merge.
+// The elements of every list field in src is appended to the corresponded
+// list fields in dst. The entries of every map field in src is copied into
+// the corresponding map field in dst, possibly replacing existing entries.
+// The unknown fields of src are appended to the unknown fields of dst.
+func Merge(dst, src Message) {
+	protoV2.Merge(MessageV2(dst), MessageV2(src))
+}
+
+// Equal reports whether two messages are equal.
+// If two messages marshal to the same bytes under deterministic serialization,
+// then Equal is guaranteed to report true.
+//
+// Two messages are equal if they are the same protobuf message type,
+// have the same set of populated known and extension field values,
+// and the same set of unknown fields values.
+//
+// Scalar values are compared with the equivalent of the == operator in Go,
+// except bytes values which are compared using bytes.Equal and
+// floating point values which specially treat NaNs as equal.
+// Message values are compared by recursively calling Equal.
+// Lists are equal if each element value is also equal.
+// Maps are equal if they have the same set of keys, where the pair of values
+// for each key is also equal.
+func Equal(x, y Message) bool {
+	return protoV2.Equal(MessageV2(x), MessageV2(y))
+}
+
+func isMessageSet(md protoreflect.MessageDescriptor) bool {
+	ms, ok := md.(interface{ IsMessageSet() bool })
+	return ok && ms.IsMessageSet()
+}
diff --git a/vendor/github.com/golang/protobuf/proto/registry.go b/vendor/github.com/golang/protobuf/proto/registry.go
new file mode 100644
index 000000000..066b4323b
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/proto/registry.go
@@ -0,0 +1,317 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proto
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"io/ioutil"
+	"reflect"
+	"strings"
+	"sync"
+
+	"google.golang.org/protobuf/reflect/protodesc"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/reflect/protoregistry"
+	"google.golang.org/protobuf/runtime/protoimpl"
+)
+
+// filePath is the path to the proto source file.
+type filePath = string // e.g., "google/protobuf/descriptor.proto"
+
+// fileDescGZIP is the compressed contents of the encoded FileDescriptorProto.
+type fileDescGZIP = []byte
+
+var fileCache sync.Map // map[filePath]fileDescGZIP
+
+// RegisterFile is called from generated code to register the compressed
+// FileDescriptorProto with the file path for a proto source file.
+//
+// Deprecated: Use protoregistry.GlobalFiles.RegisterFile instead.
+func RegisterFile(s filePath, d fileDescGZIP) {
+	// Decompress the descriptor.
+	zr, err := gzip.NewReader(bytes.NewReader(d))
+	if err != nil {
+		panic(fmt.Sprintf("proto: invalid compressed file descriptor: %v", err))
+	}
+	b, err := ioutil.ReadAll(zr)
+	if err != nil {
+		panic(fmt.Sprintf("proto: invalid compressed file descriptor: %v", err))
+	}
+
+	// Construct a protoreflect.FileDescriptor from the raw descriptor.
+	// Note that DescBuilder.Build automatically registers the constructed
+	// file descriptor with the v2 registry.
+	protoimpl.DescBuilder{RawDescriptor: b}.Build()
+
+	// Locally cache the raw descriptor form for the file.
+	fileCache.Store(s, d)
+}
+
+// FileDescriptor returns the compressed FileDescriptorProto given the file path
+// for a proto source file. It returns nil if not found.
+//
+// Deprecated: Use protoregistry.GlobalFiles.FindFileByPath instead.
+func FileDescriptor(s filePath) fileDescGZIP {
+	if v, ok := fileCache.Load(s); ok {
+		return v.(fileDescGZIP)
+	}
+
+	// Find the descriptor in the v2 registry.
+	var b []byte
+	if fd, _ := protoregistry.GlobalFiles.FindFileByPath(s); fd != nil {
+		b, _ = Marshal(protodesc.ToFileDescriptorProto(fd))
+	}
+
+	// Locally cache the raw descriptor form for the file.
+	if len(b) > 0 {
+		v, _ := fileCache.LoadOrStore(s, protoimpl.X.CompressGZIP(b))
+		return v.(fileDescGZIP)
+	}
+	return nil
+}
+
+// enumName is the name of an enum. For historical reasons, the enum name is
+// neither the full Go name nor the full protobuf name of the enum.
+// The name is the dot-separated combination of just the proto package that the
+// enum is declared within followed by the Go type name of the generated enum.
+type enumName = string // e.g., "my.proto.package.GoMessage_GoEnum"
+
+// enumsByName maps enum values by name to their numeric counterpart.
+type enumsByName = map[string]int32
+
+// enumsByNumber maps enum values by number to their name counterpart.
+type enumsByNumber = map[int32]string
+
+var enumCache sync.Map     // map[enumName]enumsByName
+var numFilesCache sync.Map // map[protoreflect.FullName]int
+
+// RegisterEnum is called from the generated code to register the mapping of
+// enum value names to enum numbers for the enum identified by s.
+//
+// Deprecated: Use protoregistry.GlobalTypes.RegisterEnum instead.
+func RegisterEnum(s enumName, _ enumsByNumber, m enumsByName) {
+	if _, ok := enumCache.Load(s); ok {
+		panic("proto: duplicate enum registered: " + s)
+	}
+	enumCache.Store(s, m)
+
+	// This does not forward registration to the v2 registry since this API
+	// lacks sufficient information to construct a complete v2 enum descriptor.
+}
+
+// EnumValueMap returns the mapping from enum value names to enum numbers for
+// the enum of the given name. It returns nil if not found.
+//
+// Deprecated: Use protoregistry.GlobalTypes.FindEnumByName instead.
+func EnumValueMap(s enumName) enumsByName {
+	if v, ok := enumCache.Load(s); ok {
+		return v.(enumsByName)
+	}
+
+	// Check whether the cache is stale. If the number of files in the current
+	// package differs, then it means that some enums may have been recently
+	// registered upstream that we do not know about.
+	var protoPkg protoreflect.FullName
+	if i := strings.LastIndexByte(s, '.'); i >= 0 {
+		protoPkg = protoreflect.FullName(s[:i])
+	}
+	v, _ := numFilesCache.Load(protoPkg)
+	numFiles, _ := v.(int)
+	if protoregistry.GlobalFiles.NumFilesByPackage(protoPkg) == numFiles {
+		return nil // cache is up-to-date; was not found earlier
+	}
+
+	// Update the enum cache for all enums declared in the given proto package.
+	numFiles = 0
+	protoregistry.GlobalFiles.RangeFilesByPackage(protoPkg, func(fd protoreflect.FileDescriptor) bool {
+		walkEnums(fd, func(ed protoreflect.EnumDescriptor) {
+			name := protoimpl.X.LegacyEnumName(ed)
+			if _, ok := enumCache.Load(name); !ok {
+				m := make(enumsByName)
+				evs := ed.Values()
+				for i := evs.Len() - 1; i >= 0; i-- {
+					ev := evs.Get(i)
+					m[string(ev.Name())] = int32(ev.Number())
+				}
+				enumCache.LoadOrStore(name, m)
+			}
+		})
+		numFiles++
+		return true
+	})
+	numFilesCache.Store(protoPkg, numFiles)
+
+	// Check cache again for enum map.
+	if v, ok := enumCache.Load(s); ok {
+		return v.(enumsByName)
+	}
+	return nil
+}
+
+// walkEnums recursively walks all enums declared in d.
+func walkEnums(d interface {
+	Enums() protoreflect.EnumDescriptors
+	Messages() protoreflect.MessageDescriptors
+}, f func(protoreflect.EnumDescriptor)) {
+	eds := d.Enums()
+	for i := eds.Len() - 1; i >= 0; i-- {
+		f(eds.Get(i))
+	}
+	mds := d.Messages()
+	for i := mds.Len() - 1; i >= 0; i-- {
+		walkEnums(mds.Get(i), f)
+	}
+}
+
+// messageName is the full name of protobuf message.
+type messageName = string
+
+var messageTypeCache sync.Map // map[messageName]reflect.Type
+
+// RegisterType is called from generated code to register the message Go type
+// for a message of the given name.
+//
+// Deprecated: Use protoregistry.GlobalTypes.RegisterMessage instead.
+func RegisterType(m Message, s messageName) {
+	mt := protoimpl.X.LegacyMessageTypeOf(m, protoreflect.FullName(s))
+	if err := protoregistry.GlobalTypes.RegisterMessage(mt); err != nil {
+		panic(err)
+	}
+	messageTypeCache.Store(s, reflect.TypeOf(m))
+}
+
+// RegisterMapType is called from generated code to register the Go map type
+// for a protobuf message representing a map entry.
+//
+// Deprecated: Do not use.
+func RegisterMapType(m interface{}, s messageName) {
+	t := reflect.TypeOf(m)
+	if t.Kind() != reflect.Map {
+		panic(fmt.Sprintf("invalid map kind: %v", t))
+	}
+	if _, ok := messageTypeCache.Load(s); ok {
+		panic(fmt.Errorf("proto: duplicate proto message registered: %s", s))
+	}
+	messageTypeCache.Store(s, t)
+}
+
+// MessageType returns the message type for a named message.
+// It returns nil if not found.
+//
+// Deprecated: Use protoregistry.GlobalTypes.FindMessageByName instead.
+func MessageType(s messageName) reflect.Type {
+	if v, ok := messageTypeCache.Load(s); ok {
+		return v.(reflect.Type)
+	}
+
+	// Derive the message type from the v2 registry.
+	var t reflect.Type
+	if mt, _ := protoregistry.GlobalTypes.FindMessageByName(protoreflect.FullName(s)); mt != nil {
+		t = messageGoType(mt)
+	}
+
+	// If we could not get a concrete type, it is possible that it is a
+	// pseudo-message for a map entry.
+	if t == nil {
+		d, _ := protoregistry.GlobalFiles.FindDescriptorByName(protoreflect.FullName(s))
+		if md, _ := d.(protoreflect.MessageDescriptor); md != nil && md.IsMapEntry() {
+			kt := goTypeForField(md.Fields().ByNumber(1))
+			vt := goTypeForField(md.Fields().ByNumber(2))
+			t = reflect.MapOf(kt, vt)
+		}
+	}
+
+	// Locally cache the message type for the given name.
+	if t != nil {
+		v, _ := messageTypeCache.LoadOrStore(s, t)
+		return v.(reflect.Type)
+	}
+	return nil
+}
+
+func goTypeForField(fd protoreflect.FieldDescriptor) reflect.Type {
+	switch k := fd.Kind(); k {
+	case protoreflect.EnumKind:
+		if et, _ := protoregistry.GlobalTypes.FindEnumByName(fd.Enum().FullName()); et != nil {
+			return enumGoType(et)
+		}
+		return reflect.TypeOf(protoreflect.EnumNumber(0))
+	case protoreflect.MessageKind, protoreflect.GroupKind:
+		if mt, _ := protoregistry.GlobalTypes.FindMessageByName(fd.Message().FullName()); mt != nil {
+			return messageGoType(mt)
+		}
+		return reflect.TypeOf((*protoreflect.Message)(nil)).Elem()
+	default:
+		return reflect.TypeOf(fd.Default().Interface())
+	}
+}
+
+func enumGoType(et protoreflect.EnumType) reflect.Type {
+	return reflect.TypeOf(et.New(0))
+}
+
+func messageGoType(mt protoreflect.MessageType) reflect.Type {
+	return reflect.TypeOf(MessageV1(mt.Zero().Interface()))
+}
+
+// MessageName returns the full protobuf name for the given message type.
+//
+// Deprecated: Use protoreflect.MessageDescriptor.FullName instead.
+func MessageName(m Message) messageName {
+	if m == nil {
+		return ""
+	}
+	if m, ok := m.(interface{ XXX_MessageName() messageName }); ok {
+		return m.XXX_MessageName()
+	}
+	return messageName(protoimpl.X.MessageDescriptorOf(m).FullName())
+}
+
+// RegisterExtension is called from the generated code to register
+// the extension descriptor.
+//
+// Deprecated: Use protoregistry.GlobalTypes.RegisterExtension instead.
+func RegisterExtension(d *ExtensionDesc) {
+	if err := protoregistry.GlobalTypes.RegisterExtension(d); err != nil {
+		panic(err)
+	}
+}
+
+type extensionsByNumber = map[int32]*ExtensionDesc
+
+var extensionCache sync.Map // map[messageName]extensionsByNumber
+
+// RegisteredExtensions returns a map of the registered extensions for the
+// provided protobuf message, indexed by the extension field number.
+//
+// Deprecated: Use protoregistry.GlobalTypes.RangeExtensionsByMessage instead.
+func RegisteredExtensions(m Message) extensionsByNumber {
+	// Check whether the cache is stale. If the number of extensions for
+	// the given message differs, then it means that some extensions were
+	// recently registered upstream that we do not know about.
+	s := MessageName(m)
+	v, _ := extensionCache.Load(s)
+	xs, _ := v.(extensionsByNumber)
+	if protoregistry.GlobalTypes.NumExtensionsByMessage(protoreflect.FullName(s)) == len(xs) {
+		return xs // cache is up-to-date
+	}
+
+	// Cache is stale, re-compute the extensions map.
+	xs = make(extensionsByNumber)
+	protoregistry.GlobalTypes.RangeExtensionsByMessage(protoreflect.FullName(s), func(xt protoreflect.ExtensionType) bool {
+		if xd, ok := xt.(*ExtensionDesc); ok {
+			xs[int32(xt.TypeDescriptor().Number())] = xd
+		} else {
+			// TODO: This implies that the protoreflect.ExtensionType is a
+			// custom type not generated by protoc-gen-go. We could try and
+			// convert the type to an ExtensionDesc.
+		}
+		return true
+	})
+	extensionCache.Store(s, xs)
+	return xs
+}
diff --git a/vendor/github.com/golang/protobuf/proto/table_marshal.go b/vendor/github.com/golang/protobuf/proto/table_marshal.go
deleted file mode 100644
index 5cb11fa95..000000000
--- a/vendor/github.com/golang/protobuf/proto/table_marshal.go
+++ /dev/null
@@ -1,2776 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2016 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-import (
-	"errors"
-	"fmt"
-	"math"
-	"reflect"
-	"sort"
-	"strconv"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"unicode/utf8"
-)
-
-// a sizer takes a pointer to a field and the size of its tag, computes the size of
-// the encoded data.
-type sizer func(pointer, int) int
-
-// a marshaler takes a byte slice, a pointer to a field, and its tag (in wire format),
-// marshals the field to the end of the slice, returns the slice and error (if any).
-type marshaler func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error)
-
-// marshalInfo is the information used for marshaling a message.
-type marshalInfo struct {
-	typ          reflect.Type
-	fields       []*marshalFieldInfo
-	unrecognized field                      // offset of XXX_unrecognized
-	extensions   field                      // offset of XXX_InternalExtensions
-	v1extensions field                      // offset of XXX_extensions
-	sizecache    field                      // offset of XXX_sizecache
-	initialized  int32                      // 0 -- only typ is set, 1 -- fully initialized
-	messageset   bool                       // uses message set wire format
-	hasmarshaler bool                       // has custom marshaler
-	sync.RWMutex                            // protect extElems map, also for initialization
-	extElems     map[int32]*marshalElemInfo // info of extension elements
-}
-
-// marshalFieldInfo is the information used for marshaling a field of a message.
-type marshalFieldInfo struct {
-	field      field
-	wiretag    uint64 // tag in wire format
-	tagsize    int    // size of tag in wire format
-	sizer      sizer
-	marshaler  marshaler
-	isPointer  bool
-	required   bool                              // field is required
-	name       string                            // name of the field, for error reporting
-	oneofElems map[reflect.Type]*marshalElemInfo // info of oneof elements
-}
-
-// marshalElemInfo is the information used for marshaling an extension or oneof element.
-type marshalElemInfo struct {
-	wiretag   uint64 // tag in wire format
-	tagsize   int    // size of tag in wire format
-	sizer     sizer
-	marshaler marshaler
-	isptr     bool // elem is pointer typed, thus interface of this type is a direct interface (extension only)
-	deref     bool // dereference the pointer before operating on it; implies isptr
-}
-
-var (
-	marshalInfoMap  = map[reflect.Type]*marshalInfo{}
-	marshalInfoLock sync.Mutex
-)
-
-// getMarshalInfo returns the information to marshal a given type of message.
-// The info it returns may not necessarily initialized.
-// t is the type of the message (NOT the pointer to it).
-func getMarshalInfo(t reflect.Type) *marshalInfo {
-	marshalInfoLock.Lock()
-	u, ok := marshalInfoMap[t]
-	if !ok {
-		u = &marshalInfo{typ: t}
-		marshalInfoMap[t] = u
-	}
-	marshalInfoLock.Unlock()
-	return u
-}
-
-// Size is the entry point from generated code,
-// and should be ONLY called by generated code.
-// It computes the size of encoded data of msg.
-// a is a pointer to a place to store cached marshal info.
-func (a *InternalMessageInfo) Size(msg Message) int {
-	u := getMessageMarshalInfo(msg, a)
-	ptr := toPointer(&msg)
-	if ptr.isNil() {
-		// We get here if msg is a typed nil ((*SomeMessage)(nil)),
-		// so it satisfies the interface, and msg == nil wouldn't
-		// catch it. We don't want crash in this case.
-		return 0
-	}
-	return u.size(ptr)
-}
-
-// Marshal is the entry point from generated code,
-// and should be ONLY called by generated code.
-// It marshals msg to the end of b.
-// a is a pointer to a place to store cached marshal info.
-func (a *InternalMessageInfo) Marshal(b []byte, msg Message, deterministic bool) ([]byte, error) {
-	u := getMessageMarshalInfo(msg, a)
-	ptr := toPointer(&msg)
-	if ptr.isNil() {
-		// We get here if msg is a typed nil ((*SomeMessage)(nil)),
-		// so it satisfies the interface, and msg == nil wouldn't
-		// catch it. We don't want crash in this case.
-		return b, ErrNil
-	}
-	return u.marshal(b, ptr, deterministic)
-}
-
-func getMessageMarshalInfo(msg interface{}, a *InternalMessageInfo) *marshalInfo {
-	// u := a.marshal, but atomically.
-	// We use an atomic here to ensure memory consistency.
-	u := atomicLoadMarshalInfo(&a.marshal)
-	if u == nil {
-		// Get marshal information from type of message.
-		t := reflect.ValueOf(msg).Type()
-		if t.Kind() != reflect.Ptr {
-			panic(fmt.Sprintf("cannot handle non-pointer message type %v", t))
-		}
-		u = getMarshalInfo(t.Elem())
-		// Store it in the cache for later users.
-		// a.marshal = u, but atomically.
-		atomicStoreMarshalInfo(&a.marshal, u)
-	}
-	return u
-}
-
-// size is the main function to compute the size of the encoded data of a message.
-// ptr is the pointer to the message.
-func (u *marshalInfo) size(ptr pointer) int {
-	if atomic.LoadInt32(&u.initialized) == 0 {
-		u.computeMarshalInfo()
-	}
-
-	// If the message can marshal itself, let it do it, for compatibility.
-	// NOTE: This is not efficient.
-	if u.hasmarshaler {
-		m := ptr.asPointerTo(u.typ).Interface().(Marshaler)
-		b, _ := m.Marshal()
-		return len(b)
-	}
-
-	n := 0
-	for _, f := range u.fields {
-		if f.isPointer && ptr.offset(f.field).getPointer().isNil() {
-			// nil pointer always marshals to nothing
-			continue
-		}
-		n += f.sizer(ptr.offset(f.field), f.tagsize)
-	}
-	if u.extensions.IsValid() {
-		e := ptr.offset(u.extensions).toExtensions()
-		if u.messageset {
-			n += u.sizeMessageSet(e)
-		} else {
-			n += u.sizeExtensions(e)
-		}
-	}
-	if u.v1extensions.IsValid() {
-		m := *ptr.offset(u.v1extensions).toOldExtensions()
-		n += u.sizeV1Extensions(m)
-	}
-	if u.unrecognized.IsValid() {
-		s := *ptr.offset(u.unrecognized).toBytes()
-		n += len(s)
-	}
-	// cache the result for use in marshal
-	if u.sizecache.IsValid() {
-		atomic.StoreInt32(ptr.offset(u.sizecache).toInt32(), int32(n))
-	}
-	return n
-}
-
-// cachedsize gets the size from cache. If there is no cache (i.e. message is not generated),
-// fall back to compute the size.
-func (u *marshalInfo) cachedsize(ptr pointer) int {
-	if u.sizecache.IsValid() {
-		return int(atomic.LoadInt32(ptr.offset(u.sizecache).toInt32()))
-	}
-	return u.size(ptr)
-}
-
-// marshal is the main function to marshal a message. It takes a byte slice and appends
-// the encoded data to the end of the slice, returns the slice and error (if any).
-// ptr is the pointer to the message.
-// If deterministic is true, map is marshaled in deterministic order.
-func (u *marshalInfo) marshal(b []byte, ptr pointer, deterministic bool) ([]byte, error) {
-	if atomic.LoadInt32(&u.initialized) == 0 {
-		u.computeMarshalInfo()
-	}
-
-	// If the message can marshal itself, let it do it, for compatibility.
-	// NOTE: This is not efficient.
-	if u.hasmarshaler {
-		m := ptr.asPointerTo(u.typ).Interface().(Marshaler)
-		b1, err := m.Marshal()
-		b = append(b, b1...)
-		return b, err
-	}
-
-	var err, errLater error
-	// The old marshaler encodes extensions at beginning.
-	if u.extensions.IsValid() {
-		e := ptr.offset(u.extensions).toExtensions()
-		if u.messageset {
-			b, err = u.appendMessageSet(b, e, deterministic)
-		} else {
-			b, err = u.appendExtensions(b, e, deterministic)
-		}
-		if err != nil {
-			return b, err
-		}
-	}
-	if u.v1extensions.IsValid() {
-		m := *ptr.offset(u.v1extensions).toOldExtensions()
-		b, err = u.appendV1Extensions(b, m, deterministic)
-		if err != nil {
-			return b, err
-		}
-	}
-	for _, f := range u.fields {
-		if f.required {
-			if ptr.offset(f.field).getPointer().isNil() {
-				// Required field is not set.
-				// We record the error but keep going, to give a complete marshaling.
-				if errLater == nil {
-					errLater = &RequiredNotSetError{f.name}
-				}
-				continue
-			}
-		}
-		if f.isPointer && ptr.offset(f.field).getPointer().isNil() {
-			// nil pointer always marshals to nothing
-			continue
-		}
-		b, err = f.marshaler(b, ptr.offset(f.field), f.wiretag, deterministic)
-		if err != nil {
-			if err1, ok := err.(*RequiredNotSetError); ok {
-				// Required field in submessage is not set.
-				// We record the error but keep going, to give a complete marshaling.
-				if errLater == nil {
-					errLater = &RequiredNotSetError{f.name + "." + err1.field}
-				}
-				continue
-			}
-			if err == errRepeatedHasNil {
-				err = errors.New("proto: repeated field " + f.name + " has nil element")
-			}
-			if err == errInvalidUTF8 {
-				if errLater == nil {
-					fullName := revProtoTypes[reflect.PtrTo(u.typ)] + "." + f.name
-					errLater = &invalidUTF8Error{fullName}
-				}
-				continue
-			}
-			return b, err
-		}
-	}
-	if u.unrecognized.IsValid() {
-		s := *ptr.offset(u.unrecognized).toBytes()
-		b = append(b, s...)
-	}
-	return b, errLater
-}
-
-// computeMarshalInfo initializes the marshal info.
-func (u *marshalInfo) computeMarshalInfo() {
-	u.Lock()
-	defer u.Unlock()
-	if u.initialized != 0 { // non-atomic read is ok as it is protected by the lock
-		return
-	}
-
-	t := u.typ
-	u.unrecognized = invalidField
-	u.extensions = invalidField
-	u.v1extensions = invalidField
-	u.sizecache = invalidField
-
-	// If the message can marshal itself, let it do it, for compatibility.
-	// NOTE: This is not efficient.
-	if reflect.PtrTo(t).Implements(marshalerType) {
-		u.hasmarshaler = true
-		atomic.StoreInt32(&u.initialized, 1)
-		return
-	}
-
-	// get oneof implementers
-	var oneofImplementers []interface{}
-	switch m := reflect.Zero(reflect.PtrTo(t)).Interface().(type) {
-	case oneofFuncsIface:
-		_, _, _, oneofImplementers = m.XXX_OneofFuncs()
-	case oneofWrappersIface:
-		oneofImplementers = m.XXX_OneofWrappers()
-	}
-
-	n := t.NumField()
-
-	// deal with XXX fields first
-	for i := 0; i < t.NumField(); i++ {
-		f := t.Field(i)
-		if !strings.HasPrefix(f.Name, "XXX_") {
-			continue
-		}
-		switch f.Name {
-		case "XXX_sizecache":
-			u.sizecache = toField(&f)
-		case "XXX_unrecognized":
-			u.unrecognized = toField(&f)
-		case "XXX_InternalExtensions":
-			u.extensions = toField(&f)
-			u.messageset = f.Tag.Get("protobuf_messageset") == "1"
-		case "XXX_extensions":
-			u.v1extensions = toField(&f)
-		case "XXX_NoUnkeyedLiteral":
-			// nothing to do
-		default:
-			panic("unknown XXX field: " + f.Name)
-		}
-		n--
-	}
-
-	// normal fields
-	fields := make([]marshalFieldInfo, n) // batch allocation
-	u.fields = make([]*marshalFieldInfo, 0, n)
-	for i, j := 0, 0; i < t.NumField(); i++ {
-		f := t.Field(i)
-
-		if strings.HasPrefix(f.Name, "XXX_") {
-			continue
-		}
-		field := &fields[j]
-		j++
-		field.name = f.Name
-		u.fields = append(u.fields, field)
-		if f.Tag.Get("protobuf_oneof") != "" {
-			field.computeOneofFieldInfo(&f, oneofImplementers)
-			continue
-		}
-		if f.Tag.Get("protobuf") == "" {
-			// field has no tag (not in generated message), ignore it
-			u.fields = u.fields[:len(u.fields)-1]
-			j--
-			continue
-		}
-		field.computeMarshalFieldInfo(&f)
-	}
-
-	// fields are marshaled in tag order on the wire.
-	sort.Sort(byTag(u.fields))
-
-	atomic.StoreInt32(&u.initialized, 1)
-}
-
-// helper for sorting fields by tag
-type byTag []*marshalFieldInfo
-
-func (a byTag) Len() int           { return len(a) }
-func (a byTag) Swap(i, j int)      { a[i], a[j] = a[j], a[i] }
-func (a byTag) Less(i, j int) bool { return a[i].wiretag < a[j].wiretag }
-
-// getExtElemInfo returns the information to marshal an extension element.
-// The info it returns is initialized.
-func (u *marshalInfo) getExtElemInfo(desc *ExtensionDesc) *marshalElemInfo {
-	// get from cache first
-	u.RLock()
-	e, ok := u.extElems[desc.Field]
-	u.RUnlock()
-	if ok {
-		return e
-	}
-
-	t := reflect.TypeOf(desc.ExtensionType) // pointer or slice to basic type or struct
-	tags := strings.Split(desc.Tag, ",")
-	tag, err := strconv.Atoi(tags[1])
-	if err != nil {
-		panic("tag is not an integer")
-	}
-	wt := wiretype(tags[0])
-	if t.Kind() == reflect.Ptr && t.Elem().Kind() != reflect.Struct {
-		t = t.Elem()
-	}
-	sizer, marshaler := typeMarshaler(t, tags, false, false)
-	var deref bool
-	if t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8 {
-		t = reflect.PtrTo(t)
-		deref = true
-	}
-	e = &marshalElemInfo{
-		wiretag:   uint64(tag)<<3 | wt,
-		tagsize:   SizeVarint(uint64(tag) << 3),
-		sizer:     sizer,
-		marshaler: marshaler,
-		isptr:     t.Kind() == reflect.Ptr,
-		deref:     deref,
-	}
-
-	// update cache
-	u.Lock()
-	if u.extElems == nil {
-		u.extElems = make(map[int32]*marshalElemInfo)
-	}
-	u.extElems[desc.Field] = e
-	u.Unlock()
-	return e
-}
-
-// computeMarshalFieldInfo fills up the information to marshal a field.
-func (fi *marshalFieldInfo) computeMarshalFieldInfo(f *reflect.StructField) {
-	// parse protobuf tag of the field.
-	// tag has format of "bytes,49,opt,name=foo,def=hello!"
-	tags := strings.Split(f.Tag.Get("protobuf"), ",")
-	if tags[0] == "" {
-		return
-	}
-	tag, err := strconv.Atoi(tags[1])
-	if err != nil {
-		panic("tag is not an integer")
-	}
-	wt := wiretype(tags[0])
-	if tags[2] == "req" {
-		fi.required = true
-	}
-	fi.setTag(f, tag, wt)
-	fi.setMarshaler(f, tags)
-}
-
-func (fi *marshalFieldInfo) computeOneofFieldInfo(f *reflect.StructField, oneofImplementers []interface{}) {
-	fi.field = toField(f)
-	fi.wiretag = math.MaxInt32 // Use a large tag number, make oneofs sorted at the end. This tag will not appear on the wire.
-	fi.isPointer = true
-	fi.sizer, fi.marshaler = makeOneOfMarshaler(fi, f)
-	fi.oneofElems = make(map[reflect.Type]*marshalElemInfo)
-
-	ityp := f.Type // interface type
-	for _, o := range oneofImplementers {
-		t := reflect.TypeOf(o)
-		if !t.Implements(ityp) {
-			continue
-		}
-		sf := t.Elem().Field(0) // oneof implementer is a struct with a single field
-		tags := strings.Split(sf.Tag.Get("protobuf"), ",")
-		tag, err := strconv.Atoi(tags[1])
-		if err != nil {
-			panic("tag is not an integer")
-		}
-		wt := wiretype(tags[0])
-		sizer, marshaler := typeMarshaler(sf.Type, tags, false, true) // oneof should not omit any zero value
-		fi.oneofElems[t.Elem()] = &marshalElemInfo{
-			wiretag:   uint64(tag)<<3 | wt,
-			tagsize:   SizeVarint(uint64(tag) << 3),
-			sizer:     sizer,
-			marshaler: marshaler,
-		}
-	}
-}
-
-// wiretype returns the wire encoding of the type.
-func wiretype(encoding string) uint64 {
-	switch encoding {
-	case "fixed32":
-		return WireFixed32
-	case "fixed64":
-		return WireFixed64
-	case "varint", "zigzag32", "zigzag64":
-		return WireVarint
-	case "bytes":
-		return WireBytes
-	case "group":
-		return WireStartGroup
-	}
-	panic("unknown wire type " + encoding)
-}
-
-// setTag fills up the tag (in wire format) and its size in the info of a field.
-func (fi *marshalFieldInfo) setTag(f *reflect.StructField, tag int, wt uint64) {
-	fi.field = toField(f)
-	fi.wiretag = uint64(tag)<<3 | wt
-	fi.tagsize = SizeVarint(uint64(tag) << 3)
-}
-
-// setMarshaler fills up the sizer and marshaler in the info of a field.
-func (fi *marshalFieldInfo) setMarshaler(f *reflect.StructField, tags []string) {
-	switch f.Type.Kind() {
-	case reflect.Map:
-		// map field
-		fi.isPointer = true
-		fi.sizer, fi.marshaler = makeMapMarshaler(f)
-		return
-	case reflect.Ptr, reflect.Slice:
-		fi.isPointer = true
-	}
-	fi.sizer, fi.marshaler = typeMarshaler(f.Type, tags, true, false)
-}
-
-// typeMarshaler returns the sizer and marshaler of a given field.
-// t is the type of the field.
-// tags is the generated "protobuf" tag of the field.
-// If nozero is true, zero value is not marshaled to the wire.
-// If oneof is true, it is a oneof field.
-func typeMarshaler(t reflect.Type, tags []string, nozero, oneof bool) (sizer, marshaler) {
-	encoding := tags[0]
-
-	pointer := false
-	slice := false
-	if t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8 {
-		slice = true
-		t = t.Elem()
-	}
-	if t.Kind() == reflect.Ptr {
-		pointer = true
-		t = t.Elem()
-	}
-
-	packed := false
-	proto3 := false
-	validateUTF8 := true
-	for i := 2; i < len(tags); i++ {
-		if tags[i] == "packed" {
-			packed = true
-		}
-		if tags[i] == "proto3" {
-			proto3 = true
-		}
-	}
-	validateUTF8 = validateUTF8 && proto3
-
-	switch t.Kind() {
-	case reflect.Bool:
-		if pointer {
-			return sizeBoolPtr, appendBoolPtr
-		}
-		if slice {
-			if packed {
-				return sizeBoolPackedSlice, appendBoolPackedSlice
-			}
-			return sizeBoolSlice, appendBoolSlice
-		}
-		if nozero {
-			return sizeBoolValueNoZero, appendBoolValueNoZero
-		}
-		return sizeBoolValue, appendBoolValue
-	case reflect.Uint32:
-		switch encoding {
-		case "fixed32":
-			if pointer {
-				return sizeFixed32Ptr, appendFixed32Ptr
-			}
-			if slice {
-				if packed {
-					return sizeFixed32PackedSlice, appendFixed32PackedSlice
-				}
-				return sizeFixed32Slice, appendFixed32Slice
-			}
-			if nozero {
-				return sizeFixed32ValueNoZero, appendFixed32ValueNoZero
-			}
-			return sizeFixed32Value, appendFixed32Value
-		case "varint":
-			if pointer {
-				return sizeVarint32Ptr, appendVarint32Ptr
-			}
-			if slice {
-				if packed {
-					return sizeVarint32PackedSlice, appendVarint32PackedSlice
-				}
-				return sizeVarint32Slice, appendVarint32Slice
-			}
-			if nozero {
-				return sizeVarint32ValueNoZero, appendVarint32ValueNoZero
-			}
-			return sizeVarint32Value, appendVarint32Value
-		}
-	case reflect.Int32:
-		switch encoding {
-		case "fixed32":
-			if pointer {
-				return sizeFixedS32Ptr, appendFixedS32Ptr
-			}
-			if slice {
-				if packed {
-					return sizeFixedS32PackedSlice, appendFixedS32PackedSlice
-				}
-				return sizeFixedS32Slice, appendFixedS32Slice
-			}
-			if nozero {
-				return sizeFixedS32ValueNoZero, appendFixedS32ValueNoZero
-			}
-			return sizeFixedS32Value, appendFixedS32Value
-		case "varint":
-			if pointer {
-				return sizeVarintS32Ptr, appendVarintS32Ptr
-			}
-			if slice {
-				if packed {
-					return sizeVarintS32PackedSlice, appendVarintS32PackedSlice
-				}
-				return sizeVarintS32Slice, appendVarintS32Slice
-			}
-			if nozero {
-				return sizeVarintS32ValueNoZero, appendVarintS32ValueNoZero
-			}
-			return sizeVarintS32Value, appendVarintS32Value
-		case "zigzag32":
-			if pointer {
-				return sizeZigzag32Ptr, appendZigzag32Ptr
-			}
-			if slice {
-				if packed {
-					return sizeZigzag32PackedSlice, appendZigzag32PackedSlice
-				}
-				return sizeZigzag32Slice, appendZigzag32Slice
-			}
-			if nozero {
-				return sizeZigzag32ValueNoZero, appendZigzag32ValueNoZero
-			}
-			return sizeZigzag32Value, appendZigzag32Value
-		}
-	case reflect.Uint64:
-		switch encoding {
-		case "fixed64":
-			if pointer {
-				return sizeFixed64Ptr, appendFixed64Ptr
-			}
-			if slice {
-				if packed {
-					return sizeFixed64PackedSlice, appendFixed64PackedSlice
-				}
-				return sizeFixed64Slice, appendFixed64Slice
-			}
-			if nozero {
-				return sizeFixed64ValueNoZero, appendFixed64ValueNoZero
-			}
-			return sizeFixed64Value, appendFixed64Value
-		case "varint":
-			if pointer {
-				return sizeVarint64Ptr, appendVarint64Ptr
-			}
-			if slice {
-				if packed {
-					return sizeVarint64PackedSlice, appendVarint64PackedSlice
-				}
-				return sizeVarint64Slice, appendVarint64Slice
-			}
-			if nozero {
-				return sizeVarint64ValueNoZero, appendVarint64ValueNoZero
-			}
-			return sizeVarint64Value, appendVarint64Value
-		}
-	case reflect.Int64:
-		switch encoding {
-		case "fixed64":
-			if pointer {
-				return sizeFixedS64Ptr, appendFixedS64Ptr
-			}
-			if slice {
-				if packed {
-					return sizeFixedS64PackedSlice, appendFixedS64PackedSlice
-				}
-				return sizeFixedS64Slice, appendFixedS64Slice
-			}
-			if nozero {
-				return sizeFixedS64ValueNoZero, appendFixedS64ValueNoZero
-			}
-			return sizeFixedS64Value, appendFixedS64Value
-		case "varint":
-			if pointer {
-				return sizeVarintS64Ptr, appendVarintS64Ptr
-			}
-			if slice {
-				if packed {
-					return sizeVarintS64PackedSlice, appendVarintS64PackedSlice
-				}
-				return sizeVarintS64Slice, appendVarintS64Slice
-			}
-			if nozero {
-				return sizeVarintS64ValueNoZero, appendVarintS64ValueNoZero
-			}
-			return sizeVarintS64Value, appendVarintS64Value
-		case "zigzag64":
-			if pointer {
-				return sizeZigzag64Ptr, appendZigzag64Ptr
-			}
-			if slice {
-				if packed {
-					return sizeZigzag64PackedSlice, appendZigzag64PackedSlice
-				}
-				return sizeZigzag64Slice, appendZigzag64Slice
-			}
-			if nozero {
-				return sizeZigzag64ValueNoZero, appendZigzag64ValueNoZero
-			}
-			return sizeZigzag64Value, appendZigzag64Value
-		}
-	case reflect.Float32:
-		if pointer {
-			return sizeFloat32Ptr, appendFloat32Ptr
-		}
-		if slice {
-			if packed {
-				return sizeFloat32PackedSlice, appendFloat32PackedSlice
-			}
-			return sizeFloat32Slice, appendFloat32Slice
-		}
-		if nozero {
-			return sizeFloat32ValueNoZero, appendFloat32ValueNoZero
-		}
-		return sizeFloat32Value, appendFloat32Value
-	case reflect.Float64:
-		if pointer {
-			return sizeFloat64Ptr, appendFloat64Ptr
-		}
-		if slice {
-			if packed {
-				return sizeFloat64PackedSlice, appendFloat64PackedSlice
-			}
-			return sizeFloat64Slice, appendFloat64Slice
-		}
-		if nozero {
-			return sizeFloat64ValueNoZero, appendFloat64ValueNoZero
-		}
-		return sizeFloat64Value, appendFloat64Value
-	case reflect.String:
-		if validateUTF8 {
-			if pointer {
-				return sizeStringPtr, appendUTF8StringPtr
-			}
-			if slice {
-				return sizeStringSlice, appendUTF8StringSlice
-			}
-			if nozero {
-				return sizeStringValueNoZero, appendUTF8StringValueNoZero
-			}
-			return sizeStringValue, appendUTF8StringValue
-		}
-		if pointer {
-			return sizeStringPtr, appendStringPtr
-		}
-		if slice {
-			return sizeStringSlice, appendStringSlice
-		}
-		if nozero {
-			return sizeStringValueNoZero, appendStringValueNoZero
-		}
-		return sizeStringValue, appendStringValue
-	case reflect.Slice:
-		if slice {
-			return sizeBytesSlice, appendBytesSlice
-		}
-		if oneof {
-			// Oneof bytes field may also have "proto3" tag.
-			// We want to marshal it as a oneof field. Do this
-			// check before the proto3 check.
-			return sizeBytesOneof, appendBytesOneof
-		}
-		if proto3 {
-			return sizeBytes3, appendBytes3
-		}
-		return sizeBytes, appendBytes
-	case reflect.Struct:
-		switch encoding {
-		case "group":
-			if slice {
-				return makeGroupSliceMarshaler(getMarshalInfo(t))
-			}
-			return makeGroupMarshaler(getMarshalInfo(t))
-		case "bytes":
-			if slice {
-				return makeMessageSliceMarshaler(getMarshalInfo(t))
-			}
-			return makeMessageMarshaler(getMarshalInfo(t))
-		}
-	}
-	panic(fmt.Sprintf("unknown or mismatched type: type: %v, wire type: %v", t, encoding))
-}
-
-// Below are functions to size/marshal a specific type of a field.
-// They are stored in the field's info, and called by function pointers.
-// They have type sizer or marshaler.
-
-func sizeFixed32Value(_ pointer, tagsize int) int {
-	return 4 + tagsize
-}
-func sizeFixed32ValueNoZero(ptr pointer, tagsize int) int {
-	v := *ptr.toUint32()
-	if v == 0 {
-		return 0
-	}
-	return 4 + tagsize
-}
-func sizeFixed32Ptr(ptr pointer, tagsize int) int {
-	p := *ptr.toUint32Ptr()
-	if p == nil {
-		return 0
-	}
-	return 4 + tagsize
-}
-func sizeFixed32Slice(ptr pointer, tagsize int) int {
-	s := *ptr.toUint32Slice()
-	return (4 + tagsize) * len(s)
-}
-func sizeFixed32PackedSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toUint32Slice()
-	if len(s) == 0 {
-		return 0
-	}
-	return 4*len(s) + SizeVarint(uint64(4*len(s))) + tagsize
-}
-func sizeFixedS32Value(_ pointer, tagsize int) int {
-	return 4 + tagsize
-}
-func sizeFixedS32ValueNoZero(ptr pointer, tagsize int) int {
-	v := *ptr.toInt32()
-	if v == 0 {
-		return 0
-	}
-	return 4 + tagsize
-}
-func sizeFixedS32Ptr(ptr pointer, tagsize int) int {
-	p := ptr.getInt32Ptr()
-	if p == nil {
-		return 0
-	}
-	return 4 + tagsize
-}
-func sizeFixedS32Slice(ptr pointer, tagsize int) int {
-	s := ptr.getInt32Slice()
-	return (4 + tagsize) * len(s)
-}
-func sizeFixedS32PackedSlice(ptr pointer, tagsize int) int {
-	s := ptr.getInt32Slice()
-	if len(s) == 0 {
-		return 0
-	}
-	return 4*len(s) + SizeVarint(uint64(4*len(s))) + tagsize
-}
-func sizeFloat32Value(_ pointer, tagsize int) int {
-	return 4 + tagsize
-}
-func sizeFloat32ValueNoZero(ptr pointer, tagsize int) int {
-	v := math.Float32bits(*ptr.toFloat32())
-	if v == 0 {
-		return 0
-	}
-	return 4 + tagsize
-}
-func sizeFloat32Ptr(ptr pointer, tagsize int) int {
-	p := *ptr.toFloat32Ptr()
-	if p == nil {
-		return 0
-	}
-	return 4 + tagsize
-}
-func sizeFloat32Slice(ptr pointer, tagsize int) int {
-	s := *ptr.toFloat32Slice()
-	return (4 + tagsize) * len(s)
-}
-func sizeFloat32PackedSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toFloat32Slice()
-	if len(s) == 0 {
-		return 0
-	}
-	return 4*len(s) + SizeVarint(uint64(4*len(s))) + tagsize
-}
-func sizeFixed64Value(_ pointer, tagsize int) int {
-	return 8 + tagsize
-}
-func sizeFixed64ValueNoZero(ptr pointer, tagsize int) int {
-	v := *ptr.toUint64()
-	if v == 0 {
-		return 0
-	}
-	return 8 + tagsize
-}
-func sizeFixed64Ptr(ptr pointer, tagsize int) int {
-	p := *ptr.toUint64Ptr()
-	if p == nil {
-		return 0
-	}
-	return 8 + tagsize
-}
-func sizeFixed64Slice(ptr pointer, tagsize int) int {
-	s := *ptr.toUint64Slice()
-	return (8 + tagsize) * len(s)
-}
-func sizeFixed64PackedSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toUint64Slice()
-	if len(s) == 0 {
-		return 0
-	}
-	return 8*len(s) + SizeVarint(uint64(8*len(s))) + tagsize
-}
-func sizeFixedS64Value(_ pointer, tagsize int) int {
-	return 8 + tagsize
-}
-func sizeFixedS64ValueNoZero(ptr pointer, tagsize int) int {
-	v := *ptr.toInt64()
-	if v == 0 {
-		return 0
-	}
-	return 8 + tagsize
-}
-func sizeFixedS64Ptr(ptr pointer, tagsize int) int {
-	p := *ptr.toInt64Ptr()
-	if p == nil {
-		return 0
-	}
-	return 8 + tagsize
-}
-func sizeFixedS64Slice(ptr pointer, tagsize int) int {
-	s := *ptr.toInt64Slice()
-	return (8 + tagsize) * len(s)
-}
-func sizeFixedS64PackedSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toInt64Slice()
-	if len(s) == 0 {
-		return 0
-	}
-	return 8*len(s) + SizeVarint(uint64(8*len(s))) + tagsize
-}
-func sizeFloat64Value(_ pointer, tagsize int) int {
-	return 8 + tagsize
-}
-func sizeFloat64ValueNoZero(ptr pointer, tagsize int) int {
-	v := math.Float64bits(*ptr.toFloat64())
-	if v == 0 {
-		return 0
-	}
-	return 8 + tagsize
-}
-func sizeFloat64Ptr(ptr pointer, tagsize int) int {
-	p := *ptr.toFloat64Ptr()
-	if p == nil {
-		return 0
-	}
-	return 8 + tagsize
-}
-func sizeFloat64Slice(ptr pointer, tagsize int) int {
-	s := *ptr.toFloat64Slice()
-	return (8 + tagsize) * len(s)
-}
-func sizeFloat64PackedSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toFloat64Slice()
-	if len(s) == 0 {
-		return 0
-	}
-	return 8*len(s) + SizeVarint(uint64(8*len(s))) + tagsize
-}
-func sizeVarint32Value(ptr pointer, tagsize int) int {
-	v := *ptr.toUint32()
-	return SizeVarint(uint64(v)) + tagsize
-}
-func sizeVarint32ValueNoZero(ptr pointer, tagsize int) int {
-	v := *ptr.toUint32()
-	if v == 0 {
-		return 0
-	}
-	return SizeVarint(uint64(v)) + tagsize
-}
-func sizeVarint32Ptr(ptr pointer, tagsize int) int {
-	p := *ptr.toUint32Ptr()
-	if p == nil {
-		return 0
-	}
-	return SizeVarint(uint64(*p)) + tagsize
-}
-func sizeVarint32Slice(ptr pointer, tagsize int) int {
-	s := *ptr.toUint32Slice()
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64(v)) + tagsize
-	}
-	return n
-}
-func sizeVarint32PackedSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toUint32Slice()
-	if len(s) == 0 {
-		return 0
-	}
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64(v))
-	}
-	return n + SizeVarint(uint64(n)) + tagsize
-}
-func sizeVarintS32Value(ptr pointer, tagsize int) int {
-	v := *ptr.toInt32()
-	return SizeVarint(uint64(v)) + tagsize
-}
-func sizeVarintS32ValueNoZero(ptr pointer, tagsize int) int {
-	v := *ptr.toInt32()
-	if v == 0 {
-		return 0
-	}
-	return SizeVarint(uint64(v)) + tagsize
-}
-func sizeVarintS32Ptr(ptr pointer, tagsize int) int {
-	p := ptr.getInt32Ptr()
-	if p == nil {
-		return 0
-	}
-	return SizeVarint(uint64(*p)) + tagsize
-}
-func sizeVarintS32Slice(ptr pointer, tagsize int) int {
-	s := ptr.getInt32Slice()
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64(v)) + tagsize
-	}
-	return n
-}
-func sizeVarintS32PackedSlice(ptr pointer, tagsize int) int {
-	s := ptr.getInt32Slice()
-	if len(s) == 0 {
-		return 0
-	}
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64(v))
-	}
-	return n + SizeVarint(uint64(n)) + tagsize
-}
-func sizeVarint64Value(ptr pointer, tagsize int) int {
-	v := *ptr.toUint64()
-	return SizeVarint(v) + tagsize
-}
-func sizeVarint64ValueNoZero(ptr pointer, tagsize int) int {
-	v := *ptr.toUint64()
-	if v == 0 {
-		return 0
-	}
-	return SizeVarint(v) + tagsize
-}
-func sizeVarint64Ptr(ptr pointer, tagsize int) int {
-	p := *ptr.toUint64Ptr()
-	if p == nil {
-		return 0
-	}
-	return SizeVarint(*p) + tagsize
-}
-func sizeVarint64Slice(ptr pointer, tagsize int) int {
-	s := *ptr.toUint64Slice()
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(v) + tagsize
-	}
-	return n
-}
-func sizeVarint64PackedSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toUint64Slice()
-	if len(s) == 0 {
-		return 0
-	}
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(v)
-	}
-	return n + SizeVarint(uint64(n)) + tagsize
-}
-func sizeVarintS64Value(ptr pointer, tagsize int) int {
-	v := *ptr.toInt64()
-	return SizeVarint(uint64(v)) + tagsize
-}
-func sizeVarintS64ValueNoZero(ptr pointer, tagsize int) int {
-	v := *ptr.toInt64()
-	if v == 0 {
-		return 0
-	}
-	return SizeVarint(uint64(v)) + tagsize
-}
-func sizeVarintS64Ptr(ptr pointer, tagsize int) int {
-	p := *ptr.toInt64Ptr()
-	if p == nil {
-		return 0
-	}
-	return SizeVarint(uint64(*p)) + tagsize
-}
-func sizeVarintS64Slice(ptr pointer, tagsize int) int {
-	s := *ptr.toInt64Slice()
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64(v)) + tagsize
-	}
-	return n
-}
-func sizeVarintS64PackedSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toInt64Slice()
-	if len(s) == 0 {
-		return 0
-	}
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64(v))
-	}
-	return n + SizeVarint(uint64(n)) + tagsize
-}
-func sizeZigzag32Value(ptr pointer, tagsize int) int {
-	v := *ptr.toInt32()
-	return SizeVarint(uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + tagsize
-}
-func sizeZigzag32ValueNoZero(ptr pointer, tagsize int) int {
-	v := *ptr.toInt32()
-	if v == 0 {
-		return 0
-	}
-	return SizeVarint(uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + tagsize
-}
-func sizeZigzag32Ptr(ptr pointer, tagsize int) int {
-	p := ptr.getInt32Ptr()
-	if p == nil {
-		return 0
-	}
-	v := *p
-	return SizeVarint(uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + tagsize
-}
-func sizeZigzag32Slice(ptr pointer, tagsize int) int {
-	s := ptr.getInt32Slice()
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64((uint32(v)<<1)^uint32((int32(v)>>31)))) + tagsize
-	}
-	return n
-}
-func sizeZigzag32PackedSlice(ptr pointer, tagsize int) int {
-	s := ptr.getInt32Slice()
-	if len(s) == 0 {
-		return 0
-	}
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64((uint32(v) << 1) ^ uint32((int32(v) >> 31))))
-	}
-	return n + SizeVarint(uint64(n)) + tagsize
-}
-func sizeZigzag64Value(ptr pointer, tagsize int) int {
-	v := *ptr.toInt64()
-	return SizeVarint(uint64(v<<1)^uint64((int64(v)>>63))) + tagsize
-}
-func sizeZigzag64ValueNoZero(ptr pointer, tagsize int) int {
-	v := *ptr.toInt64()
-	if v == 0 {
-		return 0
-	}
-	return SizeVarint(uint64(v<<1)^uint64((int64(v)>>63))) + tagsize
-}
-func sizeZigzag64Ptr(ptr pointer, tagsize int) int {
-	p := *ptr.toInt64Ptr()
-	if p == nil {
-		return 0
-	}
-	v := *p
-	return SizeVarint(uint64(v<<1)^uint64((int64(v)>>63))) + tagsize
-}
-func sizeZigzag64Slice(ptr pointer, tagsize int) int {
-	s := *ptr.toInt64Slice()
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64(v<<1)^uint64((int64(v)>>63))) + tagsize
-	}
-	return n
-}
-func sizeZigzag64PackedSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toInt64Slice()
-	if len(s) == 0 {
-		return 0
-	}
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64(v<<1) ^ uint64((int64(v) >> 63)))
-	}
-	return n + SizeVarint(uint64(n)) + tagsize
-}
-func sizeBoolValue(_ pointer, tagsize int) int {
-	return 1 + tagsize
-}
-func sizeBoolValueNoZero(ptr pointer, tagsize int) int {
-	v := *ptr.toBool()
-	if !v {
-		return 0
-	}
-	return 1 + tagsize
-}
-func sizeBoolPtr(ptr pointer, tagsize int) int {
-	p := *ptr.toBoolPtr()
-	if p == nil {
-		return 0
-	}
-	return 1 + tagsize
-}
-func sizeBoolSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toBoolSlice()
-	return (1 + tagsize) * len(s)
-}
-func sizeBoolPackedSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toBoolSlice()
-	if len(s) == 0 {
-		return 0
-	}
-	return len(s) + SizeVarint(uint64(len(s))) + tagsize
-}
-func sizeStringValue(ptr pointer, tagsize int) int {
-	v := *ptr.toString()
-	return len(v) + SizeVarint(uint64(len(v))) + tagsize
-}
-func sizeStringValueNoZero(ptr pointer, tagsize int) int {
-	v := *ptr.toString()
-	if v == "" {
-		return 0
-	}
-	return len(v) + SizeVarint(uint64(len(v))) + tagsize
-}
-func sizeStringPtr(ptr pointer, tagsize int) int {
-	p := *ptr.toStringPtr()
-	if p == nil {
-		return 0
-	}
-	v := *p
-	return len(v) + SizeVarint(uint64(len(v))) + tagsize
-}
-func sizeStringSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toStringSlice()
-	n := 0
-	for _, v := range s {
-		n += len(v) + SizeVarint(uint64(len(v))) + tagsize
-	}
-	return n
-}
-func sizeBytes(ptr pointer, tagsize int) int {
-	v := *ptr.toBytes()
-	if v == nil {
-		return 0
-	}
-	return len(v) + SizeVarint(uint64(len(v))) + tagsize
-}
-func sizeBytes3(ptr pointer, tagsize int) int {
-	v := *ptr.toBytes()
-	if len(v) == 0 {
-		return 0
-	}
-	return len(v) + SizeVarint(uint64(len(v))) + tagsize
-}
-func sizeBytesOneof(ptr pointer, tagsize int) int {
-	v := *ptr.toBytes()
-	return len(v) + SizeVarint(uint64(len(v))) + tagsize
-}
-func sizeBytesSlice(ptr pointer, tagsize int) int {
-	s := *ptr.toBytesSlice()
-	n := 0
-	for _, v := range s {
-		n += len(v) + SizeVarint(uint64(len(v))) + tagsize
-	}
-	return n
-}
-
-// appendFixed32 appends an encoded fixed32 to b.
-func appendFixed32(b []byte, v uint32) []byte {
-	b = append(b,
-		byte(v),
-		byte(v>>8),
-		byte(v>>16),
-		byte(v>>24))
-	return b
-}
-
-// appendFixed64 appends an encoded fixed64 to b.
-func appendFixed64(b []byte, v uint64) []byte {
-	b = append(b,
-		byte(v),
-		byte(v>>8),
-		byte(v>>16),
-		byte(v>>24),
-		byte(v>>32),
-		byte(v>>40),
-		byte(v>>48),
-		byte(v>>56))
-	return b
-}
-
-// appendVarint appends an encoded varint to b.
-func appendVarint(b []byte, v uint64) []byte {
-	// TODO: make 1-byte (maybe 2-byte) case inline-able, once we
-	// have non-leaf inliner.
-	switch {
-	case v < 1<<7:
-		b = append(b, byte(v))
-	case v < 1<<14:
-		b = append(b,
-			byte(v&0x7f|0x80),
-			byte(v>>7))
-	case v < 1<<21:
-		b = append(b,
-			byte(v&0x7f|0x80),
-			byte((v>>7)&0x7f|0x80),
-			byte(v>>14))
-	case v < 1<<28:
-		b = append(b,
-			byte(v&0x7f|0x80),
-			byte((v>>7)&0x7f|0x80),
-			byte((v>>14)&0x7f|0x80),
-			byte(v>>21))
-	case v < 1<<35:
-		b = append(b,
-			byte(v&0x7f|0x80),
-			byte((v>>7)&0x7f|0x80),
-			byte((v>>14)&0x7f|0x80),
-			byte((v>>21)&0x7f|0x80),
-			byte(v>>28))
-	case v < 1<<42:
-		b = append(b,
-			byte(v&0x7f|0x80),
-			byte((v>>7)&0x7f|0x80),
-			byte((v>>14)&0x7f|0x80),
-			byte((v>>21)&0x7f|0x80),
-			byte((v>>28)&0x7f|0x80),
-			byte(v>>35))
-	case v < 1<<49:
-		b = append(b,
-			byte(v&0x7f|0x80),
-			byte((v>>7)&0x7f|0x80),
-			byte((v>>14)&0x7f|0x80),
-			byte((v>>21)&0x7f|0x80),
-			byte((v>>28)&0x7f|0x80),
-			byte((v>>35)&0x7f|0x80),
-			byte(v>>42))
-	case v < 1<<56:
-		b = append(b,
-			byte(v&0x7f|0x80),
-			byte((v>>7)&0x7f|0x80),
-			byte((v>>14)&0x7f|0x80),
-			byte((v>>21)&0x7f|0x80),
-			byte((v>>28)&0x7f|0x80),
-			byte((v>>35)&0x7f|0x80),
-			byte((v>>42)&0x7f|0x80),
-			byte(v>>49))
-	case v < 1<<63:
-		b = append(b,
-			byte(v&0x7f|0x80),
-			byte((v>>7)&0x7f|0x80),
-			byte((v>>14)&0x7f|0x80),
-			byte((v>>21)&0x7f|0x80),
-			byte((v>>28)&0x7f|0x80),
-			byte((v>>35)&0x7f|0x80),
-			byte((v>>42)&0x7f|0x80),
-			byte((v>>49)&0x7f|0x80),
-			byte(v>>56))
-	default:
-		b = append(b,
-			byte(v&0x7f|0x80),
-			byte((v>>7)&0x7f|0x80),
-			byte((v>>14)&0x7f|0x80),
-			byte((v>>21)&0x7f|0x80),
-			byte((v>>28)&0x7f|0x80),
-			byte((v>>35)&0x7f|0x80),
-			byte((v>>42)&0x7f|0x80),
-			byte((v>>49)&0x7f|0x80),
-			byte((v>>56)&0x7f|0x80),
-			1)
-	}
-	return b
-}
-
-func appendFixed32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toUint32()
-	b = appendVarint(b, wiretag)
-	b = appendFixed32(b, v)
-	return b, nil
-}
-func appendFixed32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toUint32()
-	if v == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendFixed32(b, v)
-	return b, nil
-}
-func appendFixed32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := *ptr.toUint32Ptr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendFixed32(b, *p)
-	return b, nil
-}
-func appendFixed32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toUint32Slice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendFixed32(b, v)
-	}
-	return b, nil
-}
-func appendFixed32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toUint32Slice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	b = appendVarint(b, uint64(4*len(s)))
-	for _, v := range s {
-		b = appendFixed32(b, v)
-	}
-	return b, nil
-}
-func appendFixedS32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toInt32()
-	b = appendVarint(b, wiretag)
-	b = appendFixed32(b, uint32(v))
-	return b, nil
-}
-func appendFixedS32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toInt32()
-	if v == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendFixed32(b, uint32(v))
-	return b, nil
-}
-func appendFixedS32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := ptr.getInt32Ptr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendFixed32(b, uint32(*p))
-	return b, nil
-}
-func appendFixedS32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := ptr.getInt32Slice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendFixed32(b, uint32(v))
-	}
-	return b, nil
-}
-func appendFixedS32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := ptr.getInt32Slice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	b = appendVarint(b, uint64(4*len(s)))
-	for _, v := range s {
-		b = appendFixed32(b, uint32(v))
-	}
-	return b, nil
-}
-func appendFloat32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := math.Float32bits(*ptr.toFloat32())
-	b = appendVarint(b, wiretag)
-	b = appendFixed32(b, v)
-	return b, nil
-}
-func appendFloat32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := math.Float32bits(*ptr.toFloat32())
-	if v == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendFixed32(b, v)
-	return b, nil
-}
-func appendFloat32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := *ptr.toFloat32Ptr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendFixed32(b, math.Float32bits(*p))
-	return b, nil
-}
-func appendFloat32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toFloat32Slice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendFixed32(b, math.Float32bits(v))
-	}
-	return b, nil
-}
-func appendFloat32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toFloat32Slice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	b = appendVarint(b, uint64(4*len(s)))
-	for _, v := range s {
-		b = appendFixed32(b, math.Float32bits(v))
-	}
-	return b, nil
-}
-func appendFixed64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toUint64()
-	b = appendVarint(b, wiretag)
-	b = appendFixed64(b, v)
-	return b, nil
-}
-func appendFixed64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toUint64()
-	if v == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendFixed64(b, v)
-	return b, nil
-}
-func appendFixed64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := *ptr.toUint64Ptr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendFixed64(b, *p)
-	return b, nil
-}
-func appendFixed64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toUint64Slice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendFixed64(b, v)
-	}
-	return b, nil
-}
-func appendFixed64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toUint64Slice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	b = appendVarint(b, uint64(8*len(s)))
-	for _, v := range s {
-		b = appendFixed64(b, v)
-	}
-	return b, nil
-}
-func appendFixedS64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toInt64()
-	b = appendVarint(b, wiretag)
-	b = appendFixed64(b, uint64(v))
-	return b, nil
-}
-func appendFixedS64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toInt64()
-	if v == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendFixed64(b, uint64(v))
-	return b, nil
-}
-func appendFixedS64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := *ptr.toInt64Ptr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendFixed64(b, uint64(*p))
-	return b, nil
-}
-func appendFixedS64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toInt64Slice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendFixed64(b, uint64(v))
-	}
-	return b, nil
-}
-func appendFixedS64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toInt64Slice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	b = appendVarint(b, uint64(8*len(s)))
-	for _, v := range s {
-		b = appendFixed64(b, uint64(v))
-	}
-	return b, nil
-}
-func appendFloat64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := math.Float64bits(*ptr.toFloat64())
-	b = appendVarint(b, wiretag)
-	b = appendFixed64(b, v)
-	return b, nil
-}
-func appendFloat64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := math.Float64bits(*ptr.toFloat64())
-	if v == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendFixed64(b, v)
-	return b, nil
-}
-func appendFloat64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := *ptr.toFloat64Ptr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendFixed64(b, math.Float64bits(*p))
-	return b, nil
-}
-func appendFloat64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toFloat64Slice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendFixed64(b, math.Float64bits(v))
-	}
-	return b, nil
-}
-func appendFloat64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toFloat64Slice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	b = appendVarint(b, uint64(8*len(s)))
-	for _, v := range s {
-		b = appendFixed64(b, math.Float64bits(v))
-	}
-	return b, nil
-}
-func appendVarint32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toUint32()
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(v))
-	return b, nil
-}
-func appendVarint32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toUint32()
-	if v == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(v))
-	return b, nil
-}
-func appendVarint32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := *ptr.toUint32Ptr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(*p))
-	return b, nil
-}
-func appendVarint32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toUint32Slice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendVarint(b, uint64(v))
-	}
-	return b, nil
-}
-func appendVarint32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toUint32Slice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	// compute size
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64(v))
-	}
-	b = appendVarint(b, uint64(n))
-	for _, v := range s {
-		b = appendVarint(b, uint64(v))
-	}
-	return b, nil
-}
-func appendVarintS32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toInt32()
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(v))
-	return b, nil
-}
-func appendVarintS32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toInt32()
-	if v == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(v))
-	return b, nil
-}
-func appendVarintS32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := ptr.getInt32Ptr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(*p))
-	return b, nil
-}
-func appendVarintS32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := ptr.getInt32Slice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendVarint(b, uint64(v))
-	}
-	return b, nil
-}
-func appendVarintS32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := ptr.getInt32Slice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	// compute size
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64(v))
-	}
-	b = appendVarint(b, uint64(n))
-	for _, v := range s {
-		b = appendVarint(b, uint64(v))
-	}
-	return b, nil
-}
-func appendVarint64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toUint64()
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, v)
-	return b, nil
-}
-func appendVarint64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toUint64()
-	if v == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, v)
-	return b, nil
-}
-func appendVarint64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := *ptr.toUint64Ptr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, *p)
-	return b, nil
-}
-func appendVarint64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toUint64Slice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendVarint(b, v)
-	}
-	return b, nil
-}
-func appendVarint64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toUint64Slice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	// compute size
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(v)
-	}
-	b = appendVarint(b, uint64(n))
-	for _, v := range s {
-		b = appendVarint(b, v)
-	}
-	return b, nil
-}
-func appendVarintS64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toInt64()
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(v))
-	return b, nil
-}
-func appendVarintS64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toInt64()
-	if v == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(v))
-	return b, nil
-}
-func appendVarintS64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := *ptr.toInt64Ptr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(*p))
-	return b, nil
-}
-func appendVarintS64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toInt64Slice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendVarint(b, uint64(v))
-	}
-	return b, nil
-}
-func appendVarintS64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toInt64Slice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	// compute size
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64(v))
-	}
-	b = appendVarint(b, uint64(n))
-	for _, v := range s {
-		b = appendVarint(b, uint64(v))
-	}
-	return b, nil
-}
-func appendZigzag32Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toInt32()
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31))))
-	return b, nil
-}
-func appendZigzag32ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toInt32()
-	if v == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31))))
-	return b, nil
-}
-func appendZigzag32Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := ptr.getInt32Ptr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	v := *p
-	b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31))))
-	return b, nil
-}
-func appendZigzag32Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := ptr.getInt32Slice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31))))
-	}
-	return b, nil
-}
-func appendZigzag32PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := ptr.getInt32Slice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	// compute size
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64((uint32(v) << 1) ^ uint32((int32(v) >> 31))))
-	}
-	b = appendVarint(b, uint64(n))
-	for _, v := range s {
-		b = appendVarint(b, uint64((uint32(v)<<1)^uint32((int32(v)>>31))))
-	}
-	return b, nil
-}
-func appendZigzag64Value(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toInt64()
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63)))
-	return b, nil
-}
-func appendZigzag64ValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toInt64()
-	if v == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63)))
-	return b, nil
-}
-func appendZigzag64Ptr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := *ptr.toInt64Ptr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	v := *p
-	b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63)))
-	return b, nil
-}
-func appendZigzag64Slice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toInt64Slice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63)))
-	}
-	return b, nil
-}
-func appendZigzag64PackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toInt64Slice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	// compute size
-	n := 0
-	for _, v := range s {
-		n += SizeVarint(uint64(v<<1) ^ uint64((int64(v) >> 63)))
-	}
-	b = appendVarint(b, uint64(n))
-	for _, v := range s {
-		b = appendVarint(b, uint64(v<<1)^uint64((int64(v)>>63)))
-	}
-	return b, nil
-}
-func appendBoolValue(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toBool()
-	b = appendVarint(b, wiretag)
-	if v {
-		b = append(b, 1)
-	} else {
-		b = append(b, 0)
-	}
-	return b, nil
-}
-func appendBoolValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toBool()
-	if !v {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = append(b, 1)
-	return b, nil
-}
-
-func appendBoolPtr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := *ptr.toBoolPtr()
-	if p == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	if *p {
-		b = append(b, 1)
-	} else {
-		b = append(b, 0)
-	}
-	return b, nil
-}
-func appendBoolSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toBoolSlice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		if v {
-			b = append(b, 1)
-		} else {
-			b = append(b, 0)
-		}
-	}
-	return b, nil
-}
-func appendBoolPackedSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toBoolSlice()
-	if len(s) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag&^7|WireBytes)
-	b = appendVarint(b, uint64(len(s)))
-	for _, v := range s {
-		if v {
-			b = append(b, 1)
-		} else {
-			b = append(b, 0)
-		}
-	}
-	return b, nil
-}
-func appendStringValue(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toString()
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(len(v)))
-	b = append(b, v...)
-	return b, nil
-}
-func appendStringValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toString()
-	if v == "" {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(len(v)))
-	b = append(b, v...)
-	return b, nil
-}
-func appendStringPtr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	p := *ptr.toStringPtr()
-	if p == nil {
-		return b, nil
-	}
-	v := *p
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(len(v)))
-	b = append(b, v...)
-	return b, nil
-}
-func appendStringSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toStringSlice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendVarint(b, uint64(len(v)))
-		b = append(b, v...)
-	}
-	return b, nil
-}
-func appendUTF8StringValue(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	var invalidUTF8 bool
-	v := *ptr.toString()
-	if !utf8.ValidString(v) {
-		invalidUTF8 = true
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(len(v)))
-	b = append(b, v...)
-	if invalidUTF8 {
-		return b, errInvalidUTF8
-	}
-	return b, nil
-}
-func appendUTF8StringValueNoZero(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	var invalidUTF8 bool
-	v := *ptr.toString()
-	if v == "" {
-		return b, nil
-	}
-	if !utf8.ValidString(v) {
-		invalidUTF8 = true
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(len(v)))
-	b = append(b, v...)
-	if invalidUTF8 {
-		return b, errInvalidUTF8
-	}
-	return b, nil
-}
-func appendUTF8StringPtr(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	var invalidUTF8 bool
-	p := *ptr.toStringPtr()
-	if p == nil {
-		return b, nil
-	}
-	v := *p
-	if !utf8.ValidString(v) {
-		invalidUTF8 = true
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(len(v)))
-	b = append(b, v...)
-	if invalidUTF8 {
-		return b, errInvalidUTF8
-	}
-	return b, nil
-}
-func appendUTF8StringSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	var invalidUTF8 bool
-	s := *ptr.toStringSlice()
-	for _, v := range s {
-		if !utf8.ValidString(v) {
-			invalidUTF8 = true
-		}
-		b = appendVarint(b, wiretag)
-		b = appendVarint(b, uint64(len(v)))
-		b = append(b, v...)
-	}
-	if invalidUTF8 {
-		return b, errInvalidUTF8
-	}
-	return b, nil
-}
-func appendBytes(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toBytes()
-	if v == nil {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(len(v)))
-	b = append(b, v...)
-	return b, nil
-}
-func appendBytes3(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toBytes()
-	if len(v) == 0 {
-		return b, nil
-	}
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(len(v)))
-	b = append(b, v...)
-	return b, nil
-}
-func appendBytesOneof(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	v := *ptr.toBytes()
-	b = appendVarint(b, wiretag)
-	b = appendVarint(b, uint64(len(v)))
-	b = append(b, v...)
-	return b, nil
-}
-func appendBytesSlice(b []byte, ptr pointer, wiretag uint64, _ bool) ([]byte, error) {
-	s := *ptr.toBytesSlice()
-	for _, v := range s {
-		b = appendVarint(b, wiretag)
-		b = appendVarint(b, uint64(len(v)))
-		b = append(b, v...)
-	}
-	return b, nil
-}
-
-// makeGroupMarshaler returns the sizer and marshaler for a group.
-// u is the marshal info of the underlying message.
-func makeGroupMarshaler(u *marshalInfo) (sizer, marshaler) {
-	return func(ptr pointer, tagsize int) int {
-			p := ptr.getPointer()
-			if p.isNil() {
-				return 0
-			}
-			return u.size(p) + 2*tagsize
-		},
-		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
-			p := ptr.getPointer()
-			if p.isNil() {
-				return b, nil
-			}
-			var err error
-			b = appendVarint(b, wiretag) // start group
-			b, err = u.marshal(b, p, deterministic)
-			b = appendVarint(b, wiretag+(WireEndGroup-WireStartGroup)) // end group
-			return b, err
-		}
-}
-
-// makeGroupSliceMarshaler returns the sizer and marshaler for a group slice.
-// u is the marshal info of the underlying message.
-func makeGroupSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
-	return func(ptr pointer, tagsize int) int {
-			s := ptr.getPointerSlice()
-			n := 0
-			for _, v := range s {
-				if v.isNil() {
-					continue
-				}
-				n += u.size(v) + 2*tagsize
-			}
-			return n
-		},
-		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
-			s := ptr.getPointerSlice()
-			var err error
-			var nerr nonFatal
-			for _, v := range s {
-				if v.isNil() {
-					return b, errRepeatedHasNil
-				}
-				b = appendVarint(b, wiretag) // start group
-				b, err = u.marshal(b, v, deterministic)
-				b = appendVarint(b, wiretag+(WireEndGroup-WireStartGroup)) // end group
-				if !nerr.Merge(err) {
-					if err == ErrNil {
-						err = errRepeatedHasNil
-					}
-					return b, err
-				}
-			}
-			return b, nerr.E
-		}
-}
-
-// makeMessageMarshaler returns the sizer and marshaler for a message field.
-// u is the marshal info of the message.
-func makeMessageMarshaler(u *marshalInfo) (sizer, marshaler) {
-	return func(ptr pointer, tagsize int) int {
-			p := ptr.getPointer()
-			if p.isNil() {
-				return 0
-			}
-			siz := u.size(p)
-			return siz + SizeVarint(uint64(siz)) + tagsize
-		},
-		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
-			p := ptr.getPointer()
-			if p.isNil() {
-				return b, nil
-			}
-			b = appendVarint(b, wiretag)
-			siz := u.cachedsize(p)
-			b = appendVarint(b, uint64(siz))
-			return u.marshal(b, p, deterministic)
-		}
-}
-
-// makeMessageSliceMarshaler returns the sizer and marshaler for a message slice.
-// u is the marshal info of the message.
-func makeMessageSliceMarshaler(u *marshalInfo) (sizer, marshaler) {
-	return func(ptr pointer, tagsize int) int {
-			s := ptr.getPointerSlice()
-			n := 0
-			for _, v := range s {
-				if v.isNil() {
-					continue
-				}
-				siz := u.size(v)
-				n += siz + SizeVarint(uint64(siz)) + tagsize
-			}
-			return n
-		},
-		func(b []byte, ptr pointer, wiretag uint64, deterministic bool) ([]byte, error) {
-			s := ptr.getPointerSlice()
-			var err error
-			var nerr nonFatal
-			for _, v := range s {
-				if v.isNil() {
-					return b, errRepeatedHasNil
-				}
-				b = appendVarint(b, wiretag)
-				siz := u.cachedsize(v)
-				b = appendVarint(b, uint64(siz))
-				b, err = u.marshal(b, v, deterministic)
-
-				if !nerr.Merge(err) {
-					if err == ErrNil {
-						err = errRepeatedHasNil
-					}
-					return b, err
-				}
-			}
-			return b, nerr.E
-		}
-}
-
-// makeMapMarshaler returns the sizer and marshaler for a map field.
-// f is the pointer to the reflect data structure of the field.
-func makeMapMarshaler(f *reflect.StructField) (sizer, marshaler) {
-	// figure out key and value type
-	t := f.Type
-	keyType := t.Key()
-	valType := t.Elem()
-	keyTags := strings.Split(f.Tag.Get("protobuf_key"), ",")
-	valTags := strings.Split(f.Tag.Get("protobuf_val"), ",")
-	keySizer, keyMarshaler := typeMarshaler(keyType, keyTags, false, false) // don't omit zero value in map
-	valSizer, valMarshaler := typeMarshaler(valType, valTags, false, false) // don't omit zero value in map
-	keyWireTag := 1<<3 | wiretype(keyTags[0])
-	valWireTag := 2<<3 | wiretype(valTags[0])
-
-	// We create an interface to get the addresses of the map key and value.
-	// If value is pointer-typed, the interface is a direct interface, the
-	// idata itself is the value. Otherwise, the idata is the pointer to the
-	// value.
-	// Key cannot be pointer-typed.
-	valIsPtr := valType.Kind() == reflect.Ptr
-
-	// If value is a message with nested maps, calling
-	// valSizer in marshal may be quadratic. We should use
-	// cached version in marshal (but not in size).
-	// If value is not message type, we don't have size cache,
-	// but it cannot be nested either. Just use valSizer.
-	valCachedSizer := valSizer
-	if valIsPtr && valType.Elem().Kind() == reflect.Struct {
-		u := getMarshalInfo(valType.Elem())
-		valCachedSizer = func(ptr pointer, tagsize int) int {
-			// Same as message sizer, but use cache.
-			p := ptr.getPointer()
-			if p.isNil() {
-				return 0
-			}
-			siz := u.cachedsize(p)
-			return siz + SizeVarint(uint64(siz)) + tagsize
-		}
-	}
-	return func(ptr pointer, tagsize int) int {
-			m := ptr.asPointerTo(t).Elem() // the map
-			n := 0
-			for _, k := range m.MapKeys() {
-				ki := k.Interface()
-				vi := m.MapIndex(k).Interface()
-				kaddr := toAddrPointer(&ki, false, false)      // pointer to key
-				vaddr := toAddrPointer(&vi, valIsPtr, false)   // pointer to value
-				siz := keySizer(kaddr, 1) + valSizer(vaddr, 1) // tag of key = 1 (size=1), tag of val = 2 (size=1)
-				n += siz + SizeVarint(uint64(siz)) + tagsize
-			}
-			return n
-		},
-		func(b []byte, ptr pointer, tag uint64, deterministic bool) ([]byte, error) {
-			m := ptr.asPointerTo(t).Elem() // the map
-			var err error
-			keys := m.MapKeys()
-			if len(keys) > 1 && deterministic {
-				sort.Sort(mapKeys(keys))
-			}
-
-			var nerr nonFatal
-			for _, k := range keys {
-				ki := k.Interface()
-				vi := m.MapIndex(k).Interface()
-				kaddr := toAddrPointer(&ki, false, false)    // pointer to key
-				vaddr := toAddrPointer(&vi, valIsPtr, false) // pointer to value
-				b = appendVarint(b, tag)
-				siz := keySizer(kaddr, 1) + valCachedSizer(vaddr, 1) // tag of key = 1 (size=1), tag of val = 2 (size=1)
-				b = appendVarint(b, uint64(siz))
-				b, err = keyMarshaler(b, kaddr, keyWireTag, deterministic)
-				if !nerr.Merge(err) {
-					return b, err
-				}
-				b, err = valMarshaler(b, vaddr, valWireTag, deterministic)
-				if err != ErrNil && !nerr.Merge(err) { // allow nil value in map
-					return b, err
-				}
-			}
-			return b, nerr.E
-		}
-}
-
-// makeOneOfMarshaler returns the sizer and marshaler for a oneof field.
-// fi is the marshal info of the field.
-// f is the pointer to the reflect data structure of the field.
-func makeOneOfMarshaler(fi *marshalFieldInfo, f *reflect.StructField) (sizer, marshaler) {
-	// Oneof field is an interface. We need to get the actual data type on the fly.
-	t := f.Type
-	return func(ptr pointer, _ int) int {
-			p := ptr.getInterfacePointer()
-			if p.isNil() {
-				return 0
-			}
-			v := ptr.asPointerTo(t).Elem().Elem().Elem() // *interface -> interface -> *struct -> struct
-			telem := v.Type()
-			e := fi.oneofElems[telem]
-			return e.sizer(p, e.tagsize)
-		},
-		func(b []byte, ptr pointer, _ uint64, deterministic bool) ([]byte, error) {
-			p := ptr.getInterfacePointer()
-			if p.isNil() {
-				return b, nil
-			}
-			v := ptr.asPointerTo(t).Elem().Elem().Elem() // *interface -> interface -> *struct -> struct
-			telem := v.Type()
-			if telem.Field(0).Type.Kind() == reflect.Ptr && p.getPointer().isNil() {
-				return b, errOneofHasNil
-			}
-			e := fi.oneofElems[telem]
-			return e.marshaler(b, p, e.wiretag, deterministic)
-		}
-}
-
-// sizeExtensions computes the size of encoded data for a XXX_InternalExtensions field.
-func (u *marshalInfo) sizeExtensions(ext *XXX_InternalExtensions) int {
-	m, mu := ext.extensionsRead()
-	if m == nil {
-		return 0
-	}
-	mu.Lock()
-
-	n := 0
-	for _, e := range m {
-		if e.value == nil || e.desc == nil {
-			// Extension is only in its encoded form.
-			n += len(e.enc)
-			continue
-		}
-
-		// We don't skip extensions that have an encoded form set,
-		// because the extension value may have been mutated after
-		// the last time this function was called.
-		ei := u.getExtElemInfo(e.desc)
-		v := e.value
-		p := toAddrPointer(&v, ei.isptr, ei.deref)
-		n += ei.sizer(p, ei.tagsize)
-	}
-	mu.Unlock()
-	return n
-}
-
-// appendExtensions marshals a XXX_InternalExtensions field to the end of byte slice b.
-func (u *marshalInfo) appendExtensions(b []byte, ext *XXX_InternalExtensions, deterministic bool) ([]byte, error) {
-	m, mu := ext.extensionsRead()
-	if m == nil {
-		return b, nil
-	}
-	mu.Lock()
-	defer mu.Unlock()
-
-	var err error
-	var nerr nonFatal
-
-	// Fast-path for common cases: zero or one extensions.
-	// Don't bother sorting the keys.
-	if len(m) <= 1 {
-		for _, e := range m {
-			if e.value == nil || e.desc == nil {
-				// Extension is only in its encoded form.
-				b = append(b, e.enc...)
-				continue
-			}
-
-			// We don't skip extensions that have an encoded form set,
-			// because the extension value may have been mutated after
-			// the last time this function was called.
-
-			ei := u.getExtElemInfo(e.desc)
-			v := e.value
-			p := toAddrPointer(&v, ei.isptr, ei.deref)
-			b, err = ei.marshaler(b, p, ei.wiretag, deterministic)
-			if !nerr.Merge(err) {
-				return b, err
-			}
-		}
-		return b, nerr.E
-	}
-
-	// Sort the keys to provide a deterministic encoding.
-	// Not sure this is required, but the old code does it.
-	keys := make([]int, 0, len(m))
-	for k := range m {
-		keys = append(keys, int(k))
-	}
-	sort.Ints(keys)
-
-	for _, k := range keys {
-		e := m[int32(k)]
-		if e.value == nil || e.desc == nil {
-			// Extension is only in its encoded form.
-			b = append(b, e.enc...)
-			continue
-		}
-
-		// We don't skip extensions that have an encoded form set,
-		// because the extension value may have been mutated after
-		// the last time this function was called.
-
-		ei := u.getExtElemInfo(e.desc)
-		v := e.value
-		p := toAddrPointer(&v, ei.isptr, ei.deref)
-		b, err = ei.marshaler(b, p, ei.wiretag, deterministic)
-		if !nerr.Merge(err) {
-			return b, err
-		}
-	}
-	return b, nerr.E
-}
-
-// message set format is:
-//   message MessageSet {
-//     repeated group Item = 1 {
-//       required int32 type_id = 2;
-//       required string message = 3;
-//     };
-//   }
-
-// sizeMessageSet computes the size of encoded data for a XXX_InternalExtensions field
-// in message set format (above).
-func (u *marshalInfo) sizeMessageSet(ext *XXX_InternalExtensions) int {
-	m, mu := ext.extensionsRead()
-	if m == nil {
-		return 0
-	}
-	mu.Lock()
-
-	n := 0
-	for id, e := range m {
-		n += 2                          // start group, end group. tag = 1 (size=1)
-		n += SizeVarint(uint64(id)) + 1 // type_id, tag = 2 (size=1)
-
-		if e.value == nil || e.desc == nil {
-			// Extension is only in its encoded form.
-			msgWithLen := skipVarint(e.enc) // skip old tag, but leave the length varint
-			siz := len(msgWithLen)
-			n += siz + 1 // message, tag = 3 (size=1)
-			continue
-		}
-
-		// We don't skip extensions that have an encoded form set,
-		// because the extension value may have been mutated after
-		// the last time this function was called.
-
-		ei := u.getExtElemInfo(e.desc)
-		v := e.value
-		p := toAddrPointer(&v, ei.isptr, ei.deref)
-		n += ei.sizer(p, 1) // message, tag = 3 (size=1)
-	}
-	mu.Unlock()
-	return n
-}
-
-// appendMessageSet marshals a XXX_InternalExtensions field in message set format (above)
-// to the end of byte slice b.
-func (u *marshalInfo) appendMessageSet(b []byte, ext *XXX_InternalExtensions, deterministic bool) ([]byte, error) {
-	m, mu := ext.extensionsRead()
-	if m == nil {
-		return b, nil
-	}
-	mu.Lock()
-	defer mu.Unlock()
-
-	var err error
-	var nerr nonFatal
-
-	// Fast-path for common cases: zero or one extensions.
-	// Don't bother sorting the keys.
-	if len(m) <= 1 {
-		for id, e := range m {
-			b = append(b, 1<<3|WireStartGroup)
-			b = append(b, 2<<3|WireVarint)
-			b = appendVarint(b, uint64(id))
-
-			if e.value == nil || e.desc == nil {
-				// Extension is only in its encoded form.
-				msgWithLen := skipVarint(e.enc) // skip old tag, but leave the length varint
-				b = append(b, 3<<3|WireBytes)
-				b = append(b, msgWithLen...)
-				b = append(b, 1<<3|WireEndGroup)
-				continue
-			}
-
-			// We don't skip extensions that have an encoded form set,
-			// because the extension value may have been mutated after
-			// the last time this function was called.
-
-			ei := u.getExtElemInfo(e.desc)
-			v := e.value
-			p := toAddrPointer(&v, ei.isptr, ei.deref)
-			b, err = ei.marshaler(b, p, 3<<3|WireBytes, deterministic)
-			if !nerr.Merge(err) {
-				return b, err
-			}
-			b = append(b, 1<<3|WireEndGroup)
-		}
-		return b, nerr.E
-	}
-
-	// Sort the keys to provide a deterministic encoding.
-	keys := make([]int, 0, len(m))
-	for k := range m {
-		keys = append(keys, int(k))
-	}
-	sort.Ints(keys)
-
-	for _, id := range keys {
-		e := m[int32(id)]
-		b = append(b, 1<<3|WireStartGroup)
-		b = append(b, 2<<3|WireVarint)
-		b = appendVarint(b, uint64(id))
-
-		if e.value == nil || e.desc == nil {
-			// Extension is only in its encoded form.
-			msgWithLen := skipVarint(e.enc) // skip old tag, but leave the length varint
-			b = append(b, 3<<3|WireBytes)
-			b = append(b, msgWithLen...)
-			b = append(b, 1<<3|WireEndGroup)
-			continue
-		}
-
-		// We don't skip extensions that have an encoded form set,
-		// because the extension value may have been mutated after
-		// the last time this function was called.
-
-		ei := u.getExtElemInfo(e.desc)
-		v := e.value
-		p := toAddrPointer(&v, ei.isptr, ei.deref)
-		b, err = ei.marshaler(b, p, 3<<3|WireBytes, deterministic)
-		b = append(b, 1<<3|WireEndGroup)
-		if !nerr.Merge(err) {
-			return b, err
-		}
-	}
-	return b, nerr.E
-}
-
-// sizeV1Extensions computes the size of encoded data for a V1-API extension field.
-func (u *marshalInfo) sizeV1Extensions(m map[int32]Extension) int {
-	if m == nil {
-		return 0
-	}
-
-	n := 0
-	for _, e := range m {
-		if e.value == nil || e.desc == nil {
-			// Extension is only in its encoded form.
-			n += len(e.enc)
-			continue
-		}
-
-		// We don't skip extensions that have an encoded form set,
-		// because the extension value may have been mutated after
-		// the last time this function was called.
-
-		ei := u.getExtElemInfo(e.desc)
-		v := e.value
-		p := toAddrPointer(&v, ei.isptr, ei.deref)
-		n += ei.sizer(p, ei.tagsize)
-	}
-	return n
-}
-
-// appendV1Extensions marshals a V1-API extension field to the end of byte slice b.
-func (u *marshalInfo) appendV1Extensions(b []byte, m map[int32]Extension, deterministic bool) ([]byte, error) {
-	if m == nil {
-		return b, nil
-	}
-
-	// Sort the keys to provide a deterministic encoding.
-	keys := make([]int, 0, len(m))
-	for k := range m {
-		keys = append(keys, int(k))
-	}
-	sort.Ints(keys)
-
-	var err error
-	var nerr nonFatal
-	for _, k := range keys {
-		e := m[int32(k)]
-		if e.value == nil || e.desc == nil {
-			// Extension is only in its encoded form.
-			b = append(b, e.enc...)
-			continue
-		}
-
-		// We don't skip extensions that have an encoded form set,
-		// because the extension value may have been mutated after
-		// the last time this function was called.
-
-		ei := u.getExtElemInfo(e.desc)
-		v := e.value
-		p := toAddrPointer(&v, ei.isptr, ei.deref)
-		b, err = ei.marshaler(b, p, ei.wiretag, deterministic)
-		if !nerr.Merge(err) {
-			return b, err
-		}
-	}
-	return b, nerr.E
-}
-
-// newMarshaler is the interface representing objects that can marshal themselves.
-//
-// This exists to support protoc-gen-go generated messages.
-// The proto package will stop type-asserting to this interface in the future.
-//
-// DO NOT DEPEND ON THIS.
-type newMarshaler interface {
-	XXX_Size() int
-	XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
-}
-
-// Size returns the encoded size of a protocol buffer message.
-// This is the main entry point.
-func Size(pb Message) int {
-	if m, ok := pb.(newMarshaler); ok {
-		return m.XXX_Size()
-	}
-	if m, ok := pb.(Marshaler); ok {
-		// If the message can marshal itself, let it do it, for compatibility.
-		// NOTE: This is not efficient.
-		b, _ := m.Marshal()
-		return len(b)
-	}
-	// in case somehow we didn't generate the wrapper
-	if pb == nil {
-		return 0
-	}
-	var info InternalMessageInfo
-	return info.Size(pb)
-}
-
-// Marshal takes a protocol buffer message
-// and encodes it into the wire format, returning the data.
-// This is the main entry point.
-func Marshal(pb Message) ([]byte, error) {
-	if m, ok := pb.(newMarshaler); ok {
-		siz := m.XXX_Size()
-		b := make([]byte, 0, siz)
-		return m.XXX_Marshal(b, false)
-	}
-	if m, ok := pb.(Marshaler); ok {
-		// If the message can marshal itself, let it do it, for compatibility.
-		// NOTE: This is not efficient.
-		return m.Marshal()
-	}
-	// in case somehow we didn't generate the wrapper
-	if pb == nil {
-		return nil, ErrNil
-	}
-	var info InternalMessageInfo
-	siz := info.Size(pb)
-	b := make([]byte, 0, siz)
-	return info.Marshal(b, pb, false)
-}
-
-// Marshal takes a protocol buffer message
-// and encodes it into the wire format, writing the result to the
-// Buffer.
-// This is an alternative entry point. It is not necessary to use
-// a Buffer for most applications.
-func (p *Buffer) Marshal(pb Message) error {
-	var err error
-	if m, ok := pb.(newMarshaler); ok {
-		siz := m.XXX_Size()
-		p.grow(siz) // make sure buf has enough capacity
-		p.buf, err = m.XXX_Marshal(p.buf, p.deterministic)
-		return err
-	}
-	if m, ok := pb.(Marshaler); ok {
-		// If the message can marshal itself, let it do it, for compatibility.
-		// NOTE: This is not efficient.
-		b, err := m.Marshal()
-		p.buf = append(p.buf, b...)
-		return err
-	}
-	// in case somehow we didn't generate the wrapper
-	if pb == nil {
-		return ErrNil
-	}
-	var info InternalMessageInfo
-	siz := info.Size(pb)
-	p.grow(siz) // make sure buf has enough capacity
-	p.buf, err = info.Marshal(p.buf, pb, p.deterministic)
-	return err
-}
-
-// grow grows the buffer's capacity, if necessary, to guarantee space for
-// another n bytes. After grow(n), at least n bytes can be written to the
-// buffer without another allocation.
-func (p *Buffer) grow(n int) {
-	need := len(p.buf) + n
-	if need <= cap(p.buf) {
-		return
-	}
-	newCap := len(p.buf) * 2
-	if newCap < need {
-		newCap = need
-	}
-	p.buf = append(make([]byte, 0, newCap), p.buf...)
-}
diff --git a/vendor/github.com/golang/protobuf/proto/table_merge.go b/vendor/github.com/golang/protobuf/proto/table_merge.go
deleted file mode 100644
index 5525def6a..000000000
--- a/vendor/github.com/golang/protobuf/proto/table_merge.go
+++ /dev/null
@@ -1,654 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2016 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-import (
-	"fmt"
-	"reflect"
-	"strings"
-	"sync"
-	"sync/atomic"
-)
-
-// Merge merges the src message into dst.
-// This assumes that dst and src of the same type and are non-nil.
-func (a *InternalMessageInfo) Merge(dst, src Message) {
-	mi := atomicLoadMergeInfo(&a.merge)
-	if mi == nil {
-		mi = getMergeInfo(reflect.TypeOf(dst).Elem())
-		atomicStoreMergeInfo(&a.merge, mi)
-	}
-	mi.merge(toPointer(&dst), toPointer(&src))
-}
-
-type mergeInfo struct {
-	typ reflect.Type
-
-	initialized int32 // 0: only typ is valid, 1: everything is valid
-	lock        sync.Mutex
-
-	fields       []mergeFieldInfo
-	unrecognized field // Offset of XXX_unrecognized
-}
-
-type mergeFieldInfo struct {
-	field field // Offset of field, guaranteed to be valid
-
-	// isPointer reports whether the value in the field is a pointer.
-	// This is true for the following situations:
-	//	* Pointer to struct
-	//	* Pointer to basic type (proto2 only)
-	//	* Slice (first value in slice header is a pointer)
-	//	* String (first value in string header is a pointer)
-	isPointer bool
-
-	// basicWidth reports the width of the field assuming that it is directly
-	// embedded in the struct (as is the case for basic types in proto3).
-	// The possible values are:
-	// 	0: invalid
-	//	1: bool
-	//	4: int32, uint32, float32
-	//	8: int64, uint64, float64
-	basicWidth int
-
-	// Where dst and src are pointers to the types being merged.
-	merge func(dst, src pointer)
-}
-
-var (
-	mergeInfoMap  = map[reflect.Type]*mergeInfo{}
-	mergeInfoLock sync.Mutex
-)
-
-func getMergeInfo(t reflect.Type) *mergeInfo {
-	mergeInfoLock.Lock()
-	defer mergeInfoLock.Unlock()
-	mi := mergeInfoMap[t]
-	if mi == nil {
-		mi = &mergeInfo{typ: t}
-		mergeInfoMap[t] = mi
-	}
-	return mi
-}
-
-// merge merges src into dst assuming they are both of type *mi.typ.
-func (mi *mergeInfo) merge(dst, src pointer) {
-	if dst.isNil() {
-		panic("proto: nil destination")
-	}
-	if src.isNil() {
-		return // Nothing to do.
-	}
-
-	if atomic.LoadInt32(&mi.initialized) == 0 {
-		mi.computeMergeInfo()
-	}
-
-	for _, fi := range mi.fields {
-		sfp := src.offset(fi.field)
-
-		// As an optimization, we can avoid the merge function call cost
-		// if we know for sure that the source will have no effect
-		// by checking if it is the zero value.
-		if unsafeAllowed {
-			if fi.isPointer && sfp.getPointer().isNil() { // Could be slice or string
-				continue
-			}
-			if fi.basicWidth > 0 {
-				switch {
-				case fi.basicWidth == 1 && !*sfp.toBool():
-					continue
-				case fi.basicWidth == 4 && *sfp.toUint32() == 0:
-					continue
-				case fi.basicWidth == 8 && *sfp.toUint64() == 0:
-					continue
-				}
-			}
-		}
-
-		dfp := dst.offset(fi.field)
-		fi.merge(dfp, sfp)
-	}
-
-	// TODO: Make this faster?
-	out := dst.asPointerTo(mi.typ).Elem()
-	in := src.asPointerTo(mi.typ).Elem()
-	if emIn, err := extendable(in.Addr().Interface()); err == nil {
-		emOut, _ := extendable(out.Addr().Interface())
-		mIn, muIn := emIn.extensionsRead()
-		if mIn != nil {
-			mOut := emOut.extensionsWrite()
-			muIn.Lock()
-			mergeExtension(mOut, mIn)
-			muIn.Unlock()
-		}
-	}
-
-	if mi.unrecognized.IsValid() {
-		if b := *src.offset(mi.unrecognized).toBytes(); len(b) > 0 {
-			*dst.offset(mi.unrecognized).toBytes() = append([]byte(nil), b...)
-		}
-	}
-}
-
-func (mi *mergeInfo) computeMergeInfo() {
-	mi.lock.Lock()
-	defer mi.lock.Unlock()
-	if mi.initialized != 0 {
-		return
-	}
-	t := mi.typ
-	n := t.NumField()
-
-	props := GetProperties(t)
-	for i := 0; i < n; i++ {
-		f := t.Field(i)
-		if strings.HasPrefix(f.Name, "XXX_") {
-			continue
-		}
-
-		mfi := mergeFieldInfo{field: toField(&f)}
-		tf := f.Type
-
-		// As an optimization, we can avoid the merge function call cost
-		// if we know for sure that the source will have no effect
-		// by checking if it is the zero value.
-		if unsafeAllowed {
-			switch tf.Kind() {
-			case reflect.Ptr, reflect.Slice, reflect.String:
-				// As a special case, we assume slices and strings are pointers
-				// since we know that the first field in the SliceSlice or
-				// StringHeader is a data pointer.
-				mfi.isPointer = true
-			case reflect.Bool:
-				mfi.basicWidth = 1
-			case reflect.Int32, reflect.Uint32, reflect.Float32:
-				mfi.basicWidth = 4
-			case reflect.Int64, reflect.Uint64, reflect.Float64:
-				mfi.basicWidth = 8
-			}
-		}
-
-		// Unwrap tf to get at its most basic type.
-		var isPointer, isSlice bool
-		if tf.Kind() == reflect.Slice && tf.Elem().Kind() != reflect.Uint8 {
-			isSlice = true
-			tf = tf.Elem()
-		}
-		if tf.Kind() == reflect.Ptr {
-			isPointer = true
-			tf = tf.Elem()
-		}
-		if isPointer && isSlice && tf.Kind() != reflect.Struct {
-			panic("both pointer and slice for basic type in " + tf.Name())
-		}
-
-		switch tf.Kind() {
-		case reflect.Int32:
-			switch {
-			case isSlice: // E.g., []int32
-				mfi.merge = func(dst, src pointer) {
-					// NOTE: toInt32Slice is not defined (see pointer_reflect.go).
-					/*
-						sfsp := src.toInt32Slice()
-						if *sfsp != nil {
-							dfsp := dst.toInt32Slice()
-							*dfsp = append(*dfsp, *sfsp...)
-							if *dfsp == nil {
-								*dfsp = []int64{}
-							}
-						}
-					*/
-					sfs := src.getInt32Slice()
-					if sfs != nil {
-						dfs := dst.getInt32Slice()
-						dfs = append(dfs, sfs...)
-						if dfs == nil {
-							dfs = []int32{}
-						}
-						dst.setInt32Slice(dfs)
-					}
-				}
-			case isPointer: // E.g., *int32
-				mfi.merge = func(dst, src pointer) {
-					// NOTE: toInt32Ptr is not defined (see pointer_reflect.go).
-					/*
-						sfpp := src.toInt32Ptr()
-						if *sfpp != nil {
-							dfpp := dst.toInt32Ptr()
-							if *dfpp == nil {
-								*dfpp = Int32(**sfpp)
-							} else {
-								**dfpp = **sfpp
-							}
-						}
-					*/
-					sfp := src.getInt32Ptr()
-					if sfp != nil {
-						dfp := dst.getInt32Ptr()
-						if dfp == nil {
-							dst.setInt32Ptr(*sfp)
-						} else {
-							*dfp = *sfp
-						}
-					}
-				}
-			default: // E.g., int32
-				mfi.merge = func(dst, src pointer) {
-					if v := *src.toInt32(); v != 0 {
-						*dst.toInt32() = v
-					}
-				}
-			}
-		case reflect.Int64:
-			switch {
-			case isSlice: // E.g., []int64
-				mfi.merge = func(dst, src pointer) {
-					sfsp := src.toInt64Slice()
-					if *sfsp != nil {
-						dfsp := dst.toInt64Slice()
-						*dfsp = append(*dfsp, *sfsp...)
-						if *dfsp == nil {
-							*dfsp = []int64{}
-						}
-					}
-				}
-			case isPointer: // E.g., *int64
-				mfi.merge = func(dst, src pointer) {
-					sfpp := src.toInt64Ptr()
-					if *sfpp != nil {
-						dfpp := dst.toInt64Ptr()
-						if *dfpp == nil {
-							*dfpp = Int64(**sfpp)
-						} else {
-							**dfpp = **sfpp
-						}
-					}
-				}
-			default: // E.g., int64
-				mfi.merge = func(dst, src pointer) {
-					if v := *src.toInt64(); v != 0 {
-						*dst.toInt64() = v
-					}
-				}
-			}
-		case reflect.Uint32:
-			switch {
-			case isSlice: // E.g., []uint32
-				mfi.merge = func(dst, src pointer) {
-					sfsp := src.toUint32Slice()
-					if *sfsp != nil {
-						dfsp := dst.toUint32Slice()
-						*dfsp = append(*dfsp, *sfsp...)
-						if *dfsp == nil {
-							*dfsp = []uint32{}
-						}
-					}
-				}
-			case isPointer: // E.g., *uint32
-				mfi.merge = func(dst, src pointer) {
-					sfpp := src.toUint32Ptr()
-					if *sfpp != nil {
-						dfpp := dst.toUint32Ptr()
-						if *dfpp == nil {
-							*dfpp = Uint32(**sfpp)
-						} else {
-							**dfpp = **sfpp
-						}
-					}
-				}
-			default: // E.g., uint32
-				mfi.merge = func(dst, src pointer) {
-					if v := *src.toUint32(); v != 0 {
-						*dst.toUint32() = v
-					}
-				}
-			}
-		case reflect.Uint64:
-			switch {
-			case isSlice: // E.g., []uint64
-				mfi.merge = func(dst, src pointer) {
-					sfsp := src.toUint64Slice()
-					if *sfsp != nil {
-						dfsp := dst.toUint64Slice()
-						*dfsp = append(*dfsp, *sfsp...)
-						if *dfsp == nil {
-							*dfsp = []uint64{}
-						}
-					}
-				}
-			case isPointer: // E.g., *uint64
-				mfi.merge = func(dst, src pointer) {
-					sfpp := src.toUint64Ptr()
-					if *sfpp != nil {
-						dfpp := dst.toUint64Ptr()
-						if *dfpp == nil {
-							*dfpp = Uint64(**sfpp)
-						} else {
-							**dfpp = **sfpp
-						}
-					}
-				}
-			default: // E.g., uint64
-				mfi.merge = func(dst, src pointer) {
-					if v := *src.toUint64(); v != 0 {
-						*dst.toUint64() = v
-					}
-				}
-			}
-		case reflect.Float32:
-			switch {
-			case isSlice: // E.g., []float32
-				mfi.merge = func(dst, src pointer) {
-					sfsp := src.toFloat32Slice()
-					if *sfsp != nil {
-						dfsp := dst.toFloat32Slice()
-						*dfsp = append(*dfsp, *sfsp...)
-						if *dfsp == nil {
-							*dfsp = []float32{}
-						}
-					}
-				}
-			case isPointer: // E.g., *float32
-				mfi.merge = func(dst, src pointer) {
-					sfpp := src.toFloat32Ptr()
-					if *sfpp != nil {
-						dfpp := dst.toFloat32Ptr()
-						if *dfpp == nil {
-							*dfpp = Float32(**sfpp)
-						} else {
-							**dfpp = **sfpp
-						}
-					}
-				}
-			default: // E.g., float32
-				mfi.merge = func(dst, src pointer) {
-					if v := *src.toFloat32(); v != 0 {
-						*dst.toFloat32() = v
-					}
-				}
-			}
-		case reflect.Float64:
-			switch {
-			case isSlice: // E.g., []float64
-				mfi.merge = func(dst, src pointer) {
-					sfsp := src.toFloat64Slice()
-					if *sfsp != nil {
-						dfsp := dst.toFloat64Slice()
-						*dfsp = append(*dfsp, *sfsp...)
-						if *dfsp == nil {
-							*dfsp = []float64{}
-						}
-					}
-				}
-			case isPointer: // E.g., *float64
-				mfi.merge = func(dst, src pointer) {
-					sfpp := src.toFloat64Ptr()
-					if *sfpp != nil {
-						dfpp := dst.toFloat64Ptr()
-						if *dfpp == nil {
-							*dfpp = Float64(**sfpp)
-						} else {
-							**dfpp = **sfpp
-						}
-					}
-				}
-			default: // E.g., float64
-				mfi.merge = func(dst, src pointer) {
-					if v := *src.toFloat64(); v != 0 {
-						*dst.toFloat64() = v
-					}
-				}
-			}
-		case reflect.Bool:
-			switch {
-			case isSlice: // E.g., []bool
-				mfi.merge = func(dst, src pointer) {
-					sfsp := src.toBoolSlice()
-					if *sfsp != nil {
-						dfsp := dst.toBoolSlice()
-						*dfsp = append(*dfsp, *sfsp...)
-						if *dfsp == nil {
-							*dfsp = []bool{}
-						}
-					}
-				}
-			case isPointer: // E.g., *bool
-				mfi.merge = func(dst, src pointer) {
-					sfpp := src.toBoolPtr()
-					if *sfpp != nil {
-						dfpp := dst.toBoolPtr()
-						if *dfpp == nil {
-							*dfpp = Bool(**sfpp)
-						} else {
-							**dfpp = **sfpp
-						}
-					}
-				}
-			default: // E.g., bool
-				mfi.merge = func(dst, src pointer) {
-					if v := *src.toBool(); v {
-						*dst.toBool() = v
-					}
-				}
-			}
-		case reflect.String:
-			switch {
-			case isSlice: // E.g., []string
-				mfi.merge = func(dst, src pointer) {
-					sfsp := src.toStringSlice()
-					if *sfsp != nil {
-						dfsp := dst.toStringSlice()
-						*dfsp = append(*dfsp, *sfsp...)
-						if *dfsp == nil {
-							*dfsp = []string{}
-						}
-					}
-				}
-			case isPointer: // E.g., *string
-				mfi.merge = func(dst, src pointer) {
-					sfpp := src.toStringPtr()
-					if *sfpp != nil {
-						dfpp := dst.toStringPtr()
-						if *dfpp == nil {
-							*dfpp = String(**sfpp)
-						} else {
-							**dfpp = **sfpp
-						}
-					}
-				}
-			default: // E.g., string
-				mfi.merge = func(dst, src pointer) {
-					if v := *src.toString(); v != "" {
-						*dst.toString() = v
-					}
-				}
-			}
-		case reflect.Slice:
-			isProto3 := props.Prop[i].proto3
-			switch {
-			case isPointer:
-				panic("bad pointer in byte slice case in " + tf.Name())
-			case tf.Elem().Kind() != reflect.Uint8:
-				panic("bad element kind in byte slice case in " + tf.Name())
-			case isSlice: // E.g., [][]byte
-				mfi.merge = func(dst, src pointer) {
-					sbsp := src.toBytesSlice()
-					if *sbsp != nil {
-						dbsp := dst.toBytesSlice()
-						for _, sb := range *sbsp {
-							if sb == nil {
-								*dbsp = append(*dbsp, nil)
-							} else {
-								*dbsp = append(*dbsp, append([]byte{}, sb...))
-							}
-						}
-						if *dbsp == nil {
-							*dbsp = [][]byte{}
-						}
-					}
-				}
-			default: // E.g., []byte
-				mfi.merge = func(dst, src pointer) {
-					sbp := src.toBytes()
-					if *sbp != nil {
-						dbp := dst.toBytes()
-						if !isProto3 || len(*sbp) > 0 {
-							*dbp = append([]byte{}, *sbp...)
-						}
-					}
-				}
-			}
-		case reflect.Struct:
-			switch {
-			case !isPointer:
-				panic(fmt.Sprintf("message field %s without pointer", tf))
-			case isSlice: // E.g., []*pb.T
-				mi := getMergeInfo(tf)
-				mfi.merge = func(dst, src pointer) {
-					sps := src.getPointerSlice()
-					if sps != nil {
-						dps := dst.getPointerSlice()
-						for _, sp := range sps {
-							var dp pointer
-							if !sp.isNil() {
-								dp = valToPointer(reflect.New(tf))
-								mi.merge(dp, sp)
-							}
-							dps = append(dps, dp)
-						}
-						if dps == nil {
-							dps = []pointer{}
-						}
-						dst.setPointerSlice(dps)
-					}
-				}
-			default: // E.g., *pb.T
-				mi := getMergeInfo(tf)
-				mfi.merge = func(dst, src pointer) {
-					sp := src.getPointer()
-					if !sp.isNil() {
-						dp := dst.getPointer()
-						if dp.isNil() {
-							dp = valToPointer(reflect.New(tf))
-							dst.setPointer(dp)
-						}
-						mi.merge(dp, sp)
-					}
-				}
-			}
-		case reflect.Map:
-			switch {
-			case isPointer || isSlice:
-				panic("bad pointer or slice in map case in " + tf.Name())
-			default: // E.g., map[K]V
-				mfi.merge = func(dst, src pointer) {
-					sm := src.asPointerTo(tf).Elem()
-					if sm.Len() == 0 {
-						return
-					}
-					dm := dst.asPointerTo(tf).Elem()
-					if dm.IsNil() {
-						dm.Set(reflect.MakeMap(tf))
-					}
-
-					switch tf.Elem().Kind() {
-					case reflect.Ptr: // Proto struct (e.g., *T)
-						for _, key := range sm.MapKeys() {
-							val := sm.MapIndex(key)
-							val = reflect.ValueOf(Clone(val.Interface().(Message)))
-							dm.SetMapIndex(key, val)
-						}
-					case reflect.Slice: // E.g. Bytes type (e.g., []byte)
-						for _, key := range sm.MapKeys() {
-							val := sm.MapIndex(key)
-							val = reflect.ValueOf(append([]byte{}, val.Bytes()...))
-							dm.SetMapIndex(key, val)
-						}
-					default: // Basic type (e.g., string)
-						for _, key := range sm.MapKeys() {
-							val := sm.MapIndex(key)
-							dm.SetMapIndex(key, val)
-						}
-					}
-				}
-			}
-		case reflect.Interface:
-			// Must be oneof field.
-			switch {
-			case isPointer || isSlice:
-				panic("bad pointer or slice in interface case in " + tf.Name())
-			default: // E.g., interface{}
-				// TODO: Make this faster?
-				mfi.merge = func(dst, src pointer) {
-					su := src.asPointerTo(tf).Elem()
-					if !su.IsNil() {
-						du := dst.asPointerTo(tf).Elem()
-						typ := su.Elem().Type()
-						if du.IsNil() || du.Elem().Type() != typ {
-							du.Set(reflect.New(typ.Elem())) // Initialize interface if empty
-						}
-						sv := su.Elem().Elem().Field(0)
-						if sv.Kind() == reflect.Ptr && sv.IsNil() {
-							return
-						}
-						dv := du.Elem().Elem().Field(0)
-						if dv.Kind() == reflect.Ptr && dv.IsNil() {
-							dv.Set(reflect.New(sv.Type().Elem())) // Initialize proto message if empty
-						}
-						switch sv.Type().Kind() {
-						case reflect.Ptr: // Proto struct (e.g., *T)
-							Merge(dv.Interface().(Message), sv.Interface().(Message))
-						case reflect.Slice: // E.g. Bytes type (e.g., []byte)
-							dv.Set(reflect.ValueOf(append([]byte{}, sv.Bytes()...)))
-						default: // Basic type (e.g., string)
-							dv.Set(sv)
-						}
-					}
-				}
-			}
-		default:
-			panic(fmt.Sprintf("merger not found for type:%s", tf))
-		}
-		mi.fields = append(mi.fields, mfi)
-	}
-
-	mi.unrecognized = invalidField
-	if f, ok := t.FieldByName("XXX_unrecognized"); ok {
-		if f.Type != reflect.TypeOf([]byte{}) {
-			panic("expected XXX_unrecognized to be of type []byte")
-		}
-		mi.unrecognized = toField(&f)
-	}
-
-	atomic.StoreInt32(&mi.initialized, 1)
-}
diff --git a/vendor/github.com/golang/protobuf/proto/table_unmarshal.go b/vendor/github.com/golang/protobuf/proto/table_unmarshal.go
deleted file mode 100644
index acee2fc52..000000000
--- a/vendor/github.com/golang/protobuf/proto/table_unmarshal.go
+++ /dev/null
@@ -1,2053 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2016 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"math"
-	"reflect"
-	"strconv"
-	"strings"
-	"sync"
-	"sync/atomic"
-	"unicode/utf8"
-)
-
-// Unmarshal is the entry point from the generated .pb.go files.
-// This function is not intended to be used by non-generated code.
-// This function is not subject to any compatibility guarantee.
-// msg contains a pointer to a protocol buffer struct.
-// b is the data to be unmarshaled into the protocol buffer.
-// a is a pointer to a place to store cached unmarshal information.
-func (a *InternalMessageInfo) Unmarshal(msg Message, b []byte) error {
-	// Load the unmarshal information for this message type.
-	// The atomic load ensures memory consistency.
-	u := atomicLoadUnmarshalInfo(&a.unmarshal)
-	if u == nil {
-		// Slow path: find unmarshal info for msg, update a with it.
-		u = getUnmarshalInfo(reflect.TypeOf(msg).Elem())
-		atomicStoreUnmarshalInfo(&a.unmarshal, u)
-	}
-	// Then do the unmarshaling.
-	err := u.unmarshal(toPointer(&msg), b)
-	return err
-}
-
-type unmarshalInfo struct {
-	typ reflect.Type // type of the protobuf struct
-
-	// 0 = only typ field is initialized
-	// 1 = completely initialized
-	initialized     int32
-	lock            sync.Mutex                    // prevents double initialization
-	dense           []unmarshalFieldInfo          // fields indexed by tag #
-	sparse          map[uint64]unmarshalFieldInfo // fields indexed by tag #
-	reqFields       []string                      // names of required fields
-	reqMask         uint64                        // 1<<len(reqFields)-1
-	unrecognized    field                         // offset of []byte to put unrecognized data (or invalidField if we should throw it away)
-	extensions      field                         // offset of extensions field (of type proto.XXX_InternalExtensions), or invalidField if it does not exist
-	oldExtensions   field                         // offset of old-form extensions field (of type map[int]Extension)
-	extensionRanges []ExtensionRange              // if non-nil, implies extensions field is valid
-	isMessageSet    bool                          // if true, implies extensions field is valid
-}
-
-// An unmarshaler takes a stream of bytes and a pointer to a field of a message.
-// It decodes the field, stores it at f, and returns the unused bytes.
-// w is the wire encoding.
-// b is the data after the tag and wire encoding have been read.
-type unmarshaler func(b []byte, f pointer, w int) ([]byte, error)
-
-type unmarshalFieldInfo struct {
-	// location of the field in the proto message structure.
-	field field
-
-	// function to unmarshal the data for the field.
-	unmarshal unmarshaler
-
-	// if a required field, contains a single set bit at this field's index in the required field list.
-	reqMask uint64
-
-	name string // name of the field, for error reporting
-}
-
-var (
-	unmarshalInfoMap  = map[reflect.Type]*unmarshalInfo{}
-	unmarshalInfoLock sync.Mutex
-)
-
-// getUnmarshalInfo returns the data structure which can be
-// subsequently used to unmarshal a message of the given type.
-// t is the type of the message (note: not pointer to message).
-func getUnmarshalInfo(t reflect.Type) *unmarshalInfo {
-	// It would be correct to return a new unmarshalInfo
-	// unconditionally. We would end up allocating one
-	// per occurrence of that type as a message or submessage.
-	// We use a cache here just to reduce memory usage.
-	unmarshalInfoLock.Lock()
-	defer unmarshalInfoLock.Unlock()
-	u := unmarshalInfoMap[t]
-	if u == nil {
-		u = &unmarshalInfo{typ: t}
-		// Note: we just set the type here. The rest of the fields
-		// will be initialized on first use.
-		unmarshalInfoMap[t] = u
-	}
-	return u
-}
-
-// unmarshal does the main work of unmarshaling a message.
-// u provides type information used to unmarshal the message.
-// m is a pointer to a protocol buffer message.
-// b is a byte stream to unmarshal into m.
-// This is top routine used when recursively unmarshaling submessages.
-func (u *unmarshalInfo) unmarshal(m pointer, b []byte) error {
-	if atomic.LoadInt32(&u.initialized) == 0 {
-		u.computeUnmarshalInfo()
-	}
-	if u.isMessageSet {
-		return unmarshalMessageSet(b, m.offset(u.extensions).toExtensions())
-	}
-	var reqMask uint64 // bitmask of required fields we've seen.
-	var errLater error
-	for len(b) > 0 {
-		// Read tag and wire type.
-		// Special case 1 and 2 byte varints.
-		var x uint64
-		if b[0] < 128 {
-			x = uint64(b[0])
-			b = b[1:]
-		} else if len(b) >= 2 && b[1] < 128 {
-			x = uint64(b[0]&0x7f) + uint64(b[1])<<7
-			b = b[2:]
-		} else {
-			var n int
-			x, n = decodeVarint(b)
-			if n == 0 {
-				return io.ErrUnexpectedEOF
-			}
-			b = b[n:]
-		}
-		tag := x >> 3
-		wire := int(x) & 7
-
-		// Dispatch on the tag to one of the unmarshal* functions below.
-		var f unmarshalFieldInfo
-		if tag < uint64(len(u.dense)) {
-			f = u.dense[tag]
-		} else {
-			f = u.sparse[tag]
-		}
-		if fn := f.unmarshal; fn != nil {
-			var err error
-			b, err = fn(b, m.offset(f.field), wire)
-			if err == nil {
-				reqMask |= f.reqMask
-				continue
-			}
-			if r, ok := err.(*RequiredNotSetError); ok {
-				// Remember this error, but keep parsing. We need to produce
-				// a full parse even if a required field is missing.
-				if errLater == nil {
-					errLater = r
-				}
-				reqMask |= f.reqMask
-				continue
-			}
-			if err != errInternalBadWireType {
-				if err == errInvalidUTF8 {
-					if errLater == nil {
-						fullName := revProtoTypes[reflect.PtrTo(u.typ)] + "." + f.name
-						errLater = &invalidUTF8Error{fullName}
-					}
-					continue
-				}
-				return err
-			}
-			// Fragments with bad wire type are treated as unknown fields.
-		}
-
-		// Unknown tag.
-		if !u.unrecognized.IsValid() {
-			// Don't keep unrecognized data; just skip it.
-			var err error
-			b, err = skipField(b, wire)
-			if err != nil {
-				return err
-			}
-			continue
-		}
-		// Keep unrecognized data around.
-		// maybe in extensions, maybe in the unrecognized field.
-		z := m.offset(u.unrecognized).toBytes()
-		var emap map[int32]Extension
-		var e Extension
-		for _, r := range u.extensionRanges {
-			if uint64(r.Start) <= tag && tag <= uint64(r.End) {
-				if u.extensions.IsValid() {
-					mp := m.offset(u.extensions).toExtensions()
-					emap = mp.extensionsWrite()
-					e = emap[int32(tag)]
-					z = &e.enc
-					break
-				}
-				if u.oldExtensions.IsValid() {
-					p := m.offset(u.oldExtensions).toOldExtensions()
-					emap = *p
-					if emap == nil {
-						emap = map[int32]Extension{}
-						*p = emap
-					}
-					e = emap[int32(tag)]
-					z = &e.enc
-					break
-				}
-				panic("no extensions field available")
-			}
-		}
-
-		// Use wire type to skip data.
-		var err error
-		b0 := b
-		b, err = skipField(b, wire)
-		if err != nil {
-			return err
-		}
-		*z = encodeVarint(*z, tag<<3|uint64(wire))
-		*z = append(*z, b0[:len(b0)-len(b)]...)
-
-		if emap != nil {
-			emap[int32(tag)] = e
-		}
-	}
-	if reqMask != u.reqMask && errLater == nil {
-		// A required field of this message is missing.
-		for _, n := range u.reqFields {
-			if reqMask&1 == 0 {
-				errLater = &RequiredNotSetError{n}
-			}
-			reqMask >>= 1
-		}
-	}
-	return errLater
-}
-
-// computeUnmarshalInfo fills in u with information for use
-// in unmarshaling protocol buffers of type u.typ.
-func (u *unmarshalInfo) computeUnmarshalInfo() {
-	u.lock.Lock()
-	defer u.lock.Unlock()
-	if u.initialized != 0 {
-		return
-	}
-	t := u.typ
-	n := t.NumField()
-
-	// Set up the "not found" value for the unrecognized byte buffer.
-	// This is the default for proto3.
-	u.unrecognized = invalidField
-	u.extensions = invalidField
-	u.oldExtensions = invalidField
-
-	// List of the generated type and offset for each oneof field.
-	type oneofField struct {
-		ityp  reflect.Type // interface type of oneof field
-		field field        // offset in containing message
-	}
-	var oneofFields []oneofField
-
-	for i := 0; i < n; i++ {
-		f := t.Field(i)
-		if f.Name == "XXX_unrecognized" {
-			// The byte slice used to hold unrecognized input is special.
-			if f.Type != reflect.TypeOf(([]byte)(nil)) {
-				panic("bad type for XXX_unrecognized field: " + f.Type.Name())
-			}
-			u.unrecognized = toField(&f)
-			continue
-		}
-		if f.Name == "XXX_InternalExtensions" {
-			// Ditto here.
-			if f.Type != reflect.TypeOf(XXX_InternalExtensions{}) {
-				panic("bad type for XXX_InternalExtensions field: " + f.Type.Name())
-			}
-			u.extensions = toField(&f)
-			if f.Tag.Get("protobuf_messageset") == "1" {
-				u.isMessageSet = true
-			}
-			continue
-		}
-		if f.Name == "XXX_extensions" {
-			// An older form of the extensions field.
-			if f.Type != reflect.TypeOf((map[int32]Extension)(nil)) {
-				panic("bad type for XXX_extensions field: " + f.Type.Name())
-			}
-			u.oldExtensions = toField(&f)
-			continue
-		}
-		if f.Name == "XXX_NoUnkeyedLiteral" || f.Name == "XXX_sizecache" {
-			continue
-		}
-
-		oneof := f.Tag.Get("protobuf_oneof")
-		if oneof != "" {
-			oneofFields = append(oneofFields, oneofField{f.Type, toField(&f)})
-			// The rest of oneof processing happens below.
-			continue
-		}
-
-		tags := f.Tag.Get("protobuf")
-		tagArray := strings.Split(tags, ",")
-		if len(tagArray) < 2 {
-			panic("protobuf tag not enough fields in " + t.Name() + "." + f.Name + ": " + tags)
-		}
-		tag, err := strconv.Atoi(tagArray[1])
-		if err != nil {
-			panic("protobuf tag field not an integer: " + tagArray[1])
-		}
-
-		name := ""
-		for _, tag := range tagArray[3:] {
-			if strings.HasPrefix(tag, "name=") {
-				name = tag[5:]
-			}
-		}
-
-		// Extract unmarshaling function from the field (its type and tags).
-		unmarshal := fieldUnmarshaler(&f)
-
-		// Required field?
-		var reqMask uint64
-		if tagArray[2] == "req" {
-			bit := len(u.reqFields)
-			u.reqFields = append(u.reqFields, name)
-			reqMask = uint64(1) << uint(bit)
-			// TODO: if we have more than 64 required fields, we end up
-			// not verifying that all required fields are present.
-			// Fix this, perhaps using a count of required fields?
-		}
-
-		// Store the info in the correct slot in the message.
-		u.setTag(tag, toField(&f), unmarshal, reqMask, name)
-	}
-
-	// Find any types associated with oneof fields.
-	var oneofImplementers []interface{}
-	switch m := reflect.Zero(reflect.PtrTo(t)).Interface().(type) {
-	case oneofFuncsIface:
-		_, _, _, oneofImplementers = m.XXX_OneofFuncs()
-	case oneofWrappersIface:
-		oneofImplementers = m.XXX_OneofWrappers()
-	}
-	for _, v := range oneofImplementers {
-		tptr := reflect.TypeOf(v) // *Msg_X
-		typ := tptr.Elem()        // Msg_X
-
-		f := typ.Field(0) // oneof implementers have one field
-		baseUnmarshal := fieldUnmarshaler(&f)
-		tags := strings.Split(f.Tag.Get("protobuf"), ",")
-		fieldNum, err := strconv.Atoi(tags[1])
-		if err != nil {
-			panic("protobuf tag field not an integer: " + tags[1])
-		}
-		var name string
-		for _, tag := range tags {
-			if strings.HasPrefix(tag, "name=") {
-				name = strings.TrimPrefix(tag, "name=")
-				break
-			}
-		}
-
-		// Find the oneof field that this struct implements.
-		// Might take O(n^2) to process all of the oneofs, but who cares.
-		for _, of := range oneofFields {
-			if tptr.Implements(of.ityp) {
-				// We have found the corresponding interface for this struct.
-				// That lets us know where this struct should be stored
-				// when we encounter it during unmarshaling.
-				unmarshal := makeUnmarshalOneof(typ, of.ityp, baseUnmarshal)
-				u.setTag(fieldNum, of.field, unmarshal, 0, name)
-			}
-		}
-
-	}
-
-	// Get extension ranges, if any.
-	fn := reflect.Zero(reflect.PtrTo(t)).MethodByName("ExtensionRangeArray")
-	if fn.IsValid() {
-		if !u.extensions.IsValid() && !u.oldExtensions.IsValid() {
-			panic("a message with extensions, but no extensions field in " + t.Name())
-		}
-		u.extensionRanges = fn.Call(nil)[0].Interface().([]ExtensionRange)
-	}
-
-	// Explicitly disallow tag 0. This will ensure we flag an error
-	// when decoding a buffer of all zeros. Without this code, we
-	// would decode and skip an all-zero buffer of even length.
-	// [0 0] is [tag=0/wiretype=varint varint-encoded-0].
-	u.setTag(0, zeroField, func(b []byte, f pointer, w int) ([]byte, error) {
-		return nil, fmt.Errorf("proto: %s: illegal tag 0 (wire type %d)", t, w)
-	}, 0, "")
-
-	// Set mask for required field check.
-	u.reqMask = uint64(1)<<uint(len(u.reqFields)) - 1
-
-	atomic.StoreInt32(&u.initialized, 1)
-}
-
-// setTag stores the unmarshal information for the given tag.
-// tag = tag # for field
-// field/unmarshal = unmarshal info for that field.
-// reqMask = if required, bitmask for field position in required field list. 0 otherwise.
-// name = short name of the field.
-func (u *unmarshalInfo) setTag(tag int, field field, unmarshal unmarshaler, reqMask uint64, name string) {
-	i := unmarshalFieldInfo{field: field, unmarshal: unmarshal, reqMask: reqMask, name: name}
-	n := u.typ.NumField()
-	if tag >= 0 && (tag < 16 || tag < 2*n) { // TODO: what are the right numbers here?
-		for len(u.dense) <= tag {
-			u.dense = append(u.dense, unmarshalFieldInfo{})
-		}
-		u.dense[tag] = i
-		return
-	}
-	if u.sparse == nil {
-		u.sparse = map[uint64]unmarshalFieldInfo{}
-	}
-	u.sparse[uint64(tag)] = i
-}
-
-// fieldUnmarshaler returns an unmarshaler for the given field.
-func fieldUnmarshaler(f *reflect.StructField) unmarshaler {
-	if f.Type.Kind() == reflect.Map {
-		return makeUnmarshalMap(f)
-	}
-	return typeUnmarshaler(f.Type, f.Tag.Get("protobuf"))
-}
-
-// typeUnmarshaler returns an unmarshaler for the given field type / field tag pair.
-func typeUnmarshaler(t reflect.Type, tags string) unmarshaler {
-	tagArray := strings.Split(tags, ",")
-	encoding := tagArray[0]
-	name := "unknown"
-	proto3 := false
-	validateUTF8 := true
-	for _, tag := range tagArray[3:] {
-		if strings.HasPrefix(tag, "name=") {
-			name = tag[5:]
-		}
-		if tag == "proto3" {
-			proto3 = true
-		}
-	}
-	validateUTF8 = validateUTF8 && proto3
-
-	// Figure out packaging (pointer, slice, or both)
-	slice := false
-	pointer := false
-	if t.Kind() == reflect.Slice && t.Elem().Kind() != reflect.Uint8 {
-		slice = true
-		t = t.Elem()
-	}
-	if t.Kind() == reflect.Ptr {
-		pointer = true
-		t = t.Elem()
-	}
-
-	// We'll never have both pointer and slice for basic types.
-	if pointer && slice && t.Kind() != reflect.Struct {
-		panic("both pointer and slice for basic type in " + t.Name())
-	}
-
-	switch t.Kind() {
-	case reflect.Bool:
-		if pointer {
-			return unmarshalBoolPtr
-		}
-		if slice {
-			return unmarshalBoolSlice
-		}
-		return unmarshalBoolValue
-	case reflect.Int32:
-		switch encoding {
-		case "fixed32":
-			if pointer {
-				return unmarshalFixedS32Ptr
-			}
-			if slice {
-				return unmarshalFixedS32Slice
-			}
-			return unmarshalFixedS32Value
-		case "varint":
-			// this could be int32 or enum
-			if pointer {
-				return unmarshalInt32Ptr
-			}
-			if slice {
-				return unmarshalInt32Slice
-			}
-			return unmarshalInt32Value
-		case "zigzag32":
-			if pointer {
-				return unmarshalSint32Ptr
-			}
-			if slice {
-				return unmarshalSint32Slice
-			}
-			return unmarshalSint32Value
-		}
-	case reflect.Int64:
-		switch encoding {
-		case "fixed64":
-			if pointer {
-				return unmarshalFixedS64Ptr
-			}
-			if slice {
-				return unmarshalFixedS64Slice
-			}
-			return unmarshalFixedS64Value
-		case "varint":
-			if pointer {
-				return unmarshalInt64Ptr
-			}
-			if slice {
-				return unmarshalInt64Slice
-			}
-			return unmarshalInt64Value
-		case "zigzag64":
-			if pointer {
-				return unmarshalSint64Ptr
-			}
-			if slice {
-				return unmarshalSint64Slice
-			}
-			return unmarshalSint64Value
-		}
-	case reflect.Uint32:
-		switch encoding {
-		case "fixed32":
-			if pointer {
-				return unmarshalFixed32Ptr
-			}
-			if slice {
-				return unmarshalFixed32Slice
-			}
-			return unmarshalFixed32Value
-		case "varint":
-			if pointer {
-				return unmarshalUint32Ptr
-			}
-			if slice {
-				return unmarshalUint32Slice
-			}
-			return unmarshalUint32Value
-		}
-	case reflect.Uint64:
-		switch encoding {
-		case "fixed64":
-			if pointer {
-				return unmarshalFixed64Ptr
-			}
-			if slice {
-				return unmarshalFixed64Slice
-			}
-			return unmarshalFixed64Value
-		case "varint":
-			if pointer {
-				return unmarshalUint64Ptr
-			}
-			if slice {
-				return unmarshalUint64Slice
-			}
-			return unmarshalUint64Value
-		}
-	case reflect.Float32:
-		if pointer {
-			return unmarshalFloat32Ptr
-		}
-		if slice {
-			return unmarshalFloat32Slice
-		}
-		return unmarshalFloat32Value
-	case reflect.Float64:
-		if pointer {
-			return unmarshalFloat64Ptr
-		}
-		if slice {
-			return unmarshalFloat64Slice
-		}
-		return unmarshalFloat64Value
-	case reflect.Map:
-		panic("map type in typeUnmarshaler in " + t.Name())
-	case reflect.Slice:
-		if pointer {
-			panic("bad pointer in slice case in " + t.Name())
-		}
-		if slice {
-			return unmarshalBytesSlice
-		}
-		return unmarshalBytesValue
-	case reflect.String:
-		if validateUTF8 {
-			if pointer {
-				return unmarshalUTF8StringPtr
-			}
-			if slice {
-				return unmarshalUTF8StringSlice
-			}
-			return unmarshalUTF8StringValue
-		}
-		if pointer {
-			return unmarshalStringPtr
-		}
-		if slice {
-			return unmarshalStringSlice
-		}
-		return unmarshalStringValue
-	case reflect.Struct:
-		// message or group field
-		if !pointer {
-			panic(fmt.Sprintf("message/group field %s:%s without pointer", t, encoding))
-		}
-		switch encoding {
-		case "bytes":
-			if slice {
-				return makeUnmarshalMessageSlicePtr(getUnmarshalInfo(t), name)
-			}
-			return makeUnmarshalMessagePtr(getUnmarshalInfo(t), name)
-		case "group":
-			if slice {
-				return makeUnmarshalGroupSlicePtr(getUnmarshalInfo(t), name)
-			}
-			return makeUnmarshalGroupPtr(getUnmarshalInfo(t), name)
-		}
-	}
-	panic(fmt.Sprintf("unmarshaler not found type:%s encoding:%s", t, encoding))
-}
-
-// Below are all the unmarshalers for individual fields of various types.
-
-func unmarshalInt64Value(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := int64(x)
-	*f.toInt64() = v
-	return b, nil
-}
-
-func unmarshalInt64Ptr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := int64(x)
-	*f.toInt64Ptr() = &v
-	return b, nil
-}
-
-func unmarshalInt64Slice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			x, n = decodeVarint(b)
-			if n == 0 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			b = b[n:]
-			v := int64(x)
-			s := f.toInt64Slice()
-			*s = append(*s, v)
-		}
-		return res, nil
-	}
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := int64(x)
-	s := f.toInt64Slice()
-	*s = append(*s, v)
-	return b, nil
-}
-
-func unmarshalSint64Value(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := int64(x>>1) ^ int64(x)<<63>>63
-	*f.toInt64() = v
-	return b, nil
-}
-
-func unmarshalSint64Ptr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := int64(x>>1) ^ int64(x)<<63>>63
-	*f.toInt64Ptr() = &v
-	return b, nil
-}
-
-func unmarshalSint64Slice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			x, n = decodeVarint(b)
-			if n == 0 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			b = b[n:]
-			v := int64(x>>1) ^ int64(x)<<63>>63
-			s := f.toInt64Slice()
-			*s = append(*s, v)
-		}
-		return res, nil
-	}
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := int64(x>>1) ^ int64(x)<<63>>63
-	s := f.toInt64Slice()
-	*s = append(*s, v)
-	return b, nil
-}
-
-func unmarshalUint64Value(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := uint64(x)
-	*f.toUint64() = v
-	return b, nil
-}
-
-func unmarshalUint64Ptr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := uint64(x)
-	*f.toUint64Ptr() = &v
-	return b, nil
-}
-
-func unmarshalUint64Slice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			x, n = decodeVarint(b)
-			if n == 0 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			b = b[n:]
-			v := uint64(x)
-			s := f.toUint64Slice()
-			*s = append(*s, v)
-		}
-		return res, nil
-	}
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := uint64(x)
-	s := f.toUint64Slice()
-	*s = append(*s, v)
-	return b, nil
-}
-
-func unmarshalInt32Value(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := int32(x)
-	*f.toInt32() = v
-	return b, nil
-}
-
-func unmarshalInt32Ptr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := int32(x)
-	f.setInt32Ptr(v)
-	return b, nil
-}
-
-func unmarshalInt32Slice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			x, n = decodeVarint(b)
-			if n == 0 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			b = b[n:]
-			v := int32(x)
-			f.appendInt32Slice(v)
-		}
-		return res, nil
-	}
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := int32(x)
-	f.appendInt32Slice(v)
-	return b, nil
-}
-
-func unmarshalSint32Value(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := int32(x>>1) ^ int32(x)<<31>>31
-	*f.toInt32() = v
-	return b, nil
-}
-
-func unmarshalSint32Ptr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := int32(x>>1) ^ int32(x)<<31>>31
-	f.setInt32Ptr(v)
-	return b, nil
-}
-
-func unmarshalSint32Slice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			x, n = decodeVarint(b)
-			if n == 0 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			b = b[n:]
-			v := int32(x>>1) ^ int32(x)<<31>>31
-			f.appendInt32Slice(v)
-		}
-		return res, nil
-	}
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := int32(x>>1) ^ int32(x)<<31>>31
-	f.appendInt32Slice(v)
-	return b, nil
-}
-
-func unmarshalUint32Value(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := uint32(x)
-	*f.toUint32() = v
-	return b, nil
-}
-
-func unmarshalUint32Ptr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := uint32(x)
-	*f.toUint32Ptr() = &v
-	return b, nil
-}
-
-func unmarshalUint32Slice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			x, n = decodeVarint(b)
-			if n == 0 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			b = b[n:]
-			v := uint32(x)
-			s := f.toUint32Slice()
-			*s = append(*s, v)
-		}
-		return res, nil
-	}
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	v := uint32(x)
-	s := f.toUint32Slice()
-	*s = append(*s, v)
-	return b, nil
-}
-
-func unmarshalFixed64Value(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireFixed64 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 8 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
-	*f.toUint64() = v
-	return b[8:], nil
-}
-
-func unmarshalFixed64Ptr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireFixed64 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 8 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
-	*f.toUint64Ptr() = &v
-	return b[8:], nil
-}
-
-func unmarshalFixed64Slice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			if len(b) < 8 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			v := uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
-			s := f.toUint64Slice()
-			*s = append(*s, v)
-			b = b[8:]
-		}
-		return res, nil
-	}
-	if w != WireFixed64 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 8 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
-	s := f.toUint64Slice()
-	*s = append(*s, v)
-	return b[8:], nil
-}
-
-func unmarshalFixedS64Value(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireFixed64 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 8 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := int64(b[0]) | int64(b[1])<<8 | int64(b[2])<<16 | int64(b[3])<<24 | int64(b[4])<<32 | int64(b[5])<<40 | int64(b[6])<<48 | int64(b[7])<<56
-	*f.toInt64() = v
-	return b[8:], nil
-}
-
-func unmarshalFixedS64Ptr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireFixed64 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 8 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := int64(b[0]) | int64(b[1])<<8 | int64(b[2])<<16 | int64(b[3])<<24 | int64(b[4])<<32 | int64(b[5])<<40 | int64(b[6])<<48 | int64(b[7])<<56
-	*f.toInt64Ptr() = &v
-	return b[8:], nil
-}
-
-func unmarshalFixedS64Slice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			if len(b) < 8 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			v := int64(b[0]) | int64(b[1])<<8 | int64(b[2])<<16 | int64(b[3])<<24 | int64(b[4])<<32 | int64(b[5])<<40 | int64(b[6])<<48 | int64(b[7])<<56
-			s := f.toInt64Slice()
-			*s = append(*s, v)
-			b = b[8:]
-		}
-		return res, nil
-	}
-	if w != WireFixed64 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 8 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := int64(b[0]) | int64(b[1])<<8 | int64(b[2])<<16 | int64(b[3])<<24 | int64(b[4])<<32 | int64(b[5])<<40 | int64(b[6])<<48 | int64(b[7])<<56
-	s := f.toInt64Slice()
-	*s = append(*s, v)
-	return b[8:], nil
-}
-
-func unmarshalFixed32Value(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireFixed32 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 4 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
-	*f.toUint32() = v
-	return b[4:], nil
-}
-
-func unmarshalFixed32Ptr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireFixed32 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 4 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
-	*f.toUint32Ptr() = &v
-	return b[4:], nil
-}
-
-func unmarshalFixed32Slice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			if len(b) < 4 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
-			s := f.toUint32Slice()
-			*s = append(*s, v)
-			b = b[4:]
-		}
-		return res, nil
-	}
-	if w != WireFixed32 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 4 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
-	s := f.toUint32Slice()
-	*s = append(*s, v)
-	return b[4:], nil
-}
-
-func unmarshalFixedS32Value(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireFixed32 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 4 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := int32(b[0]) | int32(b[1])<<8 | int32(b[2])<<16 | int32(b[3])<<24
-	*f.toInt32() = v
-	return b[4:], nil
-}
-
-func unmarshalFixedS32Ptr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireFixed32 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 4 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := int32(b[0]) | int32(b[1])<<8 | int32(b[2])<<16 | int32(b[3])<<24
-	f.setInt32Ptr(v)
-	return b[4:], nil
-}
-
-func unmarshalFixedS32Slice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			if len(b) < 4 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			v := int32(b[0]) | int32(b[1])<<8 | int32(b[2])<<16 | int32(b[3])<<24
-			f.appendInt32Slice(v)
-			b = b[4:]
-		}
-		return res, nil
-	}
-	if w != WireFixed32 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 4 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := int32(b[0]) | int32(b[1])<<8 | int32(b[2])<<16 | int32(b[3])<<24
-	f.appendInt32Slice(v)
-	return b[4:], nil
-}
-
-func unmarshalBoolValue(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	// Note: any length varint is allowed, even though any sane
-	// encoder will use one byte.
-	// See https://github.com/golang/protobuf/issues/76
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	// TODO: check if x>1? Tests seem to indicate no.
-	v := x != 0
-	*f.toBool() = v
-	return b[n:], nil
-}
-
-func unmarshalBoolPtr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := x != 0
-	*f.toBoolPtr() = &v
-	return b[n:], nil
-}
-
-func unmarshalBoolSlice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			x, n = decodeVarint(b)
-			if n == 0 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			v := x != 0
-			s := f.toBoolSlice()
-			*s = append(*s, v)
-			b = b[n:]
-		}
-		return res, nil
-	}
-	if w != WireVarint {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := x != 0
-	s := f.toBoolSlice()
-	*s = append(*s, v)
-	return b[n:], nil
-}
-
-func unmarshalFloat64Value(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireFixed64 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 8 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := math.Float64frombits(uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56)
-	*f.toFloat64() = v
-	return b[8:], nil
-}
-
-func unmarshalFloat64Ptr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireFixed64 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 8 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := math.Float64frombits(uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56)
-	*f.toFloat64Ptr() = &v
-	return b[8:], nil
-}
-
-func unmarshalFloat64Slice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			if len(b) < 8 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			v := math.Float64frombits(uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56)
-			s := f.toFloat64Slice()
-			*s = append(*s, v)
-			b = b[8:]
-		}
-		return res, nil
-	}
-	if w != WireFixed64 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 8 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := math.Float64frombits(uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 | uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56)
-	s := f.toFloat64Slice()
-	*s = append(*s, v)
-	return b[8:], nil
-}
-
-func unmarshalFloat32Value(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireFixed32 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 4 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := math.Float32frombits(uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24)
-	*f.toFloat32() = v
-	return b[4:], nil
-}
-
-func unmarshalFloat32Ptr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireFixed32 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 4 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := math.Float32frombits(uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24)
-	*f.toFloat32Ptr() = &v
-	return b[4:], nil
-}
-
-func unmarshalFloat32Slice(b []byte, f pointer, w int) ([]byte, error) {
-	if w == WireBytes { // packed
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		res := b[x:]
-		b = b[:x]
-		for len(b) > 0 {
-			if len(b) < 4 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			v := math.Float32frombits(uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24)
-			s := f.toFloat32Slice()
-			*s = append(*s, v)
-			b = b[4:]
-		}
-		return res, nil
-	}
-	if w != WireFixed32 {
-		return b, errInternalBadWireType
-	}
-	if len(b) < 4 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := math.Float32frombits(uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24)
-	s := f.toFloat32Slice()
-	*s = append(*s, v)
-	return b[4:], nil
-}
-
-func unmarshalStringValue(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireBytes {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	if x > uint64(len(b)) {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := string(b[:x])
-	*f.toString() = v
-	return b[x:], nil
-}
-
-func unmarshalStringPtr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireBytes {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	if x > uint64(len(b)) {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := string(b[:x])
-	*f.toStringPtr() = &v
-	return b[x:], nil
-}
-
-func unmarshalStringSlice(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireBytes {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	if x > uint64(len(b)) {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := string(b[:x])
-	s := f.toStringSlice()
-	*s = append(*s, v)
-	return b[x:], nil
-}
-
-func unmarshalUTF8StringValue(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireBytes {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	if x > uint64(len(b)) {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := string(b[:x])
-	*f.toString() = v
-	if !utf8.ValidString(v) {
-		return b[x:], errInvalidUTF8
-	}
-	return b[x:], nil
-}
-
-func unmarshalUTF8StringPtr(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireBytes {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	if x > uint64(len(b)) {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := string(b[:x])
-	*f.toStringPtr() = &v
-	if !utf8.ValidString(v) {
-		return b[x:], errInvalidUTF8
-	}
-	return b[x:], nil
-}
-
-func unmarshalUTF8StringSlice(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireBytes {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	if x > uint64(len(b)) {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := string(b[:x])
-	s := f.toStringSlice()
-	*s = append(*s, v)
-	if !utf8.ValidString(v) {
-		return b[x:], errInvalidUTF8
-	}
-	return b[x:], nil
-}
-
-var emptyBuf [0]byte
-
-func unmarshalBytesValue(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireBytes {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	if x > uint64(len(b)) {
-		return nil, io.ErrUnexpectedEOF
-	}
-	// The use of append here is a trick which avoids the zeroing
-	// that would be required if we used a make/copy pair.
-	// We append to emptyBuf instead of nil because we want
-	// a non-nil result even when the length is 0.
-	v := append(emptyBuf[:], b[:x]...)
-	*f.toBytes() = v
-	return b[x:], nil
-}
-
-func unmarshalBytesSlice(b []byte, f pointer, w int) ([]byte, error) {
-	if w != WireBytes {
-		return b, errInternalBadWireType
-	}
-	x, n := decodeVarint(b)
-	if n == 0 {
-		return nil, io.ErrUnexpectedEOF
-	}
-	b = b[n:]
-	if x > uint64(len(b)) {
-		return nil, io.ErrUnexpectedEOF
-	}
-	v := append(emptyBuf[:], b[:x]...)
-	s := f.toBytesSlice()
-	*s = append(*s, v)
-	return b[x:], nil
-}
-
-func makeUnmarshalMessagePtr(sub *unmarshalInfo, name string) unmarshaler {
-	return func(b []byte, f pointer, w int) ([]byte, error) {
-		if w != WireBytes {
-			return b, errInternalBadWireType
-		}
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		// First read the message field to see if something is there.
-		// The semantics of multiple submessages are weird.  Instead of
-		// the last one winning (as it is for all other fields), multiple
-		// submessages are merged.
-		v := f.getPointer()
-		if v.isNil() {
-			v = valToPointer(reflect.New(sub.typ))
-			f.setPointer(v)
-		}
-		err := sub.unmarshal(v, b[:x])
-		if err != nil {
-			if r, ok := err.(*RequiredNotSetError); ok {
-				r.field = name + "." + r.field
-			} else {
-				return nil, err
-			}
-		}
-		return b[x:], err
-	}
-}
-
-func makeUnmarshalMessageSlicePtr(sub *unmarshalInfo, name string) unmarshaler {
-	return func(b []byte, f pointer, w int) ([]byte, error) {
-		if w != WireBytes {
-			return b, errInternalBadWireType
-		}
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		v := valToPointer(reflect.New(sub.typ))
-		err := sub.unmarshal(v, b[:x])
-		if err != nil {
-			if r, ok := err.(*RequiredNotSetError); ok {
-				r.field = name + "." + r.field
-			} else {
-				return nil, err
-			}
-		}
-		f.appendPointer(v)
-		return b[x:], err
-	}
-}
-
-func makeUnmarshalGroupPtr(sub *unmarshalInfo, name string) unmarshaler {
-	return func(b []byte, f pointer, w int) ([]byte, error) {
-		if w != WireStartGroup {
-			return b, errInternalBadWireType
-		}
-		x, y := findEndGroup(b)
-		if x < 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		v := f.getPointer()
-		if v.isNil() {
-			v = valToPointer(reflect.New(sub.typ))
-			f.setPointer(v)
-		}
-		err := sub.unmarshal(v, b[:x])
-		if err != nil {
-			if r, ok := err.(*RequiredNotSetError); ok {
-				r.field = name + "." + r.field
-			} else {
-				return nil, err
-			}
-		}
-		return b[y:], err
-	}
-}
-
-func makeUnmarshalGroupSlicePtr(sub *unmarshalInfo, name string) unmarshaler {
-	return func(b []byte, f pointer, w int) ([]byte, error) {
-		if w != WireStartGroup {
-			return b, errInternalBadWireType
-		}
-		x, y := findEndGroup(b)
-		if x < 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		v := valToPointer(reflect.New(sub.typ))
-		err := sub.unmarshal(v, b[:x])
-		if err != nil {
-			if r, ok := err.(*RequiredNotSetError); ok {
-				r.field = name + "." + r.field
-			} else {
-				return nil, err
-			}
-		}
-		f.appendPointer(v)
-		return b[y:], err
-	}
-}
-
-func makeUnmarshalMap(f *reflect.StructField) unmarshaler {
-	t := f.Type
-	kt := t.Key()
-	vt := t.Elem()
-	unmarshalKey := typeUnmarshaler(kt, f.Tag.Get("protobuf_key"))
-	unmarshalVal := typeUnmarshaler(vt, f.Tag.Get("protobuf_val"))
-	return func(b []byte, f pointer, w int) ([]byte, error) {
-		// The map entry is a submessage. Figure out how big it is.
-		if w != WireBytes {
-			return nil, fmt.Errorf("proto: bad wiretype for map field: got %d want %d", w, WireBytes)
-		}
-		x, n := decodeVarint(b)
-		if n == 0 {
-			return nil, io.ErrUnexpectedEOF
-		}
-		b = b[n:]
-		if x > uint64(len(b)) {
-			return nil, io.ErrUnexpectedEOF
-		}
-		r := b[x:] // unused data to return
-		b = b[:x]  // data for map entry
-
-		// Note: we could use #keys * #values ~= 200 functions
-		// to do map decoding without reflection. Probably not worth it.
-		// Maps will be somewhat slow. Oh well.
-
-		// Read key and value from data.
-		var nerr nonFatal
-		k := reflect.New(kt)
-		v := reflect.New(vt)
-		for len(b) > 0 {
-			x, n := decodeVarint(b)
-			if n == 0 {
-				return nil, io.ErrUnexpectedEOF
-			}
-			wire := int(x) & 7
-			b = b[n:]
-
-			var err error
-			switch x >> 3 {
-			case 1:
-				b, err = unmarshalKey(b, valToPointer(k), wire)
-			case 2:
-				b, err = unmarshalVal(b, valToPointer(v), wire)
-			default:
-				err = errInternalBadWireType // skip unknown tag
-			}
-
-			if nerr.Merge(err) {
-				continue
-			}
-			if err != errInternalBadWireType {
-				return nil, err
-			}
-
-			// Skip past unknown fields.
-			b, err = skipField(b, wire)
-			if err != nil {
-				return nil, err
-			}
-		}
-
-		// Get map, allocate if needed.
-		m := f.asPointerTo(t).Elem() // an addressable map[K]T
-		if m.IsNil() {
-			m.Set(reflect.MakeMap(t))
-		}
-
-		// Insert into map.
-		m.SetMapIndex(k.Elem(), v.Elem())
-
-		return r, nerr.E
-	}
-}
-
-// makeUnmarshalOneof makes an unmarshaler for oneof fields.
-// for:
-// message Msg {
-//   oneof F {
-//     int64 X = 1;
-//     float64 Y = 2;
-//   }
-// }
-// typ is the type of the concrete entry for a oneof case (e.g. Msg_X).
-// ityp is the interface type of the oneof field (e.g. isMsg_F).
-// unmarshal is the unmarshaler for the base type of the oneof case (e.g. int64).
-// Note that this function will be called once for each case in the oneof.
-func makeUnmarshalOneof(typ, ityp reflect.Type, unmarshal unmarshaler) unmarshaler {
-	sf := typ.Field(0)
-	field0 := toField(&sf)
-	return func(b []byte, f pointer, w int) ([]byte, error) {
-		// Allocate holder for value.
-		v := reflect.New(typ)
-
-		// Unmarshal data into holder.
-		// We unmarshal into the first field of the holder object.
-		var err error
-		var nerr nonFatal
-		b, err = unmarshal(b, valToPointer(v).offset(field0), w)
-		if !nerr.Merge(err) {
-			return nil, err
-		}
-
-		// Write pointer to holder into target field.
-		f.asPointerTo(ityp).Elem().Set(v)
-
-		return b, nerr.E
-	}
-}
-
-// Error used by decode internally.
-var errInternalBadWireType = errors.New("proto: internal error: bad wiretype")
-
-// skipField skips past a field of type wire and returns the remaining bytes.
-func skipField(b []byte, wire int) ([]byte, error) {
-	switch wire {
-	case WireVarint:
-		_, k := decodeVarint(b)
-		if k == 0 {
-			return b, io.ErrUnexpectedEOF
-		}
-		b = b[k:]
-	case WireFixed32:
-		if len(b) < 4 {
-			return b, io.ErrUnexpectedEOF
-		}
-		b = b[4:]
-	case WireFixed64:
-		if len(b) < 8 {
-			return b, io.ErrUnexpectedEOF
-		}
-		b = b[8:]
-	case WireBytes:
-		m, k := decodeVarint(b)
-		if k == 0 || uint64(len(b)-k) < m {
-			return b, io.ErrUnexpectedEOF
-		}
-		b = b[uint64(k)+m:]
-	case WireStartGroup:
-		_, i := findEndGroup(b)
-		if i == -1 {
-			return b, io.ErrUnexpectedEOF
-		}
-		b = b[i:]
-	default:
-		return b, fmt.Errorf("proto: can't skip unknown wire type %d", wire)
-	}
-	return b, nil
-}
-
-// findEndGroup finds the index of the next EndGroup tag.
-// Groups may be nested, so the "next" EndGroup tag is the first
-// unpaired EndGroup.
-// findEndGroup returns the indexes of the start and end of the EndGroup tag.
-// Returns (-1,-1) if it can't find one.
-func findEndGroup(b []byte) (int, int) {
-	depth := 1
-	i := 0
-	for {
-		x, n := decodeVarint(b[i:])
-		if n == 0 {
-			return -1, -1
-		}
-		j := i
-		i += n
-		switch x & 7 {
-		case WireVarint:
-			_, k := decodeVarint(b[i:])
-			if k == 0 {
-				return -1, -1
-			}
-			i += k
-		case WireFixed32:
-			if len(b)-4 < i {
-				return -1, -1
-			}
-			i += 4
-		case WireFixed64:
-			if len(b)-8 < i {
-				return -1, -1
-			}
-			i += 8
-		case WireBytes:
-			m, k := decodeVarint(b[i:])
-			if k == 0 {
-				return -1, -1
-			}
-			i += k
-			if uint64(len(b)-i) < m {
-				return -1, -1
-			}
-			i += int(m)
-		case WireStartGroup:
-			depth++
-		case WireEndGroup:
-			depth--
-			if depth == 0 {
-				return j, i
-			}
-		default:
-			return -1, -1
-		}
-	}
-}
-
-// encodeVarint appends a varint-encoded integer to b and returns the result.
-func encodeVarint(b []byte, x uint64) []byte {
-	for x >= 1<<7 {
-		b = append(b, byte(x&0x7f|0x80))
-		x >>= 7
-	}
-	return append(b, byte(x))
-}
-
-// decodeVarint reads a varint-encoded integer from b.
-// Returns the decoded integer and the number of bytes read.
-// If there is an error, it returns 0,0.
-func decodeVarint(b []byte) (uint64, int) {
-	var x, y uint64
-	if len(b) == 0 {
-		goto bad
-	}
-	x = uint64(b[0])
-	if x < 0x80 {
-		return x, 1
-	}
-	x -= 0x80
-
-	if len(b) <= 1 {
-		goto bad
-	}
-	y = uint64(b[1])
-	x += y << 7
-	if y < 0x80 {
-		return x, 2
-	}
-	x -= 0x80 << 7
-
-	if len(b) <= 2 {
-		goto bad
-	}
-	y = uint64(b[2])
-	x += y << 14
-	if y < 0x80 {
-		return x, 3
-	}
-	x -= 0x80 << 14
-
-	if len(b) <= 3 {
-		goto bad
-	}
-	y = uint64(b[3])
-	x += y << 21
-	if y < 0x80 {
-		return x, 4
-	}
-	x -= 0x80 << 21
-
-	if len(b) <= 4 {
-		goto bad
-	}
-	y = uint64(b[4])
-	x += y << 28
-	if y < 0x80 {
-		return x, 5
-	}
-	x -= 0x80 << 28
-
-	if len(b) <= 5 {
-		goto bad
-	}
-	y = uint64(b[5])
-	x += y << 35
-	if y < 0x80 {
-		return x, 6
-	}
-	x -= 0x80 << 35
-
-	if len(b) <= 6 {
-		goto bad
-	}
-	y = uint64(b[6])
-	x += y << 42
-	if y < 0x80 {
-		return x, 7
-	}
-	x -= 0x80 << 42
-
-	if len(b) <= 7 {
-		goto bad
-	}
-	y = uint64(b[7])
-	x += y << 49
-	if y < 0x80 {
-		return x, 8
-	}
-	x -= 0x80 << 49
-
-	if len(b) <= 8 {
-		goto bad
-	}
-	y = uint64(b[8])
-	x += y << 56
-	if y < 0x80 {
-		return x, 9
-	}
-	x -= 0x80 << 56
-
-	if len(b) <= 9 {
-		goto bad
-	}
-	y = uint64(b[9])
-	x += y << 63
-	if y < 2 {
-		return x, 10
-	}
-
-bad:
-	return 0, 0
-}
diff --git a/vendor/github.com/golang/protobuf/proto/text.go b/vendor/github.com/golang/protobuf/proto/text.go
deleted file mode 100644
index 1aaee725b..000000000
--- a/vendor/github.com/golang/protobuf/proto/text.go
+++ /dev/null
@@ -1,843 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-// Functions for writing the text protocol buffer format.
-
-import (
-	"bufio"
-	"bytes"
-	"encoding"
-	"errors"
-	"fmt"
-	"io"
-	"log"
-	"math"
-	"reflect"
-	"sort"
-	"strings"
-)
-
-var (
-	newline         = []byte("\n")
-	spaces          = []byte("                                        ")
-	endBraceNewline = []byte("}\n")
-	backslashN      = []byte{'\\', 'n'}
-	backslashR      = []byte{'\\', 'r'}
-	backslashT      = []byte{'\\', 't'}
-	backslashDQ     = []byte{'\\', '"'}
-	backslashBS     = []byte{'\\', '\\'}
-	posInf          = []byte("inf")
-	negInf          = []byte("-inf")
-	nan             = []byte("nan")
-)
-
-type writer interface {
-	io.Writer
-	WriteByte(byte) error
-}
-
-// textWriter is an io.Writer that tracks its indentation level.
-type textWriter struct {
-	ind      int
-	complete bool // if the current position is a complete line
-	compact  bool // whether to write out as a one-liner
-	w        writer
-}
-
-func (w *textWriter) WriteString(s string) (n int, err error) {
-	if !strings.Contains(s, "\n") {
-		if !w.compact && w.complete {
-			w.writeIndent()
-		}
-		w.complete = false
-		return io.WriteString(w.w, s)
-	}
-	// WriteString is typically called without newlines, so this
-	// codepath and its copy are rare.  We copy to avoid
-	// duplicating all of Write's logic here.
-	return w.Write([]byte(s))
-}
-
-func (w *textWriter) Write(p []byte) (n int, err error) {
-	newlines := bytes.Count(p, newline)
-	if newlines == 0 {
-		if !w.compact && w.complete {
-			w.writeIndent()
-		}
-		n, err = w.w.Write(p)
-		w.complete = false
-		return n, err
-	}
-
-	frags := bytes.SplitN(p, newline, newlines+1)
-	if w.compact {
-		for i, frag := range frags {
-			if i > 0 {
-				if err := w.w.WriteByte(' '); err != nil {
-					return n, err
-				}
-				n++
-			}
-			nn, err := w.w.Write(frag)
-			n += nn
-			if err != nil {
-				return n, err
-			}
-		}
-		return n, nil
-	}
-
-	for i, frag := range frags {
-		if w.complete {
-			w.writeIndent()
-		}
-		nn, err := w.w.Write(frag)
-		n += nn
-		if err != nil {
-			return n, err
-		}
-		if i+1 < len(frags) {
-			if err := w.w.WriteByte('\n'); err != nil {
-				return n, err
-			}
-			n++
-		}
-	}
-	w.complete = len(frags[len(frags)-1]) == 0
-	return n, nil
-}
-
-func (w *textWriter) WriteByte(c byte) error {
-	if w.compact && c == '\n' {
-		c = ' '
-	}
-	if !w.compact && w.complete {
-		w.writeIndent()
-	}
-	err := w.w.WriteByte(c)
-	w.complete = c == '\n'
-	return err
-}
-
-func (w *textWriter) indent() { w.ind++ }
-
-func (w *textWriter) unindent() {
-	if w.ind == 0 {
-		log.Print("proto: textWriter unindented too far")
-		return
-	}
-	w.ind--
-}
-
-func writeName(w *textWriter, props *Properties) error {
-	if _, err := w.WriteString(props.OrigName); err != nil {
-		return err
-	}
-	if props.Wire != "group" {
-		return w.WriteByte(':')
-	}
-	return nil
-}
-
-func requiresQuotes(u string) bool {
-	// When type URL contains any characters except [0-9A-Za-z./\-]*, it must be quoted.
-	for _, ch := range u {
-		switch {
-		case ch == '.' || ch == '/' || ch == '_':
-			continue
-		case '0' <= ch && ch <= '9':
-			continue
-		case 'A' <= ch && ch <= 'Z':
-			continue
-		case 'a' <= ch && ch <= 'z':
-			continue
-		default:
-			return true
-		}
-	}
-	return false
-}
-
-// isAny reports whether sv is a google.protobuf.Any message
-func isAny(sv reflect.Value) bool {
-	type wkt interface {
-		XXX_WellKnownType() string
-	}
-	t, ok := sv.Addr().Interface().(wkt)
-	return ok && t.XXX_WellKnownType() == "Any"
-}
-
-// writeProto3Any writes an expanded google.protobuf.Any message.
-//
-// It returns (false, nil) if sv value can't be unmarshaled (e.g. because
-// required messages are not linked in).
-//
-// It returns (true, error) when sv was written in expanded format or an error
-// was encountered.
-func (tm *TextMarshaler) writeProto3Any(w *textWriter, sv reflect.Value) (bool, error) {
-	turl := sv.FieldByName("TypeUrl")
-	val := sv.FieldByName("Value")
-	if !turl.IsValid() || !val.IsValid() {
-		return true, errors.New("proto: invalid google.protobuf.Any message")
-	}
-
-	b, ok := val.Interface().([]byte)
-	if !ok {
-		return true, errors.New("proto: invalid google.protobuf.Any message")
-	}
-
-	parts := strings.Split(turl.String(), "/")
-	mt := MessageType(parts[len(parts)-1])
-	if mt == nil {
-		return false, nil
-	}
-	m := reflect.New(mt.Elem())
-	if err := Unmarshal(b, m.Interface().(Message)); err != nil {
-		return false, nil
-	}
-	w.Write([]byte("["))
-	u := turl.String()
-	if requiresQuotes(u) {
-		writeString(w, u)
-	} else {
-		w.Write([]byte(u))
-	}
-	if w.compact {
-		w.Write([]byte("]:<"))
-	} else {
-		w.Write([]byte("]: <\n"))
-		w.ind++
-	}
-	if err := tm.writeStruct(w, m.Elem()); err != nil {
-		return true, err
-	}
-	if w.compact {
-		w.Write([]byte("> "))
-	} else {
-		w.ind--
-		w.Write([]byte(">\n"))
-	}
-	return true, nil
-}
-
-func (tm *TextMarshaler) writeStruct(w *textWriter, sv reflect.Value) error {
-	if tm.ExpandAny && isAny(sv) {
-		if canExpand, err := tm.writeProto3Any(w, sv); canExpand {
-			return err
-		}
-	}
-	st := sv.Type()
-	sprops := GetProperties(st)
-	for i := 0; i < sv.NumField(); i++ {
-		fv := sv.Field(i)
-		props := sprops.Prop[i]
-		name := st.Field(i).Name
-
-		if name == "XXX_NoUnkeyedLiteral" {
-			continue
-		}
-
-		if strings.HasPrefix(name, "XXX_") {
-			// There are two XXX_ fields:
-			//   XXX_unrecognized []byte
-			//   XXX_extensions   map[int32]proto.Extension
-			// The first is handled here;
-			// the second is handled at the bottom of this function.
-			if name == "XXX_unrecognized" && !fv.IsNil() {
-				if err := writeUnknownStruct(w, fv.Interface().([]byte)); err != nil {
-					return err
-				}
-			}
-			continue
-		}
-		if fv.Kind() == reflect.Ptr && fv.IsNil() {
-			// Field not filled in. This could be an optional field or
-			// a required field that wasn't filled in. Either way, there
-			// isn't anything we can show for it.
-			continue
-		}
-		if fv.Kind() == reflect.Slice && fv.IsNil() {
-			// Repeated field that is empty, or a bytes field that is unused.
-			continue
-		}
-
-		if props.Repeated && fv.Kind() == reflect.Slice {
-			// Repeated field.
-			for j := 0; j < fv.Len(); j++ {
-				if err := writeName(w, props); err != nil {
-					return err
-				}
-				if !w.compact {
-					if err := w.WriteByte(' '); err != nil {
-						return err
-					}
-				}
-				v := fv.Index(j)
-				if v.Kind() == reflect.Ptr && v.IsNil() {
-					// A nil message in a repeated field is not valid,
-					// but we can handle that more gracefully than panicking.
-					if _, err := w.Write([]byte("<nil>\n")); err != nil {
-						return err
-					}
-					continue
-				}
-				if err := tm.writeAny(w, v, props); err != nil {
-					return err
-				}
-				if err := w.WriteByte('\n'); err != nil {
-					return err
-				}
-			}
-			continue
-		}
-		if fv.Kind() == reflect.Map {
-			// Map fields are rendered as a repeated struct with key/value fields.
-			keys := fv.MapKeys()
-			sort.Sort(mapKeys(keys))
-			for _, key := range keys {
-				val := fv.MapIndex(key)
-				if err := writeName(w, props); err != nil {
-					return err
-				}
-				if !w.compact {
-					if err := w.WriteByte(' '); err != nil {
-						return err
-					}
-				}
-				// open struct
-				if err := w.WriteByte('<'); err != nil {
-					return err
-				}
-				if !w.compact {
-					if err := w.WriteByte('\n'); err != nil {
-						return err
-					}
-				}
-				w.indent()
-				// key
-				if _, err := w.WriteString("key:"); err != nil {
-					return err
-				}
-				if !w.compact {
-					if err := w.WriteByte(' '); err != nil {
-						return err
-					}
-				}
-				if err := tm.writeAny(w, key, props.MapKeyProp); err != nil {
-					return err
-				}
-				if err := w.WriteByte('\n'); err != nil {
-					return err
-				}
-				// nil values aren't legal, but we can avoid panicking because of them.
-				if val.Kind() != reflect.Ptr || !val.IsNil() {
-					// value
-					if _, err := w.WriteString("value:"); err != nil {
-						return err
-					}
-					if !w.compact {
-						if err := w.WriteByte(' '); err != nil {
-							return err
-						}
-					}
-					if err := tm.writeAny(w, val, props.MapValProp); err != nil {
-						return err
-					}
-					if err := w.WriteByte('\n'); err != nil {
-						return err
-					}
-				}
-				// close struct
-				w.unindent()
-				if err := w.WriteByte('>'); err != nil {
-					return err
-				}
-				if err := w.WriteByte('\n'); err != nil {
-					return err
-				}
-			}
-			continue
-		}
-		if props.proto3 && fv.Kind() == reflect.Slice && fv.Len() == 0 {
-			// empty bytes field
-			continue
-		}
-		if fv.Kind() != reflect.Ptr && fv.Kind() != reflect.Slice {
-			// proto3 non-repeated scalar field; skip if zero value
-			if isProto3Zero(fv) {
-				continue
-			}
-		}
-
-		if fv.Kind() == reflect.Interface {
-			// Check if it is a oneof.
-			if st.Field(i).Tag.Get("protobuf_oneof") != "" {
-				// fv is nil, or holds a pointer to generated struct.
-				// That generated struct has exactly one field,
-				// which has a protobuf struct tag.
-				if fv.IsNil() {
-					continue
-				}
-				inner := fv.Elem().Elem() // interface -> *T -> T
-				tag := inner.Type().Field(0).Tag.Get("protobuf")
-				props = new(Properties) // Overwrite the outer props var, but not its pointee.
-				props.Parse(tag)
-				// Write the value in the oneof, not the oneof itself.
-				fv = inner.Field(0)
-
-				// Special case to cope with malformed messages gracefully:
-				// If the value in the oneof is a nil pointer, don't panic
-				// in writeAny.
-				if fv.Kind() == reflect.Ptr && fv.IsNil() {
-					// Use errors.New so writeAny won't render quotes.
-					msg := errors.New("/* nil */")
-					fv = reflect.ValueOf(&msg).Elem()
-				}
-			}
-		}
-
-		if err := writeName(w, props); err != nil {
-			return err
-		}
-		if !w.compact {
-			if err := w.WriteByte(' '); err != nil {
-				return err
-			}
-		}
-
-		// Enums have a String method, so writeAny will work fine.
-		if err := tm.writeAny(w, fv, props); err != nil {
-			return err
-		}
-
-		if err := w.WriteByte('\n'); err != nil {
-			return err
-		}
-	}
-
-	// Extensions (the XXX_extensions field).
-	pv := sv.Addr()
-	if _, err := extendable(pv.Interface()); err == nil {
-		if err := tm.writeExtensions(w, pv); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// writeAny writes an arbitrary field.
-func (tm *TextMarshaler) writeAny(w *textWriter, v reflect.Value, props *Properties) error {
-	v = reflect.Indirect(v)
-
-	// Floats have special cases.
-	if v.Kind() == reflect.Float32 || v.Kind() == reflect.Float64 {
-		x := v.Float()
-		var b []byte
-		switch {
-		case math.IsInf(x, 1):
-			b = posInf
-		case math.IsInf(x, -1):
-			b = negInf
-		case math.IsNaN(x):
-			b = nan
-		}
-		if b != nil {
-			_, err := w.Write(b)
-			return err
-		}
-		// Other values are handled below.
-	}
-
-	// We don't attempt to serialise every possible value type; only those
-	// that can occur in protocol buffers.
-	switch v.Kind() {
-	case reflect.Slice:
-		// Should only be a []byte; repeated fields are handled in writeStruct.
-		if err := writeString(w, string(v.Bytes())); err != nil {
-			return err
-		}
-	case reflect.String:
-		if err := writeString(w, v.String()); err != nil {
-			return err
-		}
-	case reflect.Struct:
-		// Required/optional group/message.
-		var bra, ket byte = '<', '>'
-		if props != nil && props.Wire == "group" {
-			bra, ket = '{', '}'
-		}
-		if err := w.WriteByte(bra); err != nil {
-			return err
-		}
-		if !w.compact {
-			if err := w.WriteByte('\n'); err != nil {
-				return err
-			}
-		}
-		w.indent()
-		if v.CanAddr() {
-			// Calling v.Interface on a struct causes the reflect package to
-			// copy the entire struct. This is racy with the new Marshaler
-			// since we atomically update the XXX_sizecache.
-			//
-			// Thus, we retrieve a pointer to the struct if possible to avoid
-			// a race since v.Interface on the pointer doesn't copy the struct.
-			//
-			// If v is not addressable, then we are not worried about a race
-			// since it implies that the binary Marshaler cannot possibly be
-			// mutating this value.
-			v = v.Addr()
-		}
-		if etm, ok := v.Interface().(encoding.TextMarshaler); ok {
-			text, err := etm.MarshalText()
-			if err != nil {
-				return err
-			}
-			if _, err = w.Write(text); err != nil {
-				return err
-			}
-		} else {
-			if v.Kind() == reflect.Ptr {
-				v = v.Elem()
-			}
-			if err := tm.writeStruct(w, v); err != nil {
-				return err
-			}
-		}
-		w.unindent()
-		if err := w.WriteByte(ket); err != nil {
-			return err
-		}
-	default:
-		_, err := fmt.Fprint(w, v.Interface())
-		return err
-	}
-	return nil
-}
-
-// equivalent to C's isprint.
-func isprint(c byte) bool {
-	return c >= 0x20 && c < 0x7f
-}
-
-// writeString writes a string in the protocol buffer text format.
-// It is similar to strconv.Quote except we don't use Go escape sequences,
-// we treat the string as a byte sequence, and we use octal escapes.
-// These differences are to maintain interoperability with the other
-// languages' implementations of the text format.
-func writeString(w *textWriter, s string) error {
-	// use WriteByte here to get any needed indent
-	if err := w.WriteByte('"'); err != nil {
-		return err
-	}
-	// Loop over the bytes, not the runes.
-	for i := 0; i < len(s); i++ {
-		var err error
-		// Divergence from C++: we don't escape apostrophes.
-		// There's no need to escape them, and the C++ parser
-		// copes with a naked apostrophe.
-		switch c := s[i]; c {
-		case '\n':
-			_, err = w.w.Write(backslashN)
-		case '\r':
-			_, err = w.w.Write(backslashR)
-		case '\t':
-			_, err = w.w.Write(backslashT)
-		case '"':
-			_, err = w.w.Write(backslashDQ)
-		case '\\':
-			_, err = w.w.Write(backslashBS)
-		default:
-			if isprint(c) {
-				err = w.w.WriteByte(c)
-			} else {
-				_, err = fmt.Fprintf(w.w, "\\%03o", c)
-			}
-		}
-		if err != nil {
-			return err
-		}
-	}
-	return w.WriteByte('"')
-}
-
-func writeUnknownStruct(w *textWriter, data []byte) (err error) {
-	if !w.compact {
-		if _, err := fmt.Fprintf(w, "/* %d unknown bytes */\n", len(data)); err != nil {
-			return err
-		}
-	}
-	b := NewBuffer(data)
-	for b.index < len(b.buf) {
-		x, err := b.DecodeVarint()
-		if err != nil {
-			_, err := fmt.Fprintf(w, "/* %v */\n", err)
-			return err
-		}
-		wire, tag := x&7, x>>3
-		if wire == WireEndGroup {
-			w.unindent()
-			if _, err := w.Write(endBraceNewline); err != nil {
-				return err
-			}
-			continue
-		}
-		if _, err := fmt.Fprint(w, tag); err != nil {
-			return err
-		}
-		if wire != WireStartGroup {
-			if err := w.WriteByte(':'); err != nil {
-				return err
-			}
-		}
-		if !w.compact || wire == WireStartGroup {
-			if err := w.WriteByte(' '); err != nil {
-				return err
-			}
-		}
-		switch wire {
-		case WireBytes:
-			buf, e := b.DecodeRawBytes(false)
-			if e == nil {
-				_, err = fmt.Fprintf(w, "%q", buf)
-			} else {
-				_, err = fmt.Fprintf(w, "/* %v */", e)
-			}
-		case WireFixed32:
-			x, err = b.DecodeFixed32()
-			err = writeUnknownInt(w, x, err)
-		case WireFixed64:
-			x, err = b.DecodeFixed64()
-			err = writeUnknownInt(w, x, err)
-		case WireStartGroup:
-			err = w.WriteByte('{')
-			w.indent()
-		case WireVarint:
-			x, err = b.DecodeVarint()
-			err = writeUnknownInt(w, x, err)
-		default:
-			_, err = fmt.Fprintf(w, "/* unknown wire type %d */", wire)
-		}
-		if err != nil {
-			return err
-		}
-		if err = w.WriteByte('\n'); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func writeUnknownInt(w *textWriter, x uint64, err error) error {
-	if err == nil {
-		_, err = fmt.Fprint(w, x)
-	} else {
-		_, err = fmt.Fprintf(w, "/* %v */", err)
-	}
-	return err
-}
-
-type int32Slice []int32
-
-func (s int32Slice) Len() int           { return len(s) }
-func (s int32Slice) Less(i, j int) bool { return s[i] < s[j] }
-func (s int32Slice) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
-
-// writeExtensions writes all the extensions in pv.
-// pv is assumed to be a pointer to a protocol message struct that is extendable.
-func (tm *TextMarshaler) writeExtensions(w *textWriter, pv reflect.Value) error {
-	emap := extensionMaps[pv.Type().Elem()]
-	ep, _ := extendable(pv.Interface())
-
-	// Order the extensions by ID.
-	// This isn't strictly necessary, but it will give us
-	// canonical output, which will also make testing easier.
-	m, mu := ep.extensionsRead()
-	if m == nil {
-		return nil
-	}
-	mu.Lock()
-	ids := make([]int32, 0, len(m))
-	for id := range m {
-		ids = append(ids, id)
-	}
-	sort.Sort(int32Slice(ids))
-	mu.Unlock()
-
-	for _, extNum := range ids {
-		ext := m[extNum]
-		var desc *ExtensionDesc
-		if emap != nil {
-			desc = emap[extNum]
-		}
-		if desc == nil {
-			// Unknown extension.
-			if err := writeUnknownStruct(w, ext.enc); err != nil {
-				return err
-			}
-			continue
-		}
-
-		pb, err := GetExtension(ep, desc)
-		if err != nil {
-			return fmt.Errorf("failed getting extension: %v", err)
-		}
-
-		// Repeated extensions will appear as a slice.
-		if !desc.repeated() {
-			if err := tm.writeExtension(w, desc.Name, pb); err != nil {
-				return err
-			}
-		} else {
-			v := reflect.ValueOf(pb)
-			for i := 0; i < v.Len(); i++ {
-				if err := tm.writeExtension(w, desc.Name, v.Index(i).Interface()); err != nil {
-					return err
-				}
-			}
-		}
-	}
-	return nil
-}
-
-func (tm *TextMarshaler) writeExtension(w *textWriter, name string, pb interface{}) error {
-	if _, err := fmt.Fprintf(w, "[%s]:", name); err != nil {
-		return err
-	}
-	if !w.compact {
-		if err := w.WriteByte(' '); err != nil {
-			return err
-		}
-	}
-	if err := tm.writeAny(w, reflect.ValueOf(pb), nil); err != nil {
-		return err
-	}
-	if err := w.WriteByte('\n'); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (w *textWriter) writeIndent() {
-	if !w.complete {
-		return
-	}
-	remain := w.ind * 2
-	for remain > 0 {
-		n := remain
-		if n > len(spaces) {
-			n = len(spaces)
-		}
-		w.w.Write(spaces[:n])
-		remain -= n
-	}
-	w.complete = false
-}
-
-// TextMarshaler is a configurable text format marshaler.
-type TextMarshaler struct {
-	Compact   bool // use compact text format (one line).
-	ExpandAny bool // expand google.protobuf.Any messages of known types
-}
-
-// Marshal writes a given protocol buffer in text format.
-// The only errors returned are from w.
-func (tm *TextMarshaler) Marshal(w io.Writer, pb Message) error {
-	val := reflect.ValueOf(pb)
-	if pb == nil || val.IsNil() {
-		w.Write([]byte("<nil>"))
-		return nil
-	}
-	var bw *bufio.Writer
-	ww, ok := w.(writer)
-	if !ok {
-		bw = bufio.NewWriter(w)
-		ww = bw
-	}
-	aw := &textWriter{
-		w:        ww,
-		complete: true,
-		compact:  tm.Compact,
-	}
-
-	if etm, ok := pb.(encoding.TextMarshaler); ok {
-		text, err := etm.MarshalText()
-		if err != nil {
-			return err
-		}
-		if _, err = aw.Write(text); err != nil {
-			return err
-		}
-		if bw != nil {
-			return bw.Flush()
-		}
-		return nil
-	}
-	// Dereference the received pointer so we don't have outer < and >.
-	v := reflect.Indirect(val)
-	if err := tm.writeStruct(aw, v); err != nil {
-		return err
-	}
-	if bw != nil {
-		return bw.Flush()
-	}
-	return nil
-}
-
-// Text is the same as Marshal, but returns the string directly.
-func (tm *TextMarshaler) Text(pb Message) string {
-	var buf bytes.Buffer
-	tm.Marshal(&buf, pb)
-	return buf.String()
-}
-
-var (
-	defaultTextMarshaler = TextMarshaler{}
-	compactTextMarshaler = TextMarshaler{Compact: true}
-)
-
-// TODO: consider removing some of the Marshal functions below.
-
-// MarshalText writes a given protocol buffer in text format.
-// The only errors returned are from w.
-func MarshalText(w io.Writer, pb Message) error { return defaultTextMarshaler.Marshal(w, pb) }
-
-// MarshalTextString is the same as MarshalText, but returns the string directly.
-func MarshalTextString(pb Message) string { return defaultTextMarshaler.Text(pb) }
-
-// CompactText writes a given protocol buffer in compact text format (one line).
-func CompactText(w io.Writer, pb Message) error { return compactTextMarshaler.Marshal(w, pb) }
-
-// CompactTextString is the same as CompactText, but returns the string directly.
-func CompactTextString(pb Message) string { return compactTextMarshaler.Text(pb) }
diff --git a/vendor/github.com/golang/protobuf/proto/text_decode.go b/vendor/github.com/golang/protobuf/proto/text_decode.go
new file mode 100644
index 000000000..47eb3e445
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/proto/text_decode.go
@@ -0,0 +1,801 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proto
+
+import (
+	"encoding"
+	"errors"
+	"fmt"
+	"reflect"
+	"strconv"
+	"strings"
+	"unicode/utf8"
+
+	"google.golang.org/protobuf/encoding/prototext"
+	protoV2 "google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/reflect/protoregistry"
+)
+
+const wrapTextUnmarshalV2 = false
+
+// ParseError is returned by UnmarshalText.
+type ParseError struct {
+	Message string
+
+	// Deprecated: Do not use.
+	Line, Offset int
+}
+
+func (e *ParseError) Error() string {
+	if wrapTextUnmarshalV2 {
+		return e.Message
+	}
+	if e.Line == 1 {
+		return fmt.Sprintf("line 1.%d: %v", e.Offset, e.Message)
+	}
+	return fmt.Sprintf("line %d: %v", e.Line, e.Message)
+}
+
+// UnmarshalText parses a proto text formatted string into m.
+func UnmarshalText(s string, m Message) error {
+	if u, ok := m.(encoding.TextUnmarshaler); ok {
+		return u.UnmarshalText([]byte(s))
+	}
+
+	m.Reset()
+	mi := MessageV2(m)
+
+	if wrapTextUnmarshalV2 {
+		err := prototext.UnmarshalOptions{
+			AllowPartial: true,
+		}.Unmarshal([]byte(s), mi)
+		if err != nil {
+			return &ParseError{Message: err.Error()}
+		}
+		return checkRequiredNotSet(mi)
+	} else {
+		if err := newTextParser(s).unmarshalMessage(mi.ProtoReflect(), ""); err != nil {
+			return err
+		}
+		return checkRequiredNotSet(mi)
+	}
+}
+
+type textParser struct {
+	s            string // remaining input
+	done         bool   // whether the parsing is finished (success or error)
+	backed       bool   // whether back() was called
+	offset, line int
+	cur          token
+}
+
+type token struct {
+	value    string
+	err      *ParseError
+	line     int    // line number
+	offset   int    // byte number from start of input, not start of line
+	unquoted string // the unquoted version of value, if it was a quoted string
+}
+
+func newTextParser(s string) *textParser {
+	p := new(textParser)
+	p.s = s
+	p.line = 1
+	p.cur.line = 1
+	return p
+}
+
+func (p *textParser) unmarshalMessage(m protoreflect.Message, terminator string) (err error) {
+	md := m.Descriptor()
+	fds := md.Fields()
+
+	// A struct is a sequence of "name: value", terminated by one of
+	// '>' or '}', or the end of the input.  A name may also be
+	// "[extension]" or "[type/url]".
+	//
+	// The whole struct can also be an expanded Any message, like:
+	// [type/url] < ... struct contents ... >
+	seen := make(map[protoreflect.FieldNumber]bool)
+	for {
+		tok := p.next()
+		if tok.err != nil {
+			return tok.err
+		}
+		if tok.value == terminator {
+			break
+		}
+		if tok.value == "[" {
+			if err := p.unmarshalExtensionOrAny(m, seen); err != nil {
+				return err
+			}
+			continue
+		}
+
+		// This is a normal, non-extension field.
+		name := protoreflect.Name(tok.value)
+		fd := fds.ByName(name)
+		switch {
+		case fd == nil:
+			gd := fds.ByName(protoreflect.Name(strings.ToLower(string(name))))
+			if gd != nil && gd.Kind() == protoreflect.GroupKind && gd.Message().Name() == name {
+				fd = gd
+			}
+		case fd.Kind() == protoreflect.GroupKind && fd.Message().Name() != name:
+			fd = nil
+		case fd.IsWeak() && fd.Message().IsPlaceholder():
+			fd = nil
+		}
+		if fd == nil {
+			typeName := string(md.FullName())
+			if m, ok := m.Interface().(Message); ok {
+				t := reflect.TypeOf(m)
+				if t.Kind() == reflect.Ptr {
+					typeName = t.Elem().String()
+				}
+			}
+			return p.errorf("unknown field name %q in %v", name, typeName)
+		}
+		if od := fd.ContainingOneof(); od != nil && m.WhichOneof(od) != nil {
+			return p.errorf("field '%s' would overwrite already parsed oneof '%s'", name, od.Name())
+		}
+		if fd.Cardinality() != protoreflect.Repeated && seen[fd.Number()] {
+			return p.errorf("non-repeated field %q was repeated", fd.Name())
+		}
+		seen[fd.Number()] = true
+
+		// Consume any colon.
+		if err := p.checkForColon(fd); err != nil {
+			return err
+		}
+
+		// Parse into the field.
+		v := m.Get(fd)
+		if !m.Has(fd) && (fd.IsList() || fd.IsMap() || fd.Message() != nil) {
+			v = m.Mutable(fd)
+		}
+		if v, err = p.unmarshalValue(v, fd); err != nil {
+			return err
+		}
+		m.Set(fd, v)
+
+		if err := p.consumeOptionalSeparator(); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (p *textParser) unmarshalExtensionOrAny(m protoreflect.Message, seen map[protoreflect.FieldNumber]bool) error {
+	name, err := p.consumeExtensionOrAnyName()
+	if err != nil {
+		return err
+	}
+
+	// If it contains a slash, it's an Any type URL.
+	if slashIdx := strings.LastIndex(name, "/"); slashIdx >= 0 {
+		tok := p.next()
+		if tok.err != nil {
+			return tok.err
+		}
+		// consume an optional colon
+		if tok.value == ":" {
+			tok = p.next()
+			if tok.err != nil {
+				return tok.err
+			}
+		}
+
+		var terminator string
+		switch tok.value {
+		case "<":
+			terminator = ">"
+		case "{":
+			terminator = "}"
+		default:
+			return p.errorf("expected '{' or '<', found %q", tok.value)
+		}
+
+		mt, err := protoregistry.GlobalTypes.FindMessageByURL(name)
+		if err != nil {
+			return p.errorf("unrecognized message %q in google.protobuf.Any", name[slashIdx+len("/"):])
+		}
+		m2 := mt.New()
+		if err := p.unmarshalMessage(m2, terminator); err != nil {
+			return err
+		}
+		b, err := protoV2.Marshal(m2.Interface())
+		if err != nil {
+			return p.errorf("failed to marshal message of type %q: %v", name[slashIdx+len("/"):], err)
+		}
+
+		urlFD := m.Descriptor().Fields().ByName("type_url")
+		valFD := m.Descriptor().Fields().ByName("value")
+		if seen[urlFD.Number()] {
+			return p.errorf("Any message unpacked multiple times, or %q already set", urlFD.Name())
+		}
+		if seen[valFD.Number()] {
+			return p.errorf("Any message unpacked multiple times, or %q already set", valFD.Name())
+		}
+		m.Set(urlFD, protoreflect.ValueOfString(name))
+		m.Set(valFD, protoreflect.ValueOfBytes(b))
+		seen[urlFD.Number()] = true
+		seen[valFD.Number()] = true
+		return nil
+	}
+
+	xname := protoreflect.FullName(name)
+	xt, _ := protoregistry.GlobalTypes.FindExtensionByName(xname)
+	if xt == nil && isMessageSet(m.Descriptor()) {
+		xt, _ = protoregistry.GlobalTypes.FindExtensionByName(xname.Append("message_set_extension"))
+	}
+	if xt == nil {
+		return p.errorf("unrecognized extension %q", name)
+	}
+	fd := xt.TypeDescriptor()
+	if fd.ContainingMessage().FullName() != m.Descriptor().FullName() {
+		return p.errorf("extension field %q does not extend message %q", name, m.Descriptor().FullName())
+	}
+
+	if err := p.checkForColon(fd); err != nil {
+		return err
+	}
+
+	v := m.Get(fd)
+	if !m.Has(fd) && (fd.IsList() || fd.IsMap() || fd.Message() != nil) {
+		v = m.Mutable(fd)
+	}
+	v, err = p.unmarshalValue(v, fd)
+	if err != nil {
+		return err
+	}
+	m.Set(fd, v)
+	return p.consumeOptionalSeparator()
+}
+
+func (p *textParser) unmarshalValue(v protoreflect.Value, fd protoreflect.FieldDescriptor) (protoreflect.Value, error) {
+	tok := p.next()
+	if tok.err != nil {
+		return v, tok.err
+	}
+	if tok.value == "" {
+		return v, p.errorf("unexpected EOF")
+	}
+
+	switch {
+	case fd.IsList():
+		lv := v.List()
+		var err error
+		if tok.value == "[" {
+			// Repeated field with list notation, like [1,2,3].
+			for {
+				vv := lv.NewElement()
+				vv, err = p.unmarshalSingularValue(vv, fd)
+				if err != nil {
+					return v, err
+				}
+				lv.Append(vv)
+
+				tok := p.next()
+				if tok.err != nil {
+					return v, tok.err
+				}
+				if tok.value == "]" {
+					break
+				}
+				if tok.value != "," {
+					return v, p.errorf("Expected ']' or ',' found %q", tok.value)
+				}
+			}
+			return v, nil
+		}
+
+		// One value of the repeated field.
+		p.back()
+		vv := lv.NewElement()
+		vv, err = p.unmarshalSingularValue(vv, fd)
+		if err != nil {
+			return v, err
+		}
+		lv.Append(vv)
+		return v, nil
+	case fd.IsMap():
+		// The map entry should be this sequence of tokens:
+		//	< key : KEY value : VALUE >
+		// However, implementations may omit key or value, and technically
+		// we should support them in any order.
+		var terminator string
+		switch tok.value {
+		case "<":
+			terminator = ">"
+		case "{":
+			terminator = "}"
+		default:
+			return v, p.errorf("expected '{' or '<', found %q", tok.value)
+		}
+
+		keyFD := fd.MapKey()
+		valFD := fd.MapValue()
+
+		mv := v.Map()
+		kv := keyFD.Default()
+		vv := mv.NewValue()
+		for {
+			tok := p.next()
+			if tok.err != nil {
+				return v, tok.err
+			}
+			if tok.value == terminator {
+				break
+			}
+			var err error
+			switch tok.value {
+			case "key":
+				if err := p.consumeToken(":"); err != nil {
+					return v, err
+				}
+				if kv, err = p.unmarshalSingularValue(kv, keyFD); err != nil {
+					return v, err
+				}
+				if err := p.consumeOptionalSeparator(); err != nil {
+					return v, err
+				}
+			case "value":
+				if err := p.checkForColon(valFD); err != nil {
+					return v, err
+				}
+				if vv, err = p.unmarshalSingularValue(vv, valFD); err != nil {
+					return v, err
+				}
+				if err := p.consumeOptionalSeparator(); err != nil {
+					return v, err
+				}
+			default:
+				p.back()
+				return v, p.errorf(`expected "key", "value", or %q, found %q`, terminator, tok.value)
+			}
+		}
+		mv.Set(kv.MapKey(), vv)
+		return v, nil
+	default:
+		p.back()
+		return p.unmarshalSingularValue(v, fd)
+	}
+}
+
+func (p *textParser) unmarshalSingularValue(v protoreflect.Value, fd protoreflect.FieldDescriptor) (protoreflect.Value, error) {
+	tok := p.next()
+	if tok.err != nil {
+		return v, tok.err
+	}
+	if tok.value == "" {
+		return v, p.errorf("unexpected EOF")
+	}
+
+	switch fd.Kind() {
+	case protoreflect.BoolKind:
+		switch tok.value {
+		case "true", "1", "t", "True":
+			return protoreflect.ValueOfBool(true), nil
+		case "false", "0", "f", "False":
+			return protoreflect.ValueOfBool(false), nil
+		}
+	case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind:
+		if x, err := strconv.ParseInt(tok.value, 0, 32); err == nil {
+			return protoreflect.ValueOfInt32(int32(x)), nil
+		}
+
+		// The C++ parser accepts large positive hex numbers that uses
+		// two's complement arithmetic to represent negative numbers.
+		// This feature is here for backwards compatibility with C++.
+		if strings.HasPrefix(tok.value, "0x") {
+			if x, err := strconv.ParseUint(tok.value, 0, 32); err == nil {
+				return protoreflect.ValueOfInt32(int32(-(int64(^x) + 1))), nil
+			}
+		}
+	case protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind:
+		if x, err := strconv.ParseInt(tok.value, 0, 64); err == nil {
+			return protoreflect.ValueOfInt64(int64(x)), nil
+		}
+
+		// The C++ parser accepts large positive hex numbers that uses
+		// two's complement arithmetic to represent negative numbers.
+		// This feature is here for backwards compatibility with C++.
+		if strings.HasPrefix(tok.value, "0x") {
+			if x, err := strconv.ParseUint(tok.value, 0, 64); err == nil {
+				return protoreflect.ValueOfInt64(int64(-(int64(^x) + 1))), nil
+			}
+		}
+	case protoreflect.Uint32Kind, protoreflect.Fixed32Kind:
+		if x, err := strconv.ParseUint(tok.value, 0, 32); err == nil {
+			return protoreflect.ValueOfUint32(uint32(x)), nil
+		}
+	case protoreflect.Uint64Kind, protoreflect.Fixed64Kind:
+		if x, err := strconv.ParseUint(tok.value, 0, 64); err == nil {
+			return protoreflect.ValueOfUint64(uint64(x)), nil
+		}
+	case protoreflect.FloatKind:
+		// Ignore 'f' for compatibility with output generated by C++,
+		// but don't remove 'f' when the value is "-inf" or "inf".
+		v := tok.value
+		if strings.HasSuffix(v, "f") && v != "-inf" && v != "inf" {
+			v = v[:len(v)-len("f")]
+		}
+		if x, err := strconv.ParseFloat(v, 32); err == nil {
+			return protoreflect.ValueOfFloat32(float32(x)), nil
+		}
+	case protoreflect.DoubleKind:
+		// Ignore 'f' for compatibility with output generated by C++,
+		// but don't remove 'f' when the value is "-inf" or "inf".
+		v := tok.value
+		if strings.HasSuffix(v, "f") && v != "-inf" && v != "inf" {
+			v = v[:len(v)-len("f")]
+		}
+		if x, err := strconv.ParseFloat(v, 64); err == nil {
+			return protoreflect.ValueOfFloat64(float64(x)), nil
+		}
+	case protoreflect.StringKind:
+		if isQuote(tok.value[0]) {
+			return protoreflect.ValueOfString(tok.unquoted), nil
+		}
+	case protoreflect.BytesKind:
+		if isQuote(tok.value[0]) {
+			return protoreflect.ValueOfBytes([]byte(tok.unquoted)), nil
+		}
+	case protoreflect.EnumKind:
+		if x, err := strconv.ParseInt(tok.value, 0, 32); err == nil {
+			return protoreflect.ValueOfEnum(protoreflect.EnumNumber(x)), nil
+		}
+		vd := fd.Enum().Values().ByName(protoreflect.Name(tok.value))
+		if vd != nil {
+			return protoreflect.ValueOfEnum(vd.Number()), nil
+		}
+	case protoreflect.MessageKind, protoreflect.GroupKind:
+		var terminator string
+		switch tok.value {
+		case "{":
+			terminator = "}"
+		case "<":
+			terminator = ">"
+		default:
+			return v, p.errorf("expected '{' or '<', found %q", tok.value)
+		}
+		err := p.unmarshalMessage(v.Message(), terminator)
+		return v, err
+	default:
+		panic(fmt.Sprintf("invalid kind %v", fd.Kind()))
+	}
+	return v, p.errorf("invalid %v: %v", fd.Kind(), tok.value)
+}
+
+// Consume a ':' from the input stream (if the next token is a colon),
+// returning an error if a colon is needed but not present.
+func (p *textParser) checkForColon(fd protoreflect.FieldDescriptor) *ParseError {
+	tok := p.next()
+	if tok.err != nil {
+		return tok.err
+	}
+	if tok.value != ":" {
+		if fd.Message() == nil {
+			return p.errorf("expected ':', found %q", tok.value)
+		}
+		p.back()
+	}
+	return nil
+}
+
+// consumeExtensionOrAnyName consumes an extension name or an Any type URL and
+// the following ']'. It returns the name or URL consumed.
+func (p *textParser) consumeExtensionOrAnyName() (string, error) {
+	tok := p.next()
+	if tok.err != nil {
+		return "", tok.err
+	}
+
+	// If extension name or type url is quoted, it's a single token.
+	if len(tok.value) > 2 && isQuote(tok.value[0]) && tok.value[len(tok.value)-1] == tok.value[0] {
+		name, err := unquoteC(tok.value[1:len(tok.value)-1], rune(tok.value[0]))
+		if err != nil {
+			return "", err
+		}
+		return name, p.consumeToken("]")
+	}
+
+	// Consume everything up to "]"
+	var parts []string
+	for tok.value != "]" {
+		parts = append(parts, tok.value)
+		tok = p.next()
+		if tok.err != nil {
+			return "", p.errorf("unrecognized type_url or extension name: %s", tok.err)
+		}
+		if p.done && tok.value != "]" {
+			return "", p.errorf("unclosed type_url or extension name")
+		}
+	}
+	return strings.Join(parts, ""), nil
+}
+
+// consumeOptionalSeparator consumes an optional semicolon or comma.
+// It is used in unmarshalMessage to provide backward compatibility.
+func (p *textParser) consumeOptionalSeparator() error {
+	tok := p.next()
+	if tok.err != nil {
+		return tok.err
+	}
+	if tok.value != ";" && tok.value != "," {
+		p.back()
+	}
+	return nil
+}
+
+func (p *textParser) errorf(format string, a ...interface{}) *ParseError {
+	pe := &ParseError{fmt.Sprintf(format, a...), p.cur.line, p.cur.offset}
+	p.cur.err = pe
+	p.done = true
+	return pe
+}
+
+func (p *textParser) skipWhitespace() {
+	i := 0
+	for i < len(p.s) && (isWhitespace(p.s[i]) || p.s[i] == '#') {
+		if p.s[i] == '#' {
+			// comment; skip to end of line or input
+			for i < len(p.s) && p.s[i] != '\n' {
+				i++
+			}
+			if i == len(p.s) {
+				break
+			}
+		}
+		if p.s[i] == '\n' {
+			p.line++
+		}
+		i++
+	}
+	p.offset += i
+	p.s = p.s[i:len(p.s)]
+	if len(p.s) == 0 {
+		p.done = true
+	}
+}
+
+func (p *textParser) advance() {
+	// Skip whitespace
+	p.skipWhitespace()
+	if p.done {
+		return
+	}
+
+	// Start of non-whitespace
+	p.cur.err = nil
+	p.cur.offset, p.cur.line = p.offset, p.line
+	p.cur.unquoted = ""
+	switch p.s[0] {
+	case '<', '>', '{', '}', ':', '[', ']', ';', ',', '/':
+		// Single symbol
+		p.cur.value, p.s = p.s[0:1], p.s[1:len(p.s)]
+	case '"', '\'':
+		// Quoted string
+		i := 1
+		for i < len(p.s) && p.s[i] != p.s[0] && p.s[i] != '\n' {
+			if p.s[i] == '\\' && i+1 < len(p.s) {
+				// skip escaped char
+				i++
+			}
+			i++
+		}
+		if i >= len(p.s) || p.s[i] != p.s[0] {
+			p.errorf("unmatched quote")
+			return
+		}
+		unq, err := unquoteC(p.s[1:i], rune(p.s[0]))
+		if err != nil {
+			p.errorf("invalid quoted string %s: %v", p.s[0:i+1], err)
+			return
+		}
+		p.cur.value, p.s = p.s[0:i+1], p.s[i+1:len(p.s)]
+		p.cur.unquoted = unq
+	default:
+		i := 0
+		for i < len(p.s) && isIdentOrNumberChar(p.s[i]) {
+			i++
+		}
+		if i == 0 {
+			p.errorf("unexpected byte %#x", p.s[0])
+			return
+		}
+		p.cur.value, p.s = p.s[0:i], p.s[i:len(p.s)]
+	}
+	p.offset += len(p.cur.value)
+}
+
+// Back off the parser by one token. Can only be done between calls to next().
+// It makes the next advance() a no-op.
+func (p *textParser) back() { p.backed = true }
+
+// Advances the parser and returns the new current token.
+func (p *textParser) next() *token {
+	if p.backed || p.done {
+		p.backed = false
+		return &p.cur
+	}
+	p.advance()
+	if p.done {
+		p.cur.value = ""
+	} else if len(p.cur.value) > 0 && isQuote(p.cur.value[0]) {
+		// Look for multiple quoted strings separated by whitespace,
+		// and concatenate them.
+		cat := p.cur
+		for {
+			p.skipWhitespace()
+			if p.done || !isQuote(p.s[0]) {
+				break
+			}
+			p.advance()
+			if p.cur.err != nil {
+				return &p.cur
+			}
+			cat.value += " " + p.cur.value
+			cat.unquoted += p.cur.unquoted
+		}
+		p.done = false // parser may have seen EOF, but we want to return cat
+		p.cur = cat
+	}
+	return &p.cur
+}
+
+func (p *textParser) consumeToken(s string) error {
+	tok := p.next()
+	if tok.err != nil {
+		return tok.err
+	}
+	if tok.value != s {
+		p.back()
+		return p.errorf("expected %q, found %q", s, tok.value)
+	}
+	return nil
+}
+
+var errBadUTF8 = errors.New("proto: bad UTF-8")
+
+func unquoteC(s string, quote rune) (string, error) {
+	// This is based on C++'s tokenizer.cc.
+	// Despite its name, this is *not* parsing C syntax.
+	// For instance, "\0" is an invalid quoted string.
+
+	// Avoid allocation in trivial cases.
+	simple := true
+	for _, r := range s {
+		if r == '\\' || r == quote {
+			simple = false
+			break
+		}
+	}
+	if simple {
+		return s, nil
+	}
+
+	buf := make([]byte, 0, 3*len(s)/2)
+	for len(s) > 0 {
+		r, n := utf8.DecodeRuneInString(s)
+		if r == utf8.RuneError && n == 1 {
+			return "", errBadUTF8
+		}
+		s = s[n:]
+		if r != '\\' {
+			if r < utf8.RuneSelf {
+				buf = append(buf, byte(r))
+			} else {
+				buf = append(buf, string(r)...)
+			}
+			continue
+		}
+
+		ch, tail, err := unescape(s)
+		if err != nil {
+			return "", err
+		}
+		buf = append(buf, ch...)
+		s = tail
+	}
+	return string(buf), nil
+}
+
+func unescape(s string) (ch string, tail string, err error) {
+	r, n := utf8.DecodeRuneInString(s)
+	if r == utf8.RuneError && n == 1 {
+		return "", "", errBadUTF8
+	}
+	s = s[n:]
+	switch r {
+	case 'a':
+		return "\a", s, nil
+	case 'b':
+		return "\b", s, nil
+	case 'f':
+		return "\f", s, nil
+	case 'n':
+		return "\n", s, nil
+	case 'r':
+		return "\r", s, nil
+	case 't':
+		return "\t", s, nil
+	case 'v':
+		return "\v", s, nil
+	case '?':
+		return "?", s, nil // trigraph workaround
+	case '\'', '"', '\\':
+		return string(r), s, nil
+	case '0', '1', '2', '3', '4', '5', '6', '7':
+		if len(s) < 2 {
+			return "", "", fmt.Errorf(`\%c requires 2 following digits`, r)
+		}
+		ss := string(r) + s[:2]
+		s = s[2:]
+		i, err := strconv.ParseUint(ss, 8, 8)
+		if err != nil {
+			return "", "", fmt.Errorf(`\%s contains non-octal digits`, ss)
+		}
+		return string([]byte{byte(i)}), s, nil
+	case 'x', 'X', 'u', 'U':
+		var n int
+		switch r {
+		case 'x', 'X':
+			n = 2
+		case 'u':
+			n = 4
+		case 'U':
+			n = 8
+		}
+		if len(s) < n {
+			return "", "", fmt.Errorf(`\%c requires %d following digits`, r, n)
+		}
+		ss := s[:n]
+		s = s[n:]
+		i, err := strconv.ParseUint(ss, 16, 64)
+		if err != nil {
+			return "", "", fmt.Errorf(`\%c%s contains non-hexadecimal digits`, r, ss)
+		}
+		if r == 'x' || r == 'X' {
+			return string([]byte{byte(i)}), s, nil
+		}
+		if i > utf8.MaxRune {
+			return "", "", fmt.Errorf(`\%c%s is not a valid Unicode code point`, r, ss)
+		}
+		return string(rune(i)), s, nil
+	}
+	return "", "", fmt.Errorf(`unknown escape \%c`, r)
+}
+
+func isIdentOrNumberChar(c byte) bool {
+	switch {
+	case 'A' <= c && c <= 'Z', 'a' <= c && c <= 'z':
+		return true
+	case '0' <= c && c <= '9':
+		return true
+	}
+	switch c {
+	case '-', '+', '.', '_':
+		return true
+	}
+	return false
+}
+
+func isWhitespace(c byte) bool {
+	switch c {
+	case ' ', '\t', '\n', '\r':
+		return true
+	}
+	return false
+}
+
+func isQuote(c byte) bool {
+	switch c {
+	case '"', '\'':
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/golang/protobuf/proto/text_encode.go b/vendor/github.com/golang/protobuf/proto/text_encode.go
new file mode 100644
index 000000000..a31134eeb
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/proto/text_encode.go
@@ -0,0 +1,560 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proto
+
+import (
+	"bytes"
+	"encoding"
+	"fmt"
+	"io"
+	"math"
+	"sort"
+	"strings"
+
+	"google.golang.org/protobuf/encoding/prototext"
+	"google.golang.org/protobuf/encoding/protowire"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/reflect/protoregistry"
+)
+
+const wrapTextMarshalV2 = false
+
+// TextMarshaler is a configurable text format marshaler.
+type TextMarshaler struct {
+	Compact   bool // use compact text format (one line)
+	ExpandAny bool // expand google.protobuf.Any messages of known types
+}
+
+// Marshal writes the proto text format of m to w.
+func (tm *TextMarshaler) Marshal(w io.Writer, m Message) error {
+	b, err := tm.marshal(m)
+	if len(b) > 0 {
+		if _, err := w.Write(b); err != nil {
+			return err
+		}
+	}
+	return err
+}
+
+// Text returns a proto text formatted string of m.
+func (tm *TextMarshaler) Text(m Message) string {
+	b, _ := tm.marshal(m)
+	return string(b)
+}
+
+func (tm *TextMarshaler) marshal(m Message) ([]byte, error) {
+	mr := MessageReflect(m)
+	if mr == nil || !mr.IsValid() {
+		return []byte("<nil>"), nil
+	}
+
+	if wrapTextMarshalV2 {
+		if m, ok := m.(encoding.TextMarshaler); ok {
+			return m.MarshalText()
+		}
+
+		opts := prototext.MarshalOptions{
+			AllowPartial: true,
+			EmitUnknown:  true,
+		}
+		if !tm.Compact {
+			opts.Indent = "  "
+		}
+		if !tm.ExpandAny {
+			opts.Resolver = (*protoregistry.Types)(nil)
+		}
+		return opts.Marshal(mr.Interface())
+	} else {
+		w := &textWriter{
+			compact:   tm.Compact,
+			expandAny: tm.ExpandAny,
+			complete:  true,
+		}
+
+		if m, ok := m.(encoding.TextMarshaler); ok {
+			b, err := m.MarshalText()
+			if err != nil {
+				return nil, err
+			}
+			w.Write(b)
+			return w.buf, nil
+		}
+
+		err := w.writeMessage(mr)
+		return w.buf, err
+	}
+}
+
+var (
+	defaultTextMarshaler = TextMarshaler{}
+	compactTextMarshaler = TextMarshaler{Compact: true}
+)
+
+// MarshalText writes the proto text format of m to w.
+func MarshalText(w io.Writer, m Message) error { return defaultTextMarshaler.Marshal(w, m) }
+
+// MarshalTextString returns a proto text formatted string of m.
+func MarshalTextString(m Message) string { return defaultTextMarshaler.Text(m) }
+
+// CompactText writes the compact proto text format of m to w.
+func CompactText(w io.Writer, m Message) error { return compactTextMarshaler.Marshal(w, m) }
+
+// CompactTextString returns a compact proto text formatted string of m.
+func CompactTextString(m Message) string { return compactTextMarshaler.Text(m) }
+
+var (
+	newline         = []byte("\n")
+	endBraceNewline = []byte("}\n")
+	posInf          = []byte("inf")
+	negInf          = []byte("-inf")
+	nan             = []byte("nan")
+)
+
+// textWriter is an io.Writer that tracks its indentation level.
+type textWriter struct {
+	compact   bool // same as TextMarshaler.Compact
+	expandAny bool // same as TextMarshaler.ExpandAny
+	complete  bool // whether the current position is a complete line
+	indent    int  // indentation level; never negative
+	buf       []byte
+}
+
+func (w *textWriter) Write(p []byte) (n int, _ error) {
+	newlines := bytes.Count(p, newline)
+	if newlines == 0 {
+		if !w.compact && w.complete {
+			w.writeIndent()
+		}
+		w.buf = append(w.buf, p...)
+		w.complete = false
+		return len(p), nil
+	}
+
+	frags := bytes.SplitN(p, newline, newlines+1)
+	if w.compact {
+		for i, frag := range frags {
+			if i > 0 {
+				w.buf = append(w.buf, ' ')
+				n++
+			}
+			w.buf = append(w.buf, frag...)
+			n += len(frag)
+		}
+		return n, nil
+	}
+
+	for i, frag := range frags {
+		if w.complete {
+			w.writeIndent()
+		}
+		w.buf = append(w.buf, frag...)
+		n += len(frag)
+		if i+1 < len(frags) {
+			w.buf = append(w.buf, '\n')
+			n++
+		}
+	}
+	w.complete = len(frags[len(frags)-1]) == 0
+	return n, nil
+}
+
+func (w *textWriter) WriteByte(c byte) error {
+	if w.compact && c == '\n' {
+		c = ' '
+	}
+	if !w.compact && w.complete {
+		w.writeIndent()
+	}
+	w.buf = append(w.buf, c)
+	w.complete = c == '\n'
+	return nil
+}
+
+func (w *textWriter) writeName(fd protoreflect.FieldDescriptor) {
+	if !w.compact && w.complete {
+		w.writeIndent()
+	}
+	w.complete = false
+
+	if fd.Kind() != protoreflect.GroupKind {
+		w.buf = append(w.buf, fd.Name()...)
+		w.WriteByte(':')
+	} else {
+		// Use message type name for group field name.
+		w.buf = append(w.buf, fd.Message().Name()...)
+	}
+
+	if !w.compact {
+		w.WriteByte(' ')
+	}
+}
+
+func requiresQuotes(u string) bool {
+	// When type URL contains any characters except [0-9A-Za-z./\-]*, it must be quoted.
+	for _, ch := range u {
+		switch {
+		case ch == '.' || ch == '/' || ch == '_':
+			continue
+		case '0' <= ch && ch <= '9':
+			continue
+		case 'A' <= ch && ch <= 'Z':
+			continue
+		case 'a' <= ch && ch <= 'z':
+			continue
+		default:
+			return true
+		}
+	}
+	return false
+}
+
+// writeProto3Any writes an expanded google.protobuf.Any message.
+//
+// It returns (false, nil) if sv value can't be unmarshaled (e.g. because
+// required messages are not linked in).
+//
+// It returns (true, error) when sv was written in expanded format or an error
+// was encountered.
+func (w *textWriter) writeProto3Any(m protoreflect.Message) (bool, error) {
+	md := m.Descriptor()
+	fdURL := md.Fields().ByName("type_url")
+	fdVal := md.Fields().ByName("value")
+
+	url := m.Get(fdURL).String()
+	mt, err := protoregistry.GlobalTypes.FindMessageByURL(url)
+	if err != nil {
+		return false, nil
+	}
+
+	b := m.Get(fdVal).Bytes()
+	m2 := mt.New()
+	if err := proto.Unmarshal(b, m2.Interface()); err != nil {
+		return false, nil
+	}
+	w.Write([]byte("["))
+	if requiresQuotes(url) {
+		w.writeQuotedString(url)
+	} else {
+		w.Write([]byte(url))
+	}
+	if w.compact {
+		w.Write([]byte("]:<"))
+	} else {
+		w.Write([]byte("]: <\n"))
+		w.indent++
+	}
+	if err := w.writeMessage(m2); err != nil {
+		return true, err
+	}
+	if w.compact {
+		w.Write([]byte("> "))
+	} else {
+		w.indent--
+		w.Write([]byte(">\n"))
+	}
+	return true, nil
+}
+
+func (w *textWriter) writeMessage(m protoreflect.Message) error {
+	md := m.Descriptor()
+	if w.expandAny && md.FullName() == "google.protobuf.Any" {
+		if canExpand, err := w.writeProto3Any(m); canExpand {
+			return err
+		}
+	}
+
+	fds := md.Fields()
+	for i := 0; i < fds.Len(); {
+		fd := fds.Get(i)
+		if od := fd.ContainingOneof(); od != nil {
+			fd = m.WhichOneof(od)
+			i += od.Fields().Len()
+		} else {
+			i++
+		}
+		if fd == nil || !m.Has(fd) {
+			continue
+		}
+
+		switch {
+		case fd.IsList():
+			lv := m.Get(fd).List()
+			for j := 0; j < lv.Len(); j++ {
+				w.writeName(fd)
+				v := lv.Get(j)
+				if err := w.writeSingularValue(v, fd); err != nil {
+					return err
+				}
+				w.WriteByte('\n')
+			}
+		case fd.IsMap():
+			kfd := fd.MapKey()
+			vfd := fd.MapValue()
+			mv := m.Get(fd).Map()
+
+			type entry struct{ key, val protoreflect.Value }
+			var entries []entry
+			mv.Range(func(k protoreflect.MapKey, v protoreflect.Value) bool {
+				entries = append(entries, entry{k.Value(), v})
+				return true
+			})
+			sort.Slice(entries, func(i, j int) bool {
+				switch kfd.Kind() {
+				case protoreflect.BoolKind:
+					return !entries[i].key.Bool() && entries[j].key.Bool()
+				case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind, protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind:
+					return entries[i].key.Int() < entries[j].key.Int()
+				case protoreflect.Uint32Kind, protoreflect.Fixed32Kind, protoreflect.Uint64Kind, protoreflect.Fixed64Kind:
+					return entries[i].key.Uint() < entries[j].key.Uint()
+				case protoreflect.StringKind:
+					return entries[i].key.String() < entries[j].key.String()
+				default:
+					panic("invalid kind")
+				}
+			})
+			for _, entry := range entries {
+				w.writeName(fd)
+				w.WriteByte('<')
+				if !w.compact {
+					w.WriteByte('\n')
+				}
+				w.indent++
+				w.writeName(kfd)
+				if err := w.writeSingularValue(entry.key, kfd); err != nil {
+					return err
+				}
+				w.WriteByte('\n')
+				w.writeName(vfd)
+				if err := w.writeSingularValue(entry.val, vfd); err != nil {
+					return err
+				}
+				w.WriteByte('\n')
+				w.indent--
+				w.WriteByte('>')
+				w.WriteByte('\n')
+			}
+		default:
+			w.writeName(fd)
+			if err := w.writeSingularValue(m.Get(fd), fd); err != nil {
+				return err
+			}
+			w.WriteByte('\n')
+		}
+	}
+
+	if b := m.GetUnknown(); len(b) > 0 {
+		w.writeUnknownFields(b)
+	}
+	return w.writeExtensions(m)
+}
+
+func (w *textWriter) writeSingularValue(v protoreflect.Value, fd protoreflect.FieldDescriptor) error {
+	switch fd.Kind() {
+	case protoreflect.FloatKind, protoreflect.DoubleKind:
+		switch vf := v.Float(); {
+		case math.IsInf(vf, +1):
+			w.Write(posInf)
+		case math.IsInf(vf, -1):
+			w.Write(negInf)
+		case math.IsNaN(vf):
+			w.Write(nan)
+		default:
+			fmt.Fprint(w, v.Interface())
+		}
+	case protoreflect.StringKind:
+		// NOTE: This does not validate UTF-8 for historical reasons.
+		w.writeQuotedString(string(v.String()))
+	case protoreflect.BytesKind:
+		w.writeQuotedString(string(v.Bytes()))
+	case protoreflect.MessageKind, protoreflect.GroupKind:
+		var bra, ket byte = '<', '>'
+		if fd.Kind() == protoreflect.GroupKind {
+			bra, ket = '{', '}'
+		}
+		w.WriteByte(bra)
+		if !w.compact {
+			w.WriteByte('\n')
+		}
+		w.indent++
+		m := v.Message()
+		if m2, ok := m.Interface().(encoding.TextMarshaler); ok {
+			b, err := m2.MarshalText()
+			if err != nil {
+				return err
+			}
+			w.Write(b)
+		} else {
+			w.writeMessage(m)
+		}
+		w.indent--
+		w.WriteByte(ket)
+	case protoreflect.EnumKind:
+		if ev := fd.Enum().Values().ByNumber(v.Enum()); ev != nil {
+			fmt.Fprint(w, ev.Name())
+		} else {
+			fmt.Fprint(w, v.Enum())
+		}
+	default:
+		fmt.Fprint(w, v.Interface())
+	}
+	return nil
+}
+
+// writeQuotedString writes a quoted string in the protocol buffer text format.
+func (w *textWriter) writeQuotedString(s string) {
+	w.WriteByte('"')
+	for i := 0; i < len(s); i++ {
+		switch c := s[i]; c {
+		case '\n':
+			w.buf = append(w.buf, `\n`...)
+		case '\r':
+			w.buf = append(w.buf, `\r`...)
+		case '\t':
+			w.buf = append(w.buf, `\t`...)
+		case '"':
+			w.buf = append(w.buf, `\"`...)
+		case '\\':
+			w.buf = append(w.buf, `\\`...)
+		default:
+			if isPrint := c >= 0x20 && c < 0x7f; isPrint {
+				w.buf = append(w.buf, c)
+			} else {
+				w.buf = append(w.buf, fmt.Sprintf(`\%03o`, c)...)
+			}
+		}
+	}
+	w.WriteByte('"')
+}
+
+func (w *textWriter) writeUnknownFields(b []byte) {
+	if !w.compact {
+		fmt.Fprintf(w, "/* %d unknown bytes */\n", len(b))
+	}
+
+	for len(b) > 0 {
+		num, wtyp, n := protowire.ConsumeTag(b)
+		if n < 0 {
+			return
+		}
+		b = b[n:]
+
+		if wtyp == protowire.EndGroupType {
+			w.indent--
+			w.Write(endBraceNewline)
+			continue
+		}
+		fmt.Fprint(w, num)
+		if wtyp != protowire.StartGroupType {
+			w.WriteByte(':')
+		}
+		if !w.compact || wtyp == protowire.StartGroupType {
+			w.WriteByte(' ')
+		}
+		switch wtyp {
+		case protowire.VarintType:
+			v, n := protowire.ConsumeVarint(b)
+			if n < 0 {
+				return
+			}
+			b = b[n:]
+			fmt.Fprint(w, v)
+		case protowire.Fixed32Type:
+			v, n := protowire.ConsumeFixed32(b)
+			if n < 0 {
+				return
+			}
+			b = b[n:]
+			fmt.Fprint(w, v)
+		case protowire.Fixed64Type:
+			v, n := protowire.ConsumeFixed64(b)
+			if n < 0 {
+				return
+			}
+			b = b[n:]
+			fmt.Fprint(w, v)
+		case protowire.BytesType:
+			v, n := protowire.ConsumeBytes(b)
+			if n < 0 {
+				return
+			}
+			b = b[n:]
+			fmt.Fprintf(w, "%q", v)
+		case protowire.StartGroupType:
+			w.WriteByte('{')
+			w.indent++
+		default:
+			fmt.Fprintf(w, "/* unknown wire type %d */", wtyp)
+		}
+		w.WriteByte('\n')
+	}
+}
+
+// writeExtensions writes all the extensions in m.
+func (w *textWriter) writeExtensions(m protoreflect.Message) error {
+	md := m.Descriptor()
+	if md.ExtensionRanges().Len() == 0 {
+		return nil
+	}
+
+	type ext struct {
+		desc protoreflect.FieldDescriptor
+		val  protoreflect.Value
+	}
+	var exts []ext
+	m.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool {
+		if fd.IsExtension() {
+			exts = append(exts, ext{fd, v})
+		}
+		return true
+	})
+	sort.Slice(exts, func(i, j int) bool {
+		return exts[i].desc.Number() < exts[j].desc.Number()
+	})
+
+	for _, ext := range exts {
+		// For message set, use the name of the message as the extension name.
+		name := string(ext.desc.FullName())
+		if isMessageSet(ext.desc.ContainingMessage()) {
+			name = strings.TrimSuffix(name, ".message_set_extension")
+		}
+
+		if !ext.desc.IsList() {
+			if err := w.writeSingularExtension(name, ext.val, ext.desc); err != nil {
+				return err
+			}
+		} else {
+			lv := ext.val.List()
+			for i := 0; i < lv.Len(); i++ {
+				if err := w.writeSingularExtension(name, lv.Get(i), ext.desc); err != nil {
+					return err
+				}
+			}
+		}
+	}
+	return nil
+}
+
+func (w *textWriter) writeSingularExtension(name string, v protoreflect.Value, fd protoreflect.FieldDescriptor) error {
+	fmt.Fprintf(w, "[%s]:", name)
+	if !w.compact {
+		w.WriteByte(' ')
+	}
+	if err := w.writeSingularValue(v, fd); err != nil {
+		return err
+	}
+	w.WriteByte('\n')
+	return nil
+}
+
+func (w *textWriter) writeIndent() {
+	if !w.complete {
+		return
+	}
+	for i := 0; i < w.indent*2; i++ {
+		w.buf = append(w.buf, ' ')
+	}
+	w.complete = false
+}
diff --git a/vendor/github.com/golang/protobuf/proto/text_parser.go b/vendor/github.com/golang/protobuf/proto/text_parser.go
deleted file mode 100644
index bb55a3af2..000000000
--- a/vendor/github.com/golang/protobuf/proto/text_parser.go
+++ /dev/null
@@ -1,880 +0,0 @@
-// Go support for Protocol Buffers - Google's data interchange format
-//
-// Copyright 2010 The Go Authors.  All rights reserved.
-// https://github.com/golang/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//     * Neither the name of Google Inc. nor the names of its
-// contributors may be used to endorse or promote products derived from
-// this software without specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package proto
-
-// Functions for parsing the Text protocol buffer format.
-// TODO: message sets.
-
-import (
-	"encoding"
-	"errors"
-	"fmt"
-	"reflect"
-	"strconv"
-	"strings"
-	"unicode/utf8"
-)
-
-// Error string emitted when deserializing Any and fields are already set
-const anyRepeatedlyUnpacked = "Any message unpacked multiple times, or %q already set"
-
-type ParseError struct {
-	Message string
-	Line    int // 1-based line number
-	Offset  int // 0-based byte offset from start of input
-}
-
-func (p *ParseError) Error() string {
-	if p.Line == 1 {
-		// show offset only for first line
-		return fmt.Sprintf("line 1.%d: %v", p.Offset, p.Message)
-	}
-	return fmt.Sprintf("line %d: %v", p.Line, p.Message)
-}
-
-type token struct {
-	value    string
-	err      *ParseError
-	line     int    // line number
-	offset   int    // byte number from start of input, not start of line
-	unquoted string // the unquoted version of value, if it was a quoted string
-}
-
-func (t *token) String() string {
-	if t.err == nil {
-		return fmt.Sprintf("%q (line=%d, offset=%d)", t.value, t.line, t.offset)
-	}
-	return fmt.Sprintf("parse error: %v", t.err)
-}
-
-type textParser struct {
-	s            string // remaining input
-	done         bool   // whether the parsing is finished (success or error)
-	backed       bool   // whether back() was called
-	offset, line int
-	cur          token
-}
-
-func newTextParser(s string) *textParser {
-	p := new(textParser)
-	p.s = s
-	p.line = 1
-	p.cur.line = 1
-	return p
-}
-
-func (p *textParser) errorf(format string, a ...interface{}) *ParseError {
-	pe := &ParseError{fmt.Sprintf(format, a...), p.cur.line, p.cur.offset}
-	p.cur.err = pe
-	p.done = true
-	return pe
-}
-
-// Numbers and identifiers are matched by [-+._A-Za-z0-9]
-func isIdentOrNumberChar(c byte) bool {
-	switch {
-	case 'A' <= c && c <= 'Z', 'a' <= c && c <= 'z':
-		return true
-	case '0' <= c && c <= '9':
-		return true
-	}
-	switch c {
-	case '-', '+', '.', '_':
-		return true
-	}
-	return false
-}
-
-func isWhitespace(c byte) bool {
-	switch c {
-	case ' ', '\t', '\n', '\r':
-		return true
-	}
-	return false
-}
-
-func isQuote(c byte) bool {
-	switch c {
-	case '"', '\'':
-		return true
-	}
-	return false
-}
-
-func (p *textParser) skipWhitespace() {
-	i := 0
-	for i < len(p.s) && (isWhitespace(p.s[i]) || p.s[i] == '#') {
-		if p.s[i] == '#' {
-			// comment; skip to end of line or input
-			for i < len(p.s) && p.s[i] != '\n' {
-				i++
-			}
-			if i == len(p.s) {
-				break
-			}
-		}
-		if p.s[i] == '\n' {
-			p.line++
-		}
-		i++
-	}
-	p.offset += i
-	p.s = p.s[i:len(p.s)]
-	if len(p.s) == 0 {
-		p.done = true
-	}
-}
-
-func (p *textParser) advance() {
-	// Skip whitespace
-	p.skipWhitespace()
-	if p.done {
-		return
-	}
-
-	// Start of non-whitespace
-	p.cur.err = nil
-	p.cur.offset, p.cur.line = p.offset, p.line
-	p.cur.unquoted = ""
-	switch p.s[0] {
-	case '<', '>', '{', '}', ':', '[', ']', ';', ',', '/':
-		// Single symbol
-		p.cur.value, p.s = p.s[0:1], p.s[1:len(p.s)]
-	case '"', '\'':
-		// Quoted string
-		i := 1
-		for i < len(p.s) && p.s[i] != p.s[0] && p.s[i] != '\n' {
-			if p.s[i] == '\\' && i+1 < len(p.s) {
-				// skip escaped char
-				i++
-			}
-			i++
-		}
-		if i >= len(p.s) || p.s[i] != p.s[0] {
-			p.errorf("unmatched quote")
-			return
-		}
-		unq, err := unquoteC(p.s[1:i], rune(p.s[0]))
-		if err != nil {
-			p.errorf("invalid quoted string %s: %v", p.s[0:i+1], err)
-			return
-		}
-		p.cur.value, p.s = p.s[0:i+1], p.s[i+1:len(p.s)]
-		p.cur.unquoted = unq
-	default:
-		i := 0
-		for i < len(p.s) && isIdentOrNumberChar(p.s[i]) {
-			i++
-		}
-		if i == 0 {
-			p.errorf("unexpected byte %#x", p.s[0])
-			return
-		}
-		p.cur.value, p.s = p.s[0:i], p.s[i:len(p.s)]
-	}
-	p.offset += len(p.cur.value)
-}
-
-var (
-	errBadUTF8 = errors.New("proto: bad UTF-8")
-)
-
-func unquoteC(s string, quote rune) (string, error) {
-	// This is based on C++'s tokenizer.cc.
-	// Despite its name, this is *not* parsing C syntax.
-	// For instance, "\0" is an invalid quoted string.
-
-	// Avoid allocation in trivial cases.
-	simple := true
-	for _, r := range s {
-		if r == '\\' || r == quote {
-			simple = false
-			break
-		}
-	}
-	if simple {
-		return s, nil
-	}
-
-	buf := make([]byte, 0, 3*len(s)/2)
-	for len(s) > 0 {
-		r, n := utf8.DecodeRuneInString(s)
-		if r == utf8.RuneError && n == 1 {
-			return "", errBadUTF8
-		}
-		s = s[n:]
-		if r != '\\' {
-			if r < utf8.RuneSelf {
-				buf = append(buf, byte(r))
-			} else {
-				buf = append(buf, string(r)...)
-			}
-			continue
-		}
-
-		ch, tail, err := unescape(s)
-		if err != nil {
-			return "", err
-		}
-		buf = append(buf, ch...)
-		s = tail
-	}
-	return string(buf), nil
-}
-
-func unescape(s string) (ch string, tail string, err error) {
-	r, n := utf8.DecodeRuneInString(s)
-	if r == utf8.RuneError && n == 1 {
-		return "", "", errBadUTF8
-	}
-	s = s[n:]
-	switch r {
-	case 'a':
-		return "\a", s, nil
-	case 'b':
-		return "\b", s, nil
-	case 'f':
-		return "\f", s, nil
-	case 'n':
-		return "\n", s, nil
-	case 'r':
-		return "\r", s, nil
-	case 't':
-		return "\t", s, nil
-	case 'v':
-		return "\v", s, nil
-	case '?':
-		return "?", s, nil // trigraph workaround
-	case '\'', '"', '\\':
-		return string(r), s, nil
-	case '0', '1', '2', '3', '4', '5', '6', '7':
-		if len(s) < 2 {
-			return "", "", fmt.Errorf(`\%c requires 2 following digits`, r)
-		}
-		ss := string(r) + s[:2]
-		s = s[2:]
-		i, err := strconv.ParseUint(ss, 8, 8)
-		if err != nil {
-			return "", "", fmt.Errorf(`\%s contains non-octal digits`, ss)
-		}
-		return string([]byte{byte(i)}), s, nil
-	case 'x', 'X', 'u', 'U':
-		var n int
-		switch r {
-		case 'x', 'X':
-			n = 2
-		case 'u':
-			n = 4
-		case 'U':
-			n = 8
-		}
-		if len(s) < n {
-			return "", "", fmt.Errorf(`\%c requires %d following digits`, r, n)
-		}
-		ss := s[:n]
-		s = s[n:]
-		i, err := strconv.ParseUint(ss, 16, 64)
-		if err != nil {
-			return "", "", fmt.Errorf(`\%c%s contains non-hexadecimal digits`, r, ss)
-		}
-		if r == 'x' || r == 'X' {
-			return string([]byte{byte(i)}), s, nil
-		}
-		if i > utf8.MaxRune {
-			return "", "", fmt.Errorf(`\%c%s is not a valid Unicode code point`, r, ss)
-		}
-		return string(i), s, nil
-	}
-	return "", "", fmt.Errorf(`unknown escape \%c`, r)
-}
-
-// Back off the parser by one token. Can only be done between calls to next().
-// It makes the next advance() a no-op.
-func (p *textParser) back() { p.backed = true }
-
-// Advances the parser and returns the new current token.
-func (p *textParser) next() *token {
-	if p.backed || p.done {
-		p.backed = false
-		return &p.cur
-	}
-	p.advance()
-	if p.done {
-		p.cur.value = ""
-	} else if len(p.cur.value) > 0 && isQuote(p.cur.value[0]) {
-		// Look for multiple quoted strings separated by whitespace,
-		// and concatenate them.
-		cat := p.cur
-		for {
-			p.skipWhitespace()
-			if p.done || !isQuote(p.s[0]) {
-				break
-			}
-			p.advance()
-			if p.cur.err != nil {
-				return &p.cur
-			}
-			cat.value += " " + p.cur.value
-			cat.unquoted += p.cur.unquoted
-		}
-		p.done = false // parser may have seen EOF, but we want to return cat
-		p.cur = cat
-	}
-	return &p.cur
-}
-
-func (p *textParser) consumeToken(s string) error {
-	tok := p.next()
-	if tok.err != nil {
-		return tok.err
-	}
-	if tok.value != s {
-		p.back()
-		return p.errorf("expected %q, found %q", s, tok.value)
-	}
-	return nil
-}
-
-// Return a RequiredNotSetError indicating which required field was not set.
-func (p *textParser) missingRequiredFieldError(sv reflect.Value) *RequiredNotSetError {
-	st := sv.Type()
-	sprops := GetProperties(st)
-	for i := 0; i < st.NumField(); i++ {
-		if !isNil(sv.Field(i)) {
-			continue
-		}
-
-		props := sprops.Prop[i]
-		if props.Required {
-			return &RequiredNotSetError{fmt.Sprintf("%v.%v", st, props.OrigName)}
-		}
-	}
-	return &RequiredNotSetError{fmt.Sprintf("%v.<unknown field name>", st)} // should not happen
-}
-
-// Returns the index in the struct for the named field, as well as the parsed tag properties.
-func structFieldByName(sprops *StructProperties, name string) (int, *Properties, bool) {
-	i, ok := sprops.decoderOrigNames[name]
-	if ok {
-		return i, sprops.Prop[i], true
-	}
-	return -1, nil, false
-}
-
-// Consume a ':' from the input stream (if the next token is a colon),
-// returning an error if a colon is needed but not present.
-func (p *textParser) checkForColon(props *Properties, typ reflect.Type) *ParseError {
-	tok := p.next()
-	if tok.err != nil {
-		return tok.err
-	}
-	if tok.value != ":" {
-		// Colon is optional when the field is a group or message.
-		needColon := true
-		switch props.Wire {
-		case "group":
-			needColon = false
-		case "bytes":
-			// A "bytes" field is either a message, a string, or a repeated field;
-			// those three become *T, *string and []T respectively, so we can check for
-			// this field being a pointer to a non-string.
-			if typ.Kind() == reflect.Ptr {
-				// *T or *string
-				if typ.Elem().Kind() == reflect.String {
-					break
-				}
-			} else if typ.Kind() == reflect.Slice {
-				// []T or []*T
-				if typ.Elem().Kind() != reflect.Ptr {
-					break
-				}
-			} else if typ.Kind() == reflect.String {
-				// The proto3 exception is for a string field,
-				// which requires a colon.
-				break
-			}
-			needColon = false
-		}
-		if needColon {
-			return p.errorf("expected ':', found %q", tok.value)
-		}
-		p.back()
-	}
-	return nil
-}
-
-func (p *textParser) readStruct(sv reflect.Value, terminator string) error {
-	st := sv.Type()
-	sprops := GetProperties(st)
-	reqCount := sprops.reqCount
-	var reqFieldErr error
-	fieldSet := make(map[string]bool)
-	// A struct is a sequence of "name: value", terminated by one of
-	// '>' or '}', or the end of the input.  A name may also be
-	// "[extension]" or "[type/url]".
-	//
-	// The whole struct can also be an expanded Any message, like:
-	// [type/url] < ... struct contents ... >
-	for {
-		tok := p.next()
-		if tok.err != nil {
-			return tok.err
-		}
-		if tok.value == terminator {
-			break
-		}
-		if tok.value == "[" {
-			// Looks like an extension or an Any.
-			//
-			// TODO: Check whether we need to handle
-			// namespace rooted names (e.g. ".something.Foo").
-			extName, err := p.consumeExtName()
-			if err != nil {
-				return err
-			}
-
-			if s := strings.LastIndex(extName, "/"); s >= 0 {
-				// If it contains a slash, it's an Any type URL.
-				messageName := extName[s+1:]
-				mt := MessageType(messageName)
-				if mt == nil {
-					return p.errorf("unrecognized message %q in google.protobuf.Any", messageName)
-				}
-				tok = p.next()
-				if tok.err != nil {
-					return tok.err
-				}
-				// consume an optional colon
-				if tok.value == ":" {
-					tok = p.next()
-					if tok.err != nil {
-						return tok.err
-					}
-				}
-				var terminator string
-				switch tok.value {
-				case "<":
-					terminator = ">"
-				case "{":
-					terminator = "}"
-				default:
-					return p.errorf("expected '{' or '<', found %q", tok.value)
-				}
-				v := reflect.New(mt.Elem())
-				if pe := p.readStruct(v.Elem(), terminator); pe != nil {
-					return pe
-				}
-				b, err := Marshal(v.Interface().(Message))
-				if err != nil {
-					return p.errorf("failed to marshal message of type %q: %v", messageName, err)
-				}
-				if fieldSet["type_url"] {
-					return p.errorf(anyRepeatedlyUnpacked, "type_url")
-				}
-				if fieldSet["value"] {
-					return p.errorf(anyRepeatedlyUnpacked, "value")
-				}
-				sv.FieldByName("TypeUrl").SetString(extName)
-				sv.FieldByName("Value").SetBytes(b)
-				fieldSet["type_url"] = true
-				fieldSet["value"] = true
-				continue
-			}
-
-			var desc *ExtensionDesc
-			// This could be faster, but it's functional.
-			// TODO: Do something smarter than a linear scan.
-			for _, d := range RegisteredExtensions(reflect.New(st).Interface().(Message)) {
-				if d.Name == extName {
-					desc = d
-					break
-				}
-			}
-			if desc == nil {
-				return p.errorf("unrecognized extension %q", extName)
-			}
-
-			props := &Properties{}
-			props.Parse(desc.Tag)
-
-			typ := reflect.TypeOf(desc.ExtensionType)
-			if err := p.checkForColon(props, typ); err != nil {
-				return err
-			}
-
-			rep := desc.repeated()
-
-			// Read the extension structure, and set it in
-			// the value we're constructing.
-			var ext reflect.Value
-			if !rep {
-				ext = reflect.New(typ).Elem()
-			} else {
-				ext = reflect.New(typ.Elem()).Elem()
-			}
-			if err := p.readAny(ext, props); err != nil {
-				if _, ok := err.(*RequiredNotSetError); !ok {
-					return err
-				}
-				reqFieldErr = err
-			}
-			ep := sv.Addr().Interface().(Message)
-			if !rep {
-				SetExtension(ep, desc, ext.Interface())
-			} else {
-				old, err := GetExtension(ep, desc)
-				var sl reflect.Value
-				if err == nil {
-					sl = reflect.ValueOf(old) // existing slice
-				} else {
-					sl = reflect.MakeSlice(typ, 0, 1)
-				}
-				sl = reflect.Append(sl, ext)
-				SetExtension(ep, desc, sl.Interface())
-			}
-			if err := p.consumeOptionalSeparator(); err != nil {
-				return err
-			}
-			continue
-		}
-
-		// This is a normal, non-extension field.
-		name := tok.value
-		var dst reflect.Value
-		fi, props, ok := structFieldByName(sprops, name)
-		if ok {
-			dst = sv.Field(fi)
-		} else if oop, ok := sprops.OneofTypes[name]; ok {
-			// It is a oneof.
-			props = oop.Prop
-			nv := reflect.New(oop.Type.Elem())
-			dst = nv.Elem().Field(0)
-			field := sv.Field(oop.Field)
-			if !field.IsNil() {
-				return p.errorf("field '%s' would overwrite already parsed oneof '%s'", name, sv.Type().Field(oop.Field).Name)
-			}
-			field.Set(nv)
-		}
-		if !dst.IsValid() {
-			return p.errorf("unknown field name %q in %v", name, st)
-		}
-
-		if dst.Kind() == reflect.Map {
-			// Consume any colon.
-			if err := p.checkForColon(props, dst.Type()); err != nil {
-				return err
-			}
-
-			// Construct the map if it doesn't already exist.
-			if dst.IsNil() {
-				dst.Set(reflect.MakeMap(dst.Type()))
-			}
-			key := reflect.New(dst.Type().Key()).Elem()
-			val := reflect.New(dst.Type().Elem()).Elem()
-
-			// The map entry should be this sequence of tokens:
-			//	< key : KEY value : VALUE >
-			// However, implementations may omit key or value, and technically
-			// we should support them in any order.  See b/28924776 for a time
-			// this went wrong.
-
-			tok := p.next()
-			var terminator string
-			switch tok.value {
-			case "<":
-				terminator = ">"
-			case "{":
-				terminator = "}"
-			default:
-				return p.errorf("expected '{' or '<', found %q", tok.value)
-			}
-			for {
-				tok := p.next()
-				if tok.err != nil {
-					return tok.err
-				}
-				if tok.value == terminator {
-					break
-				}
-				switch tok.value {
-				case "key":
-					if err := p.consumeToken(":"); err != nil {
-						return err
-					}
-					if err := p.readAny(key, props.MapKeyProp); err != nil {
-						return err
-					}
-					if err := p.consumeOptionalSeparator(); err != nil {
-						return err
-					}
-				case "value":
-					if err := p.checkForColon(props.MapValProp, dst.Type().Elem()); err != nil {
-						return err
-					}
-					if err := p.readAny(val, props.MapValProp); err != nil {
-						return err
-					}
-					if err := p.consumeOptionalSeparator(); err != nil {
-						return err
-					}
-				default:
-					p.back()
-					return p.errorf(`expected "key", "value", or %q, found %q`, terminator, tok.value)
-				}
-			}
-
-			dst.SetMapIndex(key, val)
-			continue
-		}
-
-		// Check that it's not already set if it's not a repeated field.
-		if !props.Repeated && fieldSet[name] {
-			return p.errorf("non-repeated field %q was repeated", name)
-		}
-
-		if err := p.checkForColon(props, dst.Type()); err != nil {
-			return err
-		}
-
-		// Parse into the field.
-		fieldSet[name] = true
-		if err := p.readAny(dst, props); err != nil {
-			if _, ok := err.(*RequiredNotSetError); !ok {
-				return err
-			}
-			reqFieldErr = err
-		}
-		if props.Required {
-			reqCount--
-		}
-
-		if err := p.consumeOptionalSeparator(); err != nil {
-			return err
-		}
-
-	}
-
-	if reqCount > 0 {
-		return p.missingRequiredFieldError(sv)
-	}
-	return reqFieldErr
-}
-
-// consumeExtName consumes extension name or expanded Any type URL and the
-// following ']'. It returns the name or URL consumed.
-func (p *textParser) consumeExtName() (string, error) {
-	tok := p.next()
-	if tok.err != nil {
-		return "", tok.err
-	}
-
-	// If extension name or type url is quoted, it's a single token.
-	if len(tok.value) > 2 && isQuote(tok.value[0]) && tok.value[len(tok.value)-1] == tok.value[0] {
-		name, err := unquoteC(tok.value[1:len(tok.value)-1], rune(tok.value[0]))
-		if err != nil {
-			return "", err
-		}
-		return name, p.consumeToken("]")
-	}
-
-	// Consume everything up to "]"
-	var parts []string
-	for tok.value != "]" {
-		parts = append(parts, tok.value)
-		tok = p.next()
-		if tok.err != nil {
-			return "", p.errorf("unrecognized type_url or extension name: %s", tok.err)
-		}
-		if p.done && tok.value != "]" {
-			return "", p.errorf("unclosed type_url or extension name")
-		}
-	}
-	return strings.Join(parts, ""), nil
-}
-
-// consumeOptionalSeparator consumes an optional semicolon or comma.
-// It is used in readStruct to provide backward compatibility.
-func (p *textParser) consumeOptionalSeparator() error {
-	tok := p.next()
-	if tok.err != nil {
-		return tok.err
-	}
-	if tok.value != ";" && tok.value != "," {
-		p.back()
-	}
-	return nil
-}
-
-func (p *textParser) readAny(v reflect.Value, props *Properties) error {
-	tok := p.next()
-	if tok.err != nil {
-		return tok.err
-	}
-	if tok.value == "" {
-		return p.errorf("unexpected EOF")
-	}
-
-	switch fv := v; fv.Kind() {
-	case reflect.Slice:
-		at := v.Type()
-		if at.Elem().Kind() == reflect.Uint8 {
-			// Special case for []byte
-			if tok.value[0] != '"' && tok.value[0] != '\'' {
-				// Deliberately written out here, as the error after
-				// this switch statement would write "invalid []byte: ...",
-				// which is not as user-friendly.
-				return p.errorf("invalid string: %v", tok.value)
-			}
-			bytes := []byte(tok.unquoted)
-			fv.Set(reflect.ValueOf(bytes))
-			return nil
-		}
-		// Repeated field.
-		if tok.value == "[" {
-			// Repeated field with list notation, like [1,2,3].
-			for {
-				fv.Set(reflect.Append(fv, reflect.New(at.Elem()).Elem()))
-				err := p.readAny(fv.Index(fv.Len()-1), props)
-				if err != nil {
-					return err
-				}
-				tok := p.next()
-				if tok.err != nil {
-					return tok.err
-				}
-				if tok.value == "]" {
-					break
-				}
-				if tok.value != "," {
-					return p.errorf("Expected ']' or ',' found %q", tok.value)
-				}
-			}
-			return nil
-		}
-		// One value of the repeated field.
-		p.back()
-		fv.Set(reflect.Append(fv, reflect.New(at.Elem()).Elem()))
-		return p.readAny(fv.Index(fv.Len()-1), props)
-	case reflect.Bool:
-		// true/1/t/True or false/f/0/False.
-		switch tok.value {
-		case "true", "1", "t", "True":
-			fv.SetBool(true)
-			return nil
-		case "false", "0", "f", "False":
-			fv.SetBool(false)
-			return nil
-		}
-	case reflect.Float32, reflect.Float64:
-		v := tok.value
-		// Ignore 'f' for compatibility with output generated by C++, but don't
-		// remove 'f' when the value is "-inf" or "inf".
-		if strings.HasSuffix(v, "f") && tok.value != "-inf" && tok.value != "inf" {
-			v = v[:len(v)-1]
-		}
-		if f, err := strconv.ParseFloat(v, fv.Type().Bits()); err == nil {
-			fv.SetFloat(f)
-			return nil
-		}
-	case reflect.Int32:
-		if x, err := strconv.ParseInt(tok.value, 0, 32); err == nil {
-			fv.SetInt(x)
-			return nil
-		}
-
-		if len(props.Enum) == 0 {
-			break
-		}
-		m, ok := enumValueMaps[props.Enum]
-		if !ok {
-			break
-		}
-		x, ok := m[tok.value]
-		if !ok {
-			break
-		}
-		fv.SetInt(int64(x))
-		return nil
-	case reflect.Int64:
-		if x, err := strconv.ParseInt(tok.value, 0, 64); err == nil {
-			fv.SetInt(x)
-			return nil
-		}
-
-	case reflect.Ptr:
-		// A basic field (indirected through pointer), or a repeated message/group
-		p.back()
-		fv.Set(reflect.New(fv.Type().Elem()))
-		return p.readAny(fv.Elem(), props)
-	case reflect.String:
-		if tok.value[0] == '"' || tok.value[0] == '\'' {
-			fv.SetString(tok.unquoted)
-			return nil
-		}
-	case reflect.Struct:
-		var terminator string
-		switch tok.value {
-		case "{":
-			terminator = "}"
-		case "<":
-			terminator = ">"
-		default:
-			return p.errorf("expected '{' or '<', found %q", tok.value)
-		}
-		// TODO: Handle nested messages which implement encoding.TextUnmarshaler.
-		return p.readStruct(fv, terminator)
-	case reflect.Uint32:
-		if x, err := strconv.ParseUint(tok.value, 0, 32); err == nil {
-			fv.SetUint(uint64(x))
-			return nil
-		}
-	case reflect.Uint64:
-		if x, err := strconv.ParseUint(tok.value, 0, 64); err == nil {
-			fv.SetUint(x)
-			return nil
-		}
-	}
-	return p.errorf("invalid %v: %v", v.Type(), tok.value)
-}
-
-// UnmarshalText reads a protocol buffer in Text format. UnmarshalText resets pb
-// before starting to unmarshal, so any existing data in pb is always removed.
-// If a required field is not set and no other error occurs,
-// UnmarshalText returns *RequiredNotSetError.
-func UnmarshalText(s string, pb Message) error {
-	if um, ok := pb.(encoding.TextUnmarshaler); ok {
-		return um.UnmarshalText([]byte(s))
-	}
-	pb.Reset()
-	v := reflect.ValueOf(pb)
-	return newTextParser(s).readStruct(v.Elem(), "")
-}
diff --git a/vendor/github.com/golang/protobuf/proto/wire.go b/vendor/github.com/golang/protobuf/proto/wire.go
new file mode 100644
index 000000000..d7c28da5a
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/proto/wire.go
@@ -0,0 +1,78 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proto
+
+import (
+	protoV2 "google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/runtime/protoiface"
+)
+
+// Size returns the size in bytes of the wire-format encoding of m.
+func Size(m Message) int {
+	if m == nil {
+		return 0
+	}
+	mi := MessageV2(m)
+	return protoV2.Size(mi)
+}
+
+// Marshal returns the wire-format encoding of m.
+func Marshal(m Message) ([]byte, error) {
+	b, err := marshalAppend(nil, m, false)
+	if b == nil {
+		b = zeroBytes
+	}
+	return b, err
+}
+
+var zeroBytes = make([]byte, 0, 0)
+
+func marshalAppend(buf []byte, m Message, deterministic bool) ([]byte, error) {
+	if m == nil {
+		return nil, ErrNil
+	}
+	mi := MessageV2(m)
+	nbuf, err := protoV2.MarshalOptions{
+		Deterministic: deterministic,
+		AllowPartial:  true,
+	}.MarshalAppend(buf, mi)
+	if err != nil {
+		return buf, err
+	}
+	if len(buf) == len(nbuf) {
+		if !mi.ProtoReflect().IsValid() {
+			return buf, ErrNil
+		}
+	}
+	return nbuf, checkRequiredNotSet(mi)
+}
+
+// Unmarshal parses a wire-format message in b and places the decoded results in m.
+//
+// Unmarshal resets m before starting to unmarshal, so any existing data in m is always
+// removed. Use UnmarshalMerge to preserve and append to existing data.
+func Unmarshal(b []byte, m Message) error {
+	m.Reset()
+	return UnmarshalMerge(b, m)
+}
+
+// UnmarshalMerge parses a wire-format message in b and places the decoded results in m.
+func UnmarshalMerge(b []byte, m Message) error {
+	mi := MessageV2(m)
+	out, err := protoV2.UnmarshalOptions{
+		AllowPartial: true,
+		Merge:        true,
+	}.UnmarshalState(protoiface.UnmarshalInput{
+		Buf:     b,
+		Message: mi.ProtoReflect(),
+	})
+	if err != nil {
+		return err
+	}
+	if out.Flags&protoiface.UnmarshalInitialized > 0 {
+		return nil
+	}
+	return checkRequiredNotSet(mi)
+}
diff --git a/vendor/github.com/golang/protobuf/proto/wrappers.go b/vendor/github.com/golang/protobuf/proto/wrappers.go
new file mode 100644
index 000000000..398e34859
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/proto/wrappers.go
@@ -0,0 +1,34 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package proto
+
+// Bool stores v in a new bool value and returns a pointer to it.
+func Bool(v bool) *bool { return &v }
+
+// Int stores v in a new int32 value and returns a pointer to it.
+//
+// Deprecated: Use Int32 instead.
+func Int(v int) *int32 { return Int32(int32(v)) }
+
+// Int32 stores v in a new int32 value and returns a pointer to it.
+func Int32(v int32) *int32 { return &v }
+
+// Int64 stores v in a new int64 value and returns a pointer to it.
+func Int64(v int64) *int64 { return &v }
+
+// Uint32 stores v in a new uint32 value and returns a pointer to it.
+func Uint32(v uint32) *uint32 { return &v }
+
+// Uint64 stores v in a new uint64 value and returns a pointer to it.
+func Uint64(v uint64) *uint64 { return &v }
+
+// Float32 stores v in a new float32 value and returns a pointer to it.
+func Float32(v float32) *float32 { return &v }
+
+// Float64 stores v in a new float64 value and returns a pointer to it.
+func Float64(v float64) *float64 { return &v }
+
+// String stores v in a new string value and returns a pointer to it.
+func String(v string) *string { return &v }
diff --git a/vendor/github.com/golang/protobuf/regenerate.bash b/vendor/github.com/golang/protobuf/regenerate.bash
new file mode 100755
index 000000000..f6c35c5af
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/regenerate.bash
@@ -0,0 +1,9 @@
+#!/bin/bash
+# Copyright 2018 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+cd "$(git rev-parse --show-toplevel)"
+set -e
+go run ./internal/cmd/generate-alias -execute
+go test ./protoc-gen-go -regenerate
diff --git a/vendor/github.com/golang/protobuf/test.bash b/vendor/github.com/golang/protobuf/test.bash
new file mode 100755
index 000000000..c213adebd
--- /dev/null
+++ b/vendor/github.com/golang/protobuf/test.bash
@@ -0,0 +1,41 @@
+#!/bin/bash
+# Copyright 2018 The Go Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+cd "$(git rev-parse --show-toplevel)"
+
+BOLD="\x1b[1mRunning: "
+PASS="\x1b[32mPASS"
+FAIL="\x1b[31mFAIL"
+RESET="\x1b[0m"
+
+echo -e "${BOLD}go test ./...${RESET}"
+RET_TEST0=$(go test ./... | egrep -v "^(ok|[?])\s+")
+if [[ ! -z "$RET_TEST0" ]]; then echo "$RET_TEST0"; echo; fi
+
+echo -e "${BOLD}go test -tags purego ./...${RESET}"
+RET_TEST1=$(go test -tags purego ./... | egrep -v "^(ok|[?])\s+")
+if [[ ! -z "$RET_TEST1" ]]; then echo "$RET_TEST1"; echo; fi
+
+echo -e "${BOLD}go generate${RESET}"
+RET_GEN=$(go run ./internal/cmd/generate-alias 2>&1)
+if [[ ! -z "$RET_GEN" ]]; then echo "$RET_GEN"; echo; fi
+
+echo -e "${BOLD}go fmt${RESET}"
+RET_FMT=$(gofmt -d $(git ls-files *.go) 2>&1)
+if [[ ! -z "$RET_FMT" ]]; then echo "$RET_FMT"; echo; fi
+
+echo -e "${BOLD}git diff${RESET}"
+RET_DIFF=$(git diff --no-prefix HEAD 2>&1)
+if [[ ! -z "$RET_DIFF" ]]; then echo "$RET_DIFF"; echo; fi
+
+echo -e "${BOLD}git ls-files${RESET}"
+RET_FILES=$(git ls-files --others --exclude-standard 2>&1)
+if [[ ! -z "$RET_FILES" ]]; then echo "$RET_FILES"; echo; fi
+
+if [[ ! -z "$RET_TEST0" ]] || [[ ! -z "$RET_TEST1" ]] || [[ ! -z "$RET_GEN" ]] || [ ! -z "$RET_FMT" ] || [[ ! -z "$RET_DIFF" ]] || [[ ! -z "$RET_FILES" ]]; then
+	echo -e "${FAIL}${RESET}"; exit 1
+else
+	echo -e "${PASS}${RESET}"; exit 0
+fi
diff --git a/vendor/github.com/refraction-networking/gotapdance/protobuf/Makefile b/vendor/github.com/refraction-networking/gotapdance/protobuf/Makefile
index ae1ab0e2f..ce96b121a 100644
--- a/vendor/github.com/refraction-networking/gotapdance/protobuf/Makefile
+++ b/vendor/github.com/refraction-networking/gotapdance/protobuf/Makefile
@@ -1,3 +1,28 @@
-
+#
+# github.com/protobuf/protoc-gen-go was recently deprecated in favor of 
+# google.golang.org/protobuf/protoc-gen-go and there have been some changes to the interface.
+# We are using protoc to generate golang as a package in a somewhat non-standard way and as such
+# we have to specify some options. For more details see
+# [here](https://developers.google.com/protocol-buffers/docs/reference/go-generated#package).
+#
+#	protoc --go_out=./ --go_opt=M"./signalling.proto=./;tdproto" signalling.proto \
+#
+# --go_out=./
+#  		--go_out  == generate go files into the current directory
+#
+# --go_opt=M"signalling.proto=./;tdproto"
+#  		--go_opt=			== use options for protoc-gen-go
+#  		Msignalling.proto	== the structures defined by the protobuf at this path are used by the module defined here
+#  		=./ 				== the module for importing related files is at ./ 
+#  		;tdproto 			== use a custom package name (other than module name defined by package path, which we aren't using)
+#
+# signalling.proto == the file to compile using protoc
+#
+# --------------------------------------------------------------------------------------------------
+#
+# old command to compile the protobuf into a local file with package name tdproto
+#
+# 	protoc --go_out=import_path=tdproto:. signalling.proto \
+	
 all:
-	protoc --go_out=import_path=tdproto:. signalling.proto
+	protoc --go_out=./ --go_opt=M"signalling.proto=./;tdproto" signalling.proto
diff --git a/vendor/github.com/refraction-networking/gotapdance/protobuf/signalling.pb.go b/vendor/github.com/refraction-networking/gotapdance/protobuf/signalling.pb.go
index 47e5cf1e4..c5a8c9d18 100644
--- a/vendor/github.com/refraction-networking/gotapdance/protobuf/signalling.pb.go
+++ b/vendor/github.com/refraction-networking/gotapdance/protobuf/signalling.pb.go
@@ -1,41 +1,47 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.26.0
+// 	protoc        v3.17.3
 // source: signalling.proto
 
+// TODO: We're using proto2 because it's the default on Ubuntu 16.04.
+// At some point we will want to migrate to proto3, but we are not
+// using any proto3 features yet.
+
 package tdproto
 
 import (
-	fmt "fmt"
-	proto "github.com/golang/protobuf/proto"
-	math "math"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
 )
 
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
-
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
 
 type KeyType int32
 
 const (
 	KeyType_AES_GCM_128 KeyType = 90
-	KeyType_AES_GCM_256 KeyType = 91
+	KeyType_AES_GCM_256 KeyType = 91 // not supported atm
 )
 
-var KeyType_name = map[int32]string{
-	90: "AES_GCM_128",
-	91: "AES_GCM_256",
-}
-
-var KeyType_value = map[string]int32{
-	"AES_GCM_128": 90,
-	"AES_GCM_256": 91,
-}
+// Enum value maps for KeyType.
+var (
+	KeyType_name = map[int32]string{
+		90: "AES_GCM_128",
+		91: "AES_GCM_256",
+	}
+	KeyType_value = map[string]int32{
+		"AES_GCM_128": 90,
+		"AES_GCM_256": 91,
+	}
+)
 
 func (x KeyType) Enum() *KeyType {
 	p := new(KeyType)
@@ -44,20 +50,34 @@ func (x KeyType) Enum() *KeyType {
 }
 
 func (x KeyType) String() string {
-	return proto.EnumName(KeyType_name, int32(x))
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (KeyType) Descriptor() protoreflect.EnumDescriptor {
+	return file_signalling_proto_enumTypes[0].Descriptor()
+}
+
+func (KeyType) Type() protoreflect.EnumType {
+	return &file_signalling_proto_enumTypes[0]
+}
+
+func (x KeyType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
 }
 
-func (x *KeyType) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(KeyType_value, data, "KeyType")
+// Deprecated: Do not use.
+func (x *KeyType) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
 	if err != nil {
 		return err
 	}
-	*x = KeyType(value)
+	*x = KeyType(num)
 	return nil
 }
 
+// Deprecated: Use KeyType.Descriptor instead.
 func (KeyType) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{0}
+	return file_signalling_proto_rawDescGZIP(), []int{0}
 }
 
 // State transitions of the client
@@ -65,8 +85,8 @@ type C2S_Transition int32
 
 const (
 	C2S_Transition_C2S_NO_CHANGE                C2S_Transition = 0
-	C2S_Transition_C2S_SESSION_INIT             C2S_Transition = 1
-	C2S_Transition_C2S_SESSION_COVERT_INIT      C2S_Transition = 11
+	C2S_Transition_C2S_SESSION_INIT             C2S_Transition = 1  // connect me to squid
+	C2S_Transition_C2S_SESSION_COVERT_INIT      C2S_Transition = 11 // connect me to provided covert
 	C2S_Transition_C2S_EXPECT_RECONNECT         C2S_Transition = 2
 	C2S_Transition_C2S_SESSION_CLOSE            C2S_Transition = 3
 	C2S_Transition_C2S_YIELD_UPLOAD             C2S_Transition = 4
@@ -75,29 +95,31 @@ const (
 	C2S_Transition_C2S_ERROR                    C2S_Transition = 255
 )
 
-var C2S_Transition_name = map[int32]string{
-	0:   "C2S_NO_CHANGE",
-	1:   "C2S_SESSION_INIT",
-	11:  "C2S_SESSION_COVERT_INIT",
-	2:   "C2S_EXPECT_RECONNECT",
-	3:   "C2S_SESSION_CLOSE",
-	4:   "C2S_YIELD_UPLOAD",
-	5:   "C2S_ACQUIRE_UPLOAD",
-	6:   "C2S_EXPECT_UPLOADONLY_RECONN",
-	255: "C2S_ERROR",
-}
-
-var C2S_Transition_value = map[string]int32{
-	"C2S_NO_CHANGE":                0,
-	"C2S_SESSION_INIT":             1,
-	"C2S_SESSION_COVERT_INIT":      11,
-	"C2S_EXPECT_RECONNECT":         2,
-	"C2S_SESSION_CLOSE":            3,
-	"C2S_YIELD_UPLOAD":             4,
-	"C2S_ACQUIRE_UPLOAD":           5,
-	"C2S_EXPECT_UPLOADONLY_RECONN": 6,
-	"C2S_ERROR":                    255,
-}
+// Enum value maps for C2S_Transition.
+var (
+	C2S_Transition_name = map[int32]string{
+		0:   "C2S_NO_CHANGE",
+		1:   "C2S_SESSION_INIT",
+		11:  "C2S_SESSION_COVERT_INIT",
+		2:   "C2S_EXPECT_RECONNECT",
+		3:   "C2S_SESSION_CLOSE",
+		4:   "C2S_YIELD_UPLOAD",
+		5:   "C2S_ACQUIRE_UPLOAD",
+		6:   "C2S_EXPECT_UPLOADONLY_RECONN",
+		255: "C2S_ERROR",
+	}
+	C2S_Transition_value = map[string]int32{
+		"C2S_NO_CHANGE":                0,
+		"C2S_SESSION_INIT":             1,
+		"C2S_SESSION_COVERT_INIT":      11,
+		"C2S_EXPECT_RECONNECT":         2,
+		"C2S_SESSION_CLOSE":            3,
+		"C2S_YIELD_UPLOAD":             4,
+		"C2S_ACQUIRE_UPLOAD":           5,
+		"C2S_EXPECT_UPLOADONLY_RECONN": 6,
+		"C2S_ERROR":                    255,
+	}
+)
 
 func (x C2S_Transition) Enum() *C2S_Transition {
 	p := new(C2S_Transition)
@@ -106,20 +128,35 @@ func (x C2S_Transition) Enum() *C2S_Transition {
 }
 
 func (x C2S_Transition) String() string {
-	return proto.EnumName(C2S_Transition_name, int32(x))
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (C2S_Transition) Descriptor() protoreflect.EnumDescriptor {
+	return file_signalling_proto_enumTypes[1].Descriptor()
 }
 
-func (x *C2S_Transition) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(C2S_Transition_value, data, "C2S_Transition")
+func (C2S_Transition) Type() protoreflect.EnumType {
+	return &file_signalling_proto_enumTypes[1]
+}
+
+func (x C2S_Transition) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+
+// Deprecated: Do not use.
+func (x *C2S_Transition) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
 	if err != nil {
 		return err
 	}
-	*x = C2S_Transition(value)
+	*x = C2S_Transition(num)
 	return nil
 }
 
+// Deprecated: Use C2S_Transition.Descriptor instead.
 func (C2S_Transition) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{1}
+	return file_signalling_proto_rawDescGZIP(), []int{1}
 }
 
 // State transitions of the server
@@ -127,31 +164,33 @@ type S2C_Transition int32
 
 const (
 	S2C_Transition_S2C_NO_CHANGE           S2C_Transition = 0
-	S2C_Transition_S2C_SESSION_INIT        S2C_Transition = 1
-	S2C_Transition_S2C_SESSION_COVERT_INIT S2C_Transition = 11
+	S2C_Transition_S2C_SESSION_INIT        S2C_Transition = 1  // connected to squid
+	S2C_Transition_S2C_SESSION_COVERT_INIT S2C_Transition = 11 // connected to covert host
 	S2C_Transition_S2C_CONFIRM_RECONNECT   S2C_Transition = 2
 	S2C_Transition_S2C_SESSION_CLOSE       S2C_Transition = 3
 	// TODO should probably also allow EXPECT_RECONNECT here, for DittoTap
 	S2C_Transition_S2C_ERROR S2C_Transition = 255
 )
 
-var S2C_Transition_name = map[int32]string{
-	0:   "S2C_NO_CHANGE",
-	1:   "S2C_SESSION_INIT",
-	11:  "S2C_SESSION_COVERT_INIT",
-	2:   "S2C_CONFIRM_RECONNECT",
-	3:   "S2C_SESSION_CLOSE",
-	255: "S2C_ERROR",
-}
-
-var S2C_Transition_value = map[string]int32{
-	"S2C_NO_CHANGE":           0,
-	"S2C_SESSION_INIT":        1,
-	"S2C_SESSION_COVERT_INIT": 11,
-	"S2C_CONFIRM_RECONNECT":   2,
-	"S2C_SESSION_CLOSE":       3,
-	"S2C_ERROR":               255,
-}
+// Enum value maps for S2C_Transition.
+var (
+	S2C_Transition_name = map[int32]string{
+		0:   "S2C_NO_CHANGE",
+		1:   "S2C_SESSION_INIT",
+		11:  "S2C_SESSION_COVERT_INIT",
+		2:   "S2C_CONFIRM_RECONNECT",
+		3:   "S2C_SESSION_CLOSE",
+		255: "S2C_ERROR",
+	}
+	S2C_Transition_value = map[string]int32{
+		"S2C_NO_CHANGE":           0,
+		"S2C_SESSION_INIT":        1,
+		"S2C_SESSION_COVERT_INIT": 11,
+		"S2C_CONFIRM_RECONNECT":   2,
+		"S2C_SESSION_CLOSE":       3,
+		"S2C_ERROR":               255,
+	}
+)
 
 func (x S2C_Transition) Enum() *S2C_Transition {
 	p := new(S2C_Transition)
@@ -160,20 +199,34 @@ func (x S2C_Transition) Enum() *S2C_Transition {
 }
 
 func (x S2C_Transition) String() string {
-	return proto.EnumName(S2C_Transition_name, int32(x))
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (S2C_Transition) Descriptor() protoreflect.EnumDescriptor {
+	return file_signalling_proto_enumTypes[2].Descriptor()
+}
+
+func (S2C_Transition) Type() protoreflect.EnumType {
+	return &file_signalling_proto_enumTypes[2]
 }
 
-func (x *S2C_Transition) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(S2C_Transition_value, data, "S2C_Transition")
+func (x S2C_Transition) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *S2C_Transition) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
 	if err != nil {
 		return err
 	}
-	*x = S2C_Transition(value)
+	*x = S2C_Transition(num)
 	return nil
 }
 
+// Deprecated: Use S2C_Transition.Descriptor instead.
 func (S2C_Transition) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{2}
+	return file_signalling_proto_rawDescGZIP(), []int{2}
 }
 
 // Should accompany all S2C_ERROR messages.
@@ -181,36 +234,38 @@ type ErrorReasonS2C int32
 
 const (
 	ErrorReasonS2C_NO_ERROR         ErrorReasonS2C = 0
-	ErrorReasonS2C_COVERT_STREAM    ErrorReasonS2C = 1
-	ErrorReasonS2C_CLIENT_REPORTED  ErrorReasonS2C = 2
-	ErrorReasonS2C_CLIENT_PROTOCOL  ErrorReasonS2C = 3
-	ErrorReasonS2C_STATION_INTERNAL ErrorReasonS2C = 4
-	ErrorReasonS2C_DECOY_OVERLOAD   ErrorReasonS2C = 5
-	ErrorReasonS2C_CLIENT_STREAM    ErrorReasonS2C = 100
-	ErrorReasonS2C_CLIENT_TIMEOUT   ErrorReasonS2C = 101
+	ErrorReasonS2C_COVERT_STREAM    ErrorReasonS2C = 1   // Squid TCP connection broke
+	ErrorReasonS2C_CLIENT_REPORTED  ErrorReasonS2C = 2   // You told me something was wrong, client
+	ErrorReasonS2C_CLIENT_PROTOCOL  ErrorReasonS2C = 3   // You messed up, client (e.g. sent a bad protobuf)
+	ErrorReasonS2C_STATION_INTERNAL ErrorReasonS2C = 4   // I broke
+	ErrorReasonS2C_DECOY_OVERLOAD   ErrorReasonS2C = 5   // Everything's fine, but don't use this decoy right now
+	ErrorReasonS2C_CLIENT_STREAM    ErrorReasonS2C = 100 // My stream to you broke. (This is impossible to send)
+	ErrorReasonS2C_CLIENT_TIMEOUT   ErrorReasonS2C = 101 // You never came back. (This is impossible to send)
 )
 
-var ErrorReasonS2C_name = map[int32]string{
-	0:   "NO_ERROR",
-	1:   "COVERT_STREAM",
-	2:   "CLIENT_REPORTED",
-	3:   "CLIENT_PROTOCOL",
-	4:   "STATION_INTERNAL",
-	5:   "DECOY_OVERLOAD",
-	100: "CLIENT_STREAM",
-	101: "CLIENT_TIMEOUT",
-}
-
-var ErrorReasonS2C_value = map[string]int32{
-	"NO_ERROR":         0,
-	"COVERT_STREAM":    1,
-	"CLIENT_REPORTED":  2,
-	"CLIENT_PROTOCOL":  3,
-	"STATION_INTERNAL": 4,
-	"DECOY_OVERLOAD":   5,
-	"CLIENT_STREAM":    100,
-	"CLIENT_TIMEOUT":   101,
-}
+// Enum value maps for ErrorReasonS2C.
+var (
+	ErrorReasonS2C_name = map[int32]string{
+		0:   "NO_ERROR",
+		1:   "COVERT_STREAM",
+		2:   "CLIENT_REPORTED",
+		3:   "CLIENT_PROTOCOL",
+		4:   "STATION_INTERNAL",
+		5:   "DECOY_OVERLOAD",
+		100: "CLIENT_STREAM",
+		101: "CLIENT_TIMEOUT",
+	}
+	ErrorReasonS2C_value = map[string]int32{
+		"NO_ERROR":         0,
+		"COVERT_STREAM":    1,
+		"CLIENT_REPORTED":  2,
+		"CLIENT_PROTOCOL":  3,
+		"STATION_INTERNAL": 4,
+		"DECOY_OVERLOAD":   5,
+		"CLIENT_STREAM":    100,
+		"CLIENT_TIMEOUT":   101,
+	}
+)
 
 func (x ErrorReasonS2C) Enum() *ErrorReasonS2C {
 	p := new(ErrorReasonS2C)
@@ -219,41 +274,57 @@ func (x ErrorReasonS2C) Enum() *ErrorReasonS2C {
 }
 
 func (x ErrorReasonS2C) String() string {
-	return proto.EnumName(ErrorReasonS2C_name, int32(x))
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
 }
 
-func (x *ErrorReasonS2C) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(ErrorReasonS2C_value, data, "ErrorReasonS2C")
+func (ErrorReasonS2C) Descriptor() protoreflect.EnumDescriptor {
+	return file_signalling_proto_enumTypes[3].Descriptor()
+}
+
+func (ErrorReasonS2C) Type() protoreflect.EnumType {
+	return &file_signalling_proto_enumTypes[3]
+}
+
+func (x ErrorReasonS2C) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *ErrorReasonS2C) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
 	if err != nil {
 		return err
 	}
-	*x = ErrorReasonS2C(value)
+	*x = ErrorReasonS2C(num)
 	return nil
 }
 
+// Deprecated: Use ErrorReasonS2C.Descriptor instead.
 func (ErrorReasonS2C) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{3}
+	return file_signalling_proto_rawDescGZIP(), []int{3}
 }
 
 type TransportType int32
 
 const (
 	TransportType_Null  TransportType = 0
-	TransportType_Min   TransportType = 1
-	TransportType_Obfs4 TransportType = 2
+	TransportType_Min   TransportType = 1 // Send a 32-byte HMAC id to let the station distinguish registrations to same host
+	TransportType_Obfs4 TransportType = 2 // Not implemented yet?
 )
 
-var TransportType_name = map[int32]string{
-	0: "Null",
-	1: "Min",
-	2: "Obfs4",
-}
-
-var TransportType_value = map[string]int32{
-	"Null":  0,
-	"Min":   1,
-	"Obfs4": 2,
-}
+// Enum value maps for TransportType.
+var (
+	TransportType_name = map[int32]string{
+		0: "Null",
+		1: "Min",
+		2: "Obfs4",
+	}
+	TransportType_value = map[string]int32{
+		"Null":  0,
+		"Min":   1,
+		"Obfs4": 2,
+	}
+)
 
 func (x TransportType) Enum() *TransportType {
 	p := new(TransportType)
@@ -262,44 +333,63 @@ func (x TransportType) Enum() *TransportType {
 }
 
 func (x TransportType) String() string {
-	return proto.EnumName(TransportType_name, int32(x))
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (TransportType) Descriptor() protoreflect.EnumDescriptor {
+	return file_signalling_proto_enumTypes[4].Descriptor()
+}
+
+func (TransportType) Type() protoreflect.EnumType {
+	return &file_signalling_proto_enumTypes[4]
+}
+
+func (x TransportType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
 }
 
-func (x *TransportType) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(TransportType_value, data, "TransportType")
+// Deprecated: Do not use.
+func (x *TransportType) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
 	if err != nil {
 		return err
 	}
-	*x = TransportType(value)
+	*x = TransportType(num)
 	return nil
 }
 
+// Deprecated: Use TransportType.Descriptor instead.
 func (TransportType) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{4}
+	return file_signalling_proto_rawDescGZIP(), []int{4}
 }
 
 type RegistrationSource int32
 
 const (
-	RegistrationSource_Unspecified     RegistrationSource = 0
-	RegistrationSource_Detector        RegistrationSource = 1
-	RegistrationSource_API             RegistrationSource = 2
-	RegistrationSource_DetectorPrescan RegistrationSource = 3
+	RegistrationSource_Unspecified      RegistrationSource = 0
+	RegistrationSource_Detector         RegistrationSource = 1
+	RegistrationSource_API              RegistrationSource = 2
+	RegistrationSource_DetectorPrescan  RegistrationSource = 3
+	RegistrationSource_BidirectionalAPI RegistrationSource = 4
 )
 
-var RegistrationSource_name = map[int32]string{
-	0: "Unspecified",
-	1: "Detector",
-	2: "API",
-	3: "DetectorPrescan",
-}
-
-var RegistrationSource_value = map[string]int32{
-	"Unspecified":     0,
-	"Detector":        1,
-	"API":             2,
-	"DetectorPrescan": 3,
-}
+// Enum value maps for RegistrationSource.
+var (
+	RegistrationSource_name = map[int32]string{
+		0: "Unspecified",
+		1: "Detector",
+		2: "API",
+		3: "DetectorPrescan",
+		4: "BidirectionalAPI",
+	}
+	RegistrationSource_value = map[string]int32{
+		"Unspecified":      0,
+		"Detector":         1,
+		"API":              2,
+		"DetectorPrescan":  3,
+		"BidirectionalAPI": 4,
+	}
+)
 
 func (x RegistrationSource) Enum() *RegistrationSource {
 	p := new(RegistrationSource)
@@ -308,71 +398,97 @@ func (x RegistrationSource) Enum() *RegistrationSource {
 }
 
 func (x RegistrationSource) String() string {
-	return proto.EnumName(RegistrationSource_name, int32(x))
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (RegistrationSource) Descriptor() protoreflect.EnumDescriptor {
+	return file_signalling_proto_enumTypes[5].Descriptor()
+}
+
+func (RegistrationSource) Type() protoreflect.EnumType {
+	return &file_signalling_proto_enumTypes[5]
+}
+
+func (x RegistrationSource) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
 }
 
-func (x *RegistrationSource) UnmarshalJSON(data []byte) error {
-	value, err := proto.UnmarshalJSONEnum(RegistrationSource_value, data, "RegistrationSource")
+// Deprecated: Do not use.
+func (x *RegistrationSource) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
 	if err != nil {
 		return err
 	}
-	*x = RegistrationSource(value)
+	*x = RegistrationSource(num)
 	return nil
 }
 
+// Deprecated: Use RegistrationSource.Descriptor instead.
 func (RegistrationSource) EnumDescriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{5}
+	return file_signalling_proto_rawDescGZIP(), []int{5}
 }
 
 type PubKey struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
 	// A public key, as used by the station.
-	Key                  []byte   `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"`
-	Type                 *KeyType `protobuf:"varint,2,opt,name=type,enum=tapdance.KeyType" json:"type,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	Key  []byte   `protobuf:"bytes,1,opt,name=key" json:"key,omitempty"`
+	Type *KeyType `protobuf:"varint,2,opt,name=type,enum=tapdance.KeyType" json:"type,omitempty"`
 }
 
-func (m *PubKey) Reset()         { *m = PubKey{} }
-func (m *PubKey) String() string { return proto.CompactTextString(m) }
-func (*PubKey) ProtoMessage()    {}
-func (*PubKey) Descriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{0}
+func (x *PubKey) Reset() {
+	*x = PubKey{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
-func (m *PubKey) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PubKey.Unmarshal(m, b)
-}
-func (m *PubKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PubKey.Marshal(b, m, deterministic)
+func (x *PubKey) String() string {
+	return protoimpl.X.MessageStringOf(x)
 }
-func (m *PubKey) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PubKey.Merge(m, src)
-}
-func (m *PubKey) XXX_Size() int {
-	return xxx_messageInfo_PubKey.Size(m)
-}
-func (m *PubKey) XXX_DiscardUnknown() {
-	xxx_messageInfo_PubKey.DiscardUnknown(m)
+
+func (*PubKey) ProtoMessage() {}
+
+func (x *PubKey) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
 }
 
-var xxx_messageInfo_PubKey proto.InternalMessageInfo
+// Deprecated: Use PubKey.ProtoReflect.Descriptor instead.
+func (*PubKey) Descriptor() ([]byte, []int) {
+	return file_signalling_proto_rawDescGZIP(), []int{0}
+}
 
-func (m *PubKey) GetKey() []byte {
-	if m != nil {
-		return m.Key
+func (x *PubKey) GetKey() []byte {
+	if x != nil {
+		return x.Key
 	}
 	return nil
 }
 
-func (m *PubKey) GetType() KeyType {
-	if m != nil && m.Type != nil {
-		return *m.Type
+func (x *PubKey) GetType() KeyType {
+	if x != nil && x.Type != nil {
+		return *x.Type
 	}
 	return KeyType_AES_GCM_128
 }
 
 type TLSDecoySpec struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
 	// The hostname/SNI to use for this host
 	//
 	// The hostname is the only required field, although other
@@ -404,276 +520,316 @@ type TLSDecoySpec struct {
 	// TODO: the default is based on the current heuristic of only
 	// using decoys that permit windows of 15KB or larger.  If this
 	// heuristic changes, then this default doesn't make sense.
-	Tcpwin               *uint32  `protobuf:"varint,5,opt,name=tcpwin" json:"tcpwin,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	Tcpwin *uint32 `protobuf:"varint,5,opt,name=tcpwin" json:"tcpwin,omitempty"`
 }
 
-func (m *TLSDecoySpec) Reset()         { *m = TLSDecoySpec{} }
-func (m *TLSDecoySpec) String() string { return proto.CompactTextString(m) }
-func (*TLSDecoySpec) ProtoMessage()    {}
-func (*TLSDecoySpec) Descriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{1}
+func (x *TLSDecoySpec) Reset() {
+	*x = TLSDecoySpec{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
-func (m *TLSDecoySpec) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_TLSDecoySpec.Unmarshal(m, b)
-}
-func (m *TLSDecoySpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_TLSDecoySpec.Marshal(b, m, deterministic)
+func (x *TLSDecoySpec) String() string {
+	return protoimpl.X.MessageStringOf(x)
 }
-func (m *TLSDecoySpec) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_TLSDecoySpec.Merge(m, src)
-}
-func (m *TLSDecoySpec) XXX_Size() int {
-	return xxx_messageInfo_TLSDecoySpec.Size(m)
-}
-func (m *TLSDecoySpec) XXX_DiscardUnknown() {
-	xxx_messageInfo_TLSDecoySpec.DiscardUnknown(m)
+
+func (*TLSDecoySpec) ProtoMessage() {}
+
+func (x *TLSDecoySpec) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
 }
 
-var xxx_messageInfo_TLSDecoySpec proto.InternalMessageInfo
+// Deprecated: Use TLSDecoySpec.ProtoReflect.Descriptor instead.
+func (*TLSDecoySpec) Descriptor() ([]byte, []int) {
+	return file_signalling_proto_rawDescGZIP(), []int{1}
+}
 
-func (m *TLSDecoySpec) GetHostname() string {
-	if m != nil && m.Hostname != nil {
-		return *m.Hostname
+func (x *TLSDecoySpec) GetHostname() string {
+	if x != nil && x.Hostname != nil {
+		return *x.Hostname
 	}
 	return ""
 }
 
-func (m *TLSDecoySpec) GetIpv4Addr() uint32 {
-	if m != nil && m.Ipv4Addr != nil {
-		return *m.Ipv4Addr
+func (x *TLSDecoySpec) GetIpv4Addr() uint32 {
+	if x != nil && x.Ipv4Addr != nil {
+		return *x.Ipv4Addr
 	}
 	return 0
 }
 
-func (m *TLSDecoySpec) GetIpv6Addr() []byte {
-	if m != nil {
-		return m.Ipv6Addr
+func (x *TLSDecoySpec) GetIpv6Addr() []byte {
+	if x != nil {
+		return x.Ipv6Addr
 	}
 	return nil
 }
 
-func (m *TLSDecoySpec) GetPubkey() *PubKey {
-	if m != nil {
-		return m.Pubkey
+func (x *TLSDecoySpec) GetPubkey() *PubKey {
+	if x != nil {
+		return x.Pubkey
 	}
 	return nil
 }
 
-func (m *TLSDecoySpec) GetTimeout() uint32 {
-	if m != nil && m.Timeout != nil {
-		return *m.Timeout
+func (x *TLSDecoySpec) GetTimeout() uint32 {
+	if x != nil && x.Timeout != nil {
+		return *x.Timeout
 	}
 	return 0
 }
 
-func (m *TLSDecoySpec) GetTcpwin() uint32 {
-	if m != nil && m.Tcpwin != nil {
-		return *m.Tcpwin
+func (x *TLSDecoySpec) GetTcpwin() uint32 {
+	if x != nil && x.Tcpwin != nil {
+		return *x.Tcpwin
 	}
 	return 0
 }
 
 type ClientConf struct {
-	DecoyList            *DecoyList          `protobuf:"bytes,1,opt,name=decoy_list,json=decoyList" json:"decoy_list,omitempty"`
-	Generation           *uint32             `protobuf:"varint,2,opt,name=generation" json:"generation,omitempty"`
-	DefaultPubkey        *PubKey             `protobuf:"bytes,3,opt,name=default_pubkey,json=defaultPubkey" json:"default_pubkey,omitempty"`
-	PhantomSubnetsList   *PhantomSubnetsList `protobuf:"bytes,4,opt,name=phantom_subnets_list,json=phantomSubnetsList" json:"phantom_subnets_list,omitempty"`
-	ConjurePubkey        *PubKey             `protobuf:"bytes,5,opt,name=conjure_pubkey,json=conjurePubkey" json:"conjure_pubkey,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
-	XXX_unrecognized     []byte              `json:"-"`
-	XXX_sizecache        int32               `json:"-"`
-}
-
-func (m *ClientConf) Reset()         { *m = ClientConf{} }
-func (m *ClientConf) String() string { return proto.CompactTextString(m) }
-func (*ClientConf) ProtoMessage()    {}
-func (*ClientConf) Descriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{2}
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	DecoyList          *DecoyList          `protobuf:"bytes,1,opt,name=decoy_list,json=decoyList" json:"decoy_list,omitempty"`
+	Generation         *uint32             `protobuf:"varint,2,opt,name=generation" json:"generation,omitempty"`
+	DefaultPubkey      *PubKey             `protobuf:"bytes,3,opt,name=default_pubkey,json=defaultPubkey" json:"default_pubkey,omitempty"`
+	PhantomSubnetsList *PhantomSubnetsList `protobuf:"bytes,4,opt,name=phantom_subnets_list,json=phantomSubnetsList" json:"phantom_subnets_list,omitempty"`
+	ConjurePubkey      *PubKey             `protobuf:"bytes,5,opt,name=conjure_pubkey,json=conjurePubkey" json:"conjure_pubkey,omitempty"`
+}
+
+func (x *ClientConf) Reset() {
+	*x = ClientConf{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
-func (m *ClientConf) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ClientConf.Unmarshal(m, b)
-}
-func (m *ClientConf) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ClientConf.Marshal(b, m, deterministic)
-}
-func (m *ClientConf) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ClientConf.Merge(m, src)
-}
-func (m *ClientConf) XXX_Size() int {
-	return xxx_messageInfo_ClientConf.Size(m)
+func (x *ClientConf) String() string {
+	return protoimpl.X.MessageStringOf(x)
 }
-func (m *ClientConf) XXX_DiscardUnknown() {
-	xxx_messageInfo_ClientConf.DiscardUnknown(m)
+
+func (*ClientConf) ProtoMessage() {}
+
+func (x *ClientConf) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
 }
 
-var xxx_messageInfo_ClientConf proto.InternalMessageInfo
+// Deprecated: Use ClientConf.ProtoReflect.Descriptor instead.
+func (*ClientConf) Descriptor() ([]byte, []int) {
+	return file_signalling_proto_rawDescGZIP(), []int{2}
+}
 
-func (m *ClientConf) GetDecoyList() *DecoyList {
-	if m != nil {
-		return m.DecoyList
+func (x *ClientConf) GetDecoyList() *DecoyList {
+	if x != nil {
+		return x.DecoyList
 	}
 	return nil
 }
 
-func (m *ClientConf) GetGeneration() uint32 {
-	if m != nil && m.Generation != nil {
-		return *m.Generation
+func (x *ClientConf) GetGeneration() uint32 {
+	if x != nil && x.Generation != nil {
+		return *x.Generation
 	}
 	return 0
 }
 
-func (m *ClientConf) GetDefaultPubkey() *PubKey {
-	if m != nil {
-		return m.DefaultPubkey
+func (x *ClientConf) GetDefaultPubkey() *PubKey {
+	if x != nil {
+		return x.DefaultPubkey
 	}
 	return nil
 }
 
-func (m *ClientConf) GetPhantomSubnetsList() *PhantomSubnetsList {
-	if m != nil {
-		return m.PhantomSubnetsList
+func (x *ClientConf) GetPhantomSubnetsList() *PhantomSubnetsList {
+	if x != nil {
+		return x.PhantomSubnetsList
 	}
 	return nil
 }
 
-func (m *ClientConf) GetConjurePubkey() *PubKey {
-	if m != nil {
-		return m.ConjurePubkey
+func (x *ClientConf) GetConjurePubkey() *PubKey {
+	if x != nil {
+		return x.ConjurePubkey
 	}
 	return nil
 }
 
 type DecoyList struct {
-	TlsDecoys            []*TLSDecoySpec `protobuf:"bytes,1,rep,name=tls_decoys,json=tlsDecoys" json:"tls_decoys,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
-	XXX_unrecognized     []byte          `json:"-"`
-	XXX_sizecache        int32           `json:"-"`
-}
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
 
-func (m *DecoyList) Reset()         { *m = DecoyList{} }
-func (m *DecoyList) String() string { return proto.CompactTextString(m) }
-func (*DecoyList) ProtoMessage()    {}
-func (*DecoyList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{3}
+	TlsDecoys []*TLSDecoySpec `protobuf:"bytes,1,rep,name=tls_decoys,json=tlsDecoys" json:"tls_decoys,omitempty"`
 }
 
-func (m *DecoyList) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_DecoyList.Unmarshal(m, b)
-}
-func (m *DecoyList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_DecoyList.Marshal(b, m, deterministic)
-}
-func (m *DecoyList) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_DecoyList.Merge(m, src)
+func (x *DecoyList) Reset() {
+	*x = DecoyList{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
-func (m *DecoyList) XXX_Size() int {
-	return xxx_messageInfo_DecoyList.Size(m)
+
+func (x *DecoyList) String() string {
+	return protoimpl.X.MessageStringOf(x)
 }
-func (m *DecoyList) XXX_DiscardUnknown() {
-	xxx_messageInfo_DecoyList.DiscardUnknown(m)
+
+func (*DecoyList) ProtoMessage() {}
+
+func (x *DecoyList) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
 }
 
-var xxx_messageInfo_DecoyList proto.InternalMessageInfo
+// Deprecated: Use DecoyList.ProtoReflect.Descriptor instead.
+func (*DecoyList) Descriptor() ([]byte, []int) {
+	return file_signalling_proto_rawDescGZIP(), []int{3}
+}
 
-func (m *DecoyList) GetTlsDecoys() []*TLSDecoySpec {
-	if m != nil {
-		return m.TlsDecoys
+func (x *DecoyList) GetTlsDecoys() []*TLSDecoySpec {
+	if x != nil {
+		return x.TlsDecoys
 	}
 	return nil
 }
 
 type PhantomSubnetsList struct {
-	WeightedSubnets      []*PhantomSubnets `protobuf:"bytes,1,rep,name=weighted_subnets,json=weightedSubnets" json:"weighted_subnets,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
-	XXX_unrecognized     []byte            `json:"-"`
-	XXX_sizecache        int32             `json:"-"`
-}
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
 
-func (m *PhantomSubnetsList) Reset()         { *m = PhantomSubnetsList{} }
-func (m *PhantomSubnetsList) String() string { return proto.CompactTextString(m) }
-func (*PhantomSubnetsList) ProtoMessage()    {}
-func (*PhantomSubnetsList) Descriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{4}
+	WeightedSubnets []*PhantomSubnets `protobuf:"bytes,1,rep,name=weighted_subnets,json=weightedSubnets" json:"weighted_subnets,omitempty"`
 }
 
-func (m *PhantomSubnetsList) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PhantomSubnetsList.Unmarshal(m, b)
-}
-func (m *PhantomSubnetsList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PhantomSubnetsList.Marshal(b, m, deterministic)
-}
-func (m *PhantomSubnetsList) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PhantomSubnetsList.Merge(m, src)
+func (x *PhantomSubnetsList) Reset() {
+	*x = PhantomSubnetsList{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
-func (m *PhantomSubnetsList) XXX_Size() int {
-	return xxx_messageInfo_PhantomSubnetsList.Size(m)
+
+func (x *PhantomSubnetsList) String() string {
+	return protoimpl.X.MessageStringOf(x)
 }
-func (m *PhantomSubnetsList) XXX_DiscardUnknown() {
-	xxx_messageInfo_PhantomSubnetsList.DiscardUnknown(m)
+
+func (*PhantomSubnetsList) ProtoMessage() {}
+
+func (x *PhantomSubnetsList) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
 }
 
-var xxx_messageInfo_PhantomSubnetsList proto.InternalMessageInfo
+// Deprecated: Use PhantomSubnetsList.ProtoReflect.Descriptor instead.
+func (*PhantomSubnetsList) Descriptor() ([]byte, []int) {
+	return file_signalling_proto_rawDescGZIP(), []int{4}
+}
 
-func (m *PhantomSubnetsList) GetWeightedSubnets() []*PhantomSubnets {
-	if m != nil {
-		return m.WeightedSubnets
+func (x *PhantomSubnetsList) GetWeightedSubnets() []*PhantomSubnets {
+	if x != nil {
+		return x.WeightedSubnets
 	}
 	return nil
 }
 
 type PhantomSubnets struct {
-	Weight               *uint32  `protobuf:"varint,1,opt,name=weight" json:"weight,omitempty"`
-	Subnets              []string `protobuf:"bytes,2,rep,name=subnets" json:"subnets,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
 
-func (m *PhantomSubnets) Reset()         { *m = PhantomSubnets{} }
-func (m *PhantomSubnets) String() string { return proto.CompactTextString(m) }
-func (*PhantomSubnets) ProtoMessage()    {}
-func (*PhantomSubnets) Descriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{5}
+	Weight  *uint32  `protobuf:"varint,1,opt,name=weight" json:"weight,omitempty"`
+	Subnets []string `protobuf:"bytes,2,rep,name=subnets" json:"subnets,omitempty"`
 }
 
-func (m *PhantomSubnets) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_PhantomSubnets.Unmarshal(m, b)
-}
-func (m *PhantomSubnets) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_PhantomSubnets.Marshal(b, m, deterministic)
-}
-func (m *PhantomSubnets) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_PhantomSubnets.Merge(m, src)
+func (x *PhantomSubnets) Reset() {
+	*x = PhantomSubnets{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
-func (m *PhantomSubnets) XXX_Size() int {
-	return xxx_messageInfo_PhantomSubnets.Size(m)
+
+func (x *PhantomSubnets) String() string {
+	return protoimpl.X.MessageStringOf(x)
 }
-func (m *PhantomSubnets) XXX_DiscardUnknown() {
-	xxx_messageInfo_PhantomSubnets.DiscardUnknown(m)
+
+func (*PhantomSubnets) ProtoMessage() {}
+
+func (x *PhantomSubnets) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
 }
 
-var xxx_messageInfo_PhantomSubnets proto.InternalMessageInfo
+// Deprecated: Use PhantomSubnets.ProtoReflect.Descriptor instead.
+func (*PhantomSubnets) Descriptor() ([]byte, []int) {
+	return file_signalling_proto_rawDescGZIP(), []int{5}
+}
 
-func (m *PhantomSubnets) GetWeight() uint32 {
-	if m != nil && m.Weight != nil {
-		return *m.Weight
+func (x *PhantomSubnets) GetWeight() uint32 {
+	if x != nil && x.Weight != nil {
+		return *x.Weight
 	}
 	return 0
 }
 
-func (m *PhantomSubnets) GetSubnets() []string {
-	if m != nil {
-		return m.Subnets
+func (x *PhantomSubnets) GetSubnets() []string {
+	if x != nil {
+		return x.Subnets
 	}
 	return nil
 }
 
 type StationToClient struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
 	// Should accompany (at least) SESSION_INIT and CONFIRM_RECONNECT.
 	ProtocolVersion *uint32 `protobuf:"varint,1,opt,name=protocol_version,json=protocolVersion" json:"protocol_version,omitempty"`
 	// There might be a state transition. May be absent; absence should be
@@ -689,158 +845,174 @@ type StationToClient struct {
 	// Sent in SESSION_INIT, identifies the station that picked up
 	StationId *string `protobuf:"bytes,6,opt,name=station_id,json=stationId" json:"station_id,omitempty"`
 	// Random-sized junk to defeat packet size fingerprinting.
-	Padding              []byte   `protobuf:"bytes,100,opt,name=padding" json:"padding,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	Padding []byte `protobuf:"bytes,100,opt,name=padding" json:"padding,omitempty"`
 }
 
-func (m *StationToClient) Reset()         { *m = StationToClient{} }
-func (m *StationToClient) String() string { return proto.CompactTextString(m) }
-func (*StationToClient) ProtoMessage()    {}
-func (*StationToClient) Descriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{6}
+func (x *StationToClient) Reset() {
+	*x = StationToClient{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
-func (m *StationToClient) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_StationToClient.Unmarshal(m, b)
+func (x *StationToClient) String() string {
+	return protoimpl.X.MessageStringOf(x)
 }
-func (m *StationToClient) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_StationToClient.Marshal(b, m, deterministic)
-}
-func (m *StationToClient) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_StationToClient.Merge(m, src)
-}
-func (m *StationToClient) XXX_Size() int {
-	return xxx_messageInfo_StationToClient.Size(m)
-}
-func (m *StationToClient) XXX_DiscardUnknown() {
-	xxx_messageInfo_StationToClient.DiscardUnknown(m)
+
+func (*StationToClient) ProtoMessage() {}
+
+func (x *StationToClient) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
 }
 
-var xxx_messageInfo_StationToClient proto.InternalMessageInfo
+// Deprecated: Use StationToClient.ProtoReflect.Descriptor instead.
+func (*StationToClient) Descriptor() ([]byte, []int) {
+	return file_signalling_proto_rawDescGZIP(), []int{6}
+}
 
-func (m *StationToClient) GetProtocolVersion() uint32 {
-	if m != nil && m.ProtocolVersion != nil {
-		return *m.ProtocolVersion
+func (x *StationToClient) GetProtocolVersion() uint32 {
+	if x != nil && x.ProtocolVersion != nil {
+		return *x.ProtocolVersion
 	}
 	return 0
 }
 
-func (m *StationToClient) GetStateTransition() S2C_Transition {
-	if m != nil && m.StateTransition != nil {
-		return *m.StateTransition
+func (x *StationToClient) GetStateTransition() S2C_Transition {
+	if x != nil && x.StateTransition != nil {
+		return *x.StateTransition
 	}
 	return S2C_Transition_S2C_NO_CHANGE
 }
 
-func (m *StationToClient) GetConfigInfo() *ClientConf {
-	if m != nil {
-		return m.ConfigInfo
+func (x *StationToClient) GetConfigInfo() *ClientConf {
+	if x != nil {
+		return x.ConfigInfo
 	}
 	return nil
 }
 
-func (m *StationToClient) GetErrReason() ErrorReasonS2C {
-	if m != nil && m.ErrReason != nil {
-		return *m.ErrReason
+func (x *StationToClient) GetErrReason() ErrorReasonS2C {
+	if x != nil && x.ErrReason != nil {
+		return *x.ErrReason
 	}
 	return ErrorReasonS2C_NO_ERROR
 }
 
-func (m *StationToClient) GetTmpBackoff() uint32 {
-	if m != nil && m.TmpBackoff != nil {
-		return *m.TmpBackoff
+func (x *StationToClient) GetTmpBackoff() uint32 {
+	if x != nil && x.TmpBackoff != nil {
+		return *x.TmpBackoff
 	}
 	return 0
 }
 
-func (m *StationToClient) GetStationId() string {
-	if m != nil && m.StationId != nil {
-		return *m.StationId
+func (x *StationToClient) GetStationId() string {
+	if x != nil && x.StationId != nil {
+		return *x.StationId
 	}
 	return ""
 }
 
-func (m *StationToClient) GetPadding() []byte {
-	if m != nil {
-		return m.Padding
+func (x *StationToClient) GetPadding() []byte {
+	if x != nil {
+		return x.Padding
 	}
 	return nil
 }
 
 type RegistrationFlags struct {
-	UploadOnly           *bool    `protobuf:"varint,1,opt,name=upload_only,json=uploadOnly" json:"upload_only,omitempty"`
-	DarkDecoy            *bool    `protobuf:"varint,2,opt,name=dark_decoy,json=darkDecoy" json:"dark_decoy,omitempty"`
-	ProxyHeader          *bool    `protobuf:"varint,3,opt,name=proxy_header,json=proxyHeader" json:"proxy_header,omitempty"`
-	Use_TIL              *bool    `protobuf:"varint,4,opt,name=use_TIL,json=useTIL" json:"use_TIL,omitempty"`
-	Prescanned           *bool    `protobuf:"varint,5,opt,name=prescanned" json:"prescanned,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
-}
-
-func (m *RegistrationFlags) Reset()         { *m = RegistrationFlags{} }
-func (m *RegistrationFlags) String() string { return proto.CompactTextString(m) }
-func (*RegistrationFlags) ProtoMessage()    {}
-func (*RegistrationFlags) Descriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{7}
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	UploadOnly  *bool `protobuf:"varint,1,opt,name=upload_only,json=uploadOnly" json:"upload_only,omitempty"`
+	DarkDecoy   *bool `protobuf:"varint,2,opt,name=dark_decoy,json=darkDecoy" json:"dark_decoy,omitempty"`
+	ProxyHeader *bool `protobuf:"varint,3,opt,name=proxy_header,json=proxyHeader" json:"proxy_header,omitempty"`
+	Use_TIL     *bool `protobuf:"varint,4,opt,name=use_TIL,json=useTIL" json:"use_TIL,omitempty"`
+	Prescanned  *bool `protobuf:"varint,5,opt,name=prescanned" json:"prescanned,omitempty"`
+}
+
+func (x *RegistrationFlags) Reset() {
+	*x = RegistrationFlags{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
-func (m *RegistrationFlags) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_RegistrationFlags.Unmarshal(m, b)
-}
-func (m *RegistrationFlags) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_RegistrationFlags.Marshal(b, m, deterministic)
+func (x *RegistrationFlags) String() string {
+	return protoimpl.X.MessageStringOf(x)
 }
-func (m *RegistrationFlags) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_RegistrationFlags.Merge(m, src)
-}
-func (m *RegistrationFlags) XXX_Size() int {
-	return xxx_messageInfo_RegistrationFlags.Size(m)
-}
-func (m *RegistrationFlags) XXX_DiscardUnknown() {
-	xxx_messageInfo_RegistrationFlags.DiscardUnknown(m)
+
+func (*RegistrationFlags) ProtoMessage() {}
+
+func (x *RegistrationFlags) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
 }
 
-var xxx_messageInfo_RegistrationFlags proto.InternalMessageInfo
+// Deprecated: Use RegistrationFlags.ProtoReflect.Descriptor instead.
+func (*RegistrationFlags) Descriptor() ([]byte, []int) {
+	return file_signalling_proto_rawDescGZIP(), []int{7}
+}
 
-func (m *RegistrationFlags) GetUploadOnly() bool {
-	if m != nil && m.UploadOnly != nil {
-		return *m.UploadOnly
+func (x *RegistrationFlags) GetUploadOnly() bool {
+	if x != nil && x.UploadOnly != nil {
+		return *x.UploadOnly
 	}
 	return false
 }
 
-func (m *RegistrationFlags) GetDarkDecoy() bool {
-	if m != nil && m.DarkDecoy != nil {
-		return *m.DarkDecoy
+func (x *RegistrationFlags) GetDarkDecoy() bool {
+	if x != nil && x.DarkDecoy != nil {
+		return *x.DarkDecoy
 	}
 	return false
 }
 
-func (m *RegistrationFlags) GetProxyHeader() bool {
-	if m != nil && m.ProxyHeader != nil {
-		return *m.ProxyHeader
+func (x *RegistrationFlags) GetProxyHeader() bool {
+	if x != nil && x.ProxyHeader != nil {
+		return *x.ProxyHeader
 	}
 	return false
 }
 
-func (m *RegistrationFlags) GetUse_TIL() bool {
-	if m != nil && m.Use_TIL != nil {
-		return *m.Use_TIL
+func (x *RegistrationFlags) GetUse_TIL() bool {
+	if x != nil && x.Use_TIL != nil {
+		return *x.Use_TIL
 	}
 	return false
 }
 
-func (m *RegistrationFlags) GetPrescanned() bool {
-	if m != nil && m.Prescanned != nil {
-		return *m.Prescanned
+func (x *RegistrationFlags) GetPrescanned() bool {
+	if x != nil && x.Prescanned != nil {
+		return *x.Prescanned
 	}
 	return false
 }
 
 type ClientToStation struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
 	ProtocolVersion *uint32 `protobuf:"varint,1,opt,name=protocol_version,json=protocolVersion" json:"protocol_version,omitempty"`
 	// The client reports its decoy list's version number here, which the
 	// station can use to decide whether to send an updated one. The station
@@ -871,449 +1043,917 @@ type ClientToStation struct {
 	// A collection of optional flags for the registration.
 	Flags *RegistrationFlags `protobuf:"bytes,24,opt,name=flags" json:"flags,omitempty"`
 	// Random-sized junk to defeat packet size fingerprinting.
-	Padding              []byte   `protobuf:"bytes,100,opt,name=padding" json:"padding,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	Padding []byte `protobuf:"bytes,100,opt,name=padding" json:"padding,omitempty"`
 }
 
-func (m *ClientToStation) Reset()         { *m = ClientToStation{} }
-func (m *ClientToStation) String() string { return proto.CompactTextString(m) }
-func (*ClientToStation) ProtoMessage()    {}
-func (*ClientToStation) Descriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{8}
+func (x *ClientToStation) Reset() {
+	*x = ClientToStation{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
-func (m *ClientToStation) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_ClientToStation.Unmarshal(m, b)
-}
-func (m *ClientToStation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_ClientToStation.Marshal(b, m, deterministic)
+func (x *ClientToStation) String() string {
+	return protoimpl.X.MessageStringOf(x)
 }
-func (m *ClientToStation) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_ClientToStation.Merge(m, src)
-}
-func (m *ClientToStation) XXX_Size() int {
-	return xxx_messageInfo_ClientToStation.Size(m)
-}
-func (m *ClientToStation) XXX_DiscardUnknown() {
-	xxx_messageInfo_ClientToStation.DiscardUnknown(m)
+
+func (*ClientToStation) ProtoMessage() {}
+
+func (x *ClientToStation) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
 }
 
-var xxx_messageInfo_ClientToStation proto.InternalMessageInfo
+// Deprecated: Use ClientToStation.ProtoReflect.Descriptor instead.
+func (*ClientToStation) Descriptor() ([]byte, []int) {
+	return file_signalling_proto_rawDescGZIP(), []int{8}
+}
 
-func (m *ClientToStation) GetProtocolVersion() uint32 {
-	if m != nil && m.ProtocolVersion != nil {
-		return *m.ProtocolVersion
+func (x *ClientToStation) GetProtocolVersion() uint32 {
+	if x != nil && x.ProtocolVersion != nil {
+		return *x.ProtocolVersion
 	}
 	return 0
 }
 
-func (m *ClientToStation) GetDecoyListGeneration() uint32 {
-	if m != nil && m.DecoyListGeneration != nil {
-		return *m.DecoyListGeneration
+func (x *ClientToStation) GetDecoyListGeneration() uint32 {
+	if x != nil && x.DecoyListGeneration != nil {
+		return *x.DecoyListGeneration
 	}
 	return 0
 }
 
-func (m *ClientToStation) GetStateTransition() C2S_Transition {
-	if m != nil && m.StateTransition != nil {
-		return *m.StateTransition
+func (x *ClientToStation) GetStateTransition() C2S_Transition {
+	if x != nil && x.StateTransition != nil {
+		return *x.StateTransition
 	}
 	return C2S_Transition_C2S_NO_CHANGE
 }
 
-func (m *ClientToStation) GetUploadSync() uint64 {
-	if m != nil && m.UploadSync != nil {
-		return *m.UploadSync
+func (x *ClientToStation) GetUploadSync() uint64 {
+	if x != nil && x.UploadSync != nil {
+		return *x.UploadSync
 	}
 	return 0
 }
 
-func (m *ClientToStation) GetFailedDecoys() []string {
-	if m != nil {
-		return m.FailedDecoys
+func (x *ClientToStation) GetFailedDecoys() []string {
+	if x != nil {
+		return x.FailedDecoys
 	}
 	return nil
 }
 
-func (m *ClientToStation) GetStats() *SessionStats {
-	if m != nil {
-		return m.Stats
+func (x *ClientToStation) GetStats() *SessionStats {
+	if x != nil {
+		return x.Stats
 	}
 	return nil
 }
 
-func (m *ClientToStation) GetTransport() TransportType {
-	if m != nil && m.Transport != nil {
-		return *m.Transport
+func (x *ClientToStation) GetTransport() TransportType {
+	if x != nil && x.Transport != nil {
+		return *x.Transport
 	}
 	return TransportType_Null
 }
 
-func (m *ClientToStation) GetCovertAddress() string {
-	if m != nil && m.CovertAddress != nil {
-		return *m.CovertAddress
+func (x *ClientToStation) GetCovertAddress() string {
+	if x != nil && x.CovertAddress != nil {
+		return *x.CovertAddress
 	}
 	return ""
 }
 
-func (m *ClientToStation) GetMaskedDecoyServerName() string {
-	if m != nil && m.MaskedDecoyServerName != nil {
-		return *m.MaskedDecoyServerName
+func (x *ClientToStation) GetMaskedDecoyServerName() string {
+	if x != nil && x.MaskedDecoyServerName != nil {
+		return *x.MaskedDecoyServerName
 	}
 	return ""
 }
 
-func (m *ClientToStation) GetV6Support() bool {
-	if m != nil && m.V6Support != nil {
-		return *m.V6Support
+func (x *ClientToStation) GetV6Support() bool {
+	if x != nil && x.V6Support != nil {
+		return *x.V6Support
 	}
 	return false
 }
 
-func (m *ClientToStation) GetV4Support() bool {
-	if m != nil && m.V4Support != nil {
-		return *m.V4Support
+func (x *ClientToStation) GetV4Support() bool {
+	if x != nil && x.V4Support != nil {
+		return *x.V4Support
 	}
 	return false
 }
 
-func (m *ClientToStation) GetFlags() *RegistrationFlags {
-	if m != nil {
-		return m.Flags
+func (x *ClientToStation) GetFlags() *RegistrationFlags {
+	if x != nil {
+		return x.Flags
 	}
 	return nil
 }
 
-func (m *ClientToStation) GetPadding() []byte {
-	if m != nil {
-		return m.Padding
+func (x *ClientToStation) GetPadding() []byte {
+	if x != nil {
+		return x.Padding
 	}
 	return nil
 }
 
 type C2SWrapper struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
 	SharedSecret        []byte              `protobuf:"bytes,1,opt,name=shared_secret,json=sharedSecret" json:"shared_secret,omitempty"`
 	RegistrationPayload *ClientToStation    `protobuf:"bytes,3,opt,name=registration_payload,json=registrationPayload" json:"registration_payload,omitempty"`
 	RegistrationSource  *RegistrationSource `protobuf:"varint,4,opt,name=registration_source,json=registrationSource,enum=tapdance.RegistrationSource" json:"registration_source,omitempty"`
 	// client source address when receiving a registration
 	RegistrationAddress []byte `protobuf:"bytes,6,opt,name=registration_address,json=registrationAddress" json:"registration_address,omitempty"`
 	// Decoy address used when registering over Decoy registrar
-	DecoyAddress         []byte   `protobuf:"bytes,7,opt,name=decoy_address,json=decoyAddress" json:"decoy_address,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	DecoyAddress         []byte                `protobuf:"bytes,7,opt,name=decoy_address,json=decoyAddress" json:"decoy_address,omitempty"`
+	RegistrationResponse *RegistrationResponse `protobuf:"bytes,8,opt,name=registration_response,json=registrationResponse" json:"registration_response,omitempty"`
 }
 
-func (m *C2SWrapper) Reset()         { *m = C2SWrapper{} }
-func (m *C2SWrapper) String() string { return proto.CompactTextString(m) }
-func (*C2SWrapper) ProtoMessage()    {}
-func (*C2SWrapper) Descriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{9}
+func (x *C2SWrapper) Reset() {
+	*x = C2SWrapper{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
-func (m *C2SWrapper) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_C2SWrapper.Unmarshal(m, b)
-}
-func (m *C2SWrapper) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_C2SWrapper.Marshal(b, m, deterministic)
-}
-func (m *C2SWrapper) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_C2SWrapper.Merge(m, src)
+func (x *C2SWrapper) String() string {
+	return protoimpl.X.MessageStringOf(x)
 }
-func (m *C2SWrapper) XXX_Size() int {
-	return xxx_messageInfo_C2SWrapper.Size(m)
-}
-func (m *C2SWrapper) XXX_DiscardUnknown() {
-	xxx_messageInfo_C2SWrapper.DiscardUnknown(m)
+
+func (*C2SWrapper) ProtoMessage() {}
+
+func (x *C2SWrapper) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
 }
 
-var xxx_messageInfo_C2SWrapper proto.InternalMessageInfo
+// Deprecated: Use C2SWrapper.ProtoReflect.Descriptor instead.
+func (*C2SWrapper) Descriptor() ([]byte, []int) {
+	return file_signalling_proto_rawDescGZIP(), []int{9}
+}
 
-func (m *C2SWrapper) GetSharedSecret() []byte {
-	if m != nil {
-		return m.SharedSecret
+func (x *C2SWrapper) GetSharedSecret() []byte {
+	if x != nil {
+		return x.SharedSecret
 	}
 	return nil
 }
 
-func (m *C2SWrapper) GetRegistrationPayload() *ClientToStation {
-	if m != nil {
-		return m.RegistrationPayload
+func (x *C2SWrapper) GetRegistrationPayload() *ClientToStation {
+	if x != nil {
+		return x.RegistrationPayload
 	}
 	return nil
 }
 
-func (m *C2SWrapper) GetRegistrationSource() RegistrationSource {
-	if m != nil && m.RegistrationSource != nil {
-		return *m.RegistrationSource
+func (x *C2SWrapper) GetRegistrationSource() RegistrationSource {
+	if x != nil && x.RegistrationSource != nil {
+		return *x.RegistrationSource
 	}
 	return RegistrationSource_Unspecified
 }
 
-func (m *C2SWrapper) GetRegistrationAddress() []byte {
-	if m != nil {
-		return m.RegistrationAddress
+func (x *C2SWrapper) GetRegistrationAddress() []byte {
+	if x != nil {
+		return x.RegistrationAddress
+	}
+	return nil
+}
+
+func (x *C2SWrapper) GetDecoyAddress() []byte {
+	if x != nil {
+		return x.DecoyAddress
 	}
 	return nil
 }
 
-func (m *C2SWrapper) GetDecoyAddress() []byte {
-	if m != nil {
-		return m.DecoyAddress
+func (x *C2SWrapper) GetRegistrationResponse() *RegistrationResponse {
+	if x != nil {
+		return x.RegistrationResponse
 	}
 	return nil
 }
 
 type SessionStats struct {
-	FailedDecoysAmount *uint32 `protobuf:"varint,20,opt,name=failed_decoys_amount,json=failedDecoysAmount" json:"failed_decoys_amount,omitempty"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	FailedDecoysAmount *uint32 `protobuf:"varint,20,opt,name=failed_decoys_amount,json=failedDecoysAmount" json:"failed_decoys_amount,omitempty"` // how many decoys were tried before success
 	// Applicable to whole session:
-	TotalTimeToConnect *uint32 `protobuf:"varint,31,opt,name=total_time_to_connect,json=totalTimeToConnect" json:"total_time_to_connect,omitempty"`
+	TotalTimeToConnect *uint32 `protobuf:"varint,31,opt,name=total_time_to_connect,json=totalTimeToConnect" json:"total_time_to_connect,omitempty"` // includes failed attempts
 	// Last (i.e. successful) decoy:
-	RttToStation         *uint32  `protobuf:"varint,33,opt,name=rtt_to_station,json=rttToStation" json:"rtt_to_station,omitempty"`
-	TlsToDecoy           *uint32  `protobuf:"varint,38,opt,name=tls_to_decoy,json=tlsToDecoy" json:"tls_to_decoy,omitempty"`
-	TcpToDecoy           *uint32  `protobuf:"varint,39,opt,name=tcp_to_decoy,json=tcpToDecoy" json:"tcp_to_decoy,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	RttToStation *uint32 `protobuf:"varint,33,opt,name=rtt_to_station,json=rttToStation" json:"rtt_to_station,omitempty"` // measured during initial handshake
+	TlsToDecoy   *uint32 `protobuf:"varint,38,opt,name=tls_to_decoy,json=tlsToDecoy" json:"tls_to_decoy,omitempty"`       // includes tcp to decoy
+	TcpToDecoy   *uint32 `protobuf:"varint,39,opt,name=tcp_to_decoy,json=tcpToDecoy" json:"tcp_to_decoy,omitempty"`       // measured when establishing tcp connection to decot
 }
 
-func (m *SessionStats) Reset()         { *m = SessionStats{} }
-func (m *SessionStats) String() string { return proto.CompactTextString(m) }
-func (*SessionStats) ProtoMessage()    {}
-func (*SessionStats) Descriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{10}
+func (x *SessionStats) Reset() {
+	*x = SessionStats{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
-func (m *SessionStats) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_SessionStats.Unmarshal(m, b)
-}
-func (m *SessionStats) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_SessionStats.Marshal(b, m, deterministic)
-}
-func (m *SessionStats) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_SessionStats.Merge(m, src)
+func (x *SessionStats) String() string {
+	return protoimpl.X.MessageStringOf(x)
 }
-func (m *SessionStats) XXX_Size() int {
-	return xxx_messageInfo_SessionStats.Size(m)
-}
-func (m *SessionStats) XXX_DiscardUnknown() {
-	xxx_messageInfo_SessionStats.DiscardUnknown(m)
+
+func (*SessionStats) ProtoMessage() {}
+
+func (x *SessionStats) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
 }
 
-var xxx_messageInfo_SessionStats proto.InternalMessageInfo
+// Deprecated: Use SessionStats.ProtoReflect.Descriptor instead.
+func (*SessionStats) Descriptor() ([]byte, []int) {
+	return file_signalling_proto_rawDescGZIP(), []int{10}
+}
 
-func (m *SessionStats) GetFailedDecoysAmount() uint32 {
-	if m != nil && m.FailedDecoysAmount != nil {
-		return *m.FailedDecoysAmount
+func (x *SessionStats) GetFailedDecoysAmount() uint32 {
+	if x != nil && x.FailedDecoysAmount != nil {
+		return *x.FailedDecoysAmount
 	}
 	return 0
 }
 
-func (m *SessionStats) GetTotalTimeToConnect() uint32 {
-	if m != nil && m.TotalTimeToConnect != nil {
-		return *m.TotalTimeToConnect
+func (x *SessionStats) GetTotalTimeToConnect() uint32 {
+	if x != nil && x.TotalTimeToConnect != nil {
+		return *x.TotalTimeToConnect
 	}
 	return 0
 }
 
-func (m *SessionStats) GetRttToStation() uint32 {
-	if m != nil && m.RttToStation != nil {
-		return *m.RttToStation
+func (x *SessionStats) GetRttToStation() uint32 {
+	if x != nil && x.RttToStation != nil {
+		return *x.RttToStation
 	}
 	return 0
 }
 
-func (m *SessionStats) GetTlsToDecoy() uint32 {
-	if m != nil && m.TlsToDecoy != nil {
-		return *m.TlsToDecoy
+func (x *SessionStats) GetTlsToDecoy() uint32 {
+	if x != nil && x.TlsToDecoy != nil {
+		return *x.TlsToDecoy
 	}
 	return 0
 }
 
-func (m *SessionStats) GetTcpToDecoy() uint32 {
-	if m != nil && m.TcpToDecoy != nil {
-		return *m.TcpToDecoy
+func (x *SessionStats) GetTcpToDecoy() uint32 {
+	if x != nil && x.TcpToDecoy != nil {
+		return *x.TcpToDecoy
 	}
 	return 0
 }
 
 type StationToDetector struct {
-	PhantomIp            *string  `protobuf:"bytes,1,opt,name=phantom_ip,json=phantomIp" json:"phantom_ip,omitempty"`
-	ClientIp             *string  `protobuf:"bytes,2,opt,name=client_ip,json=clientIp" json:"client_ip,omitempty"`
-	TimeoutNs            *uint64  `protobuf:"varint,3,opt,name=timeout_ns,json=timeoutNs" json:"timeout_ns,omitempty"`
-	XXX_NoUnkeyedLiteral struct{} `json:"-"`
-	XXX_unrecognized     []byte   `json:"-"`
-	XXX_sizecache        int32    `json:"-"`
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+	PhantomIp *string `protobuf:"bytes,1,opt,name=phantom_ip,json=phantomIp" json:"phantom_ip,omitempty"`
+	ClientIp  *string `protobuf:"bytes,2,opt,name=client_ip,json=clientIp" json:"client_ip,omitempty"`
+	TimeoutNs *uint64 `protobuf:"varint,3,opt,name=timeout_ns,json=timeoutNs" json:"timeout_ns,omitempty"`
+}
+
+func (x *StationToDetector) Reset() {
+	*x = StationToDetector{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
 
-func (m *StationToDetector) Reset()         { *m = StationToDetector{} }
-func (m *StationToDetector) String() string { return proto.CompactTextString(m) }
-func (*StationToDetector) ProtoMessage()    {}
+func (x *StationToDetector) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*StationToDetector) ProtoMessage() {}
+
+func (x *StationToDetector) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use StationToDetector.ProtoReflect.Descriptor instead.
 func (*StationToDetector) Descriptor() ([]byte, []int) {
-	return fileDescriptor_39f66308029891ad, []int{11}
+	return file_signalling_proto_rawDescGZIP(), []int{11}
 }
 
-func (m *StationToDetector) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_StationToDetector.Unmarshal(m, b)
+func (x *StationToDetector) GetPhantomIp() string {
+	if x != nil && x.PhantomIp != nil {
+		return *x.PhantomIp
+	}
+	return ""
 }
-func (m *StationToDetector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_StationToDetector.Marshal(b, m, deterministic)
+
+func (x *StationToDetector) GetClientIp() string {
+	if x != nil && x.ClientIp != nil {
+		return *x.ClientIp
+	}
+	return ""
 }
-func (m *StationToDetector) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_StationToDetector.Merge(m, src)
+
+func (x *StationToDetector) GetTimeoutNs() uint64 {
+	if x != nil && x.TimeoutNs != nil {
+		return *x.TimeoutNs
+	}
+	return 0
 }
-func (m *StationToDetector) XXX_Size() int {
-	return xxx_messageInfo_StationToDetector.Size(m)
+
+// Adding message response from Station to Client for birdirectional API
+type RegistrationResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Ipv4Addr *uint32 `protobuf:"fixed32,1,opt,name=ipv4addr" json:"ipv4addr,omitempty"`
+	// The 128-bit ipv6 address, in network byte order
+	Ipv6Addr []byte `protobuf:"bytes,2,opt,name=ipv6addr" json:"ipv6addr,omitempty"`
+	// Respond with randomized port
+	Port *uint32 `protobuf:"varint,3,opt,name=port" json:"port,omitempty"`
+	// Future: station provides client with secret, want chanel present
+	// Leave null for now
+	ServerRandom []byte `protobuf:"bytes,4,opt,name=serverRandom" json:"serverRandom,omitempty"`
+	// Optional string for if registration wrong, populate this error string
+	Error *string `protobuf:"bytes,5,opt,name=error" json:"error,omitempty"`
+}
+
+func (x *RegistrationResponse) Reset() {
+	*x = RegistrationResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_signalling_proto_msgTypes[12]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
 }
-func (m *StationToDetector) XXX_DiscardUnknown() {
-	xxx_messageInfo_StationToDetector.DiscardUnknown(m)
+
+func (x *RegistrationResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
 }
 
-var xxx_messageInfo_StationToDetector proto.InternalMessageInfo
+func (*RegistrationResponse) ProtoMessage() {}
 
-func (m *StationToDetector) GetPhantomIp() string {
-	if m != nil && m.PhantomIp != nil {
-		return *m.PhantomIp
+func (x *RegistrationResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_signalling_proto_msgTypes[12]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
 	}
-	return ""
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RegistrationResponse.ProtoReflect.Descriptor instead.
+func (*RegistrationResponse) Descriptor() ([]byte, []int) {
+	return file_signalling_proto_rawDescGZIP(), []int{12}
 }
 
-func (m *StationToDetector) GetClientIp() string {
-	if m != nil && m.ClientIp != nil {
-		return *m.ClientIp
+func (x *RegistrationResponse) GetIpv4Addr() uint32 {
+	if x != nil && x.Ipv4Addr != nil {
+		return *x.Ipv4Addr
 	}
-	return ""
+	return 0
 }
 
-func (m *StationToDetector) GetTimeoutNs() uint64 {
-	if m != nil && m.TimeoutNs != nil {
-		return *m.TimeoutNs
+func (x *RegistrationResponse) GetIpv6Addr() []byte {
+	if x != nil {
+		return x.Ipv6Addr
+	}
+	return nil
+}
+
+func (x *RegistrationResponse) GetPort() uint32 {
+	if x != nil && x.Port != nil {
+		return *x.Port
 	}
 	return 0
 }
 
-func init() {
-	proto.RegisterEnum("tapdance.KeyType", KeyType_name, KeyType_value)
-	proto.RegisterEnum("tapdance.C2S_Transition", C2S_Transition_name, C2S_Transition_value)
-	proto.RegisterEnum("tapdance.S2C_Transition", S2C_Transition_name, S2C_Transition_value)
-	proto.RegisterEnum("tapdance.ErrorReasonS2C", ErrorReasonS2C_name, ErrorReasonS2C_value)
-	proto.RegisterEnum("tapdance.TransportType", TransportType_name, TransportType_value)
-	proto.RegisterEnum("tapdance.RegistrationSource", RegistrationSource_name, RegistrationSource_value)
-	proto.RegisterType((*PubKey)(nil), "tapdance.PubKey")
-	proto.RegisterType((*TLSDecoySpec)(nil), "tapdance.TLSDecoySpec")
-	proto.RegisterType((*ClientConf)(nil), "tapdance.ClientConf")
-	proto.RegisterType((*DecoyList)(nil), "tapdance.DecoyList")
-	proto.RegisterType((*PhantomSubnetsList)(nil), "tapdance.PhantomSubnetsList")
-	proto.RegisterType((*PhantomSubnets)(nil), "tapdance.PhantomSubnets")
-	proto.RegisterType((*StationToClient)(nil), "tapdance.StationToClient")
-	proto.RegisterType((*RegistrationFlags)(nil), "tapdance.RegistrationFlags")
-	proto.RegisterType((*ClientToStation)(nil), "tapdance.ClientToStation")
-	proto.RegisterType((*C2SWrapper)(nil), "tapdance.C2SWrapper")
-	proto.RegisterType((*SessionStats)(nil), "tapdance.SessionStats")
-	proto.RegisterType((*StationToDetector)(nil), "tapdance.StationToDetector")
-}
-
-func init() { proto.RegisterFile("signalling.proto", fileDescriptor_39f66308029891ad) }
-
-var fileDescriptor_39f66308029891ad = []byte{
-	// 1542 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0xcd, 0x72, 0xe3, 0xc6,
-	0x11, 0x5e, 0x88, 0x94, 0x44, 0x34, 0x7f, 0x04, 0xcd, 0x4a, 0xbb, 0x70, 0x76, 0x1d, 0xd3, 0x74,
-	0x9c, 0x28, 0x4a, 0xb2, 0x95, 0x65, 0xed, 0x4f, 0xae, 0x5c, 0x08, 0x5e, 0xb3, 0x4c, 0x11, 0xf4,
-	0x00, 0xeb, 0x64, 0x93, 0xc3, 0x14, 0x04, 0x0c, 0x29, 0x44, 0x20, 0x80, 0xc2, 0x0c, 0xe5, 0xf0,
-	0x4d, 0x72, 0xce, 0x21, 0xa7, 0x54, 0xe5, 0x0d, 0xf2, 0x02, 0x7e, 0x86, 0x9c, 0xf3, 0x18, 0x49,
-	0xcd, 0x0f, 0x48, 0x50, 0xb2, 0x37, 0xe5, 0x1b, 0xe6, 0xeb, 0xee, 0x99, 0xfe, 0xa6, 0xbf, 0xe9,
-	0x06, 0x58, 0x2c, 0x59, 0x64, 0x61, 0x9a, 0x26, 0xd9, 0xe2, 0x59, 0x51, 0xe6, 0x3c, 0x47, 0x2d,
-	0x1e, 0x16, 0x71, 0x98, 0x45, 0x74, 0x30, 0x82, 0x83, 0xd9, 0xea, 0xea, 0x2b, 0xba, 0x46, 0x16,
-	0x34, 0x6e, 0xe8, 0xda, 0x36, 0xfa, 0xc6, 0x59, 0x07, 0x8b, 0x4f, 0xf4, 0x39, 0x34, 0xf9, 0xba,
-	0xa0, 0xf6, 0x5e, 0xdf, 0x38, 0xeb, 0x0d, 0x8f, 0x9f, 0x55, 0x41, 0xcf, 0xbe, 0xa2, 0xeb, 0x60,
-	0x5d, 0x50, 0x2c, 0xcd, 0x83, 0x7f, 0x19, 0xd0, 0x09, 0x26, 0xfe, 0x05, 0x8d, 0xf2, 0xb5, 0x5f,
-	0xd0, 0x08, 0xfd, 0x04, 0x5a, 0xd7, 0x39, 0xe3, 0x59, 0xb8, 0xa4, 0x72, 0x3b, 0x13, 0x6f, 0xd6,
-	0xc2, 0x96, 0x14, 0xb7, 0x2f, 0xc2, 0x38, 0x2e, 0xe5, 0xbe, 0x87, 0x78, 0xb3, 0xd6, 0xb6, 0x57,
-	0xd2, 0x76, 0x20, 0xd3, 0xd8, 0xac, 0xd1, 0x19, 0x1c, 0x14, 0xab, 0x2b, 0x91, 0x60, 0xa3, 0x6f,
-	0x9c, 0xb5, 0x87, 0xd6, 0x36, 0x1b, 0x95, 0x3f, 0xd6, 0x76, 0x64, 0xc3, 0x21, 0x4f, 0x96, 0x34,
-	0x5f, 0x71, 0xbb, 0xd9, 0x37, 0xce, 0xba, 0xb8, 0x5a, 0xa2, 0x47, 0x70, 0xc0, 0xa3, 0xe2, 0xdb,
-	0x24, 0xb3, 0xf7, 0xa5, 0x41, 0xaf, 0x06, 0x7f, 0xdb, 0x03, 0x70, 0xd2, 0x84, 0x66, 0xdc, 0xc9,
-	0xb3, 0x39, 0x1a, 0x02, 0xc4, 0x82, 0x0b, 0x49, 0x13, 0xc6, 0x25, 0x81, 0xf6, 0xf0, 0xe1, 0xf6,
-	0x38, 0xc9, 0x73, 0x92, 0x30, 0x8e, 0xcd, 0xb8, 0xfa, 0x44, 0x3f, 0x05, 0x58, 0xd0, 0x8c, 0x96,
-	0x21, 0x4f, 0xf2, 0x4c, 0x12, 0xeb, 0xe2, 0x1a, 0x82, 0x5e, 0x43, 0x2f, 0xa6, 0xf3, 0x70, 0x95,
-	0x72, 0xf2, 0x7f, 0x68, 0x74, 0xb5, 0xdf, 0x4c, 0xb1, 0x99, 0xc2, 0x49, 0x71, 0x1d, 0x66, 0x3c,
-	0x5f, 0x12, 0xb6, 0xba, 0xca, 0x28, 0x67, 0x2a, 0xad, 0xa6, 0x0c, 0x7f, 0x5a, 0x0b, 0x57, 0x5e,
-	0xbe, 0x72, 0x92, 0xf9, 0xa1, 0xe2, 0x1e, 0x26, 0x12, 0x89, 0xf2, 0xec, 0xcf, 0xab, 0x92, 0x56,
-	0x89, 0xec, 0xff, 0x50, 0x22, 0xda, 0x4f, 0x25, 0x32, 0x78, 0x03, 0xe6, 0x86, 0x39, 0x7a, 0x09,
-	0xc0, 0x53, 0x46, 0x24, 0x7f, 0x66, 0x1b, 0xfd, 0xc6, 0x59, 0x7b, 0xf8, 0x68, 0xbb, 0x43, 0x5d,
-	0x0d, 0xd8, 0xe4, 0x29, 0x93, 0x2b, 0x36, 0x78, 0x0f, 0xe8, 0x7e, 0x9a, 0xc8, 0x01, 0xeb, 0x5b,
-	0x9a, 0x2c, 0xae, 0x39, 0x8d, 0x2b, 0x8e, 0x7a, 0x4b, 0xfb, 0x87, 0xe8, 0xe1, 0xa3, 0x2a, 0x42,
-	0x03, 0x83, 0x37, 0xd0, 0xdb, 0x75, 0x11, 0xd5, 0x56, 0x4e, 0xb2, 0x84, 0x5d, 0xac, 0x57, 0x42,
-	0x1f, 0xd5, 0x29, 0x7b, 0xfd, 0xc6, 0x99, 0x89, 0xab, 0xe5, 0xe0, 0xbb, 0x3d, 0x38, 0xf2, 0xb9,
-	0x2c, 0x58, 0x90, 0x2b, 0x41, 0xa0, 0x5f, 0x82, 0x25, 0x9f, 0x4c, 0x94, 0xa7, 0xe4, 0x96, 0x96,
-	0x4c, 0x94, 0x57, 0xed, 0x77, 0x54, 0xe1, 0xdf, 0x28, 0x58, 0xf0, 0x60, 0x3c, 0xe4, 0x94, 0xf0,
-	0x32, 0xcc, 0x58, 0xb2, 0x51, 0x42, 0xaf, 0xce, 0xc3, 0x1f, 0x3a, 0x24, 0xd8, 0xd8, 0xf1, 0x91,
-	0x8c, 0xd8, 0x02, 0xe8, 0x25, 0xb4, 0xa3, 0x3c, 0x9b, 0x27, 0x0b, 0x92, 0x64, 0xf3, 0x5c, 0xab,
-	0xe4, 0x64, 0x1b, 0xbf, 0xd5, 0x29, 0x06, 0xe5, 0x38, 0xce, 0xe6, 0x39, 0x7a, 0x0d, 0x40, 0xcb,
-	0x92, 0x94, 0x34, 0x64, 0x79, 0x26, 0xc5, 0xb1, 0x73, 0xaa, 0x5b, 0x96, 0x79, 0x89, 0xa5, 0xd1,
-	0x1f, 0x3a, 0xd8, 0xa4, 0xa5, 0x5e, 0xa1, 0x4f, 0xa0, 0xcd, 0x97, 0x05, 0xb9, 0x0a, 0xa3, 0x9b,
-	0x7c, 0x3e, 0xd7, 0x0f, 0x03, 0xf8, 0xb2, 0x78, 0xa3, 0x10, 0xf4, 0x31, 0x00, 0x53, 0x77, 0x42,
-	0x92, 0x58, 0x3e, 0x4b, 0x13, 0x9b, 0x1a, 0x19, 0xc7, 0xe2, 0x36, 0x8b, 0x30, 0x8e, 0x93, 0x6c,
-	0x61, 0xc7, 0xf2, 0xc9, 0x56, 0xcb, 0xc1, 0x3f, 0x0d, 0x38, 0xc6, 0x74, 0x91, 0x30, 0xae, 0xde,
-	0xc0, 0x17, 0x69, 0xb8, 0x60, 0xe2, 0xbc, 0x55, 0x91, 0xe6, 0x61, 0x4c, 0xf2, 0x2c, 0x55, 0xdd,
-	0xa6, 0x85, 0x41, 0x41, 0x5e, 0x96, 0xae, 0xc5, 0x79, 0x71, 0x58, 0xde, 0x28, 0x6d, 0xc9, 0xfb,
-	0x6b, 0x61, 0x53, 0x20, 0x52, 0x43, 0xe8, 0x53, 0xe8, 0x14, 0x65, 0xfe, 0x97, 0x35, 0xb9, 0xa6,
-	0x61, 0x4c, 0x4b, 0x79, 0x41, 0x2d, 0xdc, 0x96, 0xd8, 0x97, 0x12, 0x42, 0x8f, 0xe1, 0x70, 0xc5,
-	0x28, 0x09, 0xc6, 0x13, 0x79, 0x11, 0x2d, 0x7c, 0xb0, 0x62, 0x34, 0x18, 0x4f, 0xc4, 0x23, 0x2d,
-	0x4a, 0xca, 0xa2, 0x30, 0xcb, 0x68, 0x2c, 0xa9, 0xb6, 0x70, 0x0d, 0x19, 0x7c, 0xd7, 0x84, 0x23,
-	0x75, 0xbf, 0x41, 0xae, 0x75, 0xf0, 0x63, 0xea, 0x3f, 0x84, 0xd3, 0x6d, 0xdf, 0x20, 0xf7, 0xda,
-	0xc1, 0xc3, 0x4d, 0xb7, 0x78, 0xbb, 0xed, 0x0b, 0xdf, 0xa7, 0x99, 0xc6, 0xdd, 0xea, 0x39, 0x43,
-	0xff, 0x83, 0x9a, 0xd9, 0xde, 0x29, 0x5b, 0x67, 0x91, 0x24, 0xdd, 0xac, 0xee, 0xd4, 0x5f, 0x67,
-	0x11, 0xfa, 0x0c, 0xba, 0xf3, 0x30, 0x49, 0x69, 0x5c, 0xbd, 0x58, 0x90, 0xc2, 0xef, 0x28, 0x50,
-	0x3d, 0x4e, 0xf4, 0x6b, 0xd8, 0x17, 0x1b, 0x33, 0xbb, 0x2d, 0x35, 0x57, 0x7b, 0xce, 0x3e, 0x65,
-	0x82, 0xa0, 0xb8, 0x12, 0x86, 0x95, 0x13, 0x7a, 0x09, 0xa6, 0x4c, 0xb9, 0xc8, 0x4b, 0x6e, 0x77,
-	0x64, 0xc6, 0x8f, 0x6b, 0x0d, 0xa0, 0x32, 0xc9, 0x31, 0xb1, 0xf5, 0x44, 0x9f, 0x8b, 0xf6, 0x73,
-	0x4b, 0x4b, 0x4e, 0x44, 0x57, 0xa7, 0x8c, 0xd9, 0x27, 0x52, 0x51, 0x5d, 0x85, 0x8e, 0x14, 0x88,
-	0x5e, 0x83, 0xbd, 0x0c, 0xd9, 0x4d, 0x95, 0x30, 0x61, 0xb4, 0xbc, 0xa5, 0x25, 0x91, 0x13, 0xe5,
-	0x54, 0x06, 0x9c, 0x2a, 0xbb, 0x6a, 0x33, 0xd2, 0x3a, 0x15, 0xe3, 0xe5, 0x63, 0x80, 0xdb, 0x57,
-	0x84, 0xad, 0x0a, 0x99, 0xd7, 0x23, 0xa5, 0x9e, 0xdb, 0x57, 0xbe, 0x02, 0xa4, 0xf9, 0xc5, 0xc6,
-	0xfc, 0x58, 0x9b, 0x5f, 0x54, 0xe6, 0xe7, 0xb0, 0x3f, 0x17, 0x2a, 0xb5, 0x6d, 0x79, 0x05, 0x4f,
-	0xb6, 0x84, 0xee, 0x09, 0x19, 0x2b, 0xcf, 0x0f, 0xe8, 0xff, 0xef, 0x62, 0xaa, 0x0c, 0xfd, 0xdf,
-	0x97, 0x61, 0x51, 0xd0, 0x52, 0xd4, 0x80, 0x5d, 0x87, 0xa5, 0xe8, 0x71, 0x34, 0x2a, 0x29, 0xd7,
-	0x83, 0xb6, 0xa3, 0x40, 0x5f, 0x62, 0x68, 0x02, 0x27, 0x65, 0xed, 0x24, 0x52, 0x84, 0x6b, 0x51,
-	0x44, 0xdd, 0x06, 0x3e, 0xba, 0xdb, 0x06, 0x36, 0x32, 0xc5, 0x0f, 0xeb, 0x61, 0x33, 0x15, 0x85,
-	0x2e, 0x61, 0x07, 0x26, 0x2c, 0x5f, 0x95, 0x11, 0xd5, 0xdd, 0xe1, 0xe9, 0xf7, 0x93, 0xf3, 0xa5,
-	0x0f, 0x46, 0xe5, 0x3d, 0x0c, 0x3d, 0xbf, 0x93, 0x5c, 0x55, 0x41, 0x35, 0xaa, 0x77, 0x8e, 0xaa,
-	0xea, 0xf8, 0x19, 0x74, 0x55, 0x01, 0x2b, 0xdf, 0x43, 0x45, 0x5a, 0x82, 0xda, 0x69, 0xf0, 0x6f,
-	0x03, 0x3a, 0x75, 0x89, 0xa1, 0xdf, 0xc2, 0xc9, 0x8e, 0x5c, 0x49, 0xb8, 0xcc, 0x57, 0x19, 0x97,
-	0x52, 0xe9, 0x62, 0x54, 0x57, 0xed, 0x48, 0x5a, 0xd0, 0x73, 0x38, 0xe5, 0x39, 0x0f, 0x53, 0x22,
-	0x46, 0x3d, 0xe1, 0x39, 0x89, 0xf2, 0x2c, 0xa3, 0x11, 0xb7, 0x3f, 0x51, 0x21, 0xd2, 0x18, 0x24,
-	0x4b, 0x1a, 0xe4, 0x8e, 0xb2, 0xa0, 0x9f, 0x41, 0xaf, 0xe4, 0x5c, 0xf8, 0xea, 0x66, 0x66, 0x7f,
-	0x2a, 0x7d, 0x3b, 0x25, 0xaf, 0x3d, 0xff, 0x3e, 0x74, 0xc4, 0xa0, 0xe3, 0xb9, 0xee, 0x47, 0x3f,
-	0xd7, 0xfd, 0x31, 0x65, 0x41, 0xae, 0x1a, 0x92, 0xf0, 0x88, 0x8a, 0xad, 0xc7, 0x2f, 0xb4, 0x47,
-	0x54, 0x68, 0x8f, 0x41, 0x06, 0xc7, 0x9b, 0xa9, 0x72, 0x41, 0x39, 0x8d, 0x78, 0x5e, 0x0a, 0x25,
-	0x56, 0x73, 0x3d, 0x29, 0xf4, 0x5f, 0x92, 0xa9, 0x91, 0x71, 0x81, 0x9e, 0x80, 0x19, 0xc9, 0x12,
-	0x0b, 0xeb, 0x9e, 0xfa, 0x87, 0x52, 0xc0, 0xb8, 0x10, 0xb1, 0xfa, 0x97, 0x86, 0x64, 0x4c, 0x6a,
-	0xa3, 0x89, 0x4d, 0x8d, 0x4c, 0xd9, 0xf9, 0xaf, 0xe0, 0x50, 0xff, 0xa0, 0xa1, 0x23, 0x68, 0x8f,
-	0x5c, 0x9f, 0xbc, 0x75, 0x2e, 0xc9, 0xf3, 0xe1, 0xef, 0xac, 0x3f, 0xd6, 0x81, 0xe1, 0xcb, 0x57,
-	0xd6, 0x9f, 0xce, 0xff, 0x63, 0x40, 0x6f, 0xb7, 0xbf, 0xa0, 0x63, 0xe8, 0x0a, 0x64, 0xea, 0x11,
-	0xe7, 0xcb, 0xd1, 0xf4, 0xad, 0x6b, 0x3d, 0x40, 0x27, 0x60, 0x09, 0xc8, 0x77, 0x7d, 0x7f, 0xec,
-	0x4d, 0xc9, 0x78, 0x3a, 0x0e, 0x2c, 0x03, 0x3d, 0x81, 0xc7, 0x75, 0xd4, 0xf1, 0xbe, 0x71, 0x71,
-	0xa0, 0x8c, 0x6d, 0x64, 0xc3, 0x89, 0x30, 0xba, 0x7f, 0x98, 0xb9, 0x4e, 0x40, 0xb0, 0xeb, 0x78,
-	0xd3, 0xa9, 0xeb, 0x04, 0xd6, 0x1e, 0x3a, 0x85, 0xe3, 0x9d, 0xb0, 0x89, 0xe7, 0xbb, 0x56, 0xa3,
-	0x3a, 0xe3, 0xfd, 0xd8, 0x9d, 0x5c, 0x90, 0x77, 0xb3, 0x89, 0x37, 0xba, 0xb0, 0x9a, 0xe8, 0x11,
-	0x20, 0x81, 0x8e, 0x9c, 0xaf, 0xdf, 0x8d, 0xb1, 0x5b, 0xe1, 0xfb, 0xa8, 0x0f, 0x4f, 0x6b, 0xdb,
-	0x2b, 0xd8, 0x9b, 0x4e, 0xde, 0xeb, 0x93, 0xac, 0x03, 0xd4, 0x03, 0x53, 0x7a, 0x60, 0xec, 0x61,
-	0xeb, 0xbf, 0xc6, 0xf9, 0x5f, 0x0d, 0xe8, 0xed, 0x4e, 0x5f, 0xc1, 0x54, 0x20, 0x77, 0x98, 0x0a,
-	0xe8, 0x3e, 0xd3, 0x3a, 0xba, 0xcb, 0xf4, 0x23, 0x38, 0x15, 0x46, 0xc7, 0x9b, 0x7e, 0x31, 0xc6,
-	0x97, 0x77, 0xa9, 0xee, 0xc4, 0x69, 0xaa, 0x3d, 0x30, 0x05, 0xbc, 0x49, 0xed, 0x1f, 0x06, 0xf4,
-	0x76, 0x47, 0x34, 0xea, 0x40, 0x6b, 0xea, 0x69, 0x8f, 0x07, 0xb2, 0x24, 0xea, 0x4c, 0x3f, 0xc0,
-	0xee, 0xe8, 0xd2, 0x32, 0xd0, 0x43, 0x38, 0x72, 0x26, 0x63, 0x77, 0x2a, 0xee, 0x76, 0xe6, 0xe1,
-	0xc0, 0xbd, 0xb0, 0xf6, 0x6a, 0xe0, 0x0c, 0x7b, 0x81, 0xe7, 0x78, 0x13, 0x75, 0xb1, 0x7e, 0x30,
-	0x0a, 0x14, 0x9d, 0xc0, 0xc5, 0xd3, 0xd1, 0xc4, 0x6a, 0x22, 0x04, 0xbd, 0x0b, 0xd7, 0xf1, 0xde,
-	0x13, 0xb1, 0xaf, 0xbe, 0x54, 0x71, 0x8c, 0x0a, 0xd7, 0xc7, 0xc4, 0xc2, 0x4d, 0x43, 0xc1, 0xf8,
-	0xd2, 0xf5, 0xde, 0x05, 0x16, 0x3d, 0xff, 0x0d, 0x74, 0x77, 0x1a, 0x3c, 0x6a, 0x41, 0x73, 0xba,
-	0x4a, 0x53, 0xeb, 0x01, 0x3a, 0x84, 0xc6, 0x65, 0x92, 0x59, 0x06, 0x32, 0x61, 0xdf, 0xbb, 0x9a,
-	0xb3, 0x17, 0xd6, 0xde, 0xf9, 0xd7, 0x80, 0xee, 0x77, 0x18, 0xa1, 0xc4, 0x77, 0x19, 0x2b, 0x68,
-	0x94, 0xcc, 0x13, 0x1a, 0x5b, 0x0f, 0x04, 0xe3, 0xea, 0x75, 0x58, 0x86, 0xd8, 0x68, 0x34, 0x1b,
-	0x2b, 0x4a, 0x15, 0x3c, 0x53, 0xa3, 0xda, 0x6a, 0xfc, 0x2f, 0x00, 0x00, 0xff, 0xff, 0x98, 0x6e,
-	0x73, 0xc1, 0xd2, 0x0c, 0x00, 0x00,
+func (x *RegistrationResponse) GetServerRandom() []byte {
+	if x != nil {
+		return x.ServerRandom
+	}
+	return nil
+}
+
+func (x *RegistrationResponse) GetError() string {
+	if x != nil && x.Error != nil {
+		return *x.Error
+	}
+	return ""
+}
+
+var File_signalling_proto protoreflect.FileDescriptor
+
+var file_signalling_proto_rawDesc = []byte{
+	0x0a, 0x10, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x6c, 0x6c, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x12, 0x08, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e, 0x63, 0x65, 0x22, 0x41, 0x0a, 0x06,
+	0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0c, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x25, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e, 0x63,
+	0x65, 0x2e, 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22,
+	0xbe, 0x01, 0x0a, 0x0c, 0x54, 0x4c, 0x53, 0x44, 0x65, 0x63, 0x6f, 0x79, 0x53, 0x70, 0x65, 0x63,
+	0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08,
+	0x69, 0x70, 0x76, 0x34, 0x61, 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x07, 0x52, 0x08,
+	0x69, 0x70, 0x76, 0x34, 0x61, 0x64, 0x64, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x70, 0x76, 0x36,
+	0x61, 0x64, 0x64, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x69, 0x70, 0x76, 0x36,
+	0x61, 0x64, 0x64, 0x72, 0x12, 0x28, 0x0a, 0x06, 0x70, 0x75, 0x62, 0x6b, 0x65, 0x79, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e, 0x63, 0x65, 0x2e,
+	0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x52, 0x06, 0x70, 0x75, 0x62, 0x6b, 0x65, 0x79, 0x12, 0x18,
+	0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x52,
+	0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x63, 0x70, 0x77,
+	0x69, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x74, 0x63, 0x70, 0x77, 0x69, 0x6e,
+	0x22, 0xa2, 0x02, 0x0a, 0x0a, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x12,
+	0x32, 0x0a, 0x0a, 0x64, 0x65, 0x63, 0x6f, 0x79, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x01, 0x20,
+	0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x44,
+	0x65, 0x63, 0x6f, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x09, 0x64, 0x65, 0x63, 0x6f, 0x79, 0x4c,
+	0x69, 0x73, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x37, 0x0a, 0x0e, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x70,
+	0x75, 0x62, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x74, 0x61,
+	0x70, 0x64, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x52, 0x0d, 0x64,
+	0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x50, 0x75, 0x62, 0x6b, 0x65, 0x79, 0x12, 0x4e, 0x0a, 0x14,
+	0x70, 0x68, 0x61, 0x6e, 0x74, 0x6f, 0x6d, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x5f,
+	0x6c, 0x69, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x74, 0x61, 0x70,
+	0x64, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x50, 0x68, 0x61, 0x6e, 0x74, 0x6f, 0x6d, 0x53, 0x75, 0x62,
+	0x6e, 0x65, 0x74, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x12, 0x70, 0x68, 0x61, 0x6e, 0x74, 0x6f,
+	0x6d, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x37, 0x0a, 0x0e,
+	0x63, 0x6f, 0x6e, 0x6a, 0x75, 0x72, 0x65, 0x5f, 0x70, 0x75, 0x62, 0x6b, 0x65, 0x79, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e, 0x63, 0x65, 0x2e,
+	0x50, 0x75, 0x62, 0x4b, 0x65, 0x79, 0x52, 0x0d, 0x63, 0x6f, 0x6e, 0x6a, 0x75, 0x72, 0x65, 0x50,
+	0x75, 0x62, 0x6b, 0x65, 0x79, 0x22, 0x42, 0x0a, 0x09, 0x44, 0x65, 0x63, 0x6f, 0x79, 0x4c, 0x69,
+	0x73, 0x74, 0x12, 0x35, 0x0a, 0x0a, 0x74, 0x6c, 0x73, 0x5f, 0x64, 0x65, 0x63, 0x6f, 0x79, 0x73,
+	0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e, 0x63,
+	0x65, 0x2e, 0x54, 0x4c, 0x53, 0x44, 0x65, 0x63, 0x6f, 0x79, 0x53, 0x70, 0x65, 0x63, 0x52, 0x09,
+	0x74, 0x6c, 0x73, 0x44, 0x65, 0x63, 0x6f, 0x79, 0x73, 0x22, 0x59, 0x0a, 0x12, 0x50, 0x68, 0x61,
+	0x6e, 0x74, 0x6f, 0x6d, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x12,
+	0x43, 0x0a, 0x10, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x5f, 0x73, 0x75, 0x62, 0x6e,
+	0x65, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x61, 0x70, 0x64,
+	0x61, 0x6e, 0x63, 0x65, 0x2e, 0x50, 0x68, 0x61, 0x6e, 0x74, 0x6f, 0x6d, 0x53, 0x75, 0x62, 0x6e,
+	0x65, 0x74, 0x73, 0x52, 0x0f, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x65, 0x64, 0x53, 0x75, 0x62,
+	0x6e, 0x65, 0x74, 0x73, 0x22, 0x42, 0x0a, 0x0e, 0x50, 0x68, 0x61, 0x6e, 0x74, 0x6f, 0x6d, 0x53,
+	0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x18,
+	0x0a, 0x07, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52,
+	0x07, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x22, 0xcb, 0x02, 0x0a, 0x0f, 0x53, 0x74, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x12, 0x29, 0x0a, 0x10,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
+	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x43, 0x0a, 0x10, 0x73, 0x74, 0x61, 0x74, 0x65,
+	0x5f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0e, 0x32, 0x18, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x53, 0x32, 0x43,
+	0x5f, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x73, 0x74, 0x61,
+	0x74, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x35, 0x0a, 0x0b,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x14, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x43, 0x6c, 0x69,
+	0x65, 0x6e, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x49,
+	0x6e, 0x66, 0x6f, 0x12, 0x37, 0x0a, 0x0a, 0x65, 0x72, 0x72, 0x5f, 0x72, 0x65, 0x61, 0x73, 0x6f,
+	0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e,
+	0x63, 0x65, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x53, 0x32,
+	0x43, 0x52, 0x09, 0x65, 0x72, 0x72, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b,
+	0x74, 0x6d, 0x70, 0x5f, 0x62, 0x61, 0x63, 0x6b, 0x6f, 0x66, 0x66, 0x18, 0x05, 0x20, 0x01, 0x28,
+	0x0d, 0x52, 0x0a, 0x74, 0x6d, 0x70, 0x42, 0x61, 0x63, 0x6b, 0x6f, 0x66, 0x66, 0x12, 0x1d, 0x0a,
+	0x0a, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x09, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x18, 0x0a, 0x07,
+	0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x70,
+	0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x22, 0xaf, 0x01, 0x0a, 0x11, 0x52, 0x65, 0x67, 0x69, 0x73,
+	0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x1f, 0x0a, 0x0b,
+	0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x0a, 0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x12, 0x1d, 0x0a,
+	0x0a, 0x64, 0x61, 0x72, 0x6b, 0x5f, 0x64, 0x65, 0x63, 0x6f, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x08, 0x52, 0x09, 0x64, 0x61, 0x72, 0x6b, 0x44, 0x65, 0x63, 0x6f, 0x79, 0x12, 0x21, 0x0a, 0x0c,
+	0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01,
+	0x28, 0x08, 0x52, 0x0b, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12,
+	0x17, 0x0a, 0x07, 0x75, 0x73, 0x65, 0x5f, 0x54, 0x49, 0x4c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08,
+	0x52, 0x06, 0x75, 0x73, 0x65, 0x54, 0x49, 0x4c, 0x12, 0x1e, 0x0a, 0x0a, 0x70, 0x72, 0x65, 0x73,
+	0x63, 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x70, 0x72,
+	0x65, 0x73, 0x63, 0x61, 0x6e, 0x6e, 0x65, 0x64, 0x22, 0xcb, 0x04, 0x0a, 0x0f, 0x43, 0x6c, 0x69,
+	0x65, 0x6e, 0x74, 0x54, 0x6f, 0x53, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x29, 0x0a, 0x10,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c,
+	0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x64, 0x65, 0x63, 0x6f, 0x79,
+	0x5f, 0x6c, 0x69, 0x73, 0x74, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x13, 0x64, 0x65, 0x63, 0x6f, 0x79, 0x4c, 0x69, 0x73,
+	0x74, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x43, 0x0a, 0x10, 0x73,
+	0x74, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e, 0x63, 0x65,
+	0x2e, 0x43, 0x32, 0x53, 0x5f, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52,
+	0x0f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x1f, 0x0a, 0x0b, 0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x79, 0x6e, 0x63, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x75, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x79, 0x6e,
+	0x63, 0x12, 0x23, 0x0a, 0x0d, 0x66, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x5f, 0x64, 0x65, 0x63, 0x6f,
+	0x79, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x66, 0x61, 0x69, 0x6c, 0x65, 0x64,
+	0x44, 0x65, 0x63, 0x6f, 0x79, 0x73, 0x12, 0x2c, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x73, 0x18,
+	0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e, 0x63, 0x65,
+	0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x73, 0x52, 0x05, 0x73,
+	0x74, 0x61, 0x74, 0x73, 0x12, 0x35, 0x0a, 0x09, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72,
+	0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x17, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e,
+	0x63, 0x65, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x79, 0x70, 0x65,
+	0x52, 0x09, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x25, 0x0a, 0x0e, 0x63,
+	0x6f, 0x76, 0x65, 0x72, 0x74, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x14, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x74, 0x41, 0x64, 0x64, 0x72, 0x65,
+	0x73, 0x73, 0x12, 0x37, 0x0a, 0x18, 0x6d, 0x61, 0x73, 0x6b, 0x65, 0x64, 0x5f, 0x64, 0x65, 0x63,
+	0x6f, 0x79, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x15,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x6d, 0x61, 0x73, 0x6b, 0x65, 0x64, 0x44, 0x65, 0x63, 0x6f,
+	0x79, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x76,
+	0x36, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x16, 0x20, 0x01, 0x28, 0x08, 0x52,
+	0x09, 0x76, 0x36, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x76, 0x34,
+	0x5f, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x17, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09,
+	0x76, 0x34, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x31, 0x0a, 0x05, 0x66, 0x6c, 0x61,
+	0x67, 0x73, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61,
+	0x6e, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x46, 0x6c, 0x61, 0x67, 0x73, 0x52, 0x05, 0x66, 0x6c, 0x61, 0x67, 0x73, 0x12, 0x18, 0x0a, 0x07,
+	0x70, 0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x70,
+	0x61, 0x64, 0x64, 0x69, 0x6e, 0x67, 0x22, 0xfb, 0x02, 0x0a, 0x0a, 0x43, 0x32, 0x53, 0x57, 0x72,
+	0x61, 0x70, 0x70, 0x65, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x5f,
+	0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x73, 0x68,
+	0x61, 0x72, 0x65, 0x64, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x4c, 0x0a, 0x14, 0x72, 0x65,
+	0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x61, 0x79, 0x6c, 0x6f,
+	0x61, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61,
+	0x6e, 0x63, 0x65, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x6f, 0x53, 0x74, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x13, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x12, 0x4d, 0x0a, 0x13, 0x72, 0x65, 0x67, 0x69,
+	0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e, 0x63, 0x65,
+	0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75,
+	0x72, 0x63, 0x65, 0x52, 0x12, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x31, 0x0a, 0x14, 0x72, 0x65, 0x67, 0x69, 0x73,
+	0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18,
+	0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x13, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65,
+	0x63, 0x6f, 0x79, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28,
+	0x0c, 0x52, 0x0c, 0x64, 0x65, 0x63, 0x6f, 0x79, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12,
+	0x53, 0x0a, 0x15, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
+	0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e,
+	0x2e, 0x74, 0x61, 0x70, 0x64, 0x61, 0x6e, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
+	0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x14,
+	0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0xdd, 0x01, 0x0a, 0x0c, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
+	0x53, 0x74, 0x61, 0x74, 0x73, 0x12, 0x30, 0x0a, 0x14, 0x66, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x5f,
+	0x64, 0x65, 0x63, 0x6f, 0x79, 0x73, 0x5f, 0x61, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x14, 0x20,
+	0x01, 0x28, 0x0d, 0x52, 0x12, 0x66, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x44, 0x65, 0x63, 0x6f, 0x79,
+	0x73, 0x41, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x31, 0x0a, 0x15, 0x74, 0x6f, 0x74, 0x61, 0x6c,
+	0x5f, 0x74, 0x69, 0x6d, 0x65, 0x5f, 0x74, 0x6f, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74,
+	0x18, 0x1f, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x12, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x54, 0x69, 0x6d,
+	0x65, 0x54, 0x6f, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x12, 0x24, 0x0a, 0x0e, 0x72, 0x74,
+	0x74, 0x5f, 0x74, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x21, 0x20, 0x01,
+	0x28, 0x0d, 0x52, 0x0c, 0x72, 0x74, 0x74, 0x54, 0x6f, 0x53, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x20, 0x0a, 0x0c, 0x74, 0x6c, 0x73, 0x5f, 0x74, 0x6f, 0x5f, 0x64, 0x65, 0x63, 0x6f, 0x79,
+	0x18, 0x26, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x6c, 0x73, 0x54, 0x6f, 0x44, 0x65, 0x63,
+	0x6f, 0x79, 0x12, 0x20, 0x0a, 0x0c, 0x74, 0x63, 0x70, 0x5f, 0x74, 0x6f, 0x5f, 0x64, 0x65, 0x63,
+	0x6f, 0x79, 0x18, 0x27, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x63, 0x70, 0x54, 0x6f, 0x44,
+	0x65, 0x63, 0x6f, 0x79, 0x22, 0x6e, 0x0a, 0x11, 0x53, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54,
+	0x6f, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x68, 0x61,
+	0x6e, 0x74, 0x6f, 0x6d, 0x5f, 0x69, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70,
+	0x68, 0x61, 0x6e, 0x74, 0x6f, 0x6d, 0x49, 0x70, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65,
+	0x6e, 0x74, 0x5f, 0x69, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69,
+	0x65, 0x6e, 0x74, 0x49, 0x70, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74,
+	0x5f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x6f,
+	0x75, 0x74, 0x4e, 0x73, 0x22, 0x9c, 0x01, 0x0a, 0x14, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a,
+	0x08, 0x69, 0x70, 0x76, 0x34, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x07, 0x52,
+	0x08, 0x69, 0x70, 0x76, 0x34, 0x61, 0x64, 0x64, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x70, 0x76,
+	0x36, 0x61, 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x69, 0x70, 0x76,
+	0x36, 0x61, 0x64, 0x64, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x22, 0x0a, 0x0c, 0x73, 0x65, 0x72,
+	0x76, 0x65, 0x72, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52,
+	0x0c, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x61, 0x6e, 0x64, 0x6f, 0x6d, 0x12, 0x14, 0x0a,
+	0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72,
+	0x72, 0x6f, 0x72, 0x2a, 0x2b, 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0f,
+	0x0a, 0x0b, 0x41, 0x45, 0x53, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x31, 0x32, 0x38, 0x10, 0x5a, 0x12,
+	0x0f, 0x0a, 0x0b, 0x41, 0x45, 0x53, 0x5f, 0x47, 0x43, 0x4d, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x5b,
+	0x2a, 0xe7, 0x01, 0x0a, 0x0e, 0x43, 0x32, 0x53, 0x5f, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74,
+	0x69, 0x6f, 0x6e, 0x12, 0x11, 0x0a, 0x0d, 0x43, 0x32, 0x53, 0x5f, 0x4e, 0x4f, 0x5f, 0x43, 0x48,
+	0x41, 0x4e, 0x47, 0x45, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x43, 0x32, 0x53, 0x5f, 0x53, 0x45,
+	0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x49, 0x4e, 0x49, 0x54, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17,
+	0x43, 0x32, 0x53, 0x5f, 0x53, 0x45, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x56, 0x45,
+	0x52, 0x54, 0x5f, 0x49, 0x4e, 0x49, 0x54, 0x10, 0x0b, 0x12, 0x18, 0x0a, 0x14, 0x43, 0x32, 0x53,
+	0x5f, 0x45, 0x58, 0x50, 0x45, 0x43, 0x54, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43,
+	0x54, 0x10, 0x02, 0x12, 0x15, 0x0a, 0x11, 0x43, 0x32, 0x53, 0x5f, 0x53, 0x45, 0x53, 0x53, 0x49,
+	0x4f, 0x4e, 0x5f, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x10, 0x03, 0x12, 0x14, 0x0a, 0x10, 0x43, 0x32,
+	0x53, 0x5f, 0x59, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x10, 0x04,
+	0x12, 0x16, 0x0a, 0x12, 0x43, 0x32, 0x53, 0x5f, 0x41, 0x43, 0x51, 0x55, 0x49, 0x52, 0x45, 0x5f,
+	0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x10, 0x05, 0x12, 0x20, 0x0a, 0x1c, 0x43, 0x32, 0x53, 0x5f,
+	0x45, 0x58, 0x50, 0x45, 0x43, 0x54, 0x5f, 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x4f, 0x4e, 0x4c,
+	0x59, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x4e, 0x4e, 0x10, 0x06, 0x12, 0x0e, 0x0a, 0x09, 0x43, 0x32,
+	0x53, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0xff, 0x01, 0x2a, 0x98, 0x01, 0x0a, 0x0e, 0x53,
+	0x32, 0x43, 0x5f, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x11, 0x0a,
+	0x0d, 0x53, 0x32, 0x43, 0x5f, 0x4e, 0x4f, 0x5f, 0x43, 0x48, 0x41, 0x4e, 0x47, 0x45, 0x10, 0x00,
+	0x12, 0x14, 0x0a, 0x10, 0x53, 0x32, 0x43, 0x5f, 0x53, 0x45, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f,
+	0x49, 0x4e, 0x49, 0x54, 0x10, 0x01, 0x12, 0x1b, 0x0a, 0x17, 0x53, 0x32, 0x43, 0x5f, 0x53, 0x45,
+	0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x56, 0x45, 0x52, 0x54, 0x5f, 0x49, 0x4e, 0x49,
+	0x54, 0x10, 0x0b, 0x12, 0x19, 0x0a, 0x15, 0x53, 0x32, 0x43, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49,
+	0x52, 0x4d, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x4e, 0x4e, 0x45, 0x43, 0x54, 0x10, 0x02, 0x12, 0x15,
+	0x0a, 0x11, 0x53, 0x32, 0x43, 0x5f, 0x53, 0x45, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4c,
+	0x4f, 0x53, 0x45, 0x10, 0x03, 0x12, 0x0e, 0x0a, 0x09, 0x53, 0x32, 0x43, 0x5f, 0x45, 0x52, 0x52,
+	0x4f, 0x52, 0x10, 0xff, 0x01, 0x2a, 0xac, 0x01, 0x0a, 0x0e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52,
+	0x65, 0x61, 0x73, 0x6f, 0x6e, 0x53, 0x32, 0x43, 0x12, 0x0c, 0x0a, 0x08, 0x4e, 0x4f, 0x5f, 0x45,
+	0x52, 0x52, 0x4f, 0x52, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x43, 0x4f, 0x56, 0x45, 0x52, 0x54,
+	0x5f, 0x53, 0x54, 0x52, 0x45, 0x41, 0x4d, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x43, 0x4c, 0x49,
+	0x45, 0x4e, 0x54, 0x5f, 0x52, 0x45, 0x50, 0x4f, 0x52, 0x54, 0x45, 0x44, 0x10, 0x02, 0x12, 0x13,
+	0x0a, 0x0f, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f,
+	0x4c, 0x10, 0x03, 0x12, 0x14, 0x0a, 0x10, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x49,
+	0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x04, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x45, 0x43,
+	0x4f, 0x59, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x4c, 0x4f, 0x41, 0x44, 0x10, 0x05, 0x12, 0x11, 0x0a,
+	0x0d, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x53, 0x54, 0x52, 0x45, 0x41, 0x4d, 0x10, 0x64,
+	0x12, 0x12, 0x0a, 0x0e, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x54, 0x49, 0x4d, 0x45, 0x4f,
+	0x55, 0x54, 0x10, 0x65, 0x2a, 0x2d, 0x0a, 0x0d, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72,
+	0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x75, 0x6c, 0x6c, 0x10, 0x00, 0x12,
+	0x07, 0x0a, 0x03, 0x4d, 0x69, 0x6e, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x4f, 0x62, 0x66, 0x73,
+	0x34, 0x10, 0x02, 0x2a, 0x67, 0x0a, 0x12, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x61, 0x74,
+	0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x6e, 0x73,
+	0x70, 0x65, 0x63, 0x69, 0x66, 0x69, 0x65, 0x64, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x65,
+	0x74, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x50, 0x49, 0x10,
+	0x02, 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x65,
+	0x73, 0x63, 0x61, 0x6e, 0x10, 0x03, 0x12, 0x14, 0x0a, 0x10, 0x42, 0x69, 0x64, 0x69, 0x72, 0x65,
+	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x41, 0x50, 0x49, 0x10, 0x04,
+}
+
+var (
+	file_signalling_proto_rawDescOnce sync.Once
+	file_signalling_proto_rawDescData = file_signalling_proto_rawDesc
+)
+
+func file_signalling_proto_rawDescGZIP() []byte {
+	file_signalling_proto_rawDescOnce.Do(func() {
+		file_signalling_proto_rawDescData = protoimpl.X.CompressGZIP(file_signalling_proto_rawDescData)
+	})
+	return file_signalling_proto_rawDescData
+}
+
+var file_signalling_proto_enumTypes = make([]protoimpl.EnumInfo, 6)
+var file_signalling_proto_msgTypes = make([]protoimpl.MessageInfo, 13)
+var file_signalling_proto_goTypes = []interface{}{
+	(KeyType)(0),                 // 0: tapdance.KeyType
+	(C2S_Transition)(0),          // 1: tapdance.C2S_Transition
+	(S2C_Transition)(0),          // 2: tapdance.S2C_Transition
+	(ErrorReasonS2C)(0),          // 3: tapdance.ErrorReasonS2C
+	(TransportType)(0),           // 4: tapdance.TransportType
+	(RegistrationSource)(0),      // 5: tapdance.RegistrationSource
+	(*PubKey)(nil),               // 6: tapdance.PubKey
+	(*TLSDecoySpec)(nil),         // 7: tapdance.TLSDecoySpec
+	(*ClientConf)(nil),           // 8: tapdance.ClientConf
+	(*DecoyList)(nil),            // 9: tapdance.DecoyList
+	(*PhantomSubnetsList)(nil),   // 10: tapdance.PhantomSubnetsList
+	(*PhantomSubnets)(nil),       // 11: tapdance.PhantomSubnets
+	(*StationToClient)(nil),      // 12: tapdance.StationToClient
+	(*RegistrationFlags)(nil),    // 13: tapdance.RegistrationFlags
+	(*ClientToStation)(nil),      // 14: tapdance.ClientToStation
+	(*C2SWrapper)(nil),           // 15: tapdance.C2SWrapper
+	(*SessionStats)(nil),         // 16: tapdance.SessionStats
+	(*StationToDetector)(nil),    // 17: tapdance.StationToDetector
+	(*RegistrationResponse)(nil), // 18: tapdance.RegistrationResponse
+}
+var file_signalling_proto_depIdxs = []int32{
+	0,  // 0: tapdance.PubKey.type:type_name -> tapdance.KeyType
+	6,  // 1: tapdance.TLSDecoySpec.pubkey:type_name -> tapdance.PubKey
+	9,  // 2: tapdance.ClientConf.decoy_list:type_name -> tapdance.DecoyList
+	6,  // 3: tapdance.ClientConf.default_pubkey:type_name -> tapdance.PubKey
+	10, // 4: tapdance.ClientConf.phantom_subnets_list:type_name -> tapdance.PhantomSubnetsList
+	6,  // 5: tapdance.ClientConf.conjure_pubkey:type_name -> tapdance.PubKey
+	7,  // 6: tapdance.DecoyList.tls_decoys:type_name -> tapdance.TLSDecoySpec
+	11, // 7: tapdance.PhantomSubnetsList.weighted_subnets:type_name -> tapdance.PhantomSubnets
+	2,  // 8: tapdance.StationToClient.state_transition:type_name -> tapdance.S2C_Transition
+	8,  // 9: tapdance.StationToClient.config_info:type_name -> tapdance.ClientConf
+	3,  // 10: tapdance.StationToClient.err_reason:type_name -> tapdance.ErrorReasonS2C
+	1,  // 11: tapdance.ClientToStation.state_transition:type_name -> tapdance.C2S_Transition
+	16, // 12: tapdance.ClientToStation.stats:type_name -> tapdance.SessionStats
+	4,  // 13: tapdance.ClientToStation.transport:type_name -> tapdance.TransportType
+	13, // 14: tapdance.ClientToStation.flags:type_name -> tapdance.RegistrationFlags
+	14, // 15: tapdance.C2SWrapper.registration_payload:type_name -> tapdance.ClientToStation
+	5,  // 16: tapdance.C2SWrapper.registration_source:type_name -> tapdance.RegistrationSource
+	18, // 17: tapdance.C2SWrapper.registration_response:type_name -> tapdance.RegistrationResponse
+	18, // [18:18] is the sub-list for method output_type
+	18, // [18:18] is the sub-list for method input_type
+	18, // [18:18] is the sub-list for extension type_name
+	18, // [18:18] is the sub-list for extension extendee
+	0,  // [0:18] is the sub-list for field type_name
+}
+
+func init() { file_signalling_proto_init() }
+func file_signalling_proto_init() {
+	if File_signalling_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_signalling_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PubKey); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_signalling_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*TLSDecoySpec); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_signalling_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ClientConf); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_signalling_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DecoyList); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_signalling_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PhantomSubnetsList); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_signalling_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*PhantomSubnets); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_signalling_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*StationToClient); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_signalling_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RegistrationFlags); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_signalling_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ClientToStation); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_signalling_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*C2SWrapper); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_signalling_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SessionStats); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_signalling_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*StationToDetector); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_signalling_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*RegistrationResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_signalling_proto_rawDesc,
+			NumEnums:      6,
+			NumMessages:   13,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_signalling_proto_goTypes,
+		DependencyIndexes: file_signalling_proto_depIdxs,
+		EnumInfos:         file_signalling_proto_enumTypes,
+		MessageInfos:      file_signalling_proto_msgTypes,
+	}.Build()
+	File_signalling_proto = out.File
+	file_signalling_proto_rawDesc = nil
+	file_signalling_proto_goTypes = nil
+	file_signalling_proto_depIdxs = nil
 }
diff --git a/vendor/github.com/refraction-networking/gotapdance/protobuf/signalling.proto b/vendor/github.com/refraction-networking/gotapdance/protobuf/signalling.proto
index 7623d7189..417db0846 100644
--- a/vendor/github.com/refraction-networking/gotapdance/protobuf/signalling.proto
+++ b/vendor/github.com/refraction-networking/gotapdance/protobuf/signalling.proto
@@ -215,8 +215,8 @@ message ClientToStation {
     optional bool v6_support = 22;
     optional bool v4_support = 23;
 
-	// A collection of optional flags for the registration.
-	optional RegistrationFlags flags = 24;
+    // A collection of optional flags for the registration.
+    optional RegistrationFlags flags = 24;
 
     // Random-sized junk to defeat packet size fingerprinting.
     optional bytes padding = 100;
@@ -224,22 +224,25 @@ message ClientToStation {
 
 
 enum RegistrationSource {
-    Unspecified = 0;
+  Unspecified = 0;
 	Detector = 1;
 	API = 2;
-    DetectorPrescan = 3;
+  DetectorPrescan = 3;
+  BidirectionalAPI = 4;
 }
 
 message C2SWrapper {
-	optional bytes shared_secret = 1;
+  optional bytes shared_secret = 1;
 	optional ClientToStation registration_payload = 3;
-    optional RegistrationSource registration_source = 4;
-    
-    // client source address when receiving a registration
-    optional bytes registration_address = 6;
+  optional RegistrationSource registration_source = 4;
 
-    // Decoy address used when registering over Decoy registrar
-    optional bytes decoy_address = 7;
+  // client source address when receiving a registration
+  optional bytes registration_address = 6;
+
+  // Decoy address used when registering over Decoy registrar
+  optional bytes decoy_address = 7;
+
+  optional RegistrationResponse registration_response = 8;
 }
 
 message SessionStats {
@@ -261,4 +264,21 @@ message StationToDetector {
     optional string client_ip = 2;
 
     optional uint64 timeout_ns = 3;
-}
\ No newline at end of file
+}
+
+// Adding message response from Station to Client for birdirectional API
+message RegistrationResponse {
+  optional fixed32 ipv4addr = 1;
+  // The 128-bit ipv6 address, in network byte order
+  optional bytes ipv6addr = 2;
+
+  // Respond with randomized port
+  optional uint32 port = 3;
+
+  // Future: station provides client with secret, want chanel present
+  // Leave null for now
+  optional bytes serverRandom = 4;
+
+  // If registration wrong, populate this error string
+  optional string error = 5;
+}
diff --git a/vendor/github.com/refraction-networking/gotapdance/tapdance/conjure.go b/vendor/github.com/refraction-networking/gotapdance/tapdance/conjure.go
index ae2505bae..a7586dd8e 100644
--- a/vendor/github.com/refraction-networking/gotapdance/tapdance/conjure.go
+++ b/vendor/github.com/refraction-networking/gotapdance/tapdance/conjure.go
@@ -435,10 +435,13 @@ func (reg *ConjureReg) connect(ctx context.Context, addr string, dialer dialFunc
 	return dialer(childCtx, "tcp", phantomAddr)
 }
 
-func (reg *ConjureReg) getFirstConnection(ctx context.Context, dialer dialFunc, phantoms []net.IP) (net.Conn, error) {
+func (reg *ConjureReg) getFirstConnection(ctx context.Context, dialer dialFunc, phantoms []*net.IP) (net.Conn, error) {
 	connChannel := make(chan resultTuple, len(phantoms))
 	for _, p := range phantoms {
-		go func(phantom net.IP) {
+		if p == nil {
+			continue
+		}
+		go func(phantom *net.IP) {
 			conn, err := reg.connect(ctx, phantom.String(), dialer)
 			if err != nil {
 				Logger().Infof("%v failed to dial phantom %v: %v", reg.sessionIDStr, phantom.String(), err)
@@ -481,7 +484,8 @@ func (reg *ConjureReg) getFirstConnection(ctx context.Context, dialer dialFunc,
 // Note: This is hacky but should work for v4, v6, or both as any nil phantom addr will
 // return a dial error and be ignored.
 func (reg *ConjureReg) Connect(ctx context.Context) (net.Conn, error) {
-	phantoms := []net.IP{*reg.phantom4, *reg.phantom6}
+	phantoms := []*net.IP{reg.phantom4, reg.phantom6}
+
 	//[reference] Provide chosen transport to sent bytes (or connect) if necessary
 	switch reg.transport {
 	case pb.TransportType_Min:
@@ -534,7 +538,7 @@ func (reg *ConjureReg) Connect(ctx context.Context) (net.Conn, error) {
 		return reg.getFirstConnection(ctx, reg.TcpDialer, phantoms)
 	default:
 		// If transport is unrecognized use min transport.
-		return nil, fmt.Errorf("Unknown Transport")
+		return nil, fmt.Errorf("unknown transport")
 	}
 }
 
diff --git a/vendor/github.com/refraction-networking/gotapdance/tapdance/registrar_bidirectional.go b/vendor/github.com/refraction-networking/gotapdance/tapdance/registrar_bidirectional.go
new file mode 100644
index 000000000..5a55e3fd2
--- /dev/null
+++ b/vendor/github.com/refraction-networking/gotapdance/tapdance/registrar_bidirectional.go
@@ -0,0 +1,199 @@
+package tapdance
+
+import (
+	"bytes"
+	"context"
+	"encoding/binary"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"time"
+
+	"github.com/golang/protobuf/proto"
+	pb "github.com/refraction-networking/gotapdance/protobuf"
+)
+
+// Registration strategy using a centralized REST API to
+// create registrations. Only the Endpoint need be specified;
+// the remaining fields are valid with their zero values and
+// provide the opportunity for additional control over the process.
+type APIRegistrarBidirectional struct {
+	// Endpoint to use in registration request
+	Endpoint string
+
+	// HTTP client to use in request
+	Client *http.Client
+
+	// Length of time to delay after confirming successful
+	// registration before attempting a connection,
+	// allowing for propagation throughout the stations.
+	ConnectionDelay time.Duration
+
+	// Maximum number of retries before giving up
+	MaxRetries int
+
+	// A secondary registration method to use on failure.
+	// Because the API registration can give us definite
+	// indication of a failure to register, this can be
+	// used as a "backup" in the case of the API being
+	// down or being blocked.
+	//
+	// If this field is nil, no secondary registration will
+	// be attempted. If it is non-nil, after failing to register
+	// (retrying MaxRetries times) we will fall back to
+	// the Register method on this field.
+	SecondaryRegistrar Registrar
+}
+
+func (r APIRegistrarBidirectional) Register(cjSession *ConjureSession, ctx context.Context) (*ConjureReg, error) {
+	Logger().Debugf("%v registering via APIRegistrarBidirectional", cjSession.IDString())
+
+	// Differences from APIRegistrar Register(): Client now does not generate
+	// phantom addresses, leave the phantom4 and phantom6 fields blank for now
+	// [reference] Prepare registration
+	reg := &ConjureReg{
+		sessionIDStr: cjSession.IDString(),
+		keys:         cjSession.Keys,
+		stats:        &pb.SessionStats{},
+		// phantom4:       phantom4,
+		// phantom6:       phantom6,
+		v6Support:      cjSession.V6Support.include,
+		covertAddress:  cjSession.CovertAddress,
+		transport:      cjSession.Transport,
+		TcpDialer:      cjSession.TcpDialer,
+		useProxyHeader: cjSession.UseProxyHeader,
+	}
+
+	c2s := reg.generateClientToStation()
+
+	protoPayload := pb.C2SWrapper{
+		SharedSecret:        cjSession.Keys.SharedSecret,
+		RegistrationPayload: c2s,
+	}
+
+	payload, err := proto.Marshal(&protoPayload)
+	if err != nil {
+		Logger().Warnf("%v failed to marshal ClientToStation payload: %v", cjSession.IDString(), err)
+		return nil, err
+	}
+
+	if r.Client == nil {
+		// Transports should ideally be re-used for TCP connection pooling,
+		// but each registration is most likely making precisely one request,
+		// or if it's making more than one, is most likely due to an underlying
+		// connection issue rather than an application-level error anyways.
+		t := http.DefaultTransport.(*http.Transport).Clone()
+		t.DialContext = reg.TcpDialer
+		r.Client = &http.Client{Transport: t}
+	}
+
+	tries := 0
+	for tries < r.MaxRetries+1 {
+		tries++
+		regResp := &pb.RegistrationResponse{}
+		// executeHTTPRequestBidirectional() returns the Registration Response protobuf --> save that in regResp
+		regResp, err = r.executeHTTPRequestBidirectional(ctx, cjSession, payload)
+		if err != nil || regResp == nil {
+			Logger().Warnf("%v failed bidirectional API registration, attempt %d/%d", cjSession.IDString(), tries, r.MaxRetries+1)
+			continue
+		}
+
+		// Handle server error
+		if regResp.GetError() != "" {
+			Logger().Debugf("%v bidirectional API registration returned err: %s", cjSession.IDString(), regResp.GetError())
+			continue
+		}
+
+		Logger().Debugf("%v bidirectional API registration succeeded", cjSession.IDString())
+		if r.ConnectionDelay != 0 {
+			Logger().Debugf("%v sleeping for %v", cjSession.IDString(), r.ConnectionDelay)
+			sleepWithContext(ctx, r.ConnectionDelay)
+		}
+
+		// Helper function defined below that takes in the registraion response protobuf from the
+		// executeHTTPRequestBidireectional() func and the ConjureReg that we want to return and
+		// unpacks the returned ipv addresses into the conjureReg
+		// LATER: carry more stuff in registration response protobuf and unpack helper will handle that too
+		conjReg := r.unpackRegResp(reg, regResp)
+
+		// Return conjReg (ConjureReg struct) containing the ipv4 and ipv6 addresses from the server
+		return conjReg, nil
+	}
+
+	// If we make it here, we failed API registration
+	Logger().Warnf("%v giving up on bidirectional API registration", cjSession.IDString())
+
+	if r.SecondaryRegistrar != nil {
+		Logger().Debugf("%v trying secondary registration method", cjSession.IDString())
+		return r.SecondaryRegistrar.Register(cjSession, ctx)
+	}
+
+	return nil, err
+}
+
+func (r APIRegistrarBidirectional) executeHTTPRequestBidirectional(ctx context.Context, cjSession *ConjureSession, payload []byte) (*pb.RegistrationResponse, error) {
+	// Create an instance of the ConjureReg struct to return; this will hold the updated phantom4 and phantom6 addresses received from registrar response
+	regResp := &pb.RegistrationResponse{}
+	// Make new HTTP request with given context, registrar, and paylaod
+	req, err := http.NewRequestWithContext(ctx, "POST", r.Endpoint, bytes.NewReader(payload))
+	if err != nil {
+		Logger().Warnf("%v failed to create HTTP request to registration endpoint %s: %v", cjSession.IDString(), r.Endpoint, err)
+		return regResp, err
+	}
+
+	resp, err := r.Client.Do(req)
+	if err != nil {
+		Logger().Warnf("%v failed to do HTTP request to registration endpoint %s: %v", cjSession.IDString(), r.Endpoint, err)
+		return regResp, err
+	}
+	defer resp.Body.Close()
+
+	// Check that the HTTP request returned a success code
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		Logger().Warnf("%v got non-success response code %d from registration endpoint %v", cjSession.IDString(), resp.StatusCode, r.Endpoint)
+		return regResp, fmt.Errorf("non-success response code %d on %s", resp.StatusCode, r.Endpoint)
+	}
+
+	// Read the HTTP response body into []bytes
+	bodyBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		Logger().Warnf("error in serializing Registrtion Response protobuf in bytes: %v", err)
+		return regResp, err
+	}
+
+	// Unmarshal response body into Registration Response protobuf
+	if err = proto.Unmarshal(bodyBytes, regResp); err != nil {
+		Logger().Warnf("error in storing Registrtion Response protobuf: %v", err)
+		return regResp, err
+	}
+
+	return regResp, nil
+}
+
+func (r APIRegistrarBidirectional) unpackRegResp(reg *ConjureReg, regResp *pb.RegistrationResponse) *ConjureReg {
+	if reg.v6Support == v4 {
+		// Save the ipv4address in the Conjure Reg struct (phantom4) to return
+		ip4 := make(net.IP, 4)
+		addr4 := regResp.GetIpv4Addr()
+		binary.BigEndian.PutUint32(ip4, addr4)
+		reg.phantom4 = &ip4
+	} else if reg.v6Support == v6 {
+		// Save the ipv6address in the Conjure Reg struct (phantom6) to return
+		addr6 := net.IP(regResp.GetIpv6Addr())
+		reg.phantom6 = &addr6
+	} else {
+		// Case where cjSession.V6Support == both
+		// Save the ipv4address in the Conjure Reg struct (phantom4) to return
+		ip4 := make(net.IP, 4)
+		addr4 := regResp.GetIpv4Addr()
+		binary.BigEndian.PutUint32(ip4, addr4)
+		reg.phantom4 = &ip4
+
+		// Save the ipv6address in the Conjure Reg struct (phantom6) to return
+		addr6 := net.IP(regResp.GetIpv6Addr())
+		reg.phantom6 = &addr6
+	}
+
+	return reg
+}
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go
new file mode 100644
index 000000000..e4dfb1205
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go
@@ -0,0 +1,276 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package protodesc provides functionality for converting
+// FileDescriptorProto messages to/from protoreflect.FileDescriptor values.
+//
+// The google.protobuf.FileDescriptorProto is a protobuf message that describes
+// the type information for a .proto file in a form that is easily serializable.
+// The protoreflect.FileDescriptor is a more structured representation of
+// the FileDescriptorProto message where references and remote dependencies
+// can be directly followed.
+package protodesc
+
+import (
+	"google.golang.org/protobuf/internal/errors"
+	"google.golang.org/protobuf/internal/filedesc"
+	"google.golang.org/protobuf/internal/pragma"
+	"google.golang.org/protobuf/internal/strs"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/reflect/protoregistry"
+
+	"google.golang.org/protobuf/types/descriptorpb"
+)
+
+// Resolver is the resolver used by NewFile to resolve dependencies.
+// The enums and messages provided must belong to some parent file,
+// which is also registered.
+//
+// It is implemented by protoregistry.Files.
+type Resolver interface {
+	FindFileByPath(string) (protoreflect.FileDescriptor, error)
+	FindDescriptorByName(protoreflect.FullName) (protoreflect.Descriptor, error)
+}
+
+// FileOptions configures the construction of file descriptors.
+type FileOptions struct {
+	pragma.NoUnkeyedLiterals
+
+	// AllowUnresolvable configures New to permissively allow unresolvable
+	// file, enum, or message dependencies. Unresolved dependencies are replaced
+	// by placeholder equivalents.
+	//
+	// The following dependencies may be left unresolved:
+	//	• Resolving an imported file.
+	//	• Resolving the type for a message field or extension field.
+	//	If the kind of the field is unknown, then a placeholder is used for both
+	//	the Enum and Message accessors on the protoreflect.FieldDescriptor.
+	//	• Resolving an enum value set as the default for an optional enum field.
+	//	If unresolvable, the protoreflect.FieldDescriptor.Default is set to the
+	//	first value in the associated enum (or zero if the also enum dependency
+	//	is also unresolvable). The protoreflect.FieldDescriptor.DefaultEnumValue
+	//	is populated with a placeholder.
+	//	• Resolving the extended message type for an extension field.
+	//	• Resolving the input or output message type for a service method.
+	//
+	// If the unresolved dependency uses a relative name,
+	// then the placeholder will contain an invalid FullName with a "*." prefix,
+	// indicating that the starting prefix of the full name is unknown.
+	AllowUnresolvable bool
+}
+
+// NewFile creates a new protoreflect.FileDescriptor from the provided
+// file descriptor message. See FileOptions.New for more information.
+func NewFile(fd *descriptorpb.FileDescriptorProto, r Resolver) (protoreflect.FileDescriptor, error) {
+	return FileOptions{}.New(fd, r)
+}
+
+// NewFiles creates a new protoregistry.Files from the provided
+// FileDescriptorSet message. See FileOptions.NewFiles for more information.
+func NewFiles(fd *descriptorpb.FileDescriptorSet) (*protoregistry.Files, error) {
+	return FileOptions{}.NewFiles(fd)
+}
+
+// New creates a new protoreflect.FileDescriptor from the provided
+// file descriptor message. The file must represent a valid proto file according
+// to protobuf semantics. The returned descriptor is a deep copy of the input.
+//
+// Any imported files, enum types, or message types referenced in the file are
+// resolved using the provided registry. When looking up an import file path,
+// the path must be unique. The newly created file descriptor is not registered
+// back into the provided file registry.
+func (o FileOptions) New(fd *descriptorpb.FileDescriptorProto, r Resolver) (protoreflect.FileDescriptor, error) {
+	if r == nil {
+		r = (*protoregistry.Files)(nil) // empty resolver
+	}
+
+	// Handle the file descriptor content.
+	f := &filedesc.File{L2: &filedesc.FileL2{}}
+	switch fd.GetSyntax() {
+	case "proto2", "":
+		f.L1.Syntax = protoreflect.Proto2
+	case "proto3":
+		f.L1.Syntax = protoreflect.Proto3
+	default:
+		return nil, errors.New("invalid syntax: %q", fd.GetSyntax())
+	}
+	f.L1.Path = fd.GetName()
+	if f.L1.Path == "" {
+		return nil, errors.New("file path must be populated")
+	}
+	f.L1.Package = protoreflect.FullName(fd.GetPackage())
+	if !f.L1.Package.IsValid() && f.L1.Package != "" {
+		return nil, errors.New("invalid package: %q", f.L1.Package)
+	}
+	if opts := fd.GetOptions(); opts != nil {
+		opts = proto.Clone(opts).(*descriptorpb.FileOptions)
+		f.L2.Options = func() protoreflect.ProtoMessage { return opts }
+	}
+
+	f.L2.Imports = make(filedesc.FileImports, len(fd.GetDependency()))
+	for _, i := range fd.GetPublicDependency() {
+		if !(0 <= i && int(i) < len(f.L2.Imports)) || f.L2.Imports[i].IsPublic {
+			return nil, errors.New("invalid or duplicate public import index: %d", i)
+		}
+		f.L2.Imports[i].IsPublic = true
+	}
+	for _, i := range fd.GetWeakDependency() {
+		if !(0 <= i && int(i) < len(f.L2.Imports)) || f.L2.Imports[i].IsWeak {
+			return nil, errors.New("invalid or duplicate weak import index: %d", i)
+		}
+		f.L2.Imports[i].IsWeak = true
+	}
+	imps := importSet{f.Path(): true}
+	for i, path := range fd.GetDependency() {
+		imp := &f.L2.Imports[i]
+		f, err := r.FindFileByPath(path)
+		if err == protoregistry.NotFound && (o.AllowUnresolvable || imp.IsWeak) {
+			f = filedesc.PlaceholderFile(path)
+		} else if err != nil {
+			return nil, errors.New("could not resolve import %q: %v", path, err)
+		}
+		imp.FileDescriptor = f
+
+		if imps[imp.Path()] {
+			return nil, errors.New("already imported %q", path)
+		}
+		imps[imp.Path()] = true
+	}
+	for i := range fd.GetDependency() {
+		imp := &f.L2.Imports[i]
+		imps.importPublic(imp.Imports())
+	}
+
+	// Handle source locations.
+	f.L2.Locations.File = f
+	for _, loc := range fd.GetSourceCodeInfo().GetLocation() {
+		var l protoreflect.SourceLocation
+		// TODO: Validate that the path points to an actual declaration?
+		l.Path = protoreflect.SourcePath(loc.GetPath())
+		s := loc.GetSpan()
+		switch len(s) {
+		case 3:
+			l.StartLine, l.StartColumn, l.EndLine, l.EndColumn = int(s[0]), int(s[1]), int(s[0]), int(s[2])
+		case 4:
+			l.StartLine, l.StartColumn, l.EndLine, l.EndColumn = int(s[0]), int(s[1]), int(s[2]), int(s[3])
+		default:
+			return nil, errors.New("invalid span: %v", s)
+		}
+		// TODO: Validate that the span information is sensible?
+		// See https://github.com/protocolbuffers/protobuf/issues/6378.
+		if false && (l.EndLine < l.StartLine || l.StartLine < 0 || l.StartColumn < 0 || l.EndColumn < 0 ||
+			(l.StartLine == l.EndLine && l.EndColumn <= l.StartColumn)) {
+			return nil, errors.New("invalid span: %v", s)
+		}
+		l.LeadingDetachedComments = loc.GetLeadingDetachedComments()
+		l.LeadingComments = loc.GetLeadingComments()
+		l.TrailingComments = loc.GetTrailingComments()
+		f.L2.Locations.List = append(f.L2.Locations.List, l)
+	}
+
+	// Step 1: Allocate and derive the names for all declarations.
+	// This copies all fields from the descriptor proto except:
+	//	google.protobuf.FieldDescriptorProto.type_name
+	//	google.protobuf.FieldDescriptorProto.default_value
+	//	google.protobuf.FieldDescriptorProto.oneof_index
+	//	google.protobuf.FieldDescriptorProto.extendee
+	//	google.protobuf.MethodDescriptorProto.input
+	//	google.protobuf.MethodDescriptorProto.output
+	var err error
+	sb := new(strs.Builder)
+	r1 := make(descsByName)
+	if f.L1.Enums.List, err = r1.initEnumDeclarations(fd.GetEnumType(), f, sb); err != nil {
+		return nil, err
+	}
+	if f.L1.Messages.List, err = r1.initMessagesDeclarations(fd.GetMessageType(), f, sb); err != nil {
+		return nil, err
+	}
+	if f.L1.Extensions.List, err = r1.initExtensionDeclarations(fd.GetExtension(), f, sb); err != nil {
+		return nil, err
+	}
+	if f.L1.Services.List, err = r1.initServiceDeclarations(fd.GetService(), f, sb); err != nil {
+		return nil, err
+	}
+
+	// Step 2: Resolve every dependency reference not handled by step 1.
+	r2 := &resolver{local: r1, remote: r, imports: imps, allowUnresolvable: o.AllowUnresolvable}
+	if err := r2.resolveMessageDependencies(f.L1.Messages.List, fd.GetMessageType()); err != nil {
+		return nil, err
+	}
+	if err := r2.resolveExtensionDependencies(f.L1.Extensions.List, fd.GetExtension()); err != nil {
+		return nil, err
+	}
+	if err := r2.resolveServiceDependencies(f.L1.Services.List, fd.GetService()); err != nil {
+		return nil, err
+	}
+
+	// Step 3: Validate every enum, message, and extension declaration.
+	if err := validateEnumDeclarations(f.L1.Enums.List, fd.GetEnumType()); err != nil {
+		return nil, err
+	}
+	if err := validateMessageDeclarations(f.L1.Messages.List, fd.GetMessageType()); err != nil {
+		return nil, err
+	}
+	if err := validateExtensionDeclarations(f.L1.Extensions.List, fd.GetExtension()); err != nil {
+		return nil, err
+	}
+
+	return f, nil
+}
+
+type importSet map[string]bool
+
+func (is importSet) importPublic(imps protoreflect.FileImports) {
+	for i := 0; i < imps.Len(); i++ {
+		if imp := imps.Get(i); imp.IsPublic {
+			is[imp.Path()] = true
+			is.importPublic(imp.Imports())
+		}
+	}
+}
+
+// NewFiles creates a new protoregistry.Files from the provided
+// FileDescriptorSet message. The descriptor set must include only
+// valid files according to protobuf semantics. The returned descriptors
+// are a deep copy of the input.
+func (o FileOptions) NewFiles(fds *descriptorpb.FileDescriptorSet) (*protoregistry.Files, error) {
+	files := make(map[string]*descriptorpb.FileDescriptorProto)
+	for _, fd := range fds.File {
+		if _, ok := files[fd.GetName()]; ok {
+			return nil, errors.New("file appears multiple times: %q", fd.GetName())
+		}
+		files[fd.GetName()] = fd
+	}
+	r := &protoregistry.Files{}
+	for _, fd := range files {
+		if err := o.addFileDeps(r, fd, files); err != nil {
+			return nil, err
+		}
+	}
+	return r, nil
+}
+func (o FileOptions) addFileDeps(r *protoregistry.Files, fd *descriptorpb.FileDescriptorProto, files map[string]*descriptorpb.FileDescriptorProto) error {
+	// Set the entry to nil while descending into a file's dependencies to detect cycles.
+	files[fd.GetName()] = nil
+	for _, dep := range fd.Dependency {
+		depfd, ok := files[dep]
+		if depfd == nil {
+			if ok {
+				return errors.New("import cycle in file: %q", dep)
+			}
+			continue
+		}
+		if err := o.addFileDeps(r, depfd, files); err != nil {
+			return err
+		}
+	}
+	// Delete the entry once dependencies are processed.
+	delete(files, fd.GetName())
+	f, err := o.New(fd, r)
+	if err != nil {
+		return err
+	}
+	return r.RegisterFile(f)
+}
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go
new file mode 100644
index 000000000..37efda1af
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go
@@ -0,0 +1,248 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package protodesc
+
+import (
+	"google.golang.org/protobuf/internal/errors"
+	"google.golang.org/protobuf/internal/filedesc"
+	"google.golang.org/protobuf/internal/strs"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+
+	"google.golang.org/protobuf/types/descriptorpb"
+)
+
+type descsByName map[protoreflect.FullName]protoreflect.Descriptor
+
+func (r descsByName) initEnumDeclarations(eds []*descriptorpb.EnumDescriptorProto, parent protoreflect.Descriptor, sb *strs.Builder) (es []filedesc.Enum, err error) {
+	es = make([]filedesc.Enum, len(eds)) // allocate up-front to ensure stable pointers
+	for i, ed := range eds {
+		e := &es[i]
+		e.L2 = new(filedesc.EnumL2)
+		if e.L0, err = r.makeBase(e, parent, ed.GetName(), i, sb); err != nil {
+			return nil, err
+		}
+		if opts := ed.GetOptions(); opts != nil {
+			opts = proto.Clone(opts).(*descriptorpb.EnumOptions)
+			e.L2.Options = func() protoreflect.ProtoMessage { return opts }
+		}
+		for _, s := range ed.GetReservedName() {
+			e.L2.ReservedNames.List = append(e.L2.ReservedNames.List, protoreflect.Name(s))
+		}
+		for _, rr := range ed.GetReservedRange() {
+			e.L2.ReservedRanges.List = append(e.L2.ReservedRanges.List, [2]protoreflect.EnumNumber{
+				protoreflect.EnumNumber(rr.GetStart()),
+				protoreflect.EnumNumber(rr.GetEnd()),
+			})
+		}
+		if e.L2.Values.List, err = r.initEnumValuesFromDescriptorProto(ed.GetValue(), e, sb); err != nil {
+			return nil, err
+		}
+	}
+	return es, nil
+}
+
+func (r descsByName) initEnumValuesFromDescriptorProto(vds []*descriptorpb.EnumValueDescriptorProto, parent protoreflect.Descriptor, sb *strs.Builder) (vs []filedesc.EnumValue, err error) {
+	vs = make([]filedesc.EnumValue, len(vds)) // allocate up-front to ensure stable pointers
+	for i, vd := range vds {
+		v := &vs[i]
+		if v.L0, err = r.makeBase(v, parent, vd.GetName(), i, sb); err != nil {
+			return nil, err
+		}
+		if opts := vd.GetOptions(); opts != nil {
+			opts = proto.Clone(opts).(*descriptorpb.EnumValueOptions)
+			v.L1.Options = func() protoreflect.ProtoMessage { return opts }
+		}
+		v.L1.Number = protoreflect.EnumNumber(vd.GetNumber())
+	}
+	return vs, nil
+}
+
+func (r descsByName) initMessagesDeclarations(mds []*descriptorpb.DescriptorProto, parent protoreflect.Descriptor, sb *strs.Builder) (ms []filedesc.Message, err error) {
+	ms = make([]filedesc.Message, len(mds)) // allocate up-front to ensure stable pointers
+	for i, md := range mds {
+		m := &ms[i]
+		m.L2 = new(filedesc.MessageL2)
+		if m.L0, err = r.makeBase(m, parent, md.GetName(), i, sb); err != nil {
+			return nil, err
+		}
+		if opts := md.GetOptions(); opts != nil {
+			opts = proto.Clone(opts).(*descriptorpb.MessageOptions)
+			m.L2.Options = func() protoreflect.ProtoMessage { return opts }
+			m.L1.IsMapEntry = opts.GetMapEntry()
+			m.L1.IsMessageSet = opts.GetMessageSetWireFormat()
+		}
+		for _, s := range md.GetReservedName() {
+			m.L2.ReservedNames.List = append(m.L2.ReservedNames.List, protoreflect.Name(s))
+		}
+		for _, rr := range md.GetReservedRange() {
+			m.L2.ReservedRanges.List = append(m.L2.ReservedRanges.List, [2]protoreflect.FieldNumber{
+				protoreflect.FieldNumber(rr.GetStart()),
+				protoreflect.FieldNumber(rr.GetEnd()),
+			})
+		}
+		for _, xr := range md.GetExtensionRange() {
+			m.L2.ExtensionRanges.List = append(m.L2.ExtensionRanges.List, [2]protoreflect.FieldNumber{
+				protoreflect.FieldNumber(xr.GetStart()),
+				protoreflect.FieldNumber(xr.GetEnd()),
+			})
+			var optsFunc func() protoreflect.ProtoMessage
+			if opts := xr.GetOptions(); opts != nil {
+				opts = proto.Clone(opts).(*descriptorpb.ExtensionRangeOptions)
+				optsFunc = func() protoreflect.ProtoMessage { return opts }
+			}
+			m.L2.ExtensionRangeOptions = append(m.L2.ExtensionRangeOptions, optsFunc)
+		}
+		if m.L2.Fields.List, err = r.initFieldsFromDescriptorProto(md.GetField(), m, sb); err != nil {
+			return nil, err
+		}
+		if m.L2.Oneofs.List, err = r.initOneofsFromDescriptorProto(md.GetOneofDecl(), m, sb); err != nil {
+			return nil, err
+		}
+		if m.L1.Enums.List, err = r.initEnumDeclarations(md.GetEnumType(), m, sb); err != nil {
+			return nil, err
+		}
+		if m.L1.Messages.List, err = r.initMessagesDeclarations(md.GetNestedType(), m, sb); err != nil {
+			return nil, err
+		}
+		if m.L1.Extensions.List, err = r.initExtensionDeclarations(md.GetExtension(), m, sb); err != nil {
+			return nil, err
+		}
+	}
+	return ms, nil
+}
+
+func (r descsByName) initFieldsFromDescriptorProto(fds []*descriptorpb.FieldDescriptorProto, parent protoreflect.Descriptor, sb *strs.Builder) (fs []filedesc.Field, err error) {
+	fs = make([]filedesc.Field, len(fds)) // allocate up-front to ensure stable pointers
+	for i, fd := range fds {
+		f := &fs[i]
+		if f.L0, err = r.makeBase(f, parent, fd.GetName(), i, sb); err != nil {
+			return nil, err
+		}
+		f.L1.IsProto3Optional = fd.GetProto3Optional()
+		if opts := fd.GetOptions(); opts != nil {
+			opts = proto.Clone(opts).(*descriptorpb.FieldOptions)
+			f.L1.Options = func() protoreflect.ProtoMessage { return opts }
+			f.L1.IsWeak = opts.GetWeak()
+			f.L1.HasPacked = opts.Packed != nil
+			f.L1.IsPacked = opts.GetPacked()
+		}
+		f.L1.Number = protoreflect.FieldNumber(fd.GetNumber())
+		f.L1.Cardinality = protoreflect.Cardinality(fd.GetLabel())
+		if fd.Type != nil {
+			f.L1.Kind = protoreflect.Kind(fd.GetType())
+		}
+		if fd.JsonName != nil {
+			f.L1.StringName.InitJSON(fd.GetJsonName())
+		}
+	}
+	return fs, nil
+}
+
+func (r descsByName) initOneofsFromDescriptorProto(ods []*descriptorpb.OneofDescriptorProto, parent protoreflect.Descriptor, sb *strs.Builder) (os []filedesc.Oneof, err error) {
+	os = make([]filedesc.Oneof, len(ods)) // allocate up-front to ensure stable pointers
+	for i, od := range ods {
+		o := &os[i]
+		if o.L0, err = r.makeBase(o, parent, od.GetName(), i, sb); err != nil {
+			return nil, err
+		}
+		if opts := od.GetOptions(); opts != nil {
+			opts = proto.Clone(opts).(*descriptorpb.OneofOptions)
+			o.L1.Options = func() protoreflect.ProtoMessage { return opts }
+		}
+	}
+	return os, nil
+}
+
+func (r descsByName) initExtensionDeclarations(xds []*descriptorpb.FieldDescriptorProto, parent protoreflect.Descriptor, sb *strs.Builder) (xs []filedesc.Extension, err error) {
+	xs = make([]filedesc.Extension, len(xds)) // allocate up-front to ensure stable pointers
+	for i, xd := range xds {
+		x := &xs[i]
+		x.L2 = new(filedesc.ExtensionL2)
+		if x.L0, err = r.makeBase(x, parent, xd.GetName(), i, sb); err != nil {
+			return nil, err
+		}
+		if opts := xd.GetOptions(); opts != nil {
+			opts = proto.Clone(opts).(*descriptorpb.FieldOptions)
+			x.L2.Options = func() protoreflect.ProtoMessage { return opts }
+			x.L2.IsPacked = opts.GetPacked()
+		}
+		x.L1.Number = protoreflect.FieldNumber(xd.GetNumber())
+		x.L1.Cardinality = protoreflect.Cardinality(xd.GetLabel())
+		if xd.Type != nil {
+			x.L1.Kind = protoreflect.Kind(xd.GetType())
+		}
+		if xd.JsonName != nil {
+			x.L2.StringName.InitJSON(xd.GetJsonName())
+		}
+	}
+	return xs, nil
+}
+
+func (r descsByName) initServiceDeclarations(sds []*descriptorpb.ServiceDescriptorProto, parent protoreflect.Descriptor, sb *strs.Builder) (ss []filedesc.Service, err error) {
+	ss = make([]filedesc.Service, len(sds)) // allocate up-front to ensure stable pointers
+	for i, sd := range sds {
+		s := &ss[i]
+		s.L2 = new(filedesc.ServiceL2)
+		if s.L0, err = r.makeBase(s, parent, sd.GetName(), i, sb); err != nil {
+			return nil, err
+		}
+		if opts := sd.GetOptions(); opts != nil {
+			opts = proto.Clone(opts).(*descriptorpb.ServiceOptions)
+			s.L2.Options = func() protoreflect.ProtoMessage { return opts }
+		}
+		if s.L2.Methods.List, err = r.initMethodsFromDescriptorProto(sd.GetMethod(), s, sb); err != nil {
+			return nil, err
+		}
+	}
+	return ss, nil
+}
+
+func (r descsByName) initMethodsFromDescriptorProto(mds []*descriptorpb.MethodDescriptorProto, parent protoreflect.Descriptor, sb *strs.Builder) (ms []filedesc.Method, err error) {
+	ms = make([]filedesc.Method, len(mds)) // allocate up-front to ensure stable pointers
+	for i, md := range mds {
+		m := &ms[i]
+		if m.L0, err = r.makeBase(m, parent, md.GetName(), i, sb); err != nil {
+			return nil, err
+		}
+		if opts := md.GetOptions(); opts != nil {
+			opts = proto.Clone(opts).(*descriptorpb.MethodOptions)
+			m.L1.Options = func() protoreflect.ProtoMessage { return opts }
+		}
+		m.L1.IsStreamingClient = md.GetClientStreaming()
+		m.L1.IsStreamingServer = md.GetServerStreaming()
+	}
+	return ms, nil
+}
+
+func (r descsByName) makeBase(child, parent protoreflect.Descriptor, name string, idx int, sb *strs.Builder) (filedesc.BaseL0, error) {
+	if !protoreflect.Name(name).IsValid() {
+		return filedesc.BaseL0{}, errors.New("descriptor %q has an invalid nested name: %q", parent.FullName(), name)
+	}
+
+	// Derive the full name of the child.
+	// Note that enum values are a sibling to the enum parent in the namespace.
+	var fullName protoreflect.FullName
+	if _, ok := parent.(protoreflect.EnumDescriptor); ok {
+		fullName = sb.AppendFullName(parent.FullName().Parent(), protoreflect.Name(name))
+	} else {
+		fullName = sb.AppendFullName(parent.FullName(), protoreflect.Name(name))
+	}
+	if _, ok := r[fullName]; ok {
+		return filedesc.BaseL0{}, errors.New("descriptor %q already declared", fullName)
+	}
+	r[fullName] = child
+
+	// TODO: Verify that the full name does not already exist in the resolver?
+	// This is not as critical since most usages of NewFile will register
+	// the created file back into the registry, which will perform this check.
+
+	return filedesc.BaseL0{
+		FullName:   fullName,
+		ParentFile: parent.ParentFile().(*filedesc.File),
+		Parent:     parent,
+		Index:      idx,
+	}, nil
+}
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go
new file mode 100644
index 000000000..cebb36cda
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go
@@ -0,0 +1,286 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package protodesc
+
+import (
+	"google.golang.org/protobuf/internal/encoding/defval"
+	"google.golang.org/protobuf/internal/errors"
+	"google.golang.org/protobuf/internal/filedesc"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/reflect/protoregistry"
+
+	"google.golang.org/protobuf/types/descriptorpb"
+)
+
+// resolver is a wrapper around a local registry of declarations within the file
+// and the remote resolver. The remote resolver is restricted to only return
+// descriptors that have been imported.
+type resolver struct {
+	local   descsByName
+	remote  Resolver
+	imports importSet
+
+	allowUnresolvable bool
+}
+
+func (r *resolver) resolveMessageDependencies(ms []filedesc.Message, mds []*descriptorpb.DescriptorProto) (err error) {
+	for i, md := range mds {
+		m := &ms[i]
+		for j, fd := range md.GetField() {
+			f := &m.L2.Fields.List[j]
+			if f.L1.Cardinality == protoreflect.Required {
+				m.L2.RequiredNumbers.List = append(m.L2.RequiredNumbers.List, f.L1.Number)
+			}
+			if fd.OneofIndex != nil {
+				k := int(fd.GetOneofIndex())
+				if !(0 <= k && k < len(md.GetOneofDecl())) {
+					return errors.New("message field %q has an invalid oneof index: %d", f.FullName(), k)
+				}
+				o := &m.L2.Oneofs.List[k]
+				f.L1.ContainingOneof = o
+				o.L1.Fields.List = append(o.L1.Fields.List, f)
+			}
+
+			if f.L1.Kind, f.L1.Enum, f.L1.Message, err = r.findTarget(f.Kind(), f.Parent().FullName(), partialName(fd.GetTypeName()), f.IsWeak()); err != nil {
+				return errors.New("message field %q cannot resolve type: %v", f.FullName(), err)
+			}
+			if fd.DefaultValue != nil {
+				v, ev, err := unmarshalDefault(fd.GetDefaultValue(), f, r.allowUnresolvable)
+				if err != nil {
+					return errors.New("message field %q has invalid default: %v", f.FullName(), err)
+				}
+				f.L1.Default = filedesc.DefaultValue(v, ev)
+			}
+		}
+
+		if err := r.resolveMessageDependencies(m.L1.Messages.List, md.GetNestedType()); err != nil {
+			return err
+		}
+		if err := r.resolveExtensionDependencies(m.L1.Extensions.List, md.GetExtension()); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (r *resolver) resolveExtensionDependencies(xs []filedesc.Extension, xds []*descriptorpb.FieldDescriptorProto) (err error) {
+	for i, xd := range xds {
+		x := &xs[i]
+		if x.L1.Extendee, err = r.findMessageDescriptor(x.Parent().FullName(), partialName(xd.GetExtendee()), false); err != nil {
+			return errors.New("extension field %q cannot resolve extendee: %v", x.FullName(), err)
+		}
+		if x.L1.Kind, x.L2.Enum, x.L2.Message, err = r.findTarget(x.Kind(), x.Parent().FullName(), partialName(xd.GetTypeName()), false); err != nil {
+			return errors.New("extension field %q cannot resolve type: %v", x.FullName(), err)
+		}
+		if xd.DefaultValue != nil {
+			v, ev, err := unmarshalDefault(xd.GetDefaultValue(), x, r.allowUnresolvable)
+			if err != nil {
+				return errors.New("extension field %q has invalid default: %v", x.FullName(), err)
+			}
+			x.L2.Default = filedesc.DefaultValue(v, ev)
+		}
+	}
+	return nil
+}
+
+func (r *resolver) resolveServiceDependencies(ss []filedesc.Service, sds []*descriptorpb.ServiceDescriptorProto) (err error) {
+	for i, sd := range sds {
+		s := &ss[i]
+		for j, md := range sd.GetMethod() {
+			m := &s.L2.Methods.List[j]
+			m.L1.Input, err = r.findMessageDescriptor(m.Parent().FullName(), partialName(md.GetInputType()), false)
+			if err != nil {
+				return errors.New("service method %q cannot resolve input: %v", m.FullName(), err)
+			}
+			m.L1.Output, err = r.findMessageDescriptor(s.FullName(), partialName(md.GetOutputType()), false)
+			if err != nil {
+				return errors.New("service method %q cannot resolve output: %v", m.FullName(), err)
+			}
+		}
+	}
+	return nil
+}
+
+// findTarget finds an enum or message descriptor if k is an enum, message,
+// group, or unknown. If unknown, and the name could be resolved, the kind
+// returned kind is set based on the type of the resolved descriptor.
+func (r *resolver) findTarget(k protoreflect.Kind, scope protoreflect.FullName, ref partialName, isWeak bool) (protoreflect.Kind, protoreflect.EnumDescriptor, protoreflect.MessageDescriptor, error) {
+	switch k {
+	case protoreflect.EnumKind:
+		ed, err := r.findEnumDescriptor(scope, ref, isWeak)
+		if err != nil {
+			return 0, nil, nil, err
+		}
+		return k, ed, nil, nil
+	case protoreflect.MessageKind, protoreflect.GroupKind:
+		md, err := r.findMessageDescriptor(scope, ref, isWeak)
+		if err != nil {
+			return 0, nil, nil, err
+		}
+		return k, nil, md, nil
+	case 0:
+		// Handle unspecified kinds (possible with parsers that operate
+		// on a per-file basis without knowledge of dependencies).
+		d, err := r.findDescriptor(scope, ref)
+		if err == protoregistry.NotFound && (r.allowUnresolvable || isWeak) {
+			return k, filedesc.PlaceholderEnum(ref.FullName()), filedesc.PlaceholderMessage(ref.FullName()), nil
+		} else if err == protoregistry.NotFound {
+			return 0, nil, nil, errors.New("%q not found", ref.FullName())
+		} else if err != nil {
+			return 0, nil, nil, err
+		}
+		switch d := d.(type) {
+		case protoreflect.EnumDescriptor:
+			return protoreflect.EnumKind, d, nil, nil
+		case protoreflect.MessageDescriptor:
+			return protoreflect.MessageKind, nil, d, nil
+		default:
+			return 0, nil, nil, errors.New("unknown kind")
+		}
+	default:
+		if ref != "" {
+			return 0, nil, nil, errors.New("target name cannot be specified for %v", k)
+		}
+		if !k.IsValid() {
+			return 0, nil, nil, errors.New("invalid kind: %d", k)
+		}
+		return k, nil, nil, nil
+	}
+}
+
+// findDescriptor finds the descriptor by name,
+// which may be a relative name within some scope.
+//
+// Suppose the scope was "fizz.buzz" and the reference was "Foo.Bar",
+// then the following full names are searched:
+//	* fizz.buzz.Foo.Bar
+//	* fizz.Foo.Bar
+//	* Foo.Bar
+func (r *resolver) findDescriptor(scope protoreflect.FullName, ref partialName) (protoreflect.Descriptor, error) {
+	if !ref.IsValid() {
+		return nil, errors.New("invalid name reference: %q", ref)
+	}
+	if ref.IsFull() {
+		scope, ref = "", ref[1:]
+	}
+	var foundButNotImported protoreflect.Descriptor
+	for {
+		// Derive the full name to search.
+		s := protoreflect.FullName(ref)
+		if scope != "" {
+			s = scope + "." + s
+		}
+
+		// Check the current file for the descriptor.
+		if d, ok := r.local[s]; ok {
+			return d, nil
+		}
+
+		// Check the remote registry for the descriptor.
+		d, err := r.remote.FindDescriptorByName(s)
+		if err == nil {
+			// Only allow descriptors covered by one of the imports.
+			if r.imports[d.ParentFile().Path()] {
+				return d, nil
+			}
+			foundButNotImported = d
+		} else if err != protoregistry.NotFound {
+			return nil, errors.Wrap(err, "%q", s)
+		}
+
+		// Continue on at a higher level of scoping.
+		if scope == "" {
+			if d := foundButNotImported; d != nil {
+				return nil, errors.New("resolved %q, but %q is not imported", d.FullName(), d.ParentFile().Path())
+			}
+			return nil, protoregistry.NotFound
+		}
+		scope = scope.Parent()
+	}
+}
+
+func (r *resolver) findEnumDescriptor(scope protoreflect.FullName, ref partialName, isWeak bool) (protoreflect.EnumDescriptor, error) {
+	d, err := r.findDescriptor(scope, ref)
+	if err == protoregistry.NotFound && (r.allowUnresolvable || isWeak) {
+		return filedesc.PlaceholderEnum(ref.FullName()), nil
+	} else if err == protoregistry.NotFound {
+		return nil, errors.New("%q not found", ref.FullName())
+	} else if err != nil {
+		return nil, err
+	}
+	ed, ok := d.(protoreflect.EnumDescriptor)
+	if !ok {
+		return nil, errors.New("resolved %q, but it is not an enum", d.FullName())
+	}
+	return ed, nil
+}
+
+func (r *resolver) findMessageDescriptor(scope protoreflect.FullName, ref partialName, isWeak bool) (protoreflect.MessageDescriptor, error) {
+	d, err := r.findDescriptor(scope, ref)
+	if err == protoregistry.NotFound && (r.allowUnresolvable || isWeak) {
+		return filedesc.PlaceholderMessage(ref.FullName()), nil
+	} else if err == protoregistry.NotFound {
+		return nil, errors.New("%q not found", ref.FullName())
+	} else if err != nil {
+		return nil, err
+	}
+	md, ok := d.(protoreflect.MessageDescriptor)
+	if !ok {
+		return nil, errors.New("resolved %q, but it is not an message", d.FullName())
+	}
+	return md, nil
+}
+
+// partialName is the partial name. A leading dot means that the name is full,
+// otherwise the name is relative to some current scope.
+// See google.protobuf.FieldDescriptorProto.type_name.
+type partialName string
+
+func (s partialName) IsFull() bool {
+	return len(s) > 0 && s[0] == '.'
+}
+
+func (s partialName) IsValid() bool {
+	if s.IsFull() {
+		return protoreflect.FullName(s[1:]).IsValid()
+	}
+	return protoreflect.FullName(s).IsValid()
+}
+
+const unknownPrefix = "*."
+
+// FullName converts the partial name to a full name on a best-effort basis.
+// If relative, it creates an invalid full name, using a "*." prefix
+// to indicate that the start of the full name is unknown.
+func (s partialName) FullName() protoreflect.FullName {
+	if s.IsFull() {
+		return protoreflect.FullName(s[1:])
+	}
+	return protoreflect.FullName(unknownPrefix + s)
+}
+
+func unmarshalDefault(s string, fd protoreflect.FieldDescriptor, allowUnresolvable bool) (protoreflect.Value, protoreflect.EnumValueDescriptor, error) {
+	var evs protoreflect.EnumValueDescriptors
+	if fd.Enum() != nil {
+		evs = fd.Enum().Values()
+	}
+	v, ev, err := defval.Unmarshal(s, fd.Kind(), evs, defval.Descriptor)
+	if err != nil && allowUnresolvable && evs != nil && protoreflect.Name(s).IsValid() {
+		v = protoreflect.ValueOfEnum(0)
+		if evs.Len() > 0 {
+			v = protoreflect.ValueOfEnum(evs.Get(0).Number())
+		}
+		ev = filedesc.PlaceholderEnumValue(fd.Enum().FullName().Parent().Append(protoreflect.Name(s)))
+	} else if err != nil {
+		return v, ev, err
+	}
+	if fd.Syntax() == protoreflect.Proto3 {
+		return v, ev, errors.New("cannot be specified under proto3 semantics")
+	}
+	if fd.Kind() == protoreflect.MessageKind || fd.Kind() == protoreflect.GroupKind || fd.Cardinality() == protoreflect.Repeated {
+		return v, ev, errors.New("cannot be specified on composite types")
+	}
+	return v, ev, nil
+}
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go
new file mode 100644
index 000000000..9af1d5648
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go
@@ -0,0 +1,374 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package protodesc
+
+import (
+	"strings"
+	"unicode"
+
+	"google.golang.org/protobuf/encoding/protowire"
+	"google.golang.org/protobuf/internal/errors"
+	"google.golang.org/protobuf/internal/filedesc"
+	"google.golang.org/protobuf/internal/flags"
+	"google.golang.org/protobuf/internal/genid"
+	"google.golang.org/protobuf/internal/strs"
+	"google.golang.org/protobuf/reflect/protoreflect"
+
+	"google.golang.org/protobuf/types/descriptorpb"
+)
+
+func validateEnumDeclarations(es []filedesc.Enum, eds []*descriptorpb.EnumDescriptorProto) error {
+	for i, ed := range eds {
+		e := &es[i]
+		if err := e.L2.ReservedNames.CheckValid(); err != nil {
+			return errors.New("enum %q reserved names has %v", e.FullName(), err)
+		}
+		if err := e.L2.ReservedRanges.CheckValid(); err != nil {
+			return errors.New("enum %q reserved ranges has %v", e.FullName(), err)
+		}
+		if len(ed.GetValue()) == 0 {
+			return errors.New("enum %q must contain at least one value declaration", e.FullName())
+		}
+		allowAlias := ed.GetOptions().GetAllowAlias()
+		foundAlias := false
+		for i := 0; i < e.Values().Len(); i++ {
+			v1 := e.Values().Get(i)
+			if v2 := e.Values().ByNumber(v1.Number()); v1 != v2 {
+				foundAlias = true
+				if !allowAlias {
+					return errors.New("enum %q has conflicting non-aliased values on number %d: %q with %q", e.FullName(), v1.Number(), v1.Name(), v2.Name())
+				}
+			}
+		}
+		if allowAlias && !foundAlias {
+			return errors.New("enum %q allows aliases, but none were found", e.FullName())
+		}
+		if e.Syntax() == protoreflect.Proto3 {
+			if v := e.Values().Get(0); v.Number() != 0 {
+				return errors.New("enum %q using proto3 semantics must have zero number for the first value", v.FullName())
+			}
+			// Verify that value names in proto3 do not conflict if the
+			// case-insensitive prefix is removed.
+			// See protoc v3.8.0: src/google/protobuf/descriptor.cc:4991-5055
+			names := map[string]protoreflect.EnumValueDescriptor{}
+			prefix := strings.Replace(strings.ToLower(string(e.Name())), "_", "", -1)
+			for i := 0; i < e.Values().Len(); i++ {
+				v1 := e.Values().Get(i)
+				s := strs.EnumValueName(strs.TrimEnumPrefix(string(v1.Name()), prefix))
+				if v2, ok := names[s]; ok && v1.Number() != v2.Number() {
+					return errors.New("enum %q using proto3 semantics has conflict: %q with %q", e.FullName(), v1.Name(), v2.Name())
+				}
+				names[s] = v1
+			}
+		}
+
+		for j, vd := range ed.GetValue() {
+			v := &e.L2.Values.List[j]
+			if vd.Number == nil {
+				return errors.New("enum value %q must have a specified number", v.FullName())
+			}
+			if e.L2.ReservedNames.Has(v.Name()) {
+				return errors.New("enum value %q must not use reserved name", v.FullName())
+			}
+			if e.L2.ReservedRanges.Has(v.Number()) {
+				return errors.New("enum value %q must not use reserved number %d", v.FullName(), v.Number())
+			}
+		}
+	}
+	return nil
+}
+
+func validateMessageDeclarations(ms []filedesc.Message, mds []*descriptorpb.DescriptorProto) error {
+	for i, md := range mds {
+		m := &ms[i]
+
+		// Handle the message descriptor itself.
+		isMessageSet := md.GetOptions().GetMessageSetWireFormat()
+		if err := m.L2.ReservedNames.CheckValid(); err != nil {
+			return errors.New("message %q reserved names has %v", m.FullName(), err)
+		}
+		if err := m.L2.ReservedRanges.CheckValid(isMessageSet); err != nil {
+			return errors.New("message %q reserved ranges has %v", m.FullName(), err)
+		}
+		if err := m.L2.ExtensionRanges.CheckValid(isMessageSet); err != nil {
+			return errors.New("message %q extension ranges has %v", m.FullName(), err)
+		}
+		if err := (*filedesc.FieldRanges).CheckOverlap(&m.L2.ReservedRanges, &m.L2.ExtensionRanges); err != nil {
+			return errors.New("message %q reserved and extension ranges has %v", m.FullName(), err)
+		}
+		for i := 0; i < m.Fields().Len(); i++ {
+			f1 := m.Fields().Get(i)
+			if f2 := m.Fields().ByNumber(f1.Number()); f1 != f2 {
+				return errors.New("message %q has conflicting fields: %q with %q", m.FullName(), f1.Name(), f2.Name())
+			}
+		}
+		if isMessageSet && !flags.ProtoLegacy {
+			return errors.New("message %q is a MessageSet, which is a legacy proto1 feature that is no longer supported", m.FullName())
+		}
+		if isMessageSet && (m.Syntax() != protoreflect.Proto2 || m.Fields().Len() > 0 || m.ExtensionRanges().Len() == 0) {
+			return errors.New("message %q is an invalid proto1 MessageSet", m.FullName())
+		}
+		if m.Syntax() == protoreflect.Proto3 {
+			if m.ExtensionRanges().Len() > 0 {
+				return errors.New("message %q using proto3 semantics cannot have extension ranges", m.FullName())
+			}
+			// Verify that field names in proto3 do not conflict if lowercased
+			// with all underscores removed.
+			// See protoc v3.8.0: src/google/protobuf/descriptor.cc:5830-5847
+			names := map[string]protoreflect.FieldDescriptor{}
+			for i := 0; i < m.Fields().Len(); i++ {
+				f1 := m.Fields().Get(i)
+				s := strings.Replace(strings.ToLower(string(f1.Name())), "_", "", -1)
+				if f2, ok := names[s]; ok {
+					return errors.New("message %q using proto3 semantics has conflict: %q with %q", m.FullName(), f1.Name(), f2.Name())
+				}
+				names[s] = f1
+			}
+		}
+
+		for j, fd := range md.GetField() {
+			f := &m.L2.Fields.List[j]
+			if m.L2.ReservedNames.Has(f.Name()) {
+				return errors.New("message field %q must not use reserved name", f.FullName())
+			}
+			if !f.Number().IsValid() {
+				return errors.New("message field %q has an invalid number: %d", f.FullName(), f.Number())
+			}
+			if !f.Cardinality().IsValid() {
+				return errors.New("message field %q has an invalid cardinality: %d", f.FullName(), f.Cardinality())
+			}
+			if m.L2.ReservedRanges.Has(f.Number()) {
+				return errors.New("message field %q must not use reserved number %d", f.FullName(), f.Number())
+			}
+			if m.L2.ExtensionRanges.Has(f.Number()) {
+				return errors.New("message field %q with number %d in extension range", f.FullName(), f.Number())
+			}
+			if fd.Extendee != nil {
+				return errors.New("message field %q may not have extendee: %q", f.FullName(), fd.GetExtendee())
+			}
+			if f.L1.IsProto3Optional {
+				if f.Syntax() != protoreflect.Proto3 {
+					return errors.New("message field %q under proto3 optional semantics must be specified in the proto3 syntax", f.FullName())
+				}
+				if f.Cardinality() != protoreflect.Optional {
+					return errors.New("message field %q under proto3 optional semantics must have optional cardinality", f.FullName())
+				}
+				if f.ContainingOneof() != nil && f.ContainingOneof().Fields().Len() != 1 {
+					return errors.New("message field %q under proto3 optional semantics must be within a single element oneof", f.FullName())
+				}
+			}
+			if f.IsWeak() && !flags.ProtoLegacy {
+				return errors.New("message field %q is a weak field, which is a legacy proto1 feature that is no longer supported", f.FullName())
+			}
+			if f.IsWeak() && (f.Syntax() != protoreflect.Proto2 || !isOptionalMessage(f) || f.ContainingOneof() != nil) {
+				return errors.New("message field %q may only be weak for an optional message", f.FullName())
+			}
+			if f.IsPacked() && !isPackable(f) {
+				return errors.New("message field %q is not packable", f.FullName())
+			}
+			if err := checkValidGroup(f); err != nil {
+				return errors.New("message field %q is an invalid group: %v", f.FullName(), err)
+			}
+			if err := checkValidMap(f); err != nil {
+				return errors.New("message field %q is an invalid map: %v", f.FullName(), err)
+			}
+			if f.Syntax() == protoreflect.Proto3 {
+				if f.Cardinality() == protoreflect.Required {
+					return errors.New("message field %q using proto3 semantics cannot be required", f.FullName())
+				}
+				if f.Enum() != nil && !f.Enum().IsPlaceholder() && f.Enum().Syntax() != protoreflect.Proto3 {
+					return errors.New("message field %q using proto3 semantics may only depend on a proto3 enum", f.FullName())
+				}
+			}
+		}
+		seenSynthetic := false // synthetic oneofs for proto3 optional must come after real oneofs
+		for j := range md.GetOneofDecl() {
+			o := &m.L2.Oneofs.List[j]
+			if o.Fields().Len() == 0 {
+				return errors.New("message oneof %q must contain at least one field declaration", o.FullName())
+			}
+			if n := o.Fields().Len(); n-1 != (o.Fields().Get(n-1).Index() - o.Fields().Get(0).Index()) {
+				return errors.New("message oneof %q must have consecutively declared fields", o.FullName())
+			}
+
+			if o.IsSynthetic() {
+				seenSynthetic = true
+				continue
+			}
+			if !o.IsSynthetic() && seenSynthetic {
+				return errors.New("message oneof %q must be declared before synthetic oneofs", o.FullName())
+			}
+
+			for i := 0; i < o.Fields().Len(); i++ {
+				f := o.Fields().Get(i)
+				if f.Cardinality() != protoreflect.Optional {
+					return errors.New("message field %q belongs in a oneof and must be optional", f.FullName())
+				}
+				if f.IsWeak() {
+					return errors.New("message field %q belongs in a oneof and must not be a weak reference", f.FullName())
+				}
+			}
+		}
+
+		if err := validateEnumDeclarations(m.L1.Enums.List, md.GetEnumType()); err != nil {
+			return err
+		}
+		if err := validateMessageDeclarations(m.L1.Messages.List, md.GetNestedType()); err != nil {
+			return err
+		}
+		if err := validateExtensionDeclarations(m.L1.Extensions.List, md.GetExtension()); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func validateExtensionDeclarations(xs []filedesc.Extension, xds []*descriptorpb.FieldDescriptorProto) error {
+	for i, xd := range xds {
+		x := &xs[i]
+		// NOTE: Avoid using the IsValid method since extensions to MessageSet
+		// may have a field number higher than normal. This check only verifies
+		// that the number is not negative or reserved. We check again later
+		// if we know that the extendee is definitely not a MessageSet.
+		if n := x.Number(); n < 0 || (protowire.FirstReservedNumber <= n && n <= protowire.LastReservedNumber) {
+			return errors.New("extension field %q has an invalid number: %d", x.FullName(), x.Number())
+		}
+		if !x.Cardinality().IsValid() || x.Cardinality() == protoreflect.Required {
+			return errors.New("extension field %q has an invalid cardinality: %d", x.FullName(), x.Cardinality())
+		}
+		if xd.JsonName != nil {
+			// A bug in older versions of protoc would always populate the
+			// "json_name" option for extensions when it is meaningless.
+			// When it did so, it would always use the camel-cased field name.
+			if xd.GetJsonName() != strs.JSONCamelCase(string(x.Name())) {
+				return errors.New("extension field %q may not have an explicitly set JSON name: %q", x.FullName(), xd.GetJsonName())
+			}
+		}
+		if xd.OneofIndex != nil {
+			return errors.New("extension field %q may not be part of a oneof", x.FullName())
+		}
+		if md := x.ContainingMessage(); !md.IsPlaceholder() {
+			if !md.ExtensionRanges().Has(x.Number()) {
+				return errors.New("extension field %q extends %q with non-extension field number: %d", x.FullName(), md.FullName(), x.Number())
+			}
+			isMessageSet := md.Options().(*descriptorpb.MessageOptions).GetMessageSetWireFormat()
+			if isMessageSet && !isOptionalMessage(x) {
+				return errors.New("extension field %q extends MessageSet and must be an optional message", x.FullName())
+			}
+			if !isMessageSet && !x.Number().IsValid() {
+				return errors.New("extension field %q has an invalid number: %d", x.FullName(), x.Number())
+			}
+		}
+		if xd.GetOptions().GetWeak() {
+			return errors.New("extension field %q cannot be a weak reference", x.FullName())
+		}
+		if x.IsPacked() && !isPackable(x) {
+			return errors.New("extension field %q is not packable", x.FullName())
+		}
+		if err := checkValidGroup(x); err != nil {
+			return errors.New("extension field %q is an invalid group: %v", x.FullName(), err)
+		}
+		if md := x.Message(); md != nil && md.IsMapEntry() {
+			return errors.New("extension field %q cannot be a map entry", x.FullName())
+		}
+		if x.Syntax() == protoreflect.Proto3 {
+			switch x.ContainingMessage().FullName() {
+			case (*descriptorpb.FileOptions)(nil).ProtoReflect().Descriptor().FullName():
+			case (*descriptorpb.EnumOptions)(nil).ProtoReflect().Descriptor().FullName():
+			case (*descriptorpb.EnumValueOptions)(nil).ProtoReflect().Descriptor().FullName():
+			case (*descriptorpb.MessageOptions)(nil).ProtoReflect().Descriptor().FullName():
+			case (*descriptorpb.FieldOptions)(nil).ProtoReflect().Descriptor().FullName():
+			case (*descriptorpb.OneofOptions)(nil).ProtoReflect().Descriptor().FullName():
+			case (*descriptorpb.ExtensionRangeOptions)(nil).ProtoReflect().Descriptor().FullName():
+			case (*descriptorpb.ServiceOptions)(nil).ProtoReflect().Descriptor().FullName():
+			case (*descriptorpb.MethodOptions)(nil).ProtoReflect().Descriptor().FullName():
+			default:
+				return errors.New("extension field %q cannot be declared in proto3 unless extended descriptor options", x.FullName())
+			}
+		}
+	}
+	return nil
+}
+
+// isOptionalMessage reports whether this is an optional message.
+// If the kind is unknown, it is assumed to be a message.
+func isOptionalMessage(fd protoreflect.FieldDescriptor) bool {
+	return (fd.Kind() == 0 || fd.Kind() == protoreflect.MessageKind) && fd.Cardinality() == protoreflect.Optional
+}
+
+// isPackable checks whether the pack option can be specified.
+func isPackable(fd protoreflect.FieldDescriptor) bool {
+	switch fd.Kind() {
+	case protoreflect.StringKind, protoreflect.BytesKind, protoreflect.MessageKind, protoreflect.GroupKind:
+		return false
+	}
+	return fd.IsList()
+}
+
+// checkValidGroup reports whether fd is a valid group according to the same
+// rules that protoc imposes.
+func checkValidGroup(fd protoreflect.FieldDescriptor) error {
+	md := fd.Message()
+	switch {
+	case fd.Kind() != protoreflect.GroupKind:
+		return nil
+	case fd.Syntax() != protoreflect.Proto2:
+		return errors.New("invalid under proto2 semantics")
+	case md == nil || md.IsPlaceholder():
+		return errors.New("message must be resolvable")
+	case fd.FullName().Parent() != md.FullName().Parent():
+		return errors.New("message and field must be declared in the same scope")
+	case !unicode.IsUpper(rune(md.Name()[0])):
+		return errors.New("message name must start with an uppercase")
+	case fd.Name() != protoreflect.Name(strings.ToLower(string(md.Name()))):
+		return errors.New("field name must be lowercased form of the message name")
+	}
+	return nil
+}
+
+// checkValidMap checks whether the field is a valid map according to the same
+// rules that protoc imposes.
+// See protoc v3.8.0: src/google/protobuf/descriptor.cc:6045-6115
+func checkValidMap(fd protoreflect.FieldDescriptor) error {
+	md := fd.Message()
+	switch {
+	case md == nil || !md.IsMapEntry():
+		return nil
+	case fd.FullName().Parent() != md.FullName().Parent():
+		return errors.New("message and field must be declared in the same scope")
+	case md.Name() != protoreflect.Name(strs.MapEntryName(string(fd.Name()))):
+		return errors.New("incorrect implicit map entry name")
+	case fd.Cardinality() != protoreflect.Repeated:
+		return errors.New("field must be repeated")
+	case md.Fields().Len() != 2:
+		return errors.New("message must have exactly two fields")
+	case md.ExtensionRanges().Len() > 0:
+		return errors.New("message must not have any extension ranges")
+	case md.Enums().Len()+md.Messages().Len()+md.Extensions().Len() > 0:
+		return errors.New("message must not have any nested declarations")
+	}
+	kf := md.Fields().Get(0)
+	vf := md.Fields().Get(1)
+	switch {
+	case kf.Name() != genid.MapEntry_Key_field_name || kf.Number() != genid.MapEntry_Key_field_number || kf.Cardinality() != protoreflect.Optional || kf.ContainingOneof() != nil || kf.HasDefault():
+		return errors.New("invalid key field")
+	case vf.Name() != genid.MapEntry_Value_field_name || vf.Number() != genid.MapEntry_Value_field_number || vf.Cardinality() != protoreflect.Optional || vf.ContainingOneof() != nil || vf.HasDefault():
+		return errors.New("invalid value field")
+	}
+	switch kf.Kind() {
+	case protoreflect.BoolKind: // bool
+	case protoreflect.Int32Kind, protoreflect.Sint32Kind, protoreflect.Sfixed32Kind: // int32
+	case protoreflect.Int64Kind, protoreflect.Sint64Kind, protoreflect.Sfixed64Kind: // int64
+	case protoreflect.Uint32Kind, protoreflect.Fixed32Kind: // uint32
+	case protoreflect.Uint64Kind, protoreflect.Fixed64Kind: // uint64
+	case protoreflect.StringKind: // string
+	default:
+		return errors.New("invalid key kind: %v", kf.Kind())
+	}
+	if e := vf.Enum(); e != nil && e.Values().Len() > 0 && e.Values().Get(0).Number() != 0 {
+		return errors.New("map enum value must have zero number for the first value")
+	}
+	return nil
+}
diff --git a/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go b/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go
new file mode 100644
index 000000000..a7c5ceffc
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go
@@ -0,0 +1,252 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package protodesc
+
+import (
+	"fmt"
+	"strings"
+
+	"google.golang.org/protobuf/internal/encoding/defval"
+	"google.golang.org/protobuf/internal/strs"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/reflect/protoreflect"
+
+	"google.golang.org/protobuf/types/descriptorpb"
+)
+
+// ToFileDescriptorProto copies a protoreflect.FileDescriptor into a
+// google.protobuf.FileDescriptorProto message.
+func ToFileDescriptorProto(file protoreflect.FileDescriptor) *descriptorpb.FileDescriptorProto {
+	p := &descriptorpb.FileDescriptorProto{
+		Name:    proto.String(file.Path()),
+		Options: proto.Clone(file.Options()).(*descriptorpb.FileOptions),
+	}
+	if file.Package() != "" {
+		p.Package = proto.String(string(file.Package()))
+	}
+	for i, imports := 0, file.Imports(); i < imports.Len(); i++ {
+		imp := imports.Get(i)
+		p.Dependency = append(p.Dependency, imp.Path())
+		if imp.IsPublic {
+			p.PublicDependency = append(p.PublicDependency, int32(i))
+		}
+		if imp.IsWeak {
+			p.WeakDependency = append(p.WeakDependency, int32(i))
+		}
+	}
+	for i, locs := 0, file.SourceLocations(); i < locs.Len(); i++ {
+		loc := locs.Get(i)
+		l := &descriptorpb.SourceCodeInfo_Location{}
+		l.Path = append(l.Path, loc.Path...)
+		if loc.StartLine == loc.EndLine {
+			l.Span = []int32{int32(loc.StartLine), int32(loc.StartColumn), int32(loc.EndColumn)}
+		} else {
+			l.Span = []int32{int32(loc.StartLine), int32(loc.StartColumn), int32(loc.EndLine), int32(loc.EndColumn)}
+		}
+		l.LeadingDetachedComments = append([]string(nil), loc.LeadingDetachedComments...)
+		if loc.LeadingComments != "" {
+			l.LeadingComments = proto.String(loc.LeadingComments)
+		}
+		if loc.TrailingComments != "" {
+			l.TrailingComments = proto.String(loc.TrailingComments)
+		}
+		if p.SourceCodeInfo == nil {
+			p.SourceCodeInfo = &descriptorpb.SourceCodeInfo{}
+		}
+		p.SourceCodeInfo.Location = append(p.SourceCodeInfo.Location, l)
+
+	}
+	for i, messages := 0, file.Messages(); i < messages.Len(); i++ {
+		p.MessageType = append(p.MessageType, ToDescriptorProto(messages.Get(i)))
+	}
+	for i, enums := 0, file.Enums(); i < enums.Len(); i++ {
+		p.EnumType = append(p.EnumType, ToEnumDescriptorProto(enums.Get(i)))
+	}
+	for i, services := 0, file.Services(); i < services.Len(); i++ {
+		p.Service = append(p.Service, ToServiceDescriptorProto(services.Get(i)))
+	}
+	for i, exts := 0, file.Extensions(); i < exts.Len(); i++ {
+		p.Extension = append(p.Extension, ToFieldDescriptorProto(exts.Get(i)))
+	}
+	if syntax := file.Syntax(); syntax != protoreflect.Proto2 {
+		p.Syntax = proto.String(file.Syntax().String())
+	}
+	return p
+}
+
+// ToDescriptorProto copies a protoreflect.MessageDescriptor into a
+// google.protobuf.DescriptorProto message.
+func ToDescriptorProto(message protoreflect.MessageDescriptor) *descriptorpb.DescriptorProto {
+	p := &descriptorpb.DescriptorProto{
+		Name:    proto.String(string(message.Name())),
+		Options: proto.Clone(message.Options()).(*descriptorpb.MessageOptions),
+	}
+	for i, fields := 0, message.Fields(); i < fields.Len(); i++ {
+		p.Field = append(p.Field, ToFieldDescriptorProto(fields.Get(i)))
+	}
+	for i, exts := 0, message.Extensions(); i < exts.Len(); i++ {
+		p.Extension = append(p.Extension, ToFieldDescriptorProto(exts.Get(i)))
+	}
+	for i, messages := 0, message.Messages(); i < messages.Len(); i++ {
+		p.NestedType = append(p.NestedType, ToDescriptorProto(messages.Get(i)))
+	}
+	for i, enums := 0, message.Enums(); i < enums.Len(); i++ {
+		p.EnumType = append(p.EnumType, ToEnumDescriptorProto(enums.Get(i)))
+	}
+	for i, xranges := 0, message.ExtensionRanges(); i < xranges.Len(); i++ {
+		xrange := xranges.Get(i)
+		p.ExtensionRange = append(p.ExtensionRange, &descriptorpb.DescriptorProto_ExtensionRange{
+			Start:   proto.Int32(int32(xrange[0])),
+			End:     proto.Int32(int32(xrange[1])),
+			Options: proto.Clone(message.ExtensionRangeOptions(i)).(*descriptorpb.ExtensionRangeOptions),
+		})
+	}
+	for i, oneofs := 0, message.Oneofs(); i < oneofs.Len(); i++ {
+		p.OneofDecl = append(p.OneofDecl, ToOneofDescriptorProto(oneofs.Get(i)))
+	}
+	for i, ranges := 0, message.ReservedRanges(); i < ranges.Len(); i++ {
+		rrange := ranges.Get(i)
+		p.ReservedRange = append(p.ReservedRange, &descriptorpb.DescriptorProto_ReservedRange{
+			Start: proto.Int32(int32(rrange[0])),
+			End:   proto.Int32(int32(rrange[1])),
+		})
+	}
+	for i, names := 0, message.ReservedNames(); i < names.Len(); i++ {
+		p.ReservedName = append(p.ReservedName, string(names.Get(i)))
+	}
+	return p
+}
+
+// ToFieldDescriptorProto copies a protoreflect.FieldDescriptor into a
+// google.protobuf.FieldDescriptorProto message.
+func ToFieldDescriptorProto(field protoreflect.FieldDescriptor) *descriptorpb.FieldDescriptorProto {
+	p := &descriptorpb.FieldDescriptorProto{
+		Name:    proto.String(string(field.Name())),
+		Number:  proto.Int32(int32(field.Number())),
+		Label:   descriptorpb.FieldDescriptorProto_Label(field.Cardinality()).Enum(),
+		Options: proto.Clone(field.Options()).(*descriptorpb.FieldOptions),
+	}
+	if field.IsExtension() {
+		p.Extendee = fullNameOf(field.ContainingMessage())
+	}
+	if field.Kind().IsValid() {
+		p.Type = descriptorpb.FieldDescriptorProto_Type(field.Kind()).Enum()
+	}
+	if field.Enum() != nil {
+		p.TypeName = fullNameOf(field.Enum())
+	}
+	if field.Message() != nil {
+		p.TypeName = fullNameOf(field.Message())
+	}
+	if field.HasJSONName() {
+		// A bug in older versions of protoc would always populate the
+		// "json_name" option for extensions when it is meaningless.
+		// When it did so, it would always use the camel-cased field name.
+		if field.IsExtension() {
+			p.JsonName = proto.String(strs.JSONCamelCase(string(field.Name())))
+		} else {
+			p.JsonName = proto.String(field.JSONName())
+		}
+	}
+	if field.Syntax() == protoreflect.Proto3 && field.HasOptionalKeyword() {
+		p.Proto3Optional = proto.Bool(true)
+	}
+	if field.HasDefault() {
+		def, err := defval.Marshal(field.Default(), field.DefaultEnumValue(), field.Kind(), defval.Descriptor)
+		if err != nil && field.DefaultEnumValue() != nil {
+			def = string(field.DefaultEnumValue().Name()) // occurs for unresolved enum values
+		} else if err != nil {
+			panic(fmt.Sprintf("%v: %v", field.FullName(), err))
+		}
+		p.DefaultValue = proto.String(def)
+	}
+	if oneof := field.ContainingOneof(); oneof != nil {
+		p.OneofIndex = proto.Int32(int32(oneof.Index()))
+	}
+	return p
+}
+
+// ToOneofDescriptorProto copies a protoreflect.OneofDescriptor into a
+// google.protobuf.OneofDescriptorProto message.
+func ToOneofDescriptorProto(oneof protoreflect.OneofDescriptor) *descriptorpb.OneofDescriptorProto {
+	return &descriptorpb.OneofDescriptorProto{
+		Name:    proto.String(string(oneof.Name())),
+		Options: proto.Clone(oneof.Options()).(*descriptorpb.OneofOptions),
+	}
+}
+
+// ToEnumDescriptorProto copies a protoreflect.EnumDescriptor into a
+// google.protobuf.EnumDescriptorProto message.
+func ToEnumDescriptorProto(enum protoreflect.EnumDescriptor) *descriptorpb.EnumDescriptorProto {
+	p := &descriptorpb.EnumDescriptorProto{
+		Name:    proto.String(string(enum.Name())),
+		Options: proto.Clone(enum.Options()).(*descriptorpb.EnumOptions),
+	}
+	for i, values := 0, enum.Values(); i < values.Len(); i++ {
+		p.Value = append(p.Value, ToEnumValueDescriptorProto(values.Get(i)))
+	}
+	for i, ranges := 0, enum.ReservedRanges(); i < ranges.Len(); i++ {
+		rrange := ranges.Get(i)
+		p.ReservedRange = append(p.ReservedRange, &descriptorpb.EnumDescriptorProto_EnumReservedRange{
+			Start: proto.Int32(int32(rrange[0])),
+			End:   proto.Int32(int32(rrange[1])),
+		})
+	}
+	for i, names := 0, enum.ReservedNames(); i < names.Len(); i++ {
+		p.ReservedName = append(p.ReservedName, string(names.Get(i)))
+	}
+	return p
+}
+
+// ToEnumValueDescriptorProto copies a protoreflect.EnumValueDescriptor into a
+// google.protobuf.EnumValueDescriptorProto message.
+func ToEnumValueDescriptorProto(value protoreflect.EnumValueDescriptor) *descriptorpb.EnumValueDescriptorProto {
+	return &descriptorpb.EnumValueDescriptorProto{
+		Name:    proto.String(string(value.Name())),
+		Number:  proto.Int32(int32(value.Number())),
+		Options: proto.Clone(value.Options()).(*descriptorpb.EnumValueOptions),
+	}
+}
+
+// ToServiceDescriptorProto copies a protoreflect.ServiceDescriptor into a
+// google.protobuf.ServiceDescriptorProto message.
+func ToServiceDescriptorProto(service protoreflect.ServiceDescriptor) *descriptorpb.ServiceDescriptorProto {
+	p := &descriptorpb.ServiceDescriptorProto{
+		Name:    proto.String(string(service.Name())),
+		Options: proto.Clone(service.Options()).(*descriptorpb.ServiceOptions),
+	}
+	for i, methods := 0, service.Methods(); i < methods.Len(); i++ {
+		p.Method = append(p.Method, ToMethodDescriptorProto(methods.Get(i)))
+	}
+	return p
+}
+
+// ToMethodDescriptorProto copies a protoreflect.MethodDescriptor into a
+// google.protobuf.MethodDescriptorProto message.
+func ToMethodDescriptorProto(method protoreflect.MethodDescriptor) *descriptorpb.MethodDescriptorProto {
+	p := &descriptorpb.MethodDescriptorProto{
+		Name:       proto.String(string(method.Name())),
+		InputType:  fullNameOf(method.Input()),
+		OutputType: fullNameOf(method.Output()),
+		Options:    proto.Clone(method.Options()).(*descriptorpb.MethodOptions),
+	}
+	if method.IsStreamingClient() {
+		p.ClientStreaming = proto.Bool(true)
+	}
+	if method.IsStreamingServer() {
+		p.ServerStreaming = proto.Bool(true)
+	}
+	return p
+}
+
+func fullNameOf(d protoreflect.Descriptor) *string {
+	if d == nil {
+		return nil
+	}
+	if strings.HasPrefix(string(d.FullName()), unknownPrefix) {
+		return proto.String(string(d.FullName()[len(unknownPrefix):]))
+	}
+	return proto.String("." + string(d.FullName()))
+}
diff --git a/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
new file mode 100644
index 000000000..abe4ab511
--- /dev/null
+++ b/vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go
@@ -0,0 +1,3957 @@
+// Protocol Buffers - Google's data interchange format
+// Copyright 2008 Google Inc.  All rights reserved.
+// https://developers.google.com/protocol-buffers/
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//     * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+// Author: kenton@google.com (Kenton Varda)
+//  Based on original Protocol Buffers design by
+//  Sanjay Ghemawat, Jeff Dean, and others.
+//
+// The messages in this file describe the definitions found in .proto files.
+// A valid .proto file can be translated directly to a FileDescriptorProto
+// without any other information (e.g. without reading its imports).
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: google/protobuf/descriptor.proto
+
+package descriptorpb
+
+import (
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	reflect "reflect"
+	sync "sync"
+)
+
+type FieldDescriptorProto_Type int32
+
+const (
+	// 0 is reserved for errors.
+	// Order is weird for historical reasons.
+	FieldDescriptorProto_TYPE_DOUBLE FieldDescriptorProto_Type = 1
+	FieldDescriptorProto_TYPE_FLOAT  FieldDescriptorProto_Type = 2
+	// Not ZigZag encoded.  Negative numbers take 10 bytes.  Use TYPE_SINT64 if
+	// negative values are likely.
+	FieldDescriptorProto_TYPE_INT64  FieldDescriptorProto_Type = 3
+	FieldDescriptorProto_TYPE_UINT64 FieldDescriptorProto_Type = 4
+	// Not ZigZag encoded.  Negative numbers take 10 bytes.  Use TYPE_SINT32 if
+	// negative values are likely.
+	FieldDescriptorProto_TYPE_INT32   FieldDescriptorProto_Type = 5
+	FieldDescriptorProto_TYPE_FIXED64 FieldDescriptorProto_Type = 6
+	FieldDescriptorProto_TYPE_FIXED32 FieldDescriptorProto_Type = 7
+	FieldDescriptorProto_TYPE_BOOL    FieldDescriptorProto_Type = 8
+	FieldDescriptorProto_TYPE_STRING  FieldDescriptorProto_Type = 9
+	// Tag-delimited aggregate.
+	// Group type is deprecated and not supported in proto3. However, Proto3
+	// implementations should still be able to parse the group wire format and
+	// treat group fields as unknown fields.
+	FieldDescriptorProto_TYPE_GROUP   FieldDescriptorProto_Type = 10
+	FieldDescriptorProto_TYPE_MESSAGE FieldDescriptorProto_Type = 11 // Length-delimited aggregate.
+	// New in version 2.
+	FieldDescriptorProto_TYPE_BYTES    FieldDescriptorProto_Type = 12
+	FieldDescriptorProto_TYPE_UINT32   FieldDescriptorProto_Type = 13
+	FieldDescriptorProto_TYPE_ENUM     FieldDescriptorProto_Type = 14
+	FieldDescriptorProto_TYPE_SFIXED32 FieldDescriptorProto_Type = 15
+	FieldDescriptorProto_TYPE_SFIXED64 FieldDescriptorProto_Type = 16
+	FieldDescriptorProto_TYPE_SINT32   FieldDescriptorProto_Type = 17 // Uses ZigZag encoding.
+	FieldDescriptorProto_TYPE_SINT64   FieldDescriptorProto_Type = 18 // Uses ZigZag encoding.
+)
+
+// Enum value maps for FieldDescriptorProto_Type.
+var (
+	FieldDescriptorProto_Type_name = map[int32]string{
+		1:  "TYPE_DOUBLE",
+		2:  "TYPE_FLOAT",
+		3:  "TYPE_INT64",
+		4:  "TYPE_UINT64",
+		5:  "TYPE_INT32",
+		6:  "TYPE_FIXED64",
+		7:  "TYPE_FIXED32",
+		8:  "TYPE_BOOL",
+		9:  "TYPE_STRING",
+		10: "TYPE_GROUP",
+		11: "TYPE_MESSAGE",
+		12: "TYPE_BYTES",
+		13: "TYPE_UINT32",
+		14: "TYPE_ENUM",
+		15: "TYPE_SFIXED32",
+		16: "TYPE_SFIXED64",
+		17: "TYPE_SINT32",
+		18: "TYPE_SINT64",
+	}
+	FieldDescriptorProto_Type_value = map[string]int32{
+		"TYPE_DOUBLE":   1,
+		"TYPE_FLOAT":    2,
+		"TYPE_INT64":    3,
+		"TYPE_UINT64":   4,
+		"TYPE_INT32":    5,
+		"TYPE_FIXED64":  6,
+		"TYPE_FIXED32":  7,
+		"TYPE_BOOL":     8,
+		"TYPE_STRING":   9,
+		"TYPE_GROUP":    10,
+		"TYPE_MESSAGE":  11,
+		"TYPE_BYTES":    12,
+		"TYPE_UINT32":   13,
+		"TYPE_ENUM":     14,
+		"TYPE_SFIXED32": 15,
+		"TYPE_SFIXED64": 16,
+		"TYPE_SINT32":   17,
+		"TYPE_SINT64":   18,
+	}
+)
+
+func (x FieldDescriptorProto_Type) Enum() *FieldDescriptorProto_Type {
+	p := new(FieldDescriptorProto_Type)
+	*p = x
+	return p
+}
+
+func (x FieldDescriptorProto_Type) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (FieldDescriptorProto_Type) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[0].Descriptor()
+}
+
+func (FieldDescriptorProto_Type) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[0]
+}
+
+func (x FieldDescriptorProto_Type) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *FieldDescriptorProto_Type) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = FieldDescriptorProto_Type(num)
+	return nil
+}
+
+// Deprecated: Use FieldDescriptorProto_Type.Descriptor instead.
+func (FieldDescriptorProto_Type) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{4, 0}
+}
+
+type FieldDescriptorProto_Label int32
+
+const (
+	// 0 is reserved for errors
+	FieldDescriptorProto_LABEL_OPTIONAL FieldDescriptorProto_Label = 1
+	FieldDescriptorProto_LABEL_REQUIRED FieldDescriptorProto_Label = 2
+	FieldDescriptorProto_LABEL_REPEATED FieldDescriptorProto_Label = 3
+)
+
+// Enum value maps for FieldDescriptorProto_Label.
+var (
+	FieldDescriptorProto_Label_name = map[int32]string{
+		1: "LABEL_OPTIONAL",
+		2: "LABEL_REQUIRED",
+		3: "LABEL_REPEATED",
+	}
+	FieldDescriptorProto_Label_value = map[string]int32{
+		"LABEL_OPTIONAL": 1,
+		"LABEL_REQUIRED": 2,
+		"LABEL_REPEATED": 3,
+	}
+)
+
+func (x FieldDescriptorProto_Label) Enum() *FieldDescriptorProto_Label {
+	p := new(FieldDescriptorProto_Label)
+	*p = x
+	return p
+}
+
+func (x FieldDescriptorProto_Label) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (FieldDescriptorProto_Label) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[1].Descriptor()
+}
+
+func (FieldDescriptorProto_Label) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[1]
+}
+
+func (x FieldDescriptorProto_Label) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *FieldDescriptorProto_Label) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = FieldDescriptorProto_Label(num)
+	return nil
+}
+
+// Deprecated: Use FieldDescriptorProto_Label.Descriptor instead.
+func (FieldDescriptorProto_Label) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{4, 1}
+}
+
+// Generated classes can be optimized for speed or code size.
+type FileOptions_OptimizeMode int32
+
+const (
+	FileOptions_SPEED FileOptions_OptimizeMode = 1 // Generate complete code for parsing, serialization,
+	// etc.
+	FileOptions_CODE_SIZE    FileOptions_OptimizeMode = 2 // Use ReflectionOps to implement these methods.
+	FileOptions_LITE_RUNTIME FileOptions_OptimizeMode = 3 // Generate code using MessageLite and the lite runtime.
+)
+
+// Enum value maps for FileOptions_OptimizeMode.
+var (
+	FileOptions_OptimizeMode_name = map[int32]string{
+		1: "SPEED",
+		2: "CODE_SIZE",
+		3: "LITE_RUNTIME",
+	}
+	FileOptions_OptimizeMode_value = map[string]int32{
+		"SPEED":        1,
+		"CODE_SIZE":    2,
+		"LITE_RUNTIME": 3,
+	}
+)
+
+func (x FileOptions_OptimizeMode) Enum() *FileOptions_OptimizeMode {
+	p := new(FileOptions_OptimizeMode)
+	*p = x
+	return p
+}
+
+func (x FileOptions_OptimizeMode) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (FileOptions_OptimizeMode) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[2].Descriptor()
+}
+
+func (FileOptions_OptimizeMode) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[2]
+}
+
+func (x FileOptions_OptimizeMode) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *FileOptions_OptimizeMode) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = FileOptions_OptimizeMode(num)
+	return nil
+}
+
+// Deprecated: Use FileOptions_OptimizeMode.Descriptor instead.
+func (FileOptions_OptimizeMode) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{10, 0}
+}
+
+type FieldOptions_CType int32
+
+const (
+	// Default mode.
+	FieldOptions_STRING       FieldOptions_CType = 0
+	FieldOptions_CORD         FieldOptions_CType = 1
+	FieldOptions_STRING_PIECE FieldOptions_CType = 2
+)
+
+// Enum value maps for FieldOptions_CType.
+var (
+	FieldOptions_CType_name = map[int32]string{
+		0: "STRING",
+		1: "CORD",
+		2: "STRING_PIECE",
+	}
+	FieldOptions_CType_value = map[string]int32{
+		"STRING":       0,
+		"CORD":         1,
+		"STRING_PIECE": 2,
+	}
+)
+
+func (x FieldOptions_CType) Enum() *FieldOptions_CType {
+	p := new(FieldOptions_CType)
+	*p = x
+	return p
+}
+
+func (x FieldOptions_CType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (FieldOptions_CType) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[3].Descriptor()
+}
+
+func (FieldOptions_CType) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[3]
+}
+
+func (x FieldOptions_CType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *FieldOptions_CType) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = FieldOptions_CType(num)
+	return nil
+}
+
+// Deprecated: Use FieldOptions_CType.Descriptor instead.
+func (FieldOptions_CType) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12, 0}
+}
+
+type FieldOptions_JSType int32
+
+const (
+	// Use the default type.
+	FieldOptions_JS_NORMAL FieldOptions_JSType = 0
+	// Use JavaScript strings.
+	FieldOptions_JS_STRING FieldOptions_JSType = 1
+	// Use JavaScript numbers.
+	FieldOptions_JS_NUMBER FieldOptions_JSType = 2
+)
+
+// Enum value maps for FieldOptions_JSType.
+var (
+	FieldOptions_JSType_name = map[int32]string{
+		0: "JS_NORMAL",
+		1: "JS_STRING",
+		2: "JS_NUMBER",
+	}
+	FieldOptions_JSType_value = map[string]int32{
+		"JS_NORMAL": 0,
+		"JS_STRING": 1,
+		"JS_NUMBER": 2,
+	}
+)
+
+func (x FieldOptions_JSType) Enum() *FieldOptions_JSType {
+	p := new(FieldOptions_JSType)
+	*p = x
+	return p
+}
+
+func (x FieldOptions_JSType) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (FieldOptions_JSType) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[4].Descriptor()
+}
+
+func (FieldOptions_JSType) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[4]
+}
+
+func (x FieldOptions_JSType) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *FieldOptions_JSType) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = FieldOptions_JSType(num)
+	return nil
+}
+
+// Deprecated: Use FieldOptions_JSType.Descriptor instead.
+func (FieldOptions_JSType) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12, 1}
+}
+
+// Is this method side-effect-free (or safe in HTTP parlance), or idempotent,
+// or neither? HTTP based RPC implementation may choose GET verb for safe
+// methods, and PUT verb for idempotent methods instead of the default POST.
+type MethodOptions_IdempotencyLevel int32
+
+const (
+	MethodOptions_IDEMPOTENCY_UNKNOWN MethodOptions_IdempotencyLevel = 0
+	MethodOptions_NO_SIDE_EFFECTS     MethodOptions_IdempotencyLevel = 1 // implies idempotent
+	MethodOptions_IDEMPOTENT          MethodOptions_IdempotencyLevel = 2 // idempotent, but may have side effects
+)
+
+// Enum value maps for MethodOptions_IdempotencyLevel.
+var (
+	MethodOptions_IdempotencyLevel_name = map[int32]string{
+		0: "IDEMPOTENCY_UNKNOWN",
+		1: "NO_SIDE_EFFECTS",
+		2: "IDEMPOTENT",
+	}
+	MethodOptions_IdempotencyLevel_value = map[string]int32{
+		"IDEMPOTENCY_UNKNOWN": 0,
+		"NO_SIDE_EFFECTS":     1,
+		"IDEMPOTENT":          2,
+	}
+)
+
+func (x MethodOptions_IdempotencyLevel) Enum() *MethodOptions_IdempotencyLevel {
+	p := new(MethodOptions_IdempotencyLevel)
+	*p = x
+	return p
+}
+
+func (x MethodOptions_IdempotencyLevel) String() string {
+	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (MethodOptions_IdempotencyLevel) Descriptor() protoreflect.EnumDescriptor {
+	return file_google_protobuf_descriptor_proto_enumTypes[5].Descriptor()
+}
+
+func (MethodOptions_IdempotencyLevel) Type() protoreflect.EnumType {
+	return &file_google_protobuf_descriptor_proto_enumTypes[5]
+}
+
+func (x MethodOptions_IdempotencyLevel) Number() protoreflect.EnumNumber {
+	return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Do not use.
+func (x *MethodOptions_IdempotencyLevel) UnmarshalJSON(b []byte) error {
+	num, err := protoimpl.X.UnmarshalJSONEnum(x.Descriptor(), b)
+	if err != nil {
+		return err
+	}
+	*x = MethodOptions_IdempotencyLevel(num)
+	return nil
+}
+
+// Deprecated: Use MethodOptions_IdempotencyLevel.Descriptor instead.
+func (MethodOptions_IdempotencyLevel) EnumDescriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{17, 0}
+}
+
+// The protocol compiler can output a FileDescriptorSet containing the .proto
+// files it parses.
+type FileDescriptorSet struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	File []*FileDescriptorProto `protobuf:"bytes,1,rep,name=file" json:"file,omitempty"`
+}
+
+func (x *FileDescriptorSet) Reset() {
+	*x = FileDescriptorSet{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FileDescriptorSet) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FileDescriptorSet) ProtoMessage() {}
+
+func (x *FileDescriptorSet) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FileDescriptorSet.ProtoReflect.Descriptor instead.
+func (*FileDescriptorSet) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *FileDescriptorSet) GetFile() []*FileDescriptorProto {
+	if x != nil {
+		return x.File
+	}
+	return nil
+}
+
+// Describes a complete .proto file.
+type FileDescriptorProto struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name    *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`       // file name, relative to root of source tree
+	Package *string `protobuf:"bytes,2,opt,name=package" json:"package,omitempty"` // e.g. "foo", "foo.bar", etc.
+	// Names of files imported by this file.
+	Dependency []string `protobuf:"bytes,3,rep,name=dependency" json:"dependency,omitempty"`
+	// Indexes of the public imported files in the dependency list above.
+	PublicDependency []int32 `protobuf:"varint,10,rep,name=public_dependency,json=publicDependency" json:"public_dependency,omitempty"`
+	// Indexes of the weak imported files in the dependency list.
+	// For Google-internal migration only. Do not use.
+	WeakDependency []int32 `protobuf:"varint,11,rep,name=weak_dependency,json=weakDependency" json:"weak_dependency,omitempty"`
+	// All top-level definitions in this file.
+	MessageType []*DescriptorProto        `protobuf:"bytes,4,rep,name=message_type,json=messageType" json:"message_type,omitempty"`
+	EnumType    []*EnumDescriptorProto    `protobuf:"bytes,5,rep,name=enum_type,json=enumType" json:"enum_type,omitempty"`
+	Service     []*ServiceDescriptorProto `protobuf:"bytes,6,rep,name=service" json:"service,omitempty"`
+	Extension   []*FieldDescriptorProto   `protobuf:"bytes,7,rep,name=extension" json:"extension,omitempty"`
+	Options     *FileOptions              `protobuf:"bytes,8,opt,name=options" json:"options,omitempty"`
+	// This field contains optional information about the original source code.
+	// You may safely remove this entire field without harming runtime
+	// functionality of the descriptors -- the information is needed only by
+	// development tools.
+	SourceCodeInfo *SourceCodeInfo `protobuf:"bytes,9,opt,name=source_code_info,json=sourceCodeInfo" json:"source_code_info,omitempty"`
+	// The syntax of the proto file.
+	// The supported values are "proto2" and "proto3".
+	Syntax *string `protobuf:"bytes,12,opt,name=syntax" json:"syntax,omitempty"`
+}
+
+func (x *FileDescriptorProto) Reset() {
+	*x = FileDescriptorProto{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[1]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FileDescriptorProto) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FileDescriptorProto) ProtoMessage() {}
+
+func (x *FileDescriptorProto) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[1]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FileDescriptorProto.ProtoReflect.Descriptor instead.
+func (*FileDescriptorProto) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *FileDescriptorProto) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
+	}
+	return ""
+}
+
+func (x *FileDescriptorProto) GetPackage() string {
+	if x != nil && x.Package != nil {
+		return *x.Package
+	}
+	return ""
+}
+
+func (x *FileDescriptorProto) GetDependency() []string {
+	if x != nil {
+		return x.Dependency
+	}
+	return nil
+}
+
+func (x *FileDescriptorProto) GetPublicDependency() []int32 {
+	if x != nil {
+		return x.PublicDependency
+	}
+	return nil
+}
+
+func (x *FileDescriptorProto) GetWeakDependency() []int32 {
+	if x != nil {
+		return x.WeakDependency
+	}
+	return nil
+}
+
+func (x *FileDescriptorProto) GetMessageType() []*DescriptorProto {
+	if x != nil {
+		return x.MessageType
+	}
+	return nil
+}
+
+func (x *FileDescriptorProto) GetEnumType() []*EnumDescriptorProto {
+	if x != nil {
+		return x.EnumType
+	}
+	return nil
+}
+
+func (x *FileDescriptorProto) GetService() []*ServiceDescriptorProto {
+	if x != nil {
+		return x.Service
+	}
+	return nil
+}
+
+func (x *FileDescriptorProto) GetExtension() []*FieldDescriptorProto {
+	if x != nil {
+		return x.Extension
+	}
+	return nil
+}
+
+func (x *FileDescriptorProto) GetOptions() *FileOptions {
+	if x != nil {
+		return x.Options
+	}
+	return nil
+}
+
+func (x *FileDescriptorProto) GetSourceCodeInfo() *SourceCodeInfo {
+	if x != nil {
+		return x.SourceCodeInfo
+	}
+	return nil
+}
+
+func (x *FileDescriptorProto) GetSyntax() string {
+	if x != nil && x.Syntax != nil {
+		return *x.Syntax
+	}
+	return ""
+}
+
+// Describes a message type.
+type DescriptorProto struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name           *string                           `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Field          []*FieldDescriptorProto           `protobuf:"bytes,2,rep,name=field" json:"field,omitempty"`
+	Extension      []*FieldDescriptorProto           `protobuf:"bytes,6,rep,name=extension" json:"extension,omitempty"`
+	NestedType     []*DescriptorProto                `protobuf:"bytes,3,rep,name=nested_type,json=nestedType" json:"nested_type,omitempty"`
+	EnumType       []*EnumDescriptorProto            `protobuf:"bytes,4,rep,name=enum_type,json=enumType" json:"enum_type,omitempty"`
+	ExtensionRange []*DescriptorProto_ExtensionRange `protobuf:"bytes,5,rep,name=extension_range,json=extensionRange" json:"extension_range,omitempty"`
+	OneofDecl      []*OneofDescriptorProto           `protobuf:"bytes,8,rep,name=oneof_decl,json=oneofDecl" json:"oneof_decl,omitempty"`
+	Options        *MessageOptions                   `protobuf:"bytes,7,opt,name=options" json:"options,omitempty"`
+	ReservedRange  []*DescriptorProto_ReservedRange  `protobuf:"bytes,9,rep,name=reserved_range,json=reservedRange" json:"reserved_range,omitempty"`
+	// Reserved field names, which may not be used by fields in the same message.
+	// A given name may only be reserved once.
+	ReservedName []string `protobuf:"bytes,10,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"`
+}
+
+func (x *DescriptorProto) Reset() {
+	*x = DescriptorProto{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[2]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DescriptorProto) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DescriptorProto) ProtoMessage() {}
+
+func (x *DescriptorProto) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[2]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DescriptorProto.ProtoReflect.Descriptor instead.
+func (*DescriptorProto) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *DescriptorProto) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
+	}
+	return ""
+}
+
+func (x *DescriptorProto) GetField() []*FieldDescriptorProto {
+	if x != nil {
+		return x.Field
+	}
+	return nil
+}
+
+func (x *DescriptorProto) GetExtension() []*FieldDescriptorProto {
+	if x != nil {
+		return x.Extension
+	}
+	return nil
+}
+
+func (x *DescriptorProto) GetNestedType() []*DescriptorProto {
+	if x != nil {
+		return x.NestedType
+	}
+	return nil
+}
+
+func (x *DescriptorProto) GetEnumType() []*EnumDescriptorProto {
+	if x != nil {
+		return x.EnumType
+	}
+	return nil
+}
+
+func (x *DescriptorProto) GetExtensionRange() []*DescriptorProto_ExtensionRange {
+	if x != nil {
+		return x.ExtensionRange
+	}
+	return nil
+}
+
+func (x *DescriptorProto) GetOneofDecl() []*OneofDescriptorProto {
+	if x != nil {
+		return x.OneofDecl
+	}
+	return nil
+}
+
+func (x *DescriptorProto) GetOptions() *MessageOptions {
+	if x != nil {
+		return x.Options
+	}
+	return nil
+}
+
+func (x *DescriptorProto) GetReservedRange() []*DescriptorProto_ReservedRange {
+	if x != nil {
+		return x.ReservedRange
+	}
+	return nil
+}
+
+func (x *DescriptorProto) GetReservedName() []string {
+	if x != nil {
+		return x.ReservedName
+	}
+	return nil
+}
+
+type ExtensionRangeOptions struct {
+	state           protoimpl.MessageState
+	sizeCache       protoimpl.SizeCache
+	unknownFields   protoimpl.UnknownFields
+	extensionFields protoimpl.ExtensionFields
+
+	// The parser stores options it doesn't recognize here. See above.
+	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+}
+
+func (x *ExtensionRangeOptions) Reset() {
+	*x = ExtensionRangeOptions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[3]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ExtensionRangeOptions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ExtensionRangeOptions) ProtoMessage() {}
+
+func (x *ExtensionRangeOptions) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[3]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ExtensionRangeOptions.ProtoReflect.Descriptor instead.
+func (*ExtensionRangeOptions) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *ExtensionRangeOptions) GetUninterpretedOption() []*UninterpretedOption {
+	if x != nil {
+		return x.UninterpretedOption
+	}
+	return nil
+}
+
+// Describes a field within a message.
+type FieldDescriptorProto struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name   *string                     `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Number *int32                      `protobuf:"varint,3,opt,name=number" json:"number,omitempty"`
+	Label  *FieldDescriptorProto_Label `protobuf:"varint,4,opt,name=label,enum=google.protobuf.FieldDescriptorProto_Label" json:"label,omitempty"`
+	// If type_name is set, this need not be set.  If both this and type_name
+	// are set, this must be one of TYPE_ENUM, TYPE_MESSAGE or TYPE_GROUP.
+	Type *FieldDescriptorProto_Type `protobuf:"varint,5,opt,name=type,enum=google.protobuf.FieldDescriptorProto_Type" json:"type,omitempty"`
+	// For message and enum types, this is the name of the type.  If the name
+	// starts with a '.', it is fully-qualified.  Otherwise, C++-like scoping
+	// rules are used to find the type (i.e. first the nested types within this
+	// message are searched, then within the parent, on up to the root
+	// namespace).
+	TypeName *string `protobuf:"bytes,6,opt,name=type_name,json=typeName" json:"type_name,omitempty"`
+	// For extensions, this is the name of the type being extended.  It is
+	// resolved in the same manner as type_name.
+	Extendee *string `protobuf:"bytes,2,opt,name=extendee" json:"extendee,omitempty"`
+	// For numeric types, contains the original text representation of the value.
+	// For booleans, "true" or "false".
+	// For strings, contains the default text contents (not escaped in any way).
+	// For bytes, contains the C escaped value.  All bytes >= 128 are escaped.
+	// TODO(kenton):  Base-64 encode?
+	DefaultValue *string `protobuf:"bytes,7,opt,name=default_value,json=defaultValue" json:"default_value,omitempty"`
+	// If set, gives the index of a oneof in the containing type's oneof_decl
+	// list.  This field is a member of that oneof.
+	OneofIndex *int32 `protobuf:"varint,9,opt,name=oneof_index,json=oneofIndex" json:"oneof_index,omitempty"`
+	// JSON name of this field. The value is set by protocol compiler. If the
+	// user has set a "json_name" option on this field, that option's value
+	// will be used. Otherwise, it's deduced from the field's name by converting
+	// it to camelCase.
+	JsonName *string       `protobuf:"bytes,10,opt,name=json_name,json=jsonName" json:"json_name,omitempty"`
+	Options  *FieldOptions `protobuf:"bytes,8,opt,name=options" json:"options,omitempty"`
+	// If true, this is a proto3 "optional". When a proto3 field is optional, it
+	// tracks presence regardless of field type.
+	//
+	// When proto3_optional is true, this field must be belong to a oneof to
+	// signal to old proto3 clients that presence is tracked for this field. This
+	// oneof is known as a "synthetic" oneof, and this field must be its sole
+	// member (each proto3 optional field gets its own synthetic oneof). Synthetic
+	// oneofs exist in the descriptor only, and do not generate any API. Synthetic
+	// oneofs must be ordered after all "real" oneofs.
+	//
+	// For message fields, proto3_optional doesn't create any semantic change,
+	// since non-repeated message fields always track presence. However it still
+	// indicates the semantic detail of whether the user wrote "optional" or not.
+	// This can be useful for round-tripping the .proto file. For consistency we
+	// give message fields a synthetic oneof also, even though it is not required
+	// to track presence. This is especially important because the parser can't
+	// tell if a field is a message or an enum, so it must always create a
+	// synthetic oneof.
+	//
+	// Proto2 optional fields do not set this flag, because they already indicate
+	// optional with `LABEL_OPTIONAL`.
+	Proto3Optional *bool `protobuf:"varint,17,opt,name=proto3_optional,json=proto3Optional" json:"proto3_optional,omitempty"`
+}
+
+func (x *FieldDescriptorProto) Reset() {
+	*x = FieldDescriptorProto{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[4]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FieldDescriptorProto) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FieldDescriptorProto) ProtoMessage() {}
+
+func (x *FieldDescriptorProto) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[4]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FieldDescriptorProto.ProtoReflect.Descriptor instead.
+func (*FieldDescriptorProto) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *FieldDescriptorProto) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
+	}
+	return ""
+}
+
+func (x *FieldDescriptorProto) GetNumber() int32 {
+	if x != nil && x.Number != nil {
+		return *x.Number
+	}
+	return 0
+}
+
+func (x *FieldDescriptorProto) GetLabel() FieldDescriptorProto_Label {
+	if x != nil && x.Label != nil {
+		return *x.Label
+	}
+	return FieldDescriptorProto_LABEL_OPTIONAL
+}
+
+func (x *FieldDescriptorProto) GetType() FieldDescriptorProto_Type {
+	if x != nil && x.Type != nil {
+		return *x.Type
+	}
+	return FieldDescriptorProto_TYPE_DOUBLE
+}
+
+func (x *FieldDescriptorProto) GetTypeName() string {
+	if x != nil && x.TypeName != nil {
+		return *x.TypeName
+	}
+	return ""
+}
+
+func (x *FieldDescriptorProto) GetExtendee() string {
+	if x != nil && x.Extendee != nil {
+		return *x.Extendee
+	}
+	return ""
+}
+
+func (x *FieldDescriptorProto) GetDefaultValue() string {
+	if x != nil && x.DefaultValue != nil {
+		return *x.DefaultValue
+	}
+	return ""
+}
+
+func (x *FieldDescriptorProto) GetOneofIndex() int32 {
+	if x != nil && x.OneofIndex != nil {
+		return *x.OneofIndex
+	}
+	return 0
+}
+
+func (x *FieldDescriptorProto) GetJsonName() string {
+	if x != nil && x.JsonName != nil {
+		return *x.JsonName
+	}
+	return ""
+}
+
+func (x *FieldDescriptorProto) GetOptions() *FieldOptions {
+	if x != nil {
+		return x.Options
+	}
+	return nil
+}
+
+func (x *FieldDescriptorProto) GetProto3Optional() bool {
+	if x != nil && x.Proto3Optional != nil {
+		return *x.Proto3Optional
+	}
+	return false
+}
+
+// Describes a oneof.
+type OneofDescriptorProto struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name    *string       `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Options *OneofOptions `protobuf:"bytes,2,opt,name=options" json:"options,omitempty"`
+}
+
+func (x *OneofDescriptorProto) Reset() {
+	*x = OneofDescriptorProto{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[5]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OneofDescriptorProto) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OneofDescriptorProto) ProtoMessage() {}
+
+func (x *OneofDescriptorProto) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[5]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OneofDescriptorProto.ProtoReflect.Descriptor instead.
+func (*OneofDescriptorProto) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *OneofDescriptorProto) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
+	}
+	return ""
+}
+
+func (x *OneofDescriptorProto) GetOptions() *OneofOptions {
+	if x != nil {
+		return x.Options
+	}
+	return nil
+}
+
+// Describes an enum type.
+type EnumDescriptorProto struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name    *string                     `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Value   []*EnumValueDescriptorProto `protobuf:"bytes,2,rep,name=value" json:"value,omitempty"`
+	Options *EnumOptions                `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
+	// Range of reserved numeric values. Reserved numeric values may not be used
+	// by enum values in the same enum declaration. Reserved ranges may not
+	// overlap.
+	ReservedRange []*EnumDescriptorProto_EnumReservedRange `protobuf:"bytes,4,rep,name=reserved_range,json=reservedRange" json:"reserved_range,omitempty"`
+	// Reserved enum value names, which may not be reused. A given name may only
+	// be reserved once.
+	ReservedName []string `protobuf:"bytes,5,rep,name=reserved_name,json=reservedName" json:"reserved_name,omitempty"`
+}
+
+func (x *EnumDescriptorProto) Reset() {
+	*x = EnumDescriptorProto{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[6]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EnumDescriptorProto) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EnumDescriptorProto) ProtoMessage() {}
+
+func (x *EnumDescriptorProto) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[6]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EnumDescriptorProto.ProtoReflect.Descriptor instead.
+func (*EnumDescriptorProto) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *EnumDescriptorProto) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
+	}
+	return ""
+}
+
+func (x *EnumDescriptorProto) GetValue() []*EnumValueDescriptorProto {
+	if x != nil {
+		return x.Value
+	}
+	return nil
+}
+
+func (x *EnumDescriptorProto) GetOptions() *EnumOptions {
+	if x != nil {
+		return x.Options
+	}
+	return nil
+}
+
+func (x *EnumDescriptorProto) GetReservedRange() []*EnumDescriptorProto_EnumReservedRange {
+	if x != nil {
+		return x.ReservedRange
+	}
+	return nil
+}
+
+func (x *EnumDescriptorProto) GetReservedName() []string {
+	if x != nil {
+		return x.ReservedName
+	}
+	return nil
+}
+
+// Describes a value within an enum.
+type EnumValueDescriptorProto struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name    *string           `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Number  *int32            `protobuf:"varint,2,opt,name=number" json:"number,omitempty"`
+	Options *EnumValueOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
+}
+
+func (x *EnumValueDescriptorProto) Reset() {
+	*x = EnumValueDescriptorProto{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[7]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EnumValueDescriptorProto) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EnumValueDescriptorProto) ProtoMessage() {}
+
+func (x *EnumValueDescriptorProto) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[7]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EnumValueDescriptorProto.ProtoReflect.Descriptor instead.
+func (*EnumValueDescriptorProto) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *EnumValueDescriptorProto) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
+	}
+	return ""
+}
+
+func (x *EnumValueDescriptorProto) GetNumber() int32 {
+	if x != nil && x.Number != nil {
+		return *x.Number
+	}
+	return 0
+}
+
+func (x *EnumValueDescriptorProto) GetOptions() *EnumValueOptions {
+	if x != nil {
+		return x.Options
+	}
+	return nil
+}
+
+// Describes a service.
+type ServiceDescriptorProto struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name    *string                  `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	Method  []*MethodDescriptorProto `protobuf:"bytes,2,rep,name=method" json:"method,omitempty"`
+	Options *ServiceOptions          `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
+}
+
+func (x *ServiceDescriptorProto) Reset() {
+	*x = ServiceDescriptorProto{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[8]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ServiceDescriptorProto) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ServiceDescriptorProto) ProtoMessage() {}
+
+func (x *ServiceDescriptorProto) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[8]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ServiceDescriptorProto.ProtoReflect.Descriptor instead.
+func (*ServiceDescriptorProto) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *ServiceDescriptorProto) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
+	}
+	return ""
+}
+
+func (x *ServiceDescriptorProto) GetMethod() []*MethodDescriptorProto {
+	if x != nil {
+		return x.Method
+	}
+	return nil
+}
+
+func (x *ServiceDescriptorProto) GetOptions() *ServiceOptions {
+	if x != nil {
+		return x.Options
+	}
+	return nil
+}
+
+// Describes a method of a service.
+type MethodDescriptorProto struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name *string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"`
+	// Input and output type names.  These are resolved in the same way as
+	// FieldDescriptorProto.type_name, but must refer to a message type.
+	InputType  *string        `protobuf:"bytes,2,opt,name=input_type,json=inputType" json:"input_type,omitempty"`
+	OutputType *string        `protobuf:"bytes,3,opt,name=output_type,json=outputType" json:"output_type,omitempty"`
+	Options    *MethodOptions `protobuf:"bytes,4,opt,name=options" json:"options,omitempty"`
+	// Identifies if client streams multiple client messages
+	ClientStreaming *bool `protobuf:"varint,5,opt,name=client_streaming,json=clientStreaming,def=0" json:"client_streaming,omitempty"`
+	// Identifies if server streams multiple server messages
+	ServerStreaming *bool `protobuf:"varint,6,opt,name=server_streaming,json=serverStreaming,def=0" json:"server_streaming,omitempty"`
+}
+
+// Default values for MethodDescriptorProto fields.
+const (
+	Default_MethodDescriptorProto_ClientStreaming = bool(false)
+	Default_MethodDescriptorProto_ServerStreaming = bool(false)
+)
+
+func (x *MethodDescriptorProto) Reset() {
+	*x = MethodDescriptorProto{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *MethodDescriptorProto) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MethodDescriptorProto) ProtoMessage() {}
+
+func (x *MethodDescriptorProto) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MethodDescriptorProto.ProtoReflect.Descriptor instead.
+func (*MethodDescriptorProto) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *MethodDescriptorProto) GetName() string {
+	if x != nil && x.Name != nil {
+		return *x.Name
+	}
+	return ""
+}
+
+func (x *MethodDescriptorProto) GetInputType() string {
+	if x != nil && x.InputType != nil {
+		return *x.InputType
+	}
+	return ""
+}
+
+func (x *MethodDescriptorProto) GetOutputType() string {
+	if x != nil && x.OutputType != nil {
+		return *x.OutputType
+	}
+	return ""
+}
+
+func (x *MethodDescriptorProto) GetOptions() *MethodOptions {
+	if x != nil {
+		return x.Options
+	}
+	return nil
+}
+
+func (x *MethodDescriptorProto) GetClientStreaming() bool {
+	if x != nil && x.ClientStreaming != nil {
+		return *x.ClientStreaming
+	}
+	return Default_MethodDescriptorProto_ClientStreaming
+}
+
+func (x *MethodDescriptorProto) GetServerStreaming() bool {
+	if x != nil && x.ServerStreaming != nil {
+		return *x.ServerStreaming
+	}
+	return Default_MethodDescriptorProto_ServerStreaming
+}
+
+type FileOptions struct {
+	state           protoimpl.MessageState
+	sizeCache       protoimpl.SizeCache
+	unknownFields   protoimpl.UnknownFields
+	extensionFields protoimpl.ExtensionFields
+
+	// Sets the Java package where classes generated from this .proto will be
+	// placed.  By default, the proto package is used, but this is often
+	// inappropriate because proto packages do not normally start with backwards
+	// domain names.
+	JavaPackage *string `protobuf:"bytes,1,opt,name=java_package,json=javaPackage" json:"java_package,omitempty"`
+	// If set, all the classes from the .proto file are wrapped in a single
+	// outer class with the given name.  This applies to both Proto1
+	// (equivalent to the old "--one_java_file" option) and Proto2 (where
+	// a .proto always translates to a single class, but you may want to
+	// explicitly choose the class name).
+	JavaOuterClassname *string `protobuf:"bytes,8,opt,name=java_outer_classname,json=javaOuterClassname" json:"java_outer_classname,omitempty"`
+	// If set true, then the Java code generator will generate a separate .java
+	// file for each top-level message, enum, and service defined in the .proto
+	// file.  Thus, these types will *not* be nested inside the outer class
+	// named by java_outer_classname.  However, the outer class will still be
+	// generated to contain the file's getDescriptor() method as well as any
+	// top-level extensions defined in the file.
+	JavaMultipleFiles *bool `protobuf:"varint,10,opt,name=java_multiple_files,json=javaMultipleFiles,def=0" json:"java_multiple_files,omitempty"`
+	// This option does nothing.
+	//
+	// Deprecated: Do not use.
+	JavaGenerateEqualsAndHash *bool `protobuf:"varint,20,opt,name=java_generate_equals_and_hash,json=javaGenerateEqualsAndHash" json:"java_generate_equals_and_hash,omitempty"`
+	// If set true, then the Java2 code generator will generate code that
+	// throws an exception whenever an attempt is made to assign a non-UTF-8
+	// byte sequence to a string field.
+	// Message reflection will do the same.
+	// However, an extension field still accepts non-UTF-8 byte sequences.
+	// This option has no effect on when used with the lite runtime.
+	JavaStringCheckUtf8 *bool                     `protobuf:"varint,27,opt,name=java_string_check_utf8,json=javaStringCheckUtf8,def=0" json:"java_string_check_utf8,omitempty"`
+	OptimizeFor         *FileOptions_OptimizeMode `protobuf:"varint,9,opt,name=optimize_for,json=optimizeFor,enum=google.protobuf.FileOptions_OptimizeMode,def=1" json:"optimize_for,omitempty"`
+	// Sets the Go package where structs generated from this .proto will be
+	// placed. If omitted, the Go package will be derived from the following:
+	//   - The basename of the package import path, if provided.
+	//   - Otherwise, the package statement in the .proto file, if present.
+	//   - Otherwise, the basename of the .proto file, without extension.
+	GoPackage *string `protobuf:"bytes,11,opt,name=go_package,json=goPackage" json:"go_package,omitempty"`
+	// Should generic services be generated in each language?  "Generic" services
+	// are not specific to any particular RPC system.  They are generated by the
+	// main code generators in each language (without additional plugins).
+	// Generic services were the only kind of service generation supported by
+	// early versions of google.protobuf.
+	//
+	// Generic services are now considered deprecated in favor of using plugins
+	// that generate code specific to your particular RPC system.  Therefore,
+	// these default to false.  Old code which depends on generic services should
+	// explicitly set them to true.
+	CcGenericServices   *bool `protobuf:"varint,16,opt,name=cc_generic_services,json=ccGenericServices,def=0" json:"cc_generic_services,omitempty"`
+	JavaGenericServices *bool `protobuf:"varint,17,opt,name=java_generic_services,json=javaGenericServices,def=0" json:"java_generic_services,omitempty"`
+	PyGenericServices   *bool `protobuf:"varint,18,opt,name=py_generic_services,json=pyGenericServices,def=0" json:"py_generic_services,omitempty"`
+	PhpGenericServices  *bool `protobuf:"varint,42,opt,name=php_generic_services,json=phpGenericServices,def=0" json:"php_generic_services,omitempty"`
+	// Is this file deprecated?
+	// Depending on the target platform, this can emit Deprecated annotations
+	// for everything in the file, or it will be completely ignored; in the very
+	// least, this is a formalization for deprecating files.
+	Deprecated *bool `protobuf:"varint,23,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
+	// Enables the use of arenas for the proto messages in this file. This applies
+	// only to generated classes for C++.
+	CcEnableArenas *bool `protobuf:"varint,31,opt,name=cc_enable_arenas,json=ccEnableArenas,def=1" json:"cc_enable_arenas,omitempty"`
+	// Sets the objective c class prefix which is prepended to all objective c
+	// generated classes from this .proto. There is no default.
+	ObjcClassPrefix *string `protobuf:"bytes,36,opt,name=objc_class_prefix,json=objcClassPrefix" json:"objc_class_prefix,omitempty"`
+	// Namespace for generated classes; defaults to the package.
+	CsharpNamespace *string `protobuf:"bytes,37,opt,name=csharp_namespace,json=csharpNamespace" json:"csharp_namespace,omitempty"`
+	// By default Swift generators will take the proto package and CamelCase it
+	// replacing '.' with underscore and use that to prefix the types/symbols
+	// defined. When this options is provided, they will use this value instead
+	// to prefix the types/symbols defined.
+	SwiftPrefix *string `protobuf:"bytes,39,opt,name=swift_prefix,json=swiftPrefix" json:"swift_prefix,omitempty"`
+	// Sets the php class prefix which is prepended to all php generated classes
+	// from this .proto. Default is empty.
+	PhpClassPrefix *string `protobuf:"bytes,40,opt,name=php_class_prefix,json=phpClassPrefix" json:"php_class_prefix,omitempty"`
+	// Use this option to change the namespace of php generated classes. Default
+	// is empty. When this option is empty, the package name will be used for
+	// determining the namespace.
+	PhpNamespace *string `protobuf:"bytes,41,opt,name=php_namespace,json=phpNamespace" json:"php_namespace,omitempty"`
+	// Use this option to change the namespace of php generated metadata classes.
+	// Default is empty. When this option is empty, the proto file name will be
+	// used for determining the namespace.
+	PhpMetadataNamespace *string `protobuf:"bytes,44,opt,name=php_metadata_namespace,json=phpMetadataNamespace" json:"php_metadata_namespace,omitempty"`
+	// Use this option to change the package of ruby generated classes. Default
+	// is empty. When this option is not set, the package name will be used for
+	// determining the ruby package.
+	RubyPackage *string `protobuf:"bytes,45,opt,name=ruby_package,json=rubyPackage" json:"ruby_package,omitempty"`
+	// The parser stores options it doesn't recognize here.
+	// See the documentation for the "Options" section above.
+	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+}
+
+// Default values for FileOptions fields.
+const (
+	Default_FileOptions_JavaMultipleFiles   = bool(false)
+	Default_FileOptions_JavaStringCheckUtf8 = bool(false)
+	Default_FileOptions_OptimizeFor         = FileOptions_SPEED
+	Default_FileOptions_CcGenericServices   = bool(false)
+	Default_FileOptions_JavaGenericServices = bool(false)
+	Default_FileOptions_PyGenericServices   = bool(false)
+	Default_FileOptions_PhpGenericServices  = bool(false)
+	Default_FileOptions_Deprecated          = bool(false)
+	Default_FileOptions_CcEnableArenas      = bool(true)
+)
+
+func (x *FileOptions) Reset() {
+	*x = FileOptions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FileOptions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FileOptions) ProtoMessage() {}
+
+func (x *FileOptions) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FileOptions.ProtoReflect.Descriptor instead.
+func (*FileOptions) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *FileOptions) GetJavaPackage() string {
+	if x != nil && x.JavaPackage != nil {
+		return *x.JavaPackage
+	}
+	return ""
+}
+
+func (x *FileOptions) GetJavaOuterClassname() string {
+	if x != nil && x.JavaOuterClassname != nil {
+		return *x.JavaOuterClassname
+	}
+	return ""
+}
+
+func (x *FileOptions) GetJavaMultipleFiles() bool {
+	if x != nil && x.JavaMultipleFiles != nil {
+		return *x.JavaMultipleFiles
+	}
+	return Default_FileOptions_JavaMultipleFiles
+}
+
+// Deprecated: Do not use.
+func (x *FileOptions) GetJavaGenerateEqualsAndHash() bool {
+	if x != nil && x.JavaGenerateEqualsAndHash != nil {
+		return *x.JavaGenerateEqualsAndHash
+	}
+	return false
+}
+
+func (x *FileOptions) GetJavaStringCheckUtf8() bool {
+	if x != nil && x.JavaStringCheckUtf8 != nil {
+		return *x.JavaStringCheckUtf8
+	}
+	return Default_FileOptions_JavaStringCheckUtf8
+}
+
+func (x *FileOptions) GetOptimizeFor() FileOptions_OptimizeMode {
+	if x != nil && x.OptimizeFor != nil {
+		return *x.OptimizeFor
+	}
+	return Default_FileOptions_OptimizeFor
+}
+
+func (x *FileOptions) GetGoPackage() string {
+	if x != nil && x.GoPackage != nil {
+		return *x.GoPackage
+	}
+	return ""
+}
+
+func (x *FileOptions) GetCcGenericServices() bool {
+	if x != nil && x.CcGenericServices != nil {
+		return *x.CcGenericServices
+	}
+	return Default_FileOptions_CcGenericServices
+}
+
+func (x *FileOptions) GetJavaGenericServices() bool {
+	if x != nil && x.JavaGenericServices != nil {
+		return *x.JavaGenericServices
+	}
+	return Default_FileOptions_JavaGenericServices
+}
+
+func (x *FileOptions) GetPyGenericServices() bool {
+	if x != nil && x.PyGenericServices != nil {
+		return *x.PyGenericServices
+	}
+	return Default_FileOptions_PyGenericServices
+}
+
+func (x *FileOptions) GetPhpGenericServices() bool {
+	if x != nil && x.PhpGenericServices != nil {
+		return *x.PhpGenericServices
+	}
+	return Default_FileOptions_PhpGenericServices
+}
+
+func (x *FileOptions) GetDeprecated() bool {
+	if x != nil && x.Deprecated != nil {
+		return *x.Deprecated
+	}
+	return Default_FileOptions_Deprecated
+}
+
+func (x *FileOptions) GetCcEnableArenas() bool {
+	if x != nil && x.CcEnableArenas != nil {
+		return *x.CcEnableArenas
+	}
+	return Default_FileOptions_CcEnableArenas
+}
+
+func (x *FileOptions) GetObjcClassPrefix() string {
+	if x != nil && x.ObjcClassPrefix != nil {
+		return *x.ObjcClassPrefix
+	}
+	return ""
+}
+
+func (x *FileOptions) GetCsharpNamespace() string {
+	if x != nil && x.CsharpNamespace != nil {
+		return *x.CsharpNamespace
+	}
+	return ""
+}
+
+func (x *FileOptions) GetSwiftPrefix() string {
+	if x != nil && x.SwiftPrefix != nil {
+		return *x.SwiftPrefix
+	}
+	return ""
+}
+
+func (x *FileOptions) GetPhpClassPrefix() string {
+	if x != nil && x.PhpClassPrefix != nil {
+		return *x.PhpClassPrefix
+	}
+	return ""
+}
+
+func (x *FileOptions) GetPhpNamespace() string {
+	if x != nil && x.PhpNamespace != nil {
+		return *x.PhpNamespace
+	}
+	return ""
+}
+
+func (x *FileOptions) GetPhpMetadataNamespace() string {
+	if x != nil && x.PhpMetadataNamespace != nil {
+		return *x.PhpMetadataNamespace
+	}
+	return ""
+}
+
+func (x *FileOptions) GetRubyPackage() string {
+	if x != nil && x.RubyPackage != nil {
+		return *x.RubyPackage
+	}
+	return ""
+}
+
+func (x *FileOptions) GetUninterpretedOption() []*UninterpretedOption {
+	if x != nil {
+		return x.UninterpretedOption
+	}
+	return nil
+}
+
+type MessageOptions struct {
+	state           protoimpl.MessageState
+	sizeCache       protoimpl.SizeCache
+	unknownFields   protoimpl.UnknownFields
+	extensionFields protoimpl.ExtensionFields
+
+	// Set true to use the old proto1 MessageSet wire format for extensions.
+	// This is provided for backwards-compatibility with the MessageSet wire
+	// format.  You should not use this for any other reason:  It's less
+	// efficient, has fewer features, and is more complicated.
+	//
+	// The message must be defined exactly as follows:
+	//   message Foo {
+	//     option message_set_wire_format = true;
+	//     extensions 4 to max;
+	//   }
+	// Note that the message cannot have any defined fields; MessageSets only
+	// have extensions.
+	//
+	// All extensions of your type must be singular messages; e.g. they cannot
+	// be int32s, enums, or repeated messages.
+	//
+	// Because this is an option, the above two restrictions are not enforced by
+	// the protocol compiler.
+	MessageSetWireFormat *bool `protobuf:"varint,1,opt,name=message_set_wire_format,json=messageSetWireFormat,def=0" json:"message_set_wire_format,omitempty"`
+	// Disables the generation of the standard "descriptor()" accessor, which can
+	// conflict with a field of the same name.  This is meant to make migration
+	// from proto1 easier; new code should avoid fields named "descriptor".
+	NoStandardDescriptorAccessor *bool `protobuf:"varint,2,opt,name=no_standard_descriptor_accessor,json=noStandardDescriptorAccessor,def=0" json:"no_standard_descriptor_accessor,omitempty"`
+	// Is this message deprecated?
+	// Depending on the target platform, this can emit Deprecated annotations
+	// for the message, or it will be completely ignored; in the very least,
+	// this is a formalization for deprecating messages.
+	Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
+	// Whether the message is an automatically generated map entry type for the
+	// maps field.
+	//
+	// For maps fields:
+	//     map<KeyType, ValueType> map_field = 1;
+	// The parsed descriptor looks like:
+	//     message MapFieldEntry {
+	//         option map_entry = true;
+	//         optional KeyType key = 1;
+	//         optional ValueType value = 2;
+	//     }
+	//     repeated MapFieldEntry map_field = 1;
+	//
+	// Implementations may choose not to generate the map_entry=true message, but
+	// use a native map in the target language to hold the keys and values.
+	// The reflection APIs in such implementations still need to work as
+	// if the field is a repeated message field.
+	//
+	// NOTE: Do not set the option in .proto files. Always use the maps syntax
+	// instead. The option should only be implicitly set by the proto compiler
+	// parser.
+	MapEntry *bool `protobuf:"varint,7,opt,name=map_entry,json=mapEntry" json:"map_entry,omitempty"`
+	// The parser stores options it doesn't recognize here. See above.
+	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+}
+
+// Default values for MessageOptions fields.
+const (
+	Default_MessageOptions_MessageSetWireFormat         = bool(false)
+	Default_MessageOptions_NoStandardDescriptorAccessor = bool(false)
+	Default_MessageOptions_Deprecated                   = bool(false)
+)
+
+func (x *MessageOptions) Reset() {
+	*x = MessageOptions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[11]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *MessageOptions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MessageOptions) ProtoMessage() {}
+
+func (x *MessageOptions) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[11]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MessageOptions.ProtoReflect.Descriptor instead.
+func (*MessageOptions) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *MessageOptions) GetMessageSetWireFormat() bool {
+	if x != nil && x.MessageSetWireFormat != nil {
+		return *x.MessageSetWireFormat
+	}
+	return Default_MessageOptions_MessageSetWireFormat
+}
+
+func (x *MessageOptions) GetNoStandardDescriptorAccessor() bool {
+	if x != nil && x.NoStandardDescriptorAccessor != nil {
+		return *x.NoStandardDescriptorAccessor
+	}
+	return Default_MessageOptions_NoStandardDescriptorAccessor
+}
+
+func (x *MessageOptions) GetDeprecated() bool {
+	if x != nil && x.Deprecated != nil {
+		return *x.Deprecated
+	}
+	return Default_MessageOptions_Deprecated
+}
+
+func (x *MessageOptions) GetMapEntry() bool {
+	if x != nil && x.MapEntry != nil {
+		return *x.MapEntry
+	}
+	return false
+}
+
+func (x *MessageOptions) GetUninterpretedOption() []*UninterpretedOption {
+	if x != nil {
+		return x.UninterpretedOption
+	}
+	return nil
+}
+
+type FieldOptions struct {
+	state           protoimpl.MessageState
+	sizeCache       protoimpl.SizeCache
+	unknownFields   protoimpl.UnknownFields
+	extensionFields protoimpl.ExtensionFields
+
+	// The ctype option instructs the C++ code generator to use a different
+	// representation of the field than it normally would.  See the specific
+	// options below.  This option is not yet implemented in the open source
+	// release -- sorry, we'll try to include it in a future version!
+	Ctype *FieldOptions_CType `protobuf:"varint,1,opt,name=ctype,enum=google.protobuf.FieldOptions_CType,def=0" json:"ctype,omitempty"`
+	// The packed option can be enabled for repeated primitive fields to enable
+	// a more efficient representation on the wire. Rather than repeatedly
+	// writing the tag and type for each element, the entire array is encoded as
+	// a single length-delimited blob. In proto3, only explicit setting it to
+	// false will avoid using packed encoding.
+	Packed *bool `protobuf:"varint,2,opt,name=packed" json:"packed,omitempty"`
+	// The jstype option determines the JavaScript type used for values of the
+	// field.  The option is permitted only for 64 bit integral and fixed types
+	// (int64, uint64, sint64, fixed64, sfixed64).  A field with jstype JS_STRING
+	// is represented as JavaScript string, which avoids loss of precision that
+	// can happen when a large value is converted to a floating point JavaScript.
+	// Specifying JS_NUMBER for the jstype causes the generated JavaScript code to
+	// use the JavaScript "number" type.  The behavior of the default option
+	// JS_NORMAL is implementation dependent.
+	//
+	// This option is an enum to permit additional types to be added, e.g.
+	// goog.math.Integer.
+	Jstype *FieldOptions_JSType `protobuf:"varint,6,opt,name=jstype,enum=google.protobuf.FieldOptions_JSType,def=0" json:"jstype,omitempty"`
+	// Should this field be parsed lazily?  Lazy applies only to message-type
+	// fields.  It means that when the outer message is initially parsed, the
+	// inner message's contents will not be parsed but instead stored in encoded
+	// form.  The inner message will actually be parsed when it is first accessed.
+	//
+	// This is only a hint.  Implementations are free to choose whether to use
+	// eager or lazy parsing regardless of the value of this option.  However,
+	// setting this option true suggests that the protocol author believes that
+	// using lazy parsing on this field is worth the additional bookkeeping
+	// overhead typically needed to implement it.
+	//
+	// This option does not affect the public interface of any generated code;
+	// all method signatures remain the same.  Furthermore, thread-safety of the
+	// interface is not affected by this option; const methods remain safe to
+	// call from multiple threads concurrently, while non-const methods continue
+	// to require exclusive access.
+	//
+	//
+	// Note that implementations may choose not to check required fields within
+	// a lazy sub-message.  That is, calling IsInitialized() on the outer message
+	// may return true even if the inner message has missing required fields.
+	// This is necessary because otherwise the inner message would have to be
+	// parsed in order to perform the check, defeating the purpose of lazy
+	// parsing.  An implementation which chooses not to check required fields
+	// must be consistent about it.  That is, for any particular sub-message, the
+	// implementation must either *always* check its required fields, or *never*
+	// check its required fields, regardless of whether or not the message has
+	// been parsed.
+	Lazy *bool `protobuf:"varint,5,opt,name=lazy,def=0" json:"lazy,omitempty"`
+	// Is this field deprecated?
+	// Depending on the target platform, this can emit Deprecated annotations
+	// for accessors, or it will be completely ignored; in the very least, this
+	// is a formalization for deprecating fields.
+	Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
+	// For Google-internal migration only. Do not use.
+	Weak *bool `protobuf:"varint,10,opt,name=weak,def=0" json:"weak,omitempty"`
+	// The parser stores options it doesn't recognize here. See above.
+	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+}
+
+// Default values for FieldOptions fields.
+const (
+	Default_FieldOptions_Ctype      = FieldOptions_STRING
+	Default_FieldOptions_Jstype     = FieldOptions_JS_NORMAL
+	Default_FieldOptions_Lazy       = bool(false)
+	Default_FieldOptions_Deprecated = bool(false)
+	Default_FieldOptions_Weak       = bool(false)
+)
+
+func (x *FieldOptions) Reset() {
+	*x = FieldOptions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[12]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *FieldOptions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*FieldOptions) ProtoMessage() {}
+
+func (x *FieldOptions) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[12]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use FieldOptions.ProtoReflect.Descriptor instead.
+func (*FieldOptions) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *FieldOptions) GetCtype() FieldOptions_CType {
+	if x != nil && x.Ctype != nil {
+		return *x.Ctype
+	}
+	return Default_FieldOptions_Ctype
+}
+
+func (x *FieldOptions) GetPacked() bool {
+	if x != nil && x.Packed != nil {
+		return *x.Packed
+	}
+	return false
+}
+
+func (x *FieldOptions) GetJstype() FieldOptions_JSType {
+	if x != nil && x.Jstype != nil {
+		return *x.Jstype
+	}
+	return Default_FieldOptions_Jstype
+}
+
+func (x *FieldOptions) GetLazy() bool {
+	if x != nil && x.Lazy != nil {
+		return *x.Lazy
+	}
+	return Default_FieldOptions_Lazy
+}
+
+func (x *FieldOptions) GetDeprecated() bool {
+	if x != nil && x.Deprecated != nil {
+		return *x.Deprecated
+	}
+	return Default_FieldOptions_Deprecated
+}
+
+func (x *FieldOptions) GetWeak() bool {
+	if x != nil && x.Weak != nil {
+		return *x.Weak
+	}
+	return Default_FieldOptions_Weak
+}
+
+func (x *FieldOptions) GetUninterpretedOption() []*UninterpretedOption {
+	if x != nil {
+		return x.UninterpretedOption
+	}
+	return nil
+}
+
+type OneofOptions struct {
+	state           protoimpl.MessageState
+	sizeCache       protoimpl.SizeCache
+	unknownFields   protoimpl.UnknownFields
+	extensionFields protoimpl.ExtensionFields
+
+	// The parser stores options it doesn't recognize here. See above.
+	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+}
+
+func (x *OneofOptions) Reset() {
+	*x = OneofOptions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[13]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *OneofOptions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OneofOptions) ProtoMessage() {}
+
+func (x *OneofOptions) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[13]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use OneofOptions.ProtoReflect.Descriptor instead.
+func (*OneofOptions) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *OneofOptions) GetUninterpretedOption() []*UninterpretedOption {
+	if x != nil {
+		return x.UninterpretedOption
+	}
+	return nil
+}
+
+type EnumOptions struct {
+	state           protoimpl.MessageState
+	sizeCache       protoimpl.SizeCache
+	unknownFields   protoimpl.UnknownFields
+	extensionFields protoimpl.ExtensionFields
+
+	// Set this option to true to allow mapping different tag names to the same
+	// value.
+	AllowAlias *bool `protobuf:"varint,2,opt,name=allow_alias,json=allowAlias" json:"allow_alias,omitempty"`
+	// Is this enum deprecated?
+	// Depending on the target platform, this can emit Deprecated annotations
+	// for the enum, or it will be completely ignored; in the very least, this
+	// is a formalization for deprecating enums.
+	Deprecated *bool `protobuf:"varint,3,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
+	// The parser stores options it doesn't recognize here. See above.
+	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+}
+
+// Default values for EnumOptions fields.
+const (
+	Default_EnumOptions_Deprecated = bool(false)
+)
+
+func (x *EnumOptions) Reset() {
+	*x = EnumOptions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[14]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EnumOptions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EnumOptions) ProtoMessage() {}
+
+func (x *EnumOptions) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[14]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EnumOptions.ProtoReflect.Descriptor instead.
+func (*EnumOptions) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{14}
+}
+
+func (x *EnumOptions) GetAllowAlias() bool {
+	if x != nil && x.AllowAlias != nil {
+		return *x.AllowAlias
+	}
+	return false
+}
+
+func (x *EnumOptions) GetDeprecated() bool {
+	if x != nil && x.Deprecated != nil {
+		return *x.Deprecated
+	}
+	return Default_EnumOptions_Deprecated
+}
+
+func (x *EnumOptions) GetUninterpretedOption() []*UninterpretedOption {
+	if x != nil {
+		return x.UninterpretedOption
+	}
+	return nil
+}
+
+type EnumValueOptions struct {
+	state           protoimpl.MessageState
+	sizeCache       protoimpl.SizeCache
+	unknownFields   protoimpl.UnknownFields
+	extensionFields protoimpl.ExtensionFields
+
+	// Is this enum value deprecated?
+	// Depending on the target platform, this can emit Deprecated annotations
+	// for the enum value, or it will be completely ignored; in the very least,
+	// this is a formalization for deprecating enum values.
+	Deprecated *bool `protobuf:"varint,1,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
+	// The parser stores options it doesn't recognize here. See above.
+	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+}
+
+// Default values for EnumValueOptions fields.
+const (
+	Default_EnumValueOptions_Deprecated = bool(false)
+)
+
+func (x *EnumValueOptions) Reset() {
+	*x = EnumValueOptions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[15]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EnumValueOptions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EnumValueOptions) ProtoMessage() {}
+
+func (x *EnumValueOptions) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[15]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EnumValueOptions.ProtoReflect.Descriptor instead.
+func (*EnumValueOptions) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{15}
+}
+
+func (x *EnumValueOptions) GetDeprecated() bool {
+	if x != nil && x.Deprecated != nil {
+		return *x.Deprecated
+	}
+	return Default_EnumValueOptions_Deprecated
+}
+
+func (x *EnumValueOptions) GetUninterpretedOption() []*UninterpretedOption {
+	if x != nil {
+		return x.UninterpretedOption
+	}
+	return nil
+}
+
+type ServiceOptions struct {
+	state           protoimpl.MessageState
+	sizeCache       protoimpl.SizeCache
+	unknownFields   protoimpl.UnknownFields
+	extensionFields protoimpl.ExtensionFields
+
+	// Is this service deprecated?
+	// Depending on the target platform, this can emit Deprecated annotations
+	// for the service, or it will be completely ignored; in the very least,
+	// this is a formalization for deprecating services.
+	Deprecated *bool `protobuf:"varint,33,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
+	// The parser stores options it doesn't recognize here. See above.
+	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+}
+
+// Default values for ServiceOptions fields.
+const (
+	Default_ServiceOptions_Deprecated = bool(false)
+)
+
+func (x *ServiceOptions) Reset() {
+	*x = ServiceOptions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[16]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *ServiceOptions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ServiceOptions) ProtoMessage() {}
+
+func (x *ServiceOptions) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[16]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use ServiceOptions.ProtoReflect.Descriptor instead.
+func (*ServiceOptions) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{16}
+}
+
+func (x *ServiceOptions) GetDeprecated() bool {
+	if x != nil && x.Deprecated != nil {
+		return *x.Deprecated
+	}
+	return Default_ServiceOptions_Deprecated
+}
+
+func (x *ServiceOptions) GetUninterpretedOption() []*UninterpretedOption {
+	if x != nil {
+		return x.UninterpretedOption
+	}
+	return nil
+}
+
+type MethodOptions struct {
+	state           protoimpl.MessageState
+	sizeCache       protoimpl.SizeCache
+	unknownFields   protoimpl.UnknownFields
+	extensionFields protoimpl.ExtensionFields
+
+	// Is this method deprecated?
+	// Depending on the target platform, this can emit Deprecated annotations
+	// for the method, or it will be completely ignored; in the very least,
+	// this is a formalization for deprecating methods.
+	Deprecated       *bool                           `protobuf:"varint,33,opt,name=deprecated,def=0" json:"deprecated,omitempty"`
+	IdempotencyLevel *MethodOptions_IdempotencyLevel `protobuf:"varint,34,opt,name=idempotency_level,json=idempotencyLevel,enum=google.protobuf.MethodOptions_IdempotencyLevel,def=0" json:"idempotency_level,omitempty"`
+	// The parser stores options it doesn't recognize here. See above.
+	UninterpretedOption []*UninterpretedOption `protobuf:"bytes,999,rep,name=uninterpreted_option,json=uninterpretedOption" json:"uninterpreted_option,omitempty"`
+}
+
+// Default values for MethodOptions fields.
+const (
+	Default_MethodOptions_Deprecated       = bool(false)
+	Default_MethodOptions_IdempotencyLevel = MethodOptions_IDEMPOTENCY_UNKNOWN
+)
+
+func (x *MethodOptions) Reset() {
+	*x = MethodOptions{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[17]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *MethodOptions) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MethodOptions) ProtoMessage() {}
+
+func (x *MethodOptions) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[17]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MethodOptions.ProtoReflect.Descriptor instead.
+func (*MethodOptions) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{17}
+}
+
+func (x *MethodOptions) GetDeprecated() bool {
+	if x != nil && x.Deprecated != nil {
+		return *x.Deprecated
+	}
+	return Default_MethodOptions_Deprecated
+}
+
+func (x *MethodOptions) GetIdempotencyLevel() MethodOptions_IdempotencyLevel {
+	if x != nil && x.IdempotencyLevel != nil {
+		return *x.IdempotencyLevel
+	}
+	return Default_MethodOptions_IdempotencyLevel
+}
+
+func (x *MethodOptions) GetUninterpretedOption() []*UninterpretedOption {
+	if x != nil {
+		return x.UninterpretedOption
+	}
+	return nil
+}
+
+// A message representing a option the parser does not recognize. This only
+// appears in options protos created by the compiler::Parser class.
+// DescriptorPool resolves these when building Descriptor objects. Therefore,
+// options protos in descriptor objects (e.g. returned by Descriptor::options(),
+// or produced by Descriptor::CopyTo()) will never have UninterpretedOptions
+// in them.
+type UninterpretedOption struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name []*UninterpretedOption_NamePart `protobuf:"bytes,2,rep,name=name" json:"name,omitempty"`
+	// The value of the uninterpreted option, in whatever type the tokenizer
+	// identified it as during parsing. Exactly one of these should be set.
+	IdentifierValue  *string  `protobuf:"bytes,3,opt,name=identifier_value,json=identifierValue" json:"identifier_value,omitempty"`
+	PositiveIntValue *uint64  `protobuf:"varint,4,opt,name=positive_int_value,json=positiveIntValue" json:"positive_int_value,omitempty"`
+	NegativeIntValue *int64   `protobuf:"varint,5,opt,name=negative_int_value,json=negativeIntValue" json:"negative_int_value,omitempty"`
+	DoubleValue      *float64 `protobuf:"fixed64,6,opt,name=double_value,json=doubleValue" json:"double_value,omitempty"`
+	StringValue      []byte   `protobuf:"bytes,7,opt,name=string_value,json=stringValue" json:"string_value,omitempty"`
+	AggregateValue   *string  `protobuf:"bytes,8,opt,name=aggregate_value,json=aggregateValue" json:"aggregate_value,omitempty"`
+}
+
+func (x *UninterpretedOption) Reset() {
+	*x = UninterpretedOption{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[18]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UninterpretedOption) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UninterpretedOption) ProtoMessage() {}
+
+func (x *UninterpretedOption) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[18]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UninterpretedOption.ProtoReflect.Descriptor instead.
+func (*UninterpretedOption) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{18}
+}
+
+func (x *UninterpretedOption) GetName() []*UninterpretedOption_NamePart {
+	if x != nil {
+		return x.Name
+	}
+	return nil
+}
+
+func (x *UninterpretedOption) GetIdentifierValue() string {
+	if x != nil && x.IdentifierValue != nil {
+		return *x.IdentifierValue
+	}
+	return ""
+}
+
+func (x *UninterpretedOption) GetPositiveIntValue() uint64 {
+	if x != nil && x.PositiveIntValue != nil {
+		return *x.PositiveIntValue
+	}
+	return 0
+}
+
+func (x *UninterpretedOption) GetNegativeIntValue() int64 {
+	if x != nil && x.NegativeIntValue != nil {
+		return *x.NegativeIntValue
+	}
+	return 0
+}
+
+func (x *UninterpretedOption) GetDoubleValue() float64 {
+	if x != nil && x.DoubleValue != nil {
+		return *x.DoubleValue
+	}
+	return 0
+}
+
+func (x *UninterpretedOption) GetStringValue() []byte {
+	if x != nil {
+		return x.StringValue
+	}
+	return nil
+}
+
+func (x *UninterpretedOption) GetAggregateValue() string {
+	if x != nil && x.AggregateValue != nil {
+		return *x.AggregateValue
+	}
+	return ""
+}
+
+// Encapsulates information about the original source file from which a
+// FileDescriptorProto was generated.
+type SourceCodeInfo struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// A Location identifies a piece of source code in a .proto file which
+	// corresponds to a particular definition.  This information is intended
+	// to be useful to IDEs, code indexers, documentation generators, and similar
+	// tools.
+	//
+	// For example, say we have a file like:
+	//   message Foo {
+	//     optional string foo = 1;
+	//   }
+	// Let's look at just the field definition:
+	//   optional string foo = 1;
+	//   ^       ^^     ^^  ^  ^^^
+	//   a       bc     de  f  ghi
+	// We have the following locations:
+	//   span   path               represents
+	//   [a,i)  [ 4, 0, 2, 0 ]     The whole field definition.
+	//   [a,b)  [ 4, 0, 2, 0, 4 ]  The label (optional).
+	//   [c,d)  [ 4, 0, 2, 0, 5 ]  The type (string).
+	//   [e,f)  [ 4, 0, 2, 0, 1 ]  The name (foo).
+	//   [g,h)  [ 4, 0, 2, 0, 3 ]  The number (1).
+	//
+	// Notes:
+	// - A location may refer to a repeated field itself (i.e. not to any
+	//   particular index within it).  This is used whenever a set of elements are
+	//   logically enclosed in a single code segment.  For example, an entire
+	//   extend block (possibly containing multiple extension definitions) will
+	//   have an outer location whose path refers to the "extensions" repeated
+	//   field without an index.
+	// - Multiple locations may have the same path.  This happens when a single
+	//   logical declaration is spread out across multiple places.  The most
+	//   obvious example is the "extend" block again -- there may be multiple
+	//   extend blocks in the same scope, each of which will have the same path.
+	// - A location's span is not always a subset of its parent's span.  For
+	//   example, the "extendee" of an extension declaration appears at the
+	//   beginning of the "extend" block and is shared by all extensions within
+	//   the block.
+	// - Just because a location's span is a subset of some other location's span
+	//   does not mean that it is a descendant.  For example, a "group" defines
+	//   both a type and a field in a single declaration.  Thus, the locations
+	//   corresponding to the type and field and their components will overlap.
+	// - Code which tries to interpret locations should probably be designed to
+	//   ignore those that it doesn't understand, as more types of locations could
+	//   be recorded in the future.
+	Location []*SourceCodeInfo_Location `protobuf:"bytes,1,rep,name=location" json:"location,omitempty"`
+}
+
+func (x *SourceCodeInfo) Reset() {
+	*x = SourceCodeInfo{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[19]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SourceCodeInfo) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SourceCodeInfo) ProtoMessage() {}
+
+func (x *SourceCodeInfo) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[19]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SourceCodeInfo.ProtoReflect.Descriptor instead.
+func (*SourceCodeInfo) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{19}
+}
+
+func (x *SourceCodeInfo) GetLocation() []*SourceCodeInfo_Location {
+	if x != nil {
+		return x.Location
+	}
+	return nil
+}
+
+// Describes the relationship between generated code and its original source
+// file. A GeneratedCodeInfo message is associated with only one generated
+// source file, but may contain references to different source .proto files.
+type GeneratedCodeInfo struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// An Annotation connects some span of text in generated code to an element
+	// of its generating .proto file.
+	Annotation []*GeneratedCodeInfo_Annotation `protobuf:"bytes,1,rep,name=annotation" json:"annotation,omitempty"`
+}
+
+func (x *GeneratedCodeInfo) Reset() {
+	*x = GeneratedCodeInfo{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[20]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GeneratedCodeInfo) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GeneratedCodeInfo) ProtoMessage() {}
+
+func (x *GeneratedCodeInfo) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[20]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GeneratedCodeInfo.ProtoReflect.Descriptor instead.
+func (*GeneratedCodeInfo) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{20}
+}
+
+func (x *GeneratedCodeInfo) GetAnnotation() []*GeneratedCodeInfo_Annotation {
+	if x != nil {
+		return x.Annotation
+	}
+	return nil
+}
+
+type DescriptorProto_ExtensionRange struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Start   *int32                 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive.
+	End     *int32                 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"`     // Exclusive.
+	Options *ExtensionRangeOptions `protobuf:"bytes,3,opt,name=options" json:"options,omitempty"`
+}
+
+func (x *DescriptorProto_ExtensionRange) Reset() {
+	*x = DescriptorProto_ExtensionRange{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[21]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DescriptorProto_ExtensionRange) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DescriptorProto_ExtensionRange) ProtoMessage() {}
+
+func (x *DescriptorProto_ExtensionRange) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[21]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DescriptorProto_ExtensionRange.ProtoReflect.Descriptor instead.
+func (*DescriptorProto_ExtensionRange) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{2, 0}
+}
+
+func (x *DescriptorProto_ExtensionRange) GetStart() int32 {
+	if x != nil && x.Start != nil {
+		return *x.Start
+	}
+	return 0
+}
+
+func (x *DescriptorProto_ExtensionRange) GetEnd() int32 {
+	if x != nil && x.End != nil {
+		return *x.End
+	}
+	return 0
+}
+
+func (x *DescriptorProto_ExtensionRange) GetOptions() *ExtensionRangeOptions {
+	if x != nil {
+		return x.Options
+	}
+	return nil
+}
+
+// Range of reserved tag numbers. Reserved tag numbers may not be used by
+// fields or extension ranges in the same message. Reserved ranges may
+// not overlap.
+type DescriptorProto_ReservedRange struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive.
+	End   *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"`     // Exclusive.
+}
+
+func (x *DescriptorProto_ReservedRange) Reset() {
+	*x = DescriptorProto_ReservedRange{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[22]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *DescriptorProto_ReservedRange) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DescriptorProto_ReservedRange) ProtoMessage() {}
+
+func (x *DescriptorProto_ReservedRange) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[22]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use DescriptorProto_ReservedRange.ProtoReflect.Descriptor instead.
+func (*DescriptorProto_ReservedRange) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{2, 1}
+}
+
+func (x *DescriptorProto_ReservedRange) GetStart() int32 {
+	if x != nil && x.Start != nil {
+		return *x.Start
+	}
+	return 0
+}
+
+func (x *DescriptorProto_ReservedRange) GetEnd() int32 {
+	if x != nil && x.End != nil {
+		return *x.End
+	}
+	return 0
+}
+
+// Range of reserved numeric values. Reserved values may not be used by
+// entries in the same enum. Reserved ranges may not overlap.
+//
+// Note that this is distinct from DescriptorProto.ReservedRange in that it
+// is inclusive such that it can appropriately represent the entire int32
+// domain.
+type EnumDescriptorProto_EnumReservedRange struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Start *int32 `protobuf:"varint,1,opt,name=start" json:"start,omitempty"` // Inclusive.
+	End   *int32 `protobuf:"varint,2,opt,name=end" json:"end,omitempty"`     // Inclusive.
+}
+
+func (x *EnumDescriptorProto_EnumReservedRange) Reset() {
+	*x = EnumDescriptorProto_EnumReservedRange{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *EnumDescriptorProto_EnumReservedRange) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*EnumDescriptorProto_EnumReservedRange) ProtoMessage() {}
+
+func (x *EnumDescriptorProto_EnumReservedRange) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[23]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use EnumDescriptorProto_EnumReservedRange.ProtoReflect.Descriptor instead.
+func (*EnumDescriptorProto_EnumReservedRange) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{6, 0}
+}
+
+func (x *EnumDescriptorProto_EnumReservedRange) GetStart() int32 {
+	if x != nil && x.Start != nil {
+		return *x.Start
+	}
+	return 0
+}
+
+func (x *EnumDescriptorProto_EnumReservedRange) GetEnd() int32 {
+	if x != nil && x.End != nil {
+		return *x.End
+	}
+	return 0
+}
+
+// The name of the uninterpreted option.  Each string represents a segment in
+// a dot-separated name.  is_extension is true iff a segment represents an
+// extension (denoted with parentheses in options specs in .proto files).
+// E.g.,{ ["foo", false], ["bar.baz", true], ["qux", false] } represents
+// "foo.(bar.baz).qux".
+type UninterpretedOption_NamePart struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	NamePart    *string `protobuf:"bytes,1,req,name=name_part,json=namePart" json:"name_part,omitempty"`
+	IsExtension *bool   `protobuf:"varint,2,req,name=is_extension,json=isExtension" json:"is_extension,omitempty"`
+}
+
+func (x *UninterpretedOption_NamePart) Reset() {
+	*x = UninterpretedOption_NamePart{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *UninterpretedOption_NamePart) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*UninterpretedOption_NamePart) ProtoMessage() {}
+
+func (x *UninterpretedOption_NamePart) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[24]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use UninterpretedOption_NamePart.ProtoReflect.Descriptor instead.
+func (*UninterpretedOption_NamePart) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{18, 0}
+}
+
+func (x *UninterpretedOption_NamePart) GetNamePart() string {
+	if x != nil && x.NamePart != nil {
+		return *x.NamePart
+	}
+	return ""
+}
+
+func (x *UninterpretedOption_NamePart) GetIsExtension() bool {
+	if x != nil && x.IsExtension != nil {
+		return *x.IsExtension
+	}
+	return false
+}
+
+type SourceCodeInfo_Location struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Identifies which part of the FileDescriptorProto was defined at this
+	// location.
+	//
+	// Each element is a field number or an index.  They form a path from
+	// the root FileDescriptorProto to the place where the definition.  For
+	// example, this path:
+	//   [ 4, 3, 2, 7, 1 ]
+	// refers to:
+	//   file.message_type(3)  // 4, 3
+	//       .field(7)         // 2, 7
+	//       .name()           // 1
+	// This is because FileDescriptorProto.message_type has field number 4:
+	//   repeated DescriptorProto message_type = 4;
+	// and DescriptorProto.field has field number 2:
+	//   repeated FieldDescriptorProto field = 2;
+	// and FieldDescriptorProto.name has field number 1:
+	//   optional string name = 1;
+	//
+	// Thus, the above path gives the location of a field name.  If we removed
+	// the last element:
+	//   [ 4, 3, 2, 7 ]
+	// this path refers to the whole field declaration (from the beginning
+	// of the label to the terminating semicolon).
+	Path []int32 `protobuf:"varint,1,rep,packed,name=path" json:"path,omitempty"`
+	// Always has exactly three or four elements: start line, start column,
+	// end line (optional, otherwise assumed same as start line), end column.
+	// These are packed into a single field for efficiency.  Note that line
+	// and column numbers are zero-based -- typically you will want to add
+	// 1 to each before displaying to a user.
+	Span []int32 `protobuf:"varint,2,rep,packed,name=span" json:"span,omitempty"`
+	// If this SourceCodeInfo represents a complete declaration, these are any
+	// comments appearing before and after the declaration which appear to be
+	// attached to the declaration.
+	//
+	// A series of line comments appearing on consecutive lines, with no other
+	// tokens appearing on those lines, will be treated as a single comment.
+	//
+	// leading_detached_comments will keep paragraphs of comments that appear
+	// before (but not connected to) the current element. Each paragraph,
+	// separated by empty lines, will be one comment element in the repeated
+	// field.
+	//
+	// Only the comment content is provided; comment markers (e.g. //) are
+	// stripped out.  For block comments, leading whitespace and an asterisk
+	// will be stripped from the beginning of each line other than the first.
+	// Newlines are included in the output.
+	//
+	// Examples:
+	//
+	//   optional int32 foo = 1;  // Comment attached to foo.
+	//   // Comment attached to bar.
+	//   optional int32 bar = 2;
+	//
+	//   optional string baz = 3;
+	//   // Comment attached to baz.
+	//   // Another line attached to baz.
+	//
+	//   // Comment attached to qux.
+	//   //
+	//   // Another line attached to qux.
+	//   optional double qux = 4;
+	//
+	//   // Detached comment for corge. This is not leading or trailing comments
+	//   // to qux or corge because there are blank lines separating it from
+	//   // both.
+	//
+	//   // Detached comment for corge paragraph 2.
+	//
+	//   optional string corge = 5;
+	//   /* Block comment attached
+	//    * to corge.  Leading asterisks
+	//    * will be removed. */
+	//   /* Block comment attached to
+	//    * grault. */
+	//   optional int32 grault = 6;
+	//
+	//   // ignored detached comments.
+	LeadingComments         *string  `protobuf:"bytes,3,opt,name=leading_comments,json=leadingComments" json:"leading_comments,omitempty"`
+	TrailingComments        *string  `protobuf:"bytes,4,opt,name=trailing_comments,json=trailingComments" json:"trailing_comments,omitempty"`
+	LeadingDetachedComments []string `protobuf:"bytes,6,rep,name=leading_detached_comments,json=leadingDetachedComments" json:"leading_detached_comments,omitempty"`
+}
+
+func (x *SourceCodeInfo_Location) Reset() {
+	*x = SourceCodeInfo_Location{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *SourceCodeInfo_Location) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SourceCodeInfo_Location) ProtoMessage() {}
+
+func (x *SourceCodeInfo_Location) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[25]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use SourceCodeInfo_Location.ProtoReflect.Descriptor instead.
+func (*SourceCodeInfo_Location) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{19, 0}
+}
+
+func (x *SourceCodeInfo_Location) GetPath() []int32 {
+	if x != nil {
+		return x.Path
+	}
+	return nil
+}
+
+func (x *SourceCodeInfo_Location) GetSpan() []int32 {
+	if x != nil {
+		return x.Span
+	}
+	return nil
+}
+
+func (x *SourceCodeInfo_Location) GetLeadingComments() string {
+	if x != nil && x.LeadingComments != nil {
+		return *x.LeadingComments
+	}
+	return ""
+}
+
+func (x *SourceCodeInfo_Location) GetTrailingComments() string {
+	if x != nil && x.TrailingComments != nil {
+		return *x.TrailingComments
+	}
+	return ""
+}
+
+func (x *SourceCodeInfo_Location) GetLeadingDetachedComments() []string {
+	if x != nil {
+		return x.LeadingDetachedComments
+	}
+	return nil
+}
+
+type GeneratedCodeInfo_Annotation struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// Identifies the element in the original source .proto file. This field
+	// is formatted the same as SourceCodeInfo.Location.path.
+	Path []int32 `protobuf:"varint,1,rep,packed,name=path" json:"path,omitempty"`
+	// Identifies the filesystem path to the original source .proto.
+	SourceFile *string `protobuf:"bytes,2,opt,name=source_file,json=sourceFile" json:"source_file,omitempty"`
+	// Identifies the starting offset in bytes in the generated code
+	// that relates to the identified object.
+	Begin *int32 `protobuf:"varint,3,opt,name=begin" json:"begin,omitempty"`
+	// Identifies the ending offset in bytes in the generated code that
+	// relates to the identified offset. The end offset should be one past
+	// the last relevant byte (so the length of the text = end - begin).
+	End *int32 `protobuf:"varint,4,opt,name=end" json:"end,omitempty"`
+}
+
+func (x *GeneratedCodeInfo_Annotation) Reset() {
+	*x = GeneratedCodeInfo_Annotation{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *GeneratedCodeInfo_Annotation) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GeneratedCodeInfo_Annotation) ProtoMessage() {}
+
+func (x *GeneratedCodeInfo_Annotation) ProtoReflect() protoreflect.Message {
+	mi := &file_google_protobuf_descriptor_proto_msgTypes[26]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GeneratedCodeInfo_Annotation.ProtoReflect.Descriptor instead.
+func (*GeneratedCodeInfo_Annotation) Descriptor() ([]byte, []int) {
+	return file_google_protobuf_descriptor_proto_rawDescGZIP(), []int{20, 0}
+}
+
+func (x *GeneratedCodeInfo_Annotation) GetPath() []int32 {
+	if x != nil {
+		return x.Path
+	}
+	return nil
+}
+
+func (x *GeneratedCodeInfo_Annotation) GetSourceFile() string {
+	if x != nil && x.SourceFile != nil {
+		return *x.SourceFile
+	}
+	return ""
+}
+
+func (x *GeneratedCodeInfo_Annotation) GetBegin() int32 {
+	if x != nil && x.Begin != nil {
+		return *x.Begin
+	}
+	return 0
+}
+
+func (x *GeneratedCodeInfo_Annotation) GetEnd() int32 {
+	if x != nil && x.End != nil {
+		return *x.End
+	}
+	return 0
+}
+
+var File_google_protobuf_descriptor_proto protoreflect.FileDescriptor
+
+var file_google_protobuf_descriptor_proto_rawDesc = []byte{
+	0x0a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x12, 0x0f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x22, 0x4d, 0x0a, 0x11, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x53, 0x65, 0x74, 0x12, 0x38, 0x0a, 0x04, 0x66, 0x69, 0x6c, 0x65,
+	0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x04, 0x66, 0x69,
+	0x6c, 0x65, 0x22, 0xe4, 0x04, 0x0a, 0x13, 0x46, 0x69, 0x6c, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61,
+	0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x18,
+	0x0a, 0x07, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x07, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x65,
+	0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x64, 0x65,
+	0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x2b, 0x0a, 0x11, 0x70, 0x75, 0x62, 0x6c,
+	0x69, 0x63, 0x5f, 0x64, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x0a, 0x20,
+	0x03, 0x28, 0x05, 0x52, 0x10, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x44, 0x65, 0x70, 0x65, 0x6e,
+	0x64, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x77, 0x65, 0x61, 0x6b, 0x5f, 0x64, 0x65,
+	0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x05, 0x52, 0x0e,
+	0x77, 0x65, 0x61, 0x6b, 0x44, 0x65, 0x70, 0x65, 0x6e, 0x64, 0x65, 0x6e, 0x63, 0x79, 0x12, 0x43,
+	0x0a, 0x0c, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x04,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f,
+	0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x0b, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x54,
+	0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x09, 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x74, 0x79, 0x70, 0x65,
+	0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x08, 0x65, 0x6e,
+	0x75, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x43, 0x0a, 0x09, 0x65, 0x78, 0x74,
+	0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46,
+	0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72,
+	0x6f, 0x74, 0x6f, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x36,
+	0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x49, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+	0x5f, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b,
+	0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66,
+	0x6f, 0x52, 0x0e, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66,
+	0x6f, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x18, 0x0c, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x06, 0x73, 0x79, 0x6e, 0x74, 0x61, 0x78, 0x22, 0xb9, 0x06, 0x0a, 0x0f, 0x44, 0x65,
+	0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x12, 0x3b, 0x0a, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
+	0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
+	0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x43,
+	0x0a, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,
+	0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x09, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73,
+	0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0b, 0x6e, 0x65, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x79,
+	0x70, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72,
+	0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x0a, 0x6e, 0x65, 0x73, 0x74,
+	0x65, 0x64, 0x54, 0x79, 0x70, 0x65, 0x12, 0x41, 0x0a, 0x09, 0x65, 0x6e, 0x75, 0x6d, 0x5f, 0x74,
+	0x79, 0x70, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d,
+	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52,
+	0x08, 0x65, 0x6e, 0x75, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x58, 0x0a, 0x0f, 0x65, 0x78, 0x74,
+	0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x05, 0x20, 0x03,
+	0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61,
+	0x6e, 0x67, 0x65, 0x52, 0x0e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61,
+	0x6e, 0x67, 0x65, 0x12, 0x44, 0x0a, 0x0a, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x5f, 0x64, 0x65, 0x63,
+	0x6c, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x44,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x09,
+	0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x44, 0x65, 0x63, 0x6c, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x73,
+	0x73, 0x61, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x12, 0x55, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64,
+	0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x52,
+	0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x0d, 0x72, 0x65,
+	0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72,
+	0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x03,
+	0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65,
+	0x1a, 0x7a, 0x0a, 0x0e, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e,
+	0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x12, 0x40, 0x0a, 0x07, 0x6f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x78,
+	0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x37, 0x0a, 0x0d,
+	0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a,
+	0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74,
+	0x61, 0x72, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05,
+	0x52, 0x03, 0x65, 0x6e, 0x64, 0x22, 0x7c, 0x0a, 0x15, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69,
+	0x6f, 0x6e, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58,
+	0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f,
+	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
+	0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80,
+	0x80, 0x80, 0x02, 0x22, 0xc1, 0x06, 0x0a, 0x14, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05,
+	0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65,
+	0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x44,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x4c,
+	0x61, 0x62, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x3e, 0x0a, 0x04, 0x74,
+	0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c,
+	0x64, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f,
+	0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x74,
+	0x79, 0x70, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
+	0x74, 0x79, 0x70, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65,
+	0x6e, 0x64, 0x65, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65,
+	0x6e, 0x64, 0x65, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x64, 0x65, 0x66,
+	0x61, 0x75, 0x6c, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x6f, 0x6e, 0x65,
+	0x6f, 0x66, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a,
+	0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x1b, 0x0a, 0x09, 0x6a, 0x73,
+	0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6a,
+	0x73, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x12, 0x27, 0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x61, 0x6c, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x33, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, 0xb6, 0x02, 0x0a, 0x04, 0x54, 0x79,
+	0x70, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x4f, 0x55, 0x42, 0x4c,
+	0x45, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x4c, 0x4f, 0x41,
+	0x54, 0x10, 0x02, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x36,
+	0x34, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54,
+	0x36, 0x34, 0x10, 0x04, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54,
+	0x33, 0x32, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46, 0x49, 0x58,
+	0x45, 0x44, 0x36, 0x34, 0x10, 0x06, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x46,
+	0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x54, 0x59, 0x50, 0x45,
+	0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x10, 0x08, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f,
+	0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59, 0x50, 0x45,
+	0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x0a, 0x12, 0x10, 0x0a, 0x0c, 0x54, 0x59, 0x50, 0x45,
+	0x5f, 0x4d, 0x45, 0x53, 0x53, 0x41, 0x47, 0x45, 0x10, 0x0b, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x59,
+	0x50, 0x45, 0x5f, 0x42, 0x59, 0x54, 0x45, 0x53, 0x10, 0x0c, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59,
+	0x50, 0x45, 0x5f, 0x55, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10, 0x0d, 0x12, 0x0d, 0x0a, 0x09, 0x54,
+	0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x10, 0x0e, 0x12, 0x11, 0x0a, 0x0d, 0x54, 0x59,
+	0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x33, 0x32, 0x10, 0x0f, 0x12, 0x11, 0x0a,
+	0x0d, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x46, 0x49, 0x58, 0x45, 0x44, 0x36, 0x34, 0x10, 0x10,
+	0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x33, 0x32, 0x10,
+	0x11, 0x12, 0x0f, 0x0a, 0x0b, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x49, 0x4e, 0x54, 0x36, 0x34,
+	0x10, 0x12, 0x22, 0x43, 0x0a, 0x05, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x0e, 0x4c,
+	0x41, 0x42, 0x45, 0x4c, 0x5f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12,
+	0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x49, 0x52, 0x45,
+	0x44, 0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x4c, 0x41, 0x42, 0x45, 0x4c, 0x5f, 0x52, 0x45, 0x50,
+	0x45, 0x41, 0x54, 0x45, 0x44, 0x10, 0x03, 0x22, 0x63, 0x0a, 0x14, 0x4f, 0x6e, 0x65, 0x6f, 0x66,
+	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4f, 0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xe3, 0x02, 0x0a,
+	0x13, 0x45, 0x6e, 0x75, 0x6d, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50,
+	0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3f, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61,
+	0x6c, 0x75, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f,
+	0x74, 0x6f, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x36, 0x0a, 0x07, 0x6f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75,
+	0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x12, 0x5d, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x72, 0x61,
+	0x6e, 0x67, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d,
+	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x2e,
+	0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67,
+	0x65, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65,
+	0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d,
+	0x65, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x73, 0x65, 0x72, 0x76, 0x65,
+	0x64, 0x4e, 0x61, 0x6d, 0x65, 0x1a, 0x3b, 0x0a, 0x11, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x65, 0x73,
+	0x65, 0x72, 0x76, 0x65, 0x64, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74,
+	0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74,
+	0x12, 0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65,
+	0x6e, 0x64, 0x22, 0x83, 0x01, 0x0a, 0x18, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65,
+	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12,
+	0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20,
+	0x01, 0x28, 0x05, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x3b, 0x0a, 0x07, 0x6f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45,
+	0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52,
+	0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xa7, 0x01, 0x0a, 0x16, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72,
+	0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f,
+	0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x52,
+	0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x39, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69,
+	0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+	0x6e, 0x73, 0x22, 0x89, 0x02, 0x0a, 0x15, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x44, 0x65, 0x73,
+	0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x0a, 0x04,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65,
+	0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x69, 0x6e, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12,
+	0x1f, 0x0a, 0x0b, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x54, 0x79, 0x70, 0x65,
+	0x12, 0x38, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x10, 0x63, 0x6c,
+	0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x05,
+	0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x63, 0x6c, 0x69,
+	0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x10,
+	0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67,
+	0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0f, 0x73,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x69, 0x6e, 0x67, 0x22, 0x91,
+	0x09, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x21,
+	0x0a, 0x0c, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6a, 0x61, 0x76, 0x61, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67,
+	0x65, 0x12, 0x30, 0x0a, 0x14, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x5f,
+	0x63, 0x6c, 0x61, 0x73, 0x73, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x12, 0x6a, 0x61, 0x76, 0x61, 0x4f, 0x75, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x6e,
+	0x61, 0x6d, 0x65, 0x12, 0x35, 0x0a, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x6d, 0x75, 0x6c, 0x74,
+	0x69, 0x70, 0x6c, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08,
+	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x6a, 0x61, 0x76, 0x61, 0x4d, 0x75, 0x6c,
+	0x74, 0x69, 0x70, 0x6c, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x44, 0x0a, 0x1d, 0x6a, 0x61,
+	0x76, 0x61, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x5f, 0x65, 0x71, 0x75, 0x61,
+	0x6c, 0x73, 0x5f, 0x61, 0x6e, 0x64, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x14, 0x20, 0x01, 0x28,
+	0x08, 0x42, 0x02, 0x18, 0x01, 0x52, 0x19, 0x6a, 0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72,
+	0x61, 0x74, 0x65, 0x45, 0x71, 0x75, 0x61, 0x6c, 0x73, 0x41, 0x6e, 0x64, 0x48, 0x61, 0x73, 0x68,
+	0x12, 0x3a, 0x0a, 0x16, 0x6a, 0x61, 0x76, 0x61, 0x5f, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f,
+	0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x75, 0x74, 0x66, 0x38, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x08,
+	0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a, 0x61, 0x76, 0x61, 0x53, 0x74, 0x72,
+	0x69, 0x6e, 0x67, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x55, 0x74, 0x66, 0x38, 0x12, 0x53, 0x0a, 0x0c,
+	0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01,
+	0x28, 0x0e, 0x32, 0x29, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x2e, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x3a, 0x05, 0x53,
+	0x50, 0x45, 0x45, 0x44, 0x52, 0x0b, 0x6f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a, 0x65, 0x46, 0x6f,
+	0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x67, 0x6f, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18,
+	0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x67, 0x6f, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65,
+	0x12, 0x35, 0x0a, 0x13, 0x63, 0x63, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73,
+	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66,
+	0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x63, 0x63, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53,
+	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x15, 0x6a, 0x61, 0x76, 0x61, 0x5f,
+	0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73,
+	0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x13, 0x6a,
+	0x61, 0x76, 0x61, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x73, 0x12, 0x35, 0x0a, 0x13, 0x70, 0x79, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63,
+	0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x12, 0x20, 0x01, 0x28, 0x08, 0x3a,
+	0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x11, 0x70, 0x79, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69,
+	0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x37, 0x0a, 0x14, 0x70, 0x68, 0x70,
+	0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+	0x73, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x12,
+	0x70, 0x68, 0x70, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
+	0x65, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64,
+	0x18, 0x17, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64,
+	0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x2e, 0x0a, 0x10, 0x63, 0x63, 0x5f,
+	0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x61, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x18, 0x1f, 0x20,
+	0x01, 0x28, 0x08, 0x3a, 0x04, 0x74, 0x72, 0x75, 0x65, 0x52, 0x0e, 0x63, 0x63, 0x45, 0x6e, 0x61,
+	0x62, 0x6c, 0x65, 0x41, 0x72, 0x65, 0x6e, 0x61, 0x73, 0x12, 0x2a, 0x0a, 0x11, 0x6f, 0x62, 0x6a,
+	0x63, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x24,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x62, 0x6a, 0x63, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50,
+	0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x25, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x0f, 0x63, 0x73, 0x68, 0x61, 0x72, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65,
+	0x12, 0x21, 0x0a, 0x0c, 0x73, 0x77, 0x69, 0x66, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78,
+	0x18, 0x27, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x73, 0x77, 0x69, 0x66, 0x74, 0x50, 0x72, 0x65,
+	0x66, 0x69, 0x78, 0x12, 0x28, 0x0a, 0x10, 0x70, 0x68, 0x70, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73,
+	0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70,
+	0x68, 0x70, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x23, 0x0a,
+	0x0d, 0x70, 0x68, 0x70, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x29,
+	0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x68, 0x70, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61,
+	0x63, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x70, 0x68, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61,
+	0x74, 0x61, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x2c, 0x20, 0x01,
+	0x28, 0x09, 0x52, 0x14, 0x70, 0x68, 0x70, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4e,
+	0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x75, 0x62, 0x79,
+	0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x2d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b,
+	0x72, 0x75, 0x62, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x58, 0x0a, 0x14, 0x75,
+	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x0a, 0x0c, 0x4f, 0x70, 0x74, 0x69, 0x6d, 0x69, 0x7a,
+	0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x50, 0x45, 0x45, 0x44, 0x10, 0x01,
+	0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x49, 0x5a, 0x45, 0x10, 0x02, 0x12,
+	0x10, 0x0a, 0x0c, 0x4c, 0x49, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x54, 0x49, 0x4d, 0x45, 0x10,
+	0x03, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x26,
+	0x10, 0x27, 0x22, 0xd1, 0x02, 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3c, 0x0a, 0x17, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65,
+	0x5f, 0x73, 0x65, 0x74, 0x5f, 0x77, 0x69, 0x72, 0x65, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x14, 0x6d,
+	0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x57, 0x69, 0x72, 0x65, 0x46, 0x6f, 0x72,
+	0x6d, 0x61, 0x74, 0x12, 0x4c, 0x0a, 0x1f, 0x6e, 0x6f, 0x5f, 0x73, 0x74, 0x61, 0x6e, 0x64, 0x61,
+	0x72, 0x64, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x5f, 0x61, 0x63,
+	0x63, 0x65, 0x73, 0x73, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
+	0x6c, 0x73, 0x65, 0x52, 0x1c, 0x6e, 0x6f, 0x53, 0x74, 0x61, 0x6e, 0x64, 0x61, 0x72, 0x64, 0x44,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6f,
+	0x72, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65,
+	0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x61, 0x70, 0x5f,
+	0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6d, 0x61, 0x70,
+	0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72,
+	0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07,
+	0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72,
+	0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a,
+	0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x08, 0x10, 0x09,
+	0x4a, 0x04, 0x08, 0x09, 0x10, 0x0a, 0x22, 0xe2, 0x03, 0x0a, 0x0c, 0x46, 0x69, 0x65, 0x6c, 0x64,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x41, 0x0a, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x23, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x43, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x06, 0x53, 0x54, 0x52,
+	0x49, 0x4e, 0x47, 0x52, 0x05, 0x63, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x61,
+	0x63, 0x6b, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x70, 0x61, 0x63, 0x6b,
+	0x65, 0x64, 0x12, 0x47, 0x0a, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01,
+	0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x73, 0x2e, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x3a, 0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52,
+	0x4d, 0x41, 0x4c, 0x52, 0x06, 0x6a, 0x73, 0x74, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x04, 0x6c,
+	0x61, 0x7a, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
+	0x52, 0x04, 0x6c, 0x61, 0x7a, 0x79, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63,
+	0x61, 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73,
+	0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x19, 0x0a,
+	0x04, 0x77, 0x65, 0x61, 0x6b, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
+	0x73, 0x65, 0x52, 0x04, 0x77, 0x65, 0x61, 0x6b, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75,
+	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x22, 0x2f, 0x0a, 0x05, 0x43, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x53,
+	0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x43, 0x4f, 0x52, 0x44, 0x10,
+	0x01, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x5f, 0x50, 0x49, 0x45, 0x43,
+	0x45, 0x10, 0x02, 0x22, 0x35, 0x0a, 0x06, 0x4a, 0x53, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0d, 0x0a,
+	0x09, 0x4a, 0x53, 0x5f, 0x4e, 0x4f, 0x52, 0x4d, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09,
+	0x4a, 0x53, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x0d, 0x0a, 0x09, 0x4a,
+	0x53, 0x5f, 0x4e, 0x55, 0x4d, 0x42, 0x45, 0x52, 0x10, 0x02, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10,
+	0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x22, 0x73, 0x0a, 0x0c, 0x4f,
+	0x6e, 0x65, 0x6f, 0x66, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x58, 0x0a, 0x14, 0x75,
+	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f,
+	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69,
+	0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02,
+	0x22, 0xc0, 0x01, 0x0a, 0x0b, 0x45, 0x6e, 0x75, 0x6d, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73,
+	0x12, 0x1f, 0x0a, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x18,
+	0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x41, 0x6c, 0x69, 0x61,
+	0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18,
+	0x03, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65,
+	0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e,
+	0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+	0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65,
+	0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75,
+	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x4a, 0x04, 0x08,
+	0x05, 0x10, 0x06, 0x22, 0x9e, 0x01, 0x0a, 0x10, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75,
+	0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72,
+	0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61,
+	0x6c, 0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12,
+	0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64,
+	0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
+	0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80,
+	0x80, 0x80, 0x80, 0x02, 0x22, 0x9c, 0x01, 0x0a, 0x0e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65,
+	0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c,
+	0x73, 0x65, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x58,
+	0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x5f,
+	0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74,
+	0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74,
+	0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2a, 0x09, 0x08, 0xe8, 0x07, 0x10, 0x80, 0x80,
+	0x80, 0x80, 0x02, 0x22, 0xe0, 0x02, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x25, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61,
+	0x74, 0x65, 0x64, 0x18, 0x21, 0x20, 0x01, 0x28, 0x08, 0x3a, 0x05, 0x66, 0x61, 0x6c, 0x73, 0x65,
+	0x52, 0x0a, 0x64, 0x65, 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x71, 0x0a, 0x11,
+	0x69, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65,
+	0x6c, 0x18, 0x22, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x49, 0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65,
+	0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x3a, 0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f,
+	0x54, 0x45, 0x4e, 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x52, 0x10, 0x69,
+	0x64, 0x65, 0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12,
+	0x58, 0x0a, 0x14, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64,
+	0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0xe7, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2e, 0x55, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x75, 0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65,
+	0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x50, 0x0a, 0x10, 0x49, 0x64, 0x65,
+	0x6d, 0x70, 0x6f, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x17, 0x0a,
+	0x13, 0x49, 0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x43, 0x59, 0x5f, 0x55, 0x4e, 0x4b,
+	0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x4e, 0x4f, 0x5f, 0x53, 0x49, 0x44,
+	0x45, 0x5f, 0x45, 0x46, 0x46, 0x45, 0x43, 0x54, 0x53, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x49,
+	0x44, 0x45, 0x4d, 0x50, 0x4f, 0x54, 0x45, 0x4e, 0x54, 0x10, 0x02, 0x2a, 0x09, 0x08, 0xe8, 0x07,
+	0x10, 0x80, 0x80, 0x80, 0x80, 0x02, 0x22, 0x9a, 0x03, 0x0a, 0x13, 0x55, 0x6e, 0x69, 0x6e, 0x74,
+	0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x41,
+	0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55,
+	0x6e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x65, 0x74, 0x65, 0x64, 0x4f, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x12, 0x29, 0x0a, 0x10, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x5f,
+	0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x69, 0x64, 0x65,
+	0x6e, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2c, 0x0a, 0x12,
+	0x70, 0x6f, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x5f, 0x76, 0x61, 0x6c,
+	0x75, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x04, 0x52, 0x10, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x69,
+	0x76, 0x65, 0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2c, 0x0a, 0x12, 0x6e, 0x65,
+	0x67, 0x61, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x69, 0x6e, 0x74, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65,
+	0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x10, 0x6e, 0x65, 0x67, 0x61, 0x74, 0x69, 0x76, 0x65,
+	0x49, 0x6e, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x6f, 0x75, 0x62,
+	0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x01, 0x52, 0x0b,
+	0x64, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x73,
+	0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28,
+	0x0c, 0x52, 0x0b, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x27,
+	0x0a, 0x0f, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75,
+	0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61,
+	0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x1a, 0x4a, 0x0a, 0x08, 0x4e, 0x61, 0x6d, 0x65, 0x50,
+	0x61, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x70, 0x61, 0x72, 0x74,
+	0x18, 0x01, 0x20, 0x02, 0x28, 0x09, 0x52, 0x08, 0x6e, 0x61, 0x6d, 0x65, 0x50, 0x61, 0x72, 0x74,
+	0x12, 0x21, 0x0a, 0x0c, 0x69, 0x73, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e,
+	0x18, 0x02, 0x20, 0x02, 0x28, 0x08, 0x52, 0x0b, 0x69, 0x73, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73,
+	0x69, 0x6f, 0x6e, 0x22, 0xa7, 0x02, 0x0a, 0x0e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x43, 0x6f,
+	0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x44, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63,
+	0x65, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0xce, 0x01, 0x0a,
+	0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74,
+	0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02, 0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74,
+	0x68, 0x12, 0x16, 0x0a, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x02, 0x20, 0x03, 0x28, 0x05, 0x42,
+	0x02, 0x10, 0x01, 0x52, 0x04, 0x73, 0x70, 0x61, 0x6e, 0x12, 0x29, 0x0a, 0x10, 0x6c, 0x65, 0x61,
+	0x64, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20,
+	0x01, 0x28, 0x09, 0x52, 0x0f, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d,
+	0x65, 0x6e, 0x74, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67,
+	0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x10, 0x74, 0x72, 0x61, 0x69, 0x6c, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74,
+	0x73, 0x12, 0x3a, 0x0a, 0x19, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x65, 0x74,
+	0x61, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x06,
+	0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x6c, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x74,
+	0x61, 0x63, 0x68, 0x65, 0x64, 0x43, 0x6f, 0x6d, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x22, 0xd1, 0x01,
+	0x0a, 0x11, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49,
+	0x6e, 0x66, 0x6f, 0x12, 0x4d, 0x0a, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61,
+	0x74, 0x65, 0x64, 0x43, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x2e, 0x41, 0x6e, 0x6e, 0x6f,
+	0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69,
+	0x6f, 0x6e, 0x1a, 0x6d, 0x0a, 0x0a, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+	0x12, 0x16, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x05, 0x42, 0x02,
+	0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x6f, 0x75, 0x72,
+	0x63, 0x65, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73,
+	0x6f, 0x75, 0x72, 0x63, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x62, 0x65, 0x67,
+	0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x05, 0x62, 0x65, 0x67, 0x69, 0x6e, 0x12,
+	0x10, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x65, 0x6e,
+	0x64, 0x42, 0x7e, 0x0a, 0x13, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x42, 0x10, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
+	0x70, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x73, 0x48, 0x01, 0x5a, 0x2d, 0x67, 0x6f,
+	0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x64,
+	0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x70, 0x62, 0xf8, 0x01, 0x01, 0xa2, 0x02,
+	0x03, 0x47, 0x50, 0x42, 0xaa, 0x02, 0x1a, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x50, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x52, 0x65, 0x66, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f,
+	0x6e,
+}
+
+var (
+	file_google_protobuf_descriptor_proto_rawDescOnce sync.Once
+	file_google_protobuf_descriptor_proto_rawDescData = file_google_protobuf_descriptor_proto_rawDesc
+)
+
+func file_google_protobuf_descriptor_proto_rawDescGZIP() []byte {
+	file_google_protobuf_descriptor_proto_rawDescOnce.Do(func() {
+		file_google_protobuf_descriptor_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_protobuf_descriptor_proto_rawDescData)
+	})
+	return file_google_protobuf_descriptor_proto_rawDescData
+}
+
+var file_google_protobuf_descriptor_proto_enumTypes = make([]protoimpl.EnumInfo, 6)
+var file_google_protobuf_descriptor_proto_msgTypes = make([]protoimpl.MessageInfo, 27)
+var file_google_protobuf_descriptor_proto_goTypes = []interface{}{
+	(FieldDescriptorProto_Type)(0),                // 0: google.protobuf.FieldDescriptorProto.Type
+	(FieldDescriptorProto_Label)(0),               // 1: google.protobuf.FieldDescriptorProto.Label
+	(FileOptions_OptimizeMode)(0),                 // 2: google.protobuf.FileOptions.OptimizeMode
+	(FieldOptions_CType)(0),                       // 3: google.protobuf.FieldOptions.CType
+	(FieldOptions_JSType)(0),                      // 4: google.protobuf.FieldOptions.JSType
+	(MethodOptions_IdempotencyLevel)(0),           // 5: google.protobuf.MethodOptions.IdempotencyLevel
+	(*FileDescriptorSet)(nil),                     // 6: google.protobuf.FileDescriptorSet
+	(*FileDescriptorProto)(nil),                   // 7: google.protobuf.FileDescriptorProto
+	(*DescriptorProto)(nil),                       // 8: google.protobuf.DescriptorProto
+	(*ExtensionRangeOptions)(nil),                 // 9: google.protobuf.ExtensionRangeOptions
+	(*FieldDescriptorProto)(nil),                  // 10: google.protobuf.FieldDescriptorProto
+	(*OneofDescriptorProto)(nil),                  // 11: google.protobuf.OneofDescriptorProto
+	(*EnumDescriptorProto)(nil),                   // 12: google.protobuf.EnumDescriptorProto
+	(*EnumValueDescriptorProto)(nil),              // 13: google.protobuf.EnumValueDescriptorProto
+	(*ServiceDescriptorProto)(nil),                // 14: google.protobuf.ServiceDescriptorProto
+	(*MethodDescriptorProto)(nil),                 // 15: google.protobuf.MethodDescriptorProto
+	(*FileOptions)(nil),                           // 16: google.protobuf.FileOptions
+	(*MessageOptions)(nil),                        // 17: google.protobuf.MessageOptions
+	(*FieldOptions)(nil),                          // 18: google.protobuf.FieldOptions
+	(*OneofOptions)(nil),                          // 19: google.protobuf.OneofOptions
+	(*EnumOptions)(nil),                           // 20: google.protobuf.EnumOptions
+	(*EnumValueOptions)(nil),                      // 21: google.protobuf.EnumValueOptions
+	(*ServiceOptions)(nil),                        // 22: google.protobuf.ServiceOptions
+	(*MethodOptions)(nil),                         // 23: google.protobuf.MethodOptions
+	(*UninterpretedOption)(nil),                   // 24: google.protobuf.UninterpretedOption
+	(*SourceCodeInfo)(nil),                        // 25: google.protobuf.SourceCodeInfo
+	(*GeneratedCodeInfo)(nil),                     // 26: google.protobuf.GeneratedCodeInfo
+	(*DescriptorProto_ExtensionRange)(nil),        // 27: google.protobuf.DescriptorProto.ExtensionRange
+	(*DescriptorProto_ReservedRange)(nil),         // 28: google.protobuf.DescriptorProto.ReservedRange
+	(*EnumDescriptorProto_EnumReservedRange)(nil), // 29: google.protobuf.EnumDescriptorProto.EnumReservedRange
+	(*UninterpretedOption_NamePart)(nil),          // 30: google.protobuf.UninterpretedOption.NamePart
+	(*SourceCodeInfo_Location)(nil),               // 31: google.protobuf.SourceCodeInfo.Location
+	(*GeneratedCodeInfo_Annotation)(nil),          // 32: google.protobuf.GeneratedCodeInfo.Annotation
+}
+var file_google_protobuf_descriptor_proto_depIdxs = []int32{
+	7,  // 0: google.protobuf.FileDescriptorSet.file:type_name -> google.protobuf.FileDescriptorProto
+	8,  // 1: google.protobuf.FileDescriptorProto.message_type:type_name -> google.protobuf.DescriptorProto
+	12, // 2: google.protobuf.FileDescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
+	14, // 3: google.protobuf.FileDescriptorProto.service:type_name -> google.protobuf.ServiceDescriptorProto
+	10, // 4: google.protobuf.FileDescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
+	16, // 5: google.protobuf.FileDescriptorProto.options:type_name -> google.protobuf.FileOptions
+	25, // 6: google.protobuf.FileDescriptorProto.source_code_info:type_name -> google.protobuf.SourceCodeInfo
+	10, // 7: google.protobuf.DescriptorProto.field:type_name -> google.protobuf.FieldDescriptorProto
+	10, // 8: google.protobuf.DescriptorProto.extension:type_name -> google.protobuf.FieldDescriptorProto
+	8,  // 9: google.protobuf.DescriptorProto.nested_type:type_name -> google.protobuf.DescriptorProto
+	12, // 10: google.protobuf.DescriptorProto.enum_type:type_name -> google.protobuf.EnumDescriptorProto
+	27, // 11: google.protobuf.DescriptorProto.extension_range:type_name -> google.protobuf.DescriptorProto.ExtensionRange
+	11, // 12: google.protobuf.DescriptorProto.oneof_decl:type_name -> google.protobuf.OneofDescriptorProto
+	17, // 13: google.protobuf.DescriptorProto.options:type_name -> google.protobuf.MessageOptions
+	28, // 14: google.protobuf.DescriptorProto.reserved_range:type_name -> google.protobuf.DescriptorProto.ReservedRange
+	24, // 15: google.protobuf.ExtensionRangeOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	1,  // 16: google.protobuf.FieldDescriptorProto.label:type_name -> google.protobuf.FieldDescriptorProto.Label
+	0,  // 17: google.protobuf.FieldDescriptorProto.type:type_name -> google.protobuf.FieldDescriptorProto.Type
+	18, // 18: google.protobuf.FieldDescriptorProto.options:type_name -> google.protobuf.FieldOptions
+	19, // 19: google.protobuf.OneofDescriptorProto.options:type_name -> google.protobuf.OneofOptions
+	13, // 20: google.protobuf.EnumDescriptorProto.value:type_name -> google.protobuf.EnumValueDescriptorProto
+	20, // 21: google.protobuf.EnumDescriptorProto.options:type_name -> google.protobuf.EnumOptions
+	29, // 22: google.protobuf.EnumDescriptorProto.reserved_range:type_name -> google.protobuf.EnumDescriptorProto.EnumReservedRange
+	21, // 23: google.protobuf.EnumValueDescriptorProto.options:type_name -> google.protobuf.EnumValueOptions
+	15, // 24: google.protobuf.ServiceDescriptorProto.method:type_name -> google.protobuf.MethodDescriptorProto
+	22, // 25: google.protobuf.ServiceDescriptorProto.options:type_name -> google.protobuf.ServiceOptions
+	23, // 26: google.protobuf.MethodDescriptorProto.options:type_name -> google.protobuf.MethodOptions
+	2,  // 27: google.protobuf.FileOptions.optimize_for:type_name -> google.protobuf.FileOptions.OptimizeMode
+	24, // 28: google.protobuf.FileOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	24, // 29: google.protobuf.MessageOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	3,  // 30: google.protobuf.FieldOptions.ctype:type_name -> google.protobuf.FieldOptions.CType
+	4,  // 31: google.protobuf.FieldOptions.jstype:type_name -> google.protobuf.FieldOptions.JSType
+	24, // 32: google.protobuf.FieldOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	24, // 33: google.protobuf.OneofOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	24, // 34: google.protobuf.EnumOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	24, // 35: google.protobuf.EnumValueOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	24, // 36: google.protobuf.ServiceOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	5,  // 37: google.protobuf.MethodOptions.idempotency_level:type_name -> google.protobuf.MethodOptions.IdempotencyLevel
+	24, // 38: google.protobuf.MethodOptions.uninterpreted_option:type_name -> google.protobuf.UninterpretedOption
+	30, // 39: google.protobuf.UninterpretedOption.name:type_name -> google.protobuf.UninterpretedOption.NamePart
+	31, // 40: google.protobuf.SourceCodeInfo.location:type_name -> google.protobuf.SourceCodeInfo.Location
+	32, // 41: google.protobuf.GeneratedCodeInfo.annotation:type_name -> google.protobuf.GeneratedCodeInfo.Annotation
+	9,  // 42: google.protobuf.DescriptorProto.ExtensionRange.options:type_name -> google.protobuf.ExtensionRangeOptions
+	43, // [43:43] is the sub-list for method output_type
+	43, // [43:43] is the sub-list for method input_type
+	43, // [43:43] is the sub-list for extension type_name
+	43, // [43:43] is the sub-list for extension extendee
+	0,  // [0:43] is the sub-list for field type_name
+}
+
+func init() { file_google_protobuf_descriptor_proto_init() }
+func file_google_protobuf_descriptor_proto_init() {
+	if File_google_protobuf_descriptor_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_google_protobuf_descriptor_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FileDescriptorSet); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FileDescriptorProto); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DescriptorProto); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ExtensionRangeOptions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			case 3:
+				return &v.extensionFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FieldDescriptorProto); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OneofDescriptorProto); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EnumDescriptorProto); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EnumValueDescriptorProto); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ServiceDescriptorProto); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*MethodDescriptorProto); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FileOptions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			case 3:
+				return &v.extensionFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*MessageOptions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			case 3:
+				return &v.extensionFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*FieldOptions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			case 3:
+				return &v.extensionFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*OneofOptions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			case 3:
+				return &v.extensionFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EnumOptions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			case 3:
+				return &v.extensionFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EnumValueOptions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			case 3:
+				return &v.extensionFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*ServiceOptions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			case 3:
+				return &v.extensionFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*MethodOptions); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			case 3:
+				return &v.extensionFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UninterpretedOption); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SourceCodeInfo); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GeneratedCodeInfo); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DescriptorProto_ExtensionRange); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*DescriptorProto_ReservedRange); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*EnumDescriptorProto_EnumReservedRange); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*UninterpretedOption_NamePart); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*SourceCodeInfo_Location); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_google_protobuf_descriptor_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*GeneratedCodeInfo_Annotation); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_protobuf_descriptor_proto_rawDesc,
+			NumEnums:      6,
+			NumMessages:   27,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_protobuf_descriptor_proto_goTypes,
+		DependencyIndexes: file_google_protobuf_descriptor_proto_depIdxs,
+		EnumInfos:         file_google_protobuf_descriptor_proto_enumTypes,
+		MessageInfos:      file_google_protobuf_descriptor_proto_msgTypes,
+	}.Build()
+	File_google_protobuf_descriptor_proto = out.File
+	file_google_protobuf_descriptor_proto_rawDesc = nil
+	file_google_protobuf_descriptor_proto_goTypes = nil
+	file_google_protobuf_descriptor_proto_depIdxs = nil
+}
diff --git a/vendor/vendor.json b/vendor/vendor.json
index 0cacc7a9a..a3f51e34f 100644
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@@ -359,10 +359,16 @@
 			"revisionTime": "2020-01-21T04:51:36Z"
 		},
 		{
-			"checksumSHA1": "Y2MOwzNZfl4NRNDbLCZa6sgx7O0=",
+			"checksumSHA1": "1amYxONvuKNz5E5FAJoDui6UKWI=",
+			"path": "github.com/golang/protobuf",
+			"revision": "5d5e8c018a13017f9d5b8bf4fad64aaa42a87308",
+			"revisionTime": "2021-09-16T00:37:10Z"
+		},
+		{
+			"checksumSHA1": "386wQrPzjgnEPqGx89OBuCcs8T0=",
 			"path": "github.com/golang/protobuf/proto",
-			"revision": "d3c38a4eb4970272b87a425ae00ccc4548e2f9bb",
-			"revisionTime": "2019-03-18T19:48:12Z"
+			"revision": "5d5e8c018a13017f9d5b8bf4fad64aaa42a87308",
+			"revisionTime": "2021-09-16T00:37:10Z"
 		},
 		{
 			"checksumSHA1": "ftN25Xw6PDNJ6E4wTHEgQtpdvrw=",
@@ -497,38 +503,38 @@
 		{
 			"checksumSHA1": "Tq3U98W2uwIgjWSjH7tqBonGjBE=",
 			"path": "github.com/refraction-networking/gotapdance",
-			"revision": "88b8e2e421cc808af2e65777c78bfc8cb4906a58",
-			"revisionTime": "2021-06-04T20:39:09Z"
+			"revision": "25380c96b147bfc85680f9999f04606fe8092b23",
+			"revisionTime": "2021-10-27T21:33:19Z"
 		},
 		{
 			"checksumSHA1": "ObZZJpjQl2BISlIiES82BW8jbEE=",
 			"path": "github.com/refraction-networking/gotapdance/ed25519/edwards25519",
-			"revision": "88b8e2e421cc808af2e65777c78bfc8cb4906a58",
-			"revisionTime": "2021-06-04T20:39:09Z"
+			"revision": "25380c96b147bfc85680f9999f04606fe8092b23",
+			"revisionTime": "2021-10-27T21:33:19Z"
 		},
 		{
 			"checksumSHA1": "VoyDh1KIIVE+OJbehDNJ91tf4Vw=",
 			"path": "github.com/refraction-networking/gotapdance/ed25519/extra25519",
-			"revision": "88b8e2e421cc808af2e65777c78bfc8cb4906a58",
-			"revisionTime": "2021-06-04T20:39:09Z"
+			"revision": "25380c96b147bfc85680f9999f04606fe8092b23",
+			"revisionTime": "2021-10-27T21:33:19Z"
 		},
 		{
-			"checksumSHA1": "J0kNvH3uYnwnPEJQhaa5Y1TcbZI=",
+			"checksumSHA1": "1y7Fn9JIVFTobi2TNXZ4Z4i9rAk=",
 			"path": "github.com/refraction-networking/gotapdance/protobuf",
-			"revision": "88b8e2e421cc808af2e65777c78bfc8cb4906a58",
-			"revisionTime": "2021-06-04T20:39:09Z"
+			"revision": "25380c96b147bfc85680f9999f04606fe8092b23",
+			"revisionTime": "2021-10-27T21:33:19Z"
 		},
 		{
-			"checksumSHA1": "rPJAZXxZ5w5+ZnIPZGDFyp/uO6w=",
+			"checksumSHA1": "MgD1lPRReL44MtvlOpzI/NzPM1k=",
 			"path": "github.com/refraction-networking/gotapdance/tapdance",
-			"revision": "88b8e2e421cc808af2e65777c78bfc8cb4906a58",
-			"revisionTime": "2021-06-04T20:39:09Z"
+			"revision": "25380c96b147bfc85680f9999f04606fe8092b23",
+			"revisionTime": "2021-10-27T21:33:19Z"
 		},
 		{
 			"checksumSHA1": "NiwZ/PirZniVT64D03KOS6UFMGU=",
 			"path": "github.com/refraction-networking/gotapdance/tapdance/phantoms",
-			"revision": "88b8e2e421cc808af2e65777c78bfc8cb4906a58",
-			"revisionTime": "2021-06-04T20:39:09Z"
+			"revision": "25380c96b147bfc85680f9999f04606fe8092b23",
+			"revisionTime": "2021-10-27T21:33:19Z"
 		},
 		{
 			"checksumSHA1": "jOxlnqvKSKn1SIkA5ldRe5lxqAc=",
@@ -1138,6 +1144,12 @@
 			"revision": "81d297c66c9b1e0606eee19a9ee718dcf149276d",
 			"revisionTime": "2020-11-24T18:25:51Z"
 		},
+		{
+			"checksumSHA1": "FZJ2GzMCFiCsfyAoEPDBOb6Pzh8=",
+			"path": "google.golang.org/protobuf/reflect/protodesc",
+			"revision": "5aec41b4809b9822a34e17acd06ae9ae9f41c13d",
+			"revisionTime": "2021-08-06T18:27:51Z"
+		},
 		{
 			"checksumSHA1": "j0wTTb1wz9FdGgHiSb0+1RcsTw4=",
 			"path": "google.golang.org/protobuf/reflect/protoreflect",
@@ -1161,6 +1173,12 @@
 			"path": "google.golang.org/protobuf/runtime/protoimpl",
 			"revision": "81d297c66c9b1e0606eee19a9ee718dcf149276d",
 			"revisionTime": "2020-11-24T18:25:51Z"
+		},
+		{
+			"checksumSHA1": "95MXH/TbFZP5BPXSKPkor9hgZO0=",
+			"path": "google.golang.org/protobuf/types/descriptorpb",
+			"revision": "5aec41b4809b9822a34e17acd06ae9ae9f41c13d",
+			"revisionTime": "2021-08-06T18:27:51Z"
 		}
 	],
 	"rootPath": "github.com/Psiphon-Labs/psiphon-tunnel-core"

From 6526f7a506ed68f17a5db3e0a08b5f21cefb6944 Mon Sep 17 00:00:00 2001
From: Rod Hynes <rod-hynes@users.noreply.github.com>
Date: Thu, 28 Oct 2021 10:53:04 -0400
Subject: [PATCH 04/10] Update Conjure API registration to use
 APIRegistrarBidirectional

---
 psiphon/common/refraction/refraction.go |  3 ++-
 psiphon/meekConn.go                     | 19 ++++++++-----------
 psiphon/tunnel.go                       | 25 ++++++++++++++++++++-----
 3 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/psiphon/common/refraction/refraction.go b/psiphon/common/refraction/refraction.go
index 20f266854..fb50f3eb4 100644
--- a/psiphon/common/refraction/refraction.go
+++ b/psiphon/common/refraction/refraction.go
@@ -1,3 +1,4 @@
+//go:build PSIPHON_ENABLE_REFRACTION_NETWORKING
 // +build PSIPHON_ENABLE_REFRACTION_NETWORKING
 
 /*
@@ -325,7 +326,7 @@ func dial(
 				return nil, errors.TraceNew("missing APIRegistrarHTTPClient")
 			}
 
-			refractionDialer.DarkDecoyRegistrar = &refraction_networking_client.APIRegistrar{
+			refractionDialer.DarkDecoyRegistrar = &refraction_networking_client.APIRegistrarBidirectional{
 				Endpoint:        conjureConfig.APIRegistrarURL,
 				ConnectionDelay: conjureConfig.APIRegistrarDelay,
 				MaxRetries:      0,
diff --git a/psiphon/meekConn.go b/psiphon/meekConn.go
index ce7cc993f..344b63a74 100644
--- a/psiphon/meekConn.go
+++ b/psiphon/meekConn.go
@@ -774,10 +774,10 @@ func (meek *MeekConn) GetMetrics() common.LogFields {
 // plaintext in the meek traffic. The caller is responsible for securing and
 // obfuscating the request body.
 //
-// ObfuscatedRoundTrip is not safe for concurrent use, and Close must not be
-// called concurrently. The caller must ensure only one ObfuscatedRoundTrip
-// call is active at once and that it completes or is cancelled before calling
-// Close.
+// ObfuscatedRoundTrip is not safe for concurrent use. The caller must ensure
+// only one ObfuscatedRoundTrip call is active at once. If Close is called
+// before or concurrent with ObfuscatedRoundTrip, or before the response body
+// is read, idle connections may be left open.
 func (meek *MeekConn) ObfuscatedRoundTrip(
 	requestCtx context.Context, endPoint string, requestBody []byte) ([]byte, error) {
 
@@ -801,10 +801,6 @@ func (meek *MeekConn) ObfuscatedRoundTrip(
 	// - multiple, concurrent ObfuscatedRoundTrip calls are unsafe due to the
 	//   setDialerRequestContext calls in newRequest.
 	//
-	// - concurrent Close and ObfuscatedRoundTrip calls are unsafe as Close does
-	//   not synchronize with ObfuscatedRoundTrip before calling
-	//   meek.transport.CloseIdleConnections(), so resources could be left open.
-	//
 	// At this time, ObfuscatedRoundTrip is used for tactics in Controller and
 	// the concurrency constraints are satisfied.
 
@@ -839,9 +835,10 @@ func (meek *MeekConn) ObfuscatedRoundTrip(
 // used when TLS and server certificate verification are configured. RoundTrip
 // does not implement any security or obfuscation at the HTTP layer.
 //
-// RoundTrip is not safe for concurrent use, and Close must not be called
-// concurrently. The caller must ensure only one RoundTrip call is active at
-// once and that it completes or is cancelled before calling Close.
+// RoundTrip is not safe for concurrent use. The caller must ensure only one
+// RoundTrip call is active at once. If Close is called before or concurrent
+// with RoundTrip, or before the response body is read, idle connections may
+// be left open.
 func (meek *MeekConn) RoundTrip(request *http.Request) (*http.Response, error) {
 
 	if meek.mode != MeekModePlaintextRoundTrip {
diff --git a/psiphon/tunnel.go b/psiphon/tunnel.go
index ebc94b843..c18e5baa6 100644
--- a/psiphon/tunnel.go
+++ b/psiphon/tunnel.go
@@ -860,21 +860,36 @@ func dialTunnel(
 			// Performing the full DialMeek/RoundTrip operation here allows us to call
 			// MeekConn.Close and ensure all resources are immediately cleaned up.
 			roundTrip := func(request *http.Request) (*http.Response, error) {
+
 				conn, err := DialMeek(
 					ctx, dialParams.GetMeekConfig(), dialParams.GetDialConfig())
 				if err != nil {
 					return nil, errors.Trace(err)
 				}
 				defer conn.Close()
+
 				response, err := conn.RoundTrip(request)
 				if err != nil {
 					return nil, errors.Trace(err)
 				}
-				// Currently, gotapdance does not read the response body. When that
-				// changes, we will need to ensure MeekConn.Close does not make the
-				// response body unavailable, perhaps by reading into a buffer and
-				// replacing reponse.Body. For now, we can immediately close it.
-				response.Body.Close()
+
+				// Read the response into a buffer and close the response
+				// body, ensuring that MeekConn.Close closes all idle connections.
+				//
+				// Alternatively, we could Clone the request to set
+				// http.Request.Close and avoid keeping any idle connection
+				// open after the response body is read by gotapdance. Since
+				// the response body is small and since gotapdance does not
+				// stream the response body, we're taking this approach which
+				// ensures cleanup.
+
+				body, err := ioutil.ReadAll(response.Body)
+				_ = response.Body.Close()
+				if err != nil {
+					return nil, errors.Trace(err)
+				}
+				response.Body = io.NopCloser(bytes.NewReader(body))
+
 				return response, nil
 			}
 

From 5b1bac70cb1989b2ad004cc9c5f8955fc750af9a Mon Sep 17 00:00:00 2001
From: Rod Hynes <rod-hynes@users.noreply.github.com>
Date: Fri, 29 Oct 2021 16:10:24 -0400
Subject: [PATCH 05/10] Add error trace

---
 psiphon/meekConn.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/psiphon/meekConn.go b/psiphon/meekConn.go
index 344b63a74..f73bbdb3c 100644
--- a/psiphon/meekConn.go
+++ b/psiphon/meekConn.go
@@ -859,7 +859,12 @@ func (meek *MeekConn) RoundTrip(request *http.Request) (*http.Response, error) {
 
 	meek.scheduleQUICCloseIdle(request)
 
-	return meek.transport.RoundTrip(request)
+	response, err := meek.transport.RoundTrip(request)
+	if err != nil {
+		return nil, errors.Trace(err)
+	}
+
+	return response, nil
 }
 
 // Read reads data from the connection.

From fcdad6461543ddf06c3749ae1ad9a7579a3bcbb8 Mon Sep 17 00:00:00 2001
From: Rod Hynes <rod-hynes@users.noreply.github.com>
Date: Mon, 1 Nov 2021 13:00:25 -0400
Subject: [PATCH 06/10] Rework custom Host header logic

- x/net/http2 rejects requests where URL.Opaque contains a host.

- For unproxied HTTP and HTTPS, the request line URL need only contain the
  path, while this logic forced a full URL via URL.Opaque.

- For all proxied cases using CONNECT, which includes all HTTPS and most HTTPS
  cases, the CONNECT request line is rendered elsewhere, in the upstreamproxy
  package, and the MeekConn URL/Host values are not directly relevant
  (URL.Opaque is used here:
  https://github.com/Psiphon-Labs/psiphon-tunnel-core/blob/78d82c60c9558fe00ef3063f0e8a5c9709f38c70/psiphon/upstreamproxy/proxy_http.go#L143-L166)

- For proxied, direct HTTP -- the non-CONNECT special case -- net/http will
  render the request line using the URL but preferring the Host header for
  the host value, which means the custom host header will clobber the true
  destination address. The URL.Opaque logic is applied in this single case.
---
 psiphon/meekConn.go | 43 +++++++++++++++++++++++++++++++++++--------
 1 file changed, 35 insertions(+), 8 deletions(-)

diff --git a/psiphon/meekConn.go b/psiphon/meekConn.go
index f73bbdb3c..a80b48856 100644
--- a/psiphon/meekConn.go
+++ b/psiphon/meekConn.go
@@ -333,6 +333,7 @@ func DialMeek(
 
 	var (
 		scheme            string
+		opaqueURL         string
 		transport         transporter
 		additionalHeaders http.Header
 		proxyUrl          func(*http.Request) (*url.URL, error)
@@ -538,8 +539,28 @@ func DialMeek(
 
 			dialer = NewTCPDialer(copyDialConfig)
 
+			// In this proxy case, the destination server address is in the
+			// request line URL. net/http will render the request line using
+			// the URL but preferring the Host header for the host value,
+			// which means any custom host header will clobber the true
+			// destination address. The URL.Opaque logic is applied in this
+			// case, to force the request line URL value.
+			//
+			// This URL.Opaque setting assumes MeekModeRelay, with no path; at
+			// this time plain HTTP is used only with MeekModeRelay.
+			// x/net/http2 will reject requests where the URL.Opaque contains
+			// more than the path; but HTTP/2 is not used in this case.
+
+			values := dialConfig.CustomHeaders["Host"]
+			if len(values) > 0 {
+				opaqueURL = "http://" + meekConfig.DialAddress + "/"
+			}
+
 		} else {
 
+			// If dialConfig.UpstreamProxyURL is set, HTTP proxying via
+			// CONNECT will be used by the dialer.
+
 			baseDialer := NewTCPDialer(dialConfig)
 
 			// The dialer ignores any address that http.Transport will pass in
@@ -556,9 +577,14 @@ func DialMeek(
 		}
 
 		if proxyUrl != nil {
-			// Wrap transport with a transport that can perform HTTP proxy auth negotiation
+
+			// When http.Transport is handling proxying, wrap transport with a
+			// transport that (a) adds custom headers; (b) can perform HTTP
+			// proxy auth negotiation.
+
 			var err error
-			transport, err = upstreamproxy.NewProxyAuthTransport(httpTransport, dialConfig.CustomHeaders)
+			transport, err = upstreamproxy.NewProxyAuthTransport(
+				httpTransport, dialConfig.CustomHeaders)
 			if err != nil {
 				return nil, errors.Trace(err)
 			}
@@ -571,6 +597,7 @@ func DialMeek(
 		Scheme: scheme,
 		Host:   meekConfig.HostHeader,
 		Path:   "/",
+		Opaque: opaqueURL,
 	}
 
 	if meekConfig.UseHTTPS {
@@ -583,6 +610,12 @@ func DialMeek(
 		}
 	} else {
 		if proxyUrl == nil {
+
+			// Add custom headers to plain, unproxied HTTP and to CONNECT
+			// method proxied HTTP (in the latter case, the CONNECT request
+			// itself will also have custom headers via upstreamproxy applied
+			// by the dialer).
+
 			additionalHeaders = dialConfig.CustomHeaders
 		}
 	}
@@ -1423,14 +1456,8 @@ func (meek *MeekConn) relayRoundTrip(sendBuffer *bytes.Buffer) (int64, error) {
 // custom headers to HTTP proxy requests.
 func (meek *MeekConn) addAdditionalHeaders(request *http.Request) {
 	for name, value := range meek.additionalHeaders {
-		// hack around special case of "Host" header
-		// https://golang.org/src/net/http/request.go#L474
-		// using URL.Opaque, see URL.RequestURI() https://golang.org/src/net/url/url.go#L915
 		if name == "Host" {
 			if len(value) > 0 {
-				if request.URL.Opaque == "" {
-					request.URL.Opaque = request.URL.Scheme + "://" + request.Host + request.URL.RequestURI()
-				}
 				request.Host = value[0]
 			}
 		} else {

From 0793aeed051ea0b5d28623fa1df7203e50246190 Mon Sep 17 00:00:00 2001
From: Rod Hynes <rod-hynes@users.noreply.github.com>
Date: Mon, 1 Nov 2021 14:25:46 -0400
Subject: [PATCH 07/10] Add distinct URL tactic parameter for Conjure
 APIRegistrarBidirectional

The legacy non-bidirectional endpoint may not always work with
APIRegistrarBidirectional. Older clients will continue to exist and use the
legacy endpoint. Introducing a distinct bidirectional URL allows for both
legacy and new clients to receive working Conjure API registration URLs.
---
 psiphon/common/parameters/parameters.go | 22 ++++++++++-------
 psiphon/common/refraction/config.go     | 15 +++++------
 psiphon/common/refraction/refraction.go |  4 +--
 psiphon/config.go                       | 12 ++++-----
 psiphon/dialParameters.go               | 33 ++++++++++++++++---------
 psiphon/tunnel.go                       |  3 ++-
 6 files changed, 53 insertions(+), 36 deletions(-)

diff --git a/psiphon/common/parameters/parameters.go b/psiphon/common/parameters/parameters.go
index 19dac14fb..8e8c0e36e 100755
--- a/psiphon/common/parameters/parameters.go
+++ b/psiphon/common/parameters/parameters.go
@@ -278,6 +278,7 @@ const (
 	ClientBurstDownstreamTargetBytes                 = "ClientBurstDownstreamTargetBytes"
 	ConjureCachedRegistrationTTL                     = "ConjureCachedRegistrationTTL"
 	ConjureAPIRegistrarURL                           = "ConjureAPIRegistrarURL"
+	ConjureAPIRegistrarBidirectionalURL              = "ConjureAPIRegistrarBidirectionalURL"
 	ConjureAPIRegistrarFrontingSpecs                 = "ConjureAPIRegistrarFrontingSpecs"
 	ConjureAPIRegistrarMinDelay                      = "ConjureAPIRegistrarMinDelay"
 	ConjureAPIRegistrarMaxDelay                      = "ConjureAPIRegistrarMaxDelay"
@@ -601,15 +602,18 @@ var defaultParameters = map[string]struct {
 	ClientBurstDownstreamTargetBytes: {value: 0, minimum: 0},
 	ClientBurstDownstreamDeadline:    {value: time.Duration(0), minimum: time.Duration(0)},
 
-	ConjureCachedRegistrationTTL:     {value: time.Duration(0), minimum: time.Duration(0)},
-	ConjureAPIRegistrarURL:           {value: ""},
-	ConjureAPIRegistrarFrontingSpecs: {value: FrontingSpecs{}},
-	ConjureAPIRegistrarMinDelay:      {value: time.Duration(0), minimum: time.Duration(0)},
-	ConjureAPIRegistrarMaxDelay:      {value: time.Duration(0), minimum: time.Duration(0)},
-	ConjureDecoyRegistrarProbability: {value: 0.0, minimum: 0.0},
-	ConjureDecoyRegistrarWidth:       {value: 5, minimum: 0},
-	ConjureDecoyRegistrarMinDelay:    {value: time.Duration(0), minimum: time.Duration(0)},
-	ConjureDecoyRegistrarMaxDelay:    {value: time.Duration(0), minimum: time.Duration(0)},
+	ConjureCachedRegistrationTTL: {value: time.Duration(0), minimum: time.Duration(0)},
+	// ConjureAPIRegistrarURL parameter is obsoleted by ConjureAPIRegistrarBidirectionalURL.
+	// TODO: remove once no longer required for older clients.
+	ConjureAPIRegistrarURL:              {value: ""},
+	ConjureAPIRegistrarBidirectionalURL: {value: ""},
+	ConjureAPIRegistrarFrontingSpecs:    {value: FrontingSpecs{}},
+	ConjureAPIRegistrarMinDelay:         {value: time.Duration(0), minimum: time.Duration(0)},
+	ConjureAPIRegistrarMaxDelay:         {value: time.Duration(0), minimum: time.Duration(0)},
+	ConjureDecoyRegistrarProbability:    {value: 0.0, minimum: 0.0},
+	ConjureDecoyRegistrarWidth:          {value: 5, minimum: 0},
+	ConjureDecoyRegistrarMinDelay:       {value: time.Duration(0), minimum: time.Duration(0)},
+	ConjureDecoyRegistrarMaxDelay:       {value: time.Duration(0), minimum: time.Duration(0)},
 
 	ConjureTransportObfs4Probability: {value: 0.0, minimum: 0.0},
 
diff --git a/psiphon/common/refraction/config.go b/psiphon/common/refraction/config.go
index d2e981eb6..69a8ce772 100644
--- a/psiphon/common/refraction/config.go
+++ b/psiphon/common/refraction/config.go
@@ -46,13 +46,14 @@ type ConjureConfig struct {
 	// the client reverts back to its original public IP).
 	RegistrationCacheKey string
 
-	// APIRegistrarURL specifies the API registration endpoint. Setting
-	// APIRegistrarURL enables API registration. The domain fronting
-	// configuration provided by APIRegistrarHTTPClient may ignore the host
-	// portion of this URL, implicitly providing another value; the path portion
-	// is always used in the request. Only one of API registration or decoy
-	// registration can be enabled for a single dial.
-	APIRegistrarURL string
+	// APIRegistrarBidirectionalURL specifies the bidirectional API
+	// registration endpoint. Setting APIRegistrarBidirectionalURL enables
+	// API registration. The domain fronting configuration provided by
+	// APIRegistrarHTTPClient may ignore the host portion of this URL,
+	// implicitly providing another value; the path portion is always used in
+	// the request. Only one of API registration or decoy registration can be
+	// enabled for a single dial.
+	APIRegistrarBidirectionalURL string
 
 	// APIRegistrarHTTPClient specifies a custom HTTP client (and underlying
 	// dialers) to be used for Conjure API registration. The
diff --git a/psiphon/common/refraction/refraction.go b/psiphon/common/refraction/refraction.go
index fb50f3eb4..efffb2fc3 100644
--- a/psiphon/common/refraction/refraction.go
+++ b/psiphon/common/refraction/refraction.go
@@ -317,7 +317,7 @@ func dial(
 			conjureCached = true
 			conjureDelay = 0 // report no delay
 
-		} else if conjureConfig.APIRegistrarURL != "" {
+		} else if conjureConfig.APIRegistrarBidirectionalURL != "" {
 
 			if conjureConfig.APIRegistrarHTTPClient == nil {
 				// While not a guaranteed check, if the APIRegistrarHTTPClient isn't set
@@ -327,7 +327,7 @@ func dial(
 			}
 
 			refractionDialer.DarkDecoyRegistrar = &refraction_networking_client.APIRegistrarBidirectional{
-				Endpoint:        conjureConfig.APIRegistrarURL,
+				Endpoint:        conjureConfig.APIRegistrarBidirectionalURL,
 				ConnectionDelay: conjureConfig.APIRegistrarDelay,
 				MaxRetries:      0,
 				Client:          conjureConfig.APIRegistrarHTTPClient,
diff --git a/psiphon/config.go b/psiphon/config.go
index e35f531b8..395fc47c6 100755
--- a/psiphon/config.go
+++ b/psiphon/config.go
@@ -733,7 +733,7 @@ type Config struct {
 	// ConjureCachedRegistrationTTLSeconds and other Conjure fields are for
 	// testing purposes.
 	ConjureCachedRegistrationTTLSeconds       *int
-	ConjureAPIRegistrarURL                    string
+	ConjureAPIRegistrarBidirectionalURL       string
 	ConjureAPIRegistrarFrontingSpecs          parameters.FrontingSpecs
 	ConjureAPIRegistrarMinDelayMilliseconds   *int
 	ConjureAPIRegistrarMaxDelayMilliseconds   *int
@@ -1672,8 +1672,8 @@ func (config *Config) makeConfigParameters() map[string]interface{} {
 		applyParameters[parameters.ConjureCachedRegistrationTTL] = fmt.Sprintf("%ds", *config.ConjureCachedRegistrationTTLSeconds)
 	}
 
-	if config.ConjureAPIRegistrarURL != "" {
-		applyParameters[parameters.ConjureAPIRegistrarURL] = config.ConjureAPIRegistrarURL
+	if config.ConjureAPIRegistrarBidirectionalURL != "" {
+		applyParameters[parameters.ConjureAPIRegistrarBidirectionalURL] = config.ConjureAPIRegistrarBidirectionalURL
 	}
 
 	if len(config.ConjureAPIRegistrarFrontingSpecs) > 0 {
@@ -1980,9 +1980,9 @@ func (config *Config) setDialParametersHash() {
 		binary.Write(hash, binary.LittleEndian, int64(*config.ConjureCachedRegistrationTTLSeconds))
 	}
 
-	if config.ConjureAPIRegistrarURL != "" {
-		hash.Write([]byte("ConjureAPIRegistrarURL"))
-		hash.Write([]byte(config.ConjureAPIRegistrarURL))
+	if config.ConjureAPIRegistrarBidirectionalURL != "" {
+		hash.Write([]byte("ConjureAPIRegistrarBidirectionalURL"))
+		hash.Write([]byte(config.ConjureAPIRegistrarBidirectionalURL))
 	}
 
 	if len(config.ConjureAPIRegistrarFrontingSpecs) > 0 {
diff --git a/psiphon/dialParameters.go b/psiphon/dialParameters.go
index 011e3bfe9..bf2deebd0 100644
--- a/psiphon/dialParameters.go
+++ b/psiphon/dialParameters.go
@@ -117,14 +117,14 @@ type DialParameters struct {
 	QUICClientHelloSeed       *prng.Seed
 	ObfuscatedQUICPaddingSeed *prng.Seed
 
-	ConjureCachedRegistrationTTL time.Duration
-	ConjureAPIRegistration       bool
-	ConjureAPIRegistrarURL       string
-	ConjureAPIRegistrarDelay     time.Duration
-	ConjureDecoyRegistration     bool
-	ConjureDecoyRegistrarDelay   time.Duration
-	ConjureDecoyRegistrarWidth   int
-	ConjureTransport             string
+	ConjureCachedRegistrationTTL        time.Duration
+	ConjureAPIRegistration              bool
+	ConjureAPIRegistrarBidirectionalURL string
+	ConjureAPIRegistrarDelay            time.Duration
+	ConjureDecoyRegistration            bool
+	ConjureDecoyRegistrarDelay          time.Duration
+	ConjureDecoyRegistrarWidth          int
+	ConjureTransport                    string
 
 	LivenessTestSeed *prng.Seed
 
@@ -208,6 +208,7 @@ func MakeDialParameters(
 	// - The protocol selection constraints must permit replay, as indicated
 	//   by canReplay.
 	// - Must not be using an obsolete TLS profile that is no longer supported.
+	// - Must be using the latest Conjure API URL.
 	//
 	// When existing dial parameters don't meet these conditions, dialParams
 	// is reset to nil and new dial parameters will be generated.
@@ -230,7 +231,17 @@ func MakeDialParameters(
 			(dialParams.TLSProfile != "" &&
 				!common.Contains(protocol.SupportedTLSProfiles, dialParams.TLSProfile)) ||
 			(dialParams.QUICVersion != "" &&
-				!common.Contains(protocol.SupportedQUICVersions, dialParams.QUICVersion))) {
+				!common.Contains(protocol.SupportedQUICVersions, dialParams.QUICVersion)) ||
+
+			// Legacy clients use ConjureAPIRegistrarURL with
+			// gotapdance.tapdance.APIRegistrar and new clients use
+			// ConjureAPIRegistrarBidirectionalURL with
+			// gotapdance.tapdance.APIRegistrarBidirectional. Updated clients
+			// may have replay dial parameters with the old
+			// ConjureAPIRegistrarURL field, which is now ignored. In this
+			// case, ConjureAPIRegistrarBidirectionalURL will be blank. Reset
+			// this replay.
+			(dialParams.ConjureAPIRegistration && dialParams.ConjureAPIRegistrarBidirectionalURL == "")) {
 
 		// In these cases, existing dial parameters are expired or no longer
 		// match the config state and so are cleared to avoid rechecking them.
@@ -464,7 +475,7 @@ func MakeDialParameters(
 
 		dialParams.ConjureCachedRegistrationTTL = p.Duration(parameters.ConjureCachedRegistrationTTL)
 
-		apiURL := p.String(parameters.ConjureAPIRegistrarURL)
+		apiURL := p.String(parameters.ConjureAPIRegistrarBidirectionalURL)
 		decoyWidth := p.Int(parameters.ConjureDecoyRegistrarWidth)
 
 		dialParams.ConjureAPIRegistration = apiURL != ""
@@ -496,7 +507,7 @@ func MakeDialParameters(
 			// Accordingly, replayFronting/replayHostname have no effect on Conjure API
 			// registration replay.
 
-			dialParams.ConjureAPIRegistrarURL = apiURL
+			dialParams.ConjureAPIRegistrarBidirectionalURL = apiURL
 
 			frontingSpecs := p.FrontingSpecs(parameters.ConjureAPIRegistrarFrontingSpecs)
 			dialParams.FrontingProviderID,
diff --git a/psiphon/tunnel.go b/psiphon/tunnel.go
index c18e5baa6..ff41e3d9f 100644
--- a/psiphon/tunnel.go
+++ b/psiphon/tunnel.go
@@ -897,7 +897,8 @@ func dialTunnel(
 				Transport: common.NewHTTPRoundTripper(roundTrip),
 			}
 
-			conjureConfig.APIRegistrarURL = dialParams.ConjureAPIRegistrarURL
+			conjureConfig.APIRegistrarBidirectionalURL =
+				dialParams.ConjureAPIRegistrarBidirectionalURL
 			conjureConfig.APIRegistrarDelay = dialParams.ConjureAPIRegistrarDelay
 
 		} else if dialParams.ConjureDecoyRegistration {

From c1282629c62ee621660c60565d773dcd7c028154 Mon Sep 17 00:00:00 2001
From: Rod Hynes <rod-hynes@users.noreply.github.com>
Date: Mon, 1 Nov 2021 14:27:44 -0400
Subject: [PATCH 08/10] Log all domain fronting parameters used for Conjure API
 registration

---
 psiphon/server/api.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/psiphon/server/api.go b/psiphon/server/api.go
index 81356fdf1..2a140988b 100644
--- a/psiphon/server/api.go
+++ b/psiphon/server/api.go
@@ -835,7 +835,7 @@ const (
 	requestParamLogStringAsFloat                              = 1 << 5
 	requestParamLogStringLengthAsInt                          = 1 << 6
 	requestParamLogFlagAsBool                                 = 1 << 7
-	requestParamLogOnlyForFrontedMeek                         = 1 << 8
+	requestParamLogOnlyForFrontedMeekOrConjure                = 1 << 8
 	requestParamNotLoggedForUnfrontedMeekNonTransformedHeader = 1 << 9
 )
 
@@ -870,8 +870,8 @@ var baseDialParams = []requestParamSpec{
 	{"upstream_proxy_type", isUpstreamProxyType, requestParamOptional},
 	{"upstream_proxy_custom_header_names", isAnyString, requestParamOptional | requestParamArray},
 	{"fronting_provider_id", isAnyString, requestParamOptional},
-	{"meek_dial_address", isDialAddress, requestParamOptional | requestParamLogOnlyForFrontedMeek},
-	{"meek_resolved_ip_address", isIPAddress, requestParamOptional | requestParamLogOnlyForFrontedMeek},
+	{"meek_dial_address", isDialAddress, requestParamOptional | requestParamLogOnlyForFrontedMeekOrConjure},
+	{"meek_resolved_ip_address", isIPAddress, requestParamOptional | requestParamLogOnlyForFrontedMeekOrConjure},
 	{"meek_sni_server_name", isDomain, requestParamOptional},
 	{"meek_host_header", isHostHeader, requestParamOptional | requestParamNotLoggedForUnfrontedMeekNonTransformedHeader},
 	{"meek_transformed_host_name", isBooleanFlag, requestParamOptional | requestParamLogFlagAsBool},
@@ -1055,8 +1055,9 @@ func getRequestLogFields(
 			tunnelProtocol, _ = value.(string)
 		}
 
-		if expectedParam.flags&requestParamLogOnlyForFrontedMeek != 0 &&
-			!protocol.TunnelProtocolUsesFrontedMeek(tunnelProtocol) {
+		if expectedParam.flags&requestParamLogOnlyForFrontedMeekOrConjure != 0 &&
+			!protocol.TunnelProtocolUsesFrontedMeek(tunnelProtocol) &&
+			!protocol.TunnelProtocolUsesConjure(tunnelProtocol) {
 			continue
 		}
 

From 866e7cf943144d7fdb74d9ba9cfa1b5a7cfeab9c Mon Sep 17 00:00:00 2001
From: Rod Hynes <rod-hynes@users.noreply.github.com>
Date: Tue, 2 Nov 2021 12:09:10 -0400
Subject: [PATCH 09/10] Support dynamic disabling of QUIC path MTU discovery
 via tactics

---
 psiphon/common/parameters/parameters.go |  8 +++---
 psiphon/common/quic/quic.go             | 36 +++++++++++++++----------
 psiphon/common/quic/quic_disabled.go    |  6 +++--
 psiphon/common/quic/quic_test.go        |  5 +++-
 psiphon/config.go                       | 12 +++++++++
 psiphon/dialParameters.go               | 13 ++++++---
 psiphon/meekConn.go                     |  7 ++++-
 psiphon/notice.go                       |  4 +++
 psiphon/server/api.go                   |  1 +
 psiphon/serverApi.go                    |  4 +++
 psiphon/tunnel.go                       |  3 ++-
 11 files changed, 73 insertions(+), 26 deletions(-)

diff --git a/psiphon/common/parameters/parameters.go b/psiphon/common/parameters/parameters.go
index 8e8c0e36e..0e4842067 100755
--- a/psiphon/common/parameters/parameters.go
+++ b/psiphon/common/parameters/parameters.go
@@ -111,6 +111,7 @@ const (
 	LimitQUICVersionsProbability                     = "LimitQUICVersionsProbability"
 	LimitQUICVersions                                = "LimitQUICVersions"
 	DisableFrontingProviderQUICVersions              = "DisableFrontingProviderQUICVersions"
+	QUICDisableClientPathMTUDiscoveryProbability     = "QUICDisableClientPathMTUDiscoveryProbability"
 	FragmentorProbability                            = "FragmentorProbability"
 	FragmentorLimitProtocols                         = "FragmentorLimitProtocols"
 	FragmentorMinTotalBytes                          = "FragmentorMinTotalBytes"
@@ -376,9 +377,10 @@ var defaultParameters = map[string]struct {
 	NoDefaultTLSSessionIDProbability:      {value: 0.5, minimum: 0.0},
 	DisableFrontingProviderTLSProfiles:    {value: protocol.LabeledTLSProfiles{}},
 
-	LimitQUICVersionsProbability:        {value: 1.0, minimum: 0.0},
-	LimitQUICVersions:                   {value: protocol.QUICVersions{}},
-	DisableFrontingProviderQUICVersions: {value: protocol.LabeledQUICVersions{}},
+	LimitQUICVersionsProbability:                 {value: 1.0, minimum: 0.0},
+	LimitQUICVersions:                            {value: protocol.QUICVersions{}},
+	DisableFrontingProviderQUICVersions:          {value: protocol.LabeledQUICVersions{}},
+	QUICDisableClientPathMTUDiscoveryProbability: {value: 0.0, minimum: 0.0},
 
 	FragmentorProbability:              {value: 0.5, minimum: 0.0},
 	FragmentorLimitProtocols:           {value: protocol.TunnelProtocols{}},
diff --git a/psiphon/common/quic/quic.go b/psiphon/common/quic/quic.go
index 54811dcd3..8a948eaa9 100644
--- a/psiphon/common/quic/quic.go
+++ b/psiphon/common/quic/quic.go
@@ -354,7 +354,8 @@ func Dial(
 	quicVersion string,
 	clientHelloSeed *prng.Seed,
 	obfuscationKey string,
-	obfuscationPaddingSeed *prng.Seed) (net.Conn, error) {
+	obfuscationPaddingSeed *prng.Seed,
+	disablePathMTUDiscovery bool) (net.Conn, error) {
 
 	if quicVersion == "" {
 		return nil, errors.TraceNew("missing version")
@@ -435,6 +436,7 @@ func Dial(
 		clientHelloSeed,
 		getClientHelloRandom,
 		maxPacketSizeAdjustment,
+		disablePathMTUDiscovery,
 		false)
 	if err != nil {
 		packetConn.Close()
@@ -638,12 +640,13 @@ func (conn *Conn) SetWriteDeadline(t time.Time) error {
 // CloseIdleConnections.
 type QUICTransporter struct {
 	quicRoundTripper
-	noticeEmitter   func(string)
-	udpDialer       func(ctx context.Context) (net.PacketConn, *net.UDPAddr, error)
-	quicSNIAddress  string
-	quicVersion     string
-	clientHelloSeed *prng.Seed
-	packetConn      atomic.Value
+	noticeEmitter           func(string)
+	udpDialer               func(ctx context.Context) (net.PacketConn, *net.UDPAddr, error)
+	quicSNIAddress          string
+	quicVersion             string
+	clientHelloSeed         *prng.Seed
+	disablePathMTUDiscovery bool
+	packetConn              atomic.Value
 
 	mutex sync.Mutex
 	ctx   context.Context
@@ -656,7 +659,8 @@ func NewQUICTransporter(
 	udpDialer func(ctx context.Context) (net.PacketConn, *net.UDPAddr, error),
 	quicSNIAddress string,
 	quicVersion string,
-	clientHelloSeed *prng.Seed) (*QUICTransporter, error) {
+	clientHelloSeed *prng.Seed,
+	disablePathMTUDiscovery bool) (*QUICTransporter, error) {
 
 	if quicVersion == "" {
 		return nil, errors.TraceNew("missing version")
@@ -672,12 +676,13 @@ func NewQUICTransporter(
 	}
 
 	t := &QUICTransporter{
-		noticeEmitter:   noticeEmitter,
-		udpDialer:       udpDialer,
-		quicSNIAddress:  quicSNIAddress,
-		quicVersion:     quicVersion,
-		clientHelloSeed: clientHelloSeed,
-		ctx:             ctx,
+		noticeEmitter:           noticeEmitter,
+		udpDialer:               udpDialer,
+		quicSNIAddress:          quicSNIAddress,
+		quicVersion:             quicVersion,
+		clientHelloSeed:         clientHelloSeed,
+		disablePathMTUDiscovery: disablePathMTUDiscovery,
+		ctx:                     ctx,
 	}
 
 	if isIETFVersionNumber(versionNumber) {
@@ -764,6 +769,7 @@ func (t *QUICTransporter) dialQUIC() (retSession quicSession, retErr error) {
 		t.clientHelloSeed,
 		nil,
 		0,
+		t.disablePathMTUDiscovery,
 		true)
 	if err != nil {
 		packetConn.Close()
@@ -890,6 +896,7 @@ func dialQUIC(
 	clientHelloSeed *prng.Seed,
 	getClientHelloRandom func() ([]byte, error),
 	clientMaxPacketSizeAdjustment int,
+	disablePathMTUDiscovery bool,
 	dialEarly bool) (quicSession, error) {
 
 	if isIETFVersionNumber(versionNumber) {
@@ -902,6 +909,7 @@ func dialQUIC(
 			ClientHelloSeed:               clientHelloSeed,
 			GetClientHelloRandom:          getClientHelloRandom,
 			ClientMaxPacketSizeAdjustment: clientMaxPacketSizeAdjustment,
+			DisablePathMTUDiscovery:       disablePathMTUDiscovery,
 		}
 
 		deadline, ok := ctx.Deadline()
diff --git a/psiphon/common/quic/quic_disabled.go b/psiphon/common/quic/quic_disabled.go
index 1008a35e1..df8f00953 100644
--- a/psiphon/common/quic/quic_disabled.go
+++ b/psiphon/common/quic/quic_disabled.go
@@ -59,7 +59,8 @@ func Dial(
 	_ string,
 	_ *prng.Seed,
 	_ string,
-	_ *prng.Seed) (net.Conn, error) {
+	_ *prng.Seed,
+	_ bool) (net.Conn, error) {
 
 	return nil, errors.TraceNew("operation is not enabled")
 }
@@ -83,7 +84,8 @@ func NewQUICTransporter(
 	_ func(ctx context.Context) (net.PacketConn, *net.UDPAddr, error),
 	_ string,
 	_ string,
-	_ *prng.Seed) (*QUICTransporter, error) {
+	_ *prng.Seed,
+	_ bool) (*QUICTransporter, error) {
 
 	return nil, errors.TraceNew("operation is not enabled")
 }
diff --git a/psiphon/common/quic/quic_test.go b/psiphon/common/quic/quic_test.go
index 97a2a0b65..39b46c2dd 100644
--- a/psiphon/common/quic/quic_test.go
+++ b/psiphon/common/quic/quic_test.go
@@ -151,6 +151,8 @@ func runQUIC(
 
 	for i := 0; i < clients; i++ {
 
+		disablePathMTUDiscovery := i%2 == 0
+
 		testGroup.Go(func() error {
 
 			ctx, cancelFunc := context.WithTimeout(
@@ -194,7 +196,8 @@ func runQUIC(
 				quicVersion,
 				clientHelloSeed,
 				clientObfuscationKey,
-				obfuscationPaddingSeed)
+				obfuscationPaddingSeed,
+				disablePathMTUDiscovery)
 
 			if invokeAntiProbing {
 
diff --git a/psiphon/config.go b/psiphon/config.go
index 395fc47c6..f4506f79d 100755
--- a/psiphon/config.go
+++ b/psiphon/config.go
@@ -761,6 +761,9 @@ type Config struct {
 	// LimitTunnelDialPortNumbers is for testing purposes.
 	LimitTunnelDialPortNumbers parameters.TunnelProtocolPortLists
 
+	// QUICDisablePathMTUDiscoveryProbability is for testing purposes.
+	QUICDisablePathMTUDiscoveryProbability *float64
+
 	// params is the active parameters.Parameters with defaults, config values,
 	// and, optionally, tactics applied.
 	//
@@ -1740,6 +1743,10 @@ func (config *Config) makeConfigParameters() map[string]interface{} {
 		applyParameters[parameters.LimitTunnelDialPortNumbers] = config.LimitTunnelDialPortNumbers
 	}
 
+	if config.QUICDisablePathMTUDiscoveryProbability != nil {
+		applyParameters[parameters.QUICDisableClientPathMTUDiscoveryProbability] = *config.QUICDisablePathMTUDiscoveryProbability
+	}
+
 	// When adding new config dial parameters that may override tactics, also
 	// update setDialParametersHash.
 
@@ -2071,6 +2078,11 @@ func (config *Config) setDialParametersHash() {
 		hash.Write(encodedLimitTunnelDialPortNumbers)
 	}
 
+	if config.QUICDisablePathMTUDiscoveryProbability != nil {
+		hash.Write([]byte("QUICDisablePathMTUDiscoveryProbability"))
+		binary.Write(hash, binary.LittleEndian, *config.QUICDisablePathMTUDiscoveryProbability)
+	}
+
 	config.dialParametersHash = hash.Sum(nil)
 }
 
diff --git a/psiphon/dialParameters.go b/psiphon/dialParameters.go
index bf2deebd0..a2eb37518 100644
--- a/psiphon/dialParameters.go
+++ b/psiphon/dialParameters.go
@@ -112,10 +112,11 @@ type DialParameters struct {
 	TLSVersion               string
 	RandomizedTLSProfileSeed *prng.Seed
 
-	QUICVersion               string
-	QUICDialSNIAddress        string
-	QUICClientHelloSeed       *prng.Seed
-	ObfuscatedQUICPaddingSeed *prng.Seed
+	QUICVersion                 string
+	QUICDialSNIAddress          string
+	QUICClientHelloSeed         *prng.Seed
+	ObfuscatedQUICPaddingSeed   *prng.Seed
+	QUICDisablePathMTUDiscovery bool
 
 	ConjureCachedRegistrationTTL        time.Duration
 	ConjureAPIRegistration              bool
@@ -678,6 +679,9 @@ func MakeDialParameters(
 				return nil, errors.Trace(err)
 			}
 		}
+
+		dialParams.QUICDisablePathMTUDiscovery =
+			p.WeightedCoinFlip(parameters.QUICDisableClientPathMTUDiscoveryProbability)
 	}
 
 	if (!isReplay || !replayObfuscatedQUIC) &&
@@ -882,6 +886,7 @@ func MakeDialParameters(
 			UseQUIC:                       protocol.TunnelProtocolUsesFrontedMeekQUIC(dialParams.TunnelProtocol),
 			QUICVersion:                   dialParams.QUICVersion,
 			QUICClientHelloSeed:           dialParams.QUICClientHelloSeed,
+			QUICDisablePathMTUDiscovery:   dialParams.QUICDisablePathMTUDiscovery,
 			UseHTTPS:                      usingTLS,
 			TLSProfile:                    dialParams.TLSProfile,
 			LegacyPassthrough:             serverEntry.ProtocolUsesLegacyPassthrough(dialParams.TunnelProtocol),
diff --git a/psiphon/meekConn.go b/psiphon/meekConn.go
index a80b48856..ecc6fa210 100644
--- a/psiphon/meekConn.go
+++ b/psiphon/meekConn.go
@@ -118,6 +118,10 @@ type MeekConfig struct {
 	// QUICClientHelloSeed is used for randomized QUIC Client Hellos.
 	QUICClientHelloSeed *prng.Seed
 
+	// QUICDisablePathMTUDiscovery indicates whether to disable path MTU
+	// discovery in the QUIC client.
+	QUICDisablePathMTUDiscovery bool
+
 	// UseHTTPS indicates whether to use HTTPS (true) or HTTP (false).
 	UseHTTPS bool
 
@@ -368,7 +372,8 @@ func DialMeek(
 			udpDialer,
 			quicDialSNIAddress,
 			meekConfig.QUICVersion,
-			meekConfig.QUICClientHelloSeed)
+			meekConfig.QUICClientHelloSeed,
+			meekConfig.QUICDisablePathMTUDiscovery)
 		if err != nil {
 			return nil, errors.Trace(err)
 		}
diff --git a/psiphon/notice.go b/psiphon/notice.go
index 1dd86edcc..986c150bc 100644
--- a/psiphon/notice.go
+++ b/psiphon/notice.go
@@ -537,6 +537,10 @@ func noticeWithDialParameters(noticeType string, dialParams *DialParameters) {
 			args = append(args, "QUICDialSNIAddress", dialParams.QUICDialSNIAddress)
 		}
 
+		if dialParams.QUICDisablePathMTUDiscovery {
+			args = append(args, "QUICDisableClientPathMTUDiscovery", dialParams.QUICDisablePathMTUDiscovery)
+		}
+
 		if dialParams.DialDuration > 0 {
 			args = append(args, "dialDuration", dialParams.DialDuration)
 		}
diff --git a/psiphon/server/api.go b/psiphon/server/api.go
index 2a140988b..567aa51fe 100644
--- a/psiphon/server/api.go
+++ b/psiphon/server/api.go
@@ -885,6 +885,7 @@ var baseDialParams = []requestParamSpec{
 	{"dial_port_number", isIntString, requestParamOptional | requestParamLogStringAsInt},
 	{"quic_version", isAnyString, requestParamOptional},
 	{"quic_dial_sni_address", isAnyString, requestParamOptional},
+	{"quic_disable_client_path_mtu_discovery", isBooleanFlag, requestParamOptional | requestParamLogFlagAsBool},
 	{"upstream_bytes_fragmented", isIntString, requestParamOptional | requestParamLogStringAsInt},
 	{"upstream_min_bytes_written", isIntString, requestParamOptional | requestParamLogStringAsInt},
 	{"upstream_max_bytes_written", isIntString, requestParamOptional | requestParamLogStringAsInt},
diff --git a/psiphon/serverApi.go b/psiphon/serverApi.go
index fd856bc27..fd3c320f1 100644
--- a/psiphon/serverApi.go
+++ b/psiphon/serverApi.go
@@ -1011,6 +1011,10 @@ func getBaseAPIParameters(
 			params["quic_dial_sni_address"] = dialParams.QUICDialSNIAddress
 		}
 
+		if dialParams.QUICDisablePathMTUDiscovery {
+			params["quic_disable_client_path_mtu_discovery"] = "1"
+		}
+
 		isReplay := "0"
 		if dialParams.IsReplay {
 			isReplay = "1"
diff --git a/psiphon/tunnel.go b/psiphon/tunnel.go
index ff41e3d9f..587ddef27 100644
--- a/psiphon/tunnel.go
+++ b/psiphon/tunnel.go
@@ -771,7 +771,8 @@ func dialTunnel(
 			dialParams.QUICVersion,
 			dialParams.QUICClientHelloSeed,
 			dialParams.ServerEntry.SshObfuscatedKey,
-			dialParams.ObfuscatedQUICPaddingSeed)
+			dialParams.ObfuscatedQUICPaddingSeed,
+			dialParams.QUICDisablePathMTUDiscovery)
 		if err != nil {
 			return nil, errors.Trace(err)
 		}

From 1af756640001b7eb44c909f29d1f32843d185b68 Mon Sep 17 00:00:00 2001
From: Rod Hynes <rod-hynes@users.noreply.github.com>
Date: Tue, 2 Nov 2021 12:21:09 -0400
Subject: [PATCH 10/10] Update vendored Psiphon-Labs/quic-go

---
 .../Psiphon-Labs/quic-go/receive_stream.go    |  3 -
 .../Psiphon-Labs/quic-go/session.go           |  4 +-
 vendor/vendor.json                            | 58 +++++++++----------
 3 files changed, 32 insertions(+), 33 deletions(-)

diff --git a/vendor/github.com/Psiphon-Labs/quic-go/receive_stream.go b/vendor/github.com/Psiphon-Labs/quic-go/receive_stream.go
index f61e54701..856785586 100644
--- a/vendor/github.com/Psiphon-Labs/quic-go/receive_stream.go
+++ b/vendor/github.com/Psiphon-Labs/quic-go/receive_stream.go
@@ -166,13 +166,10 @@ func (s *receiveStream) readImpl(p []byte) (bool /*stream completed */, int, err
 			return false, bytesRead, fmt.Errorf("BUG: readPosInFrame (%d) > frame.DataLen (%d) in stream.Read", s.readPosInFrame, len(s.currentFrame))
 		}
 
-		s.mutex.Unlock()
-
 		m := copy(p[bytesRead:], s.currentFrame[s.readPosInFrame:])
 		s.readPosInFrame += m
 		bytesRead += m
 
-		s.mutex.Lock()
 		// when a RESET_STREAM was received, the was already informed about the final byteOffset for this stream
 		if !s.resetRemotely {
 			s.flowController.AddBytesRead(protocol.ByteCount(m))
diff --git a/vendor/github.com/Psiphon-Labs/quic-go/session.go b/vendor/github.com/Psiphon-Labs/quic-go/session.go
index cd0c97e7e..55d6d6880 100644
--- a/vendor/github.com/Psiphon-Labs/quic-go/session.go
+++ b/vendor/github.com/Psiphon-Labs/quic-go/session.go
@@ -613,7 +613,9 @@ runLoop:
 				default:
 				}
 			}
-		} else if !processedUndecryptablePacket {
+		}
+		// If we processed any undecryptable packets, jump to the resetting of the timers directly.
+		if !processedUndecryptablePacket {
 			select {
 			case closeErr = <-s.closeChan:
 				break runLoop
diff --git a/vendor/vendor.json b/vendor/vendor.json
index a3f51e34f..076ecc175 100644
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@@ -75,88 +75,88 @@
 			"revisionTime": "2021-10-08T14:23:28Z"
 		},
 		{
-			"checksumSHA1": "vgQ2aScuKAbk+hahXYeFtPJp+Tg=",
+			"checksumSHA1": "20CSO1dI8NNbylOOKrX3fhN2YHc=",
 			"path": "github.com/Psiphon-Labs/quic-go",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "HjejMCSOtvgvS1OrDNn0nFdGWSE=",
 			"path": "github.com/Psiphon-Labs/quic-go/http3",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "hmXNSg48Rsd2PnAHsZ/2QFFqRu0=",
 			"path": "github.com/Psiphon-Labs/quic-go/internal/ackhandler",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "CTLh10e3oErKMg6FSiL3pmPYxic=",
 			"path": "github.com/Psiphon-Labs/quic-go/internal/congestion",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "xMydmYvXzDL9PpYRL+Yc1vcXiPU=",
 			"path": "github.com/Psiphon-Labs/quic-go/internal/flowcontrol",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "1Jb0Vs2Ei94POy4OTLYBhXWqMIQ=",
 			"path": "github.com/Psiphon-Labs/quic-go/internal/handshake",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "f2P/ekucIdYwzEHc7iKx/qcAWwI=",
 			"path": "github.com/Psiphon-Labs/quic-go/internal/logutils",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "DzMLlqkyiiitaFNPZ3eeRvFJDgU=",
 			"path": "github.com/Psiphon-Labs/quic-go/internal/protocol",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "JiZwGgdtcxhfVtlB/M3MnElwUAY=",
 			"path": "github.com/Psiphon-Labs/quic-go/internal/qerr",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "KycilFoMxWzh4SYh7FhwdF4lecM=",
 			"path": "github.com/Psiphon-Labs/quic-go/internal/qtls",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "BShovTkpKoYFL1IdIkbyCMWE6SI=",
 			"path": "github.com/Psiphon-Labs/quic-go/internal/utils",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "h/uEgfCweUHo7V/p/nYqJTig3F0=",
 			"path": "github.com/Psiphon-Labs/quic-go/internal/wire",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "Bs8fVNsEYQ1lJ33gVr6KA3C4fc8=",
 			"path": "github.com/Psiphon-Labs/quic-go/logging",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "yJQ1epZUyZ5/5T8Rg9tfBGolSj4=",
 			"path": "github.com/Psiphon-Labs/quic-go/quicvarint",
-			"revision": "85d1db17c285c8e9ce84ac53859d3c18be641567",
-			"revisionTime": "2021-10-08T14:19:49Z"
+			"revision": "7734331f03251aad5f4923d3c31e10bf937b3444",
+			"revisionTime": "2021-10-16T15:45:43Z"
 		},
 		{
 			"checksumSHA1": "pO4/yHyvwYx1NKSPKIY4aFVtz5k=",